following a cvs error, i am rewriting this monster-commit. with bad grace.

Modified Files:
---------------

Makefile:

	adding extra files

ipc.c :

	send_trans_reply() - alignment issue.  this makes the alignment
	the same as that in NT.  this should be looked at by people who
	understand the SMB stuff better than i.

	api_fd_commands[] - added samr and wkssvc pipes.

loadparm.c :

	lp_domain_controller() changed to mean "samba is a domain controller".
	it's a "yes/no" parameter, now.  no, it isn't used _anywhere_.

namedbwork.c nameelect.c :

	if "domain controller = yes" then add SV_TYPE_DOMAIN_CTRL to the
	host _and_ workgroup announcements.  yes, you must do both: nt does.

namelogon.c :

	important NETLOGON bug in SAMLOGON request parsing, which may be
	the source of some people's problems with logging on to the Samba PDC.

password.c :

	get_smbpwnam() renamed to get_smbpwd_entry().

pipes.c :

	added samr and wkssvc pipes.

proto.h :

	usual.  can we actually _remove_ proto.h from the cvs tree, and
	have it as one of the Makefile dependencies, or something?

reply.c :

	get_smbpwnam() renamed to get_smbpwd_entry() - also changed response
	error code when logging in from a WORKSTATION$ account.  yes, paul
	is right: we need to know when to return the right error code, and why.

server.c :

	added call to reset_chain_pnum().

	#ifdef NTDOMAIN added call to init_lsa_policy_hnd() #endif.  jeremy,
	you'd be proud: i did a compile without NTDOMAIN, and caught a link
	error for this function.

smb.h :

	defines and structures for samr and wkssvc pipes.

smbpass.c :

	modified get_smbpwnam() to get_smbpwd_entry() and it now takes
	two arguments.  one for the name; if this is null, it looks up
	by smb_userid instead.

	oh, by the way, smb_userids are actually domain relative ids
	(RIDs).  concatenate a RID with the domain SID, and you have
	an internet globally unique way of identifying a user.

	we're using RIDs in the wrong way....

	added mod_smbpwnam() function.  this was based on code in smbpasswd.c

rpc_pipes/lsaparse.c :

	added enum trusted domain parsing.  this is incomplete: i need
	a packet trace to write it properly.

rpc_pipes/pipe_hnd.c :

	added reset_chain_pnum() function.

rpc_pipes/pipenetlog.c :

	get_smbpwnam() function renamed to get_smbpwd_entry().

	arcfour() issues.

	removed capability of get_md4pw() function to automatically add
	workstation accounts.  this should either be done using
	smbpasswd -add MACHINE$, or by using \PIPE\samr.

rpc_pipes/pipe_util.c :

	create_pol_hnd() - creates a unique LSA Policy Handle.  overkill
	function: uses a 64 bit sequence number; current unix time and
	the smbd pid.

rpc_pipes/smbparse.c :

	arcfour() issues.

	smb_io_unistr2() should advance by uni_str_len not uni_max_len.

	smb_io_smb_hdr_rb() - request bind uses uint16 for the context
	id, and uint8 for the num_syntaxes.  oops, i put these both as
	uint32s.


Added Files:
------------

rpc_pipes/lsa_hnd.c :

	on the samr pipe, allocate and associate an LSA Policy Handle
	with a SID.  you receive queries with the LSA Policy Handle,
	and have to turn this back into a SID in order to answer the
	query...

rpc_pipes/pipesamr.c rpc_pipes/samrparse.c

	\PIPE\samr processing.  samr i presume is the SAM Replication pipe.

rpc_pipes/pipewkssvc.c rpc_pipes/wksparse.c

	\PIPE\wkssvc processing.  the Workstation Service pipe?


holy cow.
(This used to be commit 1bd084b3e690eb26a1006d616075e53d711ecd2f)

2 files changed, 310 insertions, 65 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4054a12c19..5bb709858f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -201,7 +201,6 @@ char *lp_passwd_program(void);
 char *lp_passwd_chat(void);
 char *lp_passwordserver(void);
 char *lp_workgroup(void);
-char *lp_domain_controller(void);
 char *lp_username_map(void);
 char *lp_character_set(void);
 char *lp_logon_script(void);
@@ -227,6 +226,7 @@ BOOL lp_dns_proxy(void);
 BOOL lp_wins_support(void);
 BOOL lp_wins_proxy(void);
 BOOL lp_local_master(void);
+BOOL lp_domain_controller(void);
 BOOL lp_domain_master(void);
 BOOL lp_domain_logons(void);
 BOOL lp_preferred_master(void);
@@ -763,6 +763,14 @@ int reply_writebs(char *inbuf,char *outbuf);
 int reply_setattrE(char *inbuf,char *outbuf);
 int reply_getattrE(char *inbuf,char *outbuf);
 
