s4-torture: fix some build warnings in rpc samr test.

[mat/samba.git] / source4 / torture / rpc / samr.c
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c

index 0a839494b21de1da65e308c022639ff4d9df06ca..0cdd242b744239fa845089f61c6958250365b451 100644 (file)
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -4,6 +4,7 @@
  
     Copyright (C) Andrew Tridgell 2003
     Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
+   Copyright (C) Jelmer Vernooij 2005-2007
     Copyright (C) Guenther Deschner 2008-2010
  
     This program is free software; you can redistribute it and/or modify
@@ -24,6 +25,7 @@
  #include "torture/torture.h"
  #include <tevent.h>
  #include "system/time.h"
+#include "system/network.h"
  #include "librpc/gen_ndr/lsa.h"
  #include "librpc/gen_ndr/ndr_netlogon.h"
  #include "librpc/gen_ndr/ndr_netlogon_c.h"
@@ -32,14 +34,12 @@
  #include "../lib/crypto/crypto.h"
  #include "libcli/auth/libcli_auth.h"
  #include "libcli/security/security.h"
-#include "torture/rpc/rpc.h"
+#include "torture/rpc/torture_rpc.h"
  #include "param/param.h"
  #include "auth/gensec/gensec.h"
  #include "auth/gensec/gensec_proto.h"
  #include "../libcli/auth/schannel.h"
  
-#include <unistd.h>
-
  #define TEST_ACCOUNT_NAME "samrtorturetest"
  #define TEST_ACCOUNT_NAME_PWD "samrpwdlastset"
  #define TEST_ALIASNAME "samrtorturetestalias"
@@ -67,15 +67,15 @@ struct torture_samr_context {
         uint32_t num_objects_large_dc;
  };
  
-static bool test_QueryUserInfo(struct dcerpc_pipe *p,
+static bool test_QueryUserInfo(struct dcerpc_binding_handle *b,
                                struct torture_context *tctx,
                                struct policy_handle *handle);
  
-static bool test_QueryUserInfo2(struct dcerpc_pipe *p,
+static bool test_QueryUserInfo2(struct dcerpc_binding_handle *b,
                                 struct torture_context *tctx,
                                 struct policy_handle *handle);
  
-static bool test_QueryAliasInfo(struct dcerpc_pipe *p,
+static bool test_QueryAliasInfo(struct dcerpc_binding_handle *b,
                                 struct torture_context *tctx,
                                 struct policy_handle *handle);
  
@@ -101,25 +101,26 @@ static void init_lsa_BinaryString(struct lsa_BinaryString *string, const char *s
         string->array = (uint16_t *)discard_const(s);
  }
  
-bool test_samr_handle_Close(struct dcerpc_pipe *p, struct torture_context *tctx,
-                                  struct policy_handle *handle)
+bool test_samr_handle_Close(struct dcerpc_binding_handle *b,
+                           struct torture_context *tctx,
+                           struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_Close r;
  
         r.in.handle = handle;
         r.out.handle = handle;
  
-       status = dcerpc_samr_Close(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "Close");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Close_r(b, tctx, &r),
+               "Close failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "Close failed");
  
         return true;
  }
  
-static bool test_Shutdown(struct dcerpc_pipe *p, struct torture_context *tctx,
-                      struct policy_handle *handle)
+static bool test_Shutdown(struct dcerpc_binding_handle *b,
+                         struct torture_context *tctx,
+                         struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_Shutdown r;
  
         if (!torture_setting_bool(tctx, "dangerous", false)) {
@@ -129,18 +130,19 @@ static bool test_Shutdown(struct dcerpc_pipe *p, struct torture_context *tctx,
  
         r.in.connect_handle = handle;
  
-       torture_comment(tctx, "testing samr_Shutdown\n");
+       torture_comment(tctx, "Testing samr_Shutdown\n");
  
-       status = dcerpc_samr_Shutdown(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "samr_Shutdown");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Shutdown_r(b, tctx, &r),
+               "Shutdown failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "Shutdown failed");
  
         return true;
  }
  
-static bool test_SetDsrmPassword(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_SetDsrmPassword(struct dcerpc_binding_handle *b,
+                                struct torture_context *tctx,
                                  struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_SetDsrmPassword r;
         struct lsa_String string;
         struct samr_Password hash;
@@ -157,20 +159,20 @@ static bool test_SetDsrmPassword(struct dcerpc_pipe *p, struct torture_context *
         r.in.unknown = 0;
         r.in.hash = &hash;
  
-       torture_comment(tctx, "testing samr_SetDsrmPassword\n");
+       torture_comment(tctx, "Testing samr_SetDsrmPassword\n");
  
-       status = dcerpc_samr_SetDsrmPassword(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_SUPPORTED, "samr_SetDsrmPassword");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDsrmPassword_r(b, tctx, &r),
+               "SetDsrmPassword failed");
+       torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_SUPPORTED, "SetDsrmPassword failed");
  
         return true;
  }
  
  
-static bool test_QuerySecurity(struct dcerpc_pipe *p,
+static bool test_QuerySecurity(struct dcerpc_binding_handle *b,
                                struct torture_context *tctx,
                                struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QuerySecurity r;
         struct samr_SetSecurity s;
         struct sec_desc_buf *sdbuf = NULL;
@@ -179,8 +181,9 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
         r.in.sec_info = 7;
         r.out.sdbuf = &sdbuf;
  
-       status = dcerpc_samr_QuerySecurity(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "QuerySecurity");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QuerySecurity_r(b, tctx, &r),
+               "QuerySecurity failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "QuerySecurity failed");
  
         torture_assert(tctx, sdbuf != NULL, "sdbuf is NULL");
  
@@ -192,21 +195,22 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
                 torture_skip(tctx, "skipping SetSecurity test against Samba4\n");
         }
  
-       status = dcerpc_samr_SetSecurity(p, tctx, &s);
-       torture_assert_ntstatus_ok(tctx, status, "SetSecurity");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetSecurity_r(b, tctx, &s),
+               "SetSecurity failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "SetSecurity failed");
  
-       status = dcerpc_samr_QuerySecurity(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "QuerySecurity");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QuerySecurity_r(b, tctx, &r),
+               "QuerySecurity failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "QuerySecurity failed");
  
         return true;
  }
  
  
-static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_SetUserInfo(struct dcerpc_binding_handle *b, struct torture_context *tctx,
                              struct policy_handle *handle, uint32_t base_acct_flags,
                              const char *base_account_name)
  {
-       NTSTATUS status;
         struct samr_SetUserInfo s;
         struct samr_SetUserInfo2 s2;
         struct samr_QueryUserInfo q;
@@ -236,17 +240,18 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
         q0 = q;
  
  #define TESTCALL(call, r) \
-               status = dcerpc_samr_ ##call(p, tctx, &r); \
-               if (!NT_STATUS_IS_OK(status)) { \
-                       torture_comment(tctx, #call " level %u failed - %s (%s)\n", \
-                              r.in.level, nt_errstr(status), __location__); \
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_ ##call## _r(b, tctx, &r),\
+                       #call " failed"); \
+               if (!NT_STATUS_IS_OK(r.out.result)) { \
+                       torture_result(tctx, TORTURE_FAIL, #call " level %u failed - %s (%s)\n", \
+                              r.in.level, nt_errstr(r.out.result), __location__); \
                         ret = false; \
                         break; \
                 }
  
  #define STRING_EQUAL(s1, s2, field) \
                 if ((s1 && !s2) || (s2 && !s1) || strcmp(s1, s2)) { \
-                       torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
+                       torture_result(tctx, TORTURE_FAIL, "Failed to set %s to '%s' (%s)\n", \
                                #field, s2, __location__); \
                         ret = false; \
                         break; \
@@ -254,7 +259,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
  
  #define MEM_EQUAL(s1, s2, length, field) \
                 if ((s1 && !s2) || (s2 && !s1) || memcmp(s1, s2, length)) { \
-                       torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \
+                       torture_result(tctx, TORTURE_FAIL, "Failed to set %s to '%s' (%s)\n", \
                                #field, (const char *)s2, __location__); \
                         ret = false; \
                         break; \
@@ -262,7 +267,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
  
  #define INT_EQUAL(i1, i2, field) \
                 if (i1 != i2) { \
-                       torture_comment(tctx, "Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \
+                       torture_result(tctx, TORTURE_FAIL, "Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \
                                #field, (unsigned long long)i2, (unsigned long long)i1, __location__); \
                         ret = false; \
                         break; \
@@ -358,19 +363,19 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
                            SAMR_FIELD_COMMENT);
  
         test_account_name = talloc_asprintf(tctx, "%sxx7-1", base_account_name);
-       TEST_USERINFO_STRING(7, account_name,  1, account_name, base_account_name, 0);
+       TEST_USERINFO_STRING(7, account_name,  1, account_name, test_account_name, 0);
         test_account_name = talloc_asprintf(tctx, "%sxx7-3", base_account_name);
-       TEST_USERINFO_STRING(7, account_name,  3, account_name, base_account_name, 0);
+       TEST_USERINFO_STRING(7, account_name,  3, account_name, test_account_name, 0);
         test_account_name = talloc_asprintf(tctx, "%sxx7-5", base_account_name);
-       TEST_USERINFO_STRING(7, account_name,  5, account_name, base_account_name, 0);
+       TEST_USERINFO_STRING(7, account_name,  5, account_name, test_account_name, 0);
         test_account_name = talloc_asprintf(tctx, "%sxx7-6", base_account_name);
-       TEST_USERINFO_STRING(7, account_name,  6, account_name, base_account_name, 0);
+       TEST_USERINFO_STRING(7, account_name,  6, account_name, test_account_name, 0);
         test_account_name = talloc_asprintf(tctx, "%sxx7-7", base_account_name);
-       TEST_USERINFO_STRING(7, account_name,  7, account_name, base_account_name, 0);
+       TEST_USERINFO_STRING(7, account_name,  7, account_name, test_account_name, 0);
         test_account_name = talloc_asprintf(tctx, "%sxx7-21", base_account_name);
-       TEST_USERINFO_STRING(7, account_name, 21, account_name, base_account_name, 0);
+       TEST_USERINFO_STRING(7, account_name, 21, account_name, test_account_name, 0);
         test_account_name = base_account_name;
-       TEST_USERINFO_STRING(21, account_name, 21, account_name, base_account_name,
+       TEST_USERINFO_STRING(21, account_name, 21, account_name, test_account_name,
                            SAMR_FIELD_ACCOUNT_NAME);
  
         TEST_USERINFO_STRING(6, full_name,  1, full_name, "xx6-1 full_name", 0);
@@ -451,7 +456,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
         TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "",
                            SAMR_FIELD_PARAMETERS);
  
-       /* Samba 3 cannot store country_code and copy_page atm. - gd */
+       /* Samba 3 cannot store country_code and code_page atm. - gd */
         if (!torture_setting_bool(tctx, "samba3", false)) {
                 TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0);
                 TEST_USERINFO_INT(2, country_code, 21, country_code, __LINE__, 0);
@@ -532,26 +537,26 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx
  
         /* Samba3 cannot store these atm */
         if (!torture_setting_bool(tctx, "samba3", false)) {
-       /* The 'store plaintext' flag does stick */
-       TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
-                             (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
-                             (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
-                             0);
-       /* The 'use DES' flag does stick */
-       TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
-                             (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
-                             (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
-                             0);
-       /* The 'don't require kerberos pre-authentication flag does stick */
-       TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
-                             (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
-                             (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
-                             0);
-       /* The 'no kerberos PAC required' flag sticks */
-       TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
-                             (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
-                             (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
-                             0);
+               /* The 'store plaintext' flag does stick */
+               TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+                                     (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED),
+                                     (base_acct_flags | ACB_DISABLED | ACB_ENC_TXT_PWD_ALLOWED | user_extra_flags),
+                                     0);
+               /* The 'use DES' flag does stick */
+               TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+                                     (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY),
+                                     (base_acct_flags | ACB_DISABLED | ACB_USE_DES_KEY_ONLY | user_extra_flags),
+                                     0);
+               /* The 'don't require kerberos pre-authentication flag does stick */
+               TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+                                     (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH),
+                                     (base_acct_flags | ACB_DISABLED | ACB_DONT_REQUIRE_PREAUTH | user_extra_flags),
+                                     0);
+               /* The 'no kerberos PAC required' flag sticks */
+               TEST_USERINFO_INT_EXP(16, acct_flags, 21, acct_flags,
+                                     (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD),
+                                     (base_acct_flags | ACB_DISABLED | ACB_NO_AUTH_DATA_REQD | user_extra_flags),
+                                     0);
         }
         TEST_USERINFO_INT_EXP(21, acct_flags, 21, acct_flags,
                               (base_acct_flags | ACB_DISABLED),
@@ -625,14 +630,16 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
         bool ret = true;
         DATA_BLOB session_key;
         char *newpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass(tctx, policy_min_pw_len);
@@ -646,7 +653,7 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -655,10 +662,14 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx
  
         torture_comment(tctx, "Testing SetUserInfo level 24 (set password)\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -677,6 +688,7 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
         union samr_UserInfo u;
         bool ret = true;
         DATA_BLOB session_key;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         char *newpass;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
@@ -684,8 +696,9 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass(tctx, policy_min_pw_len);
@@ -702,7 +715,7 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -711,10 +724,14 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_comment(tctx, "Testing SetUserInfo level 23 (set password)\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -724,7 +741,7 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -735,10 +752,14 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_comment(tctx, "Testing SetUserInfo level 23 (set password) with wrong password\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         }
  
@@ -758,15 +779,17 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
         uint8_t confounder[16];
         char *newpass;
-       struct MD5Context ctx;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+       MD5_CTX ctx;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         if (makeshort && policy_min_pw_len) {
@@ -784,7 +807,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -801,10 +824,14 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
  
         torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex)\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -818,10 +845,14 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc
  
         torture_comment(tctx, "Testing SetUserInfo level 26 (set password ex) with wrong session key\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD: %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -840,17 +871,19 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
         bool ret = true;
         DATA_BLOB session_key;
         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
-       struct MD5Context ctx;
+       MD5_CTX ctx;
         uint8_t confounder[16];
         char *newpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass(tctx, policy_min_pw_len);
@@ -867,7 +900,7 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -884,10 +917,14 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex)\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -901,10 +938,14 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with wrong session key\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       newpass, nt_errstr(s.out.result));
+       if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with WRONG_PASSWORD- %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         }
  
@@ -920,6 +961,7 @@ static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *t
         bool ret = true;
         DATA_BLOB session_key;
         char *newpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
@@ -928,8 +970,9 @@ static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *t
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass(tctx, policy_min_pw_len);
@@ -948,7 +991,7 @@ static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *t
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -970,10 +1013,11 @@ static bool test_SetUserPass_18(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_comment(tctx, "Testing SetUserInfo level 18 (set password hash)\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -992,6 +1036,7 @@ static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *t
         bool ret = true;
         DATA_BLOB session_key;
         char *newpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
@@ -1000,8 +1045,9 @@ static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *t
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass(tctx, policy_min_pw_len);
@@ -1033,7 +1079,7 @@ static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *t
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -1058,10 +1104,11 @@ static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_comment(tctx, "Testing SetUserInfo level 21 (set password hash)\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -1072,11 +1119,11 @@ static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *t
  
                 u.info21.nt_owf_password.length++;
  
-               status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-
-               if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
-                       torture_warning(tctx, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
-                              s.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+                       "SetUserInfo failed");
+               if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_INVALID_PARAMETER)) {
+                       torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
+                              s.in.level, nt_errstr(s.out.result));
                         ret = false;
                 }
         }
@@ -1085,11 +1132,11 @@ static bool test_SetUserPass_21(struct dcerpc_pipe *p, struct torture_context *t
  
                 u.info21.lm_owf_password.length++;
  
-               status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-
-               if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
-                       torture_warning(tctx, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
-                              s.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+                       "SetUserInfo failed");
+               if (!NT_STATUS_EQUAL(s.out.result, NT_STATUS_INVALID_PARAMETER)) {
+                       torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u should have failed with NT_STATUS_INVALID_PARAMETER - %s\n",
+                              s.in.level, nt_errstr(s.out.result));
                         ret = false;
                 }
         }
@@ -1114,9 +1161,10 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
         bool ret = true;
         DATA_BLOB session_key;
         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
-       struct MD5Context ctx;
+       MD5_CTX ctx;
         uint8_t confounder[16];
         char *newpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct samr_GetUserPwInfo pwp;
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
@@ -1126,8 +1174,9 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
         pwp.in.user_handle = handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass_silent(tctx, policy_min_pw_len);
@@ -1143,7 +1192,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
         }
  
         if (fields_present & SAMR_FIELD_COMMENT) {
-               comment = talloc_asprintf(tctx, "comment: %ld\n", time(NULL));
+               comment = talloc_asprintf(tctx, "comment: %ld\n", (long int) time(NULL));
         }
  
         ZERO_STRUCT(u);
@@ -1216,7 +1265,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -1281,9 +1330,19 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
         }
  
         if (use_setinfo2) {
-               status = dcerpc_samr_SetUserInfo2(p, tctx, &s2);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo2_r(b, tctx, &s2),
+                       "SetUserInfo2 failed");
+               torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                               __location__, __FUNCTION__,
+                               newpass, nt_errstr(s2.out.result));
+                       status = s2.out.result;
         } else {
-               status = dcerpc_samr_SetUserInfo(p, tctx, &s);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+                       "SetUserInfo failed");
+               torture_comment(tctx, "(%s:%s) new_password[%s] status[%s]\n",
+                               __location__, __FUNCTION__,
+                               newpass, nt_errstr(s.out.result));
+               status = s.out.result;
         }
  
         if (!NT_STATUS_IS_OK(status)) {
@@ -1310,7 +1369,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
         }
  
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo%s level %u failed - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo%s level %u failed - %s\n",
                        use_setinfo2 ? "2":"", level, nt_errstr(status));
                 ret = false;
         } else {
@@ -1320,10 +1379,10 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
-                              struct policy_handle *handle)
+static bool test_SetAliasInfo(struct dcerpc_binding_handle *b,
+                             struct torture_context *tctx,
+                             struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_SetAliasInfo r;
         struct samr_QueryAliasInfo q;
         union samr_AliasInfo *info;
@@ -1348,10 +1407,11 @@ static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tct
                     case ALIASINFOALL: torture_comment(tctx, "ALIASINFOALL ignored\n"); break;
                 }
  
-               status = dcerpc_samr_SetAliasInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "SetAliasInfo level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetAliasInfo_r(b, tctx, &r),
+                       "SetAliasInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "SetAliasInfo level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
  
@@ -1359,10 +1419,11 @@ static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tct
                 q.in.level = levels[i];
                 q.out.info = &info;
  
-               status = dcerpc_samr_QueryAliasInfo(p, tctx, &q);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryAliasInfo level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryAliasInfo_r(b, tctx, &q),
+                       "QueryAliasInfo failed");
+               if (!NT_STATUS_IS_OK(q.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryAliasInfo level %u failed - %s\n",
+                              levels[i], nt_errstr(q.out.result));
                         ret = false;
                 }
         }
@@ -1370,20 +1431,21 @@ static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tct
         return ret;
  }
  
-static bool test_GetGroupsForUser(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_GetGroupsForUser(struct dcerpc_binding_handle *b,
+                                 struct torture_context *tctx,
                                   struct policy_handle *user_handle)
  {
         struct samr_GetGroupsForUser r;
         struct samr_RidWithAttributeArray *rids = NULL;
-       NTSTATUS status;
  
-       torture_comment(tctx, "testing GetGroupsForUser\n");
+       torture_comment(tctx, "Testing GetGroupsForUser\n");
  
         r.in.user_handle = user_handle;
         r.out.rids = &rids;
  
-       status = dcerpc_samr_GetGroupsForUser(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetGroupsForUser");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetGroupsForUser_r(b, tctx, &r),
+               "GetGroupsForUser failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetGroupsForUser failed");
  
         return true;
  
@@ -1392,43 +1454,47 @@ static bool test_GetGroupsForUser(struct dcerpc_pipe *p, struct torture_context
  static bool test_GetDomPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
                               struct lsa_String *domain_name)
  {
-       NTSTATUS status;
         struct samr_GetDomPwInfo r;
         struct samr_PwInfo info;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         r.in.domain_name = domain_name;
         r.out.info = &info;
  
         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
  
-       status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+               "GetDomPwInfo failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
  
         r.in.domain_name->string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
  
-       status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+               "GetDomPwInfo failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
  
         r.in.domain_name->string = "\\\\__NONAME__";
         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
  
-       status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+               "GetDomPwInfo failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
  
         r.in.domain_name->string = "\\\\Builtin";
         torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
  
-       status = dcerpc_samr_GetDomPwInfo(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetDomPwInfo");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &r),
+               "GetDomPwInfo failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetDomPwInfo failed");
  
         return true;
  }
  
-static bool test_GetUserPwInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_GetUserPwInfo(struct dcerpc_binding_handle *b,
+                              struct torture_context *tctx,
                                struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_GetUserPwInfo r;
         struct samr_PwInfo info;
  
@@ -1437,13 +1503,15 @@ static bool test_GetUserPwInfo(struct dcerpc_pipe *p, struct torture_context *tc
         r.in.user_handle = handle;
         r.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetUserPwInfo");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &r),
+               "GetUserPwInfo failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetUserPwInfo");
  
         return true;
  }
  
-static NTSTATUS test_LookupName(struct dcerpc_pipe *p, struct torture_context *tctx,
+static NTSTATUS test_LookupName(struct dcerpc_binding_handle *b,
+                               struct torture_context *tctx,
                                 struct policy_handle *domain_handle, const char *name,
                                 uint32_t *rid)
  {
@@ -1459,58 +1527,73 @@ static NTSTATUS test_LookupName(struct dcerpc_pipe *p, struct torture_context *t
         n.in.names = sname;
         n.out.rids = &rids;
         n.out.types = &types;
-       status = dcerpc_samr_LookupNames(p, tctx, &n);
-       if (NT_STATUS_IS_OK(status)) {
+       status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       if (NT_STATUS_IS_OK(n.out.result)) {
                 *rid = n.out.rids->ids[0];
         } else {
-               return status;
+               return n.out.result;
         }
  
         init_lsa_String(&sname[1], "xxNONAMExx");
         n.in.num_names = 2;
-       status = dcerpc_samr_LookupNames(p, tctx, &n);
-       if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
-               torture_warning(tctx, "LookupNames[2] failed - %s\n", nt_errstr(status));
-               if (NT_STATUS_IS_OK(status)) {
+       status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       if (!NT_STATUS_EQUAL(n.out.result, STATUS_SOME_UNMAPPED)) {
+               torture_result(tctx, TORTURE_FAIL, "LookupNames[2] failed - %s\n", nt_errstr(n.out.result));
+               if (NT_STATUS_IS_OK(n.out.result)) {
                         return NT_STATUS_UNSUCCESSFUL;
                 }
-               return status;
+               return n.out.result;
         }
  
         n.in.num_names = 0;
-       status = dcerpc_samr_LookupNames(p, tctx, &n);
+       status = dcerpc_samr_LookupNames_r(b, tctx, &n);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "LookupNames[0] failed - %s\n", nt_errstr(status));
                 return status;
         }
+       if (!NT_STATUS_IS_OK(n.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "LookupNames[0] failed - %s\n", nt_errstr(status));
+               return n.out.result;
+       }
  
         init_lsa_String(&sname[0], "xxNONAMExx");
         n.in.num_names = 1;
-       status = dcerpc_samr_LookupNames(p, tctx, &n);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
-               torture_warning(tctx, "LookupNames[1 bad name] failed - %s\n", nt_errstr(status));
-               if (NT_STATUS_IS_OK(status)) {
+       status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       if (!NT_STATUS_EQUAL(n.out.result, NT_STATUS_NONE_MAPPED)) {
+               torture_result(tctx, TORTURE_FAIL, "LookupNames[1 bad name] failed - %s\n", nt_errstr(n.out.result));
+               if (NT_STATUS_IS_OK(n.out.result)) {
                         return NT_STATUS_UNSUCCESSFUL;
                 }
-               return status;
+               return n.out.result;
         }
  
         init_lsa_String(&sname[0], "xxNONAMExx");
         init_lsa_String(&sname[1], "xxNONAME2xx");
         n.in.num_names = 2;
-       status = dcerpc_samr_LookupNames(p, tctx, &n);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
-               torture_warning(tctx, "LookupNames[2 bad names] failed - %s\n", nt_errstr(status));
-               if (NT_STATUS_IS_OK(status)) {
+       status = dcerpc_samr_LookupNames_r(b, tctx, &n);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       if (!NT_STATUS_EQUAL(n.out.result, NT_STATUS_NONE_MAPPED)) {
+               torture_result(tctx, TORTURE_FAIL, "LookupNames[2 bad names] failed - %s\n", nt_errstr(n.out.result));
+               if (NT_STATUS_IS_OK(n.out.result)) {
                         return NT_STATUS_UNSUCCESSFUL;
                 }
-               return status;
+               return n.out.result;
         }
  
         return NT_STATUS_OK;
  }
  
-static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p,
+static NTSTATUS test_OpenUser_byname(struct dcerpc_binding_handle *b,
                                      struct torture_context *tctx,
                                      struct policy_handle *domain_handle,
                                      const char *name, struct policy_handle *user_handle)
@@ -1519,7 +1602,7 @@ static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p,
         struct samr_OpenUser r;
         uint32_t rid;
  
-       status = test_LookupName(p, tctx, domain_handle, name, &rid);
+       status = test_LookupName(b, tctx, domain_handle, name, &rid);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -1528,12 +1611,15 @@ static NTSTATUS test_OpenUser_byname(struct dcerpc_pipe *p,
         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r.in.rid = rid;
         r.out.user_handle = user_handle;
-       status = dcerpc_samr_OpenUser(p, tctx, &r);
+       status = dcerpc_samr_OpenUser_r(b, tctx, &r);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(status));
+               return status;
+       }
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "OpenUser_byname(%s -> %d) failed - %s\n", name, rid, nt_errstr(r.out.result));
         }
  
-       return status;
+       return r.out.result;
  }
  
  #if 0
@@ -1585,9 +1671,10 @@ static bool test_ChangePasswordNT3(struct dcerpc_pipe *p,
         r.in.cross2_present = 1;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "ChangePasswordUser failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1599,7 +1686,8 @@ static bool test_ChangePasswordNT3(struct dcerpc_pipe *p,
  }
  #endif
  
-static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_ChangePasswordUser(struct dcerpc_binding_handle *b,
+                                   struct torture_context *tctx,
                                     const char *acct_name,
                                     struct policy_handle *handle, char **password)
  {
@@ -1618,15 +1706,16 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         struct samr_PwInfo info;
         int policy_min_pw_len = 0;
  
-       status = test_OpenUser_byname(p, tctx, handle, acct_name, &user_handle);
+       status = test_OpenUser_byname(b, tctx, handle, acct_name, &user_handle);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
         pwp.in.user_handle = &user_handle;
         pwp.out.info = &info;
  
