ipc.c :

	added a #define around the alignment thing: it's a way to stop
	NetMonitor from decoding your packets!!!!

proto.h :

	usual.

reply.c :

	added what i believe to be the correct error messages for getting
	correct domain joining.

smb.h :

	some guesses at good names of the SAMR_XXXX functions.  sorting
	out the SAMR_LOOKUP_RIDS function.  this is *not* the same as
	the LSA_LOOKUP_RIDS function, unless paul accidentally put it
	on the ntlsa pipe by mistake, instead of the samr pipe :-)

rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c :

	moved creation and allocation of unique policy handles into this module.

rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c :

	SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the
	LSA_LOOKUP_RIDS function.  but i know that there are subtle
	discrepancies.
(This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0)

4 files changed, 74 insertions, 41 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index d8d31bf16f..45a9202100 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -390,9 +390,9 @@ struct share_ops *locking_slow_init(int ronly);
 
 int str_checksum(char *s);
 BOOL is_8_3(char *fname, BOOL check_case);
-void reset_mangled_stack( int size );
+void create_mangled_stack(int size);
 BOOL check_mangled_stack(char *s);
-BOOL is_mangled( char *s );
+BOOL is_mangled(char *s);
 void mangle_name_83(char *s);
 BOOL name_map_mangle(char *OutName,BOOL need83,int snum);
 
@@ -766,8 +766,10 @@ int reply_getattrE(char *inbuf,char *outbuf);
 /*The following definitions come from  rpc_pipes/lsa_hnd.c  */
 
 void init_lsa_policy_hnd(void);
-BOOL open_lsa_policy_hnd(LSA_POL_HND *hnd, DOM_SID *sid);
+BOOL open_lsa_policy_hnd(LSA_POL_HND *hnd);
 BOOL set_lsa_policy_samr_rid(LSA_POL_HND *hnd, uint32 rid);
+BOOL set_lsa_policy_samr_pol_status(LSA_POL_HND *hnd, uint32 pol_status);
+BOOL set_lsa_policy_samr_sid(LSA_POL_HND *hnd, DOM_SID *sid);
 uint32 get_lsa_policy_samr_rid(LSA_POL_HND *hnd);
 BOOL close_lsa_policy_hnd(LSA_POL_HND *hnd);
 
@@ -889,7 +891,6 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data,
 
 /*The following definitions come from  rpc_pipes/pipeutil.c  */
 
-void create_pol_hnd(LSA_POL_HND *hnd);
 void initrpcreply(char *inbuf, char *q);
 void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen);
 BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
@@ -912,10 +913,10 @@ char* samr_io_q_close(BOOL io, SAMR_Q_CLOSE *q_u, char *q, char *base, int align
 char* samr_io_r_close(BOOL io, SAMR_R_CLOSE *r_u, char *q, char *base, int align, int depth);
 char* samr_io_q_open_secret(BOOL io, SAMR_Q_OPEN_SECRET *q_u, char *q, char *base, int align, int depth);
 char* samr_io_r_open_secret(BOOL io, SAMR_R_OPEN_SECRET *r_u, char *q, char *base, int align, int depth);
-char* samr_io_q_unknown_11(BOOL io, SAMR_Q_UNKNOWN_11 *q_u, char *q, char *base, int align, int depth);
-void make_samr_r_unknown_11(SAMR_R_UNKNOWN_11 *r_u,
-		uint32 switch_value, uint32 unknown_0, uint32 status);
-char* samr_io_r_unknown_11(BOOL io, SAMR_R_UNKNOWN_11 *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_lookup_rids(BOOL io, SAMR_Q_LOOKUP_RIDS *q_u, char *q, char *base, int align, int depth);
+void make_samr_r_lookup_rids(SAMR_R_LOOKUP_RIDS *r_u,
+		uint32 num_rids, uint32 rid, uint32 status);
+char* samr_io_r_lookup_rids(BOOL io, SAMR_R_LOOKUP_RIDS *r_u, char *q, char *base, int align, int depth);
 char* samr_io_q_unknown_22(BOOL io, SAMR_Q_UNKNOWN_22 *q_u, char *q, char *base, int align, int depth);
 char* samr_io_r_unknown_22(BOOL io, SAMR_R_UNKNOWN_22 *r_u, char *q, char *base, int align, int depth);
 char* samr_io_q_unknown_24(BOOL io, SAMR_Q_UNKNOWN_24 *q_u, char *q, char *base, int align, int depth);
@@ -925,8 +926,8 @@ void make_samr_r_unknown_24(SAMR_R_UNKNOWN_24 *r_u,
 char* samr_io_r_unknown_24(BOOL io, SAMR_R_UNKNOWN_24 *r_u, char *q, char *base, int align, int depth);
 char* samr_io_q_unknown_32(BOOL io, SAMR_Q_UNKNOWN_32 *q_u, char *q, char *base, int align, int depth);
 char* samr_io_r_unknown_32(BOOL io, SAMR_R_UNKNOWN_32 *r_u, char *q, char *base, int align, int depth);
-char* samr_io_q_unknown_39(BOOL io, SAMR_Q_UNKNOWN_39 *q_u, char *q, char *base, int align, int depth);
-char* samr_io_r_unknown_39(BOOL io, SAMR_R_UNKNOWN_39 *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_open_policy(BOOL io, SAMR_Q_OPEN_POLICY *q_u, char *q, char *base, int align, int depth);
+char* samr_io_r_open_policy(BOOL io, SAMR_R_OPEN_POLICY *r_u, char *q, char *base, int align, int depth);
 
