r13522: Add SAMR_GET_USRDOM_PWINFO client-side.

Guenther
(This used to be commit 290a581b7567eab82b18fbadae9aa2ab29e95069)

4 files changed, 132 insertions, 45 deletions

diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 62eb397925..a9e3e0a08d 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -468,9 +468,9 @@ SAMR_R_GET_USRDOM_PWINFO - a "set user info" occurs just after this
 /* SAMR_R_GET_USRDOM_PWINFO */
 typedef struct r_samr_usrdom_pwinfo_info
 {
-	uint16 unknown_0; /* 0000 */
+	uint16 min_pwd_length;
 	uint16 unknown_1; /* 0x0016 or 0x0015 */
-	uint32 unknown_2; /* 0x0000 0000 */
+	uint32 password_properties;
 	NTSTATUS status; 
 
 } SAMR_R_GET_USRDOM_PWINFO;
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 8c59d2d3af..dd9a4ce67e 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1880,6 +1880,50 @@ NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem
 	return result;
 }
 
+/* Get domain password info */
+
+NTSTATUS rpccli_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
+				       POLICY_HND *pol, uint16 *min_pwd_length, 
+				       uint32 *password_properties, uint32 *unknown1)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_GET_USRDOM_PWINFO q;
+	SAMR_R_GET_USRDOM_PWINFO r;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10,("cli_samr_get_usrdom_pwinfo\n"));
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Marshall data and send request */
+
+	init_samr_q_get_usrdom_pwinfo(&q, pol);
+
+	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_GET_USRDOM_PWINFO,
+		   q, r,
+		   qbuf, rbuf,
+		   samr_io_q_get_usrdom_pwinfo,
+		   samr_io_r_get_usrdom_pwinfo,
+		   NT_STATUS_UNSUCCESSFUL); 
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (NT_STATUS_IS_OK(result)) {
+		if (min_pwd_length)
+			*min_pwd_length = r.min_pwd_length;
+		if (password_properties)
+			*password_properties = r.password_properties;
+		if (unknown1)
+			*unknown1 = r.unknown_1;
+	}
+
+	return result;
+}
+
+
 /* Lookup Domain Name */
 
 NTSTATUS rpccli_samr_lookup_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 711876639a..53c92acb43 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -344,7 +344,7 @@ void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS statu
 {
 	DEBUG(5, ("init_samr_r_get_usrdom_pwinfo\n"));
 	
-	r_u->unknown_0 = 0x0000;
+	r_u->min_pwd_length = 0x0000;
 
 	/*
 	 * used to be 	
@@ -354,7 +354,7 @@ void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS statu
 	r_u->unknown_1 = 0x01D1;
 	r_u->unknown_1 = 0x0015;
 
-	r_u->unknown_2 = 0x00000000;
+	r_u->password_properties = 0x00000000;
 
 	r_u->status = status;
 }
@@ -375,12 +375,13 @@ BOOL samr_io_r_get_usrdom_pwinfo(const char *desc, SAMR_R_GET_USRDOM_PWINFO * r_
 	if(!prs_align(ps))
 		return False;
 
-	if(!prs_uint16("unknown_0", ps, depth, &r_u->unknown_0))
+	if(!prs_uint16("min_pwd_length", ps, depth, &r_u->min_pwd_length))
 		return False;
 	if(!prs_uint16("unknown_1", ps, depth, &r_u->unknown_1))
 		return False;
-	if(!prs_uint32("unknown_2", ps, depth, &r_u->unknown_2))
+	if(!prs_uint32("password_properties", ps, depth, &r_u->password_properties))
 		return False;
+
 	if(!prs_ntstatus("status   ", ps, depth, &r_u->status))
 		return False;
 
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 8dd711caa4..7f35db5b8d 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -149,33 +149,35 @@ static const char *display_time(NTTIME nttime)
 	return (string);
 }
 
