summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/librpc/idl/netlogon.idl6
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c6
-rw-r--r--source4/torture/rpc/netlogon.c41
3 files changed, 29 insertions, 24 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 812d64d477..c89cf37ee7 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -1256,9 +1256,9 @@ interface netlogon
[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
- [in] netr_Authenticator credential,
- [in] netr_CryptPassword new_password,
- [out] netr_Authenticator return_authenticator
+ [in,ref] netr_Authenticator *credential,
+ [out,ref] netr_Authenticator *return_authenticator,
+ [in,ref] netr_CryptPassword *new_password
);
/****************/
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 206553ff31..ccc1fc515f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -391,7 +391,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
r->in.computer_name, mem_ctx,
- &r->in.credential, &r->out.return_authenticator,
+ r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -400,8 +400,8 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- memcpy(password_buf.data, r->in.new_password.data, 512);
- SIVAL(password_buf.data, 512, r->in.new_password.length);
+ memcpy(password_buf.data, r->in.new_password->data, 512);
+ SIVAL(password_buf.data, 512, r->in.new_password->length);
creds_arcfour_crypt(creds, password_buf.data, 516);
if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 6a63325116..96cab0bf02 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -362,6 +362,8 @@ static bool test_SetPassword2(struct torture_context *tctx,
struct creds_CredentialState *creds;
struct samr_CryptPassword password_buf;
struct samr_Password nt_hash;
+ struct netr_Authenticator credential, return_authenticator;
+ struct netr_CryptPassword new_password;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
@@ -371,23 +373,26 @@ static bool test_SetPassword2(struct torture_context *tctx,
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &credential;
+ r.in.new_password = &new_password;
+ r.out.return_authenticator = &return_authenticator;
password = generate_random_str(tctx, 8);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, password_buf.data, 516);
- memcpy(r.in.new_password.data, password_buf.data, 512);
- r.in.new_password.length = IVAL(password_buf.data, 512);
+ memcpy(new_password.data, password_buf.data, 512);
+ new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx, "Testing ServerPasswordSet2 on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -406,20 +411,20 @@ static bool test_SetPassword2(struct torture_context *tctx,
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, password_buf.data, 516);
- memcpy(r.in.new_password.data, password_buf.data, 512);
- r.in.new_password.length = IVAL(password_buf.data, 512);
+ memcpy(new_password.data, password_buf.data, 512);
+ new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx,
"Testing ServerPasswordSet2 on machine account\n");
torture_comment(tctx,
"Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -434,18 +439,18 @@ static bool test_SetPassword2(struct torture_context *tctx,
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, password_buf.data, 516);
- memcpy(r.in.new_password.data, password_buf.data, 512);
- r.in.new_password.length = IVAL(password_buf.data, 512);
+ memcpy(new_password.data, password_buf.data, 512);
+ new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx, "Testing second ServerPasswordSet2 on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n", password);
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet2 (2)");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -458,12 +463,12 @@ static bool test_SetPassword2(struct torture_context *tctx,
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
@@ -480,18 +485,18 @@ static bool test_SetPassword2(struct torture_context *tctx,
creds_arcfour_crypt(creds, password_buf.data, 516);
- memcpy(r.in.new_password.data, password_buf.data, 512);
- r.in.new_password.length = IVAL(password_buf.data, 512);
+ memcpy(new_password.data, password_buf.data, 512);
+ new_password.length = IVAL(password_buf.data, 512);
torture_comment(tctx,
"Testing a third ServerPasswordSet2 on machine account, with a compleatly random password\n");
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet2(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (3)");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}