From a56d9fe5da4c544e7f1d8e72934ac322105a3fbf Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 30 Jan 2015 09:42:15 +0000
Subject: [PATCH] s4:rpc_server/netlogon: extract and pass down the password
 version in dcesrv_netr_ServerPasswordSet2()

For domain trusts we need to extract NL_PASSWORD_VERSION from the password
buffer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index bb47de4c175..e9f07f84fc2 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -38,6 +38,7 @@
 #include "lib/tsocket/tsocket.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_samr.h"
 #include "librpc/gen_ndr/ndr_irpc.h"
 #include "lib/socket/netif.h"
 
@@ -577,11 +578,11 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	const char * const attrs[] = { "dBCSPwd", "unicodePwd", NULL };
 	struct ldb_message **res;
 	struct samr_Password *oldLmHash, *oldNtHash;
+	struct NL_PASSWORD_VERSION version = {};
 	const uint32_t *new_version = NULL;
 	NTSTATUS nt_status;
 	DATA_BLOB new_password;
 	int ret;
-
 	struct samr_CryptPassword password_buf;
 
 	nt_status = dcesrv_netr_creds_server_step_check(dce_call,
@@ -605,6 +606,29 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 		netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
 	}
 
+	switch (creds->secure_channel_type) {
+	case SEC_CHAN_DOMAIN:
+	case SEC_CHAN_DNS_DOMAIN: {
+		uint32_t len = IVAL(password_buf.data, 512);
+		if (len <= 500) {
+			uint32_t ofs = 500 - len;
+			uint8_t *p;
+
+			p = password_buf.data + ofs;
+
+			version.ReservedField = IVAL(p, 0);
+			version.PasswordVersionNumber = IVAL(p, 4);
+			version.PasswordVersionPresent = IVAL(p, 8);
+
+			if (version.PasswordVersionPresent == NETLOGON_PASSWORD_VERSION_NUMBER_PRESENT) {
+				new_version = &version.PasswordVersionNumber;
+			}
+		}}
+		break;
+	default:
+		break;
+	}
+
 	if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
-- 
2.11.4.GIT