From a92eb76688600efbf4a4056c2543f348e2fee8aa Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Thu, 17 Jan 2008 10:24:34 +0100
Subject: Finally enable pidl generated SAMR & NETLOGON headers and clients.

Guenther
(This used to be commit f7100156a7df7ac3ae84e45a47153b38d9375215)
---
 source3/Makefile.in                |  4 +++
 source3/include/rpc_dce.h          |  5 ----
 source3/include/rpc_netlogon.h     | 53 +++-----------------------------------
 source3/include/rpc_samr.h         | 12 ---------
 source3/include/smb.h              | 27 ++-----------------
 source3/libads/authdata.c          | 12 ++++-----
 source3/nsswitch/pam_winbind.c     |  8 +++---
 source3/nsswitch/pam_winbind.h     | 23 +++++++++--------
 source3/nsswitch/wbinfo.c          |  4 +--
 source3/rpc_parse/parse_net.c      | 32 +++++++++++------------
 source3/rpc_server/srv_netlog_nt.c |  2 +-
 source3/rpcclient/cmd_samr.c       | 20 +++++++-------
 source3/smbd/chgpasswd.c           | 12 ++++-----
 source3/winbindd/winbindd_creds.c  |  2 +-
 source3/winbindd/winbindd_pam.c    |  6 ++---
 15 files changed, 70 insertions(+), 152 deletions(-)

(limited to 'source3')

diff --git a/source3/Makefile.in b/source3/Makefile.in
index dd49b9b33b..227650027a 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -273,6 +273,8 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
 		 librpc/gen_ndr/ndr_srvsvc.o \
 		 librpc/gen_ndr/ndr_svcctl.o \
 		 librpc/gen_ndr/ndr_eventlog.o \
+		 librpc/gen_ndr/ndr_netlogon.o \
+		 librpc/gen_ndr/ndr_samr.o \
 		 librpc/gen_ndr/ndr_notify.o \
 		 librpc/gen_ndr/ndr_libnet_join.o
 
@@ -403,6 +405,8 @@ LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \
 		   librpc/gen_ndr/cli_initshutdown.o \
 		   librpc/gen_ndr/cli_eventlog.o \
 		   librpc/gen_ndr/cli_wkssvc.o \
+		   librpc/gen_ndr/cli_netlogon.o \
+		   librpc/gen_ndr/cli_samr.o \
 		   $(LIBNDR_GEN_OBJ) \
 		   $(RPCCLIENT_NDR_OBJ)
 
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 7ea3fcbc23..f162196524 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -98,11 +98,6 @@ enum RPC_PKT_TYPE {
 #define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 	0x20
 #define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 	0x18
 
-
-#define NETLOGON_NEG_ARCFOUR			0x00000004
-#define NETLOGON_NEG_128BIT			0x00004000
-#define NETLOGON_NEG_SCHANNEL			0x40000000
-
 /* The 7 here seems to be required to get Win2k not to downgrade us
    to NT4.  Actually, anything other than 1ff would seem to do... */
 #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h
index a82b977a5b..48a2a32bf6 100644
--- a/source3/include/rpc_netlogon.h
+++ b/source3/include/rpc_netlogon.h
@@ -45,11 +45,6 @@
 #define NET_DSR_GETDCNAMEEX2	0x22
 #define NET_SAMLOGON_EX		0x27
 
-/* Secure Channel types.  used in NetrServerAuthenticate negotiation */
-#define SEC_CHAN_WKSTA   2
-#define SEC_CHAN_DOMAIN  4
-#define SEC_CHAN_BDC     6
-
 /* Returned delta types */
 #define SAM_DELTA_DOMAIN_INFO    0x01
 #define SAM_DELTA_GROUP_INFO     0x02
@@ -89,32 +84,15 @@
 #define NL_CTRL_REPL_IN_PROGRESS 0x0002
 #define NL_CTRL_FULL_SYNC        0x0004
 
-#define LOGON_GUEST			0x00000001
-#define LOGON_NOENCRYPTION		0x00000002
-#define LOGON_CACHED_ACCOUNT		0x00000004
-#define LOGON_USED_LM_PASSWORD		0x00000008
-#define LOGON_EXTRA_SIDS		0x00000020
-#define LOGON_SUBAUTH_SESSION_KEY	0x00000040
-#define LOGON_SERVER_TRUST_ACCOUNT	0x00000080
-#define LOGON_NTLMV2_ENABLED		0x00000100
-#define LOGON_RESOURCE_GROUPS		0x00000200
-#define LOGON_PROFILE_PATH_RETURNED	0x00000400
-#define LOGON_GRACE_LOGON		0x01000000
 #define LOGON_KRB5_FAIL_CLOCK_SKEW	0x02000000
 
