samr_querydom_info level 1: found the meaning of the unknow fields. And

discovered that our reply is short by 4 bytes since day 1 of this code.

Added a decode function to rpcclient too.

splitted the STRING2 fields filling while trying to understand the win9x
userlist bug. (didn't fix the bug, but the reply looks closer to NT).

        J.F.
(This used to be commit bfbe7f377e5fcb09e87bfc866196dfc51a8fe64d)

diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index a29f96c107a62bfe6b30f0da595b7b4d5ddb1e9e..7817579ba9317b8328a649576df7ad59df0e9321 100644 (file)
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -481,7 +481,12 @@ typedef struct q_samr_query_domain_info
 typedef struct sam_unknown_info_3_info
 {
        uint32 unknown_0; /* 0x0000 0000 */
-       uint32 unknown_1; /* 0x8000 0000 */
+       uint32 unknown_1; 
+       
+       /* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/
+
+       /* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/
+
 
 } SAM_UNK_INFO_3;
 
@@ -551,9 +556,11 @@ typedef struct sam_unknown_info_2_inf
 
 typedef struct sam_unknown_info_1_inf
 {
-       uint8 padding[12]; /* 12 bytes zeros */
-       uint32 unknown_1; /* 0x8000 0000 */
-       uint32 unknown_2; /* 0x0000 0000 */
+       uint16 min_length_password;
+       uint16 password_history;
+       uint32 flag;
+       NTTIME expire;
+       NTTIME min_passwordage;
 
 } SAM_UNK_INFO_1;
 
@@ -1750,5 +1757,42 @@ typedef struct sid_info_3
 
 } DOM_SID3;
 
+/* SAMR_Q_UNKNOWN_2E */
+typedef struct q_samr_unknown_2e_info
+{
+       POLICY_HND dom_pol;   /* policy handle */
+       uint16 switch_value;
+
+} SAMR_Q_UNKNOWN_2E;
+
+typedef struct sam_unknown_2e_info_12
+{
+       uint32 duration_low;
+       uint32 duration_high;
+       uint32 reset_count_low;
+       uint32 reset_count_high;
+       uint32 bad_attempt_lockout;
+} SAM_UNK_2E_INFO_12;
+
+typedef struct sam_unknown_2e_ctr_info
+{
+       union
+       {
+               SAM_UNK_2E_INFO_12 info12;
+       } info;
+
+} SAM_UNK_2E_CTR;
+
+
+/* SAMR_R_UNKNOWN_2E - probably an open */
+typedef struct r_samr_unknown_2e_info
+{
+       uint32 ptr;
+       uint16 switch_value;
+       SAM_UNK_2E_CTR *ctr;
+       
+       uint32 status;         /* return status */
+
+} SAMR_R_UNKNOWN_2E;
 #endif /* _RPC_SAMR_H */
 

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 5160a2778f7d91264fd77080ec8ec6f644f5a41e..4507c29613383212a420595243583225170199d5 100644 (file)
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -820,23 +820,23 @@ void copy_unistr2(UNISTR2 *str, const UNISTR2 *from)
  Creates a STRING2 structure.
 ********************************************************************/
 
-void init_string2(STRING2 *str, const char *buf, int len)
+void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
 {
        int alloc_len = 0;
 
        /* set up string lengths. */
-       str->str_max_len = len;
+       str->str_max_len = max_len;
        str->undoc       = 0;
-       str->str_str_len = len;
+       str->str_str_len = str_len;
 
        /* store the string */
-       if(len != 0) {
-               if (len < MAX_STRINGLEN)
+       if(str_len != 0) {
+               if (str_len < MAX_STRINGLEN)
                        alloc_len = MAX_STRINGLEN;
                str->buffer = talloc_zero(get_talloc_ctx(), alloc_len);
                if (str->buffer == NULL)
                        smb_panic("init_string2: malloc fail\n");
-               memcpy(str->buffer, buf, len);
+               memcpy(str->buffer, buf, str_len);
   }
 }
 

diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 3e7be9d4cf82a890284657fd5e40f5931135623b..e3f7ea5d9ae2181c524fea325e50e0dd4a647bfb 100644 (file)
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -1019,8 +1019,8 @@ void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
        init_unistr2(&id->uni_user_name, user_name, len_user_name);
        init_unistr2(&id->uni_wksta_name, wksta_name, len_wksta_name);
 
-       init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len);
-       init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len);
+       init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
+       init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
 
 }
 

diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 89b0db46095c6cf0d6103f1126e98506b23f55f1..f902210b7b8afb38fba6b171af9a05b5ce927d30 100644 (file)
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -851,12 +851,12 @@ BOOL prs_buffer2(BOOL charmode, char *name, prs_struct *ps, int depth, BUFFER2 *
 BOOL prs_string2(BOOL charmode, char *name, prs_struct *ps, int depth, STRING2 *str)
 {
        int i;
-       char *q = prs_mem_get(ps, str->str_str_len);
+       char *q = prs_mem_get(ps, str->str_max_len);
        if (q == NULL)
                return False;
 
        if (UNMARSHALLING(ps)) {
-               str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_str_len);
+               str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_max_len);
                if (str->buffer == NULL)
                        return False;
        }

diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 3f489f0a2b4146295b12c65a9bd7fa37a60f1c42..a7fb77d3820fb7fd101a502d1afacc1c1ca758b6 100644 (file)
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -725,9 +725,18 @@ inits a structure.
 