 /*The following definitions come from  rpc_pipes/smbparse.c  */
 
@@ -946,6 +947,8 @@ void make_dom_sid2(DOM_SID2 *sid2, char *sid_str);
 char* smb_io_dom_sid2(BOOL io, DOM_SID2 *sid2, char *q, char *base, int align, int depth);
 void make_dom_rid2(DOM_RID2 *rid2, uint32 rid);
 char* smb_io_dom_rid2(BOOL io, DOM_RID2 *rid2, char *q, char *base, int align, int depth);
+void make_dom_rid3(DOM_RID3 *rid3, uint32 rid);
+char* smb_io_dom_rid3(BOOL io, DOM_RID3 *rid3, char *q, char *base, int align, int depth);
 void make_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name);
 char* smb_io_clnt_srv(BOOL io, DOM_CLNT_SRV *log, char *q, char *base, int align, int depth);
 void make_log_info(DOM_LOG_INFO *log, char *logon_srv, char *acct_name,
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 83e1d9f85d..afa9e3d9b9 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -293,12 +293,12 @@ enum RPC_PKT_TYPE
 
 #define SAMR_CLOSE          0x01
 #define SAMR_OPEN_SECRET    0x07
-#define SAMR_LOOKUPNAMES    0x11
+#define SAMR_LOOKUP_RIDS    0x11
 #define SAMR_UNKNOWN_3      0x03
 #define SAMR_UNKNOWN_22     0x22
 #define SAMR_UNKNOWN_24     0x24
 #define SAMR_UNKNOWN_34     0x34
-#define SAMR_UNKNOWN_39     0x39
+#define SAMR_OPEN_POLICY    0x39
 
 #define LSA_OPENPOLICY      0x2c
 #define LSA_QUERYINFOPOLICY 0x07
@@ -423,16 +423,26 @@ typedef struct domsid2_info
 
 } DOM_SID2;
 
-/* DOM_RID2 - domain RID structure */
+/* DOM_RID2 - domain RID structure for ntlsa pipe */
 typedef struct domrid2_info
 {
   uint32 type; /* value is 5 */
-  uint32 undoc; /* value is 5 */
+  uint32 undoc; /* value is non-zero */
   uint32 rid;
   uint32 rid_idx; /* don't know what this is */
 
 } DOM_RID2;
 
+/* DOM_RID3 - domain RID structure for samr pipe */
+typedef struct domrid3_info
+{
+  uint32 rid;        /* domain-relative (to a SID) id */
+  uint32 type1;      /* value is 0x1 */
+  uint32 ptr_type;   /* undocumented pointer */
+  uint32 type2;      /* value is 0x1 */
+
+} DOM_RID3;
+
 /* DOM_CLNT_SRV - client / server names */
 typedef struct clnt_srv_info
 {
@@ -841,7 +851,7 @@ typedef struct lsa_q_lookup_rids
 
 } LSA_Q_LOOKUP_RIDS;
 
-/* LSA_R_LOOKUP_RIDS - response to LSA Lookup Names */
+/* LSA_R_LOOKUP_RIDS - response to LSA Lookup RIDs by name */
 typedef struct lsa_r_lookup_rids
 {
     DOM_R_REF dom_ref; /* domain reference info */
@@ -1151,37 +1161,43 @@ typedef struct r_samr_open_secret_info
 } SAMR_R_OPEN_SECRET;
 
 
-/* SAMR_Q_UNKNOWN_11 - probably a "read SAM entry" */
-typedef struct q_samr_unknown_11_info
+/****************************************************************************
+SAMR_Q_LOOKUP_RIDS - do a conversion (only one!) from name to RID.
+
+the policy handle allocated by an "samr open secret" call is associated
+with a SID.  this policy handle is what is queried here, *not* the SID
+itself.  the response to the lookup rids is relative to this SID.
+*****************************************************************************/
+/* SAMR_Q_LOOKUP_RIDS - probably a "read SAM entry" */
+typedef struct q_samr_lookup_names_info
 {
     LSA_POL_HND pol;             /* policy handle */
 
