r1141: - consolidated the netr_SamInfo structures using a netr_SamBaseInfo

  structure (andrew, this is the type of structure consolidation I think
  you were asking about. It's possible here in NDR as it isn't in the
  top level fn code)

- added validation level 6 in sam logon

With these changes I can successfully authentication smbclient to a
winxp server, with the winxp server using a Samba4 ADS DC for account
auth
(This used to be commit 705205083a6e2430c420f44436a1d1ff8826bc73)

3 files changed, 55 insertions, 140 deletions

diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 844bc7ec83..6e87072a12 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -172,6 +172,10 @@ interface netlogon
 		netr_LMSessionKey LMSessKey;
 		uint32 AccountControl;
 		uint32 unknown[7];
+	} netr_SamBaseInfo;
+
+	typedef struct {
+		netr_SamBaseInfo base;
 	} netr_SamInfo2;
 
 	typedef struct {
@@ -180,69 +184,18 @@ interface netlogon
 	} netr_SidAttr;
 
 	typedef struct {
-		NTTIME last_logon;
-		NTTIME last_logoff;
-		NTTIME acct_expiry;
-		NTTIME last_password_change;
-		NTTIME allow_password_change;
-		NTTIME force_password_change;
-		netr_String account_name;
-		netr_String full_name;
-		netr_String logon_script;
-		netr_String profile_path;
-		netr_String home_directory;
-		netr_String home_drive;
-		uint16 logon_count;
-		uint16 bad_password_count;
-		uint32 rid;
-		uint32 primary_gid;
-		uint32 group_count;
-		[size_is(group_count)] netr_GroupMembership *groupids;
-		uint32 acct_flags;
-		netr_UserSessionKey key;
-		netr_String logon_server;
-		netr_String domain;
-		dom_sid2 *domain_sid;
-		netr_LMSessionKey LMSessKey;
-		uint32 AccountControl;
-		uint32 unknown[7];
+		netr_SamBaseInfo base;
 		uint32 sidcount;
 		[size_is(sidcount)] netr_SidAttr *sids;
 	} netr_SamInfo3;
 
-
 	typedef struct {
-		NTTIME last_logon;
-		NTTIME last_logoff;
-		NTTIME acct_expiry;
-		NTTIME last_password_change;
-		NTTIME allow_password_change;
-		NTTIME force_password_change;
-		netr_String account_name;
-		netr_String full_name;
-		netr_String logon_script;
-		netr_String profile_path;
-		netr_String home_directory;
-		netr_String home_drive;
-		uint16 logon_count;
-		uint16 bad_password_count;
-		uint32 rid;
-		uint32 primary_gid;
-		uint32 group_count;
-		[size_is(group_count)] netr_GroupMembership *groupids;
-		uint32 acct_flags;
-		netr_UserSessionKey key;
-		netr_String logon_server;
-		netr_String domain;
-		dom_sid2 *domain_sid;
-		netr_LMSessionKey LMSessKey;
-		uint32 AccountControl;
-		uint32 unknown1[9];
-		netr_String forest;
-		netr_String principle;
-		uint32 unknown4[18];
+		netr_SamBaseInfo base;
 		uint32 sidcount;
 		[size_is(sidcount)] netr_SidAttr *sids;
+		netr_String forest;
+		netr_String principle;
+		uint32 unknown4[20];
 	} netr_SamInfo6;
 
 	typedef struct {
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index dc0b8582fe..603d90f440 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -495,8 +495,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	NTSTATUS nt_status;
 	const uint8_t *chal;
 	static const char zeros[16];
+	struct netr_SamBaseInfo *sam;
 	struct netr_SamInfo2 *sam2;
-	struct netr_SamInfo3 *sam;
+	struct netr_SamInfo3 *sam3;
+	struct netr_SamInfo6 *sam6;
 	
 	if (!pipe_state) {
 		DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
@@ -570,7 +572,9 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	}
 	free_auth_context(&auth_context);
 
