Move MAX_SAM_ENTRIES defines to samr rpc_server and to samr.idl.
[samba.git] / source3 / rpc_server / srv_samr_nt.c
index 16b706453f8ad274bb2cd41e9dcd71a2d990a698..8289440d6e98ab4f844284390bf9520126887996 100644 (file)
@@ -577,8 +577,9 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
        if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function( info->acc_granted,
-               SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_OpenDomain" );
+       status = access_check_samr_function(info->acc_granted,
+                                           SA_RIGHT_SAM_OPEN_DOMAIN,
+                                           "_samr_OpenDomain" );
 
        if ( !NT_STATUS_IS_OK(status) )
                return status;
@@ -719,7 +720,9 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_SetSecurity");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_USER_SET_ATTRIBUTES,
+                                           "_samr_SetSecurity");
        if (NT_STATUS_IS_OK(status)) {
                become_root();
                status = pdb_update_sam_account(sampass);
@@ -829,32 +832,29 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
 makes a SAM_ENTRY / UNISTR2* structure from a user list.
 ********************************************************************/
 
-static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
-                                        UNISTR2 **uni_name_pp,
-                                        uint32 num_entries, uint32 start_idx,
+static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx,
+                                        struct samr_SamEntry **sam_pp,
+                                        uint32_t num_entries,
+                                        uint32_t start_idx,
                                         struct samr_displayentry *entries)
 {
-       uint32 i;
-       SAM_ENTRY *sam;
-       UNISTR2 *uni_name;
+       uint32_t i;
+       struct samr_SamEntry *sam;
 
        *sam_pp = NULL;
-       *uni_name_pp = NULL;
 
-       if (num_entries == 0)
+       if (num_entries == 0) {
                return NT_STATUS_OK;
+       }
 
-       sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_entries);
-
-       uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_entries);
-
-       if (sam == NULL || uni_name == NULL) {
+       sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_entries);
+       if (sam == NULL) {
                DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n"));
                return NT_STATUS_NO_MEMORY;
        }
 
        for (i = 0; i < num_entries; i++) {
-               UNISTR2 uni_temp_name;
+#if 0
                /*
                 * usrmgr expects a non-NULL terminated string with
                 * trust relationships
@@ -866,50 +866,59 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
                        init_unistr2(&uni_temp_name, entries[i].account_name,
                                     UNI_STR_TERMINATE);
                }
-
-               init_sam_entry(&sam[i], &uni_temp_name, entries[i].rid);
-               copy_unistr2(&uni_name[i], &uni_temp_name);
+#endif
+               init_lsa_String(&sam[i].name, entries[i].account_name);
+               sam[i].idx = entries[i].rid;
        }
 
        *sam_pp = sam;
-       *uni_name_pp = uni_name;
+
        return NT_STATUS_OK;
 }
 
+#define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K
+
 /*******************************************************************
samr_reply_enum_dom_users
_samr_EnumDomainUsers
  ********************************************************************/
 
-NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
-                             SAMR_R_ENUM_DOM_USERS *r_u)
+NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
+                              struct samr_EnumDomainUsers *r)
 {
+       NTSTATUS status;
        struct samr_info *info = NULL;
        int num_account;
-       uint32 enum_context=q_u->start_idx;
+       uint32 enum_context = *r->in.resume_handle;
        enum remote_arch_types ra_type = get_remote_arch();
        int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
        uint32 max_entries = max_sam_entries;
        struct samr_displayentry *entries = NULL;
-
-       r_u->status = NT_STATUS_OK;
+       struct samr_SamArray *samr_array = NULL;
+       struct samr_SamEntry *samr_entries = NULL;
 
        /* find the policy handle.  open a policy on it. */
-       if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+       if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
-                                       SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
-                                       "_samr_enum_dom_users"))) {
-               return r_u->status;
+       status = access_check_samr_function(info->acc_granted,
+                                           SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+                                           "_samr_EnumDomainUsers");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
-       DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+       DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
 
        if (info->builtin_domain) {
                /* No users in builtin. */
-               init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
-               DEBUG(5,("_samr_enum_dom_users: No users in BUILTIN\n"));
-               return r_u->status;
+               *r->out.resume_handle = *r->in.resume_handle;
+               DEBUG(5,("_samr_EnumDomainUsers: No users in BUILTIN\n"));
+               return status;
+       }
+
+       samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+       if (!samr_array) {
+               return NT_STATUS_NO_MEMORY;
        }
 
        become_root();
@@ -917,14 +926,14 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
        /* AS ROOT !!!! */
 
        if ((info->disp_info->enum_users != NULL) &&
-           (info->disp_info->enum_acb_mask != q_u->acb_mask)) {
+           (info->disp_info->enum_acb_mask != r->in.acct_flags)) {
                pdb_search_destroy(info->disp_info->enum_users);
                info->disp_info->enum_users = NULL;
        }
 
        if (info->disp_info->enum_users == NULL) {
-               info->disp_info->enum_users = pdb_search_users(q_u->acb_mask);
-               info->disp_info->enum_acb_mask = q_u->acb_mask;
+               info->disp_info->enum_users = pdb_search_users(r->in.acct_flags);
+               info->disp_info->enum_acb_mask = r->in.acct_flags;
        }
 
        if (info->disp_info->enum_users == NULL) {
@@ -942,63 +951,62 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
        unbecome_root();
 
        if (num_account == 0) {
-               DEBUG(5, ("_samr_enum_dom_users: enumeration handle over "
+               DEBUG(5, ("_samr_EnumDomainUsers: enumeration handle over "
                          "total entries\n"));
-               init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
+               *r->out.resume_handle = *r->in.resume_handle;
                return NT_STATUS_OK;
        }
 
-       r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam,
-                                              &r_u->uni_acct_name,
-                                              num_account, enum_context,
-                                              entries);
-
-       if (!NT_STATUS_IS_OK(r_u->status))
-               return r_u->status;
+       status = make_user_sam_entry_list(p->mem_ctx, &samr_entries,
+                                         num_account, enum_context,
+                                         entries);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
        if (max_entries <= num_account) {
-               r_u->status = STATUS_MORE_ENTRIES;
+               status = STATUS_MORE_ENTRIES;
        } else {
-               r_u->status = NT_STATUS_OK;
+               status = NT_STATUS_OK;
        }
 
        /* Ensure we cache this enumeration. */
        set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-       DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__));
+       DEBUG(5, ("_samr_EnumDomainUsers: %d\n", __LINE__));
+
+       samr_array->count = num_account;
+       samr_array->entries = samr_entries;
 
-       init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_account,
-                                  num_account);
+       *r->out.resume_handle = *r->in.resume_handle + num_account;
+       *r->out.sam = samr_array;
+       *r->out.num_entries = num_account;
 
-       DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+       DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
 makes a SAM_ENTRY / UNISTR2* structure from a group list.
 ********************************************************************/
 
-static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
-                                     UNISTR2 **uni_name_pp,
-                                     uint32 num_sam_entries,
+static void make_group_sam_entry_list(TALLOC_CTX *ctx,
+                                     struct samr_SamEntry **sam_pp,
+                                     uint32_t num_sam_entries,
                                      struct samr_displayentry *entries)
 {
-       uint32 i;
-       SAM_ENTRY *sam;
-       UNISTR2 *uni_name;
+       struct samr_SamEntry *sam;
+       uint32_t i;
 
        *sam_pp = NULL;
-       *uni_name_pp = NULL;
 
-       if (num_sam_entries == 0)
+       if (num_sam_entries == 0) {
                return;
+       }
 
-       sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
-       uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
-
-       if (sam == NULL || uni_name == NULL) {
-               DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+       sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_sam_entries);
+       if (sam == NULL) {
                return;
        }
 
@@ -1006,44 +1014,50 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
                /*
                 * JRA. I think this should include the null. TNG does not.
                 */
-               init_unistr2(&uni_name[i], entries[i].account_name,
-                            UNI_STR_TERMINATE);
-               init_sam_entry(&sam[i], &uni_name[i], entries[i].rid);
+               init_lsa_String(&sam[i].name, entries[i].account_name);
+               sam[i].idx = entries[i].rid;
        }
 
        *sam_pp = sam;
-       *uni_name_pp = uni_name;
 }
 
 /*******************************************************************
samr_reply_enum_dom_groups
_samr_EnumDomainGroups
  ********************************************************************/
 
-NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u)
+NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
+                               struct samr_EnumDomainGroups *r)
 {
+       NTSTATUS status;
        struct samr_info *info = NULL;
        struct samr_displayentry *groups;
        uint32 num_groups;
-
-       r_u->status = NT_STATUS_OK;
+       struct samr_SamArray *samr_array = NULL;
+       struct samr_SamEntry *samr_entries = NULL;
 
        /* find the policy handle.  open a policy on it. */
-       if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+       if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
-       r_u->status = access_check_samr_function(info->acc_granted,
-                                                SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
-                                                "_samr_enum_dom_groups");
-       if (!NT_STATUS_IS_OK(r_u->status))
-               return r_u->status;
+       status = access_check_samr_function(info->acc_granted,
+                                           SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+                                           "_samr_EnumDomainGroups");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
-       DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+       DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
 
        if (info->builtin_domain) {
                /* No groups in builtin. */
-               init_samr_r_enum_dom_groups(r_u, q_u->start_idx, 0);
-               DEBUG(5,("_samr_enum_dom_users: No groups in BUILTIN\n"));
-               return r_u->status;
+               *r->out.resume_handle = *r->in.resume_handle;
+               DEBUG(5,("_samr_EnumDomainGroups: No groups in BUILTIN\n"));
+               return status;
+       }
+
+       samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+       if (!samr_array) {
+               return NT_STATUS_NO_MEMORY;
        }
 
        /* the domain group array is being allocated in the function below */
@@ -1059,46 +1073,64 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM
                }
        }
 
-       num_groups = pdb_search_entries(info->disp_info->groups, q_u->start_idx,
+       num_groups = pdb_search_entries(info->disp_info->groups,
+                                       *r->in.resume_handle,
                                        MAX_SAM_ENTRIES, &groups);
        unbecome_root();
 
        /* Ensure we cache this enumeration. */
        set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-       make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
+       make_group_sam_entry_list(p->mem_ctx, &samr_entries,
                                  num_groups, groups);
 
-       init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_groups);
+       samr_array->count = num_groups;
+       samr_array->entries = samr_entries;
+
+       *r->out.sam = samr_array;
+       *r->out.num_entries = num_groups;
+       /* this was missing, IMHO:
+       *r->out.resume_handle = num_groups + *r->in.resume_handle;
+       */
 
-       DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+       DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
samr_reply_enum_dom_aliases
_samr_EnumDomainAliases
  ********************************************************************/
 
-NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u)
+NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
+                                struct samr_EnumDomainAliases *r)
 {
+       NTSTATUS status;
        struct samr_info *info;
        struct samr_displayentry *aliases;
        uint32 num_aliases = 0;
+       struct samr_SamArray *samr_array = NULL;
+       struct samr_SamEntry *samr_entries = NULL;
 
        /* find the policy handle.  open a policy on it. */
-       if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+       if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
-       r_u->status = access_check_samr_function(info->acc_granted,
-                                                SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
-                                                "_samr_enum_dom_aliases");
-       if (!NT_STATUS_IS_OK(r_u->status))
-               return r_u->status;
+       status = access_check_samr_function(info->acc_granted,
+                                           SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+                                           "_samr_EnumDomainAliases");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
-       DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n",
+       DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
                 sid_string_dbg(&info->sid)));
 
+       samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+       if (!samr_array) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        become_root();
 
        if (info->disp_info->aliases == NULL) {
@@ -1109,39 +1141,244 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
                }
        }
 
-       num_aliases = pdb_search_entries(info->disp_info->aliases, q_u->start_idx,
+       num_aliases = pdb_search_entries(info->disp_info->aliases,
+                                        *r->in.resume_handle,
                                         MAX_SAM_ENTRIES, &aliases);
        unbecome_root();
 
        /* Ensure we cache this enumeration. */
        set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-       make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
+       make_group_sam_entry_list(p->mem_ctx, &samr_entries,
                                  num_aliases, aliases);
 
-       init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_aliases,
-                                    num_aliases);
+       DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__));
+
+       samr_array->count = num_aliases;
+       samr_array->entries = samr_entries;
 
