This looks like a big change but really isn't.

[nivanova/samba-autobuild/.git] / source / smbd / ipc.c

diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c
index 0354b4ecbe8526f0d6c43797148a49acdac911ed..e3dcda90043df37a25e2cd7d78ed96c41d293fb8 100644 (file)
--- a/source/smbd/ipc.c
+++ b/source/smbd/ipc.c
@@ -2,10 +2,10 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    Inter-process communication and named pipe handling
-   Copyright (C) Andrew Tridgell 1992-1997
+   Copyright (C) Andrew Tridgell 1992-1998
 
    SMB Version handling
-   Copyright (C) John H Terpstra 1995-1997
+   Copyright (C) John H Terpstra 1995-1998
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -27,6 +27,7 @@
    */
 
 #include "includes.h"
+#include "nterr.h"
 
 #ifdef CHECK_TYPES
 #undef CHECK_TYPES
@@ -39,7 +40,7 @@ extern files_struct Files[];
 extern connection_struct Connections[];
 
 extern fstring local_machine;
-extern fstring myworkgroup;
+extern fstring global_myworkgroup;
 
 #define NERR_Success 0
 #define NERR_badpass 86
@@ -62,6 +63,8 @@ extern fstring myworkgroup;
 #define QNLEN 12               /* queue name maximum length */
 
 extern int Client;
+extern int oplock_sock;
+extern int smb_read_error;
 
 static BOOL api_Unsupported(int cnum,uint16 vuid, char *param,char *data,
                            int mdrcnt,int mprcnt,
@@ -129,74 +132,128 @@ static BOOL prefix_ok(char *str,char *prefix)
   return(strncmp(str,prefix,strlen(prefix)) == 0);
 }
 
+/*******************************************************************
+ copies parameters and data, as needed, into the smb buffer
+
+ *both* the data and params sections should be aligned.  this
+ is fudged in the rpc pipes by 
+ at present, only the data section is.  this may be a possible
+ cause of some of the ipc problems being experienced.  lkcl26dec97
+
+ ******************************************************************/
+static void copy_trans_params_and_data(char *outbuf, int align,
+                               struct mem_buf *rparam, struct mem_buf *rdata,
+                               int param_offset, int data_offset,
+                               int param_len, int data_len)
+{
+       char *copy_into = smb_buf(outbuf);
+
+       DEBUG(5,("copy_trans_params_and_data: params[%d..%d] data[%d..%d]\n",
+                       param_offset, param_offset + param_len,
+                       data_offset , data_offset  + data_len));
+
+       if (param_len) mem_buf_copy(copy_into, rparam, param_offset, param_len);
+       copy_into += param_len + align;
+       if (data_len ) mem_buf_copy(copy_into, rdata , data_offset , data_len);
+}
 
 /****************************************************************************
   send a trans reply
   ****************************************************************************/
-static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup,
-                            int ldata,int lparam,int lsetup)
+static void send_trans_reply(char *outbuf,
+                               struct mem_buf *rdata,
+                               struct mem_buf *rparam,
+                               uint16 *setup, int lsetup, int max_data_ret)
 {
-  int i;
-  int this_ldata,this_lparam;
-  int tot_data=0,tot_param=0;
-  int align;
-
-  this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */
-  this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam));
-
-  align = (this_lparam%4);
-
-  set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True);
-  if (this_lparam)
-    memcpy(smb_buf(outbuf),param,this_lparam);
-  if (this_ldata)
-    memcpy(smb_buf(outbuf)+this_lparam+align,data,this_ldata);
-
-  SSVAL(outbuf,smb_vwv0,lparam);
-  SSVAL(outbuf,smb_vwv1,ldata);
-  SSVAL(outbuf,smb_vwv3,this_lparam);
-  SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf));
-  SSVAL(outbuf,smb_vwv5,0);
-  SSVAL(outbuf,smb_vwv6,this_ldata);
-  SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf));
-  SSVAL(outbuf,smb_vwv8,0);
-  SSVAL(outbuf,smb_vwv9,lsetup);
-  for (i=0;i<lsetup;i++)
-    SSVAL(outbuf,smb_vwv10+i*SIZEOFWORD,setup[i]);
-
-  show_msg(outbuf);
-  send_smb(Client,outbuf);
-
-  tot_data = this_ldata;
-  tot_param = this_lparam;
-
-  while (tot_data < ldata || tot_param < lparam)
-    {
-      this_lparam = MIN(lparam-tot_param,max_send - 500); /* hack */
-      this_ldata = MIN(ldata-tot_data,max_send - (500+this_lparam));
+       int i;
+       int this_ldata,this_lparam;
+       int tot_data=0,tot_param=0;
+       int align;
 
-      align = (this_lparam%4);
+       int ldata  = rdata  ? mem_buf_len(rdata ) : 0;
+       int lparam = rparam ? mem_buf_len(rparam) : 0;
 
-      set_message(outbuf,10,this_ldata+this_lparam+align,False);
-      if (this_lparam)
-       memcpy(smb_buf(outbuf),param+tot_param,this_lparam);
-      if (this_ldata)
-       memcpy(smb_buf(outbuf)+this_lparam+align,data+tot_data,this_ldata);
+       BOOL buffer_too_large = max_data_ret ? ldata > max_data_ret : False;
 
-      SSVAL(outbuf,smb_vwv3,this_lparam);
-      SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf));
-      SSVAL(outbuf,smb_vwv5,tot_param);
-      SSVAL(outbuf,smb_vwv6,this_ldata);
-      SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf));
-      SSVAL(outbuf,smb_vwv8,tot_data);
-      SSVAL(outbuf,smb_vwv9,0);
+       if (buffer_too_large)
+       {
+               DEBUG(5,("send_trans_reply: buffer %d too large %d\n", ldata, max_data_ret));
+               ldata = max_data_ret;
+       }
 
-      show_msg(outbuf);
-      send_smb(Client,outbuf);
+       this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */
+       this_ldata  = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam));
 