-#define SE_GROUP_MANDATORY		0x00000001
-#define SE_GROUP_ENABLED_BY_DEFAULT	0x00000002
-#define SE_GROUP_ENABLED		0x00000004
-#define SE_GROUP_OWNER 			0x00000008
-#define SE_GROUP_USE_FOR_DENY_ONLY 	0x00000010
-#define SE_GROUP_LOGON_ID 		0xC0000000
-#define SE_GROUP_RESOURCE 		0x20000000	/* Domain Local Group */
-
 /* Flags for controlling the behaviour of a particular logon */
 
-/* sets LOGON_SERVER_TRUST_ACCOUNT user_flag */
+/* sets NETLOGON_SERVER_TRUST_ACCOUNT user_flag */
+#if 0
 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT	0x00000020
 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	0x00000800
+#endif
 
 /* updates the "logon time" on network logon */
 #define MSV1_0_UPDATE_LOGON_STATISTICS		0x00000004
@@ -1054,31 +1032,6 @@ typedef struct net_r_sam_deltas_info {
 	NTSTATUS status;
 } NET_R_SAM_DELTAS;
 
-#define DS_FORCE_REDISCOVERY            0x00000001
-#define DS_DIRECTORY_SERVICE_REQUIRED   0x00000010
-#define DS_DIRECTORY_SERVICE_PREFERRED  0x00000020
-#define DS_GC_SERVER_REQUIRED           0x00000040
-#define DS_PDC_REQUIRED                 0x00000080
-#define DS_BACKGROUND_ONLY              0x00000100
-#define DS_IP_REQUIRED                  0x00000200
-#define DS_KDC_REQUIRED                 0x00000400
-#define DS_TIMESERV_REQUIRED            0x00000800
-#define DS_WRITABLE_REQUIRED            0x00001000
-#define DS_GOOD_TIMESERV_PREFERRED      0x00002000
-#define DS_AVOID_SELF                   0x00004000
-#define DS_ONLY_LDAP_NEEDED             0x00008000
-
-#define DS_IS_FLAT_NAME                 0x00010000
-#define DS_IS_DNS_NAME                  0x00020000
-
-#define DS_RETURN_DNS_NAME              0x40000000
-#define DS_RETURN_FLAT_NAME             0x80000000
-
-#if 0 /* unknown yet */
-#define DS_IP_VERSION_AGNOSTIC
-#define DS_TRY_NEXTCLOSEST_SITE
-#endif
-
 #define DSGETDC_VALID_FLAGS ( \
     DS_FORCE_REDISCOVERY | \
     DS_DIRECTORY_SERVICE_REQUIRED | \
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 2273fba2e6..9274e37682 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -1832,13 +1832,6 @@ typedef struct q_samr_get_dom_pwinfo
 
 } SAMR_Q_GET_DOM_PWINFO;
 
-#define DOMAIN_PASSWORD_COMPLEX		0x00000001
-#define DOMAIN_PASSWORD_NO_ANON_CHANGE	0x00000002
-#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE	0x00000004
-#define DOMAIN_LOCKOUT_ADMINS		0x00000008
-#define DOMAIN_PASSWORD_STORE_CLEARTEXT	0x00000010
-#define DOMAIN_REFUSE_PASSWORD_CHANGE	0x00000020
-
 /* SAMR_R_GET_DOM_PWINFO */
 typedef struct r_samr_get_dom_pwinfo
 {
@@ -1915,11 +1908,6 @@ typedef struct q_samr_chgpasswd_user3
 
 } SAMR_Q_CHGPASSWD_USER3;
 
-#define REJECT_REASON_OTHER		0x00000000
-#define REJECT_REASON_TOO_SHORT		0x00000001
-#define REJECT_REASON_IN_HISTORY	0x00000002
-#define REJECT_REASON_NOT_COMPLEX	0x00000005
-
 /* SAMR_CHANGE_REJECT */
 typedef struct samr_change_reject
 {
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 350584a52e..d64b8ba80c 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -211,30 +211,6 @@ typedef uint32 codepoint_t;
 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
 typedef uint64_t NTTIME;
 