-       DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
+       *r->out.sam = samr_array;
+       *r->out.num_entries = num_aliases;
+       *r->out.resume_handle = num_aliases + *r->in.resume_handle;
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
- samr_reply_query_dispinfo
+ inits a samr_DispInfoGeneral structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_1(TALLOC_CTX *ctx,
+                                    struct samr_DispInfoGeneral *r,
+                                    uint32_t num_entries,
+                                    uint32_t start_idx,
+                                    struct samr_displayentry *entries)
+{
+       uint32 i;
+
+       DEBUG(10, ("init_samr_dispinfo_1: num_entries: %d\n", num_entries));
+
+       if (num_entries == 0) {
+               return NT_STATUS_OK;
+       }
+
+       r->count = num_entries;
+
+       r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryGeneral, num_entries);
+       if (!r->entries) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i = 0; i < num_entries ; i++) {
+
+               init_lsa_String(&r->entries[i].account_name,
+                               entries[i].account_name);
+
+               init_lsa_String(&r->entries[i].description,
+                               entries[i].description);
+
+               init_lsa_String(&r->entries[i].full_name,
+                               entries[i].fullname);
+
+               r->entries[i].rid = entries[i].rid;
+               r->entries[i].acct_flags = entries[i].acct_flags;
+               r->entries[i].idx = start_idx+i+1;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoFull structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_2(TALLOC_CTX *ctx,
+                                    struct samr_DispInfoFull *r,
+                                    uint32_t num_entries,
+                                    uint32_t start_idx,
+                                    struct samr_displayentry *entries)
+{
+       uint32_t i;
+
+       DEBUG(10, ("init_samr_dispinfo_2: num_entries: %d\n", num_entries));
+
+       if (num_entries == 0) {
+               return NT_STATUS_OK;
+       }
+
+       r->count = num_entries;
+
+       r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFull, num_entries);
+       if (!r->entries) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i = 0; i < num_entries ; i++) {
+
+               init_lsa_String(&r->entries[i].account_name,
+                               entries[i].account_name);
+
+               init_lsa_String(&r->entries[i].description,
+                               entries[i].description);
+
+               r->entries[i].rid = entries[i].rid;
+               r->entries[i].acct_flags = entries[i].acct_flags;
+               r->entries[i].idx = start_idx+i+1;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoFullGroups structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_3(TALLOC_CTX *ctx,
+                                    struct samr_DispInfoFullGroups *r,
+                                    uint32_t num_entries,
+                                    uint32_t start_idx,
+                                    struct samr_displayentry *entries)
+{
+       uint32_t i;
+
+       DEBUG(5, ("init_samr_dispinfo_3: num_entries: %d\n", num_entries));
+
+       if (num_entries == 0) {
+               return NT_STATUS_OK;
+       }
+
+       r->count = num_entries;
+
+       r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFullGroup, num_entries);
+       if (!r->entries) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i = 0; i < num_entries ; i++) {
+
+               init_lsa_String(&r->entries[i].account_name,
+                               entries[i].account_name);
+
+               init_lsa_String(&r->entries[i].description,
+                               entries[i].description);
+
+               r->entries[i].rid = entries[i].rid;
+               r->entries[i].acct_flags = entries[i].acct_flags;
+               r->entries[i].idx = start_idx+i+1;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoAscii structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_4(TALLOC_CTX *ctx,
+                                    struct samr_DispInfoAscii *r,
+                                    uint32_t num_entries,
+                                    uint32_t start_idx,
+                                    struct samr_displayentry *entries)
+{
+       uint32_t i;
+
+       DEBUG(5, ("init_samr_dispinfo_4: num_entries: %d\n", num_entries));
+
+       if (num_entries == 0) {
+               return NT_STATUS_OK;
+       }
+
+       r->count = num_entries;
+
+       r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
+       if (!r->entries) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i = 0; i < num_entries ; i++) {
+
+               init_lsa_AsciiString(&r->entries[i].account_name,
+                                    entries[i].account_name);
+
+               r->entries[i].idx = start_idx+i+1;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoAscii structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_5(TALLOC_CTX *ctx,
+                                    struct samr_DispInfoAscii *r,
+                                    uint32_t num_entries,
+                                    uint32_t start_idx,
+                                    struct samr_displayentry *entries)
+{
+       uint32_t i;
+
+       DEBUG(5, ("init_samr_dispinfo_5: num_entries: %d\n", num_entries));
+
+       if (num_entries == 0) {
+               return NT_STATUS_OK;
+       }
+
+       r->count = num_entries;
+
+       r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
+       if (!r->entries) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       for (i = 0; i < num_entries ; i++) {
+
+               init_lsa_AsciiString(&r->entries[i].account_name,
+                                    entries[i].account_name);
+
+               r->entries[i].idx = start_idx+i+1;
+       }
+
+       return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ _samr_QueryDisplayInfo
  ********************************************************************/
 
-NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
-                             SAMR_R_QUERY_DISPINFO *r_u)
+NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
+                               struct samr_QueryDisplayInfo *r)
 {
+       NTSTATUS status;
        struct samr_info *info = NULL;
        uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
 
-       uint32 max_entries=q_u->max_entries;
-       uint32 enum_context=q_u->start_idx;
-       uint32 max_size=q_u->max_size;
+       uint32 max_entries = r->in.max_entries;
+       uint32 enum_context = r->in.start_idx;
+       uint32 max_size = r->in.buf_size;
+
+       union samr_DispInfo *disp_info = r->out.info;
 
-       SAM_DISPINFO_CTR *ctr;
        uint32 temp_size=0, total_data_size=0;
        NTSTATUS disp_ret = NT_STATUS_UNSUCCESSFUL;
        uint32 num_account = 0;
@@ -1149,11 +1386,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
        int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
        struct samr_displayentry *entries = NULL;
 
-       DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__));
-       r_u->status = NT_STATUS_UNSUCCESSFUL;
+       DEBUG(5,("_samr_QueryDisplayInfo: %d\n", __LINE__));
 
        /* find the policy handle.  open a policy on it. */
-       if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)(void *)&info))
+       if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
        /*
@@ -1184,15 +1420,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
         * JFM, 12/20/2001
         */
 
-       if ((q_u->switch_level < 1) || (q_u->switch_level > 5)) {
-               DEBUG(0,("_samr_query_dispinfo: Unknown info level (%u)\n",
-                        (unsigned int)q_u->switch_level ));
+       if ((r->in.level < 1) || (r->in.level > 5)) {
+               DEBUG(0,("_samr_QueryDisplayInfo: Unknown info level (%u)\n",
+                        (unsigned int)r->in.level ));
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
        /* first limit the number of entries we will return */
        if(max_entries > max_sam_entries) {
-               DEBUG(5, ("samr_reply_query_dispinfo: client requested %d "
+               DEBUG(5, ("_samr_QueryDisplayInfo: client requested %d "
                          "entries, limiting to %d\n", max_entries,
                          max_sam_entries));
                max_entries = max_sam_entries;
@@ -1205,20 +1441,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 
        if (temp_size>max_size) {
                max_entries=MIN((max_size/struct_size),max_entries);;
-               DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to "
+               DEBUG(5, ("_samr_QueryDisplayInfo: buffer size limits to "
                          "only %d entries\n", max_entries));
        }
 
-       if (!(ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_DISPINFO_CTR)))
-               return NT_STATUS_NO_MEMORY;
-
-       ZERO_STRUCTP(ctr);
-
        become_root();
 
        /* THe following done as ROOT. Don't return without unbecome_root(). */
 
-       switch (q_u->switch_level) {
+       switch (r->in.level) {
        case 0x1:
        case 0x4:
                if (info->disp_info->users == NULL) {
@@ -1227,10 +1458,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
                                unbecome_root();
                                return NT_STATUS_ACCESS_DENIED;
                        }
-                       DEBUG(10,("samr_reply_query_dispinfo: starting user enumeration at index %u\n",
+                       DEBUG(10,("_samr_QueryDisplayInfo: starting user enumeration at index %u\n",
                                (unsigned  int)enum_context ));
                } else {
-                       DEBUG(10,("samr_reply_query_dispinfo: using cached user enumeration at index %u\n",
+                       DEBUG(10,("_samr_QueryDisplayInfo: using cached user enumeration at index %u\n",
                                (unsigned  int)enum_context ));
                }
 
@@ -1246,10 +1477,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
                                unbecome_root();
                                return NT_STATUS_ACCESS_DENIED;
                        }
-                       DEBUG(10,("samr_reply_query_dispinfo: starting machine enumeration at index %u\n",
+                       DEBUG(10,("_samr_QueryDisplayInfo: starting machine enumeration at index %u\n",
                                (unsigned  int)enum_context ));
                } else {
-                       DEBUG(10,("samr_reply_query_dispinfo: using cached machine enumeration at index %u\n",
+                       DEBUG(10,("_samr_QueryDisplayInfo: using cached machine enumeration at index %u\n",
                                (unsigned  int)enum_context ));
                }
 
@@ -1265,10 +1496,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
                                unbecome_root();
                                return NT_STATUS_ACCESS_DENIED;
                        }
-                       DEBUG(10,("samr_reply_query_dispinfo: starting group enumeration at index %u\n",
+                       DEBUG(10,("_samr_QueryDisplayInfo: starting group enumeration at index %u\n",
                                (unsigned  int)enum_context ));
                } else {
-                       DEBUG(10,("samr_reply_query_dispinfo: using cached group enumeration at index %u\n",
+                       DEBUG(10,("_samr_QueryDisplayInfo: using cached group enumeration at index %u\n",
                                (unsigned  int)enum_context ));
                }
 
@@ -1283,32 +1514,33 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
        }
        unbecome_root();
 
+
        /* Now create reply structure */
-       switch (q_u->switch_level) {
+       switch (r->in.level) {
        case 0x1:
-               disp_ret = init_sam_dispinfo_1(p->mem_ctx, &ctr->sam.info1,
-                                              num_account, enum_context,
-                                              entries);
+               disp_ret = init_samr_dispinfo_1(p->mem_ctx, &disp_info->info1,
+                                               num_account, enum_context,
+                                               entries);
                break;
        case 0x2:
-               disp_ret = init_sam_dispinfo_2(p->mem_ctx, &ctr->sam.info2,
-                                              num_account, enum_context,
-                                              entries);
+               disp_ret = init_samr_dispinfo_2(p->mem_ctx, &disp_info->info2,
+                                               num_account, enum_context,
+                                               entries);
                break;
        case 0x3:
-               disp_ret = init_sam_dispinfo_3(p->mem_ctx, &ctr->sam.info3,
-                                              num_account, enum_context,
-                                              entries);
+               disp_ret = init_samr_dispinfo_3(p->mem_ctx, &disp_info->info3,
+                                               num_account, enum_context,
+                                               entries);
                break;
        case 0x4:
-               disp_ret = init_sam_dispinfo_4(p->mem_ctx, &ctr->sam.info4,
-                                              num_account, enum_context,
-                                              entries);
+               disp_ret = init_samr_dispinfo_4(p->mem_ctx, &disp_info->info4,
+                                               num_account, enum_context,
+                                               entries);
                break;
        case 0x5:
-               disp_ret = init_sam_dispinfo_5(p->mem_ctx, &ctr->sam.info5,
-                                              num_account, enum_context,
-                                              entries);
+               disp_ret = init_samr_dispinfo_5(p->mem_ctx, &disp_info->info5,
+                                               num_account, enum_context,
+                                               entries);
                break;
        default:
                smb_panic("info class changed");
@@ -1322,44 +1554,97 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
        total_data_size=num_account*struct_size;
 
        if (num_account) {
-               r_u->status = STATUS_MORE_ENTRIES;
+               status = STATUS_MORE_ENTRIES;
        } else {
-               r_u->status = NT_STATUS_OK;
+               status = NT_STATUS_OK;
        }
 
        /* Ensure we cache this enumeration. */
        set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-       DEBUG(5, ("_samr_query_dispinfo: %d\n", __LINE__));
+       DEBUG(5, ("_samr_QueryDisplayInfo: %d\n", __LINE__));
 
-       init_samr_r_query_dispinfo(r_u, num_account, total_data_size,
-                                  temp_size, q_u->switch_level, ctr,
-                                  r_u->status);
+       *r->out.total_size = total_data_size;
+       *r->out.returned_size = temp_size;
 