-      tot_data += this_ldata;
-      tot_param += this_lparam;
-    }
+#ifdef CONFUSE_NETMONITOR_MSRPC_DECODING
+       /* if you don't want Net Monitor to decode your packets, do this!!! */
+       align = ((this_lparam+1)%4);
+#else
+       align = (this_lparam%4);
+#endif
+
+       set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True);
+
+       if (buffer_too_large)
+       {
+               /* issue a buffer size warning.  on a DCE/RPC pipe, expect an SMBreadX... */
+               SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
+               SIVAL(outbuf, smb_rcls, 0x80000000 | NT_STATUS_ACCESS_VIOLATION);
+       }
+
+       copy_trans_params_and_data(outbuf, align,
+                                  rparam     , rdata,
+                                  tot_param  , tot_data,
+                                  this_lparam, this_ldata);
+
+       SSVAL(outbuf,smb_vwv0,lparam);
+       SSVAL(outbuf,smb_vwv1,ldata);
+       SSVAL(outbuf,smb_vwv3,this_lparam);
+       SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf));
+       SSVAL(outbuf,smb_vwv5,0);
+       SSVAL(outbuf,smb_vwv6,this_ldata);
+       SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf));
+       SSVAL(outbuf,smb_vwv8,0);
+       SSVAL(outbuf,smb_vwv9,lsetup);
+
+       for (i=0;i<lsetup;i++)
+       {
+               SSVAL(outbuf,smb_vwv10+i*SIZEOFWORD,setup[i]);
+       }
+
+       show_msg(outbuf);
+       send_smb(Client,outbuf);
+
+       tot_data = this_ldata;
+       tot_param = this_lparam;
+
+       while (tot_data < ldata || tot_param < lparam)
+       {
+               this_lparam = MIN(lparam-tot_param, max_send - 500); /* hack */
+               this_ldata  = MIN(ldata -tot_data , max_send - (500+this_lparam));
+
+               align = (this_lparam%4);
+
+               set_message(outbuf,10,this_ldata+this_lparam+align,False);
+
+               copy_trans_params_and_data(outbuf, align,
+                                          rparam     , rdata,
+                                          tot_param  , tot_data,
+                                          this_lparam, this_ldata);
+
+               SSVAL(outbuf,smb_vwv3,this_lparam);
+               SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf),outbuf));
+               SSVAL(outbuf,smb_vwv5,tot_param);
+               SSVAL(outbuf,smb_vwv6,this_ldata);
+               SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+this_lparam+align,outbuf));
+               SSVAL(outbuf,smb_vwv8,tot_data);
+               SSVAL(outbuf,smb_vwv9,0);
+
+               show_msg(outbuf);
+               send_smb(Client,outbuf);
+
+               tot_data  += this_ldata;
+               tot_param += this_lparam;
+       }
 }
 
 struct pack_desc {
@@ -273,11 +330,12 @@ static BOOL init_package(struct pack_desc* p, int count, int subcount)
   p->subcount = 0;
   p->curpos = p->format;
   if (i > n) {
+    p->neededlen = i;
     i = n = 0;
-    p->errcode = NERR_BufTooSmall;
+    p->errcode = ERROR_MORE_DATA;
   }
-
-  p->errcode = NERR_Success;
+  else
+    p->errcode = NERR_Success;
   p->buflen = i;
   n -= i;
   p->stringbuf = p->base + i;
@@ -399,7 +457,7 @@ va_dcl
     p->usedlen += needed;
   }
   else {
-    if (p->errcode == NERR_Success) p->errcode = NERR_BufTooSmall;
+    if (p->errcode == NERR_Success) p->errcode = ERROR_MORE_DATA;
   }
   return 1;
 }
@@ -462,6 +520,10 @@ static int check_printq_info(struct pack_desc* desc,
   case 5:
     desc->format = "z";
     break;
+  case 52:
+    desc->format = "WzzzzzzzzN";
+    desc->subformat = "z";
+    break;
   default: return False;
   }
   if (strcmp(desc->format,id1) != 0) return False;
@@ -521,11 +583,18 @@ static void fill_printq_info(int cnum, int snum, int uLevel,
                             int count, print_queue_struct* queue,
                             print_status_struct* status)
 {
-  if (uLevel < 3) {
-    PACKS(desc,"B13",SERVICE(snum));
-  } else {
-    PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum)));
+  switch (uLevel) {
+    case 1:
+    case 2:
+      PACKS(desc,"B13",SERVICE(snum));
+      break;
+    case 3:
+    case 4:
+    case 5:
+      PACKS(desc,"z",Expand(cnum,snum,SERVICE(snum)));
+      break;
   }
+
   if (uLevel == 1 || uLevel == 2) {
     PACKS(desc,"B","");                /* alignment */
     PACKI(desc,"W",5);         /* priority */
@@ -573,8 +642,150 @@ static void fill_printq_info(int cnum, int snum, int uLevel,
     for (i=0;i<count;i++)
       fill_printjob_info(cnum,snum,uLevel == 2 ? 1 : 2,desc,&queue[i],i);
   }
- 
-  DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",SERVICE(snum),count));
+
+  if (uLevel==52) {
+    int i,ok=0;
+    pstring tok,driver,datafile,langmon,helpfile,datatype;
+    char *p,*q;
+    FILE *f;
+    pstring fname;
+
+    strcpy(fname,lp_driverfile());
+    f=fopen(fname,"r");
+    if (!f) {
+      DEBUG(3,("fill_printq_info: Can't open %s - %s\n",fname,strerror(errno)));
+      desc->errcode=NERR_notsupported;
+      return;
+    }
+
+    p=(char *)malloc(8192*sizeof(char));
+    bzero(p, 8192*sizeof(char));
+    q=p;
+
+    /* lookup the long printer driver name in the file description */
+    while (f && !feof(f) && !ok)
+    {
+      p = q;                   /* reset string pointer */
+      fgets(p,8191,f);
+      p[strlen(p)-1]='\0';
+      if (next_token(&p,tok,":") &&
+        (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum)))))
+       ok=1;
+    }
+    fclose(f);
+
+    /* driver file name */
+    if (ok && !next_token(&p,driver,":")) ok = 0;
+    /* data file name */
+    if (ok && !next_token(&p,datafile,":")) ok = 0;
+      /*
+       * for the next tokens - which may be empty - I have to check for empty
+       * tokens first because the next_token function will skip all empty
+       * token fields 
+       */
+    if (ok) {
+      /* help file */
+      if (*p == ':') {
+         *helpfile = '\0';
+         p++;
+      } else if (!next_token(&p,helpfile,":")) ok = 0;
+    }
+
+    if (ok) {
+      /* language monitor */
+      if (*p == ':') {
+         *langmon = '\0';
+         p++;
+      } else if (!next_token(&p,langmon,":")) ok = 0;
+    }
+
+    /* default data type */
+    if (ok && !next_token(&p,datatype,":")) ok = 0;
+
+    if (ok) {
+      PACKI(desc,"W",0x0400);                    /* don't know */
+      PACKS(desc,"z",lp_printerdriver(snum));    /* long printer name */
+      PACKS(desc,"z",driver);                    /* Driverfile Name */
+      PACKS(desc,"z",datafile);                  /* Datafile name */
+      PACKS(desc,"z",langmon);                  /* language monitor */
+      PACKS(desc,"z",lp_driverlocation(snum));   /* share to retrieve files */
+      PACKS(desc,"z",datatype);                         /* default data type */
+      PACKS(desc,"z",helpfile);                  /* helpfile name */
+      PACKS(desc,"z",driver);                    /* driver name */
+      DEBUG(3,("Driver:%s:\n",driver));
+      DEBUG(3,("Data File:%s:\n",datafile));
+      DEBUG(3,("Language Monitor:%s:\n",langmon));
+      DEBUG(3,("Data Type:%s:\n",datatype));
+      DEBUG(3,("Help File:%s:\n",helpfile));
+      PACKI(desc,"N",count);                     /* number of files to copy */
+      for (i=0;i<count;i++)
+      {
+       /* no need to check return value here - it was already tested in
+        * get_printerdrivernumber
+        */
+        next_token(&p,tok,",");
+        PACKS(desc,"z",tok);                        /* driver files to copy */
+        DEBUG(3,("file:%s:\n",tok));
+      }
+
+      DEBUG(3,("fill_printq_info on <%s> gave %d entries\n",
+           SERVICE(snum),count));
+    } else {
+      DEBUG(3,("fill_printq_info: Can't supply driver files\n"));
+      desc->errcode=NERR_notsupported;
+    }
+    free(q);
+  }
+}
+
+/* This function returns the number of files for a given driver */
+int get_printerdrivernumber(int snum)
+{
+  int i=0,ok=0;
+  pstring tok;
+  char *p,*q;
+  FILE *f;
+  pstring fname;
+
+  strcpy(fname,lp_driverfile());
+
+  DEBUG(4,("In get_printerdrivernumber: %s\n",fname));
+  f=fopen(fname,"r");
+  if (!f) {
+    DEBUG(3,("get_printerdrivernumber: Can't open %s - %s\n",fname,strerror(errno)));
+    return(0);
+  }
+
+  p=(char *)malloc(8192*sizeof(char));
+  q=p; /* need it to free memory because p change ! */
+
+  /* lookup the long printer driver name in the file description */
+  while (!feof(f) && !ok)
+  {
+    p = q;                     /* reset string pointer */
+    fgets(p,8191,f);
+    if (next_token(&p,tok,":") &&
+      (!strncmp(tok,lp_printerdriver(snum),strlen(lp_printerdriver(snum))))) 
+       ok=1;
+  }
+  fclose(f);
+
+  if (ok) {
+    /* skip 5 fields */
+    i = 5;
+    while (*p && i) {
+      if (*p++ == ':') i--;
+    }
+    if (!*p || i)
+      return(0);
+
+    /* count the number of files */
+    while (next_token(&p,tok,","))
+       i++;
+  }
+  free(q);
+
+  return(i);
 }
 
