From f285af63676e4bafc9f136f8181c5856d2851d45 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 28 Oct 2008 19:03:50 +0100
Subject: s4-netlogon: merge netr_LogonSamLogon{Ex,WithFlags} from s3 idl.

Guenther
---
 source3/librpc/idl/netlogon.idl               |  2 +-
 source4/librpc/idl/netlogon.idl               | 22 ++++----
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 76 ++++++++++++++-------------
 source4/torture/rpc/netlogon.c                |  9 +++-
 source4/torture/rpc/remote_pac.c              | 34 +++++++++---
 source4/torture/rpc/samba3rpc.c               | 18 +++++--
 source4/torture/rpc/samlogon.c                | 72 ++++++++++++++++++-------
 source4/torture/rpc/samsync.c                 | 11 +++-
 source4/torture/rpc/schannel.c                | 21 ++++++--
 source4/winbind/wb_sam_logon.c                | 11 ++--
 10 files changed, 185 insertions(+), 91 deletions(-)

diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl
index d6c3bd4374..4980a3e151 100644
--- a/source3/librpc/idl/netlogon.idl
+++ b/source3/librpc/idl/netlogon.idl
@@ -1460,7 +1460,7 @@ interface netlogon
 		[in,unique] netr_Authenticator *credential,
 		[in,out,unique] netr_Authenticator *return_authenticator,
 		[in]  netr_LogonInfoClass logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
+		[in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
 		[in]  uint16 validation_level,
 		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
 		[out,ref] uint8 *authoritative,
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 3418f08b00..a11bca7028 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -289,10 +289,10 @@ interface netlogon
 		[in,unique] netr_Authenticator                     *credential,
 		[in,out,unique] netr_Authenticator                 *return_authenticator,
 		[in]  netr_LogonInfoClass                           logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel      logon,
+		[in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
 		[in]  uint16                                        validation_level,
-		[out] [switch_is(validation_level)] netr_Validation validation,
-		[out] uint8                                         authoritative
+		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
+		[out,ref] uint8                                    *authoritative
 		);
 
 
@@ -1384,11 +1384,11 @@ interface netlogon
 		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
 		[in]  netr_LogonInfoClass logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
+		[in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
 		[in]  uint16 validation_level,
-		[out] [switch_is(validation_level)] netr_Validation validation,
-		[out] uint8 authoritative,
-		[in,out] uint32 flags
+		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
+		[out,ref] uint8 *authoritative,
+		[in,out,ref] uint32 *flags
 		);
 
 	/****************/
@@ -1457,11 +1457,11 @@ interface netlogon
 		[in,unique] netr_Authenticator *credential,
 		[in,out,unique] netr_Authenticator *return_authenticator,
 		[in]  netr_LogonInfoClass logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
+		[in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
 		[in]  uint16 validation_level,
-		[out] [switch_is(validation_level)] netr_Validation validation,
-		[out] uint8 authoritative,
-		[in,out] uint32 flags
+		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
+		[out,ref] uint8 *authoritative,
+		[in,out,ref] uint32 *flags
 		);
 
 	/****************/
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 04c16ab484..0152604d43 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -474,14 +474,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 	case NetlogonServiceTransitiveInformation:
 		if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
 			creds_arcfour_crypt(creds, 
-					    r->in.logon.password->lmpassword.hash, 
-					    sizeof(r->in.logon.password->lmpassword.hash));
+					    r->in.logon->password->lmpassword.hash,
+					    sizeof(r->in.logon->password->lmpassword.hash));
 			creds_arcfour_crypt(creds, 
-					    r->in.logon.password->ntpassword.hash, 
-					    sizeof(r->in.logon.password->ntpassword.hash));
+					    r->in.logon->password->ntpassword.hash,
+					    sizeof(r->in.logon->password->ntpassword.hash));
 		} else {
-			creds_des_decrypt(creds, &r->in.logon.password->lmpassword);
-			creds_des_decrypt(creds, &r->in.logon.password->ntpassword);
+			creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
+			creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
 		}
 