-
-/* Allowable account control bits */
-#define ACB_DISABLED			0x00000001  /* 1 = User account disabled */
-#define ACB_HOMDIRREQ			0x00000002  /* 1 = Home directory required */
-#define ACB_PWNOTREQ			0x00000004  /* 1 = User password not required */
-#define ACB_TEMPDUP			0x00000008  /* 1 = Temporary duplicate account */
-#define ACB_NORMAL			0x00000010  /* 1 = Normal user account */
-#define ACB_MNS				0x00000020  /* 1 = MNS logon user account */
-#define ACB_DOMTRUST			0x00000040  /* 1 = Interdomain trust account */
-#define ACB_WSTRUST			0x00000080  /* 1 = Workstation trust account */
-#define ACB_SVRTRUST			0x00000100  /* 1 = Server trust account (BDC) */
-#define ACB_PWNOEXP			0x00000200  /* 1 = User password does not expire */
-#define ACB_AUTOLOCK			0x00000400  /* 1 = Account auto locked */
-
-/* only valid for > Windows 2000 */
-#define ACB_ENC_TXT_PWD_ALLOWED		0x00000800  /* 1 = Text password encryped */
-#define ACB_SMARTCARD_REQUIRED		0x00001000  /* 1 = Smart Card required */
-#define ACB_TRUSTED_FOR_DELEGATION	0x00002000  /* 1 = Trusted for Delegation */
-#define ACB_NOT_DELEGATED		0x00004000  /* 1 = Not delegated */
-#define ACB_USE_DES_KEY_ONLY		0x00008000  /* 1 = Use DES key only */
-#define ACB_DONT_REQUIRE_PREAUTH	0x00010000  /* 1 = Preauth not required */
-#define ACB_PWEXPIRED			0x00020000  /* 1 = Password is expired */
-#define ACB_NO_AUTH_DATA_REQD		0x00080000  /* 1 = No authorization data required */
-
 #define MAX_HOURS_LEN 32
 
 #ifndef MAXSUBAUTHS
@@ -331,9 +307,10 @@ extern const DATA_BLOB data_blob_null;
 #include "librpc/gen_ndr/wkssvc.h"
 #include "librpc/gen_ndr/echo.h"
 #include "librpc/gen_ndr/svcctl.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/samr.h"
 #include "librpc/gen_ndr/libnet_join.h"
 
-
 struct lsa_dom_info {
 	bool valid;
 	DOM_SID sid;
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 9a6f1061df..644f8515bc 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -429,8 +429,8 @@ static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info,
 
 	if (info->info3.ptr_res_groups) {
 
-		if (!(info->info3.user_flgs & LOGON_RESOURCE_GROUPS)) {
-			DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n"));
+		if (!(info->info3.user_flgs & NETLOGON_RESOURCE_GROUPS)) {
+			DEBUG(0,("user_flgs attribute does not have NETLOGON_RESOURCE_GROUPS\n"));
 			/* return False; */
 		}
 
@@ -738,10 +738,10 @@ void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
 	DEBUG(lvl,("The PAC:\n"));
 