 static BOOL api_DosPrintQGetInfo(int cnum,uint16 vuid, char *param,char *data,
@@ -622,7 +833,14 @@ static BOOL api_DosPrintQGetInfo(int cnum,uint16 vuid, char *param,char *data,
   
   if (snum < 0 || !VALID_SNUM(snum)) return(False);
 
-  count = get_printqueue(snum,cnum,&queue,&status);
+  if (uLevel==52)
+  {
+    count = get_printerdrivernumber(snum);
+    DEBUG(3,("api_DosPrintQGetInfo: Driver files count: %d\n",count));
+  }
+  else
+    count = get_printqueue(snum,cnum,&queue,&status);
+
   if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
   desc.base = *rdata;
   desc.buflen = mdrcnt;
@@ -817,7 +1035,7 @@ static int get_server_info(uint32 servertype,
     if (!next_token(&ptr,s->comment, NULL)) continue;
     if (!next_token(&ptr,s->domain , NULL)) {
       /* this allows us to cope with an old nmbd */
-      strcpy(s->domain,myworkgroup); 
+      strcpy(s->domain,global_myworkgroup); 
     }
     
     if (sscanf(stype,"%X",&s->type) != 1) { 
@@ -974,7 +1192,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data,
   uint32 servertype = IVAL(p,4);
   char *p2;
   int data_len, fixed_len, string_len;
-  int f_len, s_len;
+  int f_len = 0, s_len = 0;
   struct srv_info_struct *servers=NULL;
   int counted=0,total=0;
   int i,missed;
@@ -1013,7 +1231,7 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data,
   if (strcmp(str1, "WrLehDz") == 0) {
     StrnCpy(domain, p, sizeof(fstring)-1);
   } else {
-    StrnCpy(domain, myworkgroup, sizeof(fstring)-1);    
+    StrnCpy(domain, global_myworkgroup, sizeof(fstring)-1);    
   }
 
   if (lp_browse_list())
@@ -1085,6 +1303,39 @@ static BOOL api_RNetServerEnum(int cnum, uint16 vuid, char *param, char *data,
   return(True);
 }
 
+/****************************************************************************
+  command 0x34 - suspected of being a "Lookup Names" stub api
+  ****************************************************************************/
+static BOOL api_RNetGroupGetUsers(int cnum, uint16 vuid, char *param, char *data,
+                              int mdrcnt, int mprcnt, char **rdata, 
+                              char **rparam, int *rdata_len, int *rparam_len)
+{
+  char *str1 = param+2;
+  char *str2 = skip_string(str1,1);
+  char *p = skip_string(str2,1);
+  int uLevel = SVAL(p,0);
+  int buf_len = SVAL(p,2);
+  int counted=0;
+  int missed=0;
+
+       DEBUG(5,("RNetGroupGetUsers: %s %s %s %d %d\n",
+               str1, str2, p, uLevel, buf_len));
+
+  if (!prefix_ok(str1,"zWrLeh")) return False;
+  
+  *rdata_len = 0;
+  *rdata = NULL;
+  
+  *rparam_len = 8;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  SSVAL(*rparam,0,0x08AC); /* informational warning message */
+  SSVAL(*rparam,2,0);
+  SSVAL(*rparam,4,counted);
+  SSVAL(*rparam,6,counted+missed);
+
+  return(True);
+}
 