+/*The following definitions come from  rpc_pipes/lsa_hnd.c  */
+
+void init_lsa_policy_hnd(void);
+BOOL open_lsa_policy_hnd(LSA_POL_HND *hnd, DOM_SID *sid);
+BOOL set_lsa_policy_samr_rid(LSA_POL_HND *hnd, uint32 rid);
+uint32 get_lsa_policy_samr_rid(LSA_POL_HND *hnd);
+BOOL close_lsa_policy_hnd(LSA_POL_HND *hnd);
+
 /*The following definitions come from  rpc_pipes/lsaparse.c  */
 
 void make_q_open_pol(LSA_Q_OPEN_POL *r_q, char *server_name,
@@ -772,6 +780,9 @@ char* lsa_io_q_open_pol(BOOL io, LSA_Q_OPEN_POL *r_q, char *q, char *base, int a
 char* lsa_io_r_open_pol(BOOL io, LSA_R_OPEN_POL *r_p, char *q, char *base, int align, int depth);
 void make_q_query(LSA_Q_QUERY_INFO *q_q, LSA_POL_HND *hnd, uint16 info_class);
 char* lsa_io_q_query(BOOL io, LSA_Q_QUERY_INFO *q_q, char *q, char *base, int align, int depth);
+char* lsa_io_q_enum_trust_dom(BOOL io, LSA_Q_ENUM_TRUST_DOM *q_e, char *q, char *base, int align, int depth);
+void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, LSA_POL_HND *hnd, uint32 status);
+char* lsa_io_r_enum_trust_dom(BOOL io, LSA_R_ENUM_TRUST_DOM *r_e, char *q, char *base, int align, int depth);
 void make_q_close(LSA_Q_CLOSE *q_c, LSA_POL_HND *hnd);
 char* lsa_io_q_close(BOOL io, LSA_Q_CLOSE *q_c, char *q, char *base, int align, int depth);
 void make_r_close(LSA_R_CLOSE *q_r, LSA_POL_HND *hnd);
@@ -840,6 +851,7 @@ BOOL rpc_pipe_bind(char *pipe_name, uint16 fnum, uint32 call_id,
 
 /*The following definitions come from  rpc_pipes/pipe_hnd.c  */
 
+void reset_chain_pnum(void);
 void init_rpc_pipe_hnd(void);
 int open_rpc_pipe_hnd(char *pipe_name, int cnum);
 char *get_rpc_pipe_hnd_name(int pnum);
@@ -861,6 +873,13 @@ BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data,
 		     char **rdata,char **rparam,
 		     int *rdata_len,int *rparam_len);
 
+/*The following definitions come from  rpc_pipes/pipesamr.c  */
+
+BOOL api_samrTNP(int cnum,int uid, char *param,char *data,
+		     int mdrcnt,int mprcnt,
+		     char **rdata,char **rparam,
+		     int *rdata_len,int *rparam_len);
+
 /*The following definitions come from  rpc_pipes/pipesrvsvc.c  */
 
 BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data,
@@ -870,6 +889,7 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data,
 
 /*The following definitions come from  rpc_pipes/pipeutil.c  */
 
+void create_pol_hnd(LSA_POL_HND *hnd);
 void initrpcreply(char *inbuf, char *q);
 void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen);
 BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid);
@@ -879,6 +899,35 @@ int make_dom_gids(char *gids_str, DOM_GID *gids);
 int create_rpc_request(uint32 call_id, uint8 op_num, char *q, int data_len);
 int create_rpc_reply(uint32 call_id, char *q, int data_len);
 
