From Elrond@Wunder-Nett.org Fri Mar 17 08:34:21 2000

Date: Thu, 16 Mar 2000 16:29:53 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: SVC_UNKNOWN_3


Hi Luke,

I played a bit with srvmgr around and it did a opnum=3 on
svcctl, so I tried to decode the request. For me it looked
lit it only consists of a sc_man_hnd. So I added some
parsing code and an "svcunk3" to rpcclient, so I could ask
the NT-box for the answer. The answer were 20 NUL-bytes. I
guess, this is a closed handle and a status. Also the
following svc_close(sc_man_hnd) seemed to fail somehow (I
didn't realy see the fault-pdu or so... but I did not see
an svc_io_r_close_hnd either.)

[lkcl: i suspect that this is a "delete service" call,
       which is why the close fails because the handle
       is alread closed!]

All this looks to me like opnum=3 is something like
SVC_CLOSE2 or so.

Could you apply the patch and verify that?


I also did the following:
- modified configure.in, so it is more like HEAD (still lot
  to do)
- fixed some issues in groupdb/builtinunix.c:
  When I created aliases with domain alias map, all these
  aliases also existed in the Builtin domain, so usrmgr
  showed them all doubled. (might be interesting for
  HEAD...)
- made global_sid_S_1_1_0 static, one should use
  global_sid_everyone instead.
- continued my share_get_info-effort by writing *_free_*
  for all the fun. Yet have to use them.


    Elrond

16 files changed, 415 insertions, 255 deletions

diff --git a/source/configure.in b/source/configure.in
index d44c1f4b662..405cab4373f 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -24,6 +24,10 @@ AC_PROG_CPP
 AC_PROG_INSTALL
 AC_PROG_AWK
 
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+AC_SUBST(LIBTOOL_DEPS)
+
 dnl Check if C compiler understands -c and -o at the same time
 AC_PROG_CC_C_O
 if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = no"; then
@@ -92,7 +96,9 @@ AC_CHECK_HEADERS(sys/filio.h string.h strings.h stdlib.h sys/socket.h sys/un.h)
 AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h)
 AC_CHECK_HEADERS(sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
 #
-AC_CHECK_HEADERS(shadow.h netinet/tcp.h sys/security.h security/pam_appl.h)
+#
+AC_CHECK_HEADERS(shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h)
+AC_CHECK_HEADERS(sys/security.h security/pam_appl.h)
 AC_CHECK_HEADERS(stropts.h poll.h readline.h history.h readline/readline.h)
 AC_CHECK_HEADERS(readline/history.h sys/capability.h syscall.h sys/syscall.h)
 AC_CHECK_HEADERS(sys/acl.h sys/cdefs.h glob.h)
@@ -110,10 +116,6 @@ AC_C_INLINE
 AC_C_BIGENDIAN
 AC_C_CHAR_UNSIGNED
 
-AC_DISABLE_STATIC
-AC_PROG_LIBTOOL
-AC_SUBST(LIBTOOL_DEPS)
-
 AC_TYPE_SIGNAL
 AC_TYPE_UID_T
 AC_TYPE_MODE_T
diff --git a/source/groupdb/builtinunix.c b/source/groupdb/builtinunix.c
index b9738eb1546..9f1e3d73378 100644
--- a/source/groupdb/builtinunix.c
+++ b/source/groupdb/builtinunix.c
@@ -217,7 +217,7 @@ static LOCAL_GRP *getbltunixpwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem
 		}
 
 		sid_split_rid(&gmep.sid, &gp_buf.rid);
-		if (!sid_equal(&global_sam_sid, &gmep.sid))
+		if (!sid_equal(global_sid_builtin, &gmep.sid))
 		{
 			continue;
 		}
@@ -276,7 +276,7 @@ static BOOL mod_bltunixgrp_entry(LOCAL_GRP* blt)
 /************************************************************************
  Routine to add a member to an entry to the bltpasswd file.
 *************************************************************************/
-static BOOL add_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
+static BOOL add_bltunixgrp_member(uint32 rid, const DOM_SID *member_sid)
 {
 	DEBUG(0, ("add_bltunixgrp_member: NOT IMPLEMENTED\n"));
 	return False;
@@ -285,7 +285,7 @@ static BOOL add_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
 /************************************************************************
  Routine to delete a member from an entry to the bltpasswd file.
 *************************************************************************/
-static BOOL del_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
+static BOOL del_bltunixgrp_member(uint32 rid, const DOM_SID *member_sid)
 {
 	DEBUG(0, ("del_bltunixgrp_member: NOT IMPLEMENTED\n"));
 	return False;
diff --git a/source/include/proto.h b/source/include/proto.h
index 53eab2ab515..439ab4438cc 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -984,31 +984,32 @@ BOOL create_new_sid(DOM_SID *sid);
 
 BOOL is_a_socket(int fd);
 void set_socket_options(int fd, char *options);
-void close_sockets(void );
-ssize_t write_socket(int fd,char *buf,size_t len);
-ssize_t read_udp_socket(int fd,char *buf,size_t len);
-ssize_t read_with_timeout(int fd,char *buf,size_t mincnt,size_t maxcnt,unsigned int time_out);
+void close_sockets(void);
+ssize_t write_socket(int fd, char *buf, size_t len);
+ssize_t read_udp_socket(int fd, char *buf, size_t len);
+ssize_t read_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt,
+			  unsigned int time_out);
 BOOL send_keepalive(int client);
-ssize_t read_data(int fd,char *buffer,size_t N);
-ssize_t write_data(int fd,char *buffer,size_t N);
-ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout);
-BOOL receive_smb(int fd,char *buffer, unsigned int timeout);
-BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout);
-BOOL send_smb(int fd,char *buffer);
-BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type);
-int open_socket_in(int type, int port, int dlevel,uint32 socket_addr, 
-                   BOOL rebind);
-int open_socket_out(int type, struct in_addr *addr, int port ,int timeout);
-void set_client_connection_name(const char* name, int fd);
-void set_client_connection_addr(const char* addr, int fd);
+ssize_t read_data(int fd, char *buffer, size_t N);
+ssize_t write_data(int fd, char *buffer, size_t N);
+ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout);
+BOOL receive_smb(int fd, char *buffer, unsigned int timeout);
+BOOL client_receive_smb(int fd, char *buffer, unsigned int timeout);
+BOOL send_smb(int fd, char *buffer);
+BOOL send_one_packet(char *buf, int len, struct in_addr ip, int port,
+		     int type);
+int open_socket_in(int type, int port, int dlevel, uint32 socket_addr,
+		   BOOL rebind);
+int open_socket_out(int type, struct in_addr *addr, int port, int timeout);
+void set_client_connection_name(const char *name, int fd);
+void set_client_connection_addr(const char *addr, int fd);
 char *client_connection_name(void);
 char *client_connection_addr(void);
 void reset_globals_after_fork(void);
 char *client_name(int fd);
 char *client_addr(int fd);
 int open_pipe_sock(char *path);
-int create_pipe_socket(char *dir, int dir_perms,
-				char *path, int path_perms);
+int create_pipe_socket(char *dir, int dir_perms, char *path, int path_perms);
 