 /****************************************************************************
   get info about a share
@@ -1254,7 +1505,7 @@ static BOOL api_RNetShareEnum(int cnum,uint16 vuid, char *param,char *data,
   int total=0,counted=0;
   int i;
   int data_len, fixed_len, string_len;
-  int f_len, s_len;
+  int f_len = 0, s_len = 0;
  
   if (!prefix_ok(str1,"WrLeh")) return False;
   if (!check_share_info(uLevel,str2)) return False;
@@ -1365,8 +1616,8 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
 
   p = skip_string(p,1);
 
-  StrnCpy(pass1,p,16);
-  StrnCpy(pass2,p+16,16);
+  memcpy(pass1,p,16);
+  memcpy(pass2,p+16,16);
 
   *rparam_len = 4;
   *rparam = REALLOC(*rparam,*rparam_len);
@@ -1378,18 +1629,103 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
 
   DEBUG(3,("Set password for <%s>\n",user));
 
+  /*
+   * Attempt the plaintext password change first.
+   * Older versions of Windows seem to do this.
+   */
+
   if (password_ok(user,pass1,strlen(pass1),NULL) &&
-      chgpasswd(user,pass1,pass2))
+      chgpasswd(user,pass1,pass2,False))
   {
     SSVAL(*rparam,0,NERR_Success);
   }
 
+  /*
+   * If the plaintext change failed, attempt
+   * the encrypted. NT will generate this
+   * after trying the samr method.
+   */
+
+  if(SVAL(*rparam,0) != NERR_Success)
+  {
+    struct smb_passwd *smbpw = NULL;
+
+    if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &smbpw) && 
+       change_lanman_password(smbpw,(unsigned char *)pass1,(unsigned char *)pass2))
+    {
+      SSVAL(*rparam,0,NERR_Success);
+    }
+  }
+
   bzero(pass1,sizeof(fstring));
   bzero(pass2,sizeof(fstring));         
         
   return(True);
 }
 
+/****************************************************************************
+  Set the user password (SamOEM version - gets plaintext).
+****************************************************************************/
+
+static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *data,
+                               int mdrcnt,int mprcnt,
+                               char **rdata,char **rparam,
+                               int *rdata_len,int *rparam_len)
+{
+  fstring user;
+  fstring new_passwd;
+  struct smb_passwd *smbpw = NULL;
+  char *p = param + 2;
+
+  *rparam_len = 2;
+  *rparam = REALLOC(*rparam,*rparam_len);
+
+  *rdata_len = 0;
+
+  SSVAL(*rparam,0,NERR_badpass);
+
+  /*
+   * Check the parameter definition is correct.
+   */
+  if(!strequal(param + 2, "zsT")) {
+    DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %sn\n", param + 2));
+    return False;
+  }
+  p = skip_string(p, 1);
+
+  if(!strequal(p, "B516B16")) {
+    DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %sn\n", p));
+    return False;
+  }
+  p = skip_string(p,1);
+
+  fstrcpy(user,p);
+  p = skip_string(p,1);
+
+  if(check_oem_password( user, (unsigned char *)data, &smbpw, 
+                         new_passwd, (int)sizeof(new_passwd)) == False) {
+    return True;
+  }
+
+  /* 
+   * At this point we have the new case-sensitive plaintext
+   * password in the fstring new_passwd. If we wanted to synchronise
+   * with UNIX passwords we would call a UNIX password changing 
+   * function here. However it would have to be done as root
+   * as the plaintext of the old users password is not 
+   * available. JRA.
+   */
+
+  if(lp_unix_password_sync())
+    chgpasswd(user,"", new_passwd, True);
+ 
+  if(change_oem_password( smbpw, new_passwd)) {
+    SSVAL(*rparam,0,NERR_Success);
+  }
+
+  return(True);
+}
+
 /****************************************************************************
   delete a print job
   Form: <W> <> 
@@ -1703,7 +2039,7 @@ static BOOL api_RNetServerGetInfo(int cnum,uint16 vuid, char *param,char *data,
 
       pstrcpy(comment,lp_serverstring());
 
-      if ((count=get_server_info(SV_TYPE_ALL,&servers,myworkgroup))>0) {
+      if ((count=get_server_info(SV_TYPE_ALL,&servers,global_myworkgroup))>0) {
        for (i=0;i<count;i++)
          if (strequal(servers[i].name,local_machine))
       {
@@ -1789,7 +2125,7 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data,
   p += 4;
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata)); /* login domain */
-  strcpy(p2,myworkgroup);
+  strcpy(p2,global_myworkgroup);
   strupper(p2);
   p2 = skip_string(p2,1);
   p += 4;
@@ -1799,7 +2135,7 @@ static BOOL api_NetWkstaGetInfo(int cnum,uint16 vuid, char *param,char *data,
   p += 2;
 
   SIVAL(p,0,PTR_DIFF(p2,*rdata));
-  strcpy(p2,myworkgroup);      /* don't know.  login domain?? */
+  strcpy(p2,global_myworkgroup);       /* don't know.  login domain?? */
   p2 = skip_string(p2,1);
   p += 4;
 
@@ -1996,8 +2332,11 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
        char *p2;
 
     /* get NIS home of a previously validated user - simeon */
+    /* With share level security vuid will always be zero.
+       Don't depend on vuser being non-null !!. JRA */
     user_struct *vuser = get_valid_user_struct(vuid);
-    DEBUG(3,("  Username of UID %d is %s\n", vuser->uid, vuser->name));
+    if(vuser != NULL)
+      DEBUG(3,("  Username of UID %d is %s\n", vuser->uid, vuser->name));
 
     *rparam_len = 6;
     *rparam = REALLOC(*rparam,*rparam_len);
@@ -2047,7 +2386,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
 
                /* EEK! the cifsrap.txt doesn't have this in!!!! */
                SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
-               strcpy(p2,vuser->real_name);    /* simeon */
+               strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName));
                p2 = skip_string(p2,1);
        }
 