 		/* TODO: we need to deny anonymous access here */
@@ -491,21 +491,21 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 						&auth_context);
 		NT_STATUS_NOT_OK_RETURN(nt_status);
 
-		user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control;
-		user_info->client.account_name = r->in.logon.password->identity_info.account_name.string;
-		user_info->client.domain_name = r->in.logon.password->identity_info.domain_name.string;
-		user_info->workstation_name = r->in.logon.password->identity_info.workstation.string;
+		user_info->logon_parameters = r->in.logon->password->identity_info.parameter_control;
+		user_info->client.account_name = r->in.logon->password->identity_info.account_name.string;
+		user_info->client.domain_name = r->in.logon->password->identity_info.domain_name.string;
+		user_info->workstation_name = r->in.logon->password->identity_info.workstation.string;
 		
 		user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
 		user_info->password_state = AUTH_PASSWORD_HASH;
 
 		user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
 		NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman);
-		*user_info->password.hash.lanman = r->in.logon.password->lmpassword;
+		*user_info->password.hash.lanman = r->in.logon->password->lmpassword;
 
 		user_info->password.hash.nt = talloc(user_info, struct samr_Password);
 		NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt);
-		*user_info->password.hash.nt = r->in.logon.password->ntpassword;
+		*user_info->password.hash.nt = r->in.logon->password->ntpassword;
 
 		break;
 	case NetlogonNetworkInformation:
@@ -518,17 +518,17 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 						&auth_context);
 		NT_STATUS_NOT_OK_RETURN(nt_status);
 
-		nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");
+		nt_status = auth_context_set_challenge(auth_context, r->in.logon->network->challenge, "netr_LogonSamLogonWithFlags");
 		NT_STATUS_NOT_OK_RETURN(nt_status);
 
-		user_info->logon_parameters = r->in.logon.network->identity_info.parameter_control;
-		user_info->client.account_name = r->in.logon.network->identity_info.account_name.string;
-		user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string;
-		user_info->workstation_name = r->in.logon.network->identity_info.workstation.string;
+		user_info->logon_parameters = r->in.logon->network->identity_info.parameter_control;
+		user_info->client.account_name = r->in.logon->network->identity_info.account_name.string;
+		user_info->client.domain_name = r->in.logon->network->identity_info.domain_name.string;
+		user_info->workstation_name = r->in.logon->network->identity_info.workstation.string;
 		
 		user_info->password_state = AUTH_PASSWORD_RESPONSE;
-		user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon.network->lm.data, r->in.logon.network->lm.length);
-		user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon.network->nt.data, r->in.logon.network->nt.length);
+		user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length);
+		user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length);
 	
 		break;
 
@@ -537,24 +537,24 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 	{
 		if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
 			creds_arcfour_crypt(creds, 
-					    r->in.logon.generic->data, r->in.logon.generic->length);
+					    r->in.logon->generic->data, r->in.logon->generic->length);
 		} else {
 			/* Using DES to verify kerberos tickets makes no sense */
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 
-		if (strcmp(r->in.logon.generic->package_name.string, "Kerberos") == 0) {
+		if (strcmp(r->in.logon->generic->package_name.string, "Kerberos") == 0) {
 			NTSTATUS status;
 			struct server_id *kdc;
 			struct kdc_check_generic_kerberos check;
 			struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
 			NT_STATUS_HAVE_NO_MEMORY(generic);
-			r->out.authoritative = 1;
+			*r->out.authoritative = 1;
 			
 			/* TODO: Describe and deal with these flags */
-			r->out.flags = 0;
+			*r->out.flags = 0;
 
