sync'ing up for 3.0alpha20 release

(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)

19 files changed, 290 insertions, 220 deletions

diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
index 07b5e2ecfc6..b5f205c5086 100644
--- a/source3/lib/account_pol.c
+++ b/source3/lib/account_pol.c
@@ -128,7 +128,7 @@ BOOL account_policy_get(int field, uint32 *value)
 		return False;
 	}
 	if (!tdb_fetch_uint32(tdb, name, value)) {
-		DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for feild %d (%s), returning 0", field, name));
+		DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for efild %d (%s), returning 0", field, name));
 		return False;
 	}
 	DEBUG(10,("account_policy_get: %s:%d\n", name, *value));
@@ -151,7 +151,7 @@ BOOL account_policy_set(int field, uint32 value)
 	}
 
 	if (!tdb_store_uint32(tdb, name, value)) {
-		DEBUG(1, ("tdb_store_uint32 failed for feild %d (%s) on value %u", field, name, value));
+		DEBUG(1, ("tdb_store_uint32 failed for field %d (%s) on value %u", field, name, value));
 		return False;
 	}
 
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 6e961366435..cd8aa4fe55f 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -432,13 +432,14 @@ int push_ucs2(const void *base_ptr, void *dest, const char *src, int dest_len, i
  * @param dest always set at least to NULL 
  *
  * @retval The number of bytes occupied by the string in the destination
+ *         or -1 in case of error.
  **/
-int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
+int push_ucs2_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src)
 {
 	int src_len = strlen(src)+1;
 
 	*dest = NULL;
-	return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, dest);
+	return convert_string_talloc(ctx, CH_UNIX, CH_UCS2, src, src_len, (void **)dest);
 }
 
 /**
@@ -447,13 +448,14 @@ int push_ucs2_talloc(TALLOC_CTX *ctx, void **dest, const char *src)
  * @param dest always set at least to NULL 
  *
  * @retval The number of bytes occupied by the string in the destination
+ *         or -1 in case of error.
  **/
-int push_ucs2_allocate(void **dest, const char *src)
+int push_ucs2_allocate(smb_ucs2_t **dest, const char *src)
 {
 	int src_len = strlen(src)+1;
 
 	*dest = NULL;
-	return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, dest);	
+	return convert_string_allocate(CH_UNIX, CH_UCS2, src, src_len, (void **)dest);	
 }
 
 /****************************************************************************
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index 842d2dac1d6..f4f3ee2f9f9 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -153,8 +153,10 @@ static const char *default_classname_table[] = {
 	"rpc_srv",           /* DBGC_RPC_SRV      */
 	"rpc_cli",           /* DBGC_RPC_CLI      */
 	"passdb",            /* DBGC_PASSDB       */
+	"sam",               /* DBGC_SAM          */
 	"auth",              /* DBGC_AUTH         */
 	"winbind",           /* DBGC_WINBIND      */
+	"vfs",		     /* DBGC_VFS	  */
 	NULL
 };
 
@@ -350,7 +352,7 @@ int debug_lookup_classname(const char *classname)
 
 
 /****************************************************************************
-dump the current registered denug levels
+dump the current registered debug levels
 ****************************************************************************/
 static void debug_dump_status(int level)
 {
@@ -371,8 +373,7 @@ static void debug_dump_status(int level)
 parse the debug levels from smbcontrol. Example debug level parameter:
   printdrivers:7
 ****************************************************************************/
-BOOL debug_parse_params(char **params, int *debuglevel_class,
-			BOOL *debuglevel_class_isset)
+static BOOL debug_parse_params(char **params)
 {
 	int   i, ndx;
 	char *class_name;
@@ -385,8 +386,8 @@ BOOL debug_parse_params(char **params, int *debuglevel_class,
 	 * v.s. "all:10", this is the traditional way to set DEBUGLEVEL 
 	 */
 	if (isdigit((int)params[0][0])) {
-		debuglevel_class[DBGC_ALL] = atoi(params[0]);
-		debuglevel_class_isset[DBGC_ALL] = True;
+		DEBUGLEVEL_CLASS[DBGC_ALL] = atoi(params[0]);
+		DEBUGLEVEL_CLASS_ISSET[DBGC_ALL] = True;
 		i = 1; /* start processing at the next params */
 	}
 	else
@@ -397,8 +398,8 @@ BOOL debug_parse_params(char **params, int *debuglevel_class,
 		if ((class_name=strtok(params[i],":")) &&
 			(class_level=strtok(NULL, "\0")) &&
             ((ndx = debug_lookup_classname(class_name)) != -1)) {
-				debuglevel_class[ndx] = atoi(class_level);
-				debuglevel_class_isset[ndx] = True;
+				DEBUGLEVEL_CLASS[ndx] = atoi(class_level);
+				DEBUGLEVEL_CLASS_ISSET[ndx] = True;
 		} else {
 			DEBUG(0,("debug_parse_params: unrecognized debug class name or format [%s]\n", params[i]));
 			return False;
@@ -425,8 +426,7 @@ BOOL debug_parse_levels(const char *params_str)
 