@@ -2055,7 +2394,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
        {         
                SSVAL(p,usri11_priv,Connections[cnum].admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); 
                SIVAL(p,usri11_auth_flags,AF_OP_PRINT);         /* auth flags */
-               SIVALS(p,usri11_password_age,0xffffffff);               /* password age */
+               SIVALS(p,usri11_password_age,-1);               /* password age */
                SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
                strcpy(p2, lp_logon_path());
                p2 = skip_string(p2,1);
@@ -2064,8 +2403,8 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                p2 = skip_string(p2,1);
                SIVAL(p,usri11_last_logon,0);           /* last logon */
                SIVAL(p,usri11_last_logoff,0);          /* last logoff */
-               SSVALS(p,usri11_bad_pw_count,0xffffffff);               /* bad pw counts */
-               SSVALS(p,usri11_num_logons,0xffffffff);         /* num logons */
+               SSVALS(p,usri11_bad_pw_count,-1);       /* bad pw counts */
+               SSVALS(p,usri11_num_logons,-1);         /* num logons */
                SIVAL(p,usri11_logon_server,PTR_DIFF(p2,p)); /* logon server */
                strcpy(p2,"\\\\*");
                p2 = skip_string(p2,1);
@@ -2075,7 +2414,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                strcpy(p2,"");
                p2 = skip_string(p2,1);
 
-               SIVALS(p,usri11_max_storage,0xffffffff);                /* max storage */
+               SIVALS(p,usri11_max_storage,-1);                /* max storage */
                SSVAL(p,usri11_units_per_week,168);             /* units per week */
                SIVAL(p,usri11_logon_hours,PTR_DIFF(p2,p)); /* logon hours */
 
@@ -2103,7 +2442,7 @@ static BOOL api_RNetUserGetInfo(int cnum,uint16 vuid, char *param,char *data,
                {
                        SIVAL(p,60,0);          /* auth_flags */
                        SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
-                       strcpy(p2,vuser->real_name);    /* simeon */
+                       strcpy(p2,((vuser != NULL) ? vuser->real_name : UserName));
                        p2 = skip_string(p2,1);
                        SIVAL(p,68,0);          /* urs_comment */
                        SIVAL(p,72,PTR_DIFF(p2,*rdata)); /* parms */
@@ -2239,7 +2578,7 @@ static BOOL api_WWkstaUserLogon(int cnum,uint16 vuid, char *param,char *data,
       strupper(mypath);
       PACKS(&desc,"z",mypath); /* computer */
     }
-    PACKS(&desc,"z",myworkgroup);/* domain */
+    PACKS(&desc,"z",global_myworkgroup);/* domain */
 
 /* JHT - By calling lp_logon_script() and standard_sub() we have */
 /* made sure all macros are fully substituted and available */
@@ -2731,28 +3070,253 @@ static BOOL api_WPrintPortEnum(int cnum,uint16 vuid, char *param,char *data,
   return(True);
 }
 
+struct api_cmd
+{
+  char * pipe_clnt_name;
+  char * pipe_srv_name;
+  BOOL (*fn) (pipes_struct *, prs_struct *);
+};
 