-       return r_u->status;
+       return status;
+}
 
+/****************************************************************
+ _samr_QueryDisplayInfo2
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p,
+                                struct samr_QueryDisplayInfo2 *r)
+{
+       struct samr_QueryDisplayInfo q;
+
+       q.in.domain_handle      = r->in.domain_handle;
+       q.in.level              = r->in.level;
+       q.in.start_idx          = r->in.start_idx;
+       q.in.max_entries        = r->in.max_entries;
+       q.in.buf_size           = r->in.buf_size;
+
+       q.out.total_size        = r->out.total_size;
+       q.out.returned_size     = r->out.returned_size;
+       q.out.info              = r->out.info;
+
+       return _samr_QueryDisplayInfo(p, &q);
+}
+
+/****************************************************************
+ _samr_QueryDisplayInfo3
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p,
+                                struct samr_QueryDisplayInfo3 *r)
+{
+       struct samr_QueryDisplayInfo q;
+
+       q.in.domain_handle      = r->in.domain_handle;
+       q.in.level              = r->in.level;
+       q.in.start_idx          = r->in.start_idx;
+       q.in.max_entries        = r->in.max_entries;
+       q.in.buf_size           = r->in.buf_size;
+
+       q.out.total_size        = r->out.total_size;
+       q.out.returned_size     = r->out.returned_size;
+       q.out.info              = r->out.info;
+
+       return _samr_QueryDisplayInfo(p, &q);
 }
 
 /*******************************************************************
samr_reply_query_aliasinfo
_samr_QueryAliasInfo
  ********************************************************************/
 
-NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u)
+NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
+                             struct samr_QueryAliasInfo *r)
 {
        DOM_SID   sid;
        struct acct_info info;
        uint32    acc_granted;
        NTSTATUS status;
+       union samr_AliasInfo *alias_info = NULL;
+       const char *alias_name = NULL;
+       const char *alias_description = NULL;
 
-       r_u->status = NT_STATUS_OK;
+       DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
 
-       DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+       alias_info = TALLOC_ZERO_P(p->mem_ctx, union samr_AliasInfo);
+       if (!alias_info) {
+               return NT_STATUS_NO_MEMORY;
+       }
 
        /* find the policy handle.  open a policy on it. */
-       if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
+       if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &sid, &acc_granted, NULL))
                return NT_STATUS_INVALID_HANDLE;
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
-               return r_u->status;
+
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_ALIAS_LOOKUP_INFO,
+                                           "_samr_QueryAliasInfo");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
        become_root();
@@ -1369,26 +1654,30 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
        if ( !NT_STATUS_IS_OK(status))
                return status;
 
-       if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) )
-               return NT_STATUS_NO_MEMORY;
-
+       /* FIXME: info contains fstrings */
+       alias_name = talloc_strdup(r, info.acct_name);
+       alias_description = talloc_strdup(r, info.acct_desc);
 
-       switch (q_u->level ) {
-       case 1:
-               r_u->ctr->level = 1;
-               init_samr_alias_info1(&r_u->ctr->alias.info1, info.acct_name, 1, info.acct_desc);
+       switch (r->in.level) {
+       case ALIASINFOALL:
+               init_samr_alias_info1(&alias_info->all,
+                                     alias_name,
+                                     1,
+                                     alias_description);
                break;
-       case 3:
-               r_u->ctr->level = 3;
-               init_samr_alias_info3(&r_u->ctr->alias.info3, info.acct_desc);
+       case ALIASINFODESCRIPTION:
+               init_samr_alias_info3(&alias_info->description,
+                                     alias_description);
                break;
        default:
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
-       DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+       *r->out.info = alias_info;
+
+       DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
 
-       return r_u->status;
+       return NT_STATUS_OK;
 }
 
 #if 0
@@ -1452,83 +1741,88 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 #endif
 
 /*******************************************************************
- _samr_lookup_names
+ _samr_LookupNames
  ********************************************************************/
 
-NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOKUP_NAMES *r_u)
+NTSTATUS _samr_LookupNames(pipes_struct *p,
+                          struct samr_LookupNames *r)
 {
+       NTSTATUS status;
        uint32 rid[MAX_SAM_ENTRIES];
        enum lsa_SidType type[MAX_SAM_ENTRIES];
        int i;
-       int num_rids = q_u->num_names2;
+       int num_rids = r->in.num_names;
        DOM_SID pol_sid;
        uint32  acc_granted;
+       struct samr_Ids rids, types;
 
-       r_u->status = NT_STATUS_OK;
-
-       DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+       DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
 
        ZERO_ARRAY(rid);
        ZERO_ARRAY(type);
 
-       if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL)) {
-               init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH);
-               return r_u->status;
+       if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL)) {
+               return NT_STATUS_OBJECT_TYPE_MISMATCH;
        }
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */
-               return r_u->status;
+       status = access_check_samr_function(acc_granted,
+                                           0, /* Don't know the acc_bits yet */
+                                           "_samr_LookupNames");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
        if (num_rids > MAX_SAM_ENTRIES) {
                num_rids = MAX_SAM_ENTRIES;
-               DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
+               DEBUG(5,("_samr_LookupNames: truncating entries to %d\n", num_rids));
        }
 
-       DEBUG(5,("_samr_lookup_names: looking name on SID %s\n",
+       DEBUG(5,("_samr_LookupNames: looking name on SID %s\n",
                 sid_string_dbg(&pol_sid)));
 
        for (i = 0; i < num_rids; i++) {
-               fstring name;
-               int ret;
 
-               r_u->status = NT_STATUS_NONE_MAPPED;
+               status = NT_STATUS_NONE_MAPPED;
                type[i] = SID_NAME_UNKNOWN;
 
-               rid [i] = 0xffffffff;
-
-               ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
-
-               if (ret <= 0) {
-                       continue;
-               }
+               rid[i] = 0xffffffff;
 
                if (sid_check_is_builtin(&pol_sid)) {
-                       if (lookup_builtin_name(name, &rid[i])) {
+                       if (lookup_builtin_name(r->in.names[i].string,
+                                               &rid[i]))
+                       {
                                type[i] = SID_NAME_ALIAS;
                        }
                } else {
-                       lookup_global_sam_name(name, 0, &rid[i], &type[i]);
+                       lookup_global_sam_name(r->in.names[i].string, 0,
+                                              &rid[i], &type[i]);
                }
 
                if (type[i] != SID_NAME_UNKNOWN) {
-                       r_u->status = NT_STATUS_OK;
+                       status = NT_STATUS_OK;
                }
        }
 
-       init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, type, r_u->status);
+       rids.count = num_rids;
+       rids.ids = rid;
+
+       types.count = num_rids;
+       types.ids = type;
 
-       DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+       *r->out.rids = rids;
+       *r->out.types = types;
 
-       return r_u->status;
+       DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
+
+       return status;
 }
 
 /*******************************************************************
  _samr_ChangePasswordUser2
  ********************************************************************/
+
 NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
                                   struct samr_ChangePasswordUser2 *r)
-
 {
        NTSTATUS status;
        fstring user_name;
@@ -1553,8 +1847,12 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
         * is case insensitive.
         */
 
-       status = pass_oem_change(user_name, r->in.lm_password->data, r->in.lm_verifier->hash,
-                               r->in.nt_password->data, r->in.nt_verifier->hash, NULL);
+       status = pass_oem_change(user_name,
+                                r->in.lm_password->data,
+                                r->in.lm_verifier->hash,
+                                r->in.nt_password->data,
+                                r->in.nt_verifier->hash,
+                                NULL);
 
        DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
 
@@ -1562,23 +1860,27 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
 }
 
 /*******************************************************************
- _samr_chgpasswd_user3
+ _samr_ChangePasswordUser3
  ********************************************************************/
 
-NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAMR_R_CHGPASSWD_USER3 *r_u)
+NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
+                                  struct samr_ChangePasswordUser3 *r)
 {
+       NTSTATUS status;
        fstring user_name;
-       fstring wks;
+       const char *wks = NULL;
        uint32 reject_reason;
-       SAM_UNK_INFO_1 *info = NULL;
-       SAMR_CHANGE_REJECT *reject = NULL;
+       struct samr_DomInfo1 *dominfo = NULL;
+       struct samr_ChangeReject *reject = NULL;
 
-       DEBUG(5,("_samr_chgpasswd_user3: %d\n", __LINE__));
+       DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
 
-       rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
-       rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
+       fstrcpy(user_name, r->in.account->string);
+       if (r->in.server && r->in.server->string) {
+               wks = r->in.server->string;
+       }
 
-       DEBUG(5,("_samr_chgpasswd_user3: user: %s wks: %s\n", user_name, wks));
+       DEBUG(5,("_samr_ChangePasswordUser3: user: %s wks: %s\n", user_name, wks));
 
        /*
         * Pass the user through the NT -> unix user mapping
@@ -1592,28 +1894,31 @@ NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAM
         * is case insensitive.
         */
 
-       r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
-                                     q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason);
+       status = pass_oem_change(user_name,
+                                r->in.lm_password->data,
+                                r->in.lm_verifier->hash,
+                                r->in.nt_password->data,
+                                r->in.nt_verifier->hash,
+                                &reject_reason);
 
-       if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) ||
-           NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) {
+       if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) ||
+           NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) {
 
                uint32 min_pass_len,pass_hist,password_properties;
                time_t u_expire, u_min_age;
                NTTIME nt_expire, nt_min_age;
                uint32 account_policy_temp;
 
-               if ((info = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+               dominfo = TALLOC_ZERO_P(p->mem_ctx, struct samr_DomInfo1);
+               if (!dominfo) {
                        return NT_STATUS_NO_MEMORY;
                }
 
-               if ((reject = TALLOC_ZERO_P(p->mem_ctx, SAMR_CHANGE_REJECT)) == NULL) {
+               reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
+               if (!reject) {
                        return NT_STATUS_NO_MEMORY;
                }
 
-               ZERO_STRUCTP(info);
-               ZERO_STRUCTP(reject);
-
                become_root();
 
                /* AS ROOT !!! */
@@ -1640,17 +1945,26 @@ NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAM
                unix_to_nt_time_abs(&nt_expire, u_expire);
                unix_to_nt_time_abs(&nt_min_age, u_min_age);
 
-               init_unk_info1(info, (uint16)min_pass_len, (uint16)pass_hist,
-                              password_properties, nt_expire, nt_min_age);
+               if (lp_check_password_script() && *lp_check_password_script()) {
+                       password_properties |= DOMAIN_PASSWORD_COMPLEX;
+               }
 
-               reject->reject_reason = reject_reason;
-       }
+               init_samr_DomInfo1(dominfo,
+                                  min_pass_len,
+                                  pass_hist,
+                                  password_properties,
+                                  u_expire,
+                                  u_min_age);
 
-       init_samr_r_chgpasswd_user3(r_u, r_u->status, reject, info);
+               reject->reason = reject_reason;
+
+               *r->out.dominfo = dominfo;
+               *r->out.reject = reject;
+       }
 
-       DEBUG(5,("_samr_chgpasswd_user3: %d\n", __LINE__));
+       DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
@@ -1658,60 +1972,54 @@ makes a SAMR_R_LOOKUP_RIDS structure.
 ********************************************************************/
 
 static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
-                                 const char **names, UNIHDR **pp_hdr_name,
-                                 UNISTR2 **pp_uni_name)
+                                 const char **names,
+                                 struct lsa_String **lsa_name_array_p)
 {
-       uint32 i;
-       UNIHDR *hdr_name=NULL;
-       UNISTR2 *uni_name=NULL;
+       struct lsa_String *lsa_name_array = NULL;
+       uint32_t i;
 
-       *pp_uni_name = NULL;
-       *pp_hdr_name = NULL;
+       *lsa_name_array_p = NULL;
 
        if (num_names != 0) {
-               hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names);
-               if (hdr_name == NULL)
-                       return False;
-
-               uni_name = TALLOC_ZERO_ARRAY(ctx,UNISTR2, num_names);
-               if (uni_name == NULL)
-                       return False;
+               lsa_name_array = TALLOC_ZERO_ARRAY(ctx, struct lsa_String, num_names);
+               if (!lsa_name_array) {
+                       return false;
+               }
        }
 
        for (i = 0; i < num_names; i++) {
                DEBUG(10, ("names[%d]:%s\n", i, names[i] && *names[i] ? names[i] : ""));
-               init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE);
-               init_uni_hdr(&hdr_name[i], &uni_name[i]);
+               init_lsa_String(&lsa_name_array[i], names[i]);
        }
 