 	DEBUGADD(lvl,("\tUser Flags: 0x%x (%d)\n", user_flgs, user_flgs));
-	if (user_flgs & LOGON_EXTRA_SIDS)
-		DEBUGADD(lvl,("\tUser Flags: LOGON_EXTRA_SIDS 0x%x (%d)\n", LOGON_EXTRA_SIDS, LOGON_EXTRA_SIDS));
-	if (user_flgs & LOGON_RESOURCE_GROUPS)
-		DEBUGADD(lvl,("\tUser Flags: LOGON_RESOURCE_GROUPS 0x%x (%d)\n", LOGON_RESOURCE_GROUPS, LOGON_RESOURCE_GROUPS));
+	if (user_flgs & NETLOGON_EXTRA_SIDS)
+		DEBUGADD(lvl,("\tUser Flags: NETLOGON_EXTRA_SIDS 0x%x (%d)\n", NETLOGON_EXTRA_SIDS, NETLOGON_EXTRA_SIDS));
+	if (user_flgs & NETLOGON_RESOURCE_GROUPS)
+		DEBUGADD(lvl,("\tUser Flags: NETLOGON_RESOURCE_GROUPS 0x%x (%d)\n", NETLOGON_RESOURCE_GROUPS, NETLOGON_RESOURCE_GROUPS));
 	DEBUGADD(lvl,("\tUser SID: %s-%d\n", sid_string_dbg(&dom_sid),
 		      logon_info->info3.user_rid));
 	DEBUGADD(lvl,("\tGroup SID: %s-%d\n", sid_string_dbg(&dom_sid),
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 4d019072ac..89db0773ae 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1431,22 +1431,22 @@ static int winbind_chauthtok_request(pam_handle_t * pamh,
 		switch (reject_reason) {
 			case -1:
 				break;
-			case REJECT_REASON_OTHER:
+			case SAMR_REJECT_OTHER:
 				if ((min_pwd_age > 0) &&
 				    (pwd_last_set + min_pwd_age > time(NULL))) {
 					PAM_WB_REMARK_DIRECT(pamh, ctrl,
 					     "NT_STATUS_PWD_TOO_RECENT");
 				}
 				break;
-			case REJECT_REASON_TOO_SHORT:
+			case SAMR_REJECT_TOO_SHORT:
 				PAM_WB_REMARK_DIRECT(pamh, ctrl,
 					"NT_STATUS_PWD_TOO_SHORT");
 				break;
-			case REJECT_REASON_IN_HISTORY:
+			case SAMR_REJECT_IN_HISTORY:
 				PAM_WB_REMARK_DIRECT(pamh, ctrl,
 					"NT_STATUS_PWD_HISTORY_CONFLICT");
 				break;
-			case REJECT_REASON_NOT_COMPLEX:
+			case SAMR_REJECT_COMPLEXITY:
 				_make_remark(pamh, ctrl, PAM_ERROR_MSG,
 					     "Password does not meet "
 					     "complexity requirements");
diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h
index 59a2f39584..6ec564fe71 100644
--- a/source3/nsswitch/pam_winbind.h
+++ b/source3/nsswitch/pam_winbind.h
@@ -179,22 +179,23 @@ do {                             \
 	};\
 };
 
-/* from include/rpc_samr.h */
-#define DOMAIN_PASSWORD_COMPLEX            0x00000001
+/* from samr.idl */
+#define DOMAIN_PASSWORD_COMPLEX		0x00000001
 
-#define REJECT_REASON_OTHER		0x00000000
-#define REJECT_REASON_TOO_SHORT		0x00000001
-#define REJECT_REASON_IN_HISTORY	0x00000002
-#define REJECT_REASON_NOT_COMPLEX	0x00000005
+#define SAMR_REJECT_OTHER		0x00000000
+#define SAMR_REJECT_TOO_SHORT		0x00000001
+#define SAMR_REJECT_IN_HISTORY		0x00000002
+#define SAMR_REJECT_COMPLEXITY		0x00000005
 
-/* from include/smb.h */
 #define ACB_PWNOEXP			0x00000200
 
+/* from netlogon.idl */
+#define NETLOGON_CACHED_ACCOUNT		0x00000004
+#define NETLOGON_GRACE_LOGON		0x01000000
+
 /* from include/rpc_netlogon.h */
-#define LOGON_CACHED_ACCOUNT		0x00000004
-#define LOGON_GRACE_LOGON		0x01000000
 #define LOGON_KRB5_FAIL_CLOCK_SKEW	0x02000000
 
-#define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT)
+#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT)
 #define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
-#define PAM_WB_GRACE_LOGON(x)  ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON)))
+#define PAM_WB_GRACE_LOGON(x)  ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index c8f8398c6f..3410668fcd 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -843,8 +843,8 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
 	if (result == NSS_STATUS_SUCCESS) {
 
 		if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
-			if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
-				d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
+			if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
+				d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
 			}
 		}
 
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 65607a4ac8..b8c6479fb8 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -1656,8 +1656,8 @@ static void dump_acct_flags(uint32 acct_flags) {
 	if (acct_flags & ACB_NO_AUTH_DATA_REQD) {
 		DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n"));
 	}
-	if (acct_flags & ACB_PWEXPIRED) {
-		DEBUGADD(lvl,("\taccount has ACB_PWEXPIRED set\n"));
+	if (acct_flags & ACB_PW_EXPIRED) {
+		DEBUGADD(lvl,("\taccount has ACB_PW_EXPIRED set\n"));
 	}
 }
 