-       status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetUserPwInfo_r(b, tctx, &pwp),
+               "GetUserPwInfo failed");
+       if (NT_STATUS_IS_OK(pwp.out.result)) {
                 policy_min_pw_len = pwp.out.info->min_password_length;
         }
         newpass = samr_rand_pass(tctx, policy_min_pw_len);
@@ -1652,8 +1741,8 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
  
         r.in.user_handle = &user_handle;
         r.in.lm_present = 1;
-       /* Break the LM hash */
-       hash1.hash[0]++;
+       /* Break the NT hash */
+       hash3.hash[0]++;
         r.in.old_lm_crypted = &hash1;
         r.in.new_lm_crypted = &hash2;
         r.in.nt_present = 1;
@@ -1664,19 +1753,31 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.cross2_present = 1;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, status, NT_STATUS_WRONG_PASSWORD,
-               "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       /* Unbreak the LM hash */
-       hash1.hash[0]--;
+       /* Do not proceed if this call has been removed */
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+               torture_skip(tctx, "ValidatePassword not supported by server\n");
+       }
+
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+               torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
+                       "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
+       }
+
+       /* Unbreak the NT hash */
+       hash3.hash[0]--;
  
         r.in.user_handle = &user_handle;
         r.in.lm_present = 1;
         r.in.old_lm_crypted = &hash1;
         r.in.new_lm_crypted = &hash2;
-       /* Break the NT hash */
-       hash3.hash[0]--;
+       /* Break the LM hash */
+       hash1.hash[0]--;
         r.in.nt_present = 1;
         r.in.old_nt_crypted = &hash3;
         r.in.new_nt_crypted = &hash4;
@@ -1685,9 +1786,15 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.cross2_present = 1;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, status, NT_STATUS_WRONG_PASSWORD,
-               "expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+               torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
+                       "expected NT_STATUS_WRONG_PASSWORD because we broke the NT hash");
+       }
  
         /* Unbreak the NT hash */
         hash3.hash[0]--;
@@ -1706,9 +1813,15 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         hash6.hash[0]++;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM cross-hash, got %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD) &&
+           !NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION))
+       {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD or NT_STATUS_PASSWORD_RESTRICTION because we broke the LM cross-hash, got %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1729,9 +1842,15 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.cross2_present = 1;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the NT cross-hash, got %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD) &&
+           !NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION))
+       {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD or NT_STATUS_PASSWORD_RESTRICTION because we broke the NT cross-hash, got %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1759,12 +1878,16 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.cross2_present = 0;
         r.in.lm_cross = NULL;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (NT_STATUS_IS_OK(r.out.result)) {
                 changed = true;
                 *password = newpass;
-       } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
-               torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(status));
+       } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1797,12 +1920,16 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.cross2_present = 1;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (NT_STATUS_IS_OK(r.out.result)) {
                 changed = true;
                 *password = newpass;
-       } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, status)) {
-               torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED, got %s\n", nt_errstr(status));
+       } else if (!NT_STATUS_EQUAL(NT_STATUS_PASSWORD_RESTRICTION, r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_OK, or at least NT_STATUS_PASSWORD_RESTRICTION, got %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1835,11 +1962,15 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.cross2_present = 1;
         r.in.lm_cross = &hash6;
  
-       status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-       if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-               torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
-       } else  if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "ChangePasswordUser failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+               "ChangePasswordUser failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+               torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+       } else  if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         } else {
                 changed = true;
@@ -1859,17 +1990,21 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
         r.in.lm_cross = &hash6;
  
         if (changed) {
-               status = dcerpc_samr_ChangePasswordUser(p, tctx, &r);
-               if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-                       torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
-               } else if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-                       torture_warning(tctx, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser_r(b, tctx, &r),
+                       "ChangePasswordUser failed");
+               torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                               __location__, __FUNCTION__,
+                               oldpass, newpass, nt_errstr(r.out.result));
+               if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+                       torture_comment(tctx, "ChangePasswordUser returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+               } else if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+                       torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we already changed the password, got %s\n", nt_errstr(r.out.result));
                         ret = false;
                 }
         }
  
  
-       if (!test_samr_handle_Close(p, tctx, &user_handle)) {
+       if (!test_samr_handle_Close(b, tctx, &user_handle)) {
                 ret = false;
         }
  
@@ -1877,11 +2012,11 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex
  }
  
  
-static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p,
+                                       struct torture_context *tctx,
                                         const char *acct_name,
                                         struct policy_handle *handle, char **password)
  {
-       NTSTATUS status;
         struct samr_OemChangePasswordUser2 r;
         bool ret = true;
         struct samr_Password lm_verifier;
@@ -1889,6 +2024,7 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         struct lsa_AsciiString server, account, account_bad;
         char *oldpass;
         char *newpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         uint8_t old_lm_hash[16], new_lm_hash[16];
  
         struct samr_GetDomPwInfo dom_pw_info;
@@ -1908,8 +2044,9 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
  
         oldpass = *password;
  
-       status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info);
-       if (NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &dom_pw_info),
+               "GetDomPwInfo failed");
+       if (NT_STATUS_IS_OK(dom_pw_info.out.result)) {
                 policy_min_pw_len = dom_pw_info.out.info->min_password_length;
         }
  
@@ -1933,12 +2070,16 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         /* Break the verification */
         lm_verifier.hash[0]++;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
-           && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
-                       nt_errstr(status));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+           && !NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1955,12 +2096,16 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         r.in.password = &lm_pass;
         r.in.hash = &lm_verifier;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
-           && !NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
-                       nt_errstr(status));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+           && !NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1972,12 +2117,16 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         r.in.password = &lm_pass;
         r.in.hash = NULL;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
-           && !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
-                       nt_errstr(status));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
+           && !NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER (or at least 'PASSWORD_RESTRICTON') for no supplied validation hash - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1985,11 +2134,15 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         account_bad.string = TEST_ACCOUNT_NAME "XX";
         r.in.account = &account_bad;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s\n",
-                       nt_errstr(status));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied validation hash and invalid user - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -1999,11 +2152,15 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         r.in.password = &lm_pass;
         r.in.hash = &lm_verifier;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
-                       nt_errstr(status));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned WRONG_PASSWORD for invalid user - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -2013,11 +2170,15 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         r.in.password = NULL;
         r.in.hash = &lm_verifier;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s\n",
-                       nt_errstr(status));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed, should have returned INVALID_PARAMETER for no supplied password and invalid user - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -2033,11 +2194,16 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co
         r.in.password = &lm_pass;
         r.in.hash = &lm_verifier;
  
-       status = dcerpc_samr_OemChangePasswordUser2(p, tctx, &r);
-       if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-               torture_comment(tctx, "OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
-       } else if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "OemChangePasswordUser2 failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OemChangePasswordUser2_r(b, tctx, &r),
+               "OemChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+               torture_comment(tctx, "OemChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+       } else if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "OemChangePasswordUser2 failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -2052,13 +2218,13 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
                                      char **password,
                                      char *newpass, bool allow_password_restriction)
  {
-       NTSTATUS status;
         struct samr_ChangePasswordUser2 r;
         bool ret = true;
         struct lsa_String server, account;
         struct samr_CryptPassword nt_pass, lm_pass;
         struct samr_Password nt_verifier, lm_verifier;
         char *oldpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         uint8_t old_nt_hash[16], new_nt_hash[16];
         uint8_t old_lm_hash[16], new_lm_hash[16];
  
@@ -2079,8 +2245,9 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
  
         if (!newpass) {
                 int policy_min_pw_len = 0;
-               status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info);
-               if (NT_STATUS_IS_OK(status)) {
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &dom_pw_info),
+                       "GetDomPwInfo failed");
+               if (NT_STATUS_IS_OK(dom_pw_info.out.result)) {
                         policy_min_pw_len = dom_pw_info.out.info->min_password_length;
                 }
  
@@ -2112,11 +2279,16 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
         r.in.lm_password = &lm_pass;
         r.in.lm_verifier = &lm_verifier;
  
-       status = dcerpc_samr_ChangePasswordUser2(p, tctx, &r);
-       if (allow_password_restriction && NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-               torture_comment(tctx, "ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(status));
-       } else if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "ChangePasswordUser2 failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser2_r(b, tctx, &r),
+               "ChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+
+       if (allow_password_restriction && NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+               torture_comment(tctx, "ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+       } else if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser2 failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         } else {
                 *password = newpass;
@@ -2126,6 +2298,83 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte
  }
  
  
+static bool test_ChangePasswordUser2_ntstatus(struct dcerpc_pipe *p, struct torture_context *tctx,
+                                             const char *acct_name,
+                                             const char *password, NTSTATUS status)
+{
+       struct samr_ChangePasswordUser2 r;
+       struct lsa_String server, account;
+       struct samr_CryptPassword nt_pass, lm_pass;
+       struct samr_Password nt_verifier, lm_verifier;
+       const char *oldpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+       uint8_t old_nt_hash[16], new_nt_hash[16];
+       uint8_t old_lm_hash[16], new_lm_hash[16];
+
+       struct samr_GetDomPwInfo dom_pw_info;
+       struct samr_PwInfo info;
+
+       struct lsa_String domain_name;
+       char *newpass;
+       int policy_min_pw_len = 0;
+
+       domain_name.string = "";
+       dom_pw_info.in.domain_name = &domain_name;
+       dom_pw_info.out.info = &info;
+
+       torture_comment(tctx, "Testing ChangePasswordUser2 on %s\n", acct_name);
+
+       oldpass = password;
+
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDomPwInfo_r(b, tctx, &dom_pw_info),
+                                  "GetDomPwInfo failed");
+       if (NT_STATUS_IS_OK(dom_pw_info.out.result)) {
+               policy_min_pw_len = dom_pw_info.out.info->min_password_length;
+       }
+
+       newpass = samr_rand_pass(tctx, policy_min_pw_len);
+
+       server.string = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
+       init_lsa_String(&account, acct_name);
+
+       E_md4hash(oldpass, old_nt_hash);
+       E_md4hash(newpass, new_nt_hash);
+
+       E_deshash(oldpass, old_lm_hash);
+       E_deshash(newpass, new_lm_hash);
+
+       encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
+       arcfour_crypt(lm_pass.data, old_lm_hash, 516);
+       E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
+
+       encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
+       arcfour_crypt(nt_pass.data, old_nt_hash, 516);
+       E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
+
+       r.in.server = &server;
+       r.in.account = &account;
+       r.in.nt_password = &nt_pass;
+       r.in.nt_verifier = &nt_verifier;
+       r.in.lm_change = 1;
+       r.in.lm_password = &lm_pass;
+       r.in.lm_verifier = &lm_verifier;
+
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser2_r(b, tctx, &r),
+               "ChangePasswordUser2 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+               torture_comment(tctx, "ChangePasswordUser2 returned: %s perhaps min password age? (not fatal)\n", nt_errstr(r.out.result));
+       } else {
+               torture_assert_ntstatus_equal(tctx, r.out.result, status, "ChangePasswordUser2 returned unexpected value");
+       }
+
+       return true;
+}
+
+
  bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tctx,
                               const char *account_string,
                               int policy_min_pw_len,
@@ -2134,13 +2383,13 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
                               NTTIME last_password_change,
                               bool handle_reject_reason)
  {
-       NTSTATUS status;
         struct samr_ChangePasswordUser3 r;
         bool ret = true;
         struct lsa_String server, account, account_bad;
         struct samr_CryptPassword nt_pass, lm_pass;
         struct samr_Password nt_verifier, lm_verifier;
         char *oldpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         uint8_t old_nt_hash[16], new_nt_hash[16];
         uint8_t old_lm_hash[16], new_lm_hash[16];
         NTTIME t;
@@ -2196,11 +2445,15 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
         r.out.dominfo = &dominfo;
         r.out.reject = &reject;
  
-       status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
-           (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
-               torture_warning(tctx, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
-                       nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+               "ChangePasswordUser3 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION) &&
+           (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD))) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalid password verifier - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -2227,11 +2480,15 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
         r.out.dominfo = &dominfo;
         r.out.reject = &reject;
  
-       status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
-           (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD))) {
-               torture_warning(tctx, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
-                       nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+               "ChangePasswordUser3 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION) &&
+           (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD))) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD (or at least 'PASSWORD_RESTRICTON') for invalidly encrpted password - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -2239,10 +2496,14 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
         init_lsa_String(&account_bad, talloc_asprintf(tctx, "%sXX", account_string));
  
         r.in.account = &account_bad;
-       status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
-               torture_warning(tctx, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
-                       nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+               "ChangePasswordUser3 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+       if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_WRONG_PASSWORD)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed, should have returned WRONG_PASSWORD for invalid username - %s\n",
+                       nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -2273,9 +2534,22 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
  
         unix_to_nt_time(&t, time(NULL));
  
-       status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
-
-       if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+               "ChangePasswordUser3 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
+
+       torture_comment(tctx, "(%s): dominfo[%s], reject[%s], handle_reject_reason[%s], "
+                       "last_password_change[%s], dominfo->min_password_age[%lld]\n",
+                       __location__,
+                       (dominfo == NULL)? "NULL" : "present",
+                       reject ? "true" : "false",
+                       handle_reject_reason ? "true" : "false",
+                       null_nttime(last_password_change) ? "null" : "not null",
+                       dominfo ? (long long)dominfo->min_password_age : (long long)0);
+
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)
             && dominfo
             && reject
             && handle_reject_reason
@@ -2283,7 +2557,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
                 if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
  
                         if (reject && (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR)) {
-                               torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+                               torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
                                         SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
                                 return false;
                         }
@@ -2298,11 +2572,11 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
  
                 Guenther */
  
-               if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
-                          (last_password_change + dominfo->min_password_age > t)) {
+               if ((dominfo->min_password_age < 0) && !null_nttime(last_password_change) &&
+                          (last_password_change - dominfo->min_password_age > t)) {
  
                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
-                               torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+                               torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
                                         SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
                                 return false;
                         }
@@ -2311,7 +2585,7 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
                            (strlen(newpass) < dominfo->min_password_length)) {
  
                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_PASSWORD_TOO_SHORT) {
-                               torture_warning(tctx, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
+                               torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_PASSWORD_TOO_SHORT (%d), got %d\n",
                                         SAM_PWD_CHANGE_PASSWORD_TOO_SHORT, reject->extendedFailureReason);
                                 return false;
                         }
@@ -2320,14 +2594,14 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
                             strequal(oldpass, newpass)) {
  
                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_PWD_IN_HISTORY) {
-                               torture_warning(tctx, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
+                               torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_PWD_IN_HISTORY (%d), got %d\n",
                                         SAM_PWD_CHANGE_PWD_IN_HISTORY, reject->extendedFailureReason);
                                 return false;
                         }
                 } else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
  
                         if (reject->extendedFailureReason != SAM_PWD_CHANGE_NOT_COMPLEX) {
-                               torture_warning(tctx, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
+                               torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NOT_COMPLEX (%d), got %d\n",
                                         SAM_PWD_CHANGE_NOT_COMPLEX, reject->extendedFailureReason);
                                 return false;
                         }
@@ -2342,16 +2616,17 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
  
                 }
  
-       } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+       } else if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
                 if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
-                       torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+                       torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
                                SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
                         return false;
                 }
                 /* Perhaps the server has a 'min password age' set? */
  
         } else {
-               torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser3");
+               torture_assert_ntstatus_ok(tctx, r.out.result, "ChangePasswordUser3");
+
                 *password = talloc_strdup(tctx, newpass);
         }
  
@@ -2370,7 +2645,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
         DATA_BLOB session_key;
         DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16);
         uint8_t confounder[16];
-       struct MD5Context ctx;
+       MD5_CTX ctx;
  
         bool ret = true;
         struct lsa_String server, account;
@@ -2379,6 +2654,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
         DATA_BLOB new_random_pass;
         char *newpass;
         char *oldpass;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         uint8_t old_nt_hash[16], new_nt_hash[16];
         NTTIME t;
         struct samr_DomInfo1 *dominfo = NULL;
@@ -2405,7 +2681,7 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
  
         status = dcerpc_fetch_session_key(p, &session_key);
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u - no session key - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u - no session key - %s\n",
                        s.in.level, nt_errstr(status));
                 return false;
         }
@@ -2422,10 +2698,14 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
  
         torture_comment(tctx, "Testing SetUserInfo level 25 (set password ex) with a password made up of only random bytes\n");
  
-       status = dcerpc_samr_SetUserInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetUserInfo level %u failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &s),
+               "SetUserInfo failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, "RANDOM", nt_errstr(s.out.result));
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetUserInfo level %u failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 ret = false;
         }
  
@@ -2454,18 +2734,22 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
  
         unix_to_nt_time(&t, time(NULL));
  
-       status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+               "ChangePasswordUser3 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, "RANDOM", nt_errstr(r.out.result));
  
-       if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
                 if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
-                       torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+                       torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
                                SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
                         return false;
                 }
                 /* Perhaps the server has a 'min password age' set? */
  
-       } else if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "ChangePasswordUser3 failed - %s\n", nt_errstr(status));
+       } else if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "ChangePasswordUser3 failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -2492,18 +2776,22 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
  
         unix_to_nt_time(&t, time(NULL));
  
-       status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_ChangePasswordUser3_r(b, tctx, &r),
+               "ChangePasswordUser3 failed");
+       torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+                       __location__, __FUNCTION__,
+                       oldpass, newpass, nt_errstr(r.out.result));
  
-       if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
                 if (reject && reject->extendedFailureReason != SAM_PWD_CHANGE_NO_ERROR) {
-                       torture_warning(tctx, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
+                       torture_result(tctx, TORTURE_FAIL, "expected SAM_PWD_CHANGE_NO_ERROR (%d), got %d\n",
                                SAM_PWD_CHANGE_NO_ERROR, reject->extendedFailureReason);
                         return false;
                 }
                 /* Perhaps the server has a 'min password age' set? */
  
         } else {
-               torture_assert_ntstatus_ok(tctx, status, "ChangePasswordUser3 (on second random password)");
+               torture_assert_ntstatus_ok(tctx, r.out.result, "ChangePasswordUser3 (on second random password)");
                 *password = talloc_strdup(tctx, newpass);
         }
  
@@ -2511,60 +2799,63 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
  }
  
  
-static bool test_GetMembersInAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
-                                 struct policy_handle *alias_handle)
+static bool test_GetMembersInAlias(struct dcerpc_binding_handle *b,
+                                  struct torture_context *tctx,
+                                  struct policy_handle *alias_handle)
  {
         struct samr_GetMembersInAlias r;
         struct lsa_SidArray sids;
-       NTSTATUS status;
  
         torture_comment(tctx, "Testing GetMembersInAlias\n");
  
         r.in.alias_handle = alias_handle;
         r.out.sids = &sids;
  
-       status = dcerpc_samr_GetMembersInAlias(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "GetMembersInAlias");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetMembersInAlias_r(b, tctx, &r),
+               "GetMembersInAlias failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "GetMembersInAlias failed");
  
         return true;
  }
  
-static bool test_AddMemberToAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_AddMemberToAlias(struct dcerpc_binding_handle *b,
+                                 struct torture_context *tctx,
                                   struct policy_handle *alias_handle,
                                   const struct dom_sid *domain_sid)
  {
         struct samr_AddAliasMember r;
         struct samr_DeleteAliasMember d;
-       NTSTATUS status;
         struct dom_sid *sid;
  
         sid = dom_sid_add_rid(tctx, domain_sid, 512);
  
-       torture_comment(tctx, "testing AddAliasMember\n");
+       torture_comment(tctx, "Testing AddAliasMember\n");
         r.in.alias_handle = alias_handle;
         r.in.sid = sid;
  
-       status = dcerpc_samr_AddAliasMember(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "AddAliasMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddAliasMember_r(b, tctx, &r),
+               "AddAliasMember failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "AddAliasMember failed");
  
         d.in.alias_handle = alias_handle;
         d.in.sid = sid;
  
-       status = dcerpc_samr_DeleteAliasMember(p, tctx, &d);
-       torture_assert_ntstatus_ok(tctx, status, "DelAliasMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteAliasMember_r(b, tctx, &d),
+               "DeleteAliasMember failed");
+       torture_assert_ntstatus_ok(tctx, d.out.result, "DelAliasMember failed");
  
         return true;
  }
  
-static bool test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_AddMultipleMembersToAlias(struct dcerpc_binding_handle *b,
+                                          struct torture_context *tctx,
                                            struct policy_handle *alias_handle)
  {
         struct samr_AddMultipleMembersToAlias a;
         struct samr_RemoveMultipleMembersFromAlias r;
-       NTSTATUS status;
         struct lsa_SidArray sids;
  
-       torture_comment(tctx, "testing AddMultipleMembersToAlias\n");
+       torture_comment(tctx, "Testing AddMultipleMembersToAlias\n");
         a.in.alias_handle = alias_handle;
         a.in.sids = &sids;
  
@@ -2575,45 +2866,44 @@ static bool test_AddMultipleMembersToAlias(struct dcerpc_pipe *p, struct torture
         sids.sids[1].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-2");
         sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-3");
  
-       status = dcerpc_samr_AddMultipleMembersToAlias(p, tctx, &a);
-       torture_assert_ntstatus_ok(tctx, status, "AddMultipleMembersToAlias");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddMultipleMembersToAlias_r(b, tctx, &a),
+               "AddMultipleMembersToAlias failed");
+       torture_assert_ntstatus_ok(tctx, a.out.result, "AddMultipleMembersToAlias");
  
  
-       torture_comment(tctx, "testing RemoveMultipleMembersFromAlias\n");
+       torture_comment(tctx, "Testing RemoveMultipleMembersFromAlias\n");
         r.in.alias_handle = alias_handle;
         r.in.sids = &sids;
  
-       status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "RemoveMultipleMembersFromAlias");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMultipleMembersFromAlias_r(b, tctx, &r),
+               "RemoveMultipleMembersFromAlias failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "RemoveMultipleMembersFromAlias failed");
  
         /* strange! removing twice doesn't give any error */
-       status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "RemoveMultipleMembersFromAlias");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMultipleMembersFromAlias_r(b, tctx, &r),
+               "RemoveMultipleMembersFromAlias failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "RemoveMultipleMembersFromAlias failed");
  
         /* but removing an alias that isn't there does */
         sids.sids[2].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-4");
  
-       status = dcerpc_samr_RemoveMultipleMembersFromAlias(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, "RemoveMultipleMembersFromAlias");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMultipleMembersFromAlias_r(b, tctx, &r),
+               "RemoveMultipleMembersFromAlias failed");
+       torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND, "RemoveMultipleMembersFromAlias");
  
         return true;
  }
  
-static bool test_GetAliasMembership(struct dcerpc_pipe *p,
+static bool test_GetAliasMembership(struct dcerpc_binding_handle *b,
                                     struct torture_context *tctx,
                                     struct policy_handle *domain_handle)
  {
         struct samr_GetAliasMembership r;
         struct lsa_SidArray sids;
         struct samr_Ids rids;
-       NTSTATUS status;
  
         torture_comment(tctx, "Testing GetAliasMembership\n");
  
-       if (torture_setting_bool(tctx, "samba4", false)) {
-               torture_skip(tctx, "skipping GetAliasMembership against s4");
-       }
-
         r.in.domain_handle      = domain_handle;
         r.in.sids               = &sids;
         r.out.rids              = &rids;
@@ -2621,8 +2911,9 @@ static bool test_GetAliasMembership(struct dcerpc_pipe *p,
         sids.num_sids = 0;
         sids.sids = talloc_zero_array(tctx, struct lsa_SidPtr, sids.num_sids);
  
-       status = dcerpc_samr_GetAliasMembership(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status,
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetAliasMembership_r(b, tctx, &r),
+               "GetAliasMembership failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                 "samr_GetAliasMembership failed");
  
         torture_assert_int_equal(tctx, sids.num_sids, rids.count,
@@ -2632,8 +2923,9 @@ static bool test_GetAliasMembership(struct dcerpc_pipe *p,
         sids.sids = talloc_zero_array(tctx, struct lsa_SidPtr, sids.num_sids);
         sids.sids[0].sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1-2-3-1");
  
-       status = dcerpc_samr_GetAliasMembership(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status,
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetAliasMembership_r(b, tctx, &r),
+               "samr_GetAliasMembership failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                 "samr_GetAliasMembership failed");
  
  #if 0
@@ -2651,23 +2943,24 @@ static bool test_GetAliasMembership(struct dcerpc_pipe *p,
         return true;
  }
  
-static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, struct torture_context *tctx,
-                                           struct policy_handle *user_handle)
+static bool test_TestPrivateFunctionsUser(struct dcerpc_binding_handle *b,
+                                         struct torture_context *tctx,
+                                         struct policy_handle *user_handle)
  {
         struct samr_TestPrivateFunctionsUser r;
-       NTSTATUS status;
  
         torture_comment(tctx, "Testing TestPrivateFunctionsUser\n");
  
         r.in.user_handle = user_handle;
  
-       status = dcerpc_samr_TestPrivateFunctionsUser(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsUser");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_TestPrivateFunctionsUser_r(b, tctx, &r),
+               "TestPrivateFunctionsUser failed");
+       torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsUser");
  
         return true;
  }
  
-static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
+static bool test_QueryUserInfo_pwdlastset(struct dcerpc_binding_handle *b,
                                           struct torture_context *tctx,
                                           struct policy_handle *handle,
                                           bool use_info2,
@@ -2676,7 +2969,7 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
         NTSTATUS status;
         uint16_t levels[] = { /* 3, */ 5, 21 };
         int i;
-       NTTIME pwdlastset3 = 0;
+       /* NTTIME pwdlastset3 = 0; */
         NTTIME pwdlastset5 = 0;
         NTTIME pwdlastset21 = 0;
  
@@ -2693,25 +2986,29 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
                         r2.in.user_handle = handle;
                         r2.in.level = levels[i];
                         r2.out.info = &info;
-                       status = dcerpc_samr_QueryUserInfo2(p, tctx, &r2);
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo2_r(b, tctx, &r2),
+                               "QueryUserInfo2 failed");
+                       status = r2.out.result;
  
                 } else {
                         r.in.user_handle = handle;
                         r.in.level = levels[i];
                         r.out.info = &info;
-                       status = dcerpc_samr_QueryUserInfo(p, tctx, &r);
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+                               "QueryUserInfo failed");
+                       status = r.out.result;
                 }
  
                 if (!NT_STATUS_IS_OK(status) &&
                     !NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
-                       torture_warning(tctx, "QueryUserInfo%s level %u failed - %s\n",
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo%s level %u failed - %s\n",
                                use_info2 ? "2":"", levels[i], nt_errstr(status));
                         return false;
                 }
  
                 switch (levels[i]) {
                 case 3:
-                       pwdlastset3 = info->info3.last_password_change;
+                       /* pwdlastset3 = info->info3.last_password_change; */
                         break;
                 case 5:
                         pwdlastset5 = info->info5.last_password_change;
@@ -2730,13 +3027,15 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
  
         *pwdlastset = pwdlastset21;
  
-       torture_comment(tctx, "(pwdlastset: %lld)\n", *pwdlastset);
+       torture_comment(tctx, "(pwdlastset: %llu)\n",
+                       (unsigned long long) *pwdlastset);
  
         return true;
  }
  
  static bool test_SamLogon(struct torture_context *tctx,
                           struct dcerpc_pipe *p,
+                         struct cli_credentials *machine_credentials,
                           struct cli_credentials *test_credentials,
                           NTSTATUS expected_result,
                           bool interactive)
@@ -2754,14 +3053,15 @@ static bool test_SamLogon(struct torture_context *tctx,
         uint32_t samlogon_flags = 0;
         struct netlogon_creds_CredentialState *creds;
         struct netr_Authenticator a;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
-       torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), "");
+       torture_assert(tctx, (creds = cli_credentials_get_netlogon_creds(machine_credentials)), "");
  