-struct
+static struct api_cmd api_fd_commands[] =
 {
-  char * name;
-  char * pipename;
-  int subcommand;
-  BOOL (*fn) ();
-} api_fd_commands [] =
-  {
-#ifdef NTDOMAIN
-    { "SetNmdPpHndState",      "lsarpc",       1,      api_LsarpcSNPHS },
-    { "SetNmdPpHndState",      "srvsvc",       1,      api_LsarpcSNPHS },
-    { "SetNmdPpHndState",      "NETLOGON",     1,      api_LsarpcSNPHS },
-    { "TransactNmPipe",        "lsarpc",       0x26,   api_ntLsarpcTNP },
-    { "TransactNmPipe",        "srvsvc",       0x26,   api_srvsvcTNP },
-    { "TransactNmPipe",        "NETLOGON",     0x26,   api_netlogrpcTNP },
-#else
-    { "SetNmdPpHndState",      "lsarpc",       1,      api_LsarpcSNPHS },
-    { "TransactNmPipe"  ,      "lsarpc",       0x26,   api_LsarpcTNP },
-#endif
-    { NULL,            NULL,           -1,     (BOOL (*)())api_Unsupported }
-  };
+    { "lsarpc",   "lsass",   api_ntlsa_rpc },
+    { "samr",     "lsass",   api_samr_rpc },
+    { "srvsvc",   "ntsvcs",  api_srvsvc_rpc },
+    { "wkssvc",   "ntsvcs",  api_wkssvc_rpc },
+    { "NETLOGON", "lsass",   api_netlog_rpc },
+    { "winreg",   "winreg",  api_reg_rpc },
+    { NULL,       NULL,      NULL }
+};
+
+static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
+{
+       BOOL ntlmssp_auth = False;
+       fstring ack_pipe_name;
+       int i = 0;
+
+       DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
+
+       for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
+       {
+               if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+                   api_fd_commands[i].fn != NULL)
+               {
+                       DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
+                                  api_fd_commands[i].pipe_clnt_name,
+                                  api_fd_commands[i].pipe_srv_name));
+                       fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
+                       break;
+               }
+       }
+
+       if (api_fd_commands[i].fn == NULL) return False;
+
+       /* decode the bind request */
+       smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0);
+
+       if (pd->offset == 0) return False;
+
+       if (p->hdr.auth_len != 0)
+       {
+               /* decode the authentication verifier */
+               smb_io_rpc_auth_ntlmssp_req("", &p->ntlmssp_req, pd, 0);
+
+               if (pd->offset == 0) return False;
+
+               /* ignore the version number for now */
+               ntlmssp_auth = strequal(p->ntlmssp_req.ntlmssp_str, "NTLMSSP");
+       }
+
+       /* name has to be \PIPE\xxxxx */
+       strcpy(ack_pipe_name, "\\PIPE\\");
+       strcat(ack_pipe_name, p->pipe_srv_name);
+
+       DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
+
+       prs_init(&(p->rdata), 1024, 4, 0, False);
+       prs_init(&(p->rhdr ), 0x10, 4, 0, False);
+       prs_init(&(p->rauth), 1024, 4, 0, False);
+
+    /***/
+       /*** do the bind ack first ***/
+    /***/
+
+       make_rpc_hdr_ba(&p->hdr_ba,
+                                       p->hdr_rb.bba.max_tsize,
+                       p->hdr_rb.bba.max_rsize,
+                       p->hdr_rb.bba.assoc_gid,
+                                       ack_pipe_name,
+                                       0x1, 0x0, 0x0,
+                                       &(p->hdr_rb.transfer));
+
+       smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0);
+       mem_realloc_data(p->rdata.data, p->rdata.offset);
+
+    /***/
+       /*** now the authentication ***/
+    /***/
+
+       if (ntlmssp_auth)
+       {
+               uint8 data[16];
+               bzero(data, sizeof(data)); /* first 8 bytes are non-zero */
+
+               make_rpc_auth_ntlmssp_resp(&p->ntlmssp_resp,
+                                          0x0a, 0x06, 0,
+                                          "NTLMSSP", 2,
+                                          0x00000000, 0x0000b2b3, 0x000082b1,
+                                          data);
+               smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, &p->rauth, 0);
+               mem_realloc_data(p->rauth.data, p->rauth.offset);
+       }
+
+    /***/
+       /*** then do the header, now we know the length ***/
+    /***/
+
+       make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+                                p->hdr.call_id,
+                    p->rdata.offset + p->rauth.offset,
+                    p->rauth.offset);
+
+       smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0);
+       mem_realloc_data(p->rhdr.data, p->rdata.offset);
+
+    /***/
+       /*** link rpc header, bind acknowledgment and authentication responses ***/
+    /***/
+
+       p->rhdr.data->offset.start = 0;
+       p->rhdr.data->offset.end   = p->rhdr.offset;
+       p->rhdr.data->next         = p->rdata.data;
+
+       if (ntlmssp_auth)
+       {
+               p->rdata.data->offset.start = p->rhdr.offset;
+               p->rdata.data->offset.end   = p->rhdr.offset + p->rdata.offset;
+               p->rdata.data->next         = p->rauth.data;
+
+               p->rauth.data->offset.start = p->rhdr.offset + p->rdata.offset;
+               p->rauth.data->offset.end   = p->rhdr.offset + p->rauth.offset + p->rdata.offset;
+               p->rauth.data->next         = NULL;
+       }
+       else
+       {
+               p->rdata.data->offset.start = p->rhdr.offset;
+               p->rdata.data->offset.end   = p->rhdr.offset + p->rdata.offset;
+               p->rdata.data->next         = NULL;
+       }
+
+       return True;
+}
+
+static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
+{
+       int i = 0;
+
+       for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
+       {
+               if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+                   api_fd_commands[i].fn != NULL)
+               {
+                       DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
+                       return api_fd_commands[i].fn(p, pd);
+               }
+       }
+       return False;
+}
+
+static BOOL api_dce_rpc_command(char *outbuf,
+                               pipes_struct *p,
+                               prs_struct *pd)
+{
+       BOOL reply = False;
+       if (pd->data == NULL) return False;
+
+       /* process the rpc header */
+       smb_io_rpc_hdr("", &p->hdr, pd, 0);
+
+       if (pd->offset == 0) return False;
+
+       switch (p->hdr.pkt_type)
+       {
+               case RPC_BIND   :
+               {
+                       reply = api_pipe_bind_req(p, pd);
+                       break;
+               }
+               case RPC_REQUEST:
+               {
+                       reply = api_pipe_request (p, pd);
+                       break;
+               }
+       }
+
+       if (reply)
+       {
+               /* now send the reply */
+               send_trans_reply(outbuf, p->rhdr.data, NULL, NULL, 0, p->file_offset);
+
+               if (mem_buf_len(p->rhdr.data) <= p->file_offset)
+               {
+                       /* all of data was sent: no need to wait for SMBreadX calls */
+                       mem_free_data(p->rhdr .data);
+                       mem_free_data(p->rdata.data);
+               }
+       }
+
+       return reply;
+}
+
+/****************************************************************************
+ SetNamedPipeHandleState 
+****************************************************************************/
+static BOOL api_SNPHS(char *outbuf, pipes_struct *p, char *param)
+{
+       uint16 id;
+
+       if (!param) return False;
+
+       id = param[0] + (param[1] << 8);
+       DEBUG(4,("lsarpc SetNamedPipeHandleState to code %x\n", id));
+
+       if (set_rpc_pipe_hnd_state(p, id))
+       {
+               /* now send the reply */
+               send_trans_reply(outbuf, NULL, NULL, NULL, 0, p->file_offset);
+
+               return True;
+       }
+       return False;
+}
+
+
+/****************************************************************************
+ when no reply is generated, indicate unsupported.
+ ****************************************************************************/
+static BOOL api_no_reply(char *outbuf, int max_rdata_len)
+{
+       struct mem_buf rparam;
+
+       mem_init(&rparam, 0);
+       mem_alloc_data(&rparam, 4);
+
+       rparam.offset.start = 0;
+       rparam.offset.end   = 4;
+
+       /* unsupported */
+       SSVAL(rparam.data,0,NERR_notsupported);
+       SSVAL(rparam.data,2,0); /* converter word */
+
+       DEBUG(3,("Unsupported API fd command\n"));
+
+       /* now send the reply */
+       send_trans_reply(outbuf, NULL, &rparam, NULL, 0, max_rdata_len);
+
+       mem_free_data(&rparam);
+
+       return(-1);
+}
 
 /****************************************************************************
   handle remote api calls delivered to a named pipe already opened.
@@ -2761,89 +3325,79 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf,
                        uint16 *setup,char *data,char *params,
                        int suwcnt,int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
 {
-  char *rdata = NULL;
-  char *rparam = NULL;
-  int rdata_len = 0;
-  int rparam_len = 0;
+       BOOL reply    = False;
 
-  BOOL reply = False;
+       int pnum;
+       int subcommand;
+       pipes_struct *p = NULL;
+       prs_struct pd;
+       struct mem_buf data_buf;
 