-			r->out.validation.generic = generic;
+			r->out.validation->generic = generic;
 	
 			kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server");
 			if ((kdc == NULL) || (kdc[0].id == 0)) {
@@ -562,8 +562,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 			}
 			
 			check.in.generic_request = 
-				data_blob_const(r->in.logon.generic->data,
-						r->in.logon.generic->length);	
+				data_blob_const(r->in.logon->generic->data,
+						r->in.logon->generic->length);
 			
 			status = irpc_call(dce_call->msg_ctx, kdc[0],
 					   &ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS,
@@ -620,14 +620,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
 		NT_STATUS_HAVE_NO_MEMORY(sam2);
 		sam2->base = *sam;
-		r->out.validation.sam2 = sam2;
+		r->out.validation->sam2 = sam2;
 		break;
 
 	case 3:
 		sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
 		NT_STATUS_HAVE_NO_MEMORY(sam3);
 		sam3->base = *sam;
-		r->out.validation.sam3 = sam3;
+		r->out.validation->sam3 = sam3;
 		break;
 
 	case 6:
@@ -638,17 +638,17 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
 		sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", 
 							 sam->account_name.string, sam6->forest.string);
 		NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
-		r->out.validation.sam6 = sam6;
+		r->out.validation->sam6 = sam6;
 		break;
 
 	default:
 		break;
 	}
 
-	r->out.authoritative = 1;
+	*r->out.authoritative = 1;
 
 	/* TODO: Describe and deal with these flags */
-	r->out.flags = 0;
+	*r->out.flags = 0;
 
 	return NT_STATUS_OK;
 }
@@ -700,13 +700,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
 	r2.in.logon		= r->in.logon;
 	r2.in.validation_level	= r->in.validation_level;
 	r2.in.flags		= r->in.flags;
+	r2.out.validation	= r->out.validation;
+	r2.out.authoritative	= r->out.authoritative;
+	r2.out.flags		= r->out.flags;
 
 	nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
 
 	r->out.return_authenticator	= return_authenticator;
-	r->out.validation		= r2.out.validation;
-	r->out.authoritative		= r2.out.authoritative;
-	r->out.flags			= r2.out.flags;
 
 	return nt_status;
 }
@@ -718,6 +718,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TA
 				   struct netr_LogonSamLogon *r)
 {
 	struct netr_LogonSamLogonWithFlags r2;
+	uint32_t flags = 0;
 	NTSTATUS status;
 
 	ZERO_STRUCT(r2);
@@ -729,13 +730,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TA
 	r2.in.logon_level = r->in.logon_level;
 	r2.in.logon = r->in.logon;
 	r2.in.validation_level = r->in.validation_level;
-	r2.in.flags = 0;
+	r2.in.flags = &flags;
+	r2.out.validation = r->out.validation;
+	r2.out.authoritative = r->out.authoritative;
+	r2.out.flags = &flags;
 
 	status = dcesrv_netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
 
 	r->out.return_authenticator = r2.out.return_authenticator;
-	r->out.validation = r2.out.validation;
-	r->out.authoritative = r2.out.authoritative;
 
 	return status;
 }
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 2e9800fede..38fe8b58f5 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -575,6 +575,9 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	NTSTATUS status;
 	struct netr_LogonSamLogon r;
 	struct netr_Authenticator auth, auth2;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
 	struct netr_NetworkInfo ninfo;
 	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
 	int i;
@@ -618,12 +621,16 @@ bool test_netlogon_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	ninfo.identity_info.logon_id_high = 0;
 	ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
 
+	logon.network = &ninfo;
+
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
 	r.in.logon_level = 2;
-	r.in.logon.network = &ninfo;
+	r.in.logon = &logon;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
 
 	d_printf("Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
 	
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c
index a4111d1c3e..1f03ad6396 100644
--- a/source4/torture/rpc/remote_pac.c
+++ b/source4/torture/rpc/remote_pac.c
@@ -47,7 +47,12 @@ static bool test_PACVerify(struct torture_context *tctx,
 	NTSTATUS status;
 
 	struct netr_LogonSamLogon r;
-	
+
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
+	struct netr_Authenticator return_authenticator;
+
 	struct netr_GenericInfo generic;
 	struct netr_Authenticator auth, auth2;
 	
@@ -166,15 +171,20 @@ static bool test_PACVerify(struct torture_context *tctx,
 
 	generic.package_name.string = "Kerberos";
 
