From 556b5bb9eead7785fe0d2cdfe465239ccb4f60b9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 29 Oct 2008 01:34:49 +0100 Subject: s4-netlogon: merge netr_ServerPasswordSet from s3 idl. Guenther --- source4/librpc/idl/netlogon.idl | 6 +++--- source4/rpc_server/netlogon/dcerpc_netlogon.c | 6 +++--- source4/torture/rpc/netlogon.c | 17 +++++++++++------ source4/torture/rpc/samba3rpc.c | 14 ++++++++++---- source4/torture/rpc/schannel.c | 14 ++++++++++---- 5 files changed, 37 insertions(+), 20 deletions(-) diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 3b618f1cc3..812d64d477 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -344,9 +344,9 @@ interface netlogon [in] [string,charset(UTF16)] uint16 account_name[], [in] netr_SchannelType secure_channel_type, [in] [string,charset(UTF16)] uint16 computer_name[], - [in] netr_Authenticator credential, - [in] samr_Password new_password, - [out] netr_Authenticator return_authenticator + [in,ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [in,ref] samr_Password *new_password ); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 8dc11a6f6a..206553ff31 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -354,7 +354,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, mem_ctx, - &r->in.credential, &r->out.return_authenticator, + r->in.credential, r->out.return_authenticator, &creds); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -363,13 +363,13 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call return NT_STATUS_INVALID_SYSTEM_SERVICE; } - creds_des_decrypt(creds, &r->in.new_password); + creds_des_decrypt(creds, r->in.new_password); /* Using the sid for the account as the key, set the password */ nt_status = samdb_set_password_sid(sam_ctx, mem_ctx, creds->sid, NULL, /* Don't have plaintext */ - NULL, &r->in.new_password, + NULL, r->in.new_password, true, /* Password change */ NULL, NULL); return nt_status; diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 6da3eaf79d..6a63325116 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -270,6 +270,8 @@ static bool test_SetPassword(struct torture_context *tctx, struct netr_ServerPasswordSet r; const char *password; struct creds_CredentialState *creds; + struct netr_Authenticator credential, return_authenticator; + struct samr_Password new_password; if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) { return false; @@ -279,22 +281,25 @@ static bool test_SetPassword(struct torture_context *tctx, r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME); r.in.secure_channel_type = SEC_CHAN_BDC; r.in.computer_name = TEST_MACHINE_NAME; + r.in.credential = &credential; + r.in.new_password = &new_password; + r.out.return_authenticator = &return_authenticator; password = generate_random_str(tctx, 8); - E_md4hash(password, r.in.new_password.hash); + E_md4hash(password, new_password.hash); - creds_des_encrypt(creds, &r.in.new_password); + creds_des_encrypt(creds, &new_password); torture_comment(tctx, "Testing ServerPasswordSet on machine account\n"); torture_comment(tctx, "Changing machine account password to '%s'\n", password); - creds_client_authenticator(creds, &r.in.credential); + creds_client_authenticator(creds, &credential); status = dcerpc_netr_ServerPasswordSet(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet"); - if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { torture_comment(tctx, "Credential chaining failed\n"); } @@ -307,12 +312,12 @@ static bool test_SetPassword(struct torture_context *tctx, torture_comment(tctx, "Changing machine account password to '%s' (same as previous run)\n", password); - creds_client_authenticator(creds, &r.in.credential); + creds_client_authenticator(creds, &credential); status = dcerpc_netr_ServerPasswordSet(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)"); - if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { + if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { torture_comment(tctx, "Credential chaining failed\n"); } diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index f8b6da96a8..c53c4b72c7 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -1146,6 +1146,8 @@ static bool schan(struct smbcli_state *cli, struct netr_ServerPasswordSet s; char *password = generate_random_str(wks_creds, 8); struct creds_CredentialState *creds_state; + struct netr_Authenticator credential, return_authenticator; + struct samr_Password new_password; s.in.server_name = talloc_asprintf( mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe)); @@ -1153,11 +1155,15 @@ static bool schan(struct smbcli_state *cli, s.in.account_name = talloc_asprintf( mem_ctx, "%s$", s.in.computer_name); s.in.secure_channel_type = SEC_CHAN_WKSTA; - E_md4hash(password, s.in.new_password.hash); + s.in.credential = &credential; + s.in.new_password = &new_password; + s.out.return_authenticator = &return_authenticator; + + E_md4hash(password, new_password.hash); creds_state = cli_credentials_get_netlogon_creds(wks_creds); - creds_des_encrypt(creds_state, &s.in.new_password); - creds_client_authenticator(creds_state, &s.in.credential); + creds_des_encrypt(creds_state, &new_password); + creds_client_authenticator(creds_state, &credential); status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { @@ -1166,7 +1172,7 @@ static bool schan(struct smbcli_state *cli, } if (!creds_client_check(creds_state, - &s.out.return_authenticator.cred)) { + &s.out.return_authenticator->cred)) { printf("Credential chaining failed\n"); } diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 81c3ecf878..2c39596e35 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -765,6 +765,8 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) char *password = generate_random_str(s->join_ctx1, 8); struct creds_CredentialState *creds_state; struct dcerpc_pipe *net_pipe; + struct netr_Authenticator credential, return_authenticator; + struct samr_Password new_password; status = dcerpc_pipe_connect_b(s, &net_pipe, s->b, &ndr_table_netlogon, @@ -781,19 +783,23 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture) pwset.in.account_name = talloc_asprintf( net_pipe, "%s$", pwset.in.computer_name); pwset.in.secure_channel_type = SEC_CHAN_WKSTA; - E_md4hash(password, pwset.in.new_password.hash); + pwset.in.credential = &credential; + pwset.in.new_password = &new_password; + pwset.out.return_authenticator = &return_authenticator; + + E_md4hash(password, new_password.hash); creds_state = cli_credentials_get_netlogon_creds( s->wks_creds1); - creds_des_encrypt(creds_state, &pwset.in.new_password); - creds_client_authenticator(creds_state, &pwset.in.credential); + creds_des_encrypt(creds_state, &new_password); + creds_client_authenticator(creds_state, &credential); status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset); torture_assert_ntstatus_ok(torture, status, "ServerPasswordSet failed"); if (!creds_client_check(creds_state, - &pwset.out.return_authenticator.cred)) { + &pwset.out.return_authenticator->cred)) { printf("Credential chaining failed\n"); } -- cgit