-       *pp_uni_name = uni_name;
-       *pp_hdr_name = hdr_name;
+       *lsa_name_array_p = lsa_name_array;
 
-       return True;
+       return true;
 }
 
 /*******************************************************************
- _samr_lookup_rids
+ _samr_LookupRids
  ********************************************************************/
 
-NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP_RIDS *r_u)
+NTSTATUS _samr_LookupRids(pipes_struct *p,
+                         struct samr_LookupRids *r)
 {
+       NTSTATUS status;
        const char **names;
        enum lsa_SidType *attrs = NULL;
        uint32 *wire_attrs = NULL;
-       UNIHDR *hdr_name = NULL;
-       UNISTR2 *uni_name = NULL;
        DOM_SID pol_sid;
-       int num_rids = (int)q_u->num_rids1;
+       int num_rids = (int)r->in.num_rids;
        uint32 acc_granted;
        int i;
+       struct lsa_Strings names_array;
+       struct samr_Ids types_array;
+       struct lsa_String *lsa_names = NULL;
 
-       r_u->status = NT_STATUS_OK;
-
-       DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+       DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
 
        /* find the policy handle.  open a policy on it. */
-       if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL))
+       if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
                return NT_STATUS_INVALID_HANDLE;
 
        if (num_rids > 1000) {
@@ -1734,28 +2042,36 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
        }
 
        become_root();  /* lookup_sid can require root privs */
-       r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid,
-                                     names, attrs);
+       status = pdb_lookup_rids(&pol_sid, num_rids, r->in.rids,
+                                names, attrs);
        unbecome_root();
 
-       if ( NT_STATUS_EQUAL(r_u->status, NT_STATUS_NONE_MAPPED) && (num_rids == 0) ) {
-               r_u->status = NT_STATUS_OK;
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) && (num_rids == 0)) {
+               status = NT_STATUS_OK;
        }
 
-       if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
-                                 &hdr_name, &uni_name))
+       if (!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
+                                  &lsa_names)) {
                return NT_STATUS_NO_MEMORY;
+       }
 
        /* Convert from enum lsa_SidType to uint32 for wire format. */
        for (i = 0; i < num_rids; i++) {
                wire_attrs[i] = (uint32)attrs[i];
        }
 
-       init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, wire_attrs);
+       names_array.count = num_rids;
+       names_array.names = lsa_names;
+
+       types_array.count = num_rids;
+       types_array.ids = wire_attrs;
 
-       DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+       *r->out.names = names_array;
+       *r->out.types = types_array;
 
-       return r_u->status;
+       DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
+
+       return status;
 }
 
 /*******************************************************************
@@ -1783,8 +2099,9 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
        if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
                return NT_STATUS_INVALID_HANDLE;
 
-       nt_status = access_check_samr_function( acc_granted,
-               SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenUser" );
+       nt_status = access_check_samr_function(acc_granted,
+                                              SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+                                              "_samr_OpenUser" );
 
        if ( !NT_STATUS_IS_OK(nt_status) )
                return nt_status;
@@ -1840,10 +2157,15 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
  get_user_info_7. Safe. Only gives out account_name.
  *************************************************************************/
 
-static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid)
+static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx,
+                               struct samr_UserInfo7 *r,
+                               DOM_SID *user_sid)
 {
        struct samu *smbpass=NULL;
        bool ret;
+       const char *account_name = NULL;
+
+       ZERO_STRUCTP(r);
 
        if ( !(smbpass = samu_new( mem_ctx )) ) {
                return NT_STATUS_NO_MEMORY;
@@ -1858,12 +2180,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
                return NT_STATUS_NO_SUCH_USER;
        }
 
-       DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
+       account_name = talloc_strdup(mem_ctx, pdb_get_username(smbpass));
+       if (!account_name) {
+               TALLOC_FREE(smbpass);
+               return NT_STATUS_NO_MEMORY;
+       }
+       TALLOC_FREE(smbpass);
 
-       ZERO_STRUCTP(id7);
-       init_sam_user_info7(id7, pdb_get_username(smbpass) );
+       DEBUG(3,("User:[%s]\n", account_name));
 
-       TALLOC_FREE(smbpass);
+       init_samr_user_info7(r, account_name);
 
        return NT_STATUS_OK;
 }
@@ -1871,11 +2197,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
 /*************************************************************************
  get_user_info_9. Only gives out primary group SID.
  *************************************************************************/
-static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid)
+
+static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx,
+                               struct samr_UserInfo9 *r,
+                               DOM_SID *user_sid)
 {
        struct samu *smbpass=NULL;
        bool ret;
 
+       ZERO_STRUCTP(r);
+
        if ( !(smbpass = samu_new( mem_ctx )) ) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -1886,13 +2217,13 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
 
        if (ret==False) {
                DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+               TALLOC_FREE(smbpass);
                return NT_STATUS_NO_SUCH_USER;
        }
 
        DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
 
-       ZERO_STRUCTP(id9);
-       init_sam_user_info9(id9, pdb_get_group_rid(smbpass) );
+       init_samr_user_info9(r, pdb_get_group_rid(smbpass));
 
        TALLOC_FREE(smbpass);
 
@@ -1903,11 +2234,15 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
  get_user_info_16. Safe. Only gives out acb bits.
  *************************************************************************/
 
-static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid)
+static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo16 *r,
+                                DOM_SID *user_sid)
 {
        struct samu *smbpass=NULL;
        bool ret;
 
+       ZERO_STRUCTP(r);
+
        if ( !(smbpass = samu_new( mem_ctx )) ) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -1918,13 +2253,13 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
 
        if (ret==False) {
                DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+               TALLOC_FREE(smbpass);
                return NT_STATUS_NO_SUCH_USER;
        }
 
        DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
 
-       ZERO_STRUCTP(id16);
-       init_sam_user_info16(id16, pdb_get_acct_ctrl(smbpass) );
+       init_samr_user_info16(r, pdb_get_acct_ctrl(smbpass));
 
        TALLOC_FREE(smbpass);
 
@@ -1937,11 +2272,16 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
  user. JRA.
  *************************************************************************/
 
-static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid)
+static NTSTATUS get_user_info_18(pipes_struct *p,
+                                TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo18 *r,
+                                DOM_SID *user_sid)
 {
        struct samu *smbpass=NULL;
        bool ret;
 
+       ZERO_STRUCTP(r);
+
        if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
                return NT_STATUS_ACCESS_DENIED;
        }
@@ -1973,8 +2313,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
                return NT_STATUS_ACCOUNT_DISABLED;
        }
 
-       ZERO_STRUCTP(id18);
-       init_sam_user_info18(id18, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass));
+       init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass),
+                             pdb_get_nt_passwd(smbpass));
 
        TALLOC_FREE(smbpass);
 
@@ -1985,10 +2325,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
  get_user_info_20
  *************************************************************************/
 
-static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
+static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo20 *r,
+                                DOM_SID *user_sid)
 {
        struct samu *sampass=NULL;
        bool ret;
+       const char *munged_dial = NULL;
+       const char *munged_dial_decoded = NULL;
+       DATA_BLOB blob;
+
+       ZERO_STRUCTP(r);
 
        if ( !(sampass = samu_new( mem_ctx )) ) {
                return NT_STATUS_NO_MEMORY;
@@ -2000,72 +2347,221 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO
 
        if (ret == False) {
                DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+               TALLOC_FREE(sampass);
                return NT_STATUS_NO_SUCH_USER;
        }
 
+       munged_dial = pdb_get_munged_dial(sampass);
+
        samr_clear_sam_passwd(sampass);
 
        DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
 
-       ZERO_STRUCTP(id20);
-       init_sam_user_info20A(id20, sampass);
+       if (munged_dial) {
+               blob = base64_decode_data_blob(munged_dial);
+               munged_dial_decoded = talloc_strndup(mem_ctx,
+                                                    (const char *)blob.data,
+                                                    blob.length);
+               data_blob_free(&blob);
+               if (!munged_dial_decoded) {
+                       TALLOC_FREE(sampass);
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+
+#if 0
+       init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
+       init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+       data_blob_free(&blob);
+#endif
+       init_samr_user_info20(r, munged_dial_decoded);
 
        TALLOC_FREE(sampass);
 
        return NT_STATUS_OK;
 }
 
+
 /*************************************************************************
  get_user_info_21
  *************************************************************************/
 
-static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
-                                DOM_SID *user_sid, DOM_SID *domain_sid)
-{
-       struct samu *sampass=NULL;
-       bool ret;
-       NTSTATUS nt_status;
-
-       if ( !(sampass = samu_new( mem_ctx )) ) {
+static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo21 *r,
+                                DOM_SID *user_sid,
+                                DOM_SID *domain_sid)
+{
+       struct samu *pw = NULL;
+       bool ret;
+       const DOM_SID *sid_user, *sid_group;
+       uint32_t rid, primary_gid;
+       NTTIME last_logon, last_logoff, last_password_change,
+              acct_expiry, allow_password_change, force_password_change;
+       time_t must_change_time;
+       uint8_t password_expired;
+       const char *account_name, *full_name, *home_directory, *home_drive,
+                  *logon_script, *profile_path, *description,
+                  *workstations, *comment, *parameters;
+       struct samr_LogonHours logon_hours;
+       const char *munged_dial = NULL;
+       DATA_BLOB blob;
+
+       ZERO_STRUCTP(r);
+
+       if (!(pw = samu_new(mem_ctx))) {
                return NT_STATUS_NO_MEMORY;
        }
 
        become_root();
-       ret = pdb_getsampwsid(sampass, user_sid);
+       ret = pdb_getsampwsid(pw, user_sid);
        unbecome_root();
 
        if (ret == False) {
                DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+               TALLOC_FREE(pw);
                return NT_STATUS_NO_SUCH_USER;
        }
 
-       samr_clear_sam_passwd(sampass);
+       samr_clear_sam_passwd(pw);
 
-       DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
+       DEBUG(3,("User:[%s]\n", pdb_get_username(pw)));
 
-       ZERO_STRUCTP(id21);
-       nt_status = init_sam_user_info21A(id21, sampass, domain_sid);
+       sid_user = pdb_get_user_sid(pw);
 
-       TALLOC_FREE(sampass);
+       if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
+               DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with "
+                         "the domain sid %s.  Failing operation.\n",
+                         pdb_get_username(pw), sid_string_dbg(sid_user),
+                         sid_string_dbg(domain_sid)));
+               TALLOC_FREE(pw);
+               return NT_STATUS_UNSUCCESSFUL;
+       }
 