@@ -1665,23 +1665,23 @@ static void dump_user_flgs(uint32 user_flags) {
 
 	int lvl = 10;
 	DEBUG(lvl,("dump_user_flgs\n"));
-	if (user_flags & LOGON_EXTRA_SIDS) {
-		DEBUGADD(lvl,("\taccount has LOGON_EXTRA_SIDS\n"));
+	if (user_flags & NETLOGON_EXTRA_SIDS) {
+		DEBUGADD(lvl,("\taccount has NETLOGON_EXTRA_SIDS\n"));
 	}
-	if (user_flags & LOGON_RESOURCE_GROUPS) {
-		DEBUGADD(lvl,("\taccount has LOGON_RESOURCE_GROUPS\n"));
+	if (user_flags & NETLOGON_RESOURCE_GROUPS) {
+		DEBUGADD(lvl,("\taccount has NETLOGON_RESOURCE_GROUPS\n"));
 	}
-	if (user_flags & LOGON_NTLMV2_ENABLED) {
-		DEBUGADD(lvl,("\taccount has LOGON_NTLMV2_ENABLED\n"));
+	if (user_flags & NETLOGON_NTLMV2_ENABLED) {
+		DEBUGADD(lvl,("\taccount has NETLOGON_NTLMV2_ENABLED\n"));
 	}
-	if (user_flags & LOGON_CACHED_ACCOUNT) {
-		DEBUGADD(lvl,("\taccount has LOGON_CACHED_ACCOUNT\n"));
+	if (user_flags & NETLOGON_CACHED_ACCOUNT) {
+		DEBUGADD(lvl,("\taccount has NETLOGON_CACHED_ACCOUNT\n"));
 	}
-	if (user_flags & LOGON_PROFILE_PATH_RETURNED) {
-		DEBUGADD(lvl,("\taccount has LOGON_PROFILE_PATH_RETURNED\n"));
+	if (user_flags & NETLOGON_PROFILE_PATH_RETURNED) {
+		DEBUGADD(lvl,("\taccount has NETLOGON_PROFILE_PATH_RETURNED\n"));
 	}
-	if (user_flags & LOGON_SERVER_TRUST_ACCOUNT) {
-		DEBUGADD(lvl,("\taccount has LOGON_SERVER_TRUST_ACCOUNT\n"));
+	if (user_flags & NETLOGON_SERVER_TRUST_ACCOUNT) {
+		DEBUGADD(lvl,("\taccount has NETLOGON_SERVER_TRUST_ACCOUNT\n"));
 	}
 
 
@@ -1859,8 +1859,8 @@ bool net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps,
 
 		uint32 num_other_sids = usr->num_other_sids;
 
-		if (!(usr->user_flgs & LOGON_EXTRA_SIDS)) {
-			DEBUG(10,("net_io_user_info3: user_flgs attribute does not have LOGON_EXTRA_SIDS\n"));
+		if (!(usr->user_flgs & NETLOGON_EXTRA_SIDS)) {
+			DEBUG(10,("net_io_user_info3: user_flgs attribute does not have NETLOGON_EXTRA_SIDS\n"));
 			/* return False; */
 		}
 
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 218ce73444..904ee17f51 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1062,7 +1062,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 				    0, /* bad_pw_count */
 				    num_gids,    /* uint32 num_groups */
 				    gids    , /* DOM_GID *gids */
-				    LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
+				    NETLOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
 				    pdb_get_acct_ctrl(sampw),
 				    server_info->user_session_key.length ? user_session_key : NULL,
 				    server_info->lm_session_key.length ? lm_session_key : NULL,
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 15e180df01..171027fa49 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -135,8 +135,8 @@ static void display_password_properties(uint32 password_properties)
 	if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
 		printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
 			
-	if (password_properties & DOMAIN_LOCKOUT_ADMINS)
-		printf("\tDOMAIN_LOCKOUT_ADMINS\n");
+	if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
+		printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
 			
 	if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
 		printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
@@ -2228,17 +2228,17 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
 		display_sam_unk_info_1(&info);
 