 	params = str_list_make(params_str, NULL);
 
-	if (debug_parse_params(params, DEBUGLEVEL_CLASS,
-			       DEBUGLEVEL_CLASS_ISSET))
+	if (debug_parse_params(params))
 	{
 		debug_dump_status(5);
 		str_list_free(&params);
diff --git a/source3/lib/error.c b/source3/lib/error.c
index 608d2b89bad..af8cf960e8f 100644
--- a/source3/lib/error.c
+++ b/source3/lib/error.c
@@ -46,6 +46,9 @@ const struct unix_error_map unix_dos_nt_errmap[] = {
 #ifdef EROFS
 	{ EROFS, ERRHRD, ERRnowrite, NT_STATUS_ACCESS_DENIED },
 #endif
+#ifdef ENAMETOOLONG
+	{ ENAMETOOLONG, ERRDOS, 206, NT_STATUS_OBJECT_NAME_INVALID },
+#endif
 	{ 0, 0, 0, NT_STATUS_OK }
 };
 
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index e6d2de4a58b..d9886a54daf 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -382,10 +382,11 @@ void message_deregister(int msg_type)
 
 struct msg_all {
 	int msg_type;
+	uint32 msg_flag;
 	const void *buf;
 	size_t len;
 	BOOL duplicates;
-	int		n_sent;
+	int n_sent;
 };
 
 /****************************************************************************
@@ -405,13 +406,20 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
 	if (crec.cnum != -1)
 		return 0;
 
-	/* if the msg send fails because the pid was not found (i.e. smbd died), 
+	/* Don't send if the receiver hasn't registered an interest. */
+
+	if(!(crec.bcast_msg_flags & msg_all->msg_flag))
+		return 0;
+
+	/* If the msg send fails because the pid was not found (i.e. smbd died), 
 	 * the msg has already been deleted from the messages.tdb.*/
+
 	if (!message_send_pid(crec.pid, msg_all->msg_type,
 			      msg_all->buf, msg_all->len,
 			      msg_all->duplicates)) {
 		
-		/* if the pid was not found delete the entry from connections.tdb */
+		/* If the pid was not found delete the entry from connections.tdb */
+
 		if (errno == ESRCH) {
 			DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
 					(unsigned int)crec.pid, crec.cnum, crec.name));
@@ -442,6 +450,17 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
 	struct msg_all msg_all;
 