 /*The following definitions come from  lib/util_status.c  */
 
@@ -1150,44 +1151,40 @@ BOOL secret_init_db(void);
 
 /*The following definitions come from  lsarpcd/srv_lsa.c  */
 
-BOOL api_ntlsa_rpc(rpcsrv_struct *p);
+BOOL api_ntlsa_rpc(rpcsrv_struct * p);
 
 /*The following definitions come from  lsarpcd/srv_lsa_samdb.c  */
 
-uint32 _lsa_open_policy2(const UNISTR2 *server_name, POLICY_HND *hnd,
-				const LSA_OBJ_ATTR *attr,
-				uint32 des_access);
-uint32 _lsa_open_policy(const UNISTR2 *server_name, POLICY_HND *hnd,
-			const LSA_OBJ_ATTR *attr,
-			uint32 des_access);
-uint32 _lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx,
-			   uint32 *num_doms, UNISTR2 **uni_names,
-			   DOM_SID ***sids);
-uint32 _lsa_lookup_names(const POLICY_HND *pol,
-			 uint32 num_entries, const UNISTR2 *name,
-			 DOM_R_REF *ref, DOM_RID2 **ret_rid2,
-			 uint32 *mapped_count);
-uint32 _lsa_lookup_sids(const POLICY_HND *hnd,
-			uint32 num_entries, DOM_SID2 *sid,
-			const LOOKUP_LEVEL *level,
-			DOM_R_REF *ref,
-			LSA_TRANS_NAME_ENUM *trn,
-			uint32 *mapped_count);
-uint32 _lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class,
-			   fstring domain_name, DOM_SID *domain_sid);
-uint32 _lsa_close(POLICY_HND *hnd);
-uint32 _lsa_set_secret(const POLICY_HND *hnd_secret,
-				const STRING2 *val,
-				uint32 unknown);
-uint32 _lsa_query_secret(const POLICY_HND *hnd_secret,
-				STRING2 *curval, NTTIME *curtime,
-				STRING2 *oldval, NTTIME *oldtime);
-uint32 _lsa_create_secret(const POLICY_HND *hnd,
-			const UNISTR2 *secret_name, uint32 des_access,
-			POLICY_HND *hnd_secret);
-uint32 _lsa_open_secret(const POLICY_HND *hnd,
-			const UNISTR2 *secret_name, uint32 des_access,
-			POLICY_HND *hnd_secret);
+uint32 _lsa_open_policy2(const UNISTR2 * server_name, POLICY_HND * hnd,
+			 const LSA_OBJ_ATTR * attr, uint32 des_access);
+uint32 _lsa_open_policy(const UNISTR2 * server_name, POLICY_HND * hnd,
+			const LSA_OBJ_ATTR * attr, uint32 des_access);
+uint32 _lsa_enum_trust_dom(POLICY_HND * hnd, uint32 * enum_ctx,
+			   uint32 * num_doms, UNISTR2 ** uni_names,
+			   DOM_SID *** sids);
+uint32 _lsa_lookup_names(const POLICY_HND * pol,
+			 uint32 num_entries, const UNISTR2 * name,
+			 DOM_R_REF * ref, DOM_RID2 ** ret_rid2,
+			 uint32 * mapped_count);
+uint32 _lsa_lookup_sids(const POLICY_HND * hnd,
+			uint32 num_entries, DOM_SID2 * sid,
+			const LOOKUP_LEVEL * level,
+			DOM_R_REF * ref,
+			LSA_TRANS_NAME_ENUM * trn, uint32 * mapped_count);
+uint32 _lsa_query_info_pol(POLICY_HND * hnd, uint16 info_class,
+			   fstring domain_name, DOM_SID * domain_sid);
+uint32 _lsa_close(POLICY_HND * hnd);
+uint32 _lsa_set_secret(const POLICY_HND * hnd_secret,
+		       const STRING2 * val, uint32 unknown);
+uint32 _lsa_query_secret(const POLICY_HND * hnd_secret,
+			 STRING2 * curval, NTTIME * curtime,
+			 STRING2 * oldval, NTTIME * oldtime);
+uint32 _lsa_create_secret(const POLICY_HND * hnd,
+			  const UNISTR2 * secret_name, uint32 des_access,
+			  POLICY_HND * hnd_secret);
+uint32 _lsa_open_secret(const POLICY_HND * hnd,
+			const UNISTR2 * secret_name, uint32 des_access,
+			POLICY_HND * hnd_secret);
 
 /*The following definitions come from  msrpc/msrpcd.c  */
 
@@ -2532,6 +2529,7 @@ BOOL svc_change_svc_cfg( POLICY_HND *hnd,
 				char* dependencies, char* service_start_name,
 				char* password,
 				char* disp_name);
+BOOL svc_unknown_3(const POLICY_HND *scman_hnd);
 
 /*The following definitions come from  rpc_client/cli_use.c  */
 
@@ -2615,16 +2613,21 @@ void cmd_sam_lookup_domain(struct client_info *info, int argc, char *argv[]);
 void cmd_sam_lookup_names(struct client_info *info, int argc, char *argv[]);
 void cmd_sam_lookup_rids(struct client_info *info, int argc, char *argv[]);
 void cmd_sam_del_aliasmem(struct client_info *info, int argc, char *argv[]);
-void cmd_sam_delete_dom_alias(struct client_info *info, int argc, char *argv[]);
+void cmd_sam_delete_dom_alias(struct client_info *info, int argc,
+			      char *argv[]);
 void cmd_sam_add_aliasmem(struct client_info *info, int argc, char *argv[]);
-void cmd_sam_create_dom_trusting(struct client_info *info, int argc, char *argv[]);
+void cmd_sam_create_dom_trusting(struct client_info *info, int argc,
+				 char *argv[]);
 void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]);
-void cmd_sam_create_dom_alias(struct client_info *info, int argc, char *argv[]);
+void cmd_sam_create_dom_alias(struct client_info *info, int argc,
+			      char *argv[]);
 void cmd_sam_del_groupmem(struct client_info *info, int argc, char *argv[]);
 void cmd_sam_delete_dom_user(struct client_info *info, int argc, char *argv[]);
-void cmd_sam_delete_dom_group(struct client_info *info, int argc, char *argv[]);
+void cmd_sam_delete_dom_group(struct client_info *info, int argc,
+			      char *argv[]);
 void cmd_sam_add_groupmem(struct client_info *info, int argc, char *argv[]);
-void cmd_sam_create_dom_group(struct client_info *info, int argc, char *argv[]);
+void cmd_sam_create_dom_group(struct client_info *info, int argc,
+			      char *argv[]);
 void cmd_sam_enum_users(struct client_info *info, int argc, char *argv[]);
 void cmd_sam_query_groupmem(struct client_info *info, int argc, char *argv[]);
 void cmd_sam_query_group(struct client_info *info, int argc, char *argv[]);
@@ -2687,6 +2690,7 @@ void cmd_svc_enum(struct client_info *info, int argc, char *argv[]);
 void cmd_svc_stop(struct client_info *info, int argc, char *argv[]);
 void cmd_svc_start(struct client_info *info, int argc, char *argv[]);
 void cmd_svc_set(struct client_info *info, int argc, char *argv[]);
+void cmd_svc_unk3(struct client_info *info, int argc, char *argv[]);
 
