4 files changed, 39 insertions, 20 deletions

diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index eff3cd6d4c..ae8bb7a2be 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -1750,14 +1750,18 @@ typedef struct q_samr_get_dom_pwinfo
 
 } SAMR_Q_GET_DOM_PWINFO;
 
+#define DOMAIN_PASSWORD_COMPLEX		0x00000001
+#define DOMAIN_PASSWORD_NO_ANON_CHANGE	0x00000002
+#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE	0x00000004
+#define DOMAIN_LOCKOUT_ADMINS		0x00000008
+#define DOMAIN_PASSWORD_STORE_CLEARTEXT	0x00000010
+#define DOMAIN_REFUSE_PASSWORD_CHANGE	0x00000020
+
 /* SAMR_R_GET_DOM_PWINFO */
 typedef struct r_samr_get_dom_pwinfo
 {
-	/*
-	 * See Samba4 IDL
-	 */
-	uint16 unk_0;
-	uint32 unk_1;
+	uint16 min_pwd_length;
+	uint32 password_properties;
 	NTSTATUS status;
 
 } SAMR_R_GET_DOM_PWINFO;
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index d68c72e20c..047d0a1f95 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1723,7 +1723,7 @@ NTSTATUS rpccli_samr_query_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_
 /* Get domain password info */
 
 NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				 uint16 *unk_0, uint16 *unk_1)
+				 uint16 *min_pwd_length, uint32 *password_properties)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_GET_DOM_PWINFO q;
@@ -1751,10 +1751,10 @@ NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem
 	result = r.status;
 
 	if (NT_STATUS_IS_OK(result)) {
-		if (unk_0)
-			*unk_0 = r.unk_0;
-		if (unk_1)
-			*unk_1 = r.unk_1;
+		if (min_pwd_length)
+			*min_pwd_length = r.min_pwd_length;
+		if (password_properties)
+			*password_properties = r.password_properties;
 	}
 
 	return result;
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 817244a2b2..e0efb72aab 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -7038,15 +7038,11 @@ BOOL samr_io_r_get_dom_pwinfo(const char *desc, SAMR_R_GET_DOM_PWINFO * r_u,
 	if(!prs_align(ps))
 		return False;
 
-	/*
-	 * see the Samba4 IDL for what these actually are.
-	*/
-
-	if(!prs_uint16("unk_0", ps, depth, &r_u->unk_0))
+	if(!prs_uint16("min_pwd_length", ps, depth, &r_u->min_pwd_length))
 		return False;
 	if(!prs_align(ps))
 		return False;
-	if(!prs_uint32("unk_1", ps, depth, &r_u->unk_1))
+	if(!prs_uint32("password_properties", ps, depth, &r_u->password_properties))
 		return False;
 
 	if(!prs_ntstatus("status", ps, depth, &r_u->status))
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 665fe34226..a761ea3163 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1650,18 +1650,37 @@ static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
 					int argc, const char **argv) 
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint16 unk_0, unk_1;
+	uint16 min_pwd_length;
+	uint32 password_properties;
 
 	if (argc != 1) {
 		printf("Usage: %s\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
-	result = rpccli_samr_get_dom_pwinfo(cli, mem_ctx, &unk_0, &unk_1) ;
+	result = rpccli_samr_get_dom_pwinfo(cli, mem_ctx, &min_pwd_length, &password_properties) ;
 	
 	if (NT_STATUS_IS_OK(result)) {
-		printf("unk_0 = 0x%08x\n", unk_0);
-		printf("unk_1 = 0x%08x\n", unk_1);
+		printf("min_pwd_length: %d\n", min_pwd_length);
+		printf("password_properties: 0x%08x\n", password_properties);
+		
+		if (password_properties & DOMAIN_PASSWORD_COMPLEX)
+			printf("\tDOMAIN_PASSWORD_COMPLEX\n");
+			
+		if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
+			printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
+			
+		if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
+			printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
+			
+		if (password_properties & DOMAIN_LOCKOUT_ADMINS)
+			printf("\tDOMAIN_LOCKOUT_ADMINS\n");
+			
+		if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
+			printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
+			
+		if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
+			printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
 	}
 
 	return result;