-       if (lp_client_lanman_auth(tctx->lp_ctx)) {
+       if (lpcfg_client_lanman_auth(tctx->lp_ctx)) {
                 flags |= CLI_CRED_LANMAN_AUTH;
         }
  
-       if (lp_client_ntlmv2_auth(tctx->lp_ctx)) {
+       if (lpcfg_client_ntlmv2_auth(tctx->lp_ctx)) {
                 flags |= CLI_CRED_NTLMv2_AUTH;
         }
  
@@ -2784,7 +3084,10 @@ static bool test_SamLogon(struct torture_context *tctx,
                 }
                 E_md4hash(cli_credentials_get_password(test_credentials), pinfo.ntpassword.hash);
  
-               if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+               if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+                       netlogon_creds_aes_encrypt(creds, pinfo.lmpassword.hash, 16);
+                       netlogon_creds_aes_encrypt(creds, pinfo.ntpassword.hash, 16);
+               } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
                         netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
                         netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
                 } else {
@@ -2837,16 +3140,18 @@ static bool test_SamLogon(struct torture_context *tctx,
  
         r.in.validation_level = 6;
  
-       status = dcerpc_netr_LogonSamLogonEx(p, tctx, &r);
-       if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+               "netr_LogonSamLogonEx failed");
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_INFO_CLASS)) {
                 r.in.validation_level = 3;
-               status = dcerpc_netr_LogonSamLogonEx(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_netr_LogonSamLogonEx_r(b, tctx, &r),
+                       "netr_LogonSamLogonEx failed");
         }
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_assert_ntstatus_equal(tctx, status, expected_result, "LogonSamLogonEx failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_assert_ntstatus_equal(tctx, r.out.result, expected_result, "LogonSamLogonEx failed");
                 return true;
         } else {
-               torture_assert_ntstatus_ok(tctx, status, "LogonSamLogonEx failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result, "LogonSamLogonEx failed");
         }
  
         return true;
@@ -2874,12 +3179,12 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx,
         cli_credentials_set_password(test_credentials,
                                      password, CRED_SPECIFIED);
  
-       torture_comment(tctx, "testing samlogon (%s) as %s password: %s\n",
+       torture_comment(tctx, "Testing samlogon (%s) as %s password: %s\n",
                 interactive ? "interactive" : "network", acct_name, password);
  
-       if (!test_SamLogon(tctx, p, test_credentials,
+       if (!test_SamLogon(tctx, p, machine_creds, test_credentials,
                             expected_samlogon_result, interactive)) {
-               torture_warning(tctx, "new password did not work\n");
+               torture_result(tctx, TORTURE_FAIL, "new password did not work\n");
                 ret = false;
         }
  
@@ -2904,6 +3209,7 @@ static bool test_SetPassword_level(struct dcerpc_pipe *p,
  {
         const char *fields = NULL;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         switch (level) {
         case 21:
@@ -2930,7 +3236,7 @@ static bool test_SetPassword_level(struct dcerpc_pipe *p,
                 ret = false;
         }
  
-       if (!test_QueryUserInfo_pwdlastset(p, tctx, handle,
+       if (!test_QueryUserInfo_pwdlastset(b, tctx, handle,
                                            use_queryinfo2,
                                            pwdlastset)) {
                 ret = false;
@@ -2957,6 +3263,7 @@ static bool setup_schannel_netlogon_pipe(struct torture_context *tctx,
                                          struct dcerpc_pipe **p)
  {
         struct dcerpc_binding *b;
+       NTSTATUS status;
  
         torture_assert_ntstatus_ok(tctx, torture_rpc_binding(tctx, &b),
                 "failed to get rpc binding");
@@ -2964,8 +3271,11 @@ static bool setup_schannel_netlogon_pipe(struct torture_context *tctx,
         /* We have to use schannel, otherwise the SamLogonEx fails
          * with INTERNAL_ERROR */
  
-       b->flags &= ~DCERPC_AUTH_OPTIONS;
-       b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
+       status = dcerpc_binding_set_flags(b,
+                                         DCERPC_SCHANNEL | DCERPC_SIGN |
+                                         DCERPC_SCHANNEL_AUTO,
+                                         DCERPC_AUTH_OPTIONS);
+       torture_assert_ntstatus_ok(tctx, status, "set flags");
  
         torture_assert_ntstatus_ok(tctx,
                 dcerpc_pipe_connect_b(tctx, p, b, &ndr_table_netlogon,
@@ -3006,7 +3316,8 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
         };
         struct dcerpc_pipe *np = NULL;
  
-       if (torture_setting_bool(tctx, "samba3", false)) {
+       if (torture_setting_bool(tctx, "samba3", false) ||
+           torture_setting_bool(tctx, "samba4", false)) {
                 delay = 999999;
                 torture_comment(tctx, "Samba3 has second granularity, setting delay to: %d\n",
                         delay);
@@ -3072,7 +3383,7 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                                             password,
                                             machine_credentials,
                                             query_levels[q],
-                                           &pwdlastset_old,
+                                           &pwdlastset_new,
                                             expected_samlogon_result)) {
                         ret = false;
                 }
@@ -3097,11 +3408,12 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                                         "been set\n");
                                 break;
                         }
+                       break;
                 default:
                         if (pwdlastset_new != 0) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected pwdLastSet 0 but got %lld\n",
-                                       pwdlastset_old);
+                               torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+                                       "expected pwdLastSet 0 but got %llu\n",
+                                       (unsigned long long) pwdlastset_old);
                                 ret = false;
                         }
                         break;
@@ -3115,19 +3427,14 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                              (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
                              (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
                              (pwdlastset_old >= pwdlastset_new)) {
-                               torture_warning(tctx, "pwdlastset not increasing\n");
-                               ret = false;
-                       }
-                       break;
-               default:
-                       if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
-                           (pwdlastset_old >= pwdlastset_new)) {
-                               torture_warning(tctx, "pwdlastset not increasing\n");
+                               torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
                                 ret = false;
                         }
                         break;
                 }
  
+               pwdlastset_old = pwdlastset_new;
+
                 usleep(delay);
  
                 /* set #2 */
@@ -3157,7 +3464,6 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                 case 21:
                 case 23:
                 case 25:
-
                         /* SAMR_FIELD_EXPIRED_FLAG has not been set and no
                          * password has been changed, old and new pwdlastset
                          * need to be the same value */
@@ -3170,19 +3476,22 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                                         pwdlastset_new, "pwdlastset must be equal");
                                 break;
                         }
+                       break;
                 default:
                         if (pwdlastset_old >= pwdlastset_new) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n",
-                                       pwdlastset_old, pwdlastset_new);
+                               torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+                                       "expected last pwdlastset (%llu) < new pwdlastset (%llu)\n",
+                                       (unsigned long long) pwdlastset_old,
+                                       (unsigned long long) pwdlastset_new);
                                 ret = false;
                         }
                         if (pwdlastset_new == 0) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected non-0 pwdlastset, got: %lld\n",
-                                       pwdlastset_new);
+                               torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+                                       "expected non-0 pwdlastset, got: %llu\n",
+                                       (unsigned long long) pwdlastset_new);
                                 ret = false;
                         }
+                       break;
                 }
  
                 switch (levels[l]) {
@@ -3193,14 +3502,7 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                              (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
                              (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
                              (pwdlastset_old >= pwdlastset_new)) {
-                               torture_warning(tctx, "pwdlastset not increasing\n");
-                               ret = false;
-                       }
-                       break;
-               default:
-                       if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
-                           (pwdlastset_old >= pwdlastset_new)) {
-                               torture_warning(tctx, "pwdlastset not increasing\n");
+                               torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
                                 ret = false;
                         }
                         break;
@@ -3238,31 +3540,54 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                 case 23:
                 case 25:
  
-                       /* if no password has been changed, old and new pwdlastset
+                       /* SAMR_FIELD_EXPIRED_FLAG has not been set and no
+                        * password has been changed, old and new pwdlastset
                          * need to be the same value */
  
-                       if (!((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+                       if (!(fields_present[f] & SAMR_FIELD_EXPIRED_FLAG) &&
+                           !((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
                               (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)))
                         {
                                 torture_assert_int_equal(tctx, pwdlastset_old,
                                         pwdlastset_new, "pwdlastset must be equal");
                                 break;
                         }
+                       break;
                 default:
                         if (pwdlastset_old >= pwdlastset_new) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n",
-                                       pwdlastset_old, pwdlastset_new);
+                               torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+                                       "expected last pwdlastset (%llu) < new pwdlastset (%llu)\n",
+                                       (unsigned long long) pwdlastset_old,
+                                       (unsigned long long) pwdlastset_new);
                                 ret = false;
                         }
                         if (pwdlastset_new == 0) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected non-0 pwdlastset, got: %lld\n",
-                                       pwdlastset_new);
+                               torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+                                       "expected non-0 pwdlastset, got: %llu\n",
+                                       (unsigned long long) pwdlastset_new);
                                 ret = false;
                         }
+                       break;
                 }
  
+               switch (levels[l]) {
+               case 21:
+               case 23:
+               case 25:
+                       if (((fields_present[f] & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
+                            (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
+                            (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
+                            (pwdlastset_old >= pwdlastset_new)) {
+                               torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
+                               ret = false;
+                       }
+                       break;
+               }
+
+               pwdlastset_old = pwdlastset_new;
+
+               usleep(delay);
+
                 /* set #3 */
  
                 /* set a password and force password change (pwdlastset 0) by
@@ -3311,19 +3636,12 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                                         pwdlastset_new, "pwdlastset must be equal");
                                 break;
                         }
+                       break;
                 default:
-
-                       if (pwdlastset_old == pwdlastset_new) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected last pwdlastset (%lld) != new pwdlastset (%lld)\n",
-                                       pwdlastset_old, pwdlastset_new);
-                               ret = false;
-                       }
-
                         if (pwdlastset_new != 0) {
-                               torture_warning(tctx, "pwdLastSet test failed: "
-                                       "expected pwdLastSet 0, got %lld\n",
-                                       pwdlastset_old);
+                               torture_result(tctx, TORTURE_FAIL, "pwdLastSet test failed: "
+                                       "expected pwdLastSet 0, got %llu\n",
+                                       (unsigned long long) pwdlastset_old);
                                 ret = false;
                         }
                         break;
@@ -3337,14 +3655,7 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
                              (fields_present[f] & SAMR_FIELD_LM_PASSWORD_PRESENT)) &&
                              (pwdlastset_old > 0) && (pwdlastset_new > 0) &&
                              (pwdlastset_old >= pwdlastset_new)) {
-                               torture_warning(tctx, "pwdlastset not increasing\n");
-                               ret = false;
-                       }
-                       break;
-               default:
-                       if ((pwdlastset_old > 0) && (pwdlastset_new > 0) &&
-                           (pwdlastset_old >= pwdlastset_new)) {
-                               torture_warning(tctx, "pwdlastset not increasing\n");
+                               torture_result(tctx, TORTURE_FAIL, "pwdlastset not increasing\n");
                                 ret = false;
                         }
                         break;
@@ -3379,7 +3690,7 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryUserInfo_badpwdcount(struct dcerpc_pipe *p,
+static bool test_QueryUserInfo_badpwdcount(struct dcerpc_binding_handle *b,
                                            struct torture_context *tctx,
                                            struct policy_handle *handle,
                                            uint32_t *badpwdcount)
@@ -3393,7 +3704,9 @@ static bool test_QueryUserInfo_badpwdcount(struct dcerpc_pipe *p,
  
         torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
  
-       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo(p, tctx, &r),
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+               "failed to query userinfo");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                 "failed to query userinfo");
  
         *badpwdcount = info->info3.bad_password_count;
@@ -3403,7 +3716,7 @@ static bool test_QueryUserInfo_badpwdcount(struct dcerpc_pipe *p,
         return true;
  }
  
-static bool test_SetUserInfo_acct_flags(struct dcerpc_pipe *p,
+static bool test_SetUserInfo_acct_flags(struct dcerpc_binding_handle *b,
                                         struct torture_context *tctx,
                                         struct policy_handle *user_handle,
                                         uint32_t acct_flags)
@@ -3419,7 +3732,9 @@ static bool test_SetUserInfo_acct_flags(struct dcerpc_pipe *p,
         r.in.level = 16;
         r.in.info = &user_info;
  
-       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo(p, tctx, &r),
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo_r(b, tctx, &r),
+               "failed to set account flags");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                 "failed to set account flags");
  
         return true;
@@ -3431,13 +3746,15 @@ static bool test_reset_badpwdcount(struct dcerpc_pipe *p,
                                    uint32_t acct_flags,
                                    char **password)
  {
+       struct dcerpc_binding_handle *b = p->binding_handle;
+
         torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
                 "failed to set password");
  
         torture_comment(tctx, "Testing SetUserInfo level 16 (enable account)\n");
  
         torture_assert(tctx,
-                      test_SetUserInfo_acct_flags(p, tctx, user_handle,
+                      test_SetUserInfo_acct_flags(b, tctx, user_handle,
                                                    acct_flags & ~ACB_DISABLED),
                        "failed to enable user");
  
@@ -3447,7 +3764,7 @@ static bool test_reset_badpwdcount(struct dcerpc_pipe *p,
         return true;
  }
  
-static bool test_SetDomainInfo(struct dcerpc_pipe *p,
+static bool test_SetDomainInfo(struct dcerpc_binding_handle *b,
                                struct torture_context *tctx,
                                struct policy_handle *domain_handle,
                                enum samr_DomainInfoClass level,
@@ -3460,13 +3777,15 @@ static bool test_SetDomainInfo(struct dcerpc_pipe *p,
         r.in.info = info;
  
         torture_assert_ntstatus_ok(tctx,
-                                  dcerpc_samr_SetDomainInfo(p, tctx, &r),
+                                  dcerpc_samr_SetDomainInfo_r(b, tctx, &r),
+                                  "failed to set domain info");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                                    "failed to set domain info");
  
         return true;
  }
  
-static bool test_SetDomainInfo_ntstatus(struct dcerpc_pipe *p,
+static bool test_SetDomainInfo_ntstatus(struct dcerpc_binding_handle *b,
                                         struct torture_context *tctx,
                                         struct policy_handle *domain_handle,
                                         enum samr_DomainInfoClass level,
@@ -3479,15 +3798,14 @@ static bool test_SetDomainInfo_ntstatus(struct dcerpc_pipe *p,
         r.in.level = level;
         r.in.info = info;
  
-       torture_assert_ntstatus_equal(tctx,
-                                     dcerpc_samr_SetDomainInfo(p, tctx, &r),
-                                     expected,
-                                     "");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &r),
+               "SetDomainInfo failed");
+       torture_assert_ntstatus_equal(tctx, r.out.result, expected, "");
  
         return true;
  }
  
-static bool test_QueryDomainInfo2_level(struct dcerpc_pipe *p,
+static bool test_QueryDomainInfo2_level(struct dcerpc_binding_handle *b,
                                         struct torture_context *tctx,
                                         struct policy_handle *domain_handle,
                                         enum samr_DomainInfoClass level,
@@ -3499,8 +3817,9 @@ static bool test_QueryDomainInfo2_level(struct dcerpc_pipe *p,
         r.in.level = level;
         r.out.info = q_info;
  
-       torture_assert_ntstatus_ok(tctx,
-               dcerpc_samr_QueryDomainInfo2(p, tctx, &r),
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo2_r(b, tctx, &r),
+               "failed to query domain info");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                 "failed to query domain info");
  
         return true;
@@ -3528,6 +3847,13 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
         uint32_t badpwdcount, tmp;
         uint32_t password_history_length = 12;
         uint32_t lockout_threshold = 15;
+       uint32_t lockout_seconds = 5;
+       uint64_t delta_time_factor = 10 * 1000 * 1000;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+
+       if (torture_setting_bool(tctx, "samba3", false)) {
+               lockout_seconds = 60;
+       }
  
         torture_comment(tctx, "\nTesting bad pwd count with: %s\n", comment);
  
@@ -3539,17 +3865,22 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
  
         info.info1 = *info1;
         info.info1.password_history_length = password_history_length;
+       info.info1.min_password_age = 0;
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainPasswordInformation, &info),
-                      "failed to set password history length");
+                      "failed to set password history length and min passwd age");
  
         info.info12 = *info12;
         info.info12.lockout_threshold = lockout_threshold;
  
+       /* set lockout duration of 5 seconds */
+       info.info12.lockout_duration = ~(lockout_seconds * delta_time_factor);
+       info.info12.lockout_window = ~(lockout_seconds * delta_time_factor);
+
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainLockoutInformation, &info),
                        "failed to set lockout threshold");
  
@@ -3562,12 +3893,12 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
         /* enable or disable account */
         if (disable) {
                 torture_assert(tctx,
-                              test_SetUserInfo_acct_flags(p, tctx, user_handle,
+                              test_SetUserInfo_acct_flags(b, tctx, user_handle,
                                                 acct_flags | ACB_DISABLED),
                                "failed to disable user");
         } else {
                 torture_assert(tctx,
-                              test_SetUserInfo_acct_flags(p, tctx, user_handle,
+                              test_SetUserInfo_acct_flags(b, tctx, user_handle,
                                                 acct_flags & ~ACB_DISABLED),
                                "failed to enable user");
         }
@@ -3590,7 +3921,7 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
                 }
  
                 torture_assert(tctx,
-                       test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+                       test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
  
                 torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
         }
@@ -3605,7 +3936,7 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
         }
  
         torture_assert(tctx,
-               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+               test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
  
         torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
  
@@ -3619,7 +3950,7 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
         }
  
         torture_assert(tctx,
-               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+               test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
  
         if (disable) {
                 torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
@@ -3649,11 +3980,13 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
                         if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
                                                       acct_name, passwords[i],
                                                       expected_success_status, interactive)) {
-                               torture_fail(tctx, talloc_asprintf(tctx, "succeeded to authenticate with old password (#%d of #%d in history)", i, password_history_length));
+                               torture_fail(tctx, talloc_asprintf(tctx, "did not successfully to obtain %s for %s login with old password (#%d of #%d in history)",
+                                                                  nt_errstr(expected_success_status),
+                                                                  interactive ? "interactive" : "network", i, password_history_length));
                         }
  
                         torture_assert(tctx,
-                               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+                               test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
  
                         if (disable) {
                                 /* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE* for pwd history entry %d\n", i); */
@@ -3675,7 +4008,7 @@ static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
                 }
  
                 torture_assert(tctx,
-                       test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+                       test_QueryUserInfo_badpwdcount(b, tctx, user_handle, &badpwdcount), "");
  
                 /* - network samlogon will fail auth but not increase
                  *   badpwdcount for 3rd last entry
@@ -3709,6 +4042,7 @@ static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
         struct samr_DomInfo1 info1, _info1;
         struct samr_DomInfo12 info12, _info12;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct dcerpc_pipe *np;
         int i;
  
@@ -3749,7 +4083,7 @@ static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
         /* backup old policies */
  
         torture_assert(tctx,
-               test_QueryDomainInfo2_level(p, tctx, domain_handle,
+               test_QueryDomainInfo2_level(b, tctx, domain_handle,
                                             DomainPasswordInformation, &q_info),
                 "failed to query domain info level 1");
  
@@ -3757,7 +4091,7 @@ static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
         _info1 = info1;
  
         torture_assert(tctx,
-               test_QueryDomainInfo2_level(p, tctx, domain_handle,
+               test_QueryDomainInfo2_level(b, tctx, domain_handle,
                                             DomainLockoutInformation, &q_info),
                 "failed to query domain info level 12");
  
@@ -3775,16 +4109,16 @@ static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
                         continue;
                 }
  
-               ret &= test_Password_badpwdcount(p, np, tctx, acct_flags, acct_name,
-                                                domain_handle, user_handle, password,
-                                                machine_credentials,
-                                                creds[i].comment,
-                                                creds[i].disabled,
-                                                creds[i].interactive,
-                                                creds[i].expected_success_status,
-                                                &_info1, &_info12);
-               if (!ret) {
-                       torture_warning(tctx, "TEST #%d (%s) failed\n", i, creds[i].comment);
+               if (!test_Password_badpwdcount(p, np, tctx, acct_flags, acct_name,
+                                              domain_handle, user_handle, password,
+                                              machine_credentials,
+                                              creds[i].comment,
+                                              creds[i].disabled,
+                                              creds[i].interactive,
+                                              creds[i].expected_success_status,
+                                              &_info1, &_info12)) {
+                       torture_result(tctx, TORTURE_FAIL, "TEST #%d (%s) failed\n", i, creds[i].comment);
+                       ret = false;
                 } else {
                         torture_comment(tctx, "TEST #%d (%s) succeeded\n", i, creds[i].comment);
                 }
@@ -3795,40 +4129,109 @@ static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
         s_info.info1 = info1;
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainPasswordInformation, &s_info),
                        "failed to set password information");
  
         s_info.info12 = info12;
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainLockoutInformation, &s_info),
                        "failed to set lockout information");
  
         return ret;
  }
  
-static bool test_QueryUserInfo_acct_flags(struct dcerpc_pipe *p,
-                                         struct torture_context *tctx,
-                                         struct policy_handle *handle,
-                                         uint32_t *acct_flags)
+static bool test_QueryUserInfo_lockout(struct dcerpc_binding_handle *b,
+                                      struct torture_context *tctx,
+                                      struct policy_handle *domain_handle,
+                                      const char *acct_name,
+                                      uint16_t raw_bad_password_count,
+                                      uint16_t effective_bad_password_count,
+                                      uint32_t effective_acb_lockout)
  {
-       union samr_UserInfo *info;
+       struct policy_handle user_handle;
+       union samr_UserInfo *i;
         struct samr_QueryUserInfo r;
  
-       r.in.user_handle = handle;
-       r.in.level = 16;
-       r.out.info = &info;
+       NTSTATUS status = test_OpenUser_byname(b, tctx, domain_handle, acct_name, &user_handle);
+       if (!NT_STATUS_IS_OK(status)) {
+               return false;
+       }
  
+       r.in.user_handle = &user_handle;
+       r.in.level = 3;
+       r.out.info = &i;
         torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+               "failed to query userinfo");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
+               "failed to query userinfo");
+       torture_comment(tctx, "  (acct_flags: 0x%08x) (raw_bad_pwd_count: %u)\n",
+                       i->info3.acct_flags, i->info3.bad_password_count);
+       torture_assert_int_equal(tctx, i->info3.bad_password_count,
+                                raw_bad_password_count,
+                                "raw badpwdcount");
+       torture_assert_int_equal(tctx, i->info3.acct_flags & ACB_AUTOLOCK,
+                                effective_acb_lockout,
+                                "effective acb_lockout");
+       TALLOC_FREE(i);
  
-       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo(p, tctx, &r),
+       r.in.user_handle = &user_handle;
+       r.in.level = 5;
+       r.out.info = &i;
+       torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+               "failed to query userinfo");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
                 "failed to query userinfo");
+       torture_comment(tctx, "  (acct_flags: 0x%08x) (effective_bad_pwd_count: %u)\n",
+                       i->info5.acct_flags, i->info5.bad_password_count);
+       torture_assert_int_equal(tctx, i->info5.bad_password_count,
+                                effective_bad_password_count,
+                                "effective badpwdcount");
+       torture_assert_int_equal(tctx, i->info5.acct_flags & ACB_AUTOLOCK,
+                                effective_acb_lockout,
+                                "effective acb_lockout");
+       TALLOC_FREE(i);
  
-       *acct_flags = info->info16.acct_flags;
+       r.in.user_handle = &user_handle;
+       r.in.level = 16;
+       r.out.info = &i;
+       torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+               "failed to query userinfo");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
+               "failed to query userinfo");
+       torture_comment(tctx, "  (acct_flags: 0x%08x)\n",
+                       i->info16.acct_flags);
+       torture_assert_int_equal(tctx, i->info16.acct_flags & ACB_AUTOLOCK,
+                                effective_acb_lockout,
+                                "effective acb_lockout");
+       TALLOC_FREE(i);
  
-       torture_comment(tctx, "  (acct_flags: 0x%08x)\n", *acct_flags);
+       r.in.user_handle = &user_handle;
+       r.in.level = 21;
+       r.out.info = &i;
+       torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+               "failed to query userinfo");
+       torture_assert_ntstatus_ok(tctx, r.out.result,
+               "failed to query userinfo");
+       torture_comment(tctx, "  (acct_flags: 0x%08x) (effective_bad_pwd_count: %u)\n",
+                       i->info21.acct_flags, i->info21.bad_password_count);
+       torture_assert_int_equal(tctx, i->info21.bad_password_count,
+                                effective_bad_password_count,
+                                "effective badpwdcount");
+       torture_assert_int_equal(tctx, i->info21.acct_flags & ACB_AUTOLOCK,
+                                effective_acb_lockout,
+                                "effective acb_lockout");
+       TALLOC_FREE(i);
+
+       if (!test_samr_handle_Close(b, tctx, &user_handle)) {
+               return false;
+       }
  
         return true;
  }
@@ -3845,16 +4248,20 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
                                   const char *comment,
                                   bool disable,
                                   bool interactive,
+                                 uint32_t password_history_length,
                                   NTSTATUS expected_success_status,
                                   struct samr_DomInfo1 *info1,
                                   struct samr_DomInfo12 *info12)
  {
         union samr_DomainInfo info;
-       uint32_t badpwdcount;
-       uint32_t password_history_length = 1;
         uint64_t lockout_threshold = 1;
         uint32_t lockout_seconds = 5;
         uint64_t delta_time_factor = 10 * 1000 * 1000;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+
+       if (torture_setting_bool(tctx, "samba3", false)) {
+               lockout_seconds = 60;
+       }
  
         torture_comment(tctx, "\nTesting account lockout: %s\n", comment);
  
@@ -3862,11 +4269,14 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
  
         info.info1 = *info1;
  
-       torture_comment(tctx, "setting password history lenght.\n");
+       torture_comment(tctx, "setting password history length to %d.\n", password_history_length);
         info.info1.password_history_length = password_history_length;
  
+       torture_comment(tctx, "setting min password again.\n");
+       info.info1.min_password_age = 0;
+
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainPasswordInformation, &info),
                        "failed to set password history length");
  
@@ -3878,7 +4288,7 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
         info.info12.lockout_window = ~((lockout_seconds + 1) * delta_time_factor);
  
         torture_assert(tctx,
-               test_SetDomainInfo_ntstatus(p, tctx, domain_handle,
+               test_SetDomainInfo_ntstatus(b, tctx, domain_handle,
                                             DomainLockoutInformation, &info,
                                             NT_STATUS_INVALID_PARAMETER),
                 "setting lockout duration < lockout window gave unexpected result");
@@ -3887,7 +4297,7 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
         info.info12.lockout_window = 0;
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainLockoutInformation, &info),
                        "failed to set lockout window and duration to 0");
  
@@ -3897,7 +4307,7 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
         info.info12.lockout_window = ~(lockout_seconds * delta_time_factor);
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainLockoutInformation, &info),
                        "failed to set lockout window and duration to 5 seconds");
  
