From 2b8afd2257d8c9886f785929ca8dfcd04eb45755 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 27 Aug 2009 23:30:50 +0200
Subject: [PATCH] s3-netlogon: implement _netr_ServerPasswordSet2.

Guenther
---
 source3/rpc_server/srv_netlog_nt.c | 66 +++++++++++++++++++++++++++++++-------
 1 file changed, 55 insertions(+), 11 deletions(-)

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index ce0a3fa255c..0b476e1cae7 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -491,7 +491,8 @@ NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
 		   NETLOGON_NEG_FULL_SYNC_REPL |
 		   NETLOGON_NEG_MULTIPLE_SIDS |
 		   NETLOGON_NEG_REDO |
-		   NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
+		   NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+		   NETLOGON_NEG_PASSWORD_SET2;
 
 	/* Ensure we support strong (128-bit) keys. */
 	if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
@@ -824,6 +825,59 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
 	return status;
 }
 
+/****************************************************************
+ _netr_ServerPasswordSet2
+****************************************************************/
+
+NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
+				  struct netr_ServerPasswordSet2 *r)
+{
+	NTSTATUS status;
+	struct netlogon_creds_CredentialState *creds;
+	struct samu *sampass;
+	DATA_BLOB plaintext;
+	struct samr_CryptPassword password_buf;
+
+	become_root();
+	status = netr_creds_server_step_check(p, p->mem_ctx,
+					      r->in.computer_name,
+					      r->in.credential,
+					      r->out.return_authenticator,
+					      &creds);
+	unbecome_root();
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
+			"failed. Rejecting auth request from client %s machine account %s\n",
+			r->in.computer_name, creds->computer_name));
+		TALLOC_FREE(creds);
+		return status;
+	}
+
+	memcpy(password_buf.data, r->in.new_password->data, 512);
+	SIVAL(password_buf.data, 512, r->in.new_password->length);
+	netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+	if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	status = netr_find_machine_account(p->mem_ctx,
+					   creds->account_name,
+					   &sampass);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = netr_set_machine_account_password(sampass,
+						   sampass,
+						   &plaintext,
+						   NULL,
+						   NULL);
+	TALLOC_FREE(sampass);
+	return status;
+}
+
 /*************************************************************************
  _netr_LogonSamLogoff
  *************************************************************************/
@@ -1370,16 +1424,6 @@ NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
-				  struct netr_ServerPasswordSet2 *r)
-{
-	p->rng_fault_state = true;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 WERROR _netr_ServerPasswordGet(pipes_struct *p,
 			       struct netr_ServerPasswordGet *r)
 {
-- 
2.11.4.GIT