-  int i;
-  int fd;
-  int subcommand;
-  pstring pipe_name;
-  
-  DEBUG(5,("api_fd_reply\n"));
-  /* First find out the name of this file. */
-  if (suwcnt != 2)
-    {
-      DEBUG(0,("Unexpected named pipe transaction.\n"));
-      return(-1);
-    }
-  
-  /* Get the file handle and hence the file name. */
-  fd = setup[1];
-  subcommand = setup[0];
-  if (fd >= 0 && fd < MAX_OPEN_FILES)
-  {
-    pstrcpy(pipe_name, Files[fd].name);
-  }
-  else
-  {
-    pipe_name[0] = 0;
-    DEBUG(1,("api_fd_reply: INVALID FILE HANDLE: %x\n", fd));
-  }
+       DEBUG(5,("api_fd_reply\n"));
 
-  DEBUG(3,("Got API command %d on pipe %s (fd %x)",
-            subcommand, pipe_name, fd));
-  DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n",
-          tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid));
-  
-  for (i = 0; api_fd_commands[i].name; i++)
-  {
-    if (strequal(api_fd_commands[i].pipename, pipe_name) &&
-           api_fd_commands[i].subcommand == subcommand &&
-           api_fd_commands[i].fn)
-    {
-         DEBUG(3,("Doing %s\n", api_fd_commands[i].name));
-         break;
-    }
-  }
-  
-  rdata  = (char *)malloc(1024); if (rdata ) bzero(rdata ,1024);
-  rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024);
-  
-  DEBUG(10,("calling api_fd_command\n"));
+       /* fake up a data buffer from the api_fd_reply data parameters */
+       mem_create(&data_buf, data, tdscnt, 0, False);
+       data_buf.offset.start = 0;
+       data_buf.offset.end   = tdscnt;
 
-  reply = api_fd_commands[i].fn(cnum,vuid,params,data,mdrcnt,mprcnt,
-                               &rdata,&rparam,&rdata_len,&rparam_len);
-  
-  DEBUG(10,("called api_fd_command\n"));
+       /* fake up a parsing structure */
+       pd.data = &data_buf;
+       pd.align = 4;
+       pd.io = True;
+       pd.offset = 0;
 
-  if (rdata_len > mdrcnt || rparam_len > mprcnt)
-  {
-    reply = api_TooSmall(cnum,vuid,params,data,mdrcnt,mprcnt,
-                          &rdata,&rparam,&rdata_len,&rparam_len);
-  }
-  
-  
-  /* if we get False back then it's actually unsupported */
-  if (!reply)
-    api_Unsupported(cnum,vuid,params,data,mdrcnt,mprcnt,
-                   &rdata,&rparam,&rdata_len,&rparam_len);
-  
-  /* now send the reply */
-  send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0);
-  
-  if (rdata)
-    free(rdata);
-  if (rparam)
-    free(rparam);
-  
-  return(-1);
-}
+       /* First find out the name of this file. */
+       if (suwcnt != 2)
+       {
+               DEBUG(0,("Unexpected named pipe transaction.\n"));
+               return(-1);
+       }
+
+       /* Get the file handle and hence the file name. */
+       pnum = setup[1];
+       subcommand = setup[0];
+       get_rpc_pipe(pnum, &p);
+
+       if (p != NULL)
+       {
+               DEBUG(3,("Got API command 0x%x on pipe \"%s\" (pnum %x)",
+                                 subcommand, p->name, pnum));
+               DEBUG(3,("(tdscnt=%d,tpscnt=%d,mdrcnt=%d,mprcnt=%d,cnum=%d,vuid=%d)\n",
+                                 tdscnt,tpscnt,mdrcnt,mprcnt,cnum,vuid));
 
+               /* record maximum data length that can be transmitted in an SMBtrans */
+               p->file_offset = mdrcnt;
 
+                DEBUG(10,("api_fd_reply: p:%p file_offset: %d\n",
+                           p, p->file_offset));
+
+               switch (subcommand)
+               {
+                       case 0x26:
+                       {
+                               /* dce/rpc command */
+                               reply = api_dce_rpc_command(outbuf, p, &pd);
+                               break;
+                       }
+                       case 0x01:
+                       {
+                               /* Set Named Pipe Handle state */
+                               reply = api_SNPHS(outbuf, p, params);
+                               break;
+                       }
+               }
+       }
+       else
+       {
+               DEBUG(1,("api_fd_reply: INVALID PIPE HANDLE: %x\n", pnum));
+       }
+
+       if (!reply)
+       {
+               return api_no_reply(outbuf, mdrcnt);
+       }
+       return -1;
+}
 