@@ -3911,12 +4321,12 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
  
         if (disable) {
                 torture_assert(tctx,
-                              test_SetUserInfo_acct_flags(p, tctx, user_handle,
+                              test_SetUserInfo_acct_flags(b, tctx, user_handle,
                                                 acct_flags | ACB_DISABLED),
                                "failed to disable user");
         } else {
                 torture_assert(tctx,
-                              test_SetUserInfo_acct_flags(p, tctx, user_handle,
+                              test_SetUserInfo_acct_flags(b, tctx, user_handle,
                                                 acct_flags & ~ACB_DISABLED),
                                "failed to enable user");
         }
@@ -3924,93 +4334,268 @@ static bool test_Password_lockout(struct dcerpc_pipe *p,
  
         /* test logon with right password */
  
-       if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
-                                     acct_name, *password,
-                                     expected_success_status, interactive)) {
-               torture_fail(tctx, "failed to auth with latest password");
+       if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+                                     acct_name, *password,
+                                     expected_success_status, interactive)) {
+               torture_fail(tctx, "failed to auth with latest password");
+       }
+
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       0, 0, 0),
+               "expected account to not be locked");
+
+       /* test with wrong password ==> lockout */
+
+       if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+                                     acct_name, "random_crap",
+                                     NT_STATUS_WRONG_PASSWORD, interactive)) {
+               torture_fail(tctx, "succeeded to authenticate with wrong password");
+       }
+
+       /*
+        * curiously, windows does _not_ return fresh values of
+        * effective bad_password_count and ACB_AUTOLOCK.
+        */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to not be locked");
+
+       /* test with good password */
+
+       if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+                                    *password,
+                                    NT_STATUS_ACCOUNT_LOCKED_OUT, interactive))
+       {
+               torture_fail(tctx, "authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT");
+       }
+
+       /* bad pwd count should not get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
+
+       torture_assert(tctx,
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, *password,
+                                                        NT_STATUS_ACCOUNT_LOCKED_OUT),
+                      "got wrong status from ChangePasswordUser2");
+
+       /* bad pwd count should not get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
+
+       torture_assert(tctx,
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_ACCOUNT_LOCKED_OUT),
+                      "got wrong status from ChangePasswordUser2");
+
+       /* bad pwd count should not get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
+
+       /* with bad password */
+
+       if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+                                     acct_name, "random_crap2",
+                                     NT_STATUS_ACCOUNT_LOCKED_OUT, interactive))
+       {
+               torture_fail(tctx, "authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT");
+       }
+
+       /* bad pwd count should not get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
+
+       /* let lockout duration expire ==> unlock */
+
+       torture_comment(tctx, "let lockout duration expire...\n");
+       sleep(lockout_seconds + 1);
+
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 0, 0),
+               "expected account to not be locked");
+
+       if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+                                    *password,
+                                    expected_success_status, interactive))
+       {
+               torture_fail(tctx, "failed to authenticate after lockout expired");
+       }
+
+       if (NT_STATUS_IS_OK(expected_success_status)) {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               0, 0, 0),
+                       "expected account to not be locked");
+       } else {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               1, 0, 0),
+                       "expected account to not be locked");
         }
  
         torture_assert(tctx,
-               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
-       torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+                      "got wrong status from ChangePasswordUser2");
  
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
  
-       /* test with wrong password ==> lockout */
+       torture_assert(tctx,
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, *password, NT_STATUS_ACCOUNT_LOCKED_OUT),
+                      "got wrong status from ChangePasswordUser2");
  
-       if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
-                                     acct_name, "random_crap",
-                                     NT_STATUS_WRONG_PASSWORD, interactive)) {
-               torture_fail(tctx, "succeeded to authenticate with wrong password");
-       }
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
  
         torture_assert(tctx,
-               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
-       torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_ACCOUNT_LOCKED_OUT),
+                      "got wrong status from ChangePasswordUser2");
  
         torture_assert(tctx,
-               test_QueryUserInfo_acct_flags(p, tctx, user_handle, &acct_flags), "");
-       torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
-                                "expected account to be locked");
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, ACB_AUTOLOCK),
+               "expected account to be locked");
  
+       /* let lockout duration expire ==> unlock */
  
-       /* test with good password */
+       torture_comment(tctx, "let lockout duration expire...\n");
+       sleep(lockout_seconds + 1);
+
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 0, 0),
+               "expected account to not be locked");
  
         if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
                                      *password,
-                                    NT_STATUS_ACCOUNT_LOCKED_OUT, interactive))
+                                    expected_success_status, interactive))
         {
-               torture_fail(tctx, "authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT");
+               torture_fail(tctx, "failed to authenticate after lockout expired");
         }
  
-       /* bad pwd count should not get updated */
+       if (NT_STATUS_IS_OK(expected_success_status)) {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               0, 0, 0),
+                       "expected account to not be locked");
+       } else {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               1, 0, 0),
+                       "expected account to not be locked");
+       }
+
+       /* Testing ChangePasswordUser behaviour with 3 attempts */
+       info.info12.lockout_threshold = 3;
+
         torture_assert(tctx,
-               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
-       torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+                      test_SetDomainInfo(b, tctx, domain_handle,
+                                         DomainLockoutInformation, &info),
+                      "failed to set lockout threshold to 3");
+
+       if (NT_STATUS_IS_OK(expected_success_status)) {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               0, 0, 0),
+                       "expected account to not be locked");
+       } else {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               1, 0, 0),
+                       "expected account to not be locked");
+       }
  
-       /* curiously, windows does _not_ set the autlock flag */
         torture_assert(tctx,
-               test_QueryUserInfo_acct_flags(p, tctx, user_handle, &acct_flags), "");
-       torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
-                                "expected account to be locked");
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+                      "got wrong status from ChangePasswordUser2");
  
+       /* bad pwd count will get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       1, 1, 0),
+               "expected account to not be locked");
  
-       /* with bad password */
+       torture_assert(tctx,
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+                      "got wrong status from ChangePasswordUser2");
  
-       if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
-                                     acct_name, "random_crap2",
-                                     NT_STATUS_ACCOUNT_LOCKED_OUT, interactive))
-       {
-               torture_fail(tctx, "authenticate did not return NT_STATUS_ACCOUNT_LOCKED_OUT");
-       }
+       /* bad pwd count will get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       2, 2, 0),
+               "expected account to not be locked");
  
-       /* bad pwd count should not get updated */
         torture_assert(tctx,
-               test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
-       torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, "random_crap", NT_STATUS_WRONG_PASSWORD),
+                      "got wrong status from ChangePasswordUser2");
+
+       /* bad pwd count should get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       3, 3, ACB_AUTOLOCK),
+               "expected account to be locked");
  
-       /* curiously, windows does _not_ set the autlock flag */
         torture_assert(tctx,
-               test_QueryUserInfo_acct_flags(p, tctx, user_handle, &acct_flags), "");
-       torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
-                                "expected account to be locked");
+                      test_ChangePasswordUser2_ntstatus(p, tctx, acct_name, *password, NT_STATUS_ACCOUNT_LOCKED_OUT),
+                      "got wrong status from ChangePasswordUser2");
  
+       /* bad pwd count should not get updated */
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       3, 3, ACB_AUTOLOCK),
+               "expected account to be locked");
  
         /* let lockout duration expire ==> unlock */
  
         torture_comment(tctx, "let lockout duration expire...\n");
         sleep(lockout_seconds + 1);
  
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       3, 0, 0),
+               "expected account to not be locked");
+
+       torture_assert(tctx,
+                      test_ChangePasswordUser2(p, tctx, acct_name, password, NULL, false),
+                      "got wrong status from ChangePasswordUser2");
+
+       torture_assert(tctx,
+               test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                       3, 0, 0),
+               "expected account to not be locked");
+
+       /* Used to reset the badPwdCount for the other tests */
         if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
-                                    *password,
-                                    expected_success_status, interactive))
+                                     *password,
+                                     expected_success_status, interactive))
         {
                 torture_fail(tctx, "failed to authenticate after lockout expired");
         }
  
-       torture_assert(tctx,
-               test_QueryUserInfo_acct_flags(p, tctx, user_handle, &acct_flags), "");
-       torture_assert_int_equal(tctx, acct_flags & ACB_AUTOLOCK, 0,
-                                "expected account not to be locked");
+       if (NT_STATUS_IS_OK(expected_success_status)) {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               0, 0, 0),
+                       "expected account to not be locked");
+       } else {
+               torture_assert(tctx,
+                       test_QueryUserInfo_lockout(b, tctx, domain_handle, acct_name,
+                               3, 0, 0),
+                       "expected account to not be locked");
+       }
  
         return true;
  }
@@ -4028,6 +4613,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
         struct samr_DomInfo1 info1, _info1;
         struct samr_DomInfo12 info12, _info12;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         struct dcerpc_pipe *np;
         int i;
  
@@ -4035,6 +4621,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
                 const char *comment;
                 bool disabled;
                 bool interactive;
+               uint32_t password_history_length;
                 NTSTATUS expected_success_status;
         } creds[] = {
                 {
@@ -4049,6 +4636,13 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
                         .interactive            = false,
                         .expected_success_status= NT_STATUS_OK
                 },
+               {
+                       .comment                = "network logon (enabled account, history len = 1)",
+                       .disabled               = false,
+                       .interactive            = false,
+                       .expected_success_status= NT_STATUS_OK,
+                       .password_history_length = 1
+               },
                 {
                         .comment                = "interactive logon (disabled account)",
                         .disabled               = true,
@@ -4061,6 +4655,13 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
                         .interactive            = true,
                         .expected_success_status= NT_STATUS_OK
                 },
+               {
+                       .comment                = "interactive logon (enabled account, history len = 1)",
+                       .disabled               = false,
+                       .interactive            = true,
+                       .expected_success_status= NT_STATUS_OK,
+                       .password_history_length = 1
+               },
         };
  
         torture_assert(tctx, setup_schannel_netlogon_pipe(tctx, machine_credentials, &np), "");
@@ -4068,7 +4669,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
         /* backup old policies */
  
         torture_assert(tctx,
-               test_QueryDomainInfo2_level(p, tctx, domain_handle,
+               test_QueryDomainInfo2_level(b, tctx, domain_handle,
                                             DomainPasswordInformation, &q_info),
                 "failed to query domain info level 1");
  
@@ -4076,7 +4677,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
         _info1 = info1;
  
         torture_assert(tctx,
-               test_QueryDomainInfo2_level(p, tctx, domain_handle,
+               test_QueryDomainInfo2_level(b, tctx, domain_handle,
                                             DomainLockoutInformation, &q_info),
                 "failed to query domain info level 12");
  
@@ -4086,7 +4687,7 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
         /* run tests */
  
         for (i=0; i < ARRAY_SIZE(creds); i++) {
-
+               bool test_passed;
                 /* skip trust tests for now */
                 if (acct_flags & ACB_WSTRUST ||
                     acct_flags & ACB_SVRTRUST ||
@@ -4094,16 +4695,19 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
                         continue;
                 }
  
-               ret &= test_Password_lockout(p, np, tctx, acct_flags, acct_name,
+               test_passed = test_Password_lockout(p, np, tctx, acct_flags, acct_name,
                                              domain_handle, user_handle, password,
                                              machine_credentials,
                                              creds[i].comment,
                                              creds[i].disabled,
                                              creds[i].interactive,
+                                            creds[i].password_history_length,
                                              creds[i].expected_success_status,
                                              &_info1, &_info12);
-               if (!ret) {
-                       torture_warning(tctx, "TEST #%d (%s) failed\n", i, creds[i].comment);
+               ret &= test_passed;
+               if (!test_passed) {
+                       torture_result(tctx, TORTURE_FAIL, "TEST #%d (%s) failed\n", i, creds[i].comment);
+                       break;
                 } else {
                         torture_comment(tctx, "TEST #%d (%s) succeeded\n", i, creds[i].comment);
                 }
@@ -4114,14 +4718,14 @@ static bool test_Password_lockout_wrap(struct dcerpc_pipe *p,
         s_info.info1 = info1;
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainPasswordInformation, &s_info),
                        "failed to set password information");
  
         s_info.info12 = info12;
  
         torture_assert(tctx,
-                      test_SetDomainInfo(p, tctx, domain_handle,
+                      test_SetDomainInfo(b, tctx, domain_handle,
                                           DomainLockoutInformation, &s_info),
                        "failed to set lockout information");
  
@@ -4138,8 +4742,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                                        uint32_t rid,
                                        struct cli_credentials *machine_credentials)
  {
-       NTSTATUS status;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
+       struct dcerpc_binding_handle *lb = lp->binding_handle;
  
         struct policy_handle lsa_acct_handle;
         struct dom_sid *user_sid;
@@ -4156,8 +4761,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.sid = user_sid;
                 r.out.rights = &rights;
  
-               status = dcerpc_lsa_EnumAccountRights(lp, tctx, &r);
-               torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+                       "lsa_EnumAccountRights failed");
+               torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND,
                         "Expected enum rights for account to fail");
         }
  
@@ -4178,8 +4784,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.sid = user_sid;
                 r.in.rights = &rights;
  
-               status = dcerpc_lsa_AddAccountRights(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(lb, tctx, &r),
+                       "lsa_AddAccountRights failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to add privileges");
         }
  
@@ -4198,8 +4805,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.out.sids = &lsa_sid_array;
                 r.out.resume_handle = &resume_handle;
  
-               status = dcerpc_lsa_EnumAccounts(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(lb, tctx, &r),
+                       "lsa_EnumAccounts failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to enum accounts");
  
                 for (i=0; i < lsa_sid_array.num_sids; i++) {
@@ -4222,12 +4830,13 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.sid = user_sid;
                 r.out.rights = &user_rights;
  
-               status = dcerpc_lsa_EnumAccountRights(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+                       "lsa_EnumAccountRights failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to enum rights for account");
  
                 if (user_rights.count < 1) {
-                       torture_warning(tctx, "failed to find newly added rights");
+                       torture_result(tctx, TORTURE_FAIL, "failed to find newly added rights");
                         return false;
                 }
         }
@@ -4242,8 +4851,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
                 r.out.acct_handle = &lsa_acct_handle;
  
-               status = dcerpc_lsa_OpenAccount(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenAccount_r(lb, tctx, &r),
+                       "lsa_OpenAccount failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to open lsa account");
         }
  
@@ -4256,8 +4866,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.handle = &lsa_acct_handle;
                 r.out.access_mask = &access_mask;
  
-               status = dcerpc_lsa_GetSystemAccessAccount(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetSystemAccessAccount_r(lb, tctx, &r),
+                       "lsa_GetSystemAccessAccount failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to get lsa system access account");
         }
  
@@ -4269,8 +4880,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.handle = &lsa_acct_handle;
                 r.out.handle = &lsa_acct_handle;
  
-               status = dcerpc_lsa_Close(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(lb, tctx, &r),
+                       "lsa_Close failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to close lsa");
         }
  
@@ -4282,8 +4894,10 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.user_handle = user_handle;
                 r.out.user_handle = user_handle;
  
-               status = dcerpc_samr_DeleteUser(p, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status, "Delete User failed");
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, tctx, &r),
+                       "DeleteUser failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
+                       "DeleteUser failed");
         }
  
         {
@@ -4301,8 +4915,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.out.sids = &lsa_sid_array;
                 r.out.resume_handle = &resume_handle;
  
-               status = dcerpc_lsa_EnumAccounts(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(lb, tctx, &r),
+                       "lsa_EnumAccounts failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to enum accounts");
  
                 for (i=0; i < lsa_sid_array.num_sids; i++) {
@@ -4325,12 +4940,13 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.sid = user_sid;
                 r.out.rights = &user_rights;
  
-               status = dcerpc_lsa_EnumAccountRights(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+                       "lsa_EnumAccountRights failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to enum rights for account");
  
                 if (user_rights.count < 1) {
-                       torture_warning(tctx, "failed to find newly added rights");
+                       torture_result(tctx, TORTURE_FAIL, "failed to find newly added rights");
                         return false;
                 }
         }
@@ -4345,8 +4961,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
                 r.out.acct_handle = &lsa_acct_handle;
  
-               status = dcerpc_lsa_OpenAccount(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenAccount_r(lb, tctx, &r),
+                       "lsa_OpenAccount failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to open lsa account");
         }
  
@@ -4359,8 +4976,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.handle = &lsa_acct_handle;
                 r.out.access_mask = &access_mask;
  
-               status = dcerpc_lsa_GetSystemAccessAccount(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_GetSystemAccessAccount_r(lb, tctx, &r),
+                       "lsa_GetSystemAccessAccount failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to get lsa system access account");
         }
  
@@ -4372,8 +4990,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.handle = &lsa_acct_handle;
                 r.out.handle = &lsa_acct_handle;
  
-               status = dcerpc_lsa_DeleteObject(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_DeleteObject_r(lb, tctx, &r),
+                       "lsa_DeleteObject failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to delete object");
         }
  
@@ -4392,8 +5011,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.out.sids = &lsa_sid_array;
                 r.out.resume_handle = &resume_handle;
  
-               status = dcerpc_lsa_EnumAccounts(lp, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccounts_r(lb, tctx, &r),
+                       "lsa_EnumAccounts failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "Failed to enum accounts");
  
                 for (i=0; i < lsa_sid_array.num_sids; i++) {
@@ -4416,8 +5036,9 @@ static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
                 r.in.sid = user_sid;
                 r.out.rights = &user_rights;
  
-               status = dcerpc_lsa_EnumAccountRights(lp, tctx, &r);
-               torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+               torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumAccountRights_r(lb, tctx, &r),
+                       "lsa_EnumAccountRights failed");
+               torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_OBJECT_NAME_NOT_FOUND,
                         "Failed to enum rights for account");
         }
  
@@ -4437,6 +5058,7 @@ static bool test_user_ops(struct dcerpc_pipe *p,
         struct samr_QueryUserInfo q;
         union samr_UserInfo *info;
         NTSTATUS status;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         bool ret = true;
         int i;
@@ -4448,35 +5070,35 @@ static bool test_user_ops(struct dcerpc_pipe *p,
                 0
         };
  
-       status = test_LookupName(p, tctx, domain_handle, base_acct_name, &rid);
+       status = test_LookupName(b, tctx, domain_handle, base_acct_name, &rid);
         if (!NT_STATUS_IS_OK(status)) {
                 ret = false;
         }
  
         switch (which_ops) {
         case TORTURE_SAMR_USER_ATTRIBUTES:
-               if (!test_QuerySecurity(p, tctx, user_handle)) {
+               if (!test_QuerySecurity(b, tctx, user_handle)) {
                         ret = false;
                 }
  
-               if (!test_QueryUserInfo(p, tctx, user_handle)) {
+               if (!test_QueryUserInfo(b, tctx, user_handle)) {
                         ret = false;
                 }
  
-               if (!test_QueryUserInfo2(p, tctx, user_handle)) {
+               if (!test_QueryUserInfo2(b, tctx, user_handle)) {
                         ret = false;
                 }
  
-               if (!test_SetUserInfo(p, tctx, user_handle, base_acct_flags,
+               if (!test_SetUserInfo(b, tctx, user_handle, base_acct_flags,
                                       base_acct_name)) {
                         ret = false;
                 }
  
-               if (!test_GetUserPwInfo(p, tctx, user_handle)) {
+               if (!test_GetUserPwInfo(b, tctx, user_handle)) {
                         ret = false;
                 }
  
-               if (!test_TestPrivateFunctionsUser(p, tctx, user_handle)) {
+               if (!test_TestPrivateFunctionsUser(b, tctx, user_handle)) {
                         ret = false;
                 }
  
@@ -4549,34 +5171,29 @@ static bool test_user_ops(struct dcerpc_pipe *p,
                         ret = false;
                 }
  
-               if (torture_setting_bool(tctx, "samba4", false)) {
-                       torture_comment(tctx, "skipping Set Password level 18 and 21 against Samba4\n");
-               } else {
+               if (!test_SetUserPass_18(p, tctx, user_handle, &password)) {
+                       ret = false;
+               }
  
-                       if (!test_SetUserPass_18(p, tctx, user_handle, &password)) {
-                               ret = false;
+               if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+                       ret = false;
+               }
+
+               for (i = 0; password_fields[i]; i++) {
+
+                       if (password_fields[i] == SAMR_FIELD_LM_PASSWORD_PRESENT) {
+                               /* we need to skip as that would break
+                                * the ChangePasswordUser3 verify */
+                               continue;
                         }
  
-                       if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+                       if (!test_SetUserPass_21(p, tctx, user_handle, password_fields[i], &password)) {
                                 ret = false;
                         }
  
-                       for (i = 0; password_fields[i]; i++) {
-
-                               if (password_fields[i] == SAMR_FIELD_LM_PASSWORD_PRESENT) {
-                                       /* we need to skip as that would break
-                                        * the ChangePasswordUser3 verify */
-                                       continue;
-                               }
-
-                               if (!test_SetUserPass_21(p, tctx, user_handle, password_fields[i], &password)) {
-                                       ret = false;
-                               }
-
-                               /* check it was set right */
-                               if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
-                                       ret = false;
-                               }
+                       /* check it was set right */
+                       if (!test_ChangePasswordUser3(p, tctx, base_acct_name, 0, &password, NULL, 0, false)) {
+                               ret = false;
                         }
                 }
  
@@ -4584,24 +5201,25 @@ static bool test_user_ops(struct dcerpc_pipe *p,
                 q.in.level = 5;
                 q.out.info = &info;
  
-               status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryUserInfo level %u failed - %s\n",
-                              q.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+                       "QueryUserInfo failed");
+               if (!NT_STATUS_IS_OK(q.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+                              q.in.level, nt_errstr(q.out.result));
                         ret = false;
                 } else {
                         uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
                         if ((info->info5.acct_flags) != expected_flags) {
-                               torture_warning(tctx, "QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
-                                      info->info5.acct_flags,
-                                      expected_flags);
                                 /* FIXME: GD */
                                 if (!torture_setting_bool(tctx, "samba3", false)) {
+                                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+                                                     info->info5.acct_flags,
+                                                     expected_flags);
                                         ret = false;
                                 }
                         }
                         if (info->info5.rid != rid) {
-                               torture_warning(tctx, "QuerUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5 failed, it returned %u when we expected rid of %u\n",
                                        info->info5.rid, rid);
  
                         }
@@ -4612,57 +5230,32 @@ static bool test_user_ops(struct dcerpc_pipe *p,
         case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
  
                 /* test last password change timestamp behaviour */
-               if (!test_SetPassword_pwdlastset(p, tctx, base_acct_flags,
-                                                base_acct_name,
-                                                user_handle, &password,
-                                                machine_credentials)) {
-                       ret = false;
-               }
-
-               if (ret == true) {
-                       torture_comment(tctx, "pwdLastSet test succeeded\n");
-               } else {
-                       torture_warning(tctx, "pwdLastSet test failed\n");
-               }
-
+               torture_assert(tctx, test_SetPassword_pwdlastset(p, tctx, base_acct_flags,
+                                                                base_acct_name,
+                                                                user_handle, &password,
+                                                                machine_credentials),
+                              "pwdLastSet test failed\n");
                 break;
  
         case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT:
  
                 /* test bad pwd count change behaviour */
-               if (!test_Password_badpwdcount_wrap(p, tctx, base_acct_flags,
-                                                   base_acct_name,
-                                                   domain_handle,
-                                                   user_handle, &password,
-                                                   machine_credentials)) {
-                       ret = false;
-               }
-
-               if (ret == true) {
-                       torture_comment(tctx, "badPwdCount test succeeded\n");
-               } else {
-                       torture_warning(tctx, "badPwdCount test failed\n");
-               }
-
+               torture_assert(tctx, test_Password_badpwdcount_wrap(p, tctx, base_acct_flags,
+                                                                   base_acct_name,
+                                                                   domain_handle,
+                                                                   user_handle, &password,
+                                                                   machine_credentials),
+                              "badPwdCount test failed\n");
                 break;
  
         case TORTURE_SAMR_PASSWORDS_LOCKOUT:
  
-               if (!test_Password_lockout_wrap(p, tctx, base_acct_flags,
-                                               base_acct_name,
-                                               domain_handle,
-                                               user_handle, &password,
-                                               machine_credentials))
-               {
-                       ret = false;
-               }
-
-               if (ret == true) {
-                       torture_comment(tctx, "lockout test succeeded\n");
-               } else {
-                       torture_warning(tctx, "lockout test failed\n");
-               }
-
+               torture_assert(tctx, test_Password_lockout_wrap(p, tctx, base_acct_flags,
+                                                               base_acct_name,
+                                                               domain_handle,
+                                                               user_handle, &password,
+                                                               machine_credentials),
+                              "Lockout test failed");
                 break;
  
  
@@ -4670,11 +5263,13 @@ static bool test_user_ops(struct dcerpc_pipe *p,
  
                 struct dcerpc_pipe *lp;
                 struct policy_handle *lsa_handle;
+               struct dcerpc_binding_handle *lb;
  
                 status = torture_rpc_connection(tctx, &lp, &ndr_table_lsarpc);
                 torture_assert_ntstatus_ok(tctx, status, "Failed to open LSA pipe");
+               lb = lp->binding_handle;
  
-               if (!test_lsa_OpenPolicy2(lp, tctx, &lsa_handle)) {
+               if (!test_lsa_OpenPolicy2(lb, tctx, &lsa_handle)) {
                         ret = false;
                 }
  
@@ -4685,12 +5280,12 @@ static bool test_user_ops(struct dcerpc_pipe *p,
                         ret = false;
                 }
  
-               if (!test_lsa_Close(lp, tctx, lsa_handle)) {
+               if (!test_lsa_Close(lb, tctx, lsa_handle)) {
                         ret = false;
                 }
  
                 if (!ret) {
-                       torture_warning(tctx, "privileged user delete test failed\n");
+                       torture_result(tctx, TORTURE_FAIL, "privileged user delete test failed\n");
                 }
  
                 break;
@@ -4705,27 +5300,28 @@ static bool test_user_ops(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_alias_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_alias_ops(struct dcerpc_binding_handle *b,
+                          struct torture_context *tctx,
                            struct policy_handle *alias_handle,
                            const struct dom_sid *domain_sid)
  {
         bool ret = true;
  
         if (!torture_setting_bool(tctx, "samba3", false)) {
-               if (!test_QuerySecurity(p, tctx, alias_handle)) {
+               if (!test_QuerySecurity(b, tctx, alias_handle)) {
                         ret = false;
                 }
         }
  
-       if (!test_QueryAliasInfo(p, tctx, alias_handle)) {
+       if (!test_QueryAliasInfo(b, tctx, alias_handle)) {
                 ret = false;
         }
  
-       if (!test_SetAliasInfo(p, tctx, alias_handle)) {
+       if (!test_SetAliasInfo(b, tctx, alias_handle)) {
                 ret = false;
         }
  
-       if (!test_AddMemberToAlias(p, tctx, alias_handle, domain_sid)) {
+       if (!test_AddMemberToAlias(b, tctx, alias_handle, domain_sid)) {
                 ret = false;
         }
  
@@ -4735,7 +5331,7 @@ static bool test_alias_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
                 return ret;
         }
  
-       if (!test_AddMultipleMembersToAlias(p, tctx, alias_handle)) {
+       if (!test_AddMultipleMembersToAlias(b, tctx, alias_handle)) {
                 ret = false;
         }
  
