Mainly BDC-related changes.

* Added SEC_CHAN_BDC
* Propagate sec_chan into the various functions which change trust account
  passwords, so they can be used for domain control and inter-domain
  trusts.
* Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A
  BUFFER2 is really a "unibuf" in my terminology and we should treat it as
  such.
* Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4).
* Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication.
  Still experimental and incomplete, with a few too many NULL security
  descriptors lying around (must go look at Jeremy's SD code). Haven't
  worked out password encryption yet either.
  However, the XXX_INFO structures I've added to rpc_netlogon.h are quite
  nice as they give some insight into how these objects are stored in the
  SAM.
(This used to be commit 7b830350eb54dc9d357c115e12ddf9a0633527ac)

3 files changed, 67 insertions, 10 deletions

diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 3769f44e18..858327a1b2 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -80,7 +80,8 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
  Set machine password.
  ****************************************************************************/
 
-BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_trust_pwd)
+BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum,
+		      unsigned char *new_hashof_trust_pwd, uint16 sec_chan)
 {
   unsigned char processed_new_pwd[16];
 
@@ -94,7 +95,7 @@ BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_has
   cred_hash3( processed_new_pwd, new_hashof_trust_pwd, cli->sess_key, 1);
 
   /* send client srv_pwset challenge */
-  return cli_net_srv_pwset(cli, fnum, processed_new_pwd);
+  return cli_net_srv_pwset(cli, fnum, processed_new_pwd, sec_chan);
 }
 
 /****************************************************************************
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index ff9fc3c5ed..9bd7d695d2 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -257,14 +257,14 @@ BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt
 LSA Server Password Set.
 ****************************************************************************/
 
-BOOL cli_net_srv_pwset(struct cli_state *cli, uint16 nt_pipe_fnum, uint8 hashed_mach_pwd[16])
+BOOL cli_net_srv_pwset(struct cli_state *cli, uint16 nt_pipe_fnum,
+		       uint8 hashed_mach_pwd[16], uint16 sec_chan_type)
 {
   prs_struct rbuf;
   prs_struct buf; 
   DOM_CRED new_clnt_cred;
   NET_Q_SRV_PWSET q_s;
   BOOL ok = False;
-  uint16 sec_chan_type = 2;
 
   gen_next_creds( cli, &new_clnt_cred);
 
@@ -473,13 +473,68 @@ password ?).\n", cli->desthost ));
   return ok;
 }
 
+/***************************************************************************
+Synchronise SAM Database (requires SEC_CHAN_BDC).
+****************************************************************************/
+BOOL cli_net_sam_sync(struct cli_state *cli, uint16 nt_pipe_fnum, uint32 database_id)
+{
+	NET_Q_SAM_SYNC q_s;
+	prs_struct rbuf;
+	prs_struct buf; 
+	DOM_CRED new_clnt_cred;
+	BOOL ok = False;
+	
+	gen_next_creds(cli, &new_clnt_cred);
+	
+	prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
+	prs_init(&rbuf, 0,    4, SAFETY_MARGIN, True );
+	
+	/* create and send a MSRPC command with api NET_SAM_SYNC */
+	
+	make_q_sam_sync(&q_s, cli->srv_name_slash, global_myname,
+			&new_clnt_cred, database_id);
+	
+	/* turn parameters into data stream */
+	net_io_q_sam_sync("", &q_s,  &buf, 0);
+	
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, nt_pipe_fnum, NET_SAM_SYNC, &buf, &rbuf))
+	{
+		NET_R_SAM_SYNC r_s;
+		
+		net_io_r_sam_sync("", &r_s, &rbuf, 0);
+		ok = (rbuf.offset != 0);
+		
+		if (ok && r_s.status != 0)
+		{
+			/* report error code */
+			DEBUG(0,("cli_net_sam_sync: %s\n", get_nt_error_msg(r_s.status)));
+			cli->nt_error = r_s.status;
+			ok = False;
+		}
+		
+		/* Update the credentials. */
+		if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)))
+		{
+			DEBUG(0,("cli_net_sam_sync: server %s replied with bad credential (bad machine password ?).\n", cli->desthost));
+			ok = False;
+		}
+	}
+	
+	prs_mem_free(&rbuf);
+	prs_mem_free(&buf );
+	
+	return ok;
+}
+
 /*********************************************************
  Change the domain password on the PDC.
 **********************************************************/
 
 static BOOL modify_trust_password( char *domain, char *remote_machine, 
                           unsigned char orig_trust_passwd_hash[16],
-                          unsigned char new_trust_passwd_hash[16])
+                          unsigned char new_trust_passwd_hash[16],
+                          uint16 sec_chan)
 {
   uint16 nt_pipe_fnum;
   struct cli_state cli;
@@ -575,7 +630,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
   } 
   
   if(cli_nt_setup_creds(&cli, nt_pipe_fnum,
-     cli.mach_acct, orig_trust_passwd_hash, SEC_CHAN_WKSTA) == False) {
+     cli.mach_acct, orig_trust_passwd_hash, sec_chan) == False) {
     DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \
 %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
     cli_nt_session_close(&cli, nt_pipe_fnum);
@@ -584,7 +639,7 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
     return False;
   } 
 
-  if( cli_nt_srv_pwset( &cli, nt_pipe_fnum, new_trust_passwd_hash ) == False) {
+  if( cli_nt_srv_pwset( &cli, nt_pipe_fnum, new_trust_passwd_hash, sec_chan ) == False) {
     DEBUG(0,("modify_trust_password: unable to change password for machine %s in domain \
 %s to Domain controller %s. Error was %s.\n", global_myname, domain, remote_machine, 
                             cli_errstr(&cli)));
@@ -607,7 +662,8 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
  update.
 ************************************************************************/
 
-BOOL change_trust_account_password( char *domain, char *remote_machine_list)
+BOOL change_trust_account_password(char *domain, char *remote_machine_list,
+					uint16 sec_chan)
 {
   fstring remote_machine;
   unsigned char old_trust_passwd_hash[16];
@@ -631,7 +687,7 @@ account password for domain %s.\n", domain));
 		   LIST_SEP, sizeof(remote_machine))) {
     strupper(remote_machine);
     if(modify_trust_password( domain, remote_machine, 
-                              old_trust_passwd_hash, new_trust_passwd_hash)) {
+                old_trust_passwd_hash, new_trust_passwd_hash, sec_chan)) {
       DEBUG(0,("%s : change_trust_account_password: Changed password for \
 domain %s.\n", timestring(), domain));
       /*
diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c
index 04b1fdc650..c467d8abaa 100644
--- a/source3/rpc_client/cli_reg.c
+++ b/source3/rpc_client/cli_reg.c
@@ -425,7 +425,7 @@ BOOL do_reg_query_info(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd,
 		if (p)
 		{
 			valid_query = True;
-			unistr_to_ascii(type, r_o.uni_type.buffer,
+			unibuf_to_ascii(type, r_o.uni_type.buffer,
 				MIN(r_o.uni_type.buf_len, sizeof(fstring)-1));
 			(*unk_0) = r_o.unknown_0;
 			(*unk_1) = r_o.unknown_1;