 		switch (reject.reject_reason) {
-			case REJECT_REASON_TOO_SHORT:
-				d_printf("REJECT_REASON_TOO_SHORT\n");
+			case SAMR_REJECT_TOO_SHORT:
+				d_printf("SAMR_REJECT_TOO_SHORT\n");
 				break;
-			case REJECT_REASON_IN_HISTORY:
-				d_printf("REJECT_REASON_IN_HISTORY\n");
+			case SAMR_REJECT_IN_HISTORY:
+				d_printf("SAMR_REJECT_IN_HISTORY\n");
 				break;
-			case REJECT_REASON_NOT_COMPLEX:
-				d_printf("REJECT_REASON_NOT_COMPLEX\n");
+			case SAMR_REJECT_COMPLEXITY:
+				d_printf("SAMR_REJECT_COMPLEXITY\n");
 				break;
-			case REJECT_REASON_OTHER:
-				d_printf("REJECT_REASON_OTHER\n");
+			case SAMR_REJECT_OTHER:
+				d_printf("SAMR_REJECT_OTHER\n");
 				break;
 			default:
 				d_printf("unknown reject reason: %d\n", reject.reject_reason);
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index fb228f9e2a..668c8e2095 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1092,7 +1092,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 	if (!pdb_get_pass_can_change(hnd)) {
 		DEBUG(1, ("user %s does not have permissions to change password\n", username));
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_OTHER;
+			*samr_reject_reason = SAMR_REJECT_OTHER;
 		}
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
@@ -1106,7 +1106,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 				  "denied by Refuse Machine Password Change policy\n",
 				  username));
 			if (samr_reject_reason) {
-				*samr_reject_reason = REJECT_REASON_OTHER;
+				*samr_reject_reason = SAMR_REJECT_OTHER;
 			}
 			return NT_STATUS_ACCOUNT_RESTRICTION;
 		}
@@ -1119,7 +1119,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 			  "wait until %s\n", username,
 			  http_timestring(can_change_time)));
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_OTHER;
+			*samr_reject_reason = SAMR_REJECT_OTHER;
 		}
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
@@ -1129,7 +1129,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 			  username));
 		DEBUGADD(1, (" account policy min password len = %d\n", min_len));
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_TOO_SHORT;
+			*samr_reject_reason = SAMR_REJECT_TOO_SHORT;
 		}
 		return NT_STATUS_PASSWORD_RESTRICTION;
 /* 		return NT_STATUS_PWD_TOO_SHORT; */
@@ -1137,7 +1137,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 
 	if (check_passwd_history(hnd,new_passwd)) {
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_IN_HISTORY;
+			*samr_reject_reason = SAMR_REJECT_IN_HISTORY;
 		}
 		return NT_STATUS_PASSWORD_RESTRICTION;
 	}
@@ -1158,7 +1158,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 		if (check_ret != 0) {
 			DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
 			if (samr_reject_reason) {
-				*samr_reject_reason = REJECT_REASON_NOT_COMPLEX;
+				*samr_reject_reason = SAMR_REJECT_COMPLEXITY;
 			}
 			TALLOC_FREE(pass);
 			return NT_STATUS_PASSWORD_RESTRICTION;
diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index 62facb6769..4dbace5bcc 100644
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -69,7 +69,7 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
 		sid_copy(&sid, &(info3->dom_sid.sid));
 		sid_append_rid(&sid, info3->user_rid);
 		sid_copy(&cred_sid, &sid);
-		info3->user_flgs |= LOGON_CACHED_ACCOUNT;
+		info3->user_flgs |= NETLOGON_CACHED_ACCOUNT;
 		
 	} else if (user_sid != NULL) {
 	
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 525096b0a2..0c75cb17a9 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -923,7 +923,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 		/* User *DOES* know the password, update logon_time and reset
 		 * bad_pw_count */
 	
-		my_info3->user_flgs |= LOGON_CACHED_ACCOUNT;
+		my_info3->user_flgs |= NETLOGON_CACHED_ACCOUNT;
 	
 		if (my_info3->acct_flags & ACB_AUTOLOCK) {
 			return NT_STATUS_ACCOUNT_LOCKED_OUT;
@@ -959,7 +959,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 		must_change_time = nt_time_to_unix(my_info3->pass_must_change_time);
 		if (must_change_time != 0 && must_change_time < time(NULL)) {
 			/* we allow grace logons when the password has expired */
-			my_info3->user_flgs |= LOGON_GRACE_LOGON;
+			my_info3->user_flgs |= NETLOGON_GRACE_LOGON;
 			/* return NT_STATUS_PASSWORD_EXPIRED; */
 			goto success;
 		}
@@ -1075,7 +1075,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 		}
 
 		if ((my_info3->user_rid != DOMAIN_USER_RID_ADMIN) || 
-		    (password_properties & DOMAIN_LOCKOUT_ADMINS)) {
+		    (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) {
 			my_info3->acct_flags |= ACB_AUTOLOCK;
 		}
 	}
-- 
cgit