-       return nt_status;
+       become_root();
+       sid_group = pdb_get_group_sid(pw);
+       unbecome_root();
+
+       if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+               DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n"
+                         "which conflicts with the domain sid %s.  Failing operation.\n",
+                         pdb_get_username(pw), sid_string_dbg(sid_group),
+                         sid_string_dbg(domain_sid)));
+               TALLOC_FREE(pw);
+               return NT_STATUS_UNSUCCESSFUL;
+       }
+
+       unix_to_nt_time(&last_logon, pdb_get_logon_time(pw));
+       unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw));
+       unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw));
+       unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw));
+       unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(pw));
+
+       must_change_time = pdb_get_pass_must_change_time(pw);
+       if (must_change_time == get_time_t_max()) {
+               unix_to_nt_time_abs(&force_password_change, must_change_time);
+       } else {
+               unix_to_nt_time(&force_password_change, must_change_time);
+       }
+
+       if (pdb_get_pass_must_change_time(pw) == 0) {
+               password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON;
+       } else {
+               password_expired = 0;
+       }
+
+       munged_dial = pdb_get_munged_dial(pw);
+       if (munged_dial) {
+               blob = base64_decode_data_blob(munged_dial);
+               parameters = talloc_strndup(mem_ctx, (const char *)blob.data, blob.length);
+               data_blob_free(&blob);
+               if (!parameters) {
+                       TALLOC_FREE(pw);
+                       return NT_STATUS_NO_MEMORY;
+               }
+       } else {
+               parameters = NULL;
+       }
+
+
+       account_name = talloc_strdup(mem_ctx, pdb_get_username(pw));
+       full_name = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
+       home_directory = talloc_strdup(mem_ctx, pdb_get_homedir(pw));
+       home_drive = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw));
+       logon_script = talloc_strdup(mem_ctx, pdb_get_logon_script(pw));
+       profile_path = talloc_strdup(mem_ctx, pdb_get_profile_path(pw));
+       description = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw));
+       workstations = talloc_strdup(mem_ctx, pdb_get_workstations(pw));
+       comment = talloc_strdup(mem_ctx, pdb_get_comment(pw));
+
+       logon_hours = get_logon_hours_from_pdb(mem_ctx, pw);
+#if 0
+
+       /*
+         Look at a user on a real NT4 PDC with usrmgr, press
+         'ok'. Then you will see that fields_present is set to
+         0x08f827fa. Look at the user immediately after that again,
+         and you will see that 0x00fffff is returned. This solves
+         the problem that you get access denied after having looked
+         at the user.
+         -- Volker
+       */
+
+#if 0
+       init_unistr2_from_datablob(&usr->uni_munged_dial, &munged_dial_blob);
+       init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+       data_blob_free(&munged_dial_blob);
+#endif
+#endif
+
+       init_samr_user_info21(r,
+                             last_logon,
+                             last_logoff,
+                             last_password_change,
+                             acct_expiry,
+                             allow_password_change,
+                             force_password_change,
+                             account_name,
+                             full_name,
+                             home_directory,
+                             home_drive,
+                             logon_script,
+                             profile_path,
+                             description,
+                             workstations,
+                             comment,
+                             parameters,
+                             rid,
+                             primary_gid,
+                             pdb_get_acct_ctrl(pw),
+                             pdb_build_fields_present(pw),
+                             logon_hours,
+                             pdb_get_bad_password_count(pw),
+                             pdb_get_logon_count(pw),
+                             0, /* country_code */
+                             0, /* code_page */
+                             0, /* nt_password_set */
+                             0, /* lm_password_set */
+                             password_expired);
+       TALLOC_FREE(pw);
+
+       return NT_STATUS_OK;
 }
 
 /*******************************************************************
- _samr_query_userinfo
+ _samr_QueryUserInfo
  ********************************************************************/
 
-NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u)
+NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
+                            struct samr_QueryUserInfo *r)
 {
-       SAM_USERINFO_CTR *ctr;
+       NTSTATUS status;
+       union samr_UserInfo *user_info = NULL;
        struct samr_info *info = NULL;
        DOM_SID domain_sid;
        uint32 rid;
 
-       r_u->status=NT_STATUS_OK;
-
        /* search for the handle */
-       if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+       if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
        domain_sid = info->sid;
@@ -2075,94 +2571,81 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
        if (!sid_check_is_in_our_domain(&info->sid))
                return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-       DEBUG(5,("_samr_query_userinfo: sid:%s\n",
+       DEBUG(5,("_samr_QueryUserInfo: sid:%s\n",
                 sid_string_dbg(&info->sid)));
 
-       ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
-       if (!ctr)
+       user_info = TALLOC_ZERO_P(p->mem_ctx, union samr_UserInfo);
+       if (!user_info) {
                return NT_STATUS_NO_MEMORY;
+       }
 
-       ZERO_STRUCTP(ctr);
-
-       /* ok!  user info levels (lots: see MSDEV help), off we go... */
-       ctr->switch_value = q_u->switch_value;
-
-       DEBUG(5,("_samr_query_userinfo: user info level: %d\n", q_u->switch_value));
+       DEBUG(5,("_samr_QueryUserInfo: user info level: %d\n", r->in.level));
 
-       switch (q_u->switch_value) {
+       switch (r->in.level) {
        case 7:
-               ctr->info.id7 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_7);
-               if (ctr->info.id7 == NULL)
-                       return NT_STATUS_NO_MEMORY;
-
-               if (!NT_STATUS_IS_OK(r_u->status = get_user_info_7(p->mem_ctx, ctr->info.id7, &info->sid)))
-                       return r_u->status;
+               status = get_user_info_7(p->mem_ctx, &user_info->info7, &info->sid);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
        case 9:
-               ctr->info.id9 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_9);
-               if (ctr->info.id9 == NULL)
-                       return NT_STATUS_NO_MEMORY;
-
-               if (!NT_STATUS_IS_OK(r_u->status = get_user_info_9(p->mem_ctx, ctr->info.id9, &info->sid)))
-                       return r_u->status;
+               status = get_user_info_9(p->mem_ctx, &user_info->info9, &info->sid);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
        case 16:
-               ctr->info.id16 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_16);
-               if (ctr->info.id16 == NULL)
-                       return NT_STATUS_NO_MEMORY;
-
-               if (!NT_STATUS_IS_OK(r_u->status = get_user_info_16(p->mem_ctx, ctr->info.id16, &info->sid)))
-                       return r_u->status;
+               status = get_user_info_16(p->mem_ctx, &user_info->info16, &info->sid);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
 
        case 18:
-               ctr->info.id18 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_18);
-               if (ctr->info.id18 == NULL)
-                       return NT_STATUS_NO_MEMORY;
-
-               if (!NT_STATUS_IS_OK(r_u->status = get_user_info_18(p, p->mem_ctx, ctr->info.id18, &info->sid)))
-                       return r_u->status;
+               status = get_user_info_18(p, p->mem_ctx, &user_info->info18, &info->sid);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
 
        case 20:
-               ctr->info.id20 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_20);
-               if (ctr->info.id20 == NULL)
-                       return NT_STATUS_NO_MEMORY;
-               if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid)))
-                       return r_u->status;
+               status = get_user_info_20(p->mem_ctx, &user_info->info20, &info->sid);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
 
        case 21:
-               ctr->info.id21 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_21);
-               if (ctr->info.id21 == NULL)
-                       return NT_STATUS_NO_MEMORY;
-               if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21,
-                                                                   &info->sid, &domain_sid)))
-                       return r_u->status;
+               status = get_user_info_21(p->mem_ctx, &user_info->info21,
+                                         &info->sid, &domain_sid);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
                break;
 
        default:
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
-       init_samr_r_query_userinfo(r_u, ctr, r_u->status);
+       *r->out.info = user_info;
 
-       DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__));
+       DEBUG(5,("_samr_QueryUserInfo: %d\n", __LINE__));
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
- samr_reply_query_usergroups
+ _samr_GetGroupsForUser
  ********************************************************************/
 
-NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u)
+NTSTATUS _samr_GetGroupsForUser(pipes_struct *p,
+                               struct samr_GetGroupsForUser *r)
 {
        struct samu *sam_pass=NULL;
        DOM_SID  sid;
        DOM_SID *sids;
-       DOM_GID dom_gid;
-       DOM_GID *gids = NULL;
+       struct samr_RidWithAttribute dom_gid;
+       struct samr_RidWithAttribute *gids = NULL;
        uint32 primary_group_rid;
        size_t num_groups = 0;
        gid_t *unix_gids;
@@ -2172,6 +2655,8 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
        NTSTATUS result;
        bool success = False;
 
+       struct samr_RidWithAttributeArray *rids = NULL;
+
        /*
         * from the SID in the request:
         * we should send back the list of DOMAIN GROUPS
@@ -2184,16 +2669,22 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
         * JFM, 12/2/2001
         */
 
-       r_u->status = NT_STATUS_OK;
+       DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
 
-       DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+       rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidWithAttributeArray);
+       if (!rids) {
+               return NT_STATUS_NO_MEMORY;
+       }
 
        /* find the policy handle.  open a policy on it. */
-       if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
+       if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &sid, &acc_granted, NULL))
                return NT_STATUS_INVALID_HANDLE;
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) {
-               return r_u->status;
+       result = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_USER_GET_GROUPS,
+                                           "_samr_GetGroupsForUser");
+       if (!NT_STATUS_IS_OK(result)) {
+               return result;
        }
 
        if (!sid_check_is_in_our_domain(&sid))
@@ -2243,36 +2734,38 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
        gids = NULL;
        num_gids = 0;
 
-       dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
-                       SE_GROUP_ENABLED);
-       dom_gid.g_rid = primary_group_rid;
-       ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
+       dom_gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+                             SE_GROUP_ENABLED);
+       dom_gid.rid = primary_group_rid;
+       ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
 
        for (i=0; i<num_groups; i++) {
 
                if (!sid_peek_check_rid(get_global_sam_sid(),
-                                       &(sids[i]), &dom_gid.g_rid)) {
+                                       &(sids[i]), &dom_gid.rid)) {
                        DEBUG(10, ("Found sid %s not in our domain\n",
                                   sid_string_dbg(&sids[i])));
                        continue;
                }
 
-               if (dom_gid.g_rid == primary_group_rid) {
+               if (dom_gid.rid == primary_group_rid) {
                        /* We added the primary group directly from the
                         * sam_account. The other SIDs are unique from
                         * enum_group_memberships */
                        continue;
                }
 
-               ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
+               ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
        }
 
-       /* construct the response.  lkclXXXX: gids are not copied! */
-       init_samr_r_query_usergroups(r_u, num_gids, gids, r_u->status);
+       rids->count = num_gids;
+       rids->rids = gids;
+
+       *r->out.rids = rids;
 
-       DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+       DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
 
-       return r_u->status;
+       return result;
 }
 
 /*******************************************************************
@@ -2887,6 +3380,7 @@ NTSTATUS _samr_Connect5(pipes_struct *p,
 /**********************************************************************
  _samr_LookupDomain
  **********************************************************************/
+
 NTSTATUS _samr_LookupDomain(pipes_struct *p,
                            struct samr_LookupDomain *r)
 {
@@ -2931,74 +3425,54 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
        return status;
 }
 
-/******************************************************************
-makes a SAMR_R_ENUM_DOMAINS structure.
-********************************************************************/
-
-static bool make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
-                       UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[])
-{
-       uint32 i;
-       SAM_ENTRY *sam;
-       UNISTR2 *uni_name;
-
-       DEBUG(5, ("make_enum_domains\n"));
-
-       *pp_sam = NULL;
-       *pp_uni_name = NULL;
-
-       if (num_sam_entries == 0)
-               return True;
-
-       sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
-       uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
-
-       if (sam == NULL || uni_name == NULL)
-               return False;
-
-       for (i = 0; i < num_sam_entries; i++) {
-               init_unistr2(&uni_name[i], doms[i], UNI_FLAGS_NONE);
-               init_sam_entry(&sam[i], &uni_name[i], 0);
-       }
-
-       *pp_sam = sam;
-       *pp_uni_name = uni_name;
-
-       return True;
-}
-
 /**********************************************************************
api_samr_enum_domains
_samr_EnumDomains
  **********************************************************************/
 
-NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_ENUM_DOMAINS *r_u)
+NTSTATUS _samr_EnumDomains(pipes_struct *p,
+                          struct samr_EnumDomains *r)
 {
+       NTSTATUS status;
        struct samr_info *info;
-       uint32 num_entries = 2;
-       fstring dom[2];
-       const char *name;
+       uint32_t num_entries = 2;
+       struct samr_SamEntry *entry_array = NULL;
+       struct samr_SamArray *sam;
 
-       r_u->status = NT_STATUS_OK;
-
-       if (!find_policy_by_hnd(p, &q_u->pol, (void**)(void *)&info))
+       if (!find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) {
-               return r_u->status;
+       status = access_check_samr_function(info->acc_granted,
+                                           SA_RIGHT_SAM_ENUM_DOMAINS,
+                                           "_samr_EnumDomains");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
-       name = get_global_sam_name();
-
-       fstrcpy(dom[0],name);
-       strupper_m(dom[0]);
-       fstrcpy(dom[1],"Builtin");
+       sam = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+       if (!sam) {
+               return NT_STATUS_NO_MEMORY;
+       }
 
-       if (!make_enum_domains(p->mem_ctx, &r_u->sam, &r_u->uni_dom_name, num_entries, dom))
+       entry_array = TALLOC_ZERO_ARRAY(p->mem_ctx,
+                                       struct samr_SamEntry,
+                                       num_entries);
+       if (!entry_array) {
                return NT_STATUS_NO_MEMORY;
+       }
+
+       entry_array[0].idx = 0;
+       init_lsa_String(&entry_array[0].name, get_global_sam_name());
+
+       entry_array[1].idx = 1;
+       init_lsa_String(&entry_array[1].name, "Builtin");
+
+       sam->count = num_entries;
+       sam->entries = entry_array;
 