+/*The following definitions come from  rpc_pipes/pipewkssvc.c  */
+
+BOOL api_wkssvcTNP(int cnum,int uid, char *param,char *data,
+		     int mdrcnt,int mprcnt,
+		     char **rdata,char **rparam,
+		     int *rdata_len,int *rparam_len);
+
+/*The following definitions come from  rpc_pipes/samrparse.c  */
+
+char* samr_io_q_close(BOOL io, SAMR_Q_CLOSE *q_u, char *q, char *base, int align, int depth);
+char* samr_io_r_close(BOOL io, SAMR_R_CLOSE *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_open_secret(BOOL io, SAMR_Q_OPEN_SECRET *q_u, char *q, char *base, int align, int depth);
+char* samr_io_r_open_secret(BOOL io, SAMR_R_OPEN_SECRET *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_unknown_11(BOOL io, SAMR_Q_UNKNOWN_11 *q_u, char *q, char *base, int align, int depth);
+void make_samr_r_unknown_11(SAMR_R_UNKNOWN_11 *r_u,
+		uint32 switch_value, uint32 unknown_0, uint32 status);
+char* samr_io_r_unknown_11(BOOL io, SAMR_R_UNKNOWN_11 *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_unknown_22(BOOL io, SAMR_Q_UNKNOWN_22 *q_u, char *q, char *base, int align, int depth);
+char* samr_io_r_unknown_22(BOOL io, SAMR_R_UNKNOWN_22 *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_unknown_24(BOOL io, SAMR_Q_UNKNOWN_24 *q_u, char *q, char *base, int align, int depth);
+void make_samr_r_unknown_24(SAMR_R_UNKNOWN_24 *r_u,
+				uint16 unknown_0, NTTIME *expiry, char *mach_acct,
+				uint32 unknown_id_0, uint32 status);
+char* samr_io_r_unknown_24(BOOL io, SAMR_R_UNKNOWN_24 *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_unknown_32(BOOL io, SAMR_Q_UNKNOWN_32 *q_u, char *q, char *base, int align, int depth);
+char* samr_io_r_unknown_32(BOOL io, SAMR_R_UNKNOWN_32 *r_u, char *q, char *base, int align, int depth);
+char* samr_io_q_unknown_39(BOOL io, SAMR_Q_UNKNOWN_39 *q_u, char *q, char *base, int align, int depth);
+char* samr_io_r_unknown_39(BOOL io, SAMR_R_UNKNOWN_39 *r_u, char *q, char *base, int align, int depth);
+
 /*The following definitions come from  rpc_pipes/smbparse.c  */
 
 char* smb_io_utime(BOOL io, UTIME *t, char *q, char *base, int align, int depth);
@@ -969,6 +1018,11 @@ char* srv_io_share_1_ctr(BOOL io, SHARE_INFO_1_CTR *ctr, char *q, char *base, in
 char* srv_io_q_net_share_enum(BOOL io, SRV_Q_NET_SHARE_ENUM *q_n, char *q, char *base, int align, int depth);
 char* srv_io_r_net_share_enum(BOOL io, SRV_R_NET_SHARE_ENUM *r_n, char *q, char *base, int align, int depth);
 
+/*The following definitions come from  rpc_pipes/wksparse.c  */
+
+char* wks_io_q_unknown_0(BOOL io, WKS_Q_UNKNOWN_0 *q_u, char *q, char *base, int align, int depth);
+char* wks_io_r_unknown_0(BOOL io, WKS_R_UNKNOWN_0 *r_u, char *q, char *base, int align, int depth);
+
 /*The following definitions come from  server.c  */
 
 void  *dflt_sig(void);
@@ -1051,8 +1105,9 @@ char *smb_errstr(char *inbuf);
 
 int pw_file_lock(char *name, int type, int secs);
 int pw_file_unlock(int fd);
-struct smb_passwd *get_smbpwnam(char *name);
-BOOL add_smbpwnam(struct smb_passwd* pwd);
+struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid);
+BOOL add_smbpwd_entry(struct smb_passwd* pwd);
+BOOL mod_smbpwd_entry(struct smb_passwd* pwd);
 
 /*The following definitions come from  status.c  */
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 892c31be97..83e1d9f85d 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -255,8 +255,11 @@ typedef fstring string;
 /* pipe strings */
 #define PIPE_LANMAN   "\\PIPE\\LANMAN"
 #define PIPE_SRVSVC   "\\PIPE\\srvsvc"
+#define PIPE_SAMR     "\\PIPE\\samr"
+#define PIPE_WKSSVC   "\\PIPE\\wkssvc"
 #define PIPE_NETLOGON "\\PIPE\\NETLOGON"
 #define PIPE_NTLSA    "\\PIPE\\ntlsa"
+#define PIPE_NTSVCS   "\\PIPE\\ntsvcs"
 #define PIPE_LSASS    "\\PIPE\\lsass"
 #define PIPE_LSARPC   "\\PIPE\\lsarpc"
 
@@ -288,6 +291,15 @@ enum RPC_PKT_TYPE
 #define ACB_PWNOEXP      /* 1 = User password does not expire */
 #define ACB_AUTOLOCK     /* 1 = Account auto locked */
 