+	logon.generic = &generic;
+
 	ZERO_STRUCT(auth2);
 	creds_client_authenticator(creds, &auth);
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
+	r.in.logon = &logon;
 	r.in.logon_level = NetlogonGenericInformation;
-	r.in.logon.generic = &generic;
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.validation_level = NetlogonValidationGenericInfo2;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.return_authenticator = &return_authenticator;
 
 	status = dcerpc_netr_LogonSamLogon(p, tctx, &r);
 
@@ -183,12 +193,14 @@ static bool test_PACVerify(struct torture_context *tctx,
 	/* This will break the signature nicely (even in the crypto wrapping), check we get a logon failure */
 	generic.data[generic.length-1]++;
 
+	logon.generic = &generic;
+
 	ZERO_STRUCT(auth2);
 	creds_client_authenticator(creds, &auth);
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
 	r.in.logon_level = NetlogonGenericInformation;
-	r.in.logon.generic = &generic;
+	r.in.logon = &logon;
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.validation_level = NetlogonValidationGenericInfo2;
@@ -203,12 +215,14 @@ static bool test_PACVerify(struct torture_context *tctx,
 	/* This will break the parsing nicely (even in the crypto wrapping), check we get INVALID_PARAMETER */
 	generic.length--;
 
+	logon.generic = &generic;
+
 	ZERO_STRUCT(auth2);
 	creds_client_authenticator(creds, &auth);
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
 	r.in.logon_level = NetlogonGenericInformation;
-	r.in.logon.generic = &generic;
+	r.in.logon = &logon;
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.validation_level = NetlogonValidationGenericInfo2;
@@ -247,13 +261,15 @@ static bool test_PACVerify(struct torture_context *tctx,
 	
 	generic.length = pac_wrapped.length;
 	generic.data = pac_wrapped.data;
-	
+
+	logon.generic = &generic;
+
 	ZERO_STRUCT(auth2);
 	creds_client_authenticator(creds, &auth);
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
 	r.in.logon_level = NetlogonGenericInformation;
-	r.in.logon.generic = &generic;
+	r.in.logon = &logon;
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.validation_level = NetlogonValidationGenericInfo2;
@@ -292,13 +308,15 @@ static bool test_PACVerify(struct torture_context *tctx,
 	
 	generic.length = pac_wrapped.length;
 	generic.data = pac_wrapped.data;
-	
+
+	logon.generic = &generic;
+
 	ZERO_STRUCT(auth2);
 	creds_client_authenticator(creds, &auth);
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
 	r.in.logon_level = NetlogonGenericInformation;
-	r.in.logon.generic = &generic;
+	r.in.logon = &logon;
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.validation_level = NetlogonValidationGenericInfo2;
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index a45397de46..5f8225cb33 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -1033,6 +1033,10 @@ static bool schan(struct smbcli_state *cli,
 		struct netr_NetworkInfo ninfo;
 		struct netr_PasswordInfo pinfo;
 		struct netr_LogonSamLogon r;
+		union netr_LogonLevel logon;
+		union netr_Validation validation;
+		uint8_t authoritative;
+		struct netr_Authenticator return_authenticator;
 
 		flags = CLI_CRED_LANMAN_AUTH | CLI_CRED_NTLM_AUTH |
 			CLI_CRED_NTLMv2_AUTH;
@@ -1075,6 +1079,8 @@ static bool schan(struct smbcli_state *cli,
 		ninfo.lm.length = lm_resp.length;
 		ninfo.lm.data = lm_resp.data;
 
+		logon.network = &ninfo;
+
 		r.in.server_name = talloc_asprintf(
 			mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
 		ZERO_STRUCT(netr_auth2);
@@ -1084,8 +1090,10 @@ static bool schan(struct smbcli_state *cli,
 		r.in.return_authenticator = &netr_auth2;
 		r.in.logon_level = 2;
 		r.in.validation_level = i;
-		r.in.logon.network = &ninfo;
-		r.out.return_authenticator = NULL;
+		r.in.logon = &logon;
+		r.out.validation = &validation;
+		r.out.authoritative = &authoritative;
+		r.out.return_authenticator = &return_authenticator;
 
 		status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -1113,9 +1121,11 @@ static bool schan(struct smbcli_state *cli,
 				   sizeof(pinfo.ntpassword.hash),
 				   &session_key);
 