-	uint32 switch_value1;         /* 1          - switch value? */
-	uint32 unknown_0;             /* 0x0000 03E8 - 32 bit unknown */
-	uint32 unknown_1;             /* 0          - 32 bit unknown */
-	uint32 switch_value2;         /* 1          - switch value? */
+	uint32 num_rids1;            /* 1          - number of rids being looked up */
+	uint32 rid;                  /* 0000 03e8  - RID of the server being queried? */
+	uint32 ptr;                  /* 0          - 32 bit unknown */
+	uint32 num_rids2;            /* 1          - number of rids being looked up */
 
 	UNIHDR  hdr_mach_acct;       /* unicode machine account name header */
 	UNISTR2 uni_mach_acct;       /* unicode machine account name */
 
-} SAMR_Q_UNKNOWN_11;
+} SAMR_Q_LOOKUP_RIDS;
 
 
-/* SAMR_R_UNKNOWN_11 - probably an open */
-typedef struct r_samr_unknown_11_info
+/* SAMR_R_LOOKUP_RIDS - probably an open */
+typedef struct r_samr_lookup_names_info
 {
-	uint32 switch_value1;       /* 1 - switch value? */
-	uint32 ptr_0;               /* pointer */
-	uint32 switch_value2;       /* 1 - switch value? */
-	uint32 unknown_0;           /* 0x000003e8 - 32 bit unknown */
-	uint32 switch_value3;       /* 1 - switch value? */
-	uint32 ptr_1;               /* pointer */
-	uint32 switch_value4;       /* 1 - switch value? */
-	uint32 switch_value5;       /* 1 - switch value? */
+	uint32 num_entries;
+	uint32 undoc_buffer; /* undocumented buffer pointer */
+
+	uint32 num_entries2; 
+	DOM_RID3 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
 
-	uint32 status;         /* return status - 0x99: user exists */
+	uint32 num_entries3; 
+
+	uint32 status; /* return code */
 
-} SAMR_R_UNKNOWN_11;
+} SAMR_R_LOOKUP_RIDS;
 
 
 /* SAMR_Q_UNKNOWN_22 - probably an open */
@@ -1279,24 +1295,24 @@ typedef struct r_samr_unknown_32_info
 } SAMR_R_UNKNOWN_32;
 
 
-/* SAMR_Q_UNKNOWN_39 - probably an open */
-typedef struct q_samr_unknown_39_info
+/* SAMR_Q_OPEN_POLICY - probably an open */
+typedef struct q_samr_open_policy_info
 {
 	uint32 ptr_srv_name;         /* pointer (to server name?) */
 	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
 
 	uint32 unknown_0;            /* 32 bit unknown */
 
-} SAMR_Q_UNKNOWN_39;
+} SAMR_Q_OPEN_POLICY;
 
 
-/* SAMR_R_UNKNOWN_39 - probably an open */
-typedef struct r_samr_unknown_39_info
+/* SAMR_R_OPEN_POLICY - probably an open */
+typedef struct r_samr_open_policy_info
 {
     LSA_POL_HND pol;       /* policy handle */
 	uint32 status;             /* return status */
 
-} SAMR_R_UNKNOWN_39;
+} SAMR_R_OPEN_POLICY;
 
 
 /* WKS_Q_UNKNOWN_0 - probably a capabilities request */
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 604cf24d8f..741290d2a2 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -144,7 +144,12 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup,
   this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */
   this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam));
 
+#ifdef CONFUSE_NETMONITOR_MSRPC_DECODING
+  /* if you don't want Net Monitor to decode your packets, do this!!! */
+  align = ((this_lparam+1)%4);
+#else
   align = (this_lparam%4);
+#endif
 
   set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True);
   if (this_lparam)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index e8d79b098c..78dad6f02f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -517,11 +517,20 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
 
    if (!smb_pass)
    {
+     /* lkclXXXX: if workstation entry doesn't exist, indicate logon failure */
+     DEBUG(4,("Workstation trust account %s doesn't exist.",user));
+     SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */
+     CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */
+     return(ERROR(NT_STATUS_LOGON_FAILURE, 0xc000)); /* decimal 109 NT error, 0xc000 */
+   }
+   else
+   {
      /* PAXX: This is the NO LOGON workstation trust account stuff */
+     /* lkclXXXX: if the workstation *does* exist, indicate failure differently! */
      DEBUG(4,("No Workstation trust account %s",user));
      SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */
      CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */
-     return(ERROR(NT_STATUS_LOGON_FAILURE, 0xc000)); /* 0x109 NT error, 0xc000 */
+     return(ERROR(NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, 0xc000)); /* decimal 409 NT error, 0xc000 */
    }
 
    computer_id = True;