 void init_unk_info1(SAM_UNK_INFO_1 * u_1)
 {
-       memset(u_1->padding, 0, sizeof(u_1->padding));  /* 12 bytes zeros */
-       u_1->unknown_1 = 0x80000000;
-       u_1->unknown_2 = 0x00000000;
+       u_1->min_length_password = 0;
+       u_1->password_history = 0;
+       u_1->flag = 0;
+       
+       /* password never expire */
+       u_1->expire.high = 0x80000000;
+       u_1->expire.low = 0;
+       
+       /* can change the password now */
+       u_1->min_passwordage.high = 0;
+       u_1->min_passwordage.low = 0;
+       
 }
 
 /*******************************************************************
@@ -743,12 +752,15 @@ static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 * u_1,
        prs_debug(ps, depth, desc, "sam_io_unk_info1");
        depth++;
 
-       if(!prs_uint8s(False, "padding", ps, depth, u_1->padding, sizeof(u_1->padding)))
+       if(!prs_uint16("min_length_password", ps, depth, &u_1->min_length_password))
                return False;
-       
-       if(!prs_uint32("unknown_1", ps, depth, &u_1->unknown_1)) /* 0x8000 0000 */
+       if(!prs_uint16("password_history", ps, depth, &u_1->password_history))
+               return False;
+       if(!prs_uint32("flag", ps, depth, &u_1->flag))
                return False;
-       if(!prs_uint32("unknown_2", ps, depth, &u_1->unknown_2)) /* 0x0000 0000 */
+       if(!smb_io_time("expire", &u_1->expire, ps, depth))
+               return False;
+       if(!smb_io_time("min_passwordage", &u_1->min_passwordage, ps, depth))
                return False;
 
        return True;
@@ -1122,8 +1134,7 @@ static void init_sam_entry4(SAM_ENTRY4 * sam, uint32 user_idx,
        DEBUG(5, ("init_sam_entry4\n"));
 
        sam->user_idx = user_idx;
-       init_str_hdr(&sam->hdr_acct_name, len_acct_name, len_acct_name,
-                    len_acct_name != 0);
+       init_str_hdr(&sam->hdr_acct_name, len_acct_name+1, len_acct_name, len_acct_name != 0);
 }
 
 /*******************************************************************
@@ -1779,7 +1790,7 @@ NTSTATUS init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 *num_e
                init_sam_entry4(&sam->sam[i], start_idx + i + 1, len_sam_name);
 
                unistr2_to_ascii(sam_name, &pass[i].uni_user_name, sizeof(sam_name));
-               init_string2(&sam->str[i].acct_name, sam_name, len_sam_name);
+               init_string2(&sam->str[i].acct_name, sam_name, len_sam_name+1, len_sam_name);
          
                dsize += sizeof(SAM_ENTRY4);
                dsize += len_sam_name;
@@ -1836,8 +1847,6 @@ static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam,
                if(!smb_io_string2("acct_name", &sam->str[i].acct_name,
                             sam->sam[i].hdr_acct_name.buffer, ps, depth))
                        return False;
-               if(!prs_align(ps))
-                       return False;
        }
 
        return True;
@@ -1879,7 +1888,7 @@ NTSTATUS init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 *num_e
                len_sam_name = strlen(grp[i].name);
          
                init_sam_entry5(&sam->sam[i], start_idx + i + 1, len_sam_name);
-               init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name);
+               init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name+1, len_sam_name);
          
                dsize += sizeof(SAM_ENTRY5);
                dsize += len_sam_name;
@@ -1954,7 +1963,11 @@ void init_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO * r_u,
 {
        DEBUG(5, ("init_samr_r_query_dispinfo: level %d\n", switch_level));
 
-       r_u->total_size = data_size;    /* not calculated */
+       if (switch_level==4)
+               r_u->total_size = 0;    /* not calculated */
+       else
+               r_u->total_size = data_size;    /* not calculated */
+
        r_u->data_size = data_size;
 
        r_u->switch_level = switch_level;

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 68a75a70c91618c6a5b7549896078d38ce644594..ece2e2a4bd34bc7ef75fcbe28df0cc30f6077f78 100644 (file)
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -95,6 +95,54 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
        }
 }
 
+static char *display_time(NTTIME nttime)
+{
+       static fstring string;
+
+       float high;
+       float low;
+       int sec;
+       int days, hours, mins, secs;
+
+       if (nttime.high==0 && nttime.low==0)
+               return "Now";
+
+       if (nttime.high==0x80000000 && nttime.low==0)
+               return "Never";
+
+       high = 65536;   
+       high = high/10000;
+       high = high*65536;
+       high = high/1000;
+       high = high * (~nttime.high);
+
+       low = ~nttime.low;      
+       low = low/(1000*1000*10);
+
+       sec=high+low;
+
+       days=sec/(60*60*24);
+       hours=(sec - (days*60*60*24)) / (60*60);
+       mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
+       secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
+
+       snprintf(string, sizeof(string)-1, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
+       return (string);
+}
+
+static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
+{
+       
+       printf("Minimum password length:                     %d\n", info1->min_length_password);
+       printf("Password uniqueness (remember x passwords):  %d\n", info1->password_history);
+       printf("flag:                                        ");
+       if(info1->flag&&2==2) printf("users must open a session to change password ");
+       printf("\n");
+
+       printf("password expire in:                          %s\n", display_time(info1->expire));
+       printf("Min password age (allow changing in x days): %s\n", display_time(info1->min_passwordage));
+}
+
 static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
 {
        fstring name;
@@ -656,6 +704,9 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
        /* Display domain info */
 
        switch (switch_value) {
+       case 1:
+               display_sam_unk_info_1(&ctr.info.inf1);
+               break;
        case 2:
                display_sam_unk_info_2(&ctr.info.inf2);
                break;