+		logon.password = &pinfo;
+
 		r.in.logon_level = 1;
-		r.in.logon.password = &pinfo;
-		r.out.return_authenticator = NULL;
+		r.in.logon = &logon;
+		r.out.return_authenticator = &return_authenticator;
 
 		status = dcerpc_netr_LogonSamLogon(net_pipe, mem_ctx, &r);
 		if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index fc47a86730..9a707605e6 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -92,9 +92,9 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 	struct netr_SamBaseInfo *base = NULL;
 	uint16_t validation_level = 0;
 	
-	samlogon_state->r.in.logon.network = &ninfo;
-	samlogon_state->r_ex.in.logon.network = &ninfo;
-	samlogon_state->r_flags.in.logon.network = &ninfo;
+	samlogon_state->r.in.logon->network = &ninfo;
+	samlogon_state->r_ex.in.logon->network = &ninfo;
+	samlogon_state->r_flags.in.logon->network = &ninfo;
 	
 	ninfo.identity_info.domain_name.string = samlogon_state->account_domain;
 	ninfo.identity_info.parameter_control = parameter_control;
@@ -170,17 +170,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
 		validation_level = r->in.validation_level;
 
-		creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r->out.validation);
+		creds_decrypt_samlogon(samlogon_state->creds, validation_level, r->out.validation);
 
 		switch (validation_level) {
 		case 2:
-			base = &r->out.validation.sam2->base;
+			base = &r->out.validation->sam2->base;
 			break;
 		case 3:
-			base = &r->out.validation.sam3->base;
+			base = &r->out.validation->sam3->base;
 			break;
 		case 6:
-			base = &r->out.validation.sam6->base;
+			base = &r->out.validation->sam6->base;
 			break;
 		}
 		break;
@@ -195,17 +195,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 
 		validation_level = r_ex->in.validation_level;
 
-		creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_ex->out.validation);
+		creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_ex->out.validation);
 
 		switch (validation_level) {
 		case 2:
-			base = &r_ex->out.validation.sam2->base;
+			base = &r_ex->out.validation->sam2->base;
 			break;
 		case 3:
-			base = &r_ex->out.validation.sam3->base;
+			base = &r_ex->out.validation->sam3->base;
 			break;
 		case 6:
-			base = &r_ex->out.validation.sam6->base;
+			base = &r_ex->out.validation->sam6->base;
 			break;
 		}
 		break;
@@ -228,17 +228,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
 		
 		validation_level = r_flags->in.validation_level;
 
-		creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_flags->out.validation);
+		creds_decrypt_samlogon(samlogon_state->creds, validation_level, r_flags->out.validation);
 
 		switch (validation_level) {
 		case 2:
-			base = &r_flags->out.validation.sam2->base;
+			base = &r_flags->out.validation->sam2->base;
 			break;
 		case 3:
-			base = &r_flags->out.validation.sam3->base;
+			base = &r_flags->out.validation->sam3->base;
 			break;
 		case 6:
-			base = &r_flags->out.validation.sam6->base;
+			base = &r_flags->out.validation->sam6->base;
 			break;
 		}
 		break;
@@ -1331,7 +1331,14 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		NDR_NETR_LOGONSAMLOGONEX,
 		NDR_NETR_LOGONSAMLOGONWITHFLAGS };
 	struct samlogon_state samlogon_state;
-	
+
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 0;
+	uint32_t flags = 0;
+
+	ZERO_STRUCT(logon);
+
 	d_printf("testing netr_LogonSamLogon and netr_LogonSamLogonWithFlags\n");
 	