@@ -4743,23 +5339,24 @@ static bool test_alias_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
  }
  
  
-static bool test_DeleteUser(struct dcerpc_pipe *p, struct torture_context *tctx,
-                                    struct policy_handle *user_handle)
+static bool test_DeleteUser(struct dcerpc_binding_handle *b,
+                           struct torture_context *tctx,
+                           struct policy_handle *user_handle)
  {
         struct samr_DeleteUser d;
-       NTSTATUS status;
         torture_comment(tctx, "Testing DeleteUser\n");
  
         d.in.user_handle = user_handle;
         d.out.user_handle = user_handle;
  
-       status = dcerpc_samr_DeleteUser(p, tctx, &d);
-       torture_assert_ntstatus_ok(tctx, status, "DeleteUser");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, tctx, &d),
+               "DeleteUser failed");
+       torture_assert_ntstatus_ok(tctx, d.out.result, "DeleteUser");
  
         return true;
  }
  
-bool test_DeleteUser_byname(struct dcerpc_pipe *p,
+bool test_DeleteUser_byname(struct dcerpc_binding_handle *b,
                             struct torture_context *tctx,
                             struct policy_handle *handle, const char *name)
  {
@@ -4768,32 +5365,34 @@ bool test_DeleteUser_byname(struct dcerpc_pipe *p,
         struct policy_handle user_handle;
         uint32_t rid;
  
-       status = test_LookupName(p, tctx, handle, name, &rid);
+       status = test_LookupName(b, tctx, handle, name, &rid);
         if (!NT_STATUS_IS_OK(status)) {
                 goto failed;
         }
  
-       status = test_OpenUser_byname(p, tctx, handle, name, &user_handle);
+       status = test_OpenUser_byname(b, tctx, handle, name, &user_handle);
         if (!NT_STATUS_IS_OK(status)) {
                 goto failed;
         }
  
         d.in.user_handle = &user_handle;
         d.out.user_handle = &user_handle;
-       status = dcerpc_samr_DeleteUser(p, tctx, &d);
-       if (!NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, tctx, &d),
+               "DeleteUser failed");
+       if (!NT_STATUS_IS_OK(d.out.result)) {
+               status = d.out.result;
                 goto failed;
         }
  
         return true;
  
  failed:
-       torture_warning(tctx, "DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
+       torture_result(tctx, TORTURE_FAIL, "DeleteUser_byname(%s) failed - %s\n", name, nt_errstr(status));
         return false;
  }
  
  
-static bool test_DeleteGroup_byname(struct dcerpc_pipe *p,
+static bool test_DeleteGroup_byname(struct dcerpc_binding_handle *b,
                                     struct torture_context *tctx,
                                     struct policy_handle *handle, const char *name)
  {
@@ -4803,7 +5402,7 @@ static bool test_DeleteGroup_byname(struct dcerpc_pipe *p,
         struct policy_handle group_handle;
         uint32_t rid;
  
-       status = test_LookupName(p, tctx, handle, name, &rid);
+       status = test_LookupName(b, tctx, handle, name, &rid);
         if (!NT_STATUS_IS_OK(status)) {
                 goto failed;
         }
@@ -4812,27 +5411,31 @@ static bool test_DeleteGroup_byname(struct dcerpc_pipe *p,
         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r.in.rid = rid;
         r.out.group_handle = &group_handle;
-       status = dcerpc_samr_OpenGroup(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenGroup_r(b, tctx, &r),
+               "OpenGroup failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               status = r.out.result;
                 goto failed;
         }
  
         d.in.group_handle = &group_handle;
         d.out.group_handle = &group_handle;
-       status = dcerpc_samr_DeleteDomainGroup(p, tctx, &d);
-       if (!NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomainGroup_r(b, tctx, &d),
+               "DeleteDomainGroup failed");
+       if (!NT_STATUS_IS_OK(d.out.result)) {
+               status = d.out.result;
                 goto failed;
         }
  
         return true;
  
  failed:
-       torture_warning(tctx, "DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
+       torture_result(tctx, TORTURE_FAIL, "DeleteGroup_byname(%s) failed - %s\n", name, nt_errstr(status));
         return false;
  }
  
  
-static bool test_DeleteAlias_byname(struct dcerpc_pipe *p,
+static bool test_DeleteAlias_byname(struct dcerpc_binding_handle *b,
                                     struct torture_context *tctx,
                                     struct policy_handle *domain_handle,
                                     const char *name)
@@ -4843,9 +5446,9 @@ static bool test_DeleteAlias_byname(struct dcerpc_pipe *p,
         struct policy_handle alias_handle;
         uint32_t rid;
  
-       torture_comment(tctx, "testing DeleteAlias_byname\n");
+       torture_comment(tctx, "Testing DeleteAlias_byname\n");
  
-       status = test_LookupName(p, tctx, domain_handle, name, &rid);
+       status = test_LookupName(b, tctx, domain_handle, name, &rid);
         if (!NT_STATUS_IS_OK(status)) {
                 goto failed;
         }
@@ -4854,31 +5457,34 @@ static bool test_DeleteAlias_byname(struct dcerpc_pipe *p,
         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r.in.rid = rid;
         r.out.alias_handle = &alias_handle;
-       status = dcerpc_samr_OpenAlias(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenAlias_r(b, tctx, &r),
+               "OpenAlias failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               status = r.out.result;
                 goto failed;
         }
  
         d.in.alias_handle = &alias_handle;
         d.out.alias_handle = &alias_handle;
-       status = dcerpc_samr_DeleteDomAlias(p, tctx, &d);
-       if (!NT_STATUS_IS_OK(status)) {
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomAlias_r(b, tctx, &d),
+               "DeleteDomAlias failed");
+       if (!NT_STATUS_IS_OK(d.out.result)) {
+               status = d.out.result;
                 goto failed;
         }
  
         return true;
  
  failed:
-       torture_warning(tctx, "DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
+       torture_result(tctx, TORTURE_FAIL, "DeleteAlias_byname(%s) failed - %s\n", name, nt_errstr(status));
         return false;
  }
  
-static bool test_DeleteAlias(struct dcerpc_pipe *p,
+static bool test_DeleteAlias(struct dcerpc_binding_handle *b,
                              struct torture_context *tctx,
                              struct policy_handle *alias_handle)
  {
         struct samr_DeleteDomAlias d;
-       NTSTATUS status;
         bool ret = true;
  
         torture_comment(tctx, "Testing DeleteAlias\n");
@@ -4886,23 +5492,24 @@ static bool test_DeleteAlias(struct dcerpc_pipe *p,
         d.in.alias_handle = alias_handle;
         d.out.alias_handle = alias_handle;
  
-       status = dcerpc_samr_DeleteDomAlias(p, tctx, &d);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "DeleteAlias failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomAlias_r(b, tctx, &d),
+               "DeleteDomAlias failed");
+       if (!NT_STATUS_IS_OK(d.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "DeleteAlias failed - %s\n", nt_errstr(d.out.result));
                 ret = false;
         }
  
         return ret;
  }
  
-static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_CreateAlias(struct dcerpc_binding_handle *b,
+                            struct torture_context *tctx,
                              struct policy_handle *domain_handle,
                              const char *alias_name,
                              struct policy_handle *alias_handle,
                              const struct dom_sid *domain_sid,
                              bool test_alias)
  {
-       NTSTATUS status;
         struct samr_CreateDomAlias r;
         struct lsa_String name;
         uint32_t rid;
@@ -4917,28 +5524,30 @@ static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx
  
         torture_comment(tctx, "Testing CreateAlias (%s)\n", r.in.alias_name->string);
  
-       status = dcerpc_samr_CreateDomAlias(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomAlias_r(b, tctx, &r),
+               "CreateDomAlias failed");
  
         if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
-               if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED)) {
                         torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.alias_name->string);
                         return true;
                 } else {
-                       torture_warning(tctx, "Server should have refused create of '%s', got %s instead\n", r.in.alias_name->string,
-                              nt_errstr(status));
+                       torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.alias_name->string,
+                              nt_errstr(r.out.result));
                         return false;
                 }
         }
  
-       if (NT_STATUS_EQUAL(status, NT_STATUS_ALIAS_EXISTS)) {
-               if (!test_DeleteAlias_byname(p, tctx, domain_handle, r.in.alias_name->string)) {
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ALIAS_EXISTS)) {
+               if (!test_DeleteAlias_byname(b, tctx, domain_handle, r.in.alias_name->string)) {
                         return false;
                 }
-               status = dcerpc_samr_CreateDomAlias(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomAlias_r(b, tctx, &r),
+                       "CreateDomAlias failed");
         }
  
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "CreateAlias failed - %s\n", nt_errstr(status));
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "CreateAlias failed - %s\n", nt_errstr(r.out.result));
                 return false;
         }
  
@@ -4946,7 +5555,7 @@ static bool test_CreateAlias(struct dcerpc_pipe *p, struct torture_context *tctx
                 return ret;
         }
  
-       if (!test_alias_ops(p, tctx, alias_handle, domain_sid)) {
+       if (!test_alias_ops(b, tctx, alias_handle, domain_sid)) {
                 ret = false;
         }
  
@@ -4959,12 +5568,13 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                                 struct policy_handle *domain_handle, char **password)
  {
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         if (!*password) {
                 return false;
         }
  
-       if (!test_ChangePasswordUser(p, tctx, acct_name, domain_handle, password)) {
+       if (!test_ChangePasswordUser(b, tctx, acct_name, domain_handle, password)) {
                 ret = false;
         }
  
@@ -5002,7 +5612,6 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 uint16_t len_old, len;
                 uint32_t pwd_prop_old;
                 int64_t min_pwd_age_old;
-               NTSTATUS status;
  
                 len = 5;
  
@@ -5010,9 +5619,10 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 r.in.level = 1;
                 r.out.info = &info;
  
-               torture_comment(tctx, "testing samr_QueryDomainInfo level 1\n");
-               status = dcerpc_samr_QueryDomainInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "Testing samr_QueryDomainInfo level 1\n");
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+                       "QueryDomainInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
                         return false;
                 }
  
@@ -5030,9 +5640,10 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 min_pwd_age_old = s.in.info->info1.min_password_age;
                 s.in.info->info1.min_password_age = 0;
  
-               torture_comment(tctx, "testing samr_SetDomainInfo level 1\n");
-               status = dcerpc_samr_SetDomainInfo(p, tctx, &s);
-               if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "Testing samr_SetDomainInfo level 1\n");
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+                       "SetDomainInfo failed");
+               if (!NT_STATUS_IS_OK(s.out.result)) {
                         return false;
                 }
  
@@ -5046,16 +5657,16 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 s.in.info->info1.password_properties = pwd_prop_old;
                 s.in.info->info1.min_password_age = min_pwd_age_old;
  
-               torture_comment(tctx, "testing samr_SetDomainInfo level 1\n");
-               status = dcerpc_samr_SetDomainInfo(p, tctx, &s);
-               if (!NT_STATUS_IS_OK(status)) {
+               torture_comment(tctx, "Testing samr_SetDomainInfo level 1\n");
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+                       "SetDomainInfo failed");
+               if (!NT_STATUS_IS_OK(s.out.result)) {
                         return false;
                 }
  
         }
  
         {
-               NTSTATUS status;
                 struct samr_OpenUser r;
                 struct samr_QueryUserInfo q;
                 union samr_UserInfo *info;
@@ -5070,9 +5681,10 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 n.out.rids = &rids;
                 n.out.types = &types;
  
-               status = dcerpc_samr_LookupNames(p, tctx, &n);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "LookupNames failed - %s\n", nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupNames_r(b, tctx, &n),
+                       "LookupNames failed");
+               if (!NT_STATUS_IS_OK(n.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "LookupNames failed - %s\n", nt_errstr(n.out.result));
                         return false;
                 }
  
@@ -5081,9 +5693,10 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 r.in.rid = n.out.rids->ids[0];
                 r.out.user_handle = &user_handle;
  
-               status = dcerpc_samr_OpenUser(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "OpenUser(%u) failed - %s\n", n.out.rids->ids[0], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+                       "OpenUser failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", n.out.rids->ids[0], nt_errstr(r.out.result));
                         return false;
                 }
  
@@ -5091,9 +5704,10 @@ static bool test_ChangePassword(struct dcerpc_pipe *p,
                 q.in.level = 5;
                 q.out.info = &info;
  
-               status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryUserInfo failed - %s\n", nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+                       "QueryUserInfo failed");
+               if (!NT_STATUS_IS_OK(q.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo failed - %s\n", nt_errstr(q.out.result));
                         return false;
                 }
  
@@ -5130,7 +5744,6 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
  
         TALLOC_CTX *user_ctx;
  
-       NTSTATUS status;
         struct samr_CreateUser r;
         struct samr_QueryUserInfo q;
         union samr_UserInfo *info;
@@ -5141,6 +5754,7 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
         const uint32_t acct_flags = ACB_NORMAL;
         struct lsa_String name;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         struct policy_handle user_handle;
         user_ctx = talloc_named(tctx, 0, "test_CreateUser2 per-user context");
@@ -5154,30 +5768,32 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
  
         torture_comment(tctx, "Testing CreateUser(%s)\n", r.in.account_name->string);
  
-       status = dcerpc_samr_CreateUser(p, user_ctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser_r(b, user_ctx, &r),
+               "CreateUser failed");
  
         if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
-               if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+               if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
                         torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.account_name->string);
                         return true;
                 } else {
-                       torture_warning(tctx, "Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
-                              nt_errstr(status));
+                       torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
+                              nt_errstr(r.out.result));
                         return false;
                 }
         }
  
-       if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
-               if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+               if (!test_DeleteUser_byname(b, tctx, domain_handle, r.in.account_name->string)) {
                         talloc_free(user_ctx);
                         return false;
                 }
-               status = dcerpc_samr_CreateUser(p, user_ctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser_r(b, user_ctx, &r),
+                       "CreateUser failed");
         }
  
-       if (!NT_STATUS_IS_OK(status)) {
+       if (!NT_STATUS_IS_OK(r.out.result)) {
                 talloc_free(user_ctx);
-               torture_warning(tctx, "CreateUser failed - %s\n", nt_errstr(status));
+               torture_result(tctx, TORTURE_FAIL, "CreateUser failed - %s\n", nt_errstr(r.out.result));
                 return false;
         }
  
@@ -5193,14 +5809,15 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
                 q.in.level = 16;
                 q.out.info = &info;
  
-               status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryUserInfo level %u failed - %s\n",
-                              q.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, user_ctx, &q),
+                       "QueryUserInfo failed");
+               if (!NT_STATUS_IS_OK(q.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+                              q.in.level, nt_errstr(q.out.result));
                         ret = false;
                 } else {
                         if ((info->info16.acct_flags & acct_flags) != acct_flags) {
-                               torture_warning(tctx, "QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
                                        info->info16.acct_flags,
                                        acct_flags);
                                 ret = false;
@@ -5221,9 +5838,10 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx,
                         d.in.user_handle = &user_handle;
                         d.out.user_handle = &user_handle;
  
-                       status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               torture_warning(tctx, "DeleteUser failed - %s\n", nt_errstr(status));
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, user_ctx, &d),
+                               "DeleteUser failed");
+                       if (!NT_STATUS_IS_OK(d.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "DeleteUser failed - %s\n", nt_errstr(d.out.result));
                                 ret = false;
                         }
                 }
@@ -5242,7 +5860,6 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
                              enum torture_samr_choice which_ops,
                              struct cli_credentials *machine_credentials)
  {
-       NTSTATUS status;
         struct samr_CreateUser2 r;
         struct samr_QueryUserInfo q;
         union samr_UserInfo *info;
@@ -5252,6 +5869,7 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
         struct lsa_String name;
         bool ret = true;
         int i;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         struct {
                 uint32_t acct_flags;
@@ -5292,44 +5910,47 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
  
                 torture_comment(tctx, "Testing CreateUser2(%s, 0x%x)\n", r.in.account_name->string, acct_flags);
  
-               status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser2_r(b, user_ctx, &r),
+                       "CreateUser2 failed");
  
                 if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
-                       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+                       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(r.out.result, NT_STATUS_INVALID_PARAMETER)) {
                                 torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.account_name->string);
                                 continue;
                         } else {
-                               torture_warning(tctx, "Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
-                                      nt_errstr(status));
+                               torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.account_name->string,
+                                      nt_errstr(r.out.result));
                                 ret = false;
                                 continue;
                         }
                 }
  
-               if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
-                       if (!test_DeleteUser_byname(p, user_ctx, domain_handle, r.in.account_name->string)) {
+               if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+                       if (!test_DeleteUser_byname(b, tctx, domain_handle, r.in.account_name->string)) {
                                 talloc_free(user_ctx);
                                 ret = false;
                                 continue;
                         }
-                       status = dcerpc_samr_CreateUser2(p, user_ctx, &r);
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateUser2_r(b, user_ctx, &r),
+                               "CreateUser2 failed");
  
                 }
-               if (!NT_STATUS_EQUAL(status, account_types[i].nt_status)) {
-                       torture_warning(tctx, "CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
-                              nt_errstr(status), nt_errstr(account_types[i].nt_status));
+               if (!NT_STATUS_EQUAL(r.out.result, account_types[i].nt_status)) {
+                       torture_result(tctx, TORTURE_FAIL, "CreateUser2 failed gave incorrect error return - %s (should be %s)\n",
+                              nt_errstr(r.out.result), nt_errstr(account_types[i].nt_status));
                         ret = false;
                 }
  
-               if (NT_STATUS_IS_OK(status)) {
+               if (NT_STATUS_IS_OK(r.out.result)) {
                         q.in.user_handle = &user_handle;
                         q.in.level = 5;
                         q.out.info = &info;
  
-                       status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               torture_warning(tctx, "QueryUserInfo level %u failed - %s\n",
-                                      q.in.level, nt_errstr(status));
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, user_ctx, &q),
+                               "QueryUserInfo failed");
+                       if (!NT_STATUS_IS_OK(q.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+                                      q.in.level, nt_errstr(q.out.result));
                                 ret = false;
                         } else {
                                 uint32_t expected_flags = (acct_flags | ACB_PWNOTREQ | ACB_DISABLED);
@@ -5337,7 +5958,7 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
                                         expected_flags |= ACB_PW_EXPIRED;
                                 }
                                 if ((info->info5.acct_flags) != expected_flags) {
-                                       torture_warning(tctx, "QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
+                                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n",
                                                info->info5.acct_flags,
                                                expected_flags);
                                         ret = false;
@@ -5345,21 +5966,21 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
                                 switch (acct_flags) {
                                 case ACB_SVRTRUST:
                                         if (info->info5.primary_gid != DOMAIN_RID_DCS) {
-                                               torture_warning(tctx, "QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n",
+                                               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5: DC should have had Primary Group %d, got %d\n",
                                                        DOMAIN_RID_DCS, info->info5.primary_gid);
                                                 ret = false;
                                         }
                                         break;
                                 case ACB_WSTRUST:
                                         if (info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) {
-                                               torture_warning(tctx, "QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
+                                               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n",
                                                        DOMAIN_RID_DOMAIN_MEMBERS, info->info5.primary_gid);
                                                 ret = false;
                                         }
                                         break;
                                 case ACB_NORMAL:
                                         if (info->info5.primary_gid != DOMAIN_RID_USERS) {
-                                               torture_warning(tctx, "QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n",
+                                               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 5: Users should have had Primary Group %d, got %d\n",
                                                        DOMAIN_RID_USERS, info->info5.primary_gid);
                                                 ret = false;
                                         }
@@ -5373,15 +5994,16 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
                                 ret = false;
                         }
  
-                       if (!policy_handle_empty(&user_handle)) {
+                       if (!ndr_policy_handle_empty(&user_handle)) {
                                 torture_comment(tctx, "Testing DeleteUser (createuser2 test)\n");
  
                                 d.in.user_handle = &user_handle;
                                 d.out.user_handle = &user_handle;
  
-                               status = dcerpc_samr_DeleteUser(p, user_ctx, &d);
-                               if (!NT_STATUS_IS_OK(status)) {
-                                       torture_warning(tctx, "DeleteUser failed - %s\n", nt_errstr(status));
+                               torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteUser_r(b, user_ctx, &d),
+                                       "DeleteUser failed");
+                               if (!NT_STATUS_IS_OK(d.out.result)) {
+                                       torture_result(tctx, TORTURE_FAIL, "DeleteUser failed - %s\n", nt_errstr(d.out.result));
                                         ret = false;
                                 }
                         }
@@ -5392,11 +6014,10 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx
         return ret;
  }
  
-static bool test_QueryAliasInfo(struct dcerpc_pipe *p,
+static bool test_QueryAliasInfo(struct dcerpc_binding_handle *b,
                                 struct torture_context *tctx,
                                 struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryAliasInfo r;
         union samr_AliasInfo *info;
         uint16_t levels[] = {1, 2, 3};
@@ -5410,10 +6031,11 @@ static bool test_QueryAliasInfo(struct dcerpc_pipe *p,
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryAliasInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryAliasInfo level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryAliasInfo_r(b, tctx, &r),
+                       "QueryAliasInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryAliasInfo level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -5421,11 +6043,10 @@ static bool test_QueryAliasInfo(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryGroupInfo(struct dcerpc_pipe *p,
+static bool test_QueryGroupInfo(struct dcerpc_binding_handle *b,
                                 struct torture_context *tctx,
                                 struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryGroupInfo r;
         union samr_GroupInfo *info;
         uint16_t levels[] = {1, 2, 3, 4, 5};
@@ -5439,10 +6060,11 @@ static bool test_QueryGroupInfo(struct dcerpc_pipe *p,
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryGroupInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryGroupInfo level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupInfo_r(b, tctx, &r),
+                       "QueryGroupInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryGroupInfo level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -5450,13 +6072,12 @@ static bool test_QueryGroupInfo(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryGroupMember(struct dcerpc_pipe *p,
+static bool test_QueryGroupMember(struct dcerpc_binding_handle *b,
                                   struct torture_context *tctx,
                                   struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryGroupMember r;
-       struct samr_RidTypeArray *rids = NULL;
+       struct samr_RidAttrArray *rids = NULL;
         bool ret = true;
  
         torture_comment(tctx, "Testing QueryGroupMember\n");
@@ -5464,9 +6085,10 @@ static bool test_QueryGroupMember(struct dcerpc_pipe *p,
         r.in.group_handle = handle;
         r.out.rids = &rids;
  
-       status = dcerpc_samr_QueryGroupMember(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "QueryGroupInfo failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &r),
+               "QueryGroupMember failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "QueryGroupMember failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
@@ -5474,11 +6096,10 @@ static bool test_QueryGroupMember(struct dcerpc_pipe *p,
  }
  
  
-static bool test_SetGroupInfo(struct dcerpc_pipe *p,
+static bool test_SetGroupInfo(struct dcerpc_binding_handle *b,
                               struct torture_context *tctx,
                               struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryGroupInfo r;
         union samr_GroupInfo *info;
         struct samr_SetGroupInfo s;
@@ -5494,10 +6115,11 @@ static bool test_SetGroupInfo(struct dcerpc_pipe *p,
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryGroupInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryGroupInfo level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupInfo_r(b, tctx, &r),
+                       "QueryGroupInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryGroupInfo level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
  
@@ -5521,18 +6143,19 @@ static bool test_SetGroupInfo(struct dcerpc_pipe *p,
                         init_lsa_String(&s.in.info->description, "test description");
                 }
  
-               status = dcerpc_samr_SetGroupInfo(p, tctx, &s);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetGroupInfo_r(b, tctx, &s),
+                       "SetGroupInfo failed");
                 if (set_ok[i]) {
-                       if (!NT_STATUS_IS_OK(status)) {
-                               torture_warning(tctx, "SetGroupInfo level %u failed - %s\n",
-                                      r.in.level, nt_errstr(status));
+                       if (!NT_STATUS_IS_OK(s.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "SetGroupInfo level %u failed - %s\n",
+                                      r.in.level, nt_errstr(s.out.result));
                                 ret = false;
                                 continue;
                         }
                 } else {
-                       if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
-                               torture_warning(tctx, "SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
-                                      r.in.level, nt_errstr(status));
+                       if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, s.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "SetGroupInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
+                                      r.in.level, nt_errstr(s.out.result));
                                 ret = false;
                                 continue;
                         }
@@ -5542,11 +6165,10 @@ static bool test_SetGroupInfo(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryUserInfo(struct dcerpc_pipe *p,
+static bool test_QueryUserInfo(struct dcerpc_binding_handle *b,
                                struct torture_context *tctx,
                                struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryUserInfo r;
         union samr_UserInfo *info;
         uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
@@ -5561,10 +6183,11 @@ static bool test_QueryUserInfo(struct dcerpc_pipe *p,
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryUserInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryUserInfo level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &r),
+                       "QueryUserInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -5572,11 +6195,10 @@ static bool test_QueryUserInfo(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryUserInfo2(struct dcerpc_pipe *p,
+static bool test_QueryUserInfo2(struct dcerpc_binding_handle *b,
                                 struct torture_context *tctx,
                                 struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryUserInfo2 r;
         union samr_UserInfo *info;
         uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
@@ -5591,10 +6213,11 @@ static bool test_QueryUserInfo2(struct dcerpc_pipe *p,
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryUserInfo2(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryUserInfo2 level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo2_r(b, tctx, &r),
+                       "QueryUserInfo2 failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo2 level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -5602,11 +6225,10 @@ static bool test_QueryUserInfo2(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_OpenUser(struct dcerpc_pipe *p,
+static bool test_OpenUser(struct dcerpc_binding_handle *b,
                           struct torture_context *tctx,
                           struct policy_handle *handle, uint32_t rid)
  {
-       NTSTATUS status;
         struct samr_OpenUser r;
         struct policy_handle user_handle;
         bool ret = true;
@@ -5618,44 +6240,44 @@ static bool test_OpenUser(struct dcerpc_pipe *p,
         r.in.rid = rid;
         r.out.user_handle = &user_handle;
  
-       status = dcerpc_samr_OpenUser(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+               "OpenUser failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", rid, nt_errstr(r.out.result));
                 return false;
         }
  
-       if (!test_QuerySecurity(p, tctx, &user_handle)) {
+       if (!test_QuerySecurity(b, tctx, &user_handle)) {
                 ret = false;
         }
  
-       if (!test_QueryUserInfo(p, tctx, &user_handle)) {
+       if (!test_QueryUserInfo(b, tctx, &user_handle)) {
                 ret = false;
         }
  
-       if (!test_QueryUserInfo2(p, tctx, &user_handle)) {
+       if (!test_QueryUserInfo2(b, tctx, &user_handle)) {
                 ret = false;
         }
  
-       if (!test_GetUserPwInfo(p, tctx, &user_handle)) {
+       if (!test_GetUserPwInfo(b, tctx, &user_handle)) {
                 ret = false;
         }
  
-       if (!test_GetGroupsForUser(p,tctx, &user_handle)) {
+       if (!test_GetGroupsForUser(b, tctx, &user_handle)) {
                 ret = false;
         }
  