 /****************************************************************************
   the buffer was too small
@@ -2894,35 +3448,37 @@ struct
 {
   char *name;
   int id;
-  BOOL (*fn)();
+  BOOL (*fn)(int,uint16,char *,char *,int,int,char **,char **,int *,int *);
   int flags;
 } api_commands[] = {
-  {"RNetShareEnum",    0,      (BOOL (*)())api_RNetShareEnum,0},
-  {"RNetShareGetInfo", 1,      (BOOL (*)())api_RNetShareGetInfo,0},
-  {"RNetServerGetInfo",        13,     (BOOL (*)())api_RNetServerGetInfo,0},
-  {"RNetUserGetInfo",  56,     (BOOL (*)())api_RNetUserGetInfo,0},
-  {"NetUserGetGroups", 59,     (BOOL (*)())api_NetUserGetGroups,0},
-  {"NetWkstaGetInfo",  63,     (BOOL (*)())api_NetWkstaGetInfo,0},
-  {"DosPrintQEnum",    69,     (BOOL (*)())api_DosPrintQEnum,0},
-  {"DosPrintQGetInfo", 70,     (BOOL (*)())api_DosPrintQGetInfo,0},
-  {"WPrintJobEnumerate",76,    (BOOL (*)())api_WPrintJobEnumerate,0},
-  {"WPrintJobGetInfo", 77,     (BOOL (*)())api_WPrintJobGetInfo,0},
-  {"RDosPrintJobDel",  81,     (BOOL (*)())api_RDosPrintJobDel,0},
-  {"RDosPrintJobPause",        82,     (BOOL (*)())api_RDosPrintJobDel,0},
-  {"RDosPrintJobResume",83,    (BOOL (*)())api_RDosPrintJobDel,0},
-  {"WPrintDestEnum",   84,     (BOOL (*)())api_WPrintDestEnum,0},
-  {"WPrintDestGetInfo",        85,     (BOOL (*)())api_WPrintDestGetInfo,0},
-  {"NetRemoteTOD",     91,     (BOOL (*)())api_NetRemoteTOD,0},
-  {"WPrintQueuePurge", 103,    (BOOL (*)())api_WPrintQueuePurge,0},
-  {"NetServerEnum",    104,    (BOOL (*)())api_RNetServerEnum,0},
-  {"WAccessGetUserPerms",105,  (BOOL (*)())api_WAccessGetUserPerms,0},
-  {"SetUserPassword",  115,    (BOOL (*)())api_SetUserPassword,0},
-  {"WWkstaUserLogon",  132,    (BOOL (*)())api_WWkstaUserLogon,0},
-  {"PrintJobInfo",     147,    (BOOL (*)())api_PrintJobInfo,0},
-  {"WPrintDriverEnum", 205,    (BOOL (*)())api_WPrintDriverEnum,0},
-  {"WPrintQProcEnum",  206,    (BOOL (*)())api_WPrintQProcEnum,0},
-  {"WPrintPortEnum",   207,    (BOOL (*)())api_WPrintPortEnum,0},
-  {NULL,               -1,     (BOOL (*)())api_Unsupported,0}};
+  {"RNetShareEnum",    0,      api_RNetShareEnum,0},
+  {"RNetShareGetInfo", 1,      api_RNetShareGetInfo,0},
+  {"RNetServerGetInfo",        13,     api_RNetServerGetInfo,0},
+  {"RNetGroupGetUsers", 52,    api_RNetGroupGetUsers,0},
+  {"RNetUserGetInfo",  56,     api_RNetUserGetInfo,0},
+  {"NetUserGetGroups", 59,     api_NetUserGetGroups,0},
+  {"NetWkstaGetInfo",  63,     api_NetWkstaGetInfo,0},
+  {"DosPrintQEnum",    69,     api_DosPrintQEnum,0},
+  {"DosPrintQGetInfo", 70,     api_DosPrintQGetInfo,0},
+  {"WPrintJobEnumerate",76,    api_WPrintJobEnumerate,0},
+  {"WPrintJobGetInfo", 77,     api_WPrintJobGetInfo,0},
+  {"RDosPrintJobDel",  81,     api_RDosPrintJobDel,0},
+  {"RDosPrintJobPause",        82,     api_RDosPrintJobDel,0},
+  {"RDosPrintJobResume",83,    api_RDosPrintJobDel,0},
+  {"WPrintDestEnum",   84,     api_WPrintDestEnum,0},
+  {"WPrintDestGetInfo",        85,     api_WPrintDestGetInfo,0},
+  {"NetRemoteTOD",     91,     api_NetRemoteTOD,0},
+  {"WPrintQueuePurge", 103,    api_WPrintQueuePurge,0},
+  {"NetServerEnum",    104,    api_RNetServerEnum,0},
+  {"WAccessGetUserPerms",105,  api_WAccessGetUserPerms,0},
+  {"SetUserPassword",  115,    api_SetUserPassword,0},
+  {"WWkstaUserLogon",  132,    api_WWkstaUserLogon,0},
+  {"PrintJobInfo",     147,    api_PrintJobInfo,0},
+  {"WPrintDriverEnum", 205,    api_WPrintDriverEnum,0},
+  {"WPrintQProcEnum",  206,    api_WPrintQProcEnum,0},
+  {"WPrintPortEnum",   207,    api_WPrintPortEnum,0},
+  {"SamOEMChangePassword", 214, api_SamOEMChangePassword,0},
+  {NULL,               -1,     api_Unsupported,0}};
 
 
 /****************************************************************************
@@ -2932,6 +3488,8 @@ static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params,
                     int tdscnt,int tpscnt,int mdrcnt,int mprcnt)
 {
   int api_command = SVAL(params,0);
+  struct mem_buf rdata_buf;
+  struct mem_buf rparam_buf;
   char *rdata = NULL;
   char *rparam = NULL;
   int rdata_len = 0;
@@ -2971,14 +3529,20 @@ static int api_reply(int cnum,uint16 vuid,char *outbuf,char *data,char *params,
                    &rdata,&rparam,&rdata_len,&rparam_len);
 
       
+  mem_create(&rdata_buf , rdata , rdata_len , 0, False);
+  mem_create(&rparam_buf, rparam, rparam_len, 0, False);
+
+  rdata_buf.offset.start = 0;
+  rdata_buf.offset.end   = rdata_len;
+
+  rparam_buf.offset.start = 0;
+  rparam_buf.offset.end   = rparam_len;
 
   /* now send the reply */
-  send_trans_reply(outbuf,rdata,rparam,NULL,rdata_len,rparam_len,0);
+  send_trans_reply(outbuf, &rdata_buf, &rparam_buf, NULL, 0, 0);
 
-  if (rdata)
-    free(rdata);
-  if (rparam)
-    free(rparam);
+  if (rdata ) free(rdata);
+  if (rparam) free(rparam);
   
   return(-1);
 }
@@ -3015,7 +3579,7 @@ static int named_pipe(int cnum,uint16 vuid, char *outbuf,char *name,
 /****************************************************************************
   reply to a SMBtrans
   ****************************************************************************/
-int reply_trans(char *inbuf,char *outbuf)
+int reply_trans(char *inbuf,char *outbuf, int size, int bufsize)
 {
   fstring name;
 
@@ -3078,12 +3642,18 @@ int reply_trans(char *inbuf,char *outbuf)
   /* receive the rest of the trans packet */
   while (pscnt < tpscnt || dscnt < tdscnt)
     {
+      BOOL ret;
       int pcnt,poff,dcnt,doff,pdisp,ddisp;
       
-      if (!receive_smb(Client,inbuf, SMB_SECONDARY_WAIT) ||
-         CVAL(inbuf, smb_com) != SMBtrans)
+      ret = receive_next_smb(Client,oplock_sock,inbuf,bufsize,SMB_SECONDARY_WAIT);
+
+      if ((ret && (CVAL(inbuf, smb_com) != SMBtrans)) || !ret)
        {
-         DEBUG(2,("Invalid secondary trans2 packet\n"));
+          if(ret)
+            DEBUG(0,("reply_trans: Invalid secondary trans packet\n"));
+          else
+            DEBUG(0,("reply_trans: %s in getting secondary trans response.\n",
+              (smb_read_error == READ_ERROR) ? "error" : "timeout" ));
          if (params) free(params);
          if (data) free(data);
          if (setup) free(setup);