 	msg_all.msg_type = msg_type;
+	if (msg_type < 1000)
+		msg_all.msg_flag = FLAG_MSG_GENERAL;
+	else if (msg_type > 1000 && msg_type < 2000)
+		msg_all.msg_flag = FLAG_MSG_NMBD;
+	else if (msg_type > 2000 && msg_type < 3000)
+		msg_all.msg_flag = FLAG_MSG_PRINTING;
+	else if (msg_type > 3000 && msg_type < 4000)
+		msg_all.msg_flag = FLAG_MSG_SMBD;
+	else
+		return False;
+
 	msg_all.buf = buf;
 	msg_all.len = len;
 	msg_all.duplicates = duplicates_allowed;
@@ -452,73 +471,4 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
 		*n_sent = msg_all.n_sent;
 	return True;
 }
-
-static SIG_ATOMIC_T gotalarm;
-
-/***************************************************************
- Signal function to tell us we timed out.
-****************************************************************/
-
-static void gotalarm_sig(void)
-{
-	gotalarm = 1;
-}
-
-/**
- * Lock the messaging tdb based on a string - this is used as a primitive
- * form of mutex between smbd instances. 
- *
- * @param name A string identifying the name of the mutex.
- */
-
-BOOL message_named_mutex(char *name, unsigned int timeout)
-{
-	TDB_DATA key;
-	int ret;
-	void (*oldsig_handler)(int) = NULL;
-
-	if (!message_init())
-		return False;
-
-	key.dptr = name;
-	key.dsize = strlen(name)+1;
-
-	if (timeout) {
-		gotalarm = 0;
-		oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
-		alarm(timeout);
-	}
-
-	ret = tdb_chainlock(tdb, key);
-
-	if (timeout) {
-		alarm(0);
-		CatchSignal(SIGALRM, SIGNAL_CAST oldsig_handler);
-		if (gotalarm)
-			return False;
-	}
-
-	if (ret == 0)
-		DEBUG(10,("message_named_mutex: got mutex for %s\n", name ));
-
-	return (ret == 0);
-}
-
-/**
- * Unlock a named mutex.
- *
- * @param name A string identifying the name of the mutex.
- */
-
-void message_named_mutex_release(char *name)
-{
-	TDB_DATA key;
-
-	key.dptr = name;
-	key.dsize = strlen(name)+1;
-
-	tdb_chainunlock(tdb, key);
-	DEBUG(10,("message_named_mutex: released mutex for %s\n", name ));
-}
-
 /** @} **/
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index a3d6af4fbc1..bbc17cb704d 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -33,7 +33,7 @@ static void debug_callback(poptContext con,
 	switch(opt->val) {
 	case 'd':
 		if (arg) {
-			DEBUGLEVEL = atoi(arg);
+			debug_parse_levels(arg);
 			AllowDebugChange = False;
 		}
 
@@ -43,7 +43,7 @@ static void debug_callback(poptContext con,
 
 struct poptOption popt_common_debug[] = {
 	{ NULL, 0, POPT_ARG_CALLBACK, debug_callback },
-	{ "debuglevel", 'd', POPT_ARG_INT, NULL, 'd', "Set debug level", 
+	{ "debuglevel", 'd', POPT_ARG_STRING, NULL, 'd', "Set debug level", 
 	  "DEBUGLEVEL" },
 	{ 0 }
 };
diff --git a/source3/lib/readline.c b/source3/lib/readline.c
index d80c571dd3b..58c4ecf482d 100644
--- a/source3/lib/readline.c
+++ b/source3/lib/readline.c
@@ -21,6 +21,24 @@
 
 #include "includes.h"
 
+#ifdef HAVE_LIBREADLINE
+#  ifdef HAVE_READLINE_READLINE_H
+#    include <readline/readline.h>
+#    ifdef HAVE_READLINE_HISTORY_H
+#      include <readline/history.h>
+#    endif
+#  else
+#    ifdef HAVE_READLINE_H
+#      include <readline.h>
+#      ifdef HAVE_HISTORY_H
+#        include <history.h>
+#      endif
+#    else
+#      undef HAVE_LIBREADLINE
+#    endif
+#  endif
+#endif
+
 #ifdef HAVE_NEW_LIBREADLINE
 #  define RL_COMPLETION_CAST (rl_completion_func_t *)
 #else
diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c
index 416d77564d7..3e5512c7342 100644
--- a/source3/lib/server_mutex.c
+++ b/source3/lib/server_mutex.c
@@ -38,7 +38,7 @@ BOOL grab_server_mutex(const char *name)
 		DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
 		return False;
 	}
-	if (!message_named_mutex(mutex_server_name, 20)) {
+	if (!secrets_named_mutex(mutex_server_name, 10)) {
 		DEBUG(10,("grab_server_mutex: failed for %s\n", name));
 		SAFE_FREE(mutex_server_name);
 		return False;
@@ -50,8 +50,7 @@ BOOL grab_server_mutex(const char *name)
 void release_server_mutex(void)
 {
 	if (mutex_server_name) {
-		message_named_mutex_release(mutex_server_name);
+		secrets_named_mutex_release(mutex_server_name);
 		SAFE_FREE(mutex_server_name);
 	}
 }
-
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 026df0f67f1..2550d00d14c 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -297,8 +297,13 @@ void standard_sub_basic(const char *smb_name, char *str,size_t len)
 		case 'L' : 
 			if (local_machine_name && *local_machine_name)
 				string_sub(p,"%L", local_machine_name,l); 
-			else
-				string_sub(p,"%L", global_myname,l); 
+			else {
+				pstring temp_name;
+
+				pstrcpy(temp_name, global_myname);
+				strlower(temp_name);
+				string_sub(p,"%L", temp_name,l); 
+			}
 			break;
 		case 'M' :
 			string_sub(p,"%M", client_name(),l);
@@ -675,6 +680,19 @@ void standard_sub_conn(connection_struct *conn, char *str, size_t len)
 			conn->gid, current_user_info.smb_name, str, len);
 }
 
