s4:rpc_server/netlogon: implement dcesrv_netr_ServerPasswordGet()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/knownfail b/selftest/knownfail
index dee099b79c1138e1c6d90fca850c7ac0761543c8..51aae99d6b48fd9ded957238ca87bafddb6d3a55 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -105,7 +105,6 @@
 ^samba4.rpc.netlogon.*.DatabaseSync2
 ^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomains
 ^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx
-^samba4.rpc.netlogon.*.GetPassword
 ^samba4.rpc.netlogon.*.DatabaseRedo
 ^samba4.rpc.netlogon.*.netlogon.lsa_over_netlogon\(ad_dc\) #Broken by split of \\pipe\lsass from \\pipe\netlogon in the IDL
 ^samba4.rpc.netlogon.*.netlogon.SetupCredentialsDowngrade\(ad_dc_ntvfs\) # Broken by allowing NT4 crypto on this environment

diff --git a/selftest/knownfail.d/samba.tests.krb5.netlogon b/selftest/knownfail.d/samba.tests.krb5.netlogon
index dcf5c049e2e009522fd50590fbdceee9dbc95328..3da1d7368e5d70a2fccb4f1cc1a5dec601f66e9c 100644 (file)
--- a/selftest/knownfail.d/samba.tests.krb5.netlogon
+++ b/selftest/knownfail.d/samba.tests.krb5.netlogon
@@ -2,7 +2,6 @@
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_00004004
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_.*_auth3_603fffff
 # These need to be checked
-^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_check_passwords
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_send_to_sam
 # This is not implemented yet
 ^samba.tests.krb5.netlogon.*.NetlogonSchannel.test_ticket_samlogon

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 5c7ac435a1c7f0d4eeaa3d953868f1e37e4ceb6a..0667a1205075902a123ac3ee28716b015a673b30 100644 (file)
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -3105,13 +3105,47 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 }
 
 
+static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+                      struct netr_ServerGetTrustInfo *r);
+
 /*
   netr_ServerPasswordGet
 */
 static NTSTATUS dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                       struct netr_ServerPasswordGet *r)
 {
-       DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+       struct netr_ServerGetTrustInfo r2 = {};
+       struct samr_Password old_owf_password = {};
+       struct netr_TrustInfo *_ti = NULL;
+       NTSTATUS status;
+
+       r2.in.server_name = r->in.server_name;
+       r2.in.account_name = r->in.account_name;
+       r2.in.secure_channel_type = r->in.secure_channel_type;
+       r2.in.computer_name = r->in.computer_name;
+       r2.in.credential = r->in.credential;
+
+       r2.out.return_authenticator = r->out.return_authenticator;
+       r2.out.new_owf_password = r->out.password;
+       r2.out.old_owf_password = &old_owf_password;
+       r2.out.trust_info = &_ti;
+
+       status = dcesrv_netr_ServerGetTrustInfo(dce_call, mem_ctx, &r2);
+
+       r->out.return_authenticator = r2.out.return_authenticator;
+       r->out.password = r2.out.new_owf_password;
+
+       ZERO_STRUCT(old_owf_password);
+       switch (r->in.secure_channel_type) {
+       case SEC_CHAN_BDC:
+       case SEC_CHAN_RODC:
+               break;
+       default:
+               ZERO_STRUCTP(r->out.password);
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
+       return status;
 }
 
 static bool sam_rodc_access_check(struct ldb_context *sam_ctx,
@@ -4281,9 +4315,6 @@ static WERROR dcesrv_netr_DsrDeregisterDNSHostRecords(struct dcesrv_call_state *
 }
 
 
-static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct netr_ServerGetTrustInfo *r);
-
 /*
   netr_ServerTrustPasswordsGet
 */