-       if (!test_samr_handle_Close(p, tctx, &user_handle)) {
+       if (!test_samr_handle_Close(b, tctx, &user_handle)) {
                 ret = false;
         }
  
         return ret;
  }
  
-static bool test_OpenGroup(struct dcerpc_pipe *p,
+static bool test_OpenGroup(struct dcerpc_binding_handle *b,
                            struct torture_context *tctx,
                            struct policy_handle *handle, uint32_t rid)
  {
-       NTSTATUS status;
         struct samr_OpenGroup r;
         struct policy_handle group_handle;
         bool ret = true;
@@ -5667,37 +6289,38 @@ static bool test_OpenGroup(struct dcerpc_pipe *p,
         r.in.rid = rid;
         r.out.group_handle = &group_handle;
  
-       status = dcerpc_samr_OpenGroup(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "OpenGroup(%u) failed - %s\n", rid, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenGroup_r(b, tctx, &r),
+               "OpenGroup failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "OpenGroup(%u) failed - %s\n", rid, nt_errstr(r.out.result));
                 return false;
         }
  
         if (!torture_setting_bool(tctx, "samba3", false)) {
-               if (!test_QuerySecurity(p, tctx, &group_handle)) {
+               if (!test_QuerySecurity(b, tctx, &group_handle)) {
                         ret = false;
                 }
         }
  
-       if (!test_QueryGroupInfo(p, tctx, &group_handle)) {
+       if (!test_QueryGroupInfo(b, tctx, &group_handle)) {
                 ret = false;
         }
  
-       if (!test_QueryGroupMember(p, tctx, &group_handle)) {
+       if (!test_QueryGroupMember(b, tctx, &group_handle)) {
                 ret = false;
         }
  
-       if (!test_samr_handle_Close(p, tctx, &group_handle)) {
+       if (!test_samr_handle_Close(b, tctx, &group_handle)) {
                 ret = false;
         }
  
         return ret;
  }
  
-static bool test_OpenAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_OpenAlias(struct dcerpc_binding_handle *b,
+                          struct torture_context *tctx,
                            struct policy_handle *handle, uint32_t rid)
  {
-       NTSTATUS status;
         struct samr_OpenAlias r;
         struct policy_handle alias_handle;
         bool ret = true;
@@ -5709,38 +6332,39 @@ static bool test_OpenAlias(struct dcerpc_pipe *p, struct torture_context *tctx,
         r.in.rid = rid;
         r.out.alias_handle = &alias_handle;
  
-       status = dcerpc_samr_OpenAlias(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "OpenAlias(%u) failed - %s\n", rid, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenAlias_r(b, tctx, &r),
+               "OpenAlias failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "OpenAlias(%u) failed - %s\n", rid, nt_errstr(r.out.result));
                 return false;
         }
  
         if (!torture_setting_bool(tctx, "samba3", false)) {
-               if (!test_QuerySecurity(p, tctx, &alias_handle)) {
+               if (!test_QuerySecurity(b, tctx, &alias_handle)) {
                         ret = false;
                 }
         }
  
-       if (!test_QueryAliasInfo(p, tctx, &alias_handle)) {
+       if (!test_QueryAliasInfo(b, tctx, &alias_handle)) {
                 ret = false;
         }
  
-       if (!test_GetMembersInAlias(p, tctx, &alias_handle)) {
+       if (!test_GetMembersInAlias(b, tctx, &alias_handle)) {
                 ret = false;
         }
  
-       if (!test_samr_handle_Close(p, tctx, &alias_handle)) {
+       if (!test_samr_handle_Close(b, tctx, &alias_handle)) {
                 ret = false;
         }
  
         return ret;
  }
  
-static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool check_mask(struct dcerpc_binding_handle *b,
+                      struct torture_context *tctx,
                        struct policy_handle *handle, uint32_t rid,
                        uint32_t acct_flag_mask)
  {
-       NTSTATUS status;
         struct samr_OpenUser r;
         struct samr_QueryUserInfo q;
         union samr_UserInfo *info;
@@ -5754,9 +6378,10 @@ static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx,
         r.in.rid = rid;
         r.out.user_handle = &user_handle;
  
-       status = dcerpc_samr_OpenUser(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "OpenUser(%u) failed - %s\n", rid, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+               "OpenUser failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", rid, nt_errstr(r.out.result));
                 return false;
         }
  
@@ -5764,31 +6389,31 @@ static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx,
         q.in.level = 16;
         q.out.info = &info;
  
-       status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "QueryUserInfo level 16 failed - %s\n",
-                      nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+               "QueryUserInfo failed");
+       if (!NT_STATUS_IS_OK(q.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "QueryUserInfo level 16 failed - %s\n",
+                      nt_errstr(q.out.result));
                 ret = false;
         } else {
                 if ((acct_flag_mask & info->info16.acct_flags) == 0) {
-                       torture_warning(tctx, "Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers\n",
+                       torture_result(tctx, TORTURE_FAIL, "Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers\n",
                                acct_flag_mask, info->info16.acct_flags, rid);
                         ret = false;
                 }
         }
  
-       if (!test_samr_handle_Close(p, tctx, &user_handle)) {
+       if (!test_samr_handle_Close(b, tctx, &user_handle)) {
                 ret = false;
         }
  
         return ret;
  }
  
-static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p,
+static bool test_EnumDomainUsers_all(struct dcerpc_binding_handle *b,
                                      struct torture_context *tctx,
                                      struct policy_handle *handle)
  {
-       NTSTATUS status = STATUS_MORE_ENTRIES;
         struct samr_EnumDomainUsers r;
         uint32_t mask, resume_handle=0;
         int i, mask_idx;
@@ -5816,10 +6441,11 @@ static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p,
                 r.out.num_entries = &num_entries;
                 r.out.sam = &sam;
  
-               status = dcerpc_samr_EnumDomainUsers(p, tctx, &r);
-               if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
-                   !NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "EnumDomainUsers failed - %s\n", nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainUsers_r(b, tctx, &r),
+                       "EnumDomainUsers failed");
+               if (!NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) &&
+                   !NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "EnumDomainUsers failed - %s\n", nt_errstr(r.out.result));
                         return false;
                 }
  
@@ -5831,10 +6457,10 @@ static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p,
  
                 for (i=0;i<sam->count;i++) {
                         if (mask) {
-                               if (!check_mask(p, tctx, handle, sam->entries[i].idx, mask)) {
+                               if (!check_mask(b, tctx, handle, sam->entries[i].idx, mask)) {
                                         ret = false;
                                 }
-                       } else if (!test_OpenUser(p, tctx, handle, sam->entries[i].idx)) {
+                       } else if (!test_OpenUser(b, tctx, handle, sam->entries[i].idx)) {
                                 ret = false;
                         }
                 }
@@ -5849,9 +6475,10 @@ static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p,
         for (i=0;i<sam->count;i++) {
                 n.in.names[i].string = sam->entries[i].name.string;
         }
-       status = dcerpc_samr_LookupNames(p, tctx, &n);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "LookupNames failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupNames_r(b, tctx, &n),
+               "LookupNames failed");
+       if (!NT_STATUS_IS_OK(n.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "LookupNames failed - %s\n", nt_errstr(n.out.result));
                 ret = false;
         }
  
@@ -5865,8 +6492,9 @@ static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p,
         for (i=0;i<sam->count;i++) {
                 lr.in.rids[i] = sam->entries[i].idx;
         }
-       status = dcerpc_samr_LookupRids(p, tctx, &lr);
-       torture_assert_ntstatus_ok(tctx, status, "LookupRids");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupRids_r(b, tctx, &lr),
+               "LookupRids failed");
+       torture_assert_ntstatus_ok(tctx, lr.out.result, "LookupRids");
  
         return ret;
  }
@@ -5877,7 +6505,6 @@ static bool test_EnumDomainUsers_all(struct dcerpc_pipe *p,
  static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, struct torture_context *tctx,
                                        struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_EnumDomainUsers r;
         uint32_t resume_handle=0;
         int i;
@@ -5902,12 +6529,9 @@ static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, struct torture_con
  
         for (i=0;i<ASYNC_COUNT;i++) {
                 tevent_req_poll(req[i], tctx->ev);
-               status = dcerpc_samr_EnumDomainUsers_r_recv(req[i], tctx);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "EnumDomainUsers[%d] failed - %s\n",
-                              i, nt_errstr(status));
-                       return false;
-               }
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainUsers_r_recv(req[i], tctx),
+                       talloc_asprintf(tctx, "EnumDomainUsers[%d] failed - %s\n",
+                              i, nt_errstr(r.out.result)));
         }
  
         torture_comment(tctx, "%d async requests OK\n", i);
@@ -5915,11 +6539,10 @@ static bool test_EnumDomainUsers_async(struct dcerpc_pipe *p, struct torture_con
         return true;
  }
  
-static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p,
+static bool test_EnumDomainGroups_all(struct dcerpc_binding_handle *b,
                                       struct torture_context *tctx,
                                       struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_EnumDomainGroups r;
         uint32_t resume_handle=0;
         struct samr_SamArray *sam = NULL;
@@ -5937,9 +6560,10 @@ static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p,
         r.out.num_entries = &num_entries;
         r.out.sam = &sam;
  
-       status = dcerpc_samr_EnumDomainGroups(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "EnumDomainGroups failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &r),
+               "EnumDomainGroups failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "EnumDomainGroups failed - %s\n", nt_errstr(r.out.result));
                 return false;
         }
  
@@ -5948,7 +6572,7 @@ static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p,
         }
  
         for (i=0;i<sam->count;i++) {
-               if (!test_OpenGroup(p, tctx, handle, sam->entries[i].idx)) {
+               if (!test_OpenGroup(b, tctx, handle, sam->entries[i].idx)) {
                         ret = false;
                 }
                 if ((ret == true) && (strcasecmp(sam->entries[i].name.string,
@@ -5970,11 +6594,10 @@ static bool test_EnumDomainGroups_all(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_EnumDomainAliases_all(struct dcerpc_pipe *p,
+static bool test_EnumDomainAliases_all(struct dcerpc_binding_handle *b,
                                        struct torture_context *tctx,
                                        struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_EnumDomainAliases r;
         uint32_t resume_handle=0;
         struct samr_SamArray *sam = NULL;
@@ -5991,9 +6614,10 @@ static bool test_EnumDomainAliases_all(struct dcerpc_pipe *p,
         r.out.num_entries = &num_entries;
         r.out.resume_handle = &resume_handle;
  
-       status = dcerpc_samr_EnumDomainAliases(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "EnumDomainAliases failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainAliases_r(b, tctx, &r),
+               "EnumDomainAliases failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "EnumDomainAliases failed - %s\n", nt_errstr(r.out.result));
                 return false;
         }
  
@@ -6002,7 +6626,7 @@ static bool test_EnumDomainAliases_all(struct dcerpc_pipe *p,
         }
  
         for (i=0;i<sam->count;i++) {
-               if (!test_OpenAlias(p, tctx, handle, sam->entries[i].idx)) {
+               if (!test_OpenAlias(b, tctx, handle, sam->entries[i].idx)) {
                         ret = false;
                 }
         }
@@ -6010,11 +6634,10 @@ static bool test_EnumDomainAliases_all(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p,
+static bool test_GetDisplayEnumerationIndex(struct dcerpc_binding_handle *b,
                                             struct torture_context *tctx,
                                             struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_GetDisplayEnumerationIndex r;
         bool ret = true;
         uint16_t levels[] = {1, 2, 3, 4, 5};
@@ -6033,23 +6656,25 @@ static bool test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p,
                 r.in.name = &name;
                 r.out.idx = &idx;
  
-               status = dcerpc_samr_GetDisplayEnumerationIndex(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex_r(b, tctx, &r),
+                       "GetDisplayEnumerationIndex failed");
  
                 if (ok_lvl[i] &&
-                   !NT_STATUS_IS_OK(status) &&
-                   !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
-                       torture_warning(tctx, "GetDisplayEnumerationIndex level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+                   !NT_STATUS_IS_OK(r.out.result) &&
+                   !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
  
                 init_lsa_String(&name, "zzzzzzzz");
  
-               status = dcerpc_samr_GetDisplayEnumerationIndex(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex_r(b, tctx, &r),
+                       "GetDisplayEnumerationIndex failed");
  
-               if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
-                       torture_warning(tctx, "GetDisplayEnumerationIndex level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -6057,11 +6682,10 @@ static bool test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p,
+static bool test_GetDisplayEnumerationIndex2(struct dcerpc_binding_handle *b,
                                              struct torture_context *tctx,
                                              struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_GetDisplayEnumerationIndex2 r;
         bool ret = true;
         uint16_t levels[] = {1, 2, 3, 4, 5};
@@ -6080,21 +6704,23 @@ static bool test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p,
                 r.in.name = &name;
                 r.out.idx = &idx;
  
-               status = dcerpc_samr_GetDisplayEnumerationIndex2(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex2_r(b, tctx, &r),
+                       "GetDisplayEnumerationIndex2 failed");
                 if (ok_lvl[i] &&
-                   !NT_STATUS_IS_OK(status) &&
-                   !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
-                       torture_warning(tctx, "GetDisplayEnumerationIndex2 level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+                   !NT_STATUS_IS_OK(r.out.result) &&
+                   !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex2 level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
  
                 init_lsa_String(&name, "zzzzzzzz");
  
-               status = dcerpc_samr_GetDisplayEnumerationIndex2(p, tctx, &r);
-               if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, status)) {
-                       torture_warning(tctx, "GetDisplayEnumerationIndex2 level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_GetDisplayEnumerationIndex2_r(b, tctx, &r),
+                       "GetDisplayEnumerationIndex2 failed");
+               if (ok_lvl[i] && !NT_STATUS_EQUAL(NT_STATUS_NO_MORE_ENTRIES, r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "GetDisplayEnumerationIndex2 level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -6106,18 +6732,18 @@ static bool test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p,
         if (s1.string == NULL && s2.string != NULL && s2.string[0] == '\0') { \
                 /* odd, but valid */                                            \
         } else if ((s1.string && !s2.string) || (s2.string && !s1.string) || strcmp(s1.string, s2.string)) { \
-                       torture_warning(tctx, "%s mismatch for %s: %s != %s (%s)\n", \
+                       torture_result(tctx, TORTURE_FAIL, "%s mismatch for %s: %s != %s (%s)\n", \
                                #s1, user.string,  s1.string, s2.string, __location__);   \
                         ret = false; \
         }
  #define INT_EQUAL_QUERY(s1, s2, user)          \
                 if (s1 != s2) { \
-                       torture_warning(tctx, "%s mismatch for %s: 0x%llx != 0x%llx (%s)\n", \
+                       torture_result(tctx, TORTURE_FAIL, "%s mismatch for %s: 0x%llx != 0x%llx (%s)\n", \
                                #s1, user.string, (unsigned long long)s1, (unsigned long long)s2, __location__); \
                         ret = false; \
                 }
  
-static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p,
+static bool test_each_DisplayInfo_user(struct dcerpc_binding_handle *b,
                                        struct torture_context *tctx,
                                        struct samr_QueryDisplayInfo *querydisplayinfo,
                                        bool *seen_testuser)
@@ -6127,7 +6753,6 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p,
         union samr_UserInfo *info;
         struct policy_handle user_handle;
         int i, ret = true;
-       NTSTATUS status;
         r.in.domain_handle = querydisplayinfo->in.domain_handle;
         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         for (i = 0; ; i++) {
@@ -6157,9 +6782,10 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p,
                 switch (querydisplayinfo->in.level) {
                 case 1:
                 case 2:
-                       status = dcerpc_samr_OpenUser(p, tctx, &r);
-                       if (!NT_STATUS_IS_OK(status)) {
-                               torture_warning(tctx, "OpenUser(%u) failed - %s\n", r.in.rid, nt_errstr(status));
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenUser_r(b, tctx, &r),
+                               "OpenUser failed");
+                       if (!NT_STATUS_IS_OK(r.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "OpenUser(%u) failed - %s\n", r.in.rid, nt_errstr(r.out.result));
                                 return false;
                         }
                 }
@@ -6167,9 +6793,10 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p,
                 q.in.user_handle = &user_handle;
                 q.in.level = 21;
                 q.out.info = &info;
-               status = dcerpc_samr_QueryUserInfo(p, tctx, &q);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryUserInfo(%u) failed - %s\n", r.in.rid, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
+                       "QueryUserInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryUserInfo(%u) failed - %s\n", r.in.rid, nt_errstr(r.out.result));
                         return false;
                 }
  
@@ -6201,12 +6828,12 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p,
                                         info->info21.acct_flags, info->info21.account_name);
  
                         if (!(querydisplayinfo->out.info->info2.entries[i].acct_flags & ACB_NORMAL)) {
-                               torture_warning(tctx, "Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s\n",
+                               torture_result(tctx, TORTURE_FAIL, "Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s\n",
                                        info->info21.account_name.string);
                         }
  
                         if (!(info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) {
-                               torture_warning(tctx, "Found non-trust account %s in trust account listing: 0x%x 0x%x\n",
+                               torture_result(tctx, TORTURE_FAIL, "Found non-trust account %s in trust account listing: 0x%x 0x%x\n",
                                        info->info21.account_name.string,
                                        querydisplayinfo->out.info->info2.entries[i].acct_flags,
                                        info->info21.acct_flags);
@@ -6216,18 +6843,17 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p,
                         break;
                 }
  
-               if (!test_samr_handle_Close(p, tctx, &user_handle)) {
+               if (!test_samr_handle_Close(b, tctx, &user_handle)) {
                         return false;
                 }
         }
         return ret;
  }
  
-static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
+static bool test_QueryDisplayInfo(struct dcerpc_binding_handle *b,
                                   struct torture_context *tctx,
                                   struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryDisplayInfo r;
         struct samr_QueryDomainInfo dom_info;
         union samr_DomainInfo *info = NULL;
@@ -6244,8 +6870,8 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
                 torture_comment(tctx, "Testing QueryDisplayInfo level %u\n", levels[i]);
  
                 r.in.start_idx = 0;
-               status = STATUS_MORE_ENTRIES;
-               while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+               r.out.result = STATUS_MORE_ENTRIES;
+               while (NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES)) {
                         r.in.domain_handle = handle;
                         r.in.level = levels[i];
                         r.in.max_entries = 2;
@@ -6254,21 +6880,22 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
                         r.out.returned_size = &returned_size;
                         r.out.info = &disp_info;
  
-                       status = dcerpc_samr_QueryDisplayInfo(p, tctx, &r);
-                       if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && !NT_STATUS_IS_OK(status)) {
-                               torture_warning(tctx, "QueryDisplayInfo level %u failed - %s\n",
-                                      levels[i], nt_errstr(status));
+                       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+                               "QueryDisplayInfo failed");
+                       if (!NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) && !NT_STATUS_IS_OK(r.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo level %u failed - %s\n",
+                                      levels[i], nt_errstr(r.out.result));
                                 ret = false;
                         }
                         switch (r.in.level) {
                         case 1:
-                               if (!test_each_DisplayInfo_user(p, tctx, &r, &seen_testuser)) {
+                               if (!test_each_DisplayInfo_user(b, tctx, &r, &seen_testuser)) {
                                         ret = false;
                                 }
                                 r.in.start_idx += r.out.info->info1.count;
                                 break;
                         case 2:
-                               if (!test_each_DisplayInfo_user(p, tctx, &r, NULL)) {
+                               if (!test_each_DisplayInfo_user(b, tctx, &r, NULL)) {
                                         ret = false;
                                 }
                                 r.in.start_idx += r.out.info->info2.count;
@@ -6289,10 +6916,11 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
                 dom_info.out.info = &info;
  
                 /* Check number of users returned is correct */
-               status = dcerpc_samr_QueryDomainInfo(p, tctx, &dom_info);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDomainInfo level %u failed - %s\n",
-                              r.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &dom_info),
+                       "QueryDomainInfo failed");
+               if (!NT_STATUS_IS_OK(dom_info.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u failed - %s\n",
+                              r.in.level, nt_errstr(dom_info.out.result));
                         ret = false;
                         break;
                 }
@@ -6305,7 +6933,7 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
                                  * global groups, QueryDomainInfo only global
                                  * ones. */
                                 if (torture_setting_bool(tctx, "samba3", false)) {
-                                       torture_warning(tctx, "QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
+                                       torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n",
                                                r.in.start_idx, info->general.num_groups,
                                                info->general.domain_name.string);
                                         ret = false;
@@ -6313,11 +6941,11 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
                         }
                         if (!seen_testuser) {
                                 struct policy_handle user_handle;
-                               if (NT_STATUS_IS_OK(test_OpenUser_byname(p, tctx, handle, TEST_ACCOUNT_NAME, &user_handle))) {
-                                       torture_warning(tctx, "Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n",
+                               if (NT_STATUS_IS_OK(test_OpenUser_byname(b, tctx, handle, TEST_ACCOUNT_NAME, &user_handle))) {
+                                       torture_result(tctx, TORTURE_FAIL, "Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n",
                                                info->general.domain_name.string);
                                         ret = false;
-                                       test_samr_handle_Close(p, tctx, &user_handle);
+                                       test_samr_handle_Close(b, tctx, &user_handle);
                                 }
                         }
                         break;
@@ -6329,7 +6957,7 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
                                  * global groups, QueryDomainInfo only global
                                  * ones. */
                                 if (torture_setting_bool(tctx, "samba3", false)) {
-                                       torture_warning(tctx, "QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
+                                       torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n",
                                                r.in.start_idx, info->general.num_groups,
                                                info->general.domain_name.string);
                                         ret = false;
@@ -6344,11 +6972,10 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryDisplayInfo2(struct dcerpc_pipe *p,
+static bool test_QueryDisplayInfo2(struct dcerpc_binding_handle *b,
                                    struct torture_context *tctx,
                                    struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryDisplayInfo2 r;
         bool ret = true;
         uint16_t levels[] = {1, 2, 3, 4, 5};
@@ -6369,10 +6996,11 @@ static bool test_QueryDisplayInfo2(struct dcerpc_pipe *p,
                 r.out.returned_size = &returned_size;
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryDisplayInfo2(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDisplayInfo2 level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo2_r(b, tctx, &r),
+                       "QueryDisplayInfo2 failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo2 level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -6380,10 +7008,10 @@ static bool test_QueryDisplayInfo2(struct dcerpc_pipe *p,
         return ret;
  }
  
-static bool test_QueryDisplayInfo3(struct dcerpc_pipe *p, struct torture_context *tctx,
-                                 struct policy_handle *handle)
+static bool test_QueryDisplayInfo3(struct dcerpc_binding_handle *b,
+                                  struct torture_context *tctx,
+                                  struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryDisplayInfo3 r;
         bool ret = true;
         uint16_t levels[] = {1, 2, 3, 4, 5};
@@ -6404,10 +7032,11 @@ static bool test_QueryDisplayInfo3(struct dcerpc_pipe *p, struct torture_context
                 r.out.returned_size = &returned_size;
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryDisplayInfo3(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDisplayInfo3 level %u failed - %s\n",
-                              levels[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo3_r(b, tctx, &r),
+                       "QueryDisplayInfo3 failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo3 level %u failed - %s\n",
+                              levels[i], nt_errstr(r.out.result));
                         ret = false;
                 }
         }
@@ -6416,11 +7045,10 @@ static bool test_QueryDisplayInfo3(struct dcerpc_pipe *p, struct torture_context
  }
  
  
-static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p,
+static bool test_QueryDisplayInfo_continue(struct dcerpc_binding_handle *b,
                                            struct torture_context *tctx,
                                            struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryDisplayInfo r;
         bool ret = true;
         uint32_t total_size;
@@ -6439,34 +7067,35 @@ static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p,
         r.out.info = &info;
  
         do {
-               status = dcerpc_samr_QueryDisplayInfo(p, tctx, &r);
-               if (NT_STATUS_IS_OK(status) && *r.out.returned_size != 0) {
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+                       "QueryDisplayInfo failed");
+               if (NT_STATUS_IS_OK(r.out.result) && *r.out.returned_size != 0) {
                         if (r.out.info->info1.entries[0].idx != r.in.start_idx + 1) {
-                               torture_warning(tctx, "expected idx %d but got %d\n",
+                               torture_result(tctx, TORTURE_FAIL, "expected idx %d but got %d\n",
                                        r.in.start_idx + 1,
                                        r.out.info->info1.entries[0].idx);
                                 break;
                         }
                 }
-               if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) &&
-                   !NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDisplayInfo level %u failed - %s\n",
-                              r.in.level, nt_errstr(status));
+               if (!NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) &&
+                   !NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo level %u failed - %s\n",
+                              r.in.level, nt_errstr(r.out.result));
                         ret = false;
                         break;
                 }
                 r.in.start_idx++;
-       } while ((NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) ||
-                 NT_STATUS_IS_OK(status)) &&
+       } while ((NT_STATUS_EQUAL(r.out.result, STATUS_MORE_ENTRIES) ||
+                 NT_STATUS_IS_OK(r.out.result)) &&
                  *r.out.returned_size != 0);
  
         return ret;
  }
  
-static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_QueryDomainInfo(struct dcerpc_pipe *p,
+                                struct torture_context *tctx,
                                  struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryDomainInfo r;
         union samr_DomainInfo *info = NULL;
         struct samr_SetDomainInfo s;
@@ -6474,6 +7103,7 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
         uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1,  0,  1,  0};
         int i;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
         const char *domain_comment = talloc_asprintf(tctx,
                                   "Tortured by Samba4 RPC-SAMR: %s",
                                   timestring(tctx, time(NULL)));
@@ -6483,10 +7113,11 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
         s.in.info = talloc(tctx, union samr_DomainInfo);
  
         s.in.info->oem.oem_information.string = domain_comment;
-       status = dcerpc_samr_SetDomainInfo(p, tctx, &s);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "SetDomainInfo level %u (set comment) failed - %s\n",
-                      s.in.level, nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+               "SetDomainInfo failed");
+       if (!NT_STATUS_IS_OK(s.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "SetDomainInfo level %u (set comment) failed - %s\n",
+                      s.in.level, nt_errstr(s.out.result));
                 return false;
         }
  
@@ -6497,10 +7128,11 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryDomainInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDomainInfo level %u failed - %s\n",
-                              r.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+                       "QueryDomainInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u failed - %s\n",
+                              r.in.level, nt_errstr(r.out.result));
                         ret = false;
                         continue;
                 }
@@ -6508,26 +7140,28 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
                 switch (levels[i]) {
                 case 2:
                         if (strcmp(info->general.oem_information.string, domain_comment) != 0) {
-                               torture_warning(tctx, "QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
                                        levels[i], info->general.oem_information.string, domain_comment);
                                 if (!torture_setting_bool(tctx, "samba3", false)) {
                                         ret = false;
                                 }
                         }
                         if (!info->general.primary.string) {
-                               torture_warning(tctx, "QueryDomainInfo level %u returned no PDC name\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned no PDC name\n",
                                        levels[i]);
                                 ret = false;
                         } else if (info->general.role == SAMR_ROLE_DOMAIN_PDC) {
                                 if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), info->general.primary.string) != 0) {
-                                       torture_warning(tctx, "QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n",
-                                              levels[i], info->general.primary.string, dcerpc_server_name(p));
+                                       if (torture_setting_bool(tctx, "samba3", false)) {
+                                               torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n",
+                                                      levels[i], info->general.primary.string, dcerpc_server_name(p));
+                                       }
                                 }
                         }
                         break;
                 case 4:
                         if (strcmp(info->oem.oem_information.string, domain_comment) != 0) {
-                               torture_warning(tctx, "QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n",
                                        levels[i], info->oem.oem_information.string, domain_comment);
                                 if (!torture_setting_bool(tctx, "samba3", false)) {
                                         ret = false;
@@ -6536,14 +7170,14 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
                         break;
                 case 6:
                         if (!info->info6.primary.string) {
-                               torture_warning(tctx, "QueryDomainInfo level %u returned no PDC name\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned no PDC name\n",
                                        levels[i]);
                                 ret = false;
                         }
                         break;
                 case 11:
                         if (strcmp(info->general2.general.oem_information.string, domain_comment) != 0) {
-                               torture_warning(tctx, "QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
+                               torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u returned different comment (%s, expected %s)\n",
                                        levels[i], info->general2.general.oem_information.string, domain_comment);
                                 if (!torture_setting_bool(tctx, "samba3", false)) {
                                         ret = false;
@@ -6558,27 +7192,29 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
                 s.in.level = levels[i];
                 s.in.info = info;
  