+char *talloc_sub_conn(TALLOC_CTX *mem_ctx, connection_struct *conn, char *str)
+{
+	return talloc_sub_advanced(mem_ctx, SNUM(conn), conn->user,
+			conn->connectpath, conn->gid,
+			current_user_info.smb_name, str);
+}
+
+char *alloc_sub_conn(connection_struct *conn, char *str)
+{
+	return alloc_sub_advanced(SNUM(conn), conn->user, conn->connectpath,
+			conn->gid, current_user_info.smb_name, str);
+}
+
 /****************************************************************************
  Like standard_sub but by snum.
 ****************************************************************************/
diff --git a/source3/lib/system.c b/source3/lib/system.c
index edda54a78d2..873b8737d50 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -1233,26 +1233,23 @@ int sys_dup2(int oldfd, int newfd)
  Wrapper for Admin Logs.
 ****************************************************************************/
 
-void sys_adminlog(int priority, const char *format_str, ...)
+void sys_adminlog(int priority, char *format_str, ...)
 {
 	va_list ap;
 	int ret;
-	char **msgbuf = NULL;
-
-	if (!lp_admin_log())
-		return;
+	char *msgbuf = NULL;
 
 	va_start( ap, format_str );
-	ret = vasprintf( msgbuf, format_str, ap );
+	ret = vasprintf( &msgbuf, format_str, ap );
 	va_end( ap );
 
 	if (ret == -1)
 		return;
 
 #if defined(HAVE_SYSLOG)
-	syslog( priority, "%s", *msgbuf );
+	syslog( priority, "%s", msgbuf );
 #else
-	DEBUG(0,("%s", *msgbuf ));
+	DEBUG(0,("%s", msgbuf ));
 #endif
-	SAFE_FREE(*msgbuf);
+	SAFE_FREE(msgbuf);
 }
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c
index 28ceaf39390..0cd30869453 100644
--- a/source3/lib/system_smbd.c
+++ b/source3/lib/system_smbd.c
@@ -41,6 +41,11 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
 	gid_t *gids_saved;
 	int ret, ngrp_saved;
 
+	if (non_root_mode()) {
+		*grpcnt = 0;
+		return 0;
+	}
+
 	/* work out how many groups we need to save */
 	ngrp_saved = getgroups(0, NULL);
 	if (ngrp_saved == -1) {
@@ -56,13 +61,14 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in
 
 	ngrp_saved = getgroups(ngrp_saved, gids_saved);
 	if (ngrp_saved == -1) {
-		free(gids_saved);
+		SAFE_FREE(gids_saved);
 		/* very strange! */
 		return -1;
 	}
 
 	if (initgroups(user, gid) != 0) {
-		free(gids_saved);
+		DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
+		SAFE_FREE(gids_saved);
 		return -1;
 	}
 
@@ -101,5 +107,6 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
 	become_root();
 	retval = getgrouplist_internals(user, gid, groups, grpcnt);
 	unbecome_root();
+	return retval;
 #endif
 }
diff --git a/source3/lib/time.c b/source3/lib/time.c
index 9d87414aea0..ef12dc15f34 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -40,6 +40,12 @@ int extra_time_offset = 0;
 #define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN)
 #endif
 
+void get_nttime_max(NTTIME *t)
+{
+	/* FIXME: This is incorrect */
+	unix_to_nt_time(t, get_time_t_max());
+}
+
 /*******************************************************************
  External access to time_t_min and time_t_max.
 ********************************************************************/
diff --git a/source3/lib/username.c b/source3/lib/username.c
index 5db7f58b1e2..ef11542ab19 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -274,27 +274,6 @@ done:
 }
 