-       init_samr_r_enum_domains(r_u, q_u->start_idx + num_entries, num_entries);
+       *r->out.sam = sam;
+       *r->out.num_entries = num_entries;
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
@@ -3026,7 +3500,8 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
                return NT_STATUS_INVALID_HANDLE;
 
        status = access_check_samr_function(acc_granted,
-               SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenAlias");
+                                           SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+                                           "_samr_OpenAlias");
 
        if ( !NT_STATUS_IS_OK(status) )
                return status;
@@ -3089,10 +3564,11 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
 /*******************************************************************
  set_user_info_7
  ********************************************************************/
+
 static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
-                               const SAM_USER_INFO_7 *id7, struct samu *pwd)
+                               struct samr_UserInfo7 *id7,
+                               struct samu *pwd)
 {
-       fstring new_name;
        NTSTATUS rc;
 
        if (id7 == NULL) {
@@ -3101,7 +3577,7 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       if(!rpcstr_pull(new_name, id7->uni_name.buffer, sizeof(new_name), id7->uni_name.uni_str_len*2, 0)) {
+       if (!id7->account_name.string) {
                DEBUG(5, ("set_user_info_7: failed to get new username\n"));
                TALLOC_FREE(pwd);
                return NT_STATUS_ACCESS_DENIED;
@@ -3116,12 +3592,12 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
           simply that the rename fails with a slightly different status
           code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
 
-       rc = can_create(mem_ctx, new_name);
+       rc = can_create(mem_ctx, id7->account_name.string);
        if (!NT_STATUS_IS_OK(rc)) {
                return rc;
        }
 
-       rc = pdb_rename_sam_account(pwd, new_name);
+       rc = pdb_rename_sam_account(pwd, id7->account_name.string);
 
        TALLOC_FREE(pwd);
        return rc;
@@ -3131,7 +3607,8 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
  set_user_info_16
  ********************************************************************/
 
-static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
+static bool set_user_info_16(struct samr_UserInfo16 *id16,
+                            struct samu *pwd)
 {
        if (id16 == NULL) {
                DEBUG(5, ("set_user_info_16: NULL id16\n"));
@@ -3140,7 +3617,7 @@ static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
        }
 
        /* FIX ME: check if the value is really changed --metze */
-       if (!pdb_set_acct_ctrl(pwd, id16->acb_info, PDB_CHANGED)) {
+       if (!pdb_set_acct_ctrl(pwd, id16->acct_flags, PDB_CHANGED)) {
                TALLOC_FREE(pwd);
                return False;
        }
@@ -3159,20 +3636,20 @@ static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
  set_user_info_18
  ********************************************************************/
 
-static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
+static bool set_user_info_18(struct samr_UserInfo18 *id18,
+                            struct samu *pwd)
 {
-
        if (id18 == NULL) {
                DEBUG(2, ("set_user_info_18: id18 is NULL\n"));
                TALLOC_FREE(pwd);
                return False;
        }
 
-       if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd, PDB_CHANGED)) {
+       if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) {
                TALLOC_FREE(pwd);
                return False;
        }
-       if (!pdb_set_nt_passwd     (pwd, id18->nt_pwd, PDB_CHANGED)) {
+       if (!pdb_set_nt_passwd     (pwd, id18->nt_pwd.hash, PDB_CHANGED)) {
                TALLOC_FREE(pwd);
                return False;
        }
@@ -3194,7 +3671,8 @@ static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
  set_user_info_20
  ********************************************************************/
 
-static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
+static bool set_user_info_20(struct samr_UserInfo20 *id20,
+                            struct samu *pwd)
 {
        if (id20 == NULL) {
                DEBUG(5, ("set_user_info_20: NULL id20\n"));
@@ -3213,14 +3691,15 @@ static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
 
        return True;
 }
+
 /*******************************************************************
  set_user_info_21
  ********************************************************************/
 
-static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
+static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo21 *id21,
                                 struct samu *pwd)
 {
-       fstring new_name;
        NTSTATUS status;
 
        if (id21 == NULL) {
@@ -3230,9 +3709,8 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
 
        /* we need to separately check for an account rename first */
 
-       if (rpcstr_pull(new_name, id21->uni_user_name.buffer,
-               sizeof(new_name), id21->uni_user_name.uni_str_len*2, 0)
-               && (!strequal(new_name, pdb_get_username(pwd))))
+       if (id21->account_name.string &&
+           (!strequal(id21->account_name.string, pdb_get_username(pwd))))
        {
 
                /* check to see if the new username already exists.  Note: we can't
@@ -3244,12 +3722,12 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
                   simply that the rename fails with a slightly different status
                   code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
 
-               status = can_create(mem_ctx, new_name);
+               status = can_create(mem_ctx, id21->account_name.string);
                if (!NT_STATUS_IS_OK(status)) {
                        return status;
                }
 
-               status = pdb_rename_sam_account(pwd, new_name);
+               status = pdb_rename_sam_account(pwd, id21->account_name.string);
 
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0,("set_user_info_21: failed to rename account: %s\n",
@@ -3260,10 +3738,10 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
 
                /* set the new username so that later
                   functions can work on the new account */
-               pdb_set_username(pwd, new_name, PDB_SET);
+               pdb_set_username(pwd, id21->account_name.string, PDB_SET);
        }
 
-       copy_id21_to_sam_passwd(pwd, id21);
+       copy_id21_to_sam_passwd("INFO_21", pwd, id21);
 
        /*
         * The funny part about the previous two calls is
@@ -3298,7 +3776,8 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
  set_user_info_23
  ********************************************************************/
 
-static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
+static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo23 *id23,
                                 struct samu *pwd)
 {
        char *plaintext_buf = NULL;
@@ -3317,7 +3796,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
        acct_ctrl = pdb_get_acct_ctrl(pwd);
 
        if (!decode_pw_buffer(mem_ctx,
-                               id23->pass,
+                               id23->password.data,
                                &plaintext_buf,
                                &len,
                                STR_UNICODE)) {
@@ -3465,7 +3944,8 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
  set_user_info_25
  ********************************************************************/
 
-static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
+static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
+                                struct samr_UserInfo25 *id25,
                                 struct samu *pwd)
 {
        NTSTATUS status;
@@ -3505,30 +3985,33 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
 }
 
 /*******************************************************************
- samr_reply_set_userinfo
+ samr_SetUserInfo_internal
  ********************************************************************/
 
-NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u)
+static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
+                                         pipes_struct *p,
+                                         struct policy_handle *user_handle,
+                                         uint16_t level,
+                                         union samr_UserInfo *info)
 {
+       NTSTATUS status;
        struct samu *pwd = NULL;
        DOM_SID sid;
-       POLICY_HND *pol = &q_u->pol;
-       uint16 switch_value = q_u->switch_value;
-       SAM_USERINFO_CTR *ctr = q_u->ctr;
-       uint32 acc_granted;
-       uint32 acc_required;
+       POLICY_HND *pol = user_handle;
+       uint16_t switch_value = level;
+       uint32_t acc_granted;
+       uint32_t acc_required;
        bool ret;
        bool has_enough_rights = False;
-       uint32 acb_info;
+       uint32_t acb_info;
        DISP_INFO *disp_info = NULL;
 
-       DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
-
-       r_u->status = NT_STATUS_OK;
+       DEBUG(5,("%s: %d\n", fn_name, __LINE__));
 
        /* find the policy handle.  open a policy on it. */
-       if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info))
+       if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info)) {
                return NT_STATUS_INVALID_HANDLE;
+       }
 
        /* This is tricky.  A WinXP domain join sets
          (SA_RIGHT_USER_SET_PASSWORD|SA_RIGHT_USER_SET_ATTRIBUTES|SA_RIGHT_USER_ACCT_FLAGS_EXPIRY)
@@ -3545,23 +4028,28 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
                acc_required = SA_RIGHT_USER_SET_PASSWORD;
                break;
        default:
-               acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
+               acc_required = SA_RIGHT_USER_SET_PASSWORD |
+                              SA_RIGHT_USER_SET_ATTRIBUTES |
+                              SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
                break;
        }
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) {
-               return r_u->status;
+       status = access_check_samr_function(acc_granted,
+                                           acc_required,
+                                           fn_name);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
-       DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n",
-                 sid_string_dbg(&sid), switch_value));
+       DEBUG(5, ("%s: sid:%s, level:%d\n",
+                 fn_name, sid_string_dbg(&sid), switch_value));
 
-       if (ctr == NULL) {
-               DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
+       if (info == NULL) {
+               DEBUG(5, ("%s: NULL info level\n", fn_name));
                return NT_STATUS_INVALID_INFO_CLASS;
        }
 
-       if ( !(pwd = samu_new( NULL )) ) {
+       if (!(pwd = samu_new(NULL))) {
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -3569,7 +4057,7 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
        ret = pdb_getsampwsid(pwd, &sid);
        unbecome_root();
 
-       if ( !ret ) {
+       if (!ret) {
                TALLOC_FREE(pwd);
                return NT_STATUS_NO_SUCH_USER;
        }
@@ -3578,244 +4066,169 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
        /* check to see if we have the sufficient rights */
 
        acb_info = pdb_get_acct_ctrl(pwd);
-       if ( acb_info & ACB_WSTRUST )
-               has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account);
-       else if ( acb_info & ACB_NORMAL )
-               has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
-       else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) {
-               if ( lp_enable_privileges() )
-                       has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
+       if (acb_info & ACB_WSTRUST)
+               has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+                                                       &se_machine_account);
+       else if (acb_info & ACB_NORMAL)
+               has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+                                                       &se_add_users);
+       else if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
+               if (lp_enable_privileges()) {
+                       has_enough_rights = nt_token_check_domain_rid(p->pipe_user.nt_user_token,
+                                                                     DOMAIN_GROUP_RID_ADMINS);
+               }
        }
 
-       DEBUG(5, ("_samr_set_userinfo: %s does%s possess sufficient rights\n",
+       DEBUG(5, ("%s: %s does%s possess sufficient rights\n",
+                 fn_name,
                  uidtoname(p->pipe_user.ut.uid),
                  has_enough_rights ? "" : " not"));
 
        /* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
 
-       if ( has_enough_rights )
+       if (has_enough_rights) {
                become_root();
+       }
 
        /* ok!  user info levels (lots: see MSDEV help), off we go... */
 
        switch (switch_value) {
+
+               case 7:
+                       status = set_user_info_7(p->mem_ctx,
+                                                &info->info7, pwd);
+                       break;
+
+               case 16:
+                       if (!set_user_info_16(&info->info16, pwd)) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                       }
+                       break;
+
                case 18:
-                       if (!set_user_info_18(ctr->info.id18, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
+                       /* Used by AS/U JRA. */
+                       if (!set_user_info_18(&info->info18, pwd)) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                       }
                        break;
 
-               case 24:
+               case 20:
+                       if (!set_user_info_20(&info->info20, pwd)) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                       }
+                       break;
+
+               case 21:
+                       status = set_user_info_21(p->mem_ctx,
+                                                 &info->info21, pwd);
+                       break;
+
+               case 23:
                        if (!p->session_key.length) {
-                               r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+                               status = NT_STATUS_NO_USER_SESSION_KEY;
                        }
-                       SamOEMhashBlob(ctr->info.id24->pass, 516, &p->session_key);
+                       SamOEMhashBlob(info->info23.password.data, 516,
+                                      &p->session_key);
 
-                       dump_data(100, ctr->info.id24->pass, 516);
+                       dump_data(100, info->info23.password.data, 516);
 
-                       if (!set_user_info_pw(ctr->info.id24->pass, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
+                       status = set_user_info_23(p->mem_ctx,
+                                                 &info->info23, pwd);
                        break;
 
-               case 25:
+               case 24:
                        if (!p->session_key.length) {
-                               r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+                               status = NT_STATUS_NO_USER_SESSION_KEY;
                        }
-                       encode_or_decode_arc4_passwd_buffer(ctr->info.id25->pass, &p->session_key);
+                       SamOEMhashBlob(info->info24.password.data,
+                                      516,
+                                      &p->session_key);
 