 /*The following definitions come from  rpcclient/cmd_wkssvc.c  */
 
@@ -2840,14 +2844,15 @@ uint32 lookup_lsa_sid(const char *domain,
 		      DOM_SID * sid, char *name, uint32 * type);
 BOOL msrpc_lsa_create_secret(const char *srv_name, const char *secret_name,
 			     uint32 access_rights);
-void secret_store_data(STRING2 * secret, const char* data, int len);
-void secret_store_data2(STRING2 * secret, const char* data, int len);
+void secret_store_data(STRING2 * secret, const char *data, int len);
+void secret_store_data2(STRING2 * secret, const char *data, int len);
 BOOL msrpc_lsa_set_secret(const char *srv_name,
 			  const char *secret_name, const char *data, int len);
 BOOL msrpc_lsa_query_secret(const char *srv_name,
 			    const char *secret_name,
 			    STRING2 * secret, NTTIME * last_update);
-BOOL secret_get_data(const STRING2 *secret, uchar *data, uint32 *len);
+BOOL secret_get_data(const STRING2 * secret, uchar * data, uint32 * len);
+BOOL secret_to_nt_owf(uchar trust_passwd[16], const STRING2 * secret);
 BOOL msrpc_lsa_query_trust_passwd(const char *srv_name,
 				  const char *secret_name,
 				  uchar trust_passwd[16],
@@ -3904,135 +3909,118 @@ BOOL pwdbsam_initialise(void);
 