 /****************************************************************************
- Get_Pwnam wrapper for modification.
-  NOTE: This can potentially modify 'user'! 
-****************************************************************************/
-
-struct passwd *Get_Pwnam_Modify(fstring user)
-{
-	fstring user2;
-	struct passwd *ret;
-
-	fstrcpy(user2, user);
-
-	ret = Get_Pwnam_internals(user, user2);
-	
-	/* If caller wants the modified username, ensure they get it  */
-	fstrcpy(user,user2);
-
-	/* We can safely assume ret is NULL if none of the above succeed */
-	return(ret);  
-}
-
-/****************************************************************************
  Get_Pwnam wrapper without modification.
   NOTE: This with NOT modify 'user'! 
 ****************************************************************************/
@@ -636,39 +615,3 @@ static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(c
 	return(NULL);
 }
 
-/****************************************************************************
- These wrappers allow appliance mode to work. In appliance mode the username
- takes the form DOMAIN/user.
-****************************************************************************/
-
-struct passwd *smb_getpwnam(char *user, BOOL allow_change)
-{
-	struct passwd *pw;
-	char *p;
-	char *sep;
-	extern pstring global_myname;
-
-	if (allow_change)
-		pw = Get_Pwnam_Modify(user);
-	else
-		pw = Get_Pwnam(user);
-
-	if (pw)
-		return pw;
-
-	/*
-	 * If it is a domain qualified name and it isn't in our password
-	 * database but the domain portion matches our local machine name then
-	 * lookup just the username portion locally.
-	 */
-
-	sep = lp_winbind_separator();
-	p = strchr_m(user,*sep);
-	if (p && strncasecmp(global_myname, user, strlen(global_myname))==0) {
-		if (allow_change)
-			pw = Get_Pwnam_Modify(p+1);
-		else
-			pw = Get_Pwnam(p+1);
-	}
-	return NULL;
-}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index ae94b710b2c..51b92568b4d 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -260,8 +260,8 @@ void show_msg(char *buf)
 	int i;
 	int bcc=0;
 
-	if (DEBUGLEVEL < 5) return;
-
+	if (!DEBUGLVL(5)) return;
+	
 	DEBUG(5,("size=%d\nsmb_com=0x%x\nsmb_rcls=%d\nsmb_reh=%d\nsmb_err=%d\nsmb_flg=%d\nsmb_flg2=%d\n",
 			smb_len(buf),
 			(int)CVAL(buf,smb_com),
@@ -270,31 +270,26 @@ void show_msg(char *buf)
 			(int)SVAL(buf,smb_err),
 			(int)CVAL(buf,smb_flg),
 			(int)SVAL(buf,smb_flg2)));
-	DEBUG(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\nsmt_wct=%d\n",
+	DEBUGADD(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\n",
 			(int)SVAL(buf,smb_tid),
 			(int)SVAL(buf,smb_pid),
 			(int)SVAL(buf,smb_uid),
-			(int)SVAL(buf,smb_mid),
-			(int)CVAL(buf,smb_wct)));
+			(int)SVAL(buf,smb_mid)));
+	DEBUGADD(5,("smt_wct=%d\n",(int)CVAL(buf,smb_wct)));
 
 	for (i=0;i<(int)CVAL(buf,smb_wct);i++)
-	{
-		DEBUG(5,("smb_vwv[%d]=%d (0x%X)\n",i,
+		DEBUGADD(5,("smb_vwv[%2d]=%5d (0x%X)\n",i,
 			SVAL(buf,smb_vwv+2*i),SVAL(buf,smb_vwv+2*i)));
-	}
-
+	
 	bcc = (int)SVAL(buf,smb_vwv+2*(CVAL(buf,smb_wct)));
 
-	DEBUG(5,("smb_bcc=%d\n",bcc));
+	DEBUGADD(5,("smb_bcc=%d\n",bcc));
 
 	if (DEBUGLEVEL < 10) return;
 
-	if (DEBUGLEVEL < 50)
-	{
-		bcc = MIN(bcc, 512);
-	}
+	if (DEBUGLEVEL < 50) bcc = MIN(bcc, 512);
 