-               status = dcerpc_samr_SetDomainInfo(p, tctx, &s);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetDomainInfo_r(b, tctx, &s),
+                       "SetDomainInfo failed");
                 if (set_ok[i]) {
-                       if (!NT_STATUS_IS_OK(status)) {
-                               torture_warning(tctx, "SetDomainInfo level %u failed - %s\n",
-                                      r.in.level, nt_errstr(status));
+                       if (!NT_STATUS_IS_OK(s.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "SetDomainInfo level %u failed - %s\n",
+                                      r.in.level, nt_errstr(s.out.result));
                                 ret = false;
                                 continue;
                         }
                 } else {
-                       if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, status)) {
-                               torture_warning(tctx, "SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
-                                      r.in.level, nt_errstr(status));
+                       if (!NT_STATUS_EQUAL(NT_STATUS_INVALID_INFO_CLASS, s.out.result)) {
+                               torture_result(tctx, TORTURE_FAIL, "SetDomainInfo level %u gave %s - should have been NT_STATUS_INVALID_INFO_CLASS\n",
+                                      r.in.level, nt_errstr(s.out.result));
                                 ret = false;
                                 continue;
                         }
                 }
  
-               status = dcerpc_samr_QueryDomainInfo(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDomainInfo level %u failed - %s\n",
-                              r.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo_r(b, tctx, &r),
+                       "QueryDomainInfo failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo level %u failed - %s\n",
+                              r.in.level, nt_errstr(r.out.result));
                         ret = false;
                         continue;
                 }
@@ -6588,10 +7224,10 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context *
  }
  
  
-static bool test_QueryDomainInfo2(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_QueryDomainInfo2(struct dcerpc_binding_handle *b,
+                                 struct torture_context *tctx,
                                   struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_QueryDomainInfo2 r;
         union samr_DomainInfo *info = NULL;
         uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13};
@@ -6605,21 +7241,24 @@ static bool test_QueryDomainInfo2(struct dcerpc_pipe *p, struct torture_context
                 r.in.level = levels[i];
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryDomainInfo2(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "QueryDomainInfo2 level %u failed - %s\n",
-                              r.in.level, nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo2_r(b, tctx, &r),
+                       "QueryDomainInfo2 failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "QueryDomainInfo2 level %u failed - %s\n",
+                              r.in.level, nt_errstr(r.out.result));
                         ret = false;
                         continue;
                 }
         }
  
-       return true;
+       return ret;
  }
  
  /* Test whether querydispinfo level 5 and enumdomgroups return the same
     set of group names. */
-static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_GroupList(struct dcerpc_binding_handle *b,
+                          struct torture_context *tctx,
+                          struct dom_sid *domain_sid,
                            struct policy_handle *handle)
  {
         struct samr_EnumDomainGroups q1;
@@ -6637,6 +7276,9 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
         int num_names = 0;
         const char **names = NULL;
  
+       bool builtin_domain = dom_sid_compare(domain_sid,
+                                             &global_sid_Builtin) == 0;
+
         torture_comment(tctx, "Testing coherency of querydispinfo vs enumdomgroups\n");
  
         q1.in.domain_handle = handle;
@@ -6648,7 +7290,9 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
  
         status = STATUS_MORE_ENTRIES;
         while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
-               status = dcerpc_samr_EnumDomainGroups(p, tctx, &q1);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &q1),
+                       "EnumDomainGroups failed");
+               status = q1.out.result;
  
                 if (!NT_STATUS_IS_OK(status) &&
                     !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
@@ -6665,6 +7309,11 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
  
         torture_assert(tctx, sam, "EnumDomainGroups failed to return sam");
  
+       if (builtin_domain) {
+               torture_assert(tctx, num_names == 0,
+                              "EnumDomainGroups shouldn't return any group in the builtin domain!");
+       }
+
         q2.in.domain_handle = handle;
         q2.in.level = 5;
         q2.in.start_idx = 0;
@@ -6676,8 +7325,9 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
  
         status = STATUS_MORE_ENTRIES;
         while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
-               status = dcerpc_samr_QueryDisplayInfo(p, tctx, &q2);
-
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &q2),
+                       "QueryDisplayInfo failed");
+               status = q2.out.result;
                 if (!NT_STATUS_IS_OK(status) &&
                     !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES))
                         break;
@@ -6696,8 +7346,8 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
                                 }
                         }
  
-                       if (!found) {
-                               torture_warning(tctx, "QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
+                       if ((!found) && (!builtin_domain)) {
+                               torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo gave name [%s] that EnumDomainGroups did not\n",
                                        name);
                                 ret = false;
                         }
@@ -6706,14 +7356,19 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
         }
  
         if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "QueryDisplayInfo level 5 failed - %s\n",
+               torture_result(tctx, TORTURE_FAIL, "QueryDisplayInfo level 5 failed - %s\n",
                        nt_errstr(status));
                 ret = false;
         }
  
+       if (builtin_domain) {
+               torture_assert(tctx, q2.in.start_idx != 0,
+                              "QueryDisplayInfo should return all domain groups also on the builtin domain handle!");
+       }
+
         for (i=0; i<num_names; i++) {
                 if (names[i] != NULL) {
-                       torture_warning(tctx, "EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
+                       torture_result(tctx, TORTURE_FAIL, "EnumDomainGroups gave name [%s] that QueryDisplayInfo did not\n",
                                names[i]);
                         ret = false;
                 }
@@ -6722,46 +7377,48 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx,
         return ret;
  }
  
-static bool test_DeleteDomainGroup(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_DeleteDomainGroup(struct dcerpc_binding_handle *b,
+                                  struct torture_context *tctx,
                                    struct policy_handle *group_handle)
  {
         struct samr_DeleteDomainGroup d;
-       NTSTATUS status;
  
         torture_comment(tctx, "Testing DeleteDomainGroup\n");
  
         d.in.group_handle = group_handle;
         d.out.group_handle = group_handle;
  
-       status = dcerpc_samr_DeleteDomainGroup(p, tctx, &d);
-       torture_assert_ntstatus_ok(tctx, status, "DeleteDomainGroup");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteDomainGroup_r(b, tctx, &d),
+               "DeleteDomainGroup failed");
+       torture_assert_ntstatus_ok(tctx, d.out.result, "DeleteDomainGroup");
  
         return true;
  }
  
-static bool test_TestPrivateFunctionsDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_TestPrivateFunctionsDomain(struct dcerpc_binding_handle *b,
+                                           struct torture_context *tctx,
                                             struct policy_handle *domain_handle)
  {
         struct samr_TestPrivateFunctionsDomain r;
-       NTSTATUS status;
         bool ret = true;
  
         torture_comment(tctx, "Testing TestPrivateFunctionsDomain\n");
  
         r.in.domain_handle = domain_handle;
  
-       status = dcerpc_samr_TestPrivateFunctionsDomain(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsDomain");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_TestPrivateFunctionsDomain_r(b, tctx, &r),
+               "TestPrivateFunctionsDomain failed");
+       torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NOT_IMPLEMENTED, "TestPrivateFunctionsDomain");
  
         return ret;
  }
  
-static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_RidToSid(struct dcerpc_binding_handle *b,
+                         struct torture_context *tctx,
                           struct dom_sid *domain_sid,
                           struct policy_handle *domain_handle)
  {
         struct samr_RidToSid r;
-       NTSTATUS status;
         bool ret = true;
         struct dom_sid *calc_sid, *out_sid;
         int rids[] = { 0, 42, 512, 10200 };
@@ -6775,15 +7432,16 @@ static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx,
                 r.in.rid = rids[i];
                 r.out.sid = &out_sid;
  
-               status = dcerpc_samr_RidToSid(p, tctx, &r);
-               if (!NT_STATUS_IS_OK(status)) {
-                       torture_warning(tctx, "RidToSid for %d failed - %s\n", rids[i], nt_errstr(status));
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_RidToSid_r(b, tctx, &r),
+                       "RidToSid failed");
+               if (!NT_STATUS_IS_OK(r.out.result)) {
+                       torture_result(tctx, TORTURE_FAIL, "RidToSid for %d failed - %s\n", rids[i], nt_errstr(r.out.result));
                         ret = false;
                 } else {
                         calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]);
  
                         if (!dom_sid_equal(calc_sid, out_sid)) {
-                               torture_warning(tctx, "RidToSid for %d failed - got %s, expected %s\n", rids[i],
+                               torture_result(tctx, TORTURE_FAIL, "RidToSid for %d failed - got %s, expected %s\n", rids[i],
                                        dom_sid_string(tctx, out_sid),
                                        dom_sid_string(tctx, calc_sid));
                                 ret = false;
@@ -6794,20 +7452,24 @@ static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx,
         return ret;
  }
  
-static bool test_GetBootKeyInformation(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_GetBootKeyInformation(struct dcerpc_binding_handle *b,
+                                      struct torture_context *tctx,
                                        struct policy_handle *domain_handle)
  {
         struct samr_GetBootKeyInformation r;
-       NTSTATUS status;
         bool ret = true;
         uint32_t unknown = 0;
+       NTSTATUS status;
  
         torture_comment(tctx, "Testing GetBootKeyInformation\n");
  
         r.in.domain_handle = domain_handle;
         r.out.unknown = &unknown;
  
-       status = dcerpc_samr_GetBootKeyInformation(p, tctx, &r);
+       status = dcerpc_samr_GetBootKeyInformation_r(b, tctx, &r);
+       if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(r.out.result)) {
+               status = r.out.result;
+       }
         if (!NT_STATUS_IS_OK(status)) {
                 /* w2k3 seems to fail this sometimes and pass it sometimes */
                 torture_comment(tctx, "GetBootKeyInformation (ignored) - %s\n", nt_errstr(status));
@@ -6816,7 +7478,8 @@ static bool test_GetBootKeyInformation(struct dcerpc_pipe *p, struct torture_con
         return ret;
  }
  
-static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_AddGroupMember(struct dcerpc_binding_handle *b,
+                               struct torture_context *tctx,
                                 struct policy_handle *domain_handle,
                                 struct policy_handle *group_handle)
  {
@@ -6824,13 +7487,13 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t
         struct samr_AddGroupMember r;
         struct samr_DeleteGroupMember d;
         struct samr_QueryGroupMember q;
-       struct samr_RidTypeArray *rids = NULL;
+       struct samr_RidAttrArray *rids = NULL;
         struct samr_SetMemberAttributesOfGroup s;
         uint32_t rid;
         bool found_member = false;
         int i;
  
-       status = test_LookupName(p, tctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
+       status = test_LookupName(b, tctx, domain_handle, TEST_ACCOUNT_NAME, &rid);
         torture_assert_ntstatus_ok(tctx, status, "test_AddGroupMember looking up name " TEST_ACCOUNT_NAME);
  
         r.in.group_handle = group_handle;
@@ -6842,14 +7505,17 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t
         d.in.group_handle = group_handle;
         d.in.rid = rid;
  
-       status = dcerpc_samr_DeleteGroupMember(p, tctx, &d);
-       torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_NOT_IN_GROUP, status, "DeleteGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteGroupMember_r(b, tctx, &d),
+               "DeleteGroupMember failed");
+       torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_NOT_IN_GROUP, d.out.result, "DeleteGroupMember");
  
-       status = dcerpc_samr_AddGroupMember(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "AddGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddGroupMember_r(b, tctx, &r),
+               "AddGroupMember failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "AddGroupMember");
  
-       status = dcerpc_samr_AddGroupMember(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_IN_GROUP, status, "AddGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddGroupMember_r(b, tctx, &r),
+               "AddGroupMember failed");
+       torture_assert_ntstatus_equal(tctx, NT_STATUS_MEMBER_IN_GROUP, r.out.result, "AddGroupMember");
  
         if (torture_setting_bool(tctx, "samba4", false) ||
             torture_setting_bool(tctx, "samba3", false)) {
@@ -6862,15 +7528,17 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t
                 s.in.unknown1 = random();
                 s.in.unknown2 = random();
  
-               status = dcerpc_samr_SetMemberAttributesOfGroup(p, tctx, &s);
-               torture_assert_ntstatus_ok(tctx, status, "SetMemberAttributesOfGroup");
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetMemberAttributesOfGroup_r(b, tctx, &s),
+                       "SetMemberAttributesOfGroup failed");
+               torture_assert_ntstatus_ok(tctx, s.out.result, "SetMemberAttributesOfGroup");
         }
  
         q.in.group_handle = group_handle;
         q.out.rids = &rids;
  
-       status = dcerpc_samr_QueryGroupMember(p, tctx, &q);
-       torture_assert_ntstatus_ok(tctx, status, "QueryGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &q),
+               "QueryGroupMember failed");
+       torture_assert_ntstatus_ok(tctx, q.out.result, "QueryGroupMember");
         torture_assert(tctx, rids, "QueryGroupMember did not fill in rids structure");
  
         for (i=0; i < rids->count; i++) {
@@ -6881,14 +7549,16 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_assert(tctx, found_member, "QueryGroupMember did not list newly added member");
  
-       status = dcerpc_samr_DeleteGroupMember(p, tctx, &d);
-       torture_assert_ntstatus_ok(tctx, status, "DeleteGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_DeleteGroupMember_r(b, tctx, &d),
+               "DeleteGroupMember failed");
+       torture_assert_ntstatus_ok(tctx, d.out.result, "DeleteGroupMember");
  
         rids = NULL;
         found_member = false;
  
-       status = dcerpc_samr_QueryGroupMember(p, tctx, &q);
-       torture_assert_ntstatus_ok(tctx, status, "QueryGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryGroupMember_r(b, tctx, &q),
+               "QueryGroupMember failed");
+       torture_assert_ntstatus_ok(tctx, q.out.result, "QueryGroupMember");
         torture_assert(tctx, rids, "QueryGroupMember did not fill in rids structure");
  
         for (i=0; i < rids->count; i++) {
@@ -6899,14 +7569,15 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t
  
         torture_assert(tctx, !found_member, "QueryGroupMember does still list removed member");
  
-       status = dcerpc_samr_AddGroupMember(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "AddGroupMember");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_AddGroupMember_r(b, tctx, &r),
+               "AddGroupMember failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "AddGroupMember");
  
         return true;
  }
  
  
-static bool test_CreateDomainGroup(struct dcerpc_pipe *p,
+static bool test_CreateDomainGroup(struct dcerpc_binding_handle *b,
                                    struct torture_context *tctx,
                                    struct policy_handle *domain_handle,
                                    const char *group_name,
@@ -6914,7 +7585,6 @@ static bool test_CreateDomainGroup(struct dcerpc_pipe *p,
                                    struct dom_sid *domain_sid,
                                    bool test_group)
  {
-       NTSTATUS status;
         struct samr_CreateDomainGroup r;
         uint32_t rid;
         struct lsa_String name;
@@ -6930,48 +7600,51 @@ static bool test_CreateDomainGroup(struct dcerpc_pipe *p,
  
         torture_comment(tctx, "Testing CreateDomainGroup(%s)\n", r.in.name->string);
  
-       status = dcerpc_samr_CreateDomainGroup(p, tctx, &r);
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomainGroup_r(b, tctx, &r),
+               "CreateDomainGroup failed");
  
         if (dom_sid_equal(domain_sid, dom_sid_parse_talloc(tctx, SID_BUILTIN))) {
-               if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED)) {
                         torture_comment(tctx, "Server correctly refused create of '%s'\n", r.in.name->string);
                         return true;
                 } else {
-                       torture_warning(tctx, "Server should have refused create of '%s', got %s instead\n", r.in.name->string,
-                              nt_errstr(status));
+                       torture_result(tctx, TORTURE_FAIL, "Server should have refused create of '%s', got %s instead\n", r.in.name->string,
+                              nt_errstr(r.out.result));
                         return false;
                 }
         }
  
-       if (NT_STATUS_EQUAL(status, NT_STATUS_GROUP_EXISTS)) {
-               if (!test_DeleteGroup_byname(p, tctx, domain_handle, r.in.name->string)) {
-                       torture_warning(tctx, "CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
-                              nt_errstr(status));
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_GROUP_EXISTS)) {
+               if (!test_DeleteGroup_byname(b, tctx, domain_handle, r.in.name->string)) {
+                       torture_result(tctx, TORTURE_FAIL, "CreateDomainGroup failed: Could not delete domain group %s - %s\n", r.in.name->string,
+                              nt_errstr(r.out.result));
                         return false;
                 }
-               status = dcerpc_samr_CreateDomainGroup(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomainGroup_r(b, tctx, &r),
+                       "CreateDomainGroup failed");
         }
-       if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
-               if (!test_DeleteUser_byname(p, tctx, domain_handle, r.in.name->string)) {
+       if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_USER_EXISTS)) {
+               if (!test_DeleteUser_byname(b, tctx, domain_handle, r.in.name->string)) {
  
-                       torture_warning(tctx, "CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
-                              nt_errstr(status));
+                       torture_result(tctx, TORTURE_FAIL, "CreateDomainGroup failed: Could not delete user %s - %s\n", r.in.name->string,
+                              nt_errstr(r.out.result));
                         return false;
                 }
-               status = dcerpc_samr_CreateDomainGroup(p, tctx, &r);
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_CreateDomainGroup_r(b, tctx, &r),
+                       "CreateDomainGroup failed");
         }
-       torture_assert_ntstatus_ok(tctx, status, "CreateDomainGroup");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "CreateDomainGroup");
  
         if (!test_group) {
                 return ret;
         }
  
-       if (!test_AddGroupMember(p, tctx, domain_handle, group_handle)) {
-               torture_warning(tctx, "CreateDomainGroup failed - %s\n", nt_errstr(status));
+       if (!test_AddGroupMember(b, tctx, domain_handle, group_handle)) {
+               torture_result(tctx, TORTURE_FAIL, "CreateDomainGroup failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         }
  
-       if (!test_SetGroupInfo(p, tctx, group_handle)) {
+       if (!test_SetGroupInfo(b, tctx, group_handle)) {
                 ret = false;
         }
  
@@ -6982,23 +7655,23 @@ static bool test_CreateDomainGroup(struct dcerpc_pipe *p,
  /*
    its not totally clear what this does. It seems to accept any sid you like.
  */
-static bool test_RemoveMemberFromForeignDomain(struct dcerpc_pipe *p,
+static bool test_RemoveMemberFromForeignDomain(struct dcerpc_binding_handle *b,
                                                struct torture_context *tctx,
                                                struct policy_handle *domain_handle)
  {
-       NTSTATUS status;
         struct samr_RemoveMemberFromForeignDomain r;
  
         r.in.domain_handle = domain_handle;
         r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32-12-34-56-78");
  
-       status = dcerpc_samr_RemoveMemberFromForeignDomain(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "RemoveMemberFromForeignDomain");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_RemoveMemberFromForeignDomain_r(b, tctx, &r),
+               "RemoveMemberFromForeignDomain failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "RemoveMemberFromForeignDomain");
  
         return true;
  }
  
-static bool test_EnumDomainUsers(struct dcerpc_pipe *p,
+static bool test_EnumDomainUsers(struct dcerpc_binding_handle *b,
                                  struct torture_context *tctx,
                                  struct policy_handle *domain_handle,
                                  uint32_t *total_num_entries_p)
@@ -7022,11 +7695,13 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p,
         torture_comment(tctx, "Testing EnumDomainUsers\n");
  
         do {
-               status = dcerpc_samr_EnumDomainUsers(p, tctx, &r);
-               if (NT_STATUS_IS_ERR(status)) {
-                       torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainUsers_r(b, tctx, &r),
+                       "EnumDomainUsers failed");
+               if (NT_STATUS_IS_ERR(r.out.result)) {
+                       torture_assert_ntstatus_ok(tctx, r.out.result,
                                 "failed to enumerate users");
                 }
+               status = r.out.result;
  
                 total_num_entries += num_entries;
         } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
@@ -7038,7 +7713,7 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p,
         return true;
  }
  
-static bool test_EnumDomainGroups(struct dcerpc_pipe *p,
+static bool test_EnumDomainGroups(struct dcerpc_binding_handle *b,
                                   struct torture_context *tctx,
                                   struct policy_handle *domain_handle,
                                   uint32_t *total_num_entries_p)
@@ -7061,11 +7736,13 @@ static bool test_EnumDomainGroups(struct dcerpc_pipe *p,
         torture_comment(tctx, "Testing EnumDomainGroups\n");
  
         do {
-               status = dcerpc_samr_EnumDomainGroups(p, tctx, &r);
-               if (NT_STATUS_IS_ERR(status)) {
-                       torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainGroups_r(b, tctx, &r),
+                       "EnumDomainGroups failed");
+               if (NT_STATUS_IS_ERR(r.out.result)) {
+                       torture_assert_ntstatus_ok(tctx, r.out.result,
                                 "failed to enumerate groups");
                 }
+               status = r.out.result;
  
                 total_num_entries += num_entries;
         } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
@@ -7077,7 +7754,7 @@ static bool test_EnumDomainGroups(struct dcerpc_pipe *p,
         return true;
  }
  
-static bool test_EnumDomainAliases(struct dcerpc_pipe *p,
+static bool test_EnumDomainAliases(struct dcerpc_binding_handle *b,
                                    struct torture_context *tctx,
                                    struct policy_handle *domain_handle,
                                    uint32_t *total_num_entries_p)
@@ -7100,11 +7777,13 @@ static bool test_EnumDomainAliases(struct dcerpc_pipe *p,
         torture_comment(tctx, "Testing EnumDomainAliases\n");
  
         do {
-               status = dcerpc_samr_EnumDomainAliases(p, tctx, &r);
-               if (NT_STATUS_IS_ERR(status)) {
-                       torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomainAliases_r(b, tctx, &r),
+                       "EnumDomainAliases failed");
+               if (NT_STATUS_IS_ERR(r.out.result)) {
+                       torture_assert_ntstatus_ok(tctx, r.out.result,
                                 "failed to enumerate aliases");
                 }
+               status = r.out.result;
  
                 total_num_entries += num_entries;
         } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
@@ -7116,7 +7795,7 @@ static bool test_EnumDomainAliases(struct dcerpc_pipe *p,
         return true;
  }
  
-static bool test_QueryDisplayInfo_level(struct dcerpc_pipe *p,
+static bool test_QueryDisplayInfo_level(struct dcerpc_binding_handle *b,
                                         struct torture_context *tctx,
                                         struct policy_handle *handle,
                                         uint16_t level,
@@ -7143,11 +7822,13 @@ static bool test_QueryDisplayInfo_level(struct dcerpc_pipe *p,
                 r.out.returned_size = &returned_size;
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryDisplayInfo(p, tctx, &r);
-               if (NT_STATUS_IS_ERR(status)) {
-                       torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDisplayInfo_r(b, tctx, &r),
+                       "failed to query displayinfo");
+               if (NT_STATUS_IS_ERR(r.out.result)) {
+                       torture_assert_ntstatus_ok(tctx, r.out.result,
                                 "failed to query displayinfo");
                 }
+               status = r.out.result;
  
                 if (*r.out.returned_size == 0) {
                         break;
@@ -7198,9 +7879,8 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
         uint32_t num_disp = 0;
         uint32_t num_created = 0;
         uint32_t num_anounced = 0;
-       bool ret = true;
-       NTSTATUS status;
         uint32_t i;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         struct policy_handle *handles = talloc_zero_array(tctx, struct policy_handle, num_total);
  
@@ -7213,8 +7893,9 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
                 r.in.level = 2;
                 r.out.info = &info;
  
-               status = dcerpc_samr_QueryDomainInfo2(p, tctx, &r);
-               torture_assert_ntstatus_ok(tctx, status,
+               torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryDomainInfo2_r(b, tctx, &r),
+                       "QueryDomainInfo2 failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
                         "failed to query domain info");
  
                 switch (ctx->choice) {
@@ -7241,20 +7922,26 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
                 switch (ctx->choice) {
                 case TORTURE_SAMR_MANY_ACCOUNTS:
                         name = talloc_asprintf(tctx, "%s%04d", TEST_ACCOUNT_NAME, i);
-                       ret &= test_CreateUser(p, tctx, domain_handle, name, &handles[i], domain_sid, 0, NULL, false);
+                       torture_assert(tctx,
+                               test_CreateUser(p, tctx, domain_handle, name, &handles[i], domain_sid, 0, NULL, false),
+                               "failed to create user");
                         break;
                 case TORTURE_SAMR_MANY_GROUPS:
                         name = talloc_asprintf(tctx, "%s%04d", TEST_GROUPNAME, i);
-                       ret &= test_CreateDomainGroup(p, tctx, domain_handle, name, &handles[i], domain_sid, false);
+                       torture_assert(tctx,
+                               test_CreateDomainGroup(b, tctx, domain_handle, name, &handles[i], domain_sid, false),
+                               "failed to create group");
                         break;
                 case TORTURE_SAMR_MANY_ALIASES:
                         name = talloc_asprintf(tctx, "%s%04d", TEST_ALIASNAME, i);
-                       ret &= test_CreateAlias(p, tctx, domain_handle, name, &handles[i], domain_sid, false);
+                       torture_assert(tctx,
+                               test_CreateAlias(b, tctx, domain_handle, name, &handles[i], domain_sid, false),
+                               "failed to create alias");
                         break;
                 default:
                         return false;
                 }
-               if (!policy_handle_empty(&handles[i])) {
+               if (!ndr_policy_handle_empty(&handles[i])) {
                         num_created++;
                 }
         }
@@ -7263,13 +7950,19 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
  
         switch (ctx->choice) {
         case TORTURE_SAMR_MANY_ACCOUNTS:
-               ret &= test_EnumDomainUsers(p, tctx, domain_handle, &num_enum);
+               torture_assert(tctx,
+                       test_EnumDomainUsers(b, tctx, domain_handle, &num_enum),
+                       "failed to enum users");
                 break;
         case TORTURE_SAMR_MANY_GROUPS:
-               ret &= test_EnumDomainGroups(p, tctx, domain_handle, &num_enum);
+               torture_assert(tctx,
+                       test_EnumDomainGroups(b, tctx, domain_handle, &num_enum),
+                       "failed to enum groups");
                 break;
         case TORTURE_SAMR_MANY_ALIASES:
-               ret &= test_EnumDomainAliases(p, tctx, domain_handle, &num_enum);
+               torture_assert(tctx,
+                       test_EnumDomainAliases(b, tctx, domain_handle, &num_enum),
+                       "failed to enum aliases");
                 break;
         default:
                 return false;
@@ -7279,10 +7972,14 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
  
         switch (ctx->choice) {
         case TORTURE_SAMR_MANY_ACCOUNTS:
-               ret &= test_QueryDisplayInfo_level(p, tctx, domain_handle, 1, &num_disp);
+               torture_assert(tctx,
+                       test_QueryDisplayInfo_level(b, tctx, domain_handle, 1, &num_disp),
+                       "failed to query display info");
                 break;
         case TORTURE_SAMR_MANY_GROUPS:
-               ret &= test_QueryDisplayInfo_level(p, tctx, domain_handle, 3, &num_disp);
+               torture_assert(tctx,
+                       test_QueryDisplayInfo_level(b, tctx, domain_handle, 3, &num_disp),
+                       "failed to query display info");
                 break;
         case TORTURE_SAMR_MANY_ALIASES:
                 /* no aliases in dispinfo */
@@ -7295,22 +7992,30 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
  
         for (i=0; i < num_total; i++) {
  
-               if (policy_handle_empty(&handles[i])) {
+               if (ndr_policy_handle_empty(&handles[i])) {
                         continue;
                 }
  
                 if (torture_setting_bool(tctx, "samba3", false)) {
-                       ret &= test_samr_handle_Close(p, tctx, &handles[i]);
+                       torture_assert(tctx,
+                               test_samr_handle_Close(b, tctx, &handles[i]),
+                               "failed to close handle");
                 } else {
                         switch (ctx->choice) {
                         case TORTURE_SAMR_MANY_ACCOUNTS:
-                               ret &= test_DeleteUser(p, tctx, &handles[i]);
+                               torture_assert(tctx,
+                                       test_DeleteUser(b, tctx, &handles[i]),
+                                       "failed to delete user");
                                 break;
                         case TORTURE_SAMR_MANY_GROUPS:
-                               ret &= test_DeleteDomainGroup(p, tctx, &handles[i]);
+                               torture_assert(tctx,
+                                       test_DeleteDomainGroup(b, tctx, &handles[i]),
+                                       "failed to delete group");
                                 break;
                         case TORTURE_SAMR_MANY_ALIASES:
-                               ret &= test_DeleteAlias(p, tctx, &handles[i]);
+                               torture_assert(tctx,
+                                       test_DeleteAlias(b, tctx, &handles[i]),
+                                       "failed to delete alias");
                                 break;
                         default:
                                 return false;
@@ -7329,22 +8034,24 @@ static bool test_ManyObjects(struct dcerpc_pipe *p,
                                 "unexpected number of results (%u) returned in dispinfo, call, expected %u\n",
                                 num_disp, num_anounced + num_created);
         }
-       return ret;
+
+       return true;
  }
  
