Alexander Bokovoy ff4fb6935a _netr_ServerPasswordSet2: use info level 26 to set plain text machine password ... To support password change for machine or trusted domain accounts in Active Directory environment we need to pass down actual plain text password instead of NT hashes. This would allow a backend like ipasam to update Kerberos keys as well as NT hashes. By calling samr_SetUserInfo2 info level 26 we ensure PASSDB layer can actually get the plain text password. If PASSDB backend implements pdb_update_sam_account() callback, it then gets the plain text password from samr_SetUserInfo2. A plain text password is a data blob represented as up to 256 WCHARs. It is UTF-16 coded on wire and we have its length from the buffer. SetUserInfo2 SAMR call chain in decode_pw_buffer() does explicitly expect 512+4 bytes in the buffer. It then calls convert_string_talloc() to convert it to UNIX charset passing the correct value of the plaintext password length. However, convert_string_talloc() expects the length of input string *including* the terminating null and we pass just the string length. convert_string_talloc() then explicitly null-terminates the resulting string by adding two nulls. In most cases UNIX charset is UTF-8, so we get null-terminated UTF-8 string down to PASSDB layer. MS-SAMR does not limit what does the password should contain. It says it is 'userPassword' value. Either 'userPassword' or 'unicodePwd' cannot contain null characters according to MS-ADTS 3.1.1.3.1.5 because they must be proper UTF-8 and UTF-16 strings accordingly. We are talking to our own SAMR service here. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>		2017-04-18 22:54:17 +02:00
..
dfs	werror: replace WERR_DFS_CANT_CREATE_JUNCT with WERR_NERR_DFSCANTCREATEJUNCTIONPOINT in source3/rpc_server/dfs/srv_dfs_nt.c	2016-09-28 00:04:30 +02:00
dssetup	werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpc_server/	2016-09-28 00:04:34 +02:00
echo	Covert all uint32/16/8 to _t in source3/rpc_server.	2015-05-15 19:31:24 +02:00
epmapper	s3-epmapper: Ignore epm_Map object guid	2016-11-12 02:49:23 +01:00
eventlog	werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in source3/rpc_server/	2016-09-28 00:04:19 +02:00
fss	Correct "heirarchy" typos.	2017-02-22 08:26:23 +01:00
initshutdown
lsa	Fix various spelling errors	2015-11-06 13:43:45 +01:00
mdssvc	Correct "errror" typos.	2017-02-22 08:26:22 +01:00
netlogon	_netr_ServerPasswordSet2: use info level 26 to set plain text machine password	2017-04-18 22:54:17 +02:00
ntsvcs	werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in source3/rpc_server/	2016-09-28 00:04:21 +02:00
samr	samr3: Use "all_zero" where appropriate	2017-01-03 16:04:28 +01:00
spoolss	rpc: Always supply both the remote and local address to the auth subsystem	2017-03-29 02:37:27 +02:00
srvsvc	lib: Add lib/util/server_id.h	2017-01-22 18:30:11 +01:00
svcctl	Correct "incluing" typos.	2017-02-22 08:26:23 +01:00
winreg	Update smbrun to allow for settings environment variables.	2016-10-13 04:26:26 +02:00
wkssvc	werror: replace WERR_UNKNOWN_LEVEL with WERR_INVALID_LEVEL in source3/rpc_server/	2016-09-28 00:04:34 +02:00
dcesrv_auth_generic.c	auth: Always supply both the remote and local address to the auth subsystem	2017-03-29 02:37:26 +02:00
dcesrv_auth_generic.h	auth: Always supply both the remote and local address to the auth subsystem	2017-03-29 02:37:26 +02:00
epmd.c	s3: Move call to prctl_set_comment to reinit_after_fork	2015-09-24 08:00:16 +02:00
fssd.c	fssd: Remove reference to procid_self()	2015-10-19 12:09:10 +02:00
lsasd.c	s3: Move call to prctl_set_comment to reinit_after_fork	2015-09-24 08:00:16 +02:00
mdssd.c	s3-rpc_server/mdssd: use smbd_reinit_after_fork()	2016-07-11 02:02:31 +02:00
rpc_config.c	s3-mdssvc: add Spotlight RPC stubs	2015-07-07 17:34:28 +02:00
rpc_config.h	s3-mdssvc: add mdssd RPC service daemon for mdssvc	2015-07-07 17:34:28 +02:00
rpc_contexts.c
rpc_contexts.h
rpc_ep_register.c	s3:rpc_server: make use of dcerpc_binding_set_abstract_syntax()	2014-02-13 11:54:16 +01:00
rpc_ep_register.h
rpc_handles.c	rpc_server: Fix a typo	2016-08-24 18:01:14 +02:00
rpc_modules.c	s3:rpc_server: allow building RPC services as shared modules	2016-02-21 19:21:17 +01:00
rpc_modules.h	s3:rpc_server: allow building RPC services as shared modules	2016-02-21 19:21:17 +01:00
rpc_ncacn_np.c	s3-rpc_server: Re-order and rename remote and local address in make_external_rpc_pipe{,_p}()	2017-03-29 02:37:28 +02:00
rpc_ncacn_np.h	s3-rpc_server: Re-order and rename remote and local address in make_external_rpc_pipe{,_p}()	2017-03-29 02:37:28 +02:00
rpc_pipes.h	s3-rpc_server: allow to set minimal auth level for a DCE/RPC service	2017-01-06 12:28:18 +01:00
rpc_server.c	s3-rpc_server: Rename client -> remote_client and server -> local_server	2017-03-29 02:37:28 +02:00
rpc_server.h	s3-rpc_server: Re-order local and remote address in make_server_pipes_struct()	2017-03-29 02:37:28 +02:00
rpc_service_setup.c	s3/rpc_server: shared rpc modules loading	2017-01-31 00:45:18 +01:00
rpc_service_setup.h	s3:rpc_server: allow building RPC services as shared modules	2016-02-21 19:21:17 +01:00
rpc_sock_helper.c	s3-rpc_server: fix rpc_create_tcpip_sockets() processing of interfaces.	2015-04-30 15:14:27 +02:00
rpc_sock_helper.h
srv_access_check.c	Covert all uint32/16/8 to _t in source3/rpc_server.	2015-05-15 19:31:24 +02:00
srv_access_check.h	Covert all uint32/16/8 to _t in source3/rpc_server.	2015-05-15 19:31:24 +02:00
srv_pipe_hnd.c	rpc_server: Re-order and rename remote and local address in np_open()	2017-03-29 02:37:29 +02:00
srv_pipe_hnd.h	rpc_server: Re-order and rename remote and local address in np_open()	2017-03-29 02:37:29 +02:00
srv_pipe_internal.h
srv_pipe_register.c
srv_pipe_register.h
srv_pipe.c	s3-rpc_server: Provide hooks required for JSON message logging for the no-auth case	2017-03-29 02:37:28 +02:00
srv_pipe.h
wscript_build	auth: Generate a human readable Authentication log message.	2017-03-29 02:37:26 +02:00