-	dump_data(10, smb_buf(buf), bcc);
+	dump_data(10, smb_buf(buf), bcc);	
 }
 
 /*******************************************************************
@@ -1140,8 +1135,18 @@ something really nasty happened - panic!
 void smb_panic(char *why)
 {
 	char *cmd = lp_panic_action();
+	int result;
+
 	if (cmd && *cmd) {
-		system(cmd);
+		DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmd));
+		result = system(cmd);
+
+		if (result == -1)
+			DEBUG(0, ("smb_panic(): fork failed in panic action: %s\n",
+				  strerror(errno)));
+		else
+			DEBUG(0, ("smb_panic(): action returned status %d\n",
+				  WEXITSTATUS(result)));
 	}
 	DEBUG(0,("PANIC: %s\n", why));
 	dbgflush();
@@ -1564,35 +1569,35 @@ void print_asc(int level, const unsigned char *buf,int len)
 
 void dump_data(int level, const char *buf1,int len)
 {
-  const unsigned char *buf = (const unsigned char *)buf1;
-  int i=0;
-  if (len<=0) return;
-
-  DEBUG(level,("[%03X] ",i));
-  for (i=0;i<len;) {
-    DEBUG(level,("%02X ",(int)buf[i]));
-    i++;
-    if (i%8 == 0) DEBUG(level,(" "));
-    if (i%16 == 0) {      
-      print_asc(level,&buf[i-16],8); DEBUG(level,(" "));
-      print_asc(level,&buf[i-8],8); DEBUG(level,("\n"));
-      if (i<len) DEBUG(level,("[%03X] ",i));
-    }
-  }
-  if (i%16) {
-    int n;
-
-    n = 16 - (i%16);
-    DEBUG(level,(" "));
-    if (n>8) DEBUG(level,(" "));
-    while (n--) DEBUG(level,("   "));
-
-    n = MIN(8,i%16);
-    print_asc(level,&buf[i-(i%16)],n); DEBUG(level,(" "));
-    n = (i%16) - n;
-    if (n>0) print_asc(level,&buf[i-n],n); 
-    DEBUG(level,("\n"));    
-  }
+	const unsigned char *buf = (const unsigned char *)buf1;
+	int i=0;
+	if (len<=0) return;
+
+	if (!DEBUGLVL(level)) return;
+	
+	DEBUGADD(level,("[%03X] ",i));
+	for (i=0;i<len;) {
+		DEBUGADD(level,("%02X ",(int)buf[i]));
+		i++;
+		if (i%8 == 0) DEBUGADD(level,(" "));
+		if (i%16 == 0) {      
+			print_asc(level,&buf[i-16],8); DEBUGADD(level,(" "));
+			print_asc(level,&buf[i-8],8); DEBUGADD(level,("\n"));
+			if (i<len) DEBUGADD(level,("[%03X] ",i));
+		}
+	}
+	if (i%16) {
+		int n;
+		n = 16 - (i%16);
+		DEBUGADD(level,(" "));
+		if (n>8) DEBUGADD(level,(" "));
+		while (n--) DEBUGADD(level,("   "));
+		n = MIN(8,i%16);
+		print_asc(level,&buf[i-(i%16)],n); DEBUGADD(level,( " " ));
+		n = (i%16) - n;
+		if (n>0) print_asc(level,&buf[i-n],n); 
+		DEBUGADD(level,("\n"));    
+	}	
 }
 
 char *tab_depth(int depth)
@@ -1819,6 +1824,17 @@ char *smb_xstrdup(const char *s)
 	return s1;
 }
 
+/**
+ strndup that aborts on malloc fail.
+**/
+char *smb_xstrndup(const char *s, size_t n)
+{
+	char *s1 = strndup(s, n);
+	if (!s1)
+		smb_panic("smb_xstrndup: malloc fail\n");
+	return s1;
+}
+
 /*
   vasprintf that aborts on malloc fail
 */
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 9fdf03adfc8..b137023e55c 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -21,6 +21,8 @@
 
 #include "includes.h"
 
+extern DOM_SID global_sid_Builtin;
+
 /**********************************************************************************
  Check if this ACE has a SID in common with the token.
 **********************************************************************************/
@@ -42,7 +44,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
  bits not yet granted. Zero means permission allowed (no more needed bits).
 **********************************************************************************/
 