 	samlogon_state.comment = comment;
@@ -1353,16 +1360,28 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	samlogon_state.r_flags.in.computer_name = TEST_MACHINE_NAME;
 	samlogon_state.r_flags.in.credential = &samlogon_state.auth;
 	samlogon_state.r_flags.in.return_authenticator = &samlogon_state.auth2;
-	samlogon_state.r_flags.in.flags = 0;
+	samlogon_state.r_flags.in.flags = &flags;
+	samlogon_state.r_flags.in.logon = &logon;
+	samlogon_state.r_flags.out.validation = &validation;
+	samlogon_state.r_flags.out.authoritative = &authoritative;
+	samlogon_state.r_flags.out.flags = &flags;
 
 	samlogon_state.r_ex.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
 	samlogon_state.r_ex.in.computer_name = TEST_MACHINE_NAME;
-	samlogon_state.r_ex.in.flags = 0;
+	samlogon_state.r_ex.in.flags = &flags;
+	samlogon_state.r_ex.in.logon = &logon;
+	samlogon_state.r_ex.out.validation = &validation;
+	samlogon_state.r_ex.out.authoritative = &authoritative;
+	samlogon_state.r_ex.out.flags = &flags;
 
 	samlogon_state.r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
 	samlogon_state.r.in.computer_name = TEST_MACHINE_NAME;
 	samlogon_state.r.in.credential = &samlogon_state.auth;
 	samlogon_state.r.in.return_authenticator = &samlogon_state.auth2;
+	samlogon_state.r.in.logon = &logon;
+	samlogon_state.r.out.validation = &validation;
+	samlogon_state.r.out.authoritative = &authoritative;
+
 
 	for (f=0;f<ARRAY_SIZE(function_levels);f++) {
 		for (i=0; test_table[i].fn; i++) {
@@ -1422,21 +1441,34 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	struct netr_LogonSamLogonWithFlags r;
 	struct netr_Authenticator a, ra;
 	struct netr_PasswordInfo pinfo;
+	uint32_t flags = 0;
+
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 0;
 
 	ZERO_STRUCT(a);
 	ZERO_STRUCT(r);
 	ZERO_STRUCT(ra);
 
+	ZERO_STRUCT(logon);
+	ZERO_STRUCT(validation);
+
 	creds_client_authenticator(creds, &a);
 
+	logon.password = &pinfo;
+
 	r.in.server_name = talloc_asprintf(fn_ctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = TEST_MACHINE_NAME;
 	r.in.credential = &a;
 	r.in.return_authenticator = &ra;
 	r.in.logon_level = 5;
-	r.in.logon.password = &pinfo;
+	r.in.logon = &logon;
 	r.in.validation_level = 6;
-	r.in.flags = 0;
+	r.in.flags = &flags;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.flags = &flags;
 
 	pinfo.identity_info.domain_name.string = account_domain;
 	pinfo.identity_info.parameter_control = parameter_control;
diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c
index 88101912e6..e1129435a0 100644
--- a/source4/torture/rpc/samsync.c
+++ b/source4/torture/rpc/samsync.c
@@ -58,6 +58,9 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	struct netr_LogonSamLogon r;
 	struct netr_Authenticator auth, auth2;
 	struct netr_NetworkInfo ninfo;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
 
 	ninfo.identity_info.domain_name.string = domain;
 	ninfo.identity_info.parameter_control = 0;
@@ -85,12 +88,16 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		ninfo.lm.data = NULL;
 	}
 
+	logon.network = &ninfo;
+
 	r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = workstation;
 	r.in.credential = &auth;
 	r.in.return_authenticator = &auth2;
 	r.in.logon_level = 2;
-	r.in.logon.network = &ninfo;
+	r.in.logon = &logon;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
 
 	ZERO_STRUCT(auth2);
 	creds_client_authenticator(creds, &auth);
@@ -104,7 +111,7 @@ static NTSTATUS test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	}
 
 	if (info3) {
-		*info3 = r.out.validation.sam3;
+		*info3 = validation.sam3;
 	}
 
 	return status;
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index a8aa046280..81c3ecf878 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -48,6 +48,10 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	NTSTATUS status;
 	struct netr_LogonSamLogonEx r;
 	struct netr_NetworkInfo ninfo;
+	union netr_LogonLevel logon;
+	union netr_Validation validation;
+	uint8_t authoritative = 0;
+	uint32_t _flags = 0;
 	DATA_BLOB names_blob, chal, lm_resp, nt_resp;
 	int i;
 	int flags = CLI_CRED_NTLM_AUTH;
@@ -91,11 +95,16 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	ninfo.identity_info.logon_id_high = 0;
 	ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
 
