r12599: This new LDB module (and associated changes) allows Samba4 to operate

using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).

The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code.  We also update the msDS-KeyVersionNumber, and the password
history.  This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.

By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic.  (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB.  This simplfies the KDC code.).

It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.

source/rpc_server/netlogon/dcerpc_netlogon.c

@@ -136,7 +136,7 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
 	int num_records;
 	struct ldb_message **msgs;
 	NTSTATUS nt_status;
-	const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl", 
+	const char *attrs[] = {"ntPwdHash", "userAccountControl", 
 			       "objectSid", NULL};
 
 	ZERO_STRUCTP(r->out.credentials);
@@ -197,11 +197,11 @@ static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TAL
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	*r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], 
+						"objectSid", 0);
 
-	*r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0);
-
-	nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
-	if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
+	mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "ntPwdHash");
+	if (mach_pwd == NULL) {
 		return NT_STATUS_ACCESS_DENIED;
 	}