-static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired, 
+static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, 
 			NTSTATUS *status)
 {
 	uint32 mask = ace->info.mask;
@@ -102,7 +104,7 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired,
  include other bits requested.
 **********************************************************************************/ 
 
-static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, 
+static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 *granted, 
 			    uint32 desired, 
 			    NTSTATUS *status)
 {
@@ -224,7 +226,7 @@ void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping)
  "Access-Checking" document in MSDN.
 *****************************************************************************/ 
 
-BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
+BOOL se_access_check(SEC_DESC *sd, const NT_USER_TOKEN *token,
 		     uint32 acc_desired, uint32 *acc_granted, 
 		     NTSTATUS *status)
 {
@@ -262,12 +264,13 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
 	}
 
 	/* The user sid is the first in the token */
-
-	DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
-
-	for (i = 1; i < token->num_sids; i++) {
-		DEBUG(3, ("se_access_check: also %s\n",
-			  sid_to_string(sid_str, &token->user_sids[i])));
+	if (DEBUGLVL(3)) {
+		DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
+		
+		for (i = 1; i < token->num_sids; i++) {
+			DEBUGADD(3, ("se_access_check: also %s\n",
+				  sid_to_string(sid_str, &token->user_sids[i])));
+		}
 	}
 
 	/* Is the token the owner of the SID ? */
@@ -297,7 +300,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
 	for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
 		SEC_ACE *ace = &the_acl->ace[i];
 
-		DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
+		DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
 			  (unsigned int)i, ace->type, ace->flags,
 			  sid_to_string(sid_str, &ace->trustee),
 			  (unsigned int) ace->info.mask, 
@@ -442,3 +445,42 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 
 	return sdb;
 }
+
+/*******************************************************************
+ samr_make_sam_obj_sd
+ ********************************************************************/
+
+NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
+{
+	extern DOM_SID global_sid_World;
+	DOM_SID adm_sid;
+	DOM_SID act_sid;
+
+	SEC_ACE ace[3];
+	SEC_ACCESS mask;
+
+	SEC_ACL *psa = NULL;
+
+	sid_copy(&adm_sid, &global_sid_Builtin);
+	sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+	sid_copy(&act_sid, &global_sid_Builtin);
+	sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
+
+	/*basic access for every one*/
+	init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	/*full access for builtin aliases Administrators and Account Operators*/
+	init_sec_access(&mask, SAMR_ALL_ACCESS);
+	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+		return NT_STATUS_NO_MEMORY;
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index ad09f912346..e9635fc7f84 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -30,13 +30,11 @@ extern fstring global_myworkgroup;
  * Some useful sids
  */
 
-DOM_SID global_sid_Builtin; 				/* Local well-known domain */
 DOM_SID global_sid_World_Domain;	    	/* Everyone domain */
 DOM_SID global_sid_World;    				/* Everyone */
 DOM_SID global_sid_Creator_Owner_Domain;    /* Creator Owner domain */
 DOM_SID global_sid_NT_Authority;    		/* NT Authority */
 DOM_SID global_sid_NULL;            		/* NULL sid */
-DOM_SID global_sid_Builtin_Guests;			/* Builtin guest users */
 DOM_SID global_sid_Authenticated_Users;		/* All authenticated rids */
 DOM_SID global_sid_Network;					/* Network rids */
 
@@ -44,6 +42,11 @@ static DOM_SID global_sid_Creator_Owner;    		/* Creator Owner */
 static DOM_SID global_sid_Creator_Group;              /* Creator Group */
 static DOM_SID global_sid_Anonymous;				/* Anonymous login */
 
+DOM_SID global_sid_Builtin; 				/* Local well-known domain */
+DOM_SID global_sid_Builtin_Administrators;
+DOM_SID global_sid_Builtin_Users;
+DOM_SID global_sid_Builtin_Guests;			/* Builtin guest users */
+
 /*
  * An NT compatible anonymous token.
  */
@@ -99,6 +102,8 @@ const char *sid_type_lookup(uint32 sid_type)
 void generate_wellknown_sids(void)
 {
 	string_to_sid(&global_sid_Builtin, "S-1-5-32");
+	string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
+	string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
 	string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
 	string_to_sid(&global_sid_World_Domain, "S-1-1");
 	string_to_sid(&global_sid_World, "S-1-1-0");
@@ -525,3 +530,18 @@ char *sid_binstring(DOM_SID *sid)
 	return s;
 }
 
