s4-netlogon: merge netr_ServerPasswordSet from s3 idl.

Guenther

source4/librpc/idl/netlogon.idl

@@ -344,9 +344,9 @@ interface netlogon
 		[in]  [string,charset(UTF16)] uint16 account_name[],
 		[in]  netr_SchannelType secure_channel_type,
 		[in]  [string,charset(UTF16)] uint16 computer_name[],
-		[in]  netr_Authenticator credential,
-		[in]  samr_Password new_password,
-		[out] netr_Authenticator return_authenticator
+		[in,ref]  netr_Authenticator *credential,
+		[out,ref] netr_Authenticator *return_authenticator,
+		[in,ref] samr_Password *new_password
 		);
 
 

source4/rpc_server/netlogon/dcerpc_netlogon.c

@@ -354,7 +354,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
 
 	nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
 							r->in.computer_name, mem_ctx, 
-						 &r->in.credential, &r->out.return_authenticator,
+						 r->in.credential, r->out.return_authenticator,
 						 &creds);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
@@ -363,13 +363,13 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
 
-	creds_des_decrypt(creds, &r->in.new_password);
+	creds_des_decrypt(creds, r->in.new_password);
 
 	/* Using the sid for the account as the key, set the password */
 	nt_status = samdb_set_password_sid(sam_ctx, mem_ctx, 
 					   creds->sid,
 					   NULL, /* Don't have plaintext */
-					   NULL, &r->in.new_password,
+					   NULL, r->in.new_password,
 					   true, /* Password change */
 					   NULL, NULL);
 	return nt_status;

source4/torture/rpc/netlogon.c

@@ -270,6 +270,8 @@ static bool test_SetPassword(struct torture_context *tctx,
 	struct netr_ServerPasswordSet r;
 	const char *password;
 	struct creds_CredentialState *creds;
+	struct netr_Authenticator credential, return_authenticator;
+	struct samr_Password new_password;
 
 	if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
 		return false;
@@ -279,22 +281,25 @@ static bool test_SetPassword(struct torture_context *tctx,
 	r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
 	r.in.secure_channel_type = SEC_CHAN_BDC;
 	r.in.computer_name = TEST_MACHINE_NAME;
+	r.in.credential = &credential;
+	r.in.new_password = &new_password;
+	r.out.return_authenticator = &return_authenticator;
 
 	password = generate_random_str(tctx, 8);
-	E_md4hash(password, r.in.new_password.hash);
+	E_md4hash(password, new_password.hash);
 
-	creds_des_encrypt(creds, &r.in.new_password);
+	creds_des_encrypt(creds, &new_password);
 
 	torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
 	torture_comment(tctx, "Changing machine account password to '%s'\n", 
 			password);
 
-	creds_client_authenticator(creds, &r.in.credential);
+	creds_client_authenticator(creds, &credential);
 
 	status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
 	torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
 
-	if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+	if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
 		torture_comment(tctx, "Credential chaining failed\n");
 	}
 
@@ -307,12 +312,12 @@ static bool test_SetPassword(struct torture_context *tctx,
 	torture_comment(tctx, 
 		"Changing machine account password to '%s' (same as previous run)\n", password);
 
-	creds_client_authenticator(creds, &r.in.credential);
+	creds_client_authenticator(creds, &credential);
 
 	status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
 	torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
 
-	if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+	if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
 		torture_comment(tctx, "Credential chaining failed\n");
 	}
 

source4/torture/rpc/samba3rpc.c

@@ -1146,6 +1146,8 @@ static bool schan(struct smbcli_state *cli,
 		struct netr_ServerPasswordSet s;
 		char *password = generate_random_str(wks_creds, 8);
 		struct creds_CredentialState *creds_state;
+		struct netr_Authenticator credential, return_authenticator;
+		struct samr_Password new_password;
 
 		s.in.server_name = talloc_asprintf(
 			mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
@@ -1153,11 +1155,15 @@ static bool schan(struct smbcli_state *cli,
 		s.in.account_name = talloc_asprintf(
 			mem_ctx, "%s$", s.in.computer_name);
 		s.in.secure_channel_type = SEC_CHAN_WKSTA;
-		E_md4hash(password, s.in.new_password.hash);
+		s.in.credential = &credential;
+		s.in.new_password = &new_password;
+		s.out.return_authenticator = &return_authenticator;
+
+		E_md4hash(password, new_password.hash);
 
 		creds_state = cli_credentials_get_netlogon_creds(wks_creds);
-		creds_des_encrypt(creds_state, &s.in.new_password);
-		creds_client_authenticator(creds_state, &s.in.credential);
+		creds_des_encrypt(creds_state, &new_password);
+		creds_client_authenticator(creds_state, &credential);
 
 		status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -1166,7 +1172,7 @@ static bool schan(struct smbcli_state *cli,
 		}
 
 		if (!creds_client_check(creds_state,
-					&s.out.return_authenticator.cred)) {
+					&s.out.return_authenticator->cred)) {
 			printf("Credential chaining failed\n");
 		}
 

source4/torture/rpc/schannel.c

@@ -765,6 +765,8 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 		char *password = generate_random_str(s->join_ctx1, 8);
 		struct creds_CredentialState *creds_state;
 		struct dcerpc_pipe *net_pipe;
+		struct netr_Authenticator credential, return_authenticator;
+		struct samr_Password new_password;
 
 		status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
 					       &ndr_table_netlogon,
@@ -781,19 +783,23 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 		pwset.in.account_name = talloc_asprintf(
 			net_pipe, "%s$", pwset.in.computer_name);
 		pwset.in.secure_channel_type = SEC_CHAN_WKSTA;
-		E_md4hash(password, pwset.in.new_password.hash);
+		pwset.in.credential = &credential;
+		pwset.in.new_password = &new_password;
+		pwset.out.return_authenticator = &return_authenticator;
+
+		E_md4hash(password, new_password.hash);
 
 		creds_state = cli_credentials_get_netlogon_creds(
 			s->wks_creds1);
-		creds_des_encrypt(creds_state, &pwset.in.new_password);
-		creds_client_authenticator(creds_state, &pwset.in.credential);
+		creds_des_encrypt(creds_state, &new_password);
+		creds_client_authenticator(creds_state, &credential);
 
 		status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset);
 		torture_assert_ntstatus_ok(torture, status,
 					   "ServerPasswordSet failed");
 
 		if (!creds_client_check(creds_state,
-					&pwset.out.return_authenticator.cred)) {
+					&pwset.out.return_authenticator->cred)) {
 			printf("Credential chaining failed\n");
 		}