-static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
+static void display_password_properties(uint32 password_properties) 
 {
-	
-	printf("Minimum password length:\t\t\t%d\n", info1->min_length_password);
-	printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history);
-	printf("Password Properties:\t\t\t\t0x%08x\n", info1->password_properties);
-
-	if (info1->password_properties & DOMAIN_PASSWORD_COMPLEX)
-		printf("\tDOMAIN_PASSWORD_COMPLEX\n");
+		printf("password_properties: 0x%08x\n", password_properties);
+		
+		if (password_properties & DOMAIN_PASSWORD_COMPLEX)
+			printf("\tDOMAIN_PASSWORD_COMPLEX\n");
 			
-	if (info1->password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE) {
-		printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
-		printf("users must open a session to change password ");
-	}
+		if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
+			printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
 			
-	if (info1->password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
-		printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
+		if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
+			printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
 			
-	if (info1->password_properties & DOMAIN_LOCKOUT_ADMINS)
-		printf("\tDOMAIN_LOCKOUT_ADMINS\n");
+		if (password_properties & DOMAIN_LOCKOUT_ADMINS)
+			printf("\tDOMAIN_LOCKOUT_ADMINS\n");
 			
-	if (info1->password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
-		printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
+		if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
+			printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
 			
-	if (info1->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
-		printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
+		if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
+			printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
+}
 
+static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
+{
+	
+	printf("Minimum password length:\t\t\t%d\n", info1->min_length_password);
+	printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history);
+	display_password_properties(info1->password_properties);
 	printf("password expire in:\t\t\t\t%s\n", display_time(info1->expire));
 	printf("Min password age (allow changing in x days):\t%s\n", display_time(info1->min_passwordage));
 }
@@ -1829,6 +1831,63 @@ done:
 	return result;
 }
 
+static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, 
+					   TALLOC_CTX *mem_ctx,
+					   int argc, const char **argv) 
+{
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	POLICY_HND connect_pol, domain_pol, user_pol;
+	uint16 min_pwd_length;
+	uint32 password_properties, unknown1, rid;
+
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+	
+	sscanf(argv[1], "%i", &rid);
+
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+				   &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					 MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       rid, &user_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_samr_get_usrdom_pwinfo(cli, mem_ctx, &user_pol,
+					       &min_pwd_length, &password_properties, 
+					       &unknown1) ;
+
+	if (NT_STATUS_IS_OK(result)) {
+		printf("min_pwd_length: %d\n", min_pwd_length);
+		printf("unknown1: %d\n", unknown1);
+		display_password_properties(password_properties);
+	}
+
+ done:
+	rpccli_samr_close(cli, mem_ctx, &user_pol);
+	rpccli_samr_close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+
+	return result;
+}
+
+
 static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, 
 					TALLOC_CTX *mem_ctx,
 					int argc, const char **argv) 
@@ -1846,25 +1905,7 @@ static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
 	
 	if (NT_STATUS_IS_OK(result)) {
 		printf("min_pwd_length: %d\n", min_pwd_length);
-		printf("password_properties: 0x%08x\n", password_properties);
-		
-		if (password_properties & DOMAIN_PASSWORD_COMPLEX)
-			printf("\tDOMAIN_PASSWORD_COMPLEX\n");
-			
-		if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
-			printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
-			
-		if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
-			printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
-			
-		if (password_properties & DOMAIN_LOCKOUT_ADMINS)
-			printf("\tDOMAIN_LOCKOUT_ADMINS\n");
-			
-		if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
-			printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
-			
-		if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
-			printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
+		display_password_properties(password_properties);
 	}
 
 	return result;
@@ -2019,6 +2060,7 @@ struct cmd_set samr_commands[] = {
 	{ "deletedomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_delete_dom_user,       NULL, PI_SAMR, NULL,	"Delete domain user",      "" },
 	{ "samquerysecobj",     RPC_RTYPE_NTSTATUS, cmd_samr_query_sec_obj,         NULL, PI_SAMR, NULL, "Query SAMR security object",   "" },
 	{ "getdompwinfo",       RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo,        NULL, PI_SAMR, NULL, "Retrieve domain password info", "" },
+	{ "getusrdompwinfo",    RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo,     NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" },
 
 	{ "lookupdomain",       RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain,         NULL, PI_SAMR, NULL, "Lookup Domain Name", "" },
 	{ "chgpasswd3",         RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3,            NULL, PI_SAMR, NULL, "Change user password", "" },