+#define SAMR_CLOSE          0x01
+#define SAMR_OPEN_SECRET    0x07
+#define SAMR_LOOKUPNAMES    0x11
+#define SAMR_UNKNOWN_3      0x03
+#define SAMR_UNKNOWN_22     0x22
+#define SAMR_UNKNOWN_24     0x24
+#define SAMR_UNKNOWN_34     0x34
+#define SAMR_UNKNOWN_39     0x39
+
 #define LSA_OPENPOLICY      0x2c
 #define LSA_QUERYINFOPOLICY 0x07
 #define LSA_ENUMTRUSTDOM    0x0d
@@ -298,10 +310,12 @@ enum RPC_PKT_TYPE
 #define LSA_AUTH2           0x0f
 #define LSA_CLOSE           0x00
 
-/* XXXX these are just here to get a compile!!! */
+/* XXXX these are here to get a compile! */
+
 #define LSA_OPENSECRET      0xFF
 #define LSA_LOOKUPSIDS      0xFE
-#define LSA_LOOKUPNAMES     0xFD
+#define LSA_LOOKUPRIDS      0xFD
+#define LSA_LOOKUPNAMES     0xFC
 
 /* srvsvc pipe */
 #define NETSERVERGETINFO 0x15
@@ -716,6 +730,24 @@ typedef struct lsa_r_query_info
 
 } LSA_R_QUERY_INFO;
 
+/* LSA_Q_ENUM_TRUST_DOM - LSA enumerate trusted domains */
+typedef struct lsa_enum_trust_dom_info
+{
+	LSA_POL_HND pol; /* policy handle */
+    uint32 enum_context; /* enumeration context handle */
+    uint32 preferred_len; /* preferred maximum length */
+
+} LSA_Q_ENUM_TRUST_DOM;
+
+/* LSA_R_ENUM_TRUST_DOM - response to LSA enumerate trusted domains */
+typedef struct lsa_r_enum_trust_dom_info
+{
+	LSA_POL_HND pol; /* policy handle */
+
+    uint32 status; /* return code */
+
+} LSA_R_ENUM_TRUST_DOM;
+
 /* LSA_Q_CLOSE */
 typedef struct lsa_q_close_info
 {
@@ -1074,69 +1106,227 @@ typedef struct r_net_share_enum_info
 } SRV_R_NET_SHARE_ENUM;
 
 
+/* SAMR_Q_CLOSE - probably a policy handle close */
+typedef struct q_samr_close_info
+{
+    LSA_POL_HND pol;          /* policy handle */
+
+} SAMR_Q_CLOSE;
 
-/*
 
-Yet to be turned into structures:
-
-6) \\MAILSLOT\NET\NTLOGON
--------------------------
-
-6.1) Query for PDC
-------------------
-
-Request:
-
-    uint16         0x0007 - Query for PDC
-    STR            machine name
-    STR            response mailslot
-    uint8[]        padding to 2-byte align with start of mailslot.
-    UNISTR         machine name
-    uint32         NTversion
-    uint16         LMNTtoken
-    uint16         LM20token
-
-Response:
-
-    uint16         0x000A - Respose to Query for PDC
-    STR            machine name (in uppercase)
-    uint8[]        padding to 2-byte align with start of mailslot.
-    UNISTR         machine name
-    UNISTR         domain name
-    uint32         NTversion (same as received in request)
-    uint16         LMNTtoken (same as received in request)
-    uint16         LM20token (same as received in request)
-
-
-6.2) SAM Logon
---------------
-
-Request:
-
-    uint16         0x0012 - SAM Logon
-    uint16         request count
-    UNISTR         machine name
-    UNISTR         user name
-    STR            response mailslot
-    uint32         alloweable account
-    uint32         domain SID size
-    char[sid_size] domain SID, of sid_size bytes.
-    uint8[]        ???? padding to 4? 2? -byte align with start of mailslot.
-    uint32         NTversion
-    uint16         LMNTtoken
-    uint16         LM20token
-    
-Response:
+/* SAMR_R_CLOSE - probably a policy handle close */
+typedef struct r_samr_close_info
+{
+    LSA_POL_HND pol;       /* policy handle */
+	uint32 status;         /* return status */
 
-    uint16         0x0013 - Response to SAM Logon
-    UNISTR         machine name
-    UNISTR         user name - workstation trust account
-    UNISTR         domain name 
-    uint32         NTversion
-    uint16         LMNTtoken
-    uint16         LM20token
+} SAMR_R_CLOSE;
 
