From e0a6e3b23be2be33a18938e4a3fe58157711e805 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 4 Nov 2008 19:40:24 +0100
Subject: s4-samr: merge samr_ChangePasswordUser3 from s3 idl.

Guenther
---
 source4/libnet/libnet_passwd.c          |  4 ++
 source4/rpc_server/samr/samr_password.c | 11 ++++--
 source4/torture/rpc/samr.c              | 70 ++++++++++++++++++++-------------
 3 files changed, 54 insertions(+), 31 deletions(-)

(limited to 'source4')

diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
index de2ed01abd..cbb3bfadff 100644
--- a/source4/libnet/libnet_passwd.c
+++ b/source4/libnet/libnet_passwd.c
@@ -50,6 +50,8 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
 	struct samr_Password nt_verifier, lm_verifier;
 	uint8_t old_nt_hash[16], new_nt_hash[16];
 	uint8_t old_lm_hash[16], new_lm_hash[16];
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct samr_ChangeReject *reject = NULL;
 
 	/* prepare connect to the SAMR pipe of the users domain PDC */
 	c.level                    = LIBNET_RPC_CONNECT_PDC;
@@ -92,6 +94,8 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT
 	pw3.in.lm_password = &lm_pass;
 	pw3.in.lm_verifier = &lm_verifier;
 	pw3.in.password3 = NULL;
+	pw3.out.dominfo = &dominfo;
+	pw3.out.reject = &reject;
 
 	/* 2. try samr_ChangePasswordUser3 */
 	status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3);
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 1eb6a4f37c..ff8215a673 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -352,7 +352,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	uint8_t new_nt_hash[16], new_lm_hash[16];
 	struct samr_Password nt_verifier, lm_verifier;
 
-	ZERO_STRUCT(r->out);
+	*r->out.dominfo = NULL;
+	*r->out.reject = NULL;
 
 	if (r->in.nt_password == NULL ||
 	    r->in.nt_verifier == NULL) {
@@ -495,8 +496,8 @@ failed:
 	talloc_free(sam_ctx);
 
 	reject = talloc(mem_ctx, struct samr_ChangeReject);
-	r->out.dominfo = dominfo;
-	r->out.reject = reject;
+	*r->out.dominfo = dominfo;
+	*r->out.reject = reject;
 
 	if (reject == NULL) {
 		return status;
@@ -518,6 +519,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TAL
 				  struct samr_ChangePasswordUser2 *r)
 {
 	struct samr_ChangePasswordUser3 r2;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct samr_ChangeReject *reject = NULL;
 
 	r2.in.server = r->in.server;
 	r2.in.account = r->in.account;
@@ -527,6 +530,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TAL
 	r2.in.lm_password = r->in.lm_password;
 	r2.in.lm_verifier = r->in.lm_verifier;
 	r2.in.password3 = NULL;
+	r2.out.dominfo = &dominfo;
+	r2.out.reject = &reject;
 
 	return dcesrv_samr_ChangePasswordUser3(dce_call, mem_ctx, &r2);
 }
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 32df0c3ebc..99164a23a3 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -1633,6 +1633,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
 	uint8_t old_nt_hash[16], new_nt_hash[16];
 	uint8_t old_lm_hash[16], new_lm_hash[16];
 	NTTIME t;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct samr_ChangeReject *reject = NULL;
 
 	torture_comment(tctx, "Testing ChangePasswordUser3\n");
 
@@ -1680,6 +1682,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
 	r.in.lm_password = &lm_pass;
 	r.in.lm_verifier = &lm_verifier;
 	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
 
 	status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
@@ -1709,6 +1713,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
 	r.in.lm_password = &lm_pass;
 	r.in.lm_verifier = &lm_verifier;
 	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
 
 	status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) &&
@@ -1751,21 +1757,23 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
 	r.in.lm_password = &lm_pass;
 	r.in.lm_verifier = &lm_verifier;
 	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
 
 	unix_to_nt_time(&t, time(NULL));
 
 	status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)
-	    && r.out.dominfo
-	    && r.out.reject
+	    && dominfo
+	    && reject
 	    && handle_reject_reason
-	    && (!null_nttime(last_password_change) || !r.out.dominfo->min_password_age)) {
-		if (r.out.dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
+	    && (!null_nttime(last_password_change) || !dominfo->min_password_age)) {
+		if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) {
 
-			if (r.out.reject && (r.out.reject->reason != SAMR_REJECT_OTHER)) {
+			if (reject && (reject->reason != SAMR_REJECT_OTHER)) {
 				printf("expected SAMR_REJECT_OTHER (%d), got %d\n", 
-					SAMR_REJECT_OTHER, r.out.reject->reason);
+					SAMR_REJECT_OTHER, reject->reason);
 				return false;
 			}
 		}
@@ -1779,54 +1787,54 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct
 