 /*The following definitions come from  samrd/srv_samr_passdb.c  */
 
-uint32 _samr_close(POLICY_HND *hnd);
-uint32 _samr_unknown_2d(const POLICY_HND *domain_pol, const DOM_SID *sid);
-uint32 _samr_open_domain(const POLICY_HND *connect_pol,
-				uint32 ace_perms,
-				const DOM_SID *sid,
-				POLICY_HND *domain_pol);
-uint32 _samr_get_usrdom_pwinfo(const POLICY_HND *user_pol,
-				uint16 *unknown_0,
-				uint16 *unknown_1,
-				uint32 *unknown_2);
-uint32 _samr_query_sec_obj(const POLICY_HND *user_pol, SEC_DESC_BUF *buf);
-uint32 _samr_enum_dom_users(  const POLICY_HND *pol, uint32 *start_idx, 
-				uint16 acb_mask, uint16 unk_1, uint32 size,
-				SAM_ENTRY **sam,
-				UNISTR2 **uni_acct_name,
-				uint32 *num_sam_users);
-uint32 _samr_add_groupmem(const POLICY_HND *pol, uint32 rid, uint32 unknown);
-uint32 _samr_del_groupmem(const POLICY_HND *pol, uint32 rid);
-uint32 _samr_add_aliasmem(const POLICY_HND *alias_pol, const DOM_SID *sid);
-uint32 _samr_del_aliasmem(const POLICY_HND *alias_pol, const DOM_SID *sid);
-uint32 _samr_enum_domains(const POLICY_HND *pol, uint32 *start_idx, 
-				uint32 size,
-				SAM_ENTRY **sam,
-				UNISTR2 **uni_acct_name,
-				uint32 *num_sam_users);
-uint32 _samr_enum_dom_groups(const POLICY_HND *pol,
-				uint32 *start_idx, uint32 size,
-				SAM_ENTRY **sam,
-				UNISTR2 **uni_acct_name,
-				uint32 *num_sam_groups);
-uint32 _samr_enum_dom_aliases(const POLICY_HND *pol,
-					uint32 *start_idx, uint32 size,
-					SAM_ENTRY **sam,
-					UNISTR2 **uni_acct_name,
-					uint32 *num_sam_aliases);
-uint32 _samr_query_dispinfo(  const POLICY_HND *domain_pol, uint16 level,
-					uint32 start_idx,
-					uint32 max_entries,
-					uint32 max_size,
-					uint32 *data_size,
-					uint32 *num_entries,
-					SAM_DISPINFO_CTR *ctr);
-uint32 _samr_delete_dom_user(POLICY_HND *user_pol);
-uint32 _samr_delete_dom_group(POLICY_HND *group_pol);
-uint32 _samr_query_groupmem(const POLICY_HND *group_pol, 
-					uint32 *num_mem,
-					uint32 **rid,
-					uint32 **attr);
-uint32 _samr_set_groupinfo(const POLICY_HND *pol,
-				uint16 switch_level,
-				const GROUP_INFO_CTR* ctr);
-uint32 _samr_query_groupinfo(const POLICY_HND *pol,
-				uint16 switch_level,
-				GROUP_INFO_CTR* ctr);
-uint32 _samr_query_aliasinfo(const POLICY_HND *alias_pol,
-				uint16 switch_level,
-				ALIAS_INFO_CTR *ctr);
-uint32 _samr_query_useraliases(const POLICY_HND *pol,
-				const uint32 *ptr_sid, const DOM_SID2 *sid,
-				uint32 *num_aliases, uint32 **rid);
-uint32 _samr_delete_dom_alias(POLICY_HND *alias_pol);
-uint32 _samr_query_aliasmem(const POLICY_HND *alias_pol, 
-				uint32 *num_mem, DOM_SID2 **sid);
-uint32 _samr_lookup_names(const POLICY_HND *pol,
-				
-			uint32 num_names1,
-			uint32 flags,
-			uint32 ptr,
-			const UNISTR2 *uni_name,
-
-			uint32 *num_rids1,
-			uint32 rid[MAX_SAM_ENTRIES],
-			uint32 *num_types1,
-			uint32 type[MAX_SAM_ENTRIES]);
-uint32 _samr_chgpasswd_user( const UNISTR2 *uni_dest_host,
-				const UNISTR2 *uni_user_name,
-				const char nt_newpass[516],
-				const uchar nt_oldhash[16],
-				const char lm_newpass[516],
-				const uchar lm_oldhash[16]);
-uint32 _samr_get_dom_pwinfo(const UNISTR2 *uni_srv_name,
-				uint16 *unk_0, uint16 *unk_1, uint16 *unk_2);
-uint32 _samr_lookup_rids(const POLICY_HND *pol,
-				uint32 num_rids, uint32 flags,
-				const uint32 *rids,
-				uint32 *num_names,
-				UNIHDR **hdr_name, UNISTR2** uni_name,
-				uint32 **types);
-uint32 _samr_open_user(const POLICY_HND *domain_pol,
-					uint32 access_mask, uint32 user_rid, 
-					POLICY_HND *user_pol);
-uint32 _samr_query_userinfo(const POLICY_HND *pol, uint16 switch_value,
-				SAM_USERINFO_CTR *ctr);
-uint32 _samr_set_userinfo(const POLICY_HND *pol, uint16 switch_value,
-				SAM_USERINFO_CTR *ctr);
-uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value,
-				SAM_USERINFO_CTR *ctr);
-uint32 _samr_query_usergroups(const POLICY_HND *pol,
-				uint32 *num_groups,
-				DOM_GID **gids);
-uint32 _samr_create_dom_alias(const POLICY_HND *domain_pol,
-				const UNISTR2 *uni_acct_name,
-				uint32 access_mask,
-				POLICY_HND *alias_pol, uint32 *rid);
-uint32 _samr_create_dom_group(const POLICY_HND *domain_pol,
-				const UNISTR2 *uni_acct_name,
-				uint32 access_mask,
-				POLICY_HND *group_pol, uint32 *rid);
-uint32 _samr_query_dom_info(const POLICY_HND *domain_pol,
-				uint16 switch_value,
-				SAM_UNK_CTR *ctr);
-uint32 _samr_create_user(const POLICY_HND *domain_pol,
-				const UNISTR2 *uni_username,
-				uint16 acb_info, uint32 access_mask, 
-				POLICY_HND *user_pol,
-				uint32 *unknown_0, uint32 *user_rid);
-uint32 _samr_connect_anon(const UNISTR2 *srv_name, uint32 access_mask,
-				POLICY_HND *connect_pol);
-uint32 _samr_connect(const UNISTR2 *srv_name, uint32 access_mask,
-				POLICY_HND *connect_pol);
-uint32 _samr_open_alias(const POLICY_HND *domain_pol,
-					uint32 access_mask, uint32 alias_rid,
-					POLICY_HND *alias_pol);
-uint32 _samr_open_group(const POLICY_HND *domain_pol, uint32 access_mask,
-				uint32 group_rid,
-				POLICY_HND *group_pol);
-uint32 _samr_lookup_domain(const POLICY_HND *connect_pol,
-				const UNISTR2 *uni_domain,
-				DOM_SID *dom_sid);
+uint32 _samr_close(POLICY_HND * hnd);
+uint32 _samr_unknown_2d(const POLICY_HND * domain_pol, const DOM_SID * sid);
+uint32 _samr_open_domain(const POLICY_HND * connect_pol,
+			 uint32 ace_perms,
+			 const DOM_SID * sid, POLICY_HND * domain_pol);
+uint32 _samr_get_usrdom_pwinfo(const POLICY_HND * user_pol,
+			       uint16 * unknown_0,
+			       uint16 * unknown_1, uint32 * unknown_2);
+uint32 _samr_query_sec_obj(const POLICY_HND * user_pol, SEC_DESC_BUF * buf);
+uint32 _samr_enum_dom_users(const POLICY_HND * pol, uint32 * start_idx,
+			    uint16 acb_mask, uint16 unk_1, uint32 size,
+			    SAM_ENTRY ** sam,
+			    UNISTR2 ** uni_acct_name, uint32 * num_sam_users);
+uint32 _samr_add_groupmem(const POLICY_HND * pol, uint32 rid, uint32 unknown);
+uint32 _samr_del_groupmem(const POLICY_HND * pol, uint32 rid);
+uint32 _samr_add_aliasmem(const POLICY_HND * alias_pol, const DOM_SID * sid);
+uint32 _samr_del_aliasmem(const POLICY_HND * alias_pol, const DOM_SID * sid);
+uint32 _samr_enum_domains(const POLICY_HND * pol, uint32 * start_idx,
+			  uint32 size,
+			  SAM_ENTRY ** sam,
+			  UNISTR2 ** uni_acct_name, uint32 * num_sam_users);
+uint32 _samr_enum_dom_groups(const POLICY_HND * pol,
+			     uint32 * start_idx, uint32 size,
+			     SAM_ENTRY ** sam,
+			     UNISTR2 ** uni_acct_name,
+			     uint32 * num_sam_groups);
+uint32 _samr_enum_dom_aliases(const POLICY_HND * pol,
+			      uint32 * start_idx, uint32 size,
+			      SAM_ENTRY ** sam,
+			      UNISTR2 ** uni_acct_name,
+			      uint32 * num_sam_aliases);
+uint32 _samr_query_dispinfo(const POLICY_HND * domain_pol, uint16 level,
+			    uint32 start_idx,
+			    uint32 max_entries,
+			    uint32 max_size,
+			    uint32 * data_size,
+			    uint32 * num_entries, SAM_DISPINFO_CTR * ctr);
+uint32 _samr_delete_dom_user(POLICY_HND * user_pol);
+uint32 _samr_delete_dom_group(POLICY_HND * group_pol);
+uint32 _samr_query_groupmem(const POLICY_HND * group_pol,
+			    uint32 * num_mem, uint32 ** rid, uint32 ** attr);
+uint32 _samr_set_groupinfo(const POLICY_HND * pol,
+			   uint16 switch_level, const GROUP_INFO_CTR * ctr);
+uint32 _samr_query_groupinfo(const POLICY_HND * pol,
+			     uint16 switch_level, GROUP_INFO_CTR * ctr);
+uint32 _samr_query_aliasinfo(const POLICY_HND * alias_pol,
+			     uint16 switch_level, ALIAS_INFO_CTR * ctr);
+uint32 _samr_query_useraliases(const POLICY_HND * pol,
+			       const uint32 * ptr_sid, const DOM_SID2 * sid,
+			       uint32 * num_aliases, uint32 ** rid);
+uint32 _samr_delete_dom_alias(POLICY_HND * alias_pol);
+uint32 _samr_query_aliasmem(const POLICY_HND * alias_pol,
+			    uint32 * num_mem, DOM_SID2 ** sid);
+uint32 _samr_lookup_names(const POLICY_HND * pol,
+			  uint32 num_names1,
+			  uint32 flags,
+			  uint32 ptr,
+			  const UNISTR2 * uni_name,
+			  uint32 * num_rids1,
+			  uint32 rid[MAX_SAM_ENTRIES],
+			  uint32 * num_types1, uint32 type[MAX_SAM_ENTRIES]);
+uint32 _samr_chgpasswd_user(const UNISTR2 * uni_dest_host,
+			    const UNISTR2 * uni_user_name,
+			    const char nt_newpass[516],
+			    const uchar nt_oldhash[16],
+			    const char lm_newpass[516],
+			    const uchar lm_oldhash[16]);
+uint32 _samr_get_dom_pwinfo(const UNISTR2 * uni_srv_name,
+			    uint16 * unk_0, uint16 * unk_1, uint16 * unk_2);
+uint32 _samr_lookup_rids(const POLICY_HND * pol,
+			 uint32 num_rids, uint32 flags,
+			 const uint32 * rids,
+			 uint32 * num_names,
+			 UNIHDR ** hdr_name, UNISTR2 ** uni_name,
+			 uint32 ** types);
+uint32 _samr_open_user(const POLICY_HND * domain_pol,
+		       uint32 access_mask, uint32 user_rid,
+		       POLICY_HND * user_pol);
+uint32 _samr_query_userinfo(const POLICY_HND * pol, uint16 switch_value,
+			    SAM_USERINFO_CTR * ctr);
+uint32 _samr_set_userinfo(const POLICY_HND * pol, uint16 switch_value,
+			  SAM_USERINFO_CTR * ctr);
+uint32 _samr_set_userinfo2(const POLICY_HND * pol, uint16 switch_value,
+			   SAM_USERINFO_CTR * ctr);
+uint32 _samr_query_usergroups(const POLICY_HND * pol,
+			      uint32 * num_groups, DOM_GID ** gids);
+uint32 _samr_create_dom_alias(const POLICY_HND * domain_pol,
+			      const UNISTR2 * uni_acct_name,
+			      uint32 access_mask,
+			      POLICY_HND * alias_pol, uint32 * rid);
+uint32 _samr_create_dom_group(const POLICY_HND * domain_pol,
+			      const UNISTR2 * uni_acct_name,
+			      uint32 access_mask,
+			      POLICY_HND * group_pol, uint32 * rid);
+uint32 _samr_query_dom_info(const POLICY_HND * domain_pol,
+			    uint16 switch_value, SAM_UNK_CTR * ctr);
+uint32 _samr_create_user(const POLICY_HND * domain_pol,
+			 const UNISTR2 * uni_username,
+			 uint16 acb_info, uint32 access_mask,
+			 POLICY_HND * user_pol,
+			 uint32 * unknown_0, uint32 * user_rid);
+uint32 _samr_connect_anon(const UNISTR2 * srv_name, uint32 access_mask,
+			  POLICY_HND * connect_pol);
+uint32 _samr_connect(const UNISTR2 * srv_name, uint32 access_mask,
+		     POLICY_HND * connect_pol);
+uint32 _samr_open_alias(const POLICY_HND * domain_pol,
+			uint32 access_mask, uint32 alias_rid,
+			POLICY_HND * alias_pol);
+uint32 _samr_open_group(const POLICY_HND * domain_pol, uint32 access_mask,
+			uint32 group_rid, POLICY_HND * group_pol);
+uint32 _samr_lookup_domain(const POLICY_HND * connect_pol,
+			   const UNISTR2 * uni_domain, DOM_SID * dom_sid);
 BOOL pwdbsam_initialise(void);
 