-*/
+
+/****************************************************************************
+SAMR_Q_OPEN_SECRET - unknown_0 values seen associated with SIDs:
+
+0x0000 0200 and a specific   domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0
+0x0000 0280 and a well-known domain sid - S-1-5-20
+0x2000 0000 and a well-known domain sid - S-1-5-20
+0x2000 0000 and a specific   domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0
+*****************************************************************************/
+
+/* SAMR_Q_OPEN_SECRET - probably an open secret */
+typedef struct q_samr_open_secret_info
+{
+    LSA_POL_HND pol;          /* policy handle */
+	uint32 unknown_0;         /* 0x2000 0000; 0x0000 0211; 0x0000 0280; 0x0000 0200 - unknown */
+	DOM_SID dom_sid;          /* domain SID */
+
+} SAMR_Q_OPEN_SECRET;
+
+
+/* SAMR_R_OPEN_SECRET - probably an open */
+typedef struct r_samr_open_secret_info
+{
+    LSA_POL_HND pol;       /* policy handle associated with the SID */
+	uint32 status;         /* return status */
+
+} SAMR_R_OPEN_SECRET;
+
+
+/* SAMR_Q_UNKNOWN_11 - probably a "read SAM entry" */
+typedef struct q_samr_unknown_11_info
+{
+    LSA_POL_HND pol;             /* policy handle */
+
+	uint32 switch_value1;         /* 1          - switch value? */
+	uint32 unknown_0;             /* 0x0000 03E8 - 32 bit unknown */
+	uint32 unknown_1;             /* 0          - 32 bit unknown */
+	uint32 switch_value2;         /* 1          - switch value? */
+
+	UNIHDR  hdr_mach_acct;       /* unicode machine account name header */
+	UNISTR2 uni_mach_acct;       /* unicode machine account name */
+
+} SAMR_Q_UNKNOWN_11;
+
+
+/* SAMR_R_UNKNOWN_11 - probably an open */
+typedef struct r_samr_unknown_11_info
+{
+	uint32 switch_value1;       /* 1 - switch value? */
+	uint32 ptr_0;               /* pointer */
+	uint32 switch_value2;       /* 1 - switch value? */
+	uint32 unknown_0;           /* 0x000003e8 - 32 bit unknown */
+	uint32 switch_value3;       /* 1 - switch value? */
+	uint32 ptr_1;               /* pointer */
+	uint32 switch_value4;       /* 1 - switch value? */
+	uint32 switch_value5;       /* 1 - switch value? */
+
+	uint32 status;         /* return status - 0x99: user exists */
+
+} SAMR_R_UNKNOWN_11;
+
+
+/* SAMR_Q_UNKNOWN_22 - probably an open */
+typedef struct q_samr_unknown_22_info
+{
+    LSA_POL_HND pol;          /* policy handle */
+	uint32 unknown_id_0;      /* 0x0000 03E8 - 32 bit unknown id */
+
+} SAMR_Q_UNKNOWN_22;
+
+
+/* SAMR_R_UNKNOWN_22 - probably an open */
+typedef struct r_samr_unknown_22_info
+{
+    LSA_POL_HND pol;       /* policy handle associated with unknown id */
+	uint32 status;         /* return status */
+
+} SAMR_R_UNKNOWN_22;
+
+
+/* SAMR_Q_UNKNOWN_24 - probably a get sam info */
+typedef struct q_samr_unknown_24_info
+{
+    LSA_POL_HND pol;          /* policy handle associated with unknown id */
+	uint16 unknown_0;         /* 0x0015 or 0x0011 - 16 bit unknown */
+
+} SAMR_Q_UNKNOWN_24;
+
+
+/* SAMR_R_UNKNOWN_24 - probably a get sam info */
+typedef struct r_samr_unknown_24_info
+{
+	uint32 ptr;            /* pointer */
+	uint16 unknown_0;      /* 0x0015 or 0x0011 - 16 bit unknown (same as above) */
+	uint16 unknown_1;      /* 0x8b73 - 16 bit unknown */
+	uint8  padding_0[16];  /* 0 - padding 16 bytes */
+	NTTIME expiry;         /* expiry time or something? */
+	uint8  padding_1[24];  /* 0 - padding 24 bytes */
+
+	UNIHDR hdr_mach_acct;  /* unicode header for machine account */
