samr_querydom_info level 1: found the meaning of the unknow fields. And

discovered that our reply is short by 4 bytes since day 1 of this code.

Added a decode function to rpcclient too.

splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).

        J.F.
(This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)

6 files changed, 136 insertions, 28 deletions

diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index a29f96c107..7817579ba9 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -481,7 +481,12 @@ typedef struct q_samr_query_domain_info
 typedef struct sam_unknown_info_3_info
 {
 	uint32 unknown_0; /* 0x0000 0000 */
-	uint32 unknown_1; /* 0x8000 0000 */
+	uint32 unknown_1; 
+	
+	/* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/
+
+	/* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/
+
 
 } SAM_UNK_INFO_3;
 
@@ -551,9 +556,11 @@ typedef struct sam_unknown_info_2_inf
 
 typedef struct sam_unknown_info_1_inf
 {
-	uint8 padding[12]; /* 12 bytes zeros */
-	uint32 unknown_1; /* 0x8000 0000 */
-	uint32 unknown_2; /* 0x0000 0000 */
+	uint16 min_length_password;
+	uint16 password_history;
+	uint32 flag;
+	NTTIME expire;
+	NTTIME min_passwordage;
 
 } SAM_UNK_INFO_1;
 
@@ -1750,5 +1757,42 @@ typedef struct sid_info_3
 
 } DOM_SID3;
 
+/* SAMR_Q_UNKNOWN_2E */
+typedef struct q_samr_unknown_2e_info
+{
+	POLICY_HND dom_pol;   /* policy handle */
+	uint16 switch_value;
+
+} SAMR_Q_UNKNOWN_2E;
+
+typedef struct sam_unknown_2e_info_12
+{
+	uint32 duration_low;
+	uint32 duration_high;
+	uint32 reset_count_low;
+	uint32 reset_count_high;
+	uint32 bad_attempt_lockout;
+} SAM_UNK_2E_INFO_12;
+
+typedef struct sam_unknown_2e_ctr_info
+{
+	union
+	{
+		SAM_UNK_2E_INFO_12 info12;
+	} info;
+
+} SAM_UNK_2E_CTR;
+
+
+/* SAMR_R_UNKNOWN_2E - probably an open */
+typedef struct r_samr_unknown_2e_info
+{
+	uint32 ptr;
+	uint16 switch_value;
+	SAM_UNK_2E_CTR *ctr;
+	
+	uint32 status;         /* return status */
+
+} SAMR_R_UNKNOWN_2E;
 #endif /* _RPC_SAMR_H */
 
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 5160a2778f..4507c29613 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -820,23 +820,23 @@ void copy_unistr2(UNISTR2 *str, const UNISTR2 *from)
  Creates a STRING2 structure.
 ********************************************************************/
 
-void init_string2(STRING2 *str, const char *buf, int len)
+void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
 {
 	int alloc_len = 0;
 
 	/* set up string lengths. */
-	str->str_max_len = len;
+	str->str_max_len = max_len;
 	str->undoc       = 0;
-	str->str_str_len = len;
+	str->str_str_len = str_len;
 
 	/* store the string */
-	if(len != 0) {
-		if (len < MAX_STRINGLEN)
+	if(str_len != 0) {
+		if (str_len < MAX_STRINGLEN)
 			alloc_len = MAX_STRINGLEN;
 		str->buffer = talloc_zero(get_talloc_ctx(), alloc_len);
 		if (str->buffer == NULL)
 			smb_panic("init_string2: malloc fail\n");
-		memcpy(str->buffer, buf, len);
+		memcpy(str->buffer, buf, str_len);
   }
 }
 
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 3e7be9d4cf..e3f7ea5d9a 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -1019,8 +1019,8 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
 	init_unistr2(&id->uni_user_name, user_name, len_user_name);
 	init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
 
-	init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len);
-	init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len);
+	init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
+	init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
 
 }
 
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 89b0db4609..f902210b7b 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -851,12 +851,12 @@ BOOL prs_buffer2(BOOL charmode, char *name, prs_struct *ps, int depth, BUFFER2 *
 BOOL prs_string2(BOOL charmode, char *name, prs_struct *ps, int depth, STRING2 *str)
 {
 	int i;
-	char *q = prs_mem_get(ps, str->str_str_len);
+	char *q = prs_mem_get(ps, str->str_max_len);
 	if (q == NULL)
 		return False;
 
 	if (UNMARSHALLING(ps)) {
-		str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_str_len);
+		str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_max_len);
 		if (str->buffer == NULL)
 			return False;
 	}
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 3f489f0a2b..a7fb77d382 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -725,9 +725,18 @@ inits a structure.
 
 void init_unk_info1(SAM_UNK_INFO_1 * u_1)
 {
-	memset(u_1->padding, 0, sizeof(u_1->padding));	/* 12 bytes zeros */
-	u_1->unknown_1 = 0x80000000;
-	u_1->unknown_2 = 0x00000000;
+	u_1->min_length_password = 0;
+	u_1->password_history = 0;
+	u_1->flag = 0;
+	
+	/* password never expire */
+	u_1->expire.high = 0x80000000;
+	u_1->expire.low = 0;
+	
+	/* can change the password now */
+	u_1->min_passwordage.high = 0;
+	u_1->min_passwordage.low = 0;
+	
 }
 