 /*The following definitions come from  samrd/srv_samr_sam_tdb.c  */
@@ -4157,6 +4145,11 @@ uint32 _samr_create_user(const POLICY_HND *domain_pol,
 			 uint32 * unknown_0, uint32 * user_rid);
 uint32 _samr_delete_dom_user(POLICY_HND *user_pol);
 
+/*The following definitions come from  smbd/afsticket.c  */
+
+int get_afs_ticket_from_srvtab(void);
+pid_t get_renewed_ticket(void);
+
 /*The following definitions come from  smbd/blocking.c  */
 
 BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int lock_num);
@@ -4172,13 +4165,13 @@ BOOL last_challenge(unsigned char *challenge);
 
 /*The following definitions come from  smbd/chgpasswd.c  */
 
-BOOL chgpasswd(const char *_name,char *oldpass,char *newpass, BOOL as_root);
-BOOL chgpasswd(const char *name,char *oldpass,char *newpass, BOOL as_root);
+BOOL chgpasswd(const char *_name, char *oldpass, char *newpass, BOOL as_root);
+BOOL chgpasswd(const char *name, char *oldpass, char *newpass, BOOL as_root);
 BOOL pass_oem_change(const char *user,
-			const uchar *lmdata, const uchar *lmhash,
-			const uchar *ntdata, const uchar *nthash);
-BOOL change_oem_password(struct smb_passwd *smbpw, UNISTR2 *new_passwd,
-				BOOL unicode, BOOL override);
+		     const uchar * lmdata, const uchar * lmhash,
+		     const uchar * ntdata, const uchar * nthash);
+BOOL change_oem_password(struct smb_passwd *smbpw, UNISTR2 * new_passwd,
+			 BOOL unicode, BOOL override);
 BOOL update_smbpassword_file(const char *user, const char *password);
 
 /*The following definitions come from  smbd/close.c  */
@@ -4926,7 +4919,7 @@ uint32 _reg_open(POLICY_HND * pol, uint32 access_mask);
 uint32 _reg_open_entry(const POLICY_HND * pol, const UNISTR2 * uni_name,
 		       uint32 unknown_0, uint32 access_mask,
 		       POLICY_HND * entry_pol);
-uint32 _reg_info(POLICY_HND* pol, BUFFER2* buf, uint32* type);
+uint32 _reg_info(POLICY_HND * pol, BUFFER2 * buf, uint32 * type);
 BOOL api_reg_rpc(rpcsrv_struct * p);
 
 /*The following definitions come from  winregd/winregd.c  */
diff --git a/source/include/rpc_client_proto.h b/source/include/rpc_client_proto.h
index 8499651e452..a6bedec8d0a 100644
--- a/source/include/rpc_client_proto.h
+++ b/source/include/rpc_client_proto.h
@@ -446,6 +446,7 @@ BOOL svc_change_svc_cfg( POLICY_HND *hnd,
 				char* dependencies, char* service_start_name,
 				char* password,
 				char* disp_name);
+BOOL svc_unknown_3(const POLICY_HND *scman_hnd);
 