-	sam = talloc_p(mem_ctx, struct netr_SamInfo3);
+	sam = talloc_p(mem_ctx, struct netr_SamBaseInfo);
+
+	ZERO_STRUCTP(sam);
 	
 	sam->last_logon = server_info->last_logon;
 	sam->last_logoff = server_info->last_logoff;
@@ -603,17 +607,6 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 	sam->domain_sid->num_auths--;
 
 	sam->AccountControl = 0;
-
-	sam->unknown1 = 0;
-	sam->unknown2 = 0;
-	sam->unknown3 = 0;
-	sam->unknown4 = 0;
-	sam->unknown5 = 0;
-	sam->unknown6 = 0;
-	sam->unknown7 = 0;
-
-	sam->sidcount = 0;
-	sam->sids = NULL;
 	
 	if (server_info->user_session_key.length == sizeof(sam->key.key)) {
 		memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
@@ -646,60 +639,29 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
 
 	switch (r->in.validation_level) {
 	case 2:
-	{
 		sam2 = talloc_p(mem_ctx, struct netr_SamInfo2);
+		ZERO_STRUCTP(sam2);
+		sam2->base = *sam;
 		r->out.validation.sam2 = sam2;
-		sam2->last_logon = sam->last_logon;
-		sam2->last_logoff = sam->last_logoff;
-		sam2->acct_expiry = sam->acct_expiry;
-		
-		sam2->last_password_change = sam->last_password_change;
-		sam2->allow_password_change = sam->allow_password_change;
-		sam2->force_password_change = sam->force_password_change;
-
-		sam2->account_name = sam->account_name;
-		sam2->full_name = sam->full_name;
-		sam2->logon_script = sam->logon_script;
-		sam2->profile_path = sam->profile_path;
-		sam2->home_directory = sam->home_directory;
-		sam2->home_drive = sam->home_drive;
-	
-		sam2->logon_count = sam->logon_count;
-		sam2->bad_password_count = sam->bad_password_count;
-		sam2->rid = sam->rid;
-		sam2->primary_gid = sam->primary_gid;
-		sam2->group_count = sam->group_count;
-		sam2->groupids = sam->groupids;
-	
-		sam2->acct_flags = sam->acct_flags;
-	
-		sam2->key = sam->key;
-
-		sam2->logon_server = sam->logon_server;
-	
-		sam2->domain = sam->domain;
-	
-		sam2->domain_sid = sam->domain_sid;
-		
-		sam2->LMSessKey = sam->LMSessKey;
-	
-		sam2->AccountControl = sam->AccountControl;
-
-		sam2->unknown1 = sam->unknown1;
-		sam2->unknown2 = sam->unknown2;
-		sam2->unknown3 = sam->unknown3;
-		sam2->unknown4 = sam->unknown4;
-		sam2->unknown5 = sam->unknown5;
-		sam2->unknown6 = sam->unknown6;
-		sam2->unknown7 = sam->unknown7;
-
 		break;
-	}
+
 	case 3:
-	{
-		r->out.validation.sam3 = sam;
+		sam3 = talloc_p(mem_ctx, struct netr_SamInfo3);
+		ZERO_STRUCTP(sam3);
+		sam3->base = *sam;
+		r->out.validation.sam3 = sam3;
 		break;
-	}
+
+	case 6:
+		sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
+		ZERO_STRUCTP(sam6);
+		sam6->base = *sam;
+		sam6->forest.string = sam->domain.string;
+		sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", 
+							 sam->account_name.string, sam->domain.string);
+		r->out.validation.sam6 = sam6;
+		break;
+
 	default:
 		break;
 	}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 55d60871b6..c334651d46 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -377,58 +377,58 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 		if (r->in.validation_level == 2) {
 			static const char zeros[16];
 			