+	uint32 padding_2;      /* 0 - padding 4 bytes */
+
+	uint32 ptr_1;          /* pointer */
+	uint8  padding_3[32];  /* 0 - padding 32 bytes */
+	uint32 padding_4;      /* 0 - padding 4 bytes */
+
+	uint32 ptr_2;          /* pointer */
+	uint32 padding_5;      /* 0 - padding 4 bytes */
+
+	uint32 ptr_3;          /* pointer */
+	uint8  padding_6[32];  /* 0 - padding 32 bytes */
+
+	uint32 unknown_id_0;   /* unknown id associated with policy handle */
+	uint16 unknown_2;      /* 0x0201      - 16 bit unknown */
+	uint32 unknown_3;      /* 0x0000 0080 - 32 bit unknown */
+	uint16 unknown_4;      /* 0x003f      - 16 bit unknown */
+	uint16 unknown_5;      /* 0x003c      - 16 bit unknown */
+
+	uint8  padding_7[16];  /* 0 - padding 16 bytes */
+	uint32 padding_8;      /* 0 - padding 4 bytes */
+	
+	UNISTR2 uni_mach_acct; /* unicode string for machine account */
+
+	uint8  padding_9[48];  /* 0 - padding 48 bytes */
+
+	uint32 status;         /* return status */
+
+} SAMR_R_UNKNOWN_24;
+
+
+/* SAMR_Q_UNKNOWN_32 - probably a "create SAM entry" */
+typedef struct q_samr_unknown_32_info
+{
+    LSA_POL_HND pol;             /* policy handle */
+
+	UNIHDR  hdr_mach_acct;       /* unicode machine account name header */
+	UNISTR2 uni_mach_acct;       /* unicode machine account name */
+
+	uint32 unknown_0;            /* 32 bit unknown */
+	uint16 unknown_1;            /* 16 bit unknown */
+	uint16 unknown_2;            /* 16 bit unknown */
+
+} SAMR_Q_UNKNOWN_32;
+
+
+/* SAMR_R_UNKNOWN_32 - probably a "create SAM entry" */
+typedef struct r_samr_unknown_32_info
+{
+    LSA_POL_HND pol;       /* policy handle */
+	uint32 unknown_0;      /* 0x0000 0030 - 32 bit unknown */
+	uint32 padding;        /* 0           - 4 byte padding */
+
+	uint32 status;         /* return status - 0xC000 0099: user exists */
+
+} SAMR_R_UNKNOWN_32;
+
+
+/* SAMR_Q_UNKNOWN_39 - probably an open */
+typedef struct q_samr_unknown_39_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
+
+	uint32 unknown_0;            /* 32 bit unknown */
+
+} SAMR_Q_UNKNOWN_39;
+
+
+/* SAMR_R_UNKNOWN_39 - probably an open */
+typedef struct r_samr_unknown_39_info
+{
+    LSA_POL_HND pol;       /* policy handle */
+	uint32 status;             /* return status */
+
+} SAMR_R_UNKNOWN_39;
+
+
+/* WKS_Q_UNKNOWN_0 - probably a capabilities request */
+typedef struct q_wks_unknown_0_info
+{
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
+
+	uint32 unknown_0;            /* 0x64 - 32 bit unknown */
+	uint16 unknown_1;            /* 16 bit unknown */
+
+} WKS_Q_UNKNOWN_0;
+
+
+/* WKS_R_UNKNOWN_0 - probably a capabilities request */
+typedef struct r_wks_unknown_0_info
+{
+	uint32 unknown_0;          /* 64 - unknown */
+	uint32 ptr_1;              /* pointer 1 */
+	uint32 unknown_1;          /* 0x0000 01f4 - unknown */
+	uint32 ptr_srv_name;       /* pointer to server name */
+	uint32 ptr_dom_name;       /* pointer to domain name */
+	uint32 unknown_2;          /* 4 - unknown */
+	uint32 unknown_3;          /* 0 - unknown */
+
+	UNISTR2 uni_srv_name;      /* unicode server name */
+	UNISTR2 uni_dom_name;      /* unicode domainn name */
+	uint32 status;             /* return status */
+
+} WKS_R_UNKNOWN_0;
 
 
 struct smb_passwd
@@ -1148,7 +1338,6 @@ struct smb_passwd
 	/* Other fields / flags may be added later */
 };
 
-
 struct cli_state {
 	int fd;
 	int cnum;
@@ -1175,6 +1364,7 @@ struct cli_state {
 	int initialised;
 };
 
+
 struct current_user
 {
   int cnum, id;