+	logon.network = &ninfo;
+
 	r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
 	r.in.computer_name = cli_credentials_get_workstation(credentials);
 	r.in.logon_level = 2;
-	r.in.logon.network = &ninfo;
-	r.in.flags = 0;
+	r.in.logon= &logon;
+	r.in.flags = &_flags;
+	r.out.validation = &validation;
+	r.out.authoritative = &authoritative;
+	r.out.flags = &_flags;
 
 	torture_comment(tctx, 
 			"Testing LogonSamLogonEx with name %s\n", 
@@ -603,9 +612,13 @@ static bool torture_schannel_bench_start(struct torture_schannel_bench_conn *con
 	conn->r.in.server_name = talloc_asprintf(conn->tmp, "\\\\%s", dcerpc_server_name(conn->pipe));
 	conn->r.in.computer_name = cli_credentials_get_workstation(conn->wks_creds);
 	conn->r.in.logon_level = 2;
-	conn->r.in.logon.network = &conn->ninfo;
-	conn->r.in.flags = 0;
+	conn->r.in.logon = talloc(conn->tmp, union netr_LogonLevel);
+	conn->r.in.logon->network = &conn->ninfo;
+	conn->r.in.flags = talloc(conn->tmp, uint32_t);
 	conn->r.in.validation_level = 2;
+	conn->r.out.validation = talloc(conn->tmp, union netr_Validation);
+	conn->r.out.authoritative = talloc(conn->tmp, uint8_t);
+	conn->r.out.flags = conn->r.in.flags;
 
 	req = dcerpc_netr_LogonSamLogonEx_send(conn->pipe, conn->tmp, &conn->r);
 	torture_assert(s->tctx, req, "Failed to setup LogonSamLogonEx request");
diff --git a/source4/winbind/wb_sam_logon.c b/source4/winbind/wb_sam_logon.c
index c9203c8bec..5ceb6e4af0 100644
--- a/source4/winbind/wb_sam_logon.c
+++ b/source4/winbind/wb_sam_logon.c
@@ -96,9 +96,14 @@ static void wb_sam_logon_recv_domain(struct composite_context *creq)
 	s->r.in.credential = &s->auth1;
 	s->r.in.return_authenticator = &s->auth2;
 	s->r.in.logon_level = s->req->in.logon_level;
-	s->r.in.logon = s->req->in.logon;
+	s->r.in.logon = &s->req->in.logon;
 	s->r.in.validation_level = s->req->in.validation_level;
 	s->r.out.return_authenticator = NULL;
+	s->r.out.validation = talloc(s, union netr_Validation);
+	if (composite_nomem(s->r.out.validation, s->ctx)) return;
+	s->r.out.authoritative = talloc(s, uint8_t);
+	if (composite_nomem(s->r.out.authoritative, s->ctx)) return;
+
 
 	/*
 	 * use a new talloc context for the LogonSamLogon call
@@ -142,7 +147,7 @@ static void wb_sam_logon_recv_samlogon(struct rpc_request *req)
 	 * They won't have the encryption key anyway */
 	creds_decrypt_samlogon(s->creds_state,
 			       s->r.in.validation_level,
-			       &s->r.out.validation);
+			       s->r.out.validation);
 
 	composite_done(s->ctx);
 }
@@ -157,7 +162,7 @@ NTSTATUS wb_sam_logon_recv(struct composite_context *c,
 
 	if (NT_STATUS_IS_OK(status)) {
 		talloc_steal(mem_ctx, s->r_mem_ctx);
-		req->out.validation	= s->r.out.validation;
+		req->out.validation	= *s->r.out.validation;
 		req->out.authoritative	= 1;
 	}
 
-- 
cgit