 /*******************************************************************
@@ -743,12 +752,15 @@ static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 * u_1,
 	prs_debug(ps, depth, desc, "sam_io_unk_info1");
 	depth++;
 
-	if(!prs_uint8s(False, "padding", ps, depth, u_1->padding, sizeof(u_1->padding)))
+	if(!prs_uint16("min_length_password", ps, depth, &u_1->min_length_password))
 		return False;
-	
-	if(!prs_uint32("unknown_1", ps, depth, &u_1->unknown_1)) /* 0x8000 0000 */
+	if(!prs_uint16("password_history", ps, depth, &u_1->password_history))
+		return False;
+	if(!prs_uint32("flag", ps, depth, &u_1->flag))
 		return False;
-	if(!prs_uint32("unknown_2", ps, depth, &u_1->unknown_2)) /* 0x0000 0000 */
+	if(!smb_io_time("expire", &u_1->expire, ps, depth))
+		return False;
+	if(!smb_io_time("min_passwordage", &u_1->min_passwordage, ps, depth))
 		return False;
 
 	return True;
@@ -1122,8 +1134,7 @@ static void init_sam_entry4(SAM_ENTRY4 * sam, uint32 user_idx,
 	DEBUG(5, ("init_sam_entry4\n"));
 
 	sam->user_idx = user_idx;
-	init_str_hdr(&sam->hdr_acct_name, len_acct_name, len_acct_name,
-		     len_acct_name != 0);
+	init_str_hdr(&sam->hdr_acct_name, len_acct_name+1, len_acct_name, len_acct_name != 0);
 }
 
 /*******************************************************************
@@ -1779,7 +1790,7 @@ NTSTATUS init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 *num_e
 		init_sam_entry4(&sam->sam[i], start_idx + i + 1, len_sam_name);
 
 		unistr2_to_ascii(sam_name, &pass[i].uni_user_name, sizeof(sam_name));
-		init_string2(&sam->str[i].acct_name, sam_name, len_sam_name);
+		init_string2(&sam->str[i].acct_name, sam_name, len_sam_name+1, len_sam_name);
 	  
 		dsize += sizeof(SAM_ENTRY4);
 		dsize += len_sam_name;
@@ -1836,8 +1847,6 @@ static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam,
 		if(!smb_io_string2("acct_name", &sam->str[i].acct_name,
 			     sam->sam[i].hdr_acct_name.buffer, ps, depth))
 			return False;
-		if(!prs_align(ps))
-			return False;
 	}
 
 	return True;
@@ -1879,7 +1888,7 @@ NTSTATUS init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 *num_e
 		len_sam_name = strlen(grp[i].name);
 	  
 		init_sam_entry5(&sam->sam[i], start_idx + i + 1, len_sam_name);
-		init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name);
+		init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name+1, len_sam_name);
 	  
 		dsize += sizeof(SAM_ENTRY5);
 		dsize += len_sam_name;
@@ -1954,7 +1963,11 @@ void init_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO * r_u,
 {
 	DEBUG(5, ("init_samr_r_query_dispinfo: level %d\n", switch_level));
 
-	r_u->total_size = data_size;	/* not calculated */
+	if (switch_level==4)
+		r_u->total_size = 0;	/* not calculated */
+	else
+		r_u->total_size = data_size;	/* not calculated */
+
 	r_u->data_size = data_size;
 
 	r_u->switch_level = switch_level;
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 68a75a70c9..ece2e2a4bd 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -95,6 +95,54 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
 	}
 }
 
+static char *display_time(NTTIME nttime)
+{
+	static fstring string;
+
+	float high;
+	float low;
+	int sec;
+	int days, hours, mins, secs;
+
+	if (nttime.high==0 && nttime.low==0)
+		return "Now";
+
+	if (nttime.high==0x80000000 && nttime.low==0)
+		return "Never";
+
+	high = 65536;	
+	high = high/10000;
+	high = high*65536;
+	high = high/1000;
+	high = high * (~nttime.high);
+
+	low = ~nttime.low;	
+	low = low/(1000*1000*10);
+
+	sec=high+low;
+
+	days=sec/(60*60*24);
+	hours=(sec - (days*60*60*24)) / (60*60);
+	mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
+	secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
+
+	snprintf(string, sizeof(string)-1, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
+	return (string);
+}
+
+static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
+{
+	
+	printf("Minimum password length:                     %d\n", info1->min_length_password);
+	printf("Password uniqueness (remember x passwords):  %d\n", info1->password_history);
+	printf("flag:                                        ");
+	if(info1->flag&&2==2) printf("users must open a session to change password ");
+	printf("\n");
+
+	printf("password expire in:                          %s\n", display_time(info1->expire));
+	printf("Min password age (allow changing in x days): %s\n", display_time(info1->min_passwordage));
+}
+
 static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
 {
 	fstring name;
@@ -656,6 +704,9 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
 	/* Display domain info */
 
 	switch (switch_value) {
+	case 1:
+		display_sam_unk_info_1(&ctr.info.inf1);
+		break;
 	case 2:
 		display_sam_unk_info_2(&ctr.info.inf2);
 		break;