-                       dump_data(100, ctr->info.id25->pass, 532);
+                       dump_data(100, info->info24.password.data, 516);
 
-                       r_u->status = set_user_info_25(p->mem_ctx,
-                                                      ctr->info.id25, pwd);
-                       if (!NT_STATUS_IS_OK(r_u->status)) {
-                               goto done;
+                       if (!set_user_info_pw(info->info24.password.data, pwd)) {
+                               status = NT_STATUS_ACCESS_DENIED;
                        }
-                       if (!set_user_info_pw(ctr->info.id25->pass, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
                        break;
 
-               case 26:
+               case 25:
                        if (!p->session_key.length) {
-                               r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+                               status = NT_STATUS_NO_USER_SESSION_KEY;
                        }
-                       encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
+                       encode_or_decode_arc4_passwd_buffer(info->info25.password.data,
+                                                           &p->session_key);
 
-                       dump_data(100, ctr->info.id26->pass, 516);
+                       dump_data(100, info->info25.password.data, 532);
 
-                       if (!set_user_info_pw(ctr->info.id26->pass, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
+                       status = set_user_info_25(p->mem_ctx,
+                                                 &info->info25, pwd);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               goto done;
+                       }
+                       if (!set_user_info_pw(info->info25.password.data, pwd)) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                       }
                        break;
 
-               case 23:
+               case 26:
                        if (!p->session_key.length) {
-                               r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+                               status = NT_STATUS_NO_USER_SESSION_KEY;
                        }
-                       SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
+                       encode_or_decode_arc4_passwd_buffer(info->info26.password.data,
+                                                           &p->session_key);
 
-                       dump_data(100, ctr->info.id23->pass, 516);
+                       dump_data(100, info->info26.password.data, 516);
 
-                       r_u->status = set_user_info_23(p->mem_ctx,
-                                                      ctr->info.id23, pwd);
+                       if (!set_user_info_pw(info->info26.password.data, pwd)) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                       }
                        break;
 
                default:
-                       r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+                       status = NT_STATUS_INVALID_INFO_CLASS;
        }
 
  done:
 
-       if ( has_enough_rights )
+       if (has_enough_rights) {
                unbecome_root();
+       }
 
        /* ================ END SeMachineAccountPrivilege BLOCK ================ */
 
-       if (NT_STATUS_IS_OK(r_u->status)) {
+       if (NT_STATUS_IS_OK(status)) {
                force_flush_samr_cache(disp_info);
        }
 
-       return r_u->status;
+       return status;
 }
 
 /*******************************************************************
- samr_reply_set_userinfo2
+ _samr_SetUserInfo
  ********************************************************************/
 
-NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u)
+NTSTATUS _samr_SetUserInfo(pipes_struct *p,
+                          struct samr_SetUserInfo *r)
 {
-       struct samu *pwd = NULL;
-       DOM_SID sid;
-       SAM_USERINFO_CTR *ctr = q_u->ctr;
-       POLICY_HND *pol = &q_u->pol;
-       uint16 switch_value = q_u->switch_value;
-       uint32 acc_granted;
-       uint32 acc_required;
-       bool ret;
-       bool has_enough_rights = False;
-       uint32 acb_info;
-       DISP_INFO *disp_info = NULL;
-
-       DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__));
-
-       r_u->status = NT_STATUS_OK;
-
-       /* find the policy handle.  open a policy on it. */
-       if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info))
-               return NT_STATUS_INVALID_HANDLE;
-
-
-#if 0  /* this really should be applied on a per info level basis   --jerry */
-
-       /* observed when joining XP client to Samba domain */
-       acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
-#else
-       acc_required = SA_RIGHT_USER_SET_ATTRIBUTES;
-#endif
-
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) {
-               return r_u->status;
-       }
-
-       DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n",
-                 sid_string_dbg(&sid)));
-
-       if (ctr == NULL) {
-               DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
-               return NT_STATUS_INVALID_INFO_CLASS;
-       }
-
-       switch_value=ctr->switch_value;
-
-       if ( !(pwd = samu_new( NULL )) ) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       become_root();
-       ret = pdb_getsampwsid(pwd, &sid);
-       unbecome_root();
-
-       if ( !ret ) {
-               TALLOC_FREE(pwd);
-               return NT_STATUS_NO_SUCH_USER;
-       }
-
-       acb_info = pdb_get_acct_ctrl(pwd);
-       if ( acb_info & ACB_WSTRUST )
-               has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account);
-       else if ( acb_info & ACB_NORMAL )
-               has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
-       else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) {
-               if ( lp_enable_privileges() )
-                       has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
-       }
-
-       DEBUG(5, ("_samr_set_userinfo2: %s does%s possess sufficient rights\n",
-                 uidtoname(p->pipe_user.ut.uid),
-                 has_enough_rights ? "" : " not"));
-
-       /* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
-
-       if ( has_enough_rights )
-               become_root();
-
-       /* ok!  user info levels (lots: see MSDEV help), off we go... */
-
-       switch (switch_value) {
-               case 7:
-                       r_u->status = set_user_info_7(p->mem_ctx,
-                                                     ctr->info.id7, pwd);
-                       break;
-               case 16:
-                       if (!set_user_info_16(ctr->info.id16, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
-                       break;
-               case 18:
-                       /* Used by AS/U JRA. */
-                       if (!set_user_info_18(ctr->info.id18, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
-                       break;
-               case 20:
-                       if (!set_user_info_20(ctr->info.id20, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
-                       break;
-               case 21:
-                       r_u->status = set_user_info_21(p->mem_ctx,
-                                                      ctr->info.id21, pwd);
-                       break;
-               case 23:
-                       if (!p->session_key.length) {
-                               r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
-                       }
-                       SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
-
-                       dump_data(100, ctr->info.id23->pass, 516);
-
-                       r_u->status = set_user_info_23(p->mem_ctx,
-                                                      ctr->info.id23, pwd);
-                       break;
-               case 26:
-                       if (!p->session_key.length) {
-                               r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
-                       }
-                       encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
-
-                       dump_data(100, ctr->info.id26->pass, 516);
-
-                       if (!set_user_info_pw(ctr->info.id26->pass, pwd))
-                               r_u->status = NT_STATUS_ACCESS_DENIED;
-                       break;
-               default:
-                       r_u->status = NT_STATUS_INVALID_INFO_CLASS;
-       }
-
-       if ( has_enough_rights )
-               unbecome_root();
-
-       /* ================ END SeMachineAccountPrivilege BLOCK ================ */
+       return samr_SetUserInfo_internal("_samr_SetUserInfo",
+                                        p,
+                                        r->in.user_handle,
+                                        r->in.level,
+                                        r->in.info);
+}
 
-       if (NT_STATUS_IS_OK(r_u->status)) {
-               force_flush_samr_cache(disp_info);
-       }
+/*******************************************************************
+ _samr_SetUserInfo2
+ ********************************************************************/
 
-       return r_u->status;
+NTSTATUS _samr_SetUserInfo2(pipes_struct *p,
+                           struct samr_SetUserInfo2 *r)
+{
+       return samr_SetUserInfo_internal("_samr_SetUserInfo2",
+                                        p,
+                                        r->in.user_handle,
+                                        r->in.level,
+                                        r->in.info);
 }
 
 /*********************************************************************
@@ -3841,8 +4254,12 @@ NTSTATUS _samr_GetAliasMembership(pipes_struct *p,
        if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
                return NT_STATUS_INVALID_HANDLE;
 
-       ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_GetAliasMembership");
-       ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_GetAliasMembership");
+       ntstatus1 = access_check_samr_function(info->acc_granted,
+                                              SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM,
+                                              "_samr_GetAliasMembership");
+       ntstatus2 = access_check_samr_function(info->acc_granted,
+                                              SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+                                              "_samr_GetAliasMembership");
 
        if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) {
                if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) &&
@@ -3907,7 +4324,9 @@ NTSTATUS _samr_GetMembersInAlias(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, NULL))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_GetMembersInAlias");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_ALIAS_GET_MEMBERS,
+                                           "_samr_GetMembersInAlias");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -3973,7 +4392,9 @@ NTSTATUS _samr_QueryGroupMember(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_QueryGroupMember");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_GROUP_GET_MEMBERS,
+                                           "_samr_QueryGroupMember");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4035,7 +4456,9 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_AddAliasMember");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_ALIAS_ADD_MEMBER,
+                                           "_samr_AddAliasMember");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4082,7 +4505,9 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_DeleteAliasMember");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_ALIAS_REMOVE_MEMBER,
+                                           "_samr_DeleteAliasMember");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4131,7 +4556,9 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_AddGroupMember");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_GROUP_ADD_MEMBER,
+                                           "_samr_AddGroupMember");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4189,7 +4616,9 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_DeleteGroupMember");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_GROUP_REMOVE_MEMBER,
+                                           "_samr_DeleteGroupMember");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4241,7 +4670,9 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &user_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteUser");
+       status = access_check_samr_function(acc_granted,
+                                           STD_RIGHT_DELETE_ACCESS,
+                                           "_samr_DeleteUser");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4326,7 +4757,9 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomainGroup");
+       status = access_check_samr_function(acc_granted,
+                                           STD_RIGHT_DELETE_ACCESS,
+                                           "_samr_DeleteDomainGroup");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4393,7 +4826,9 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
 
        memcpy(r->out.alias_handle, r->in.alias_handle, sizeof(r->out.alias_handle));
 
-       status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_DeleteDomAlias");
+       status = access_check_samr_function(acc_granted,
+                                           STD_RIGHT_DELETE_ACCESS,
+                                           "_samr_DeleteDomAlias");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4460,7 +4895,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_CreateDomainGroup");
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_DOMAIN_CREATE_GROUP,
+                                           "_samr_CreateDomainGroup");
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4540,7 +4977,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
        if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       result = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_CreateDomAlias");
+       result = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_DOMAIN_CREATE_ALIAS,
+                                           "_samr_CreateDomAlias");
        if (!NT_STATUS_IS_OK(result)) {
                return result;
        }
@@ -4609,25 +5048,32 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
 }
 
 /*********************************************************************
- _samr_query_groupinfo
-
-sends the name/comment pair of a domain group
-level 1 send also the number of users of that group
+ _samr_QueryGroupInfo
 *********************************************************************/
 
-NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u)
+NTSTATUS _samr_QueryGroupInfo(pipes_struct *p,
+                             struct samr_QueryGroupInfo *r)
 {
+       NTSTATUS status;
        DOM_SID group_sid;
        GROUP_MAP map;
-       GROUP_INFO_CTR *ctr;
+       union samr_GroupInfo *info = NULL;
        uint32 acc_granted;
        bool ret;
+       uint32_t attributes = SE_GROUP_MANDATORY |
+                             SE_GROUP_ENABLED_BY_DEFAULT |
+                             SE_GROUP_ENABLED;
+       const char *group_name = NULL;
+       const char *group_description = NULL;
 
-       if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, NULL))
+       if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
                return NT_STATUS_INVALID_HANDLE;
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) {
-               return r_u->status;
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_GROUP_LOOKUP_INFO,
+                                           "_samr_QueryGroupInfo");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
        become_root();
@@ -4636,41 +5082,47 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM
        if (!ret)
                return NT_STATUS_INVALID_HANDLE;
 
-       ctr=TALLOC_ZERO_P(p->mem_ctx, GROUP_INFO_CTR);
-       if (ctr==NULL)
+       /* FIXME: map contains fstrings */
+       group_name = talloc_strdup(r, map.nt_name);
+       group_description = talloc_strdup(r, map.comment);
+
+       info = TALLOC_ZERO_P(p->mem_ctx, union samr_GroupInfo);
+       if (!info) {
                return NT_STATUS_NO_MEMORY;
+       }
 
-       switch (q_u->switch_level) {
+       switch (r->in.level) {
                case 1: {
                        uint32 *members;
                        size_t num_members;
 
-                       ctr->switch_value1 = 1;
-
                        become_root();
-                       r_u->status = pdb_enum_group_members(
+                       status = pdb_enum_group_members(
                                p->mem_ctx, &group_sid, &members, &num_members);
                        unbecome_root();
 
-                       if (!NT_STATUS_IS_OK(r_u->status)) {
-                               return r_u->status;
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return status;
                        }
 
