[in] [string,charset(UTF16)] uint16 account_name[],
[in] netr_SchannelType secure_channel_type,
[in] [string,charset(UTF16)] uint16 computer_name[],
- [in] netr_Authenticator credential,
- [in] samr_Password new_password,
- [out] netr_Authenticator return_authenticator
+ [in,ref] netr_Authenticator *credential,
+ [out,ref] netr_Authenticator *return_authenticator,
+ [in,ref] samr_Password *new_password
);
nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
r->in.computer_name, mem_ctx,
- &r->in.credential, &r->out.return_authenticator,
+ r->in.credential, r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
- creds_des_decrypt(creds, &r->in.new_password);
+ creds_des_decrypt(creds, r->in.new_password);
/* Using the sid for the account as the key, set the password */
nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
creds->sid,
NULL, /* Don't have plaintext */
- NULL, &r->in.new_password,
+ NULL, r->in.new_password,
true, /* Password change */
NULL, NULL);
return nt_status;
struct netr_ServerPasswordSet r;
const char *password;
struct creds_CredentialState *creds;
+ struct netr_Authenticator credential, return_authenticator;
+ struct samr_Password new_password;
if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) {
return false;
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
+ r.in.credential = &credential;
+ r.in.new_password = &new_password;
+ r.out.return_authenticator = &return_authenticator;
password = generate_random_str(tctx, 8);
- E_md4hash(password, r.in.new_password.hash);
+ E_md4hash(password, new_password.hash);
- creds_des_encrypt(creds, &r.in.new_password);
+ creds_des_encrypt(creds, &new_password);
torture_comment(tctx, "Testing ServerPasswordSet on machine account\n");
torture_comment(tctx, "Changing machine account password to '%s'\n",
password);
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
torture_comment(tctx,
"Changing machine account password to '%s' (same as previous run)\n", password);
- creds_client_authenticator(creds, &r.in.credential);
+ creds_client_authenticator(creds, &credential);
status = dcerpc_netr_ServerPasswordSet(p, tctx, &r);
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet (2)");
- if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
+ if (!creds_client_check(creds, &r.out.return_authenticator->cred)) {
torture_comment(tctx, "Credential chaining failed\n");
}
struct netr_ServerPasswordSet s;
char *password = generate_random_str(wks_creds, 8);
struct creds_CredentialState *creds_state;
+ struct netr_Authenticator credential, return_authenticator;
+ struct samr_Password new_password;
s.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
s.in.account_name = talloc_asprintf(
mem_ctx, "%s$", s.in.computer_name);
s.in.secure_channel_type = SEC_CHAN_WKSTA;
- E_md4hash(password, s.in.new_password.hash);
+ s.in.credential = &credential;
+ s.in.new_password = &new_password;
+ s.out.return_authenticator = &return_authenticator;
+
+ E_md4hash(password, new_password.hash);
creds_state = cli_credentials_get_netlogon_creds(wks_creds);
- creds_des_encrypt(creds_state, &s.in.new_password);
- creds_client_authenticator(creds_state, &s.in.credential);
+ creds_des_encrypt(creds_state, &new_password);
+ creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s);
if (!NT_STATUS_IS_OK(status)) {
}
if (!creds_client_check(creds_state,
- &s.out.return_authenticator.cred)) {
+ &s.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
char *password = generate_random_str(s->join_ctx1, 8);
struct creds_CredentialState *creds_state;
struct dcerpc_pipe *net_pipe;
+ struct netr_Authenticator credential, return_authenticator;
+ struct samr_Password new_password;
status = dcerpc_pipe_connect_b(s, &net_pipe, s->b,
&ndr_table_netlogon,
pwset.in.account_name = talloc_asprintf(
net_pipe, "%s$", pwset.in.computer_name);
pwset.in.secure_channel_type = SEC_CHAN_WKSTA;
- E_md4hash(password, pwset.in.new_password.hash);
+ pwset.in.credential = &credential;
+ pwset.in.new_password = &new_password;
+ pwset.out.return_authenticator = &return_authenticator;
+
+ E_md4hash(password, new_password.hash);
creds_state = cli_credentials_get_netlogon_creds(
s->wks_creds1);
- creds_des_encrypt(creds_state, &pwset.in.new_password);
- creds_client_authenticator(creds_state, &pwset.in.credential);
+ creds_des_encrypt(creds_state, &new_password);
+ creds_client_authenticator(creds_state, &credential);
status = dcerpc_netr_ServerPasswordSet(net_pipe, torture, &pwset);
torture_assert_ntstatus_ok(torture, status,
"ServerPasswordSet failed");
if (!creds_client_check(creds_state,
- &pwset.out.return_authenticator.cred)) {
+ &pwset.out.return_authenticator->cred)) {
printf("Credential chaining failed\n");
}
git.samba.org / ddiss / samba.git / commitdiff