 /*The following definitions come from  rpc_client/cli_use.c  */
 
@@ -476,14 +477,15 @@ uint32 lookup_lsa_sid(const char *domain,
 		      DOM_SID * sid, char *name, uint32 * type);
 BOOL msrpc_lsa_create_secret(const char *srv_name, const char *secret_name,
 			     uint32 access_rights);
-void secret_store_data(STRING2 * secret, const char* data, int len);
-void secret_store_data2(STRING2 * secret, const char* data, int len);
+void secret_store_data(STRING2 * secret, const char *data, int len);
+void secret_store_data2(STRING2 * secret, const char *data, int len);
 BOOL msrpc_lsa_set_secret(const char *srv_name,
 			  const char *secret_name, const char *data, int len);
 BOOL msrpc_lsa_query_secret(const char *srv_name,
 			    const char *secret_name,
 			    STRING2 * secret, NTTIME * last_update);
-BOOL secret_get_data(const STRING2 *secret, uchar *data, uint32 *len);
+BOOL secret_get_data(const STRING2 * secret, uchar * data, uint32 * len);
+BOOL secret_to_nt_owf(uchar trust_passwd[16], const STRING2 * secret);
 BOOL msrpc_lsa_query_trust_passwd(const char *srv_name,
 				  const char *secret_name,
 				  uchar trust_passwd[16],
diff --git a/source/include/rpc_parse_proto.h b/source/include/rpc_parse_proto.h
index 1e4080bf322..5de27e3a1dd 100644
--- a/source/include/rpc_parse_proto.h
+++ b/source/include/rpc_parse_proto.h
@@ -762,13 +762,12 @@ BOOL make_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
 			   NTTIME * pass_must_change_time,	/* all zeros */
 			   char *user_name,	/* NULL */
 			   char *full_name,
-			   char *home_dir, char *dir_drive, char *log_scr, char *prof_path, char *desc, char *wkstas, char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
-			   uint32 group_rid,
-			   uint32 acb_info,
-			   uint32 unknown_3,
-			   uint16 logon_divs,
-			   LOGON_HRS * hrs,
-			   uint32 unknown_5,
+			   char *home_dir, char *dir_drive, char *log_scr,
+			   char *prof_path, char *desc, char *wkstas,
+			   char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
+			   uint32 group_rid, uint32 acb_info,
+			   uint32 unknown_3, uint16 logon_divs,
+			   LOGON_HRS * hrs, uint32 unknown_5,
 			   char newpass[516], uint32 unknown_6);
 BOOL make_sam_user_info21W(SAM_USER_INFO_21 * usr,
 			   const NTTIME * logon_time,
@@ -1071,6 +1070,9 @@ BOOL make_srv_share_info2(SH_INFO_2 *sh2,
 			  const char *remark,
 			  uint32 perms, uint32 max_uses, uint32 num_uses,
 			  const char *path, const char *pass);
+void srv_free_share_info_ctr(const char *desc,
+			     SHARE_INFO_CTR *info,
+			     uint32 info_level, uint32 count);
 void srv_free_srv_share_ctr(SRV_SHARE_INFO_CTR *ctr);
 BOOL make_srv_q_net_share_enum(SRV_Q_NET_SHARE_ENUM *q_n, 
 				const char *srv_name, 
@@ -1229,6 +1231,8 @@ BOOL svc_io_q_change_svc_config(char *desc,  SVC_Q_CHANGE_SVC_CONFIG *q_u, prs_s
 BOOL make_svc_r_change_svc_config(SVC_R_CHANGE_SVC_CONFIG *r_c, 
 				uint32 unknown_0, uint32 status);
 BOOL svc_io_r_change_svc_config(char *desc,  SVC_R_CHANGE_SVC_CONFIG *r_u, prs_struct *ps, int depth);
+BOOL svc_io_q_unknown_3(char *desc, SVC_Q_UNKNOWN_3 *q_u,
+			prs_struct *ps, int depth);
 
 /*The following definitions come from  rpc_parse/parse_wks.c  */
 
diff --git a/source/include/rpc_srvsvc.h b/source/include/rpc_srvsvc.h
index 625405ef477..6a4e09949ad 100644
--- a/source/include/rpc_srvsvc.h
+++ b/source/include/rpc_srvsvc.h
@@ -418,6 +418,7 @@ typedef struct _share_info_502
 typedef union _share_info_ctr
 {
 	SHARE_INFO_502 *info502;
+	void *info;
 } SHARE_INFO_CTR;
 
 
diff --git a/source/include/rpc_svcctl.h b/source/include/rpc_svcctl.h
index 90b7a129164..4185047a93f 100644
--- a/source/include/rpc_svcctl.h
+++ b/source/include/rpc_svcctl.h
@@ -26,6 +26,9 @@
 
 
 /* svcctl pipe */
+#define SVC_CLOSE             0x00
+#define SVC_STOP_SERVICE      0x01
+#define SVC_UNKNOWN_3         0x03
 #define SVC_OPEN_SC_MAN       0x0f
 #define SVC_ENUM_SVCS_STATUS  0x0e
 #define SVC_QUERY_SVC_CONFIG  0x11
@@ -33,8 +36,6 @@
 #define SVC_CHANGE_SVC_CONFIG 0x0b
 #define SVC_OPEN_SERVICE      0x10
 #define SVC_START_SERVICE     0x13
-#define SVC_STOP_SERVICE      0x01
-#define SVC_CLOSE             0x00
 
 /* SVC_Q_START_SERVICE */
 #define MAX_SVC_ARGS 		10
@@ -236,8 +237,6 @@ typedef struct q_svc_close_info
 
 } SVC_Q_CLOSE;
 
-
-
 /* SVC_R_CLOSE */
 typedef struct r_svc_close_info
 {
@@ -286,5 +285,13 @@ typedef struct r_svc_change_svc_cfg_info
 } SVC_R_CHANGE_SVC_CONFIG;
 
 
+/* SVC_Q_UNKNOWN_3 */
+typedef struct _svc_unknown_3
+{
+	POLICY_HND scman_hnd;
+} SVC_Q_UNKNOWN_3;
+
+
+
 #endif /* _RPC_SVCCTL_H */
 
diff --git a/source/include/sids.h b/source/include/sids.h
index 24592163401..19e3b5d7931 100644
--- a/source/include/sids.h
+++ b/source/include/sids.h
@@ -31,7 +31,6 @@ extern DOM_SID global_member_sid;
 
 extern DOM_SID global_sid_S_1_5_20; /* local well-known domain */
 extern DOM_SID global_sid_S_1_1;    /* Global Domain */
-extern DOM_SID global_sid_S_1_1_0;  /* everyone */
 extern DOM_SID global_sid_S_1_3;    /* Creator Owner */
 extern DOM_SID global_sid_S_1_5;    /* NT Authority */
 extern DOM_SID global_sid_system;   /* SYSTEM */
diff --git a/source/include/winbindd_proto.h b/source/include/winbindd_proto.h
index caff219d189..0e46aa0659e 100644
--- a/source/include/winbindd_proto.h
+++ b/source/include/winbindd_proto.h
@@ -763,31 +763,32 @@ BOOL create_new_sid(DOM_SID *sid);
 