-static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_Connect(struct dcerpc_binding_handle *b,
+                        struct torture_context *tctx,
                          struct policy_handle *handle);
  
  static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
                             struct torture_samr_context *ctx, struct dom_sid *sid)
  {
-       NTSTATUS status;
         struct samr_OpenDomain r;
         struct policy_handle domain_handle;
         struct policy_handle alias_handle;
         struct policy_handle user_handle;
         struct policy_handle group_handle;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         ZERO_STRUCT(alias_handle);
         ZERO_STRUCT(user_handle);
@@ -7358,12 +8065,13 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
         r.in.sid = sid;
         r.out.domain_handle = &domain_handle;
  
-       status = dcerpc_samr_OpenDomain(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "OpenDomain");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_OpenDomain_r(b, tctx, &r),
+               "OpenDomain failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "OpenDomain failed");
  
         /* run the domain tests with the main handle closed - this tests
            the servers reference counting */
-       torture_assert(tctx, test_samr_handle_Close(p, tctx, &ctx->handle), "Failed to close SAMR handle");
+       torture_assert(tctx, test_samr_handle_Close(b, tctx, &ctx->handle), "Failed to close SAMR handle");
  
         switch (ctx->choice) {
         case TORTURE_SAMR_PASSWORDS:
@@ -7373,7 +8081,7 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
                 }
                 ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
                 if (!ret) {
-                       torture_warning(tctx, "Testing PASSWORDS or PRIVILEGES on domain %s failed!\n", dom_sid_string(tctx, sid));
+                       torture_result(tctx, TORTURE_FAIL, "Testing PASSWORDS or PRIVILEGES on domain %s failed!\n", dom_sid_string(tctx, sid));
                 }
                 break;
         case TORTURE_SAMR_USER_ATTRIBUTES:
@@ -7382,9 +8090,9 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
                 }
                 ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
                 /* This test needs 'complex' users to validate */
-               ret &= test_QueryDisplayInfo(p, tctx, &domain_handle);
+               ret &= test_QueryDisplayInfo(b, tctx, &domain_handle);
                 if (!ret) {
-                       torture_warning(tctx, "Testing ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid));
+                       torture_result(tctx, TORTURE_FAIL, "Testing ATTRIBUTES on domain %s failed!\n", dom_sid_string(tctx, sid));
                 }
                 break;
         case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
@@ -7395,7 +8103,7 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
                 }
                 ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, ctx->machine_credentials, true);
                 if (!ret) {
-                       torture_warning(tctx, "Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed!\n", dom_sid_string(tctx, sid));
+                       torture_result(tctx, TORTURE_FAIL, "Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed!\n", dom_sid_string(tctx, sid));
                 }
                 break;
         case TORTURE_SAMR_MANY_ACCOUNTS:
@@ -7403,69 +8111,69 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
         case TORTURE_SAMR_MANY_ALIASES:
                 ret &= test_ManyObjects(p, tctx, &domain_handle, sid, ctx);
                 if (!ret) {
-                       torture_warning(tctx, "Testing MANY-{ACCOUNTS,GROUPS,ALIASES} on domain %s failed!\n", dom_sid_string(tctx, sid));
+                       torture_result(tctx, TORTURE_FAIL, "Testing MANY-{ACCOUNTS,GROUPS,ALIASES} on domain %s failed!\n", dom_sid_string(tctx, sid));
                 }
                 break;
         case TORTURE_SAMR_OTHER:
                 ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, NULL, true);
                 if (!ret) {
-                       torture_warning(tctx, "Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid));
+                       torture_result(tctx, TORTURE_FAIL, "Failed to CreateUser in SAMR-OTHER on domain %s!\n", dom_sid_string(tctx, sid));
                 }
                 if (!torture_setting_bool(tctx, "samba3", false)) {
-                       ret &= test_QuerySecurity(p, tctx, &domain_handle);
+                       ret &= test_QuerySecurity(b, tctx, &domain_handle);
                 }
-               ret &= test_RemoveMemberFromForeignDomain(p, tctx, &domain_handle);
-               ret &= test_CreateAlias(p, tctx, &domain_handle, TEST_ALIASNAME, &alias_handle, sid, true);
-               ret &= test_CreateDomainGroup(p, tctx, &domain_handle, TEST_GROUPNAME, &group_handle, sid, true);
-               ret &= test_GetAliasMembership(p, tctx, &domain_handle);
+               ret &= test_RemoveMemberFromForeignDomain(b, tctx, &domain_handle);
+               ret &= test_CreateAlias(b, tctx, &domain_handle, TEST_ALIASNAME, &alias_handle, sid, true);
+               ret &= test_CreateDomainGroup(b, tctx, &domain_handle, TEST_GROUPNAME, &group_handle, sid, true);
+               ret &= test_GetAliasMembership(b, tctx, &domain_handle);
                 ret &= test_QueryDomainInfo(p, tctx, &domain_handle);
-               ret &= test_QueryDomainInfo2(p, tctx, &domain_handle);
-               ret &= test_EnumDomainUsers_all(p, tctx, &domain_handle);
+               ret &= test_QueryDomainInfo2(b, tctx, &domain_handle);
+               ret &= test_EnumDomainUsers_all(b, tctx, &domain_handle);
                 ret &= test_EnumDomainUsers_async(p, tctx, &domain_handle);
-               ret &= test_EnumDomainGroups_all(p, tctx, &domain_handle);
-               ret &= test_EnumDomainAliases_all(p, tctx, &domain_handle);
-               ret &= test_QueryDisplayInfo2(p, tctx, &domain_handle);
-               ret &= test_QueryDisplayInfo3(p, tctx, &domain_handle);
-               ret &= test_QueryDisplayInfo_continue(p, tctx, &domain_handle);
+               ret &= test_EnumDomainGroups_all(b, tctx, &domain_handle);
+               ret &= test_EnumDomainAliases_all(b, tctx, &domain_handle);
+               ret &= test_QueryDisplayInfo2(b, tctx, &domain_handle);
+               ret &= test_QueryDisplayInfo3(b, tctx, &domain_handle);
+               ret &= test_QueryDisplayInfo_continue(b, tctx, &domain_handle);
  
                 if (torture_setting_bool(tctx, "samba4", false)) {
                         torture_comment(tctx, "skipping GetDisplayEnumerationIndex test against Samba4\n");
                 } else {
-                       ret &= test_GetDisplayEnumerationIndex(p, tctx, &domain_handle);
-                       ret &= test_GetDisplayEnumerationIndex2(p, tctx, &domain_handle);
+                       ret &= test_GetDisplayEnumerationIndex(b, tctx, &domain_handle);
+                       ret &= test_GetDisplayEnumerationIndex2(b, tctx, &domain_handle);
                 }
-               ret &= test_GroupList(p, tctx, &domain_handle);
-               ret &= test_TestPrivateFunctionsDomain(p, tctx, &domain_handle);
-               ret &= test_RidToSid(p, tctx, sid, &domain_handle);
-               ret &= test_GetBootKeyInformation(p, tctx, &domain_handle);
+               ret &= test_GroupList(b, tctx, sid, &domain_handle);
+               ret &= test_TestPrivateFunctionsDomain(b, tctx, &domain_handle);
+               ret &= test_RidToSid(b, tctx, sid, &domain_handle);
+               ret &= test_GetBootKeyInformation(b, tctx, &domain_handle);
                 if (!ret) {
                         torture_comment(tctx, "Testing SAMR-OTHER on domain %s failed!\n", dom_sid_string(tctx, sid));
                 }
                 break;
         }
  
-       if (!policy_handle_empty(&user_handle) &&
-           !test_DeleteUser(p, tctx, &user_handle)) {
+       if (!ndr_policy_handle_empty(&user_handle) &&
+           !test_DeleteUser(b, tctx, &user_handle)) {
                 ret = false;
         }
  
-       if (!policy_handle_empty(&alias_handle) &&
-           !test_DeleteAlias(p, tctx, &alias_handle)) {
+       if (!ndr_policy_handle_empty(&alias_handle) &&
+           !test_DeleteAlias(b, tctx, &alias_handle)) {
                 ret = false;
         }
  
-       if (!policy_handle_empty(&group_handle) &&
-           !test_DeleteDomainGroup(p, tctx, &group_handle)) {
+       if (!ndr_policy_handle_empty(&group_handle) &&
+           !test_DeleteDomainGroup(b, tctx, &group_handle)) {
                 ret = false;
         }
  
-       torture_assert(tctx, test_samr_handle_Close(p, tctx, &domain_handle), "Failed to close SAMR domain handle");
+       torture_assert(tctx, test_samr_handle_Close(b, tctx, &domain_handle), "Failed to close SAMR domain handle");
  
-       torture_assert(tctx, test_Connect(p, tctx, &ctx->handle), "Faile to re-connect SAMR handle");
+       torture_assert(tctx, test_Connect(b, tctx, &ctx->handle), "Faile to re-connect SAMR handle");
         /* reconnect the main handle */
  
         if (!ret) {
-               torture_warning(tctx, "Testing domain %s failed!\n", dom_sid_string(tctx, sid));
+               torture_result(tctx, TORTURE_FAIL, "Testing domain %s failed!\n", dom_sid_string(tctx, sid));
         }
  
         return ret;
@@ -7474,12 +8182,12 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
  static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
                               struct torture_samr_context *ctx, const char *domain)
  {
-       NTSTATUS status;
         struct samr_LookupDomain r;
         struct dom_sid2 *sid = NULL;
         struct lsa_String n1;
         struct lsa_String n2;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         torture_comment(tctx, "Testing LookupDomain(%s)\n", domain);
  
@@ -7489,21 +8197,24 @@ static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tct
         r.out.sid = &sid;
         n2.string = NULL;
  
-       status = dcerpc_samr_LookupDomain(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER, status, "LookupDomain expected NT_STATUS_INVALID_PARAMETER");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+               "LookupDomain failed");
+       torture_assert_ntstatus_equal(tctx, NT_STATUS_INVALID_PARAMETER, r.out.result, "LookupDomain expected NT_STATUS_INVALID_PARAMETER");
  
         init_lsa_String(&n2, "xxNODOMAINxx");
  
-       status = dcerpc_samr_LookupDomain(p, tctx, &r);
-       torture_assert_ntstatus_equal(tctx, NT_STATUS_NO_SUCH_DOMAIN, status, "LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+               "LookupDomain failed");
+       torture_assert_ntstatus_equal(tctx, NT_STATUS_NO_SUCH_DOMAIN, r.out.result, "LookupDomain expected NT_STATUS_NO_SUCH_DOMAIN");
  
         r.in.connect_handle = &ctx->handle;
  
         init_lsa_String(&n1, domain);
         r.in.domain_name = &n1;
  
-       status = dcerpc_samr_LookupDomain(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "LookupDomain");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_LookupDomain_r(b, tctx, &r),
+               "LookupDomain failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "LookupDomain");
  
         if (!test_GetDomPwInfo(p, tctx, &n1)) {
                 ret = false;
@@ -7520,13 +8231,13 @@ static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tct
  static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx,
                              struct torture_samr_context *ctx)
  {
-       NTSTATUS status;
         struct samr_EnumDomains r;
         uint32_t resume_handle = 0;
         uint32_t num_entries = 0;
         struct samr_SamArray *sam = NULL;
         int i;
         bool ret = true;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
         r.in.connect_handle = &ctx->handle;
         r.in.resume_handle = &resume_handle;
@@ -7535,8 +8246,9 @@ static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx
         r.out.num_entries = &num_entries;
         r.out.sam = &sam;
  
-       status = dcerpc_samr_EnumDomains(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "EnumDomains");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &r),
+               "EnumDomains failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "EnumDomains failed");
  
         if (!*r.out.sam) {
                 return false;
@@ -7549,17 +8261,18 @@ static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx
                 }
         }
  
-       status = dcerpc_samr_EnumDomains(p, tctx, &r);
-       torture_assert_ntstatus_ok(tctx, status, "EnumDomains");
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_EnumDomains_r(b, tctx, &r),
+               "EnumDomains failed");
+       torture_assert_ntstatus_ok(tctx, r.out.result, "EnumDomains failed");
  
         return ret;
  }
  
  
-static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
+static bool test_Connect(struct dcerpc_binding_handle *b,
+                        struct torture_context *tctx,
                          struct policy_handle *handle)
  {
-       NTSTATUS status;
         struct samr_Connect r;
         struct samr_Connect2 r2;
         struct samr_Connect3 r3;
@@ -7570,78 +8283,82 @@ static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
         uint32_t level_out = 0;
         bool ret = true, got_handle = false;
  
-       torture_comment(tctx, "testing samr_Connect\n");
+       torture_comment(tctx, "Testing samr_Connect\n");
  
-       r.in.system_name = 0;
+       r.in.system_name = NULL;
         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r.out.connect_handle = &h;
  
-       status = dcerpc_samr_Connect(p, tctx, &r);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "Connect failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect_r(b, tctx, &r),
+               "Connect failed");
+       if (!NT_STATUS_IS_OK(r.out.result)) {
+               torture_comment(tctx, "Connect failed - %s\n", nt_errstr(r.out.result));
                 ret = false;
         } else {
                 got_handle = true;
                 *handle = h;
         }
  
-       torture_comment(tctx, "testing samr_Connect2\n");
+       torture_comment(tctx, "Testing samr_Connect2\n");
  
         r2.in.system_name = NULL;
         r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r2.out.connect_handle = &h;
  
-       status = dcerpc_samr_Connect2(p, tctx, &r2);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_comment(tctx, "Connect2 failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect2_r(b, tctx, &r2),
+               "Connect2 failed");
+       if (!NT_STATUS_IS_OK(r2.out.result)) {
+               torture_comment(tctx, "Connect2 failed - %s\n", nt_errstr(r2.out.result));
                 ret = false;
         } else {
                 if (got_handle) {
-                       test_samr_handle_Close(p, tctx, handle);
+                       test_samr_handle_Close(b, tctx, handle);
                 }
                 got_handle = true;
                 *handle = h;
         }
  
-       torture_comment(tctx, "testing samr_Connect3\n");
+       torture_comment(tctx, "Testing samr_Connect3\n");
  
         r3.in.system_name = NULL;
         r3.in.unknown = 0;
         r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r3.out.connect_handle = &h;
  
-       status = dcerpc_samr_Connect3(p, tctx, &r3);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "Connect3 failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect3_r(b, tctx, &r3),
+               "Connect3 failed");
+       if (!NT_STATUS_IS_OK(r3.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "Connect3 failed - %s\n", nt_errstr(r3.out.result));
                 ret = false;
         } else {
                 if (got_handle) {
-                       test_samr_handle_Close(p, tctx, handle);
+                       test_samr_handle_Close(b, tctx, handle);
                 }
                 got_handle = true;
                 *handle = h;
         }
  
-       torture_comment(tctx, "testing samr_Connect4\n");
+       torture_comment(tctx, "Testing samr_Connect4\n");
  
         r4.in.system_name = "";
         r4.in.client_version = 0;
         r4.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
         r4.out.connect_handle = &h;
  
-       status = dcerpc_samr_Connect4(p, tctx, &r4);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "Connect4 failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect4_r(b, tctx, &r4),
+               "Connect4 failed");
+       if (!NT_STATUS_IS_OK(r4.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "Connect4 failed - %s\n", nt_errstr(r4.out.result));
                 ret = false;
         } else {
                 if (got_handle) {
-                       test_samr_handle_Close(p, tctx, handle);
+                       test_samr_handle_Close(b, tctx, handle);
                 }
                 got_handle = true;
                 *handle = h;
         }
  
-       torture_comment(tctx, "testing samr_Connect5\n");
+       torture_comment(tctx, "Testing samr_Connect5\n");
  
         info.info1.client_version = 0;
         info.info1.unknown2 = 0;
@@ -7654,13 +8371,14 @@ static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
         r5.out.info_out = &info;
         r5.out.connect_handle = &h;
  
-       status = dcerpc_samr_Connect5(p, tctx, &r5);
-       if (!NT_STATUS_IS_OK(status)) {
-               torture_warning(tctx, "Connect5 failed - %s\n", nt_errstr(status));
+       torture_assert_ntstatus_ok(tctx, dcerpc_samr_Connect5_r(b, tctx, &r5),
+               "Connect5 failed");
+       if (!NT_STATUS_IS_OK(r5.out.result)) {
+               torture_result(tctx, TORTURE_FAIL, "Connect5 failed - %s\n", nt_errstr(r5.out.result));
                 ret = false;
         } else {
                 if (got_handle) {
-                       test_samr_handle_Close(p, tctx, handle);
+                       test_samr_handle_Close(b, tctx, handle);
                 }
                 got_handle = true;
                 *handle = h;
@@ -7670,7 +8388,8 @@ static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx,
  }
  
  
-static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, struct torture_context *tctx)
+static bool test_samr_ValidatePassword(struct torture_context *tctx,
+                                      struct dcerpc_pipe *p)
  {
         struct samr_ValidatePassword r;
         union samr_ValidatePasswordReq req;
@@ -7678,8 +8397,13 @@ static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, struct torture_con
         NTSTATUS status;
         const char *passwords[] = { "penguin", "p@ssw0rd", "p@ssw0rd123$", NULL };
         int i;
+       struct dcerpc_binding_handle *b = p->binding_handle;
  
-       torture_comment(tctx, "testing samr_ValidatePassword\n");
+       torture_comment(tctx, "Testing samr_ValidatePassword\n");
+
+       if (p->conn->transport.transport != NCACN_IP_TCP) {
+               torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n");
+       }
  
         ZERO_STRUCT(r);
         r.in.level = NetValidatePasswordReset;
@@ -7687,16 +8411,19 @@ static bool test_samr_ValidatePassword(struct dcerpc_pipe *p, struct torture_con
         r.out.rep = &repp;
  
         ZERO_STRUCT(req);
-       req.req3.account.string = "non-existant-account-aklsdji";
+       req.req3.account.string = "non-existent-account-aklsdji";
  
         for (i=0; passwords[i]; i++) {
                 req.req3.password.string = passwords[i];
-               status = dcerpc_samr_ValidatePassword(p, tctx, &r);
-               if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT) &&
-                   p->last_fault_code == DCERPC_FAULT_OP_RNG_ERROR) {
+
+               status = dcerpc_samr_ValidatePassword_r(b, tctx, &r);
+               if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
                         torture_skip(tctx, "ValidatePassword not supported by server\n");
                 }
-               torture_assert_ntstatus_ok(tctx, status, "samr_ValidatePassword");
+               torture_assert_ntstatus_ok(tctx, status,
+                                          "samr_ValidatePassword failed");
+               torture_assert_ntstatus_ok(tctx, r.out.result,
+                                          "samr_ValidatePassword failed");
                 torture_comment(tctx, "Server %s password '%s' with code %i\n",
                                 repp->ctr3.status==SAMR_VALIDATION_STATUS_SUCCESS?"allowed":"refused",
                                 req.req3.password.string, repp->ctr3.status);
@@ -7711,29 +8438,31 @@ bool torture_rpc_samr(struct torture_context *torture)
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_OTHER;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         if (!torture_setting_bool(torture, "samba3", false)) {
-               ret &= test_QuerySecurity(p, torture, &ctx->handle);
+               ret &= test_QuerySecurity(b, torture, &ctx->handle);
         }
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_SetDsrmPassword(p, torture, &ctx->handle);
+       ret &= test_SetDsrmPassword(b, torture, &ctx->handle);
  
-       ret &= test_Shutdown(p, torture, &ctx->handle);
+       ret &= test_Shutdown(b, torture, &ctx->handle);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
@@ -7745,29 +8474,31 @@ bool torture_rpc_samr_users(struct torture_context *torture)
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_USER_ATTRIBUTES;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         if (!torture_setting_bool(torture, "samba3", false)) {
-               ret &= test_QuerySecurity(p, torture, &ctx->handle);
+               ret &= test_QuerySecurity(b, torture, &ctx->handle);
         }
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_SetDsrmPassword(p, torture, &ctx->handle);
+       ret &= test_SetDsrmPassword(b, torture, &ctx->handle);
  
-       ret &= test_Shutdown(p, torture, &ctx->handle);
+       ret &= test_Shutdown(b, torture, &ctx->handle);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
@@ -7779,23 +8510,23 @@ bool torture_rpc_samr_passwords(struct torture_context *torture)
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_PASSWORDS;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
-
-       ret &= test_samr_ValidatePassword(p, torture);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
@@ -7808,29 +8539,31 @@ static bool torture_rpc_samr_pwdlastset(struct torture_context *torture,
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_PASSWORDS_PWDLASTSET;
         ctx->machine_credentials = machine_credentials;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
  
  struct torture_suite *torture_rpc_samr_passwords_pwdlastset(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-PASSWORDS-PWDLASTSET");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.pwdlastset");
         struct torture_rpc_tcase *tcase;
  
         tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
@@ -7851,29 +8584,31 @@ static bool torture_rpc_samr_users_privileges_delete_user(struct torture_context
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_USER_PRIVILEGES;
         ctx->machine_credentials = machine_credentials;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
  
  struct torture_suite *torture_rpc_samr_user_privileges(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-USERS-PRIVILEGES");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.users.privileges");
         struct torture_rpc_tcase *tcase;
  
         tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
@@ -7895,21 +8630,23 @@ static bool torture_rpc_samr_many_accounts(struct torture_context *torture,
         bool ret = true;
         struct torture_samr_context *ctx =
                 talloc_get_type_abort(data, struct torture_samr_context);
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx->choice = TORTURE_SAMR_MANY_ACCOUNTS;
         ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
                                                         ctx->num_objects_large_dc);
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
@@ -7923,21 +8660,23 @@ static bool torture_rpc_samr_many_groups(struct torture_context *torture,
         bool ret = true;
         struct torture_samr_context *ctx =
                 talloc_get_type_abort(data, struct torture_samr_context);
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx->choice = TORTURE_SAMR_MANY_GROUPS;
         ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
                                                         ctx->num_objects_large_dc);
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
@@ -7951,28 +8690,30 @@ static bool torture_rpc_samr_many_aliases(struct torture_context *torture,
         bool ret = true;
         struct torture_samr_context *ctx =
                 talloc_get_type_abort(data, struct torture_samr_context);
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx->choice = TORTURE_SAMR_MANY_ALIASES;
         ctx->num_objects_large_dc = torture_setting_int(torture, "large_dc",
                                                         ctx->num_objects_large_dc);
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
  
  struct torture_suite *torture_rpc_samr_large_dc(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-LARGE-DC");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.large-dc");
         struct torture_rpc_tcase *tcase;
         struct torture_samr_context *ctx;
  
@@ -7999,29 +8740,31 @@ static bool torture_rpc_samr_badpwdcount(struct torture_context *torture,
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_PASSWORDS_BADPWDCOUNT;
         ctx->machine_credentials = machine_credentials;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
  
  struct torture_suite *torture_rpc_samr_passwords_badpwdcount(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-PASSWORDS-BADPWDCOUNT");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.badpwdcount");
         struct torture_rpc_tcase *tcase;
  
         tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
@@ -8042,29 +8785,31 @@ static bool torture_rpc_samr_lockout(struct torture_context *torture,
         struct dcerpc_pipe *p;
         bool ret = true;
         struct torture_samr_context *ctx;
+       struct dcerpc_binding_handle *b;
  
         status = torture_rpc_connection(torture, &p, &ndr_table_samr);
         if (!NT_STATUS_IS_OK(status)) {
                 return false;
         }
+       b = p->binding_handle;
  
         ctx = talloc_zero(torture, struct torture_samr_context);
  
         ctx->choice = TORTURE_SAMR_PASSWORDS_LOCKOUT;
         ctx->machine_credentials = machine_credentials;
  
-       ret &= test_Connect(p, torture, &ctx->handle);
+       ret &= test_Connect(b, torture, &ctx->handle);
  
         ret &= test_EnumDomains(p, torture, ctx);
  
-       ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+       ret &= test_samr_handle_Close(b, torture, &ctx->handle);
  
         return ret;
  }
  
  struct torture_suite *torture_rpc_samr_passwords_lockout(TALLOC_CTX *mem_ctx)
  {
-       struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-PASSWORDS-LOCKOUT");
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.lockout");
         struct torture_rpc_tcase *tcase;
  
         tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
@@ -8077,4 +8822,15 @@ struct torture_suite *torture_rpc_samr_passwords_lockout(TALLOC_CTX *mem_ctx)
         return suite;
  }
  
+struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx)
+{
+       struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate");
+       struct torture_rpc_tcase *tcase;
+
+       tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
+                                                 &ndr_table_samr);
+       torture_rpc_tcase_add_test(tcase, "validate",
+                                  test_samr_ValidatePassword);
  
+       return suite;
+}