-                       init_samr_group_info1(&ctr->group.info1, map.nt_name,
-                                     map.comment, num_members);
+                       init_samr_group_info1(&info->all,
+                                             group_name,
+                                             attributes,
+                                             num_members,
+                                             group_description);
                        break;
                }
                case 2:
-                       ctr->switch_value1 = 2;
-                       init_samr_group_info2(&ctr->group.info2, map.nt_name);
+                       init_samr_group_info2(&info->name,
+                                             group_name);
                        break;
                case 3:
-                       ctr->switch_value1 = 3;
-                       init_samr_group_info3(&ctr->group.info3);
+                       init_samr_group_info3(&info->attributes,
+                                             attributes);
                        break;
                case 4:
-                       ctr->switch_value1 = 4;
-                       init_samr_group_info4(&ctr->group.info4, map.comment);
+                       init_samr_group_info4(&info->description,
+                                             group_description);
                        break;
                case 5: {
                        /*
@@ -4678,69 +5130,70 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM
                        size_t num_members;
                        */
 
-                       ctr->switch_value1 = 5;
-
                        /*
                        become_root();
-                       r_u->status = pdb_enum_group_members(
+                       status = pdb_enum_group_members(
                                p->mem_ctx, &group_sid, &members, &num_members);
                        unbecome_root();
 
-                       if (!NT_STATUS_IS_OK(r_u->status)) {
-                               return r_u->status;
+                       if (!NT_STATUS_IS_OK(status)) {
+                               return status;
                        }
                        */
-                       init_samr_group_info5(&ctr->group.info5, map.nt_name,
-                                     map.comment, 0 /* num_members */); /* in w2k3 this is always 0 */
+                       init_samr_group_info5(&info->all2,
+                                             group_name,
+                                             attributes,
+                                             0, /* num_members - in w2k3 this is always 0 */
+                                             group_description);
+
                        break;
                }
                default:
                        return NT_STATUS_INVALID_INFO_CLASS;
        }
 
-       init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_OK);
+       *r->out.info = info;
 
        return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_set_groupinfo
-
- update a domain group's comment.
+ _samr_SetGroupInfo
 *********************************************************************/
 
-NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u)
+NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
+                           struct samr_SetGroupInfo *r)
 {
        DOM_SID group_sid;
        GROUP_MAP map;
-       GROUP_INFO_CTR *ctr;
        uint32 acc_granted;
-       NTSTATUS ret;
-       bool result;
+       NTSTATUS status;
+       bool ret;
        bool can_mod_accounts;
        DISP_INFO *disp_info = NULL;
 
-       if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
+       if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) {
-               return r_u->status;
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_GROUP_SET_INFO,
+                                           "_samr_SetGroupInfo");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
        become_root();
-       result = get_domain_group_from_sid(group_sid, &map);
+       ret = get_domain_group_from_sid(group_sid, &map);
        unbecome_root();
-       if (!result)
+       if (!ret)
                return NT_STATUS_NO_SUCH_GROUP;
 
-       ctr=q_u->ctr;
-
-       switch (ctr->switch_value1) {
+       switch (r->in.level) {
                case 1:
-                       unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment));
+                       fstrcpy(map.comment, r->in.info->all.description.string);
                        break;
                case 4:
-                       unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment));
+                       fstrcpy(map.comment, r->in.info->description.string);
                        break;
                default:
                        return NT_STATUS_INVALID_INFO_CLASS;
@@ -4753,45 +5206,44 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
        if ( can_mod_accounts )
                become_root();
 
-       ret = pdb_update_group_mapping_entry(&map);
+       status = pdb_update_group_mapping_entry(&map);
 
        if ( can_mod_accounts )
                unbecome_root();
 
        /******** End SeAddUsers BLOCK *********/
 
-       if (NT_STATUS_IS_OK(ret)) {
+       if (NT_STATUS_IS_OK(status)) {
                force_flush_samr_cache(disp_info);
        }
 
-       return ret;
+       return status;
 }
 
 /*********************************************************************
- _samr_set_aliasinfo
-
- update an alias's comment.
+ _samr_SetAliasInfo
 *********************************************************************/
 
-NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u)
+NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
+                           struct samr_SetAliasInfo *r)
 {
        DOM_SID group_sid;
        struct acct_info info;
-       ALIAS_INFO_CTR *ctr;
        uint32 acc_granted;
        bool can_mod_accounts;
        NTSTATUS status;
        DISP_INFO *disp_info = NULL;
 
-       if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted, &disp_info))
+       if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &group_sid, &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) {
-               return r_u->status;
+       status = access_check_samr_function(acc_granted,
+                                           SA_RIGHT_ALIAS_SET_INFO,
+                                           "_samr_SetAliasInfo");
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
-       ctr=&q_u->ctr;
-
        /* get the current group information */
 
        become_root();
@@ -4801,10 +5253,10 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
        if ( !NT_STATUS_IS_OK(status))
                return status;
 
-       switch (ctr->level) {
-               case 2:
+       switch (r->in.level) {
+               case ALIASINFONAME:
                {
-                       fstring group_name, acct_name;
+                       fstring group_name;
 
                        /* We currently do not support renaming groups in the
                           the BUILTIN domain.  Refer to util_builtin.c to understand
@@ -4817,19 +5269,16 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
 
                        /* There has to be a valid name (and it has to be different) */
 
-                       if ( !ctr->alias.info2.name.string )
+                       if ( !r->in.info->name.string )
                                return NT_STATUS_INVALID_PARAMETER;
 
-                       unistr2_to_ascii( acct_name, ctr->alias.info2.name.string,
-                               sizeof(acct_name));
-
                        /* If the name is the same just reply "ok".  Yes this
                           doesn't allow you to change the case of a group name. */
 
-                       if ( strequal( acct_name, info.acct_name ) )
+                       if ( strequal( r->in.info->name.string, info.acct_name ) )
                                return NT_STATUS_OK;
 
-                       fstrcpy( info.acct_name, acct_name );
+                       fstrcpy( info.acct_name, r->in.info->name.string);
 
                        /* make sure the name doesn't already exist as a user
                           or local group */
@@ -4840,14 +5289,13 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
                                return status;
                        break;
                }
-               case 3:
-                       if ( ctr->alias.info3.description.string ) {
-                               unistr2_to_ascii( info.acct_desc,
-                                       ctr->alias.info3.description.string,
-                                       sizeof(info.acct_desc));
-                       }
-                       else
+               case ALIASINFODESCRIPTION:
+                       if (r->in.info->description.string) {
+                               fstrcpy(info.acct_desc,
+                                       r->in.info->description.string);
+                       } else {
                                fstrcpy( info.acct_desc, "" );
+                       }
                        break;
                default:
                        return NT_STATUS_INVALID_INFO_CLASS;
@@ -4920,7 +5368,8 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
                return NT_STATUS_INVALID_HANDLE;
 
        status = access_check_samr_function(acc_granted,
-               SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_OpenGroup");
+                                           SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+                                           "_samr_OpenGroup");
 
        if ( !NT_STATUS_IS_OK(status) )
                return status;
@@ -4991,8 +5440,9 @@ NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p,
                                     &acc_granted, &disp_info))
                return NT_STATUS_INVALID_HANDLE;
 
-       result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS,
-               "_samr_RemoveMemberFromForeignDomain");
+       result = access_check_samr_function(acc_granted,
+                                           STD_RIGHT_DELETE_ACCESS,
+                                           "_samr_RemoveMemberFromForeignDomain");
 
        if (!NT_STATUS_IS_OK(result))
                return result;
@@ -5045,40 +5495,38 @@ NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p,
 }
 
 /*******************************************************************
- _samr_set_dom_info
+ _samr_SetDomainInfo
  ********************************************************************/
 
-NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u)
+NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
+                            struct samr_SetDomainInfo *r)
 {
        time_t u_expire, u_min_age;
        time_t u_logout;
        time_t u_lock_duration, u_reset_time;
 
-       r_u->status = NT_STATUS_OK;
-
-       DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+       DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
 
        /* find the policy handle.  open a policy on it. */
-       if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
+       if (!find_policy_by_hnd(p, r->in.domain_handle, NULL))
                return NT_STATUS_INVALID_HANDLE;
 
-       DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
+       DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level));
 
-       switch (q_u->switch_value) {
+       switch (r->in.level) {
                case 0x01:
-                       u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
-                       u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
-
-                       pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
-                       pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
-                       pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.password_properties);
+                       u_expire=nt_time_to_unix_abs((NTTIME *)&r->in.info->info1.max_password_age);
+                       u_min_age=nt_time_to_unix_abs((NTTIME *)&r->in.info->info1.min_password_age);
+                       pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)r->in.info->info1.min_password_length);
+                       pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)r->in.info->info1.password_history_length);
+                       pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)r->in.info->info1.password_properties);
                        pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
                        pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
                        break;
                case 0x02:
                        break;
                case 0x03:
-                       u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
+                       u_logout=nt_time_to_unix_abs((NTTIME *)&r->in.info->info3.force_logoff_time);
                        pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
                        break;
                case 0x05:
@@ -5088,25 +5536,23 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
                case 0x07:
                        break;
                case 0x0c:
-                       u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration);
+                       u_lock_duration=nt_time_to_unix_abs((NTTIME *)&r->in.info->info12.lockout_duration);
                        if (u_lock_duration != -1)
                                u_lock_duration /= 60;
 
-                       u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count)/60;
+                       u_reset_time=nt_time_to_unix_abs((NTTIME *)&r->in.info->info12.lockout_window)/60;
 
                        pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
                        pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
-                       pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
+                       pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)r->in.info->info12.lockout_threshold);
                        break;
                default:
                        return NT_STATUS_INVALID_INFO_CLASS;
        }
 
-       init_samr_r_set_domain_info(r_u, NT_STATUS_OK);
+       DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
 
-       DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
-
-       return r_u->status;
+       return NT_STATUS_OK;
 }
 
 /****************************************************************
@@ -5122,36 +5568,6 @@ NTSTATUS _samr_Shutdown(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_EnumDomains(pipes_struct *p,
-                          struct samr_EnumDomains *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
-                            struct samr_SetDomainInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
-                               struct samr_EnumDomainGroups *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_CreateUser(pipes_struct *p,
                          struct samr_CreateUser *r)
 {
@@ -5162,66 +5578,6 @@ NTSTATUS _samr_CreateUser(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
-                              struct samr_EnumDomainUsers *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
-                                struct samr_EnumDomainAliases *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_LookupNames(pipes_struct *p,
-                          struct samr_LookupNames *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_LookupRids(pipes_struct *p,
-                         struct samr_LookupRids *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_QueryGroupInfo(pipes_struct *p,
-                             struct samr_QueryGroupInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
-                           struct samr_SetGroupInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
                                          struct samr_SetMemberAttributesOfGroup *r)
 {
@@ -5232,46 +5588,6 @@ NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
-                             struct samr_QueryAliasInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
-                           struct samr_SetAliasInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
-                            struct samr_QueryUserInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_SetUserInfo(pipes_struct *p,
-                          struct samr_SetUserInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
                                  struct samr_ChangePasswordUser *r)
 {
@@ -5282,26 +5598,6 @@ NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_GetGroupsForUser(pipes_struct *p,
-                               struct samr_GetGroupsForUser *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
-NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
-                               struct samr_QueryDisplayInfo *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p,
                                          struct samr_GetDisplayEnumerationIndex *r)
 {
@@ -5342,16 +5638,6 @@ NTSTATUS _samr_QueryUserInfo2(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p,
-                                struct samr_QueryDisplayInfo2 *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p,
                                           struct samr_GetDisplayEnumerationIndex2 *r)
 {
@@ -5362,16 +5648,6 @@ NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p,
-                                struct samr_QueryDisplayInfo3 *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p,
                                         struct samr_AddMultipleMembersToAlias *r)
 {
@@ -5402,16 +5678,6 @@ NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_SetUserInfo2(pipes_struct *p,
-                           struct samr_SetUserInfo2 *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p,
                                     struct samr_SetBootKeyInformation *r)
 {
@@ -5442,16 +5708,6 @@ NTSTATUS _samr_Connect3(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
-                                  struct samr_ChangePasswordUser3 *r)
-{
-       p->rng_fault_state = true;
-       return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_RidToSid(pipes_struct *p,
                        struct samr_RidToSid *r)
 {