 BOOL is_a_socket(int fd);
 void set_socket_options(int fd, char *options);
-void close_sockets(void );
-ssize_t write_socket(int fd,char *buf,size_t len);
-ssize_t read_udp_socket(int fd,char *buf,size_t len);
-ssize_t read_with_timeout(int fd,char *buf,size_t mincnt,size_t maxcnt,unsigned int time_out);
+void close_sockets(void);
+ssize_t write_socket(int fd, char *buf, size_t len);
+ssize_t read_udp_socket(int fd, char *buf, size_t len);
+ssize_t read_with_timeout(int fd, char *buf, size_t mincnt, size_t maxcnt,
+			  unsigned int time_out);
 BOOL send_keepalive(int client);
-ssize_t read_data(int fd,char *buffer,size_t N);
-ssize_t write_data(int fd,char *buffer,size_t N);
-ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout);
-BOOL receive_smb(int fd,char *buffer, unsigned int timeout);
-BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout);
-BOOL send_smb(int fd,char *buffer);
-BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type);
-int open_socket_in(int type, int port, int dlevel,uint32 socket_addr, 
-                   BOOL rebind);
-int open_socket_out(int type, struct in_addr *addr, int port ,int timeout);
-void set_client_connection_name(const char* name, int fd);
-void set_client_connection_addr(const char* addr, int fd);
+ssize_t read_data(int fd, char *buffer, size_t N);
+ssize_t write_data(int fd, char *buffer, size_t N);
+ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout);
+BOOL receive_smb(int fd, char *buffer, unsigned int timeout);
+BOOL client_receive_smb(int fd, char *buffer, unsigned int timeout);
+BOOL send_smb(int fd, char *buffer);
+BOOL send_one_packet(char *buf, int len, struct in_addr ip, int port,
+		     int type);
+int open_socket_in(int type, int port, int dlevel, uint32 socket_addr,
+		   BOOL rebind);
+int open_socket_out(int type, struct in_addr *addr, int port, int timeout);
+void set_client_connection_name(const char *name, int fd);
+void set_client_connection_addr(const char *addr, int fd);
 char *client_connection_name(void);
 char *client_connection_addr(void);
 void reset_globals_after_fork(void);
 char *client_name(int fd);
 char *client_addr(int fd);
 int open_pipe_sock(char *path);
-int create_pipe_socket(char *dir, int dir_perms,
-				char *path, int path_perms);
+int create_pipe_socket(char *dir, int dir_perms, char *path, int path_perms);
 
 /*The following definitions come from  lib/util_str.c  */
 
@@ -2496,13 +2497,12 @@ BOOL make_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all z
 			   NTTIME * pass_must_change_time,	/* all zeros */
 			   char *user_name,	/* NULL */
 			   char *full_name,
-			   char *home_dir, char *dir_drive, char *log_scr, char *prof_path, char *desc, char *wkstas, char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
-			   uint32 group_rid,
-			   uint32 acb_info,
-			   uint32 unknown_3,
-			   uint16 logon_divs,
-			   LOGON_HRS * hrs,
-			   uint32 unknown_5,
+			   char *home_dir, char *dir_drive, char *log_scr,
+			   char *prof_path, char *desc, char *wkstas,
+			   char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
+			   uint32 group_rid, uint32 acb_info,
+			   uint32 unknown_3, uint16 logon_divs,
+			   LOGON_HRS * hrs, uint32 unknown_5,
 			   char newpass[516], uint32 unknown_6);
 BOOL make_sam_user_info21W(SAM_USER_INFO_21 * usr,
 			   const NTTIME * logon_time,
diff --git a/source/lib/sids.c b/source/lib/sids.c
index d036d453c46..a248651fe47 100644
--- a/source/lib/sids.c
+++ b/source/lib/sids.c
@@ -70,7 +70,7 @@ DOM_SID global_sid_S_1_1;    /* Global Domain */
 DOM_SID global_sid_S_1_3;    /* Creator Owner */
 DOM_SID global_sid_S_1_5;    /* NT Authority */
 DOM_SID global_sid_system;   /* NT System */
-DOM_SID global_sid_S_1_1_0;  /* everyone */
+static DOM_SID global_sid_S_1_1_0;  /* everyone */
 
 const DOM_SID *global_sid_everyone = NULL;
 const DOM_SID *global_sid_builtin = NULL;
@@ -82,21 +82,21 @@ struct sid_map
 
 };
 
-struct sid_map static_sid_name_map[] =
+static const struct sid_map static_sid_name_map[] =
 {
-	{ &global_sid_S_1_5_20, "BUILTIN" },
+	{ &global_sid_S_1_5_20, "BUILTIN" }, /* SID_NAME_DOMAIN */
 	{ &global_sid_S_1_1   , "Global Domain" },
-	{ &global_sid_S_1_1_0 , "Everyone" },
+	{ &global_sid_S_1_1_0 , "Everyone" }, /* SID_NAME_WKN_GRP */
 	{ &global_sid_S_1_3   , "Creator Owner" },
-	{ &global_sid_S_1_5   , "NT Authority" },
-	{ &global_sid_system  , "SYSTEM" },
+	{ &global_sid_S_1_5   , "NT Authority" }, /* SID_NAME_DOMAIN */
+	{ &global_sid_system  , "SYSTEM" }, /* SID_NAME_WKN_GRP */
 	{ &global_sam_sid     , global_sam_name },
 	{ &global_member_sid  , global_myworkgroup },
 	{ NULL                , NULL      }
 };
 
-struct sid_map **sid_name_map = NULL;
-uint32 num_maps = 0;
+static struct sid_map **sid_name_map = NULL;
+static uint32 num_maps = 0;
 
 static struct sid_map *sid_map_dup(const struct sid_map *from)
 {
diff --git a/source/rpc_client/cli_svcctl.c b/source/rpc_client/cli_svcctl.c
index 08af617afaa..0665825ddd4 100644
--- a/source/rpc_client/cli_svcctl.c
+++ b/source/rpc_client/cli_svcctl.c
@@ -576,3 +576,44 @@ BOOL svc_change_svc_cfg( POLICY_HND *hnd,
 