-			if (memcmp(r->out.validation.sam2->key.key, zeros,  
-				   sizeof(r->out.validation.sam2->key.key)) != 0) {
+			if (memcmp(r->out.validation.sam2->base.key.key, zeros,  
+				   sizeof(r->out.validation.sam2->base.key.key)) != 0) {
 				creds_arcfour_crypt(&samlogon_state->creds, 
-						    r->out.validation.sam2->key.key, 
-						    sizeof(r->out.validation.sam2->key.key));
+						    r->out.validation.sam2->base.key.key, 
+						    sizeof(r->out.validation.sam2->base.key.key));
 			}
 			
 			if (user_session_key) {
-				memcpy(user_session_key, r->out.validation.sam2->key.key, 16);
+				memcpy(user_session_key, r->out.validation.sam2->base.key.key, 16);
 			}
 			
-			if (memcmp(r->out.validation.sam2->LMSessKey.key, zeros,  
-				   sizeof(r->out.validation.sam2->LMSessKey.key)) != 0) {
+			if (memcmp(r->out.validation.sam2->base.LMSessKey.key, zeros,  
+				   sizeof(r->out.validation.sam2->base.LMSessKey.key)) != 0) {
 				creds_arcfour_crypt(&samlogon_state->creds, 
-						    r->out.validation.sam2->LMSessKey.key, 
-						    sizeof(r->out.validation.sam2->LMSessKey.key));
+						    r->out.validation.sam2->base.LMSessKey.key, 
+						    sizeof(r->out.validation.sam2->base.LMSessKey.key));
 			}
 			
 			if (lm_key) {
-				memcpy(lm_key, r->out.validation.sam2->LMSessKey.key, 8);
+				memcpy(lm_key, r->out.validation.sam2->base.LMSessKey.key, 8);
 			}
 			
 		} else if (r->in.validation_level == 3) {
 			static const char zeros[16];
-			if (memcmp(r->out.validation.sam3->key.key, zeros,  
-				   sizeof(r->out.validation.sam3->key.key)) != 0) {
+			if (memcmp(r->out.validation.sam3->base.key.key, zeros,  
+				   sizeof(r->out.validation.sam3->base.key.key)) != 0) {
 				creds_arcfour_crypt(&samlogon_state->creds, 
-						    r->out.validation.sam3->key.key, 
-						    sizeof(r->out.validation.sam3->key.key));
+						    r->out.validation.sam3->base.key.key, 
+						    sizeof(r->out.validation.sam3->base.key.key));
 			}
 			
 			if (user_session_key) {
-				memcpy(user_session_key, r->out.validation.sam3->key.key, 16);
+				memcpy(user_session_key, r->out.validation.sam3->base.key.key, 16);
 			}
 
-			if (memcmp(r->out.validation.sam3->LMSessKey.key, zeros, 
-				   sizeof(r->out.validation.sam3->LMSessKey.key)) != 0) {
+			if (memcmp(r->out.validation.sam3->base.LMSessKey.key, zeros, 
+				   sizeof(r->out.validation.sam3->base.LMSessKey.key)) != 0) {
 				creds_arcfour_crypt(&samlogon_state->creds, 
-						    r->out.validation.sam3->LMSessKey.key, 
-						    sizeof(r->out.validation.sam3->LMSessKey.key));
+						    r->out.validation.sam3->base.LMSessKey.key, 
+						    sizeof(r->out.validation.sam3->base.LMSessKey.key));
 			}
 			
 			if (lm_key) {
-				memcpy(lm_key, r->out.validation.sam3->LMSessKey.key, 8);
+				memcpy(lm_key, r->out.validation.sam3->base.LMSessKey.key, 8);
 			}			
 		} else if (r->in.validation_level == 6) {
 			/* they aren't encrypted! */
 			if (user_session_key) {
-				memcpy(user_session_key, r->out.validation.sam6->key.key, 16);
+				memcpy(user_session_key, r->out.validation.sam6->base.key.key, 16);
 			}
 			if (lm_key) {
-				memcpy(lm_key, r->out.validation.sam6->LMSessKey.key, 8);
+				memcpy(lm_key, r->out.validation.sam6->base.LMSessKey.key, 8);
 			}
 		}
 	}