+
+/*
+  print a GUID structure for debugging
+*/
+void print_guid(GUID *guid)
+{
+	int i;
+
+	d_printf("%08x-%04x-%04x", 
+		 IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6));
+	d_printf("-%02x%02x-", guid->info[8], guid->info[9]);
+	for (i=10;i<GUID_SIZE;i++)
+		d_printf("%02x", guid->info[i]);
+	d_printf("\n");
+}
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 5e2b7c5ed97..fc2abf976f4 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -871,7 +871,7 @@ static BOOL matchname(char *remotehost,struct in_addr  addr)
 	
 	/* Look up the host address in the address list we just got. */
 	for (i = 0; hp->h_addr_list[i]; i++) {
-		if (memcmp(hp->h_addr_list[i], (caddr_t) & addr, sizeof(addr)) == 0)
+		if (memcmp(hp->h_addr_list[i], (char *) & addr, sizeof(addr)) == 0)
 			return True;
 	}
 	
@@ -976,6 +976,7 @@ int create_pipe_sock(const char *socket_dir,
 		     const char *socket_name,
 		     mode_t dir_perms)
 {
+#ifdef HAVE_UNIXSOCKET
         struct sockaddr_un sunaddr;
         struct stat st;
         int sock;
@@ -1064,6 +1065,10 @@ int create_pipe_sock(const char *socket_dir,
         /* Success! */
         
         return sock;
+#else
+        DEBUG(0, ("create_pipe_sock: No Unix sockets on this system\n"));
+        return -1;
+#endif /* HAVE_UNIXSOCKET */
 }
 
 /*******************************************************************
diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index ba02819bdc6..eb472524131 100644
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -218,6 +218,16 @@ void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen)
 	pull_ucs2(NULL, dest, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN);
 }
 
+/*******************************************************************
+give a static string for displaying a UNISTR2
+********************************************************************/
+const char *unistr2_static(const UNISTR2 *str)
+{
+	static pstring ret;
+	unistr2_to_ascii(ret, str, sizeof(ret));
+	return ret;
+}
+
 
 /*******************************************************************
  duplicate a UNISTR2 string into a null terminated char*
diff --git a/source3/lib/xfile.c b/source3/lib/xfile.c
index b5710f3a39e..7621712e9ad 100644
--- a/source3/lib/xfile.c
+++ b/source3/lib/xfile.c
@@ -43,6 +43,7 @@ XFILE *x_stderr = &_x_stderr;
 
 #define X_FLAG_EOF 1
 #define X_FLAG_ERROR 2
+#define X_FLAG_EINVAL 3
 
 /* simulate setvbuf() */
 int x_setvbuf(XFILE *f, char *buf, int mode, size_t size)
@@ -341,3 +342,36 @@ char *x_fgets(char *s, int size, XFILE *stream)
 	*s = 0;
 	return s0;
 }
+
+/* trivial seek, works only for SEEK_SET and SEEK_END if SEEK_CUR is
+ * set then an error is returned */
+off_t x_tseek(XFILE *f, off_t offset, int whence)
+{
+	if (f->flags & X_FLAG_ERROR)
+		return -1;
+
+	/* only SEEK_SET and SEEK_END are supported */
+	/* SEEK_CUR needs internal offset counter */
+	if (whence != SEEK_SET && whence != SEEK_END) {
+		f->flags |= X_FLAG_EINVAL;
+		errno = EINVAL;
+		return -1;
+	}
+
+	/* empty the buffer */
+	switch (f->open_flags & O_ACCMODE) {
+	case O_RDONLY:
+		f->bufused = 0;
+		break;
+	case O_WRONLY:
+		if (x_fflush(f) != 0)
+			return -1;
+		break;
+	default:
+		errno = EINVAL;
+		return -1;
+	}
+
+	f->flags &= ~X_FLAG_EOF;
+	return (off_t)sys_lseek(f->fd, offset, whence);
+}