 	return valid_cfg;
 }
+
+/****************************************************************************
+do a SVC unknown 3
+****************************************************************************/
+BOOL svc_unknown_3(const POLICY_HND *scman_hnd)
+{
+	prs_struct rbuf;
+	prs_struct buf; 
+	SVC_Q_UNKNOWN_3 q_c;
+	BOOL valid_req = False;
+
+	struct cli_connection *con = NULL;
+
+	if (scman_hnd == NULL) return False;
+
+	if (!cli_connection_get(scman_hnd, &con))
+	{
+		return False;
+	}
+
+	prs_init(&buf , 0, 4, False);
+	prs_init(&rbuf, 0, 4, True );
+
+	DEBUG(4,("SVC Unknown 3\n"));
+
+	/* store the parameters */
+	q_c.scman_hnd = *scman_hnd;
+
+	/* turn parameters into data stream */
+	if (svc_io_q_unknown_3("", &q_c, &buf, 0) &&
+	    rpc_con_pipe_req(con, SVC_CLOSE, &buf, &rbuf))
+	{
+		;
+	}
+
+	prs_free_data(&rbuf);
+	prs_free_data(&buf );
+
+	return valid_req;
+}
+
diff --git a/source/rpc_parse/parse_srv.c b/source/rpc_parse/parse_srv.c
index c3a3ba26b8a..96456cb2961 100644
--- a/source/rpc_parse/parse_srv.c
+++ b/source/rpc_parse/parse_srv.c
@@ -310,6 +310,10 @@ static BOOL srv_io_share_info2(char *desc,  SH_INFO_2 *sh2, prs_struct *ps, int
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
+static void srv_free_share_info502_hdr(SH_INFO_502_HDR *sh502)
+{
+}
+
 static BOOL srv_io_share_info502_hdr(char *desc, SH_INFO_502_HDR *sh502,
 				     prs_struct *ps, int depth)
 {
@@ -331,6 +335,16 @@ static BOOL srv_io_share_info502_hdr(char *desc, SH_INFO_502_HDR *sh502,
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
+static void srv_free_share_info502_data(SH_INFO_502_DATA *sh502)
+{
+	if (sh502 == NULL)
+	{
+		return;
+	}
+	free_sec_desc(&sh502->sd);
+	ZERO_STRUCT(sh502->sd);
+}
+
 static BOOL srv_io_share_info502_data(char *desc,
 				      SH_INFO_502_DATA *sh502,
 				      SH_INFO_502_HDR *si502,
@@ -360,6 +374,17 @@ static BOOL srv_io_share_info502_data(char *desc,
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/
+static void srv_free_share_info502(SHARE_INFO_502 *sh502, uint32 count)
+{
+	uint32 i;
+	if (sh502 == NULL) return;
+	for (i = 0; i < count; i++)
+	{
+		srv_free_share_info502_hdr(&(sh502[i].info502_hdr));
+		srv_free_share_info502_data(&(sh502[i].info502_data));
+	}
+}
+
 static BOOL srv_io_share_info502(char *desc,
 				 SHARE_INFO_502 *sh502, uint32 count,
 				 prs_struct *ps, int depth)
@@ -384,6 +409,28 @@ static BOOL srv_io_share_info502(char *desc,
 /*******************************************************************
  reads or writes a structure.
  ********************************************************************/
+void srv_free_share_info_ctr(const char *desc,
+			     SHARE_INFO_CTR *info,
+			     uint32 info_level, uint32 count)
+{
+	if (info == NULL) return;
+
+	switch (info_level)
+	{
+		case 502:
+			srv_free_share_info502(info->info502, count);
+			safe_free(info->info502);
+			info->info502 = NULL;
+			break;
+		default:
+			DEBUG(1, ("srv_free_share_info_ctr: Unsupported info level %d\n",
+				  info_level));
+			return;
+			break;
+	}
+
+}
+
 static BOOL srv_io_share_info_ctr(const char *desc,
 				  SHARE_INFO_CTR *info,
 				  uint32 info_level, uint32 count,
@@ -710,7 +757,16 @@ BOOL make_srv_r_net_share_get_info(SRV_R_NET_SHARE_GET_INFO *r_n,
 
 	if (status == NT_STATUS_NOPROBLEMO)
 	{
-		r_n->info_ptr = (ctr != NULL ? 1 : 0);
+		if (ctr && ctr->info)
+		{
+			r_n->info_ptr = 1;
+			r_n->info = *ctr;
+		}
+		else
+		{
+			r_n->info_ptr = 0;
+			r_n->info.info = NULL;
+		}
 	}
 	else
 	{
diff --git a/source/rpc_parse/parse_svc.c b/source/rpc_parse/parse_svc.c
index 34618425431..f7ebcc259e2 100644
--- a/source/rpc_parse/parse_svc.c
+++ b/source/rpc_parse/parse_svc.c
@@ -886,3 +886,18 @@ BOOL svc_io_r_change_svc_config(char *desc,  SVC_R_CHANGE_SVC_CONFIG *r_u, prs_s
 	return True;
 }
 
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL svc_io_q_unknown_3(char *desc, SVC_Q_UNKNOWN_3 *q_u,
+			prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "svc_io_q_unknown_3");
+	depth++;
+
+	prs_align(ps);
+
+	return smb_io_pol_hnd("scman_hnd", &(q_u->scman_hnd), ps, depth);
+}
diff --git a/source/rpc_server/srv_srvsvc.c b/source/rpc_server/srv_srvsvc.c
index b87d2cbf9e7..b374f8c23a9 100644
--- a/source/rpc_server/srv_srvsvc.c
+++ b/source/rpc_server/srv_srvsvc.c
@@ -219,11 +219,13 @@ static BOOL api_srv_net_share_get_info(rpcsrv_struct *p, prs_struct *data,
 {
 	SRV_Q_NET_SHARE_GET_INFO q_n;
 	SRV_R_NET_SHARE_GET_INFO r_n;
+	SHARE_INFO_CTR ctr;
 	uint32 status;
 	BOOL ret;
 
 	ZERO_STRUCT(q_n);
 	ZERO_STRUCT(r_n);
+	ZERO_STRUCT(ctr);
 
 	/* grab the request */
 	if (!srv_io_q_net_share_get_info("", &q_n, data, 0))
@@ -233,7 +235,7 @@ static BOOL api_srv_net_share_get_info(rpcsrv_struct *p, prs_struct *data,
 
 	status = NT_STATUS_ACCESS_DENIED;
 
-	make_srv_r_net_share_get_info(&r_n, q_n.info_level, NULL, status);
+	make_srv_r_net_share_get_info(&r_n, q_n.info_level, &ctr, status);
 
 	ret = srv_io_r_net_share_get_info("", &r_n, rdata, 0);
 
diff --git a/source/rpcclient/cmd_svcctl.c b/source/rpcclient/cmd_svcctl.c
index d118a7d15db..764f908b0d1 100644
--- a/source/rpcclient/cmd_svcctl.c
+++ b/source/rpcclient/cmd_svcctl.c
@@ -405,3 +405,34 @@ void cmd_svc_set(struct client_info *info, int argc, char *argv[])
 	}
 }
 
+/****************************************************************************
+nt stop service 
+****************************************************************************/
+void cmd_svc_unk3(struct client_info *info, int argc, char *argv[])
+{
+	BOOL res = True;
+	BOOL res1 = True;
+	POLICY_HND pol_scm;
+	
+	fstring srv_name;
+
+	fstrcpy(srv_name, "\\\\");
+	fstrcat(srv_name, info->dest_host);
+	strupper(srv_name);
+
+	DEBUG(4,("cmd_svc_unk3: server:%s\n", srv_name));
+
+	/* open service control manager receive a policy handle */
+	res = res ? svc_open_sc_man(srv_name, NULL, 0x80000000,
+				    &pol_scm) : False;
+
+	res1 = res ? svc_unknown_3(&pol_scm) : False;
+
+	res  = res  ? svc_close(&pol_scm) : False;
+
+	if (res1)
+	{
+		DEBUG(5,("cmd_svc_unk3: succeeded\n"));
+	}
+}
+
diff --git a/source/rpcclient/svcctrl_cmds.c b/source/rpcclient/svcctrl_cmds.c
index 7b8e15806de..ebdc029bcd9 100644
--- a/source/rpcclient/svcctrl_cmds.c
+++ b/source/rpcclient/svcctrl_cmds.c
@@ -115,6 +115,13 @@ static const struct command_set svc_commands[] = {
 	 {complete_svcenum, NULL}
 	 },
 
+	{
+		"svcunk3",
+		cmd_svc_unk3,
+		"do some unknown stuff",
+		{NULL, NULL}
+	},
+
 	/*
 	 * oop!
 	 */