 		Guenther */
 
-		if ((r.out.dominfo->min_password_age > 0) && !null_nttime(last_password_change) && 
-			   (last_password_change + r.out.dominfo->min_password_age > t)) {
+		if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) &&
+			   (last_password_change + dominfo->min_password_age > t)) {
 
-			if (r.out.reject->reason != SAMR_REJECT_OTHER) {
+			if (reject->reason != SAMR_REJECT_OTHER) {
 				printf("expected SAMR_REJECT_OTHER (%d), got %d\n", 
-					SAMR_REJECT_OTHER, r.out.reject->reason);
+					SAMR_REJECT_OTHER, reject->reason);
 				return false;
 			}
 
-		} else if ((r.out.dominfo->min_password_length > 0) && 
-			   (strlen(newpass) < r.out.dominfo->min_password_length)) {
+		} else if ((dominfo->min_password_length > 0) &&
+			   (strlen(newpass) < dominfo->min_password_length)) {
 
-			if (r.out.reject->reason != SAMR_REJECT_TOO_SHORT) {
+			if (reject->reason != SAMR_REJECT_TOO_SHORT) {
 				printf("expected SAMR_REJECT_TOO_SHORT (%d), got %d\n", 
-					SAMR_REJECT_TOO_SHORT, r.out.reject->reason);
+					SAMR_REJECT_TOO_SHORT, reject->reason);
 				return false;
 			}
 
-		} else if ((r.out.dominfo->password_history_length > 0) && 
+		} else if ((dominfo->password_history_length > 0) &&
 			    strequal(oldpass, newpass)) {
 
-			if (r.out.reject->reason != SAMR_REJECT_IN_HISTORY) {
+			if (reject->reason != SAMR_REJECT_IN_HISTORY) {
 				printf("expected SAMR_REJECT_IN_HISTORY (%d), got %d\n", 
-					SAMR_REJECT_IN_HISTORY, r.out.reject->reason);
+					SAMR_REJECT_IN_HISTORY, reject->reason);
 				return false;
 			}
-		} else if (r.out.dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
+		} else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) {
 
-			if (r.out.reject->reason != SAMR_REJECT_COMPLEXITY) {
+			if (reject->reason != SAMR_REJECT_COMPLEXITY) {
 				printf("expected SAMR_REJECT_COMPLEXITY (%d), got %d\n", 
-					SAMR_REJECT_COMPLEXITY, r.out.reject->reason);
+					SAMR_REJECT_COMPLEXITY, reject->reason);
 				return false;
 			}
 
 		}
 
-		if (r.out.reject->reason == SAMR_REJECT_TOO_SHORT) {
+		if (reject->reason == SAMR_REJECT_TOO_SHORT) {
 			/* retry with adjusted size */
 			return test_ChangePasswordUser3(p, tctx, account_string, 
-							r.out.dominfo->min_password_length, 
+							dominfo->min_password_length,
 							password, NULL, 0, false); 
 
 		}
 
 	} else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-		if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
+		if (reject && reject->reason != SAMR_REJECT_OTHER) {
 			printf("expected SAMR_REJECT_OTHER (%d), got %d\n", 
-			       SAMR_REJECT_OTHER, r.out.reject->reason);
+			       SAMR_REJECT_OTHER, reject->reason);
 			return false;
 		}
 		/* Perhaps the server has a 'min password age' set? */
@@ -1862,6 +1870,8 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
 	char *oldpass;
 	uint8_t old_nt_hash[16], new_nt_hash[16];
 	NTTIME t;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct samr_ChangeReject *reject = NULL;
 
 	new_random_pass = samr_very_rand_pass(tctx, 128);
 
@@ -1928,15 +1938,17 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
 	r.in.lm_password = NULL;
 	r.in.lm_verifier = NULL;
 	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
 
 	unix_to_nt_time(&t, time(NULL));
 
 	status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-		if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
+		if (reject && reject->reason != SAMR_REJECT_OTHER) {
 			printf("expected SAMR_REJECT_OTHER (%d), got %d\n", 
-			       SAMR_REJECT_OTHER, r.out.reject->reason);
+			       SAMR_REJECT_OTHER, reject->reason);
 			return false;
 		}
 		/* Perhaps the server has a 'min password age' set? */
@@ -1964,15 +1976,17 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex
 	r.in.lm_password = NULL;
 	r.in.lm_verifier = NULL;
 	r.in.password3 = NULL;
+	r.out.dominfo = &dominfo;
+	r.out.reject = &reject;
 
 	unix_to_nt_time(&t, time(NULL));
 
 	status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r);
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) {
-		if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) {
+		if (reject && reject->reason != SAMR_REJECT_OTHER) {
 			printf("expected SAMR_REJECT_OTHER (%d), got %d\n", 
-			       SAMR_REJECT_OTHER, r.out.reject->reason);
+			       SAMR_REJECT_OTHER, reject->reason);
 			return false;
 		}
 		/* Perhaps the server has a 'min password age' set? */
-- 
cgit