rpccli_svcctl_CreateServiceW support for SvcStartName & Password

[Carl Banzhof]

Hello,

Apologies in advance if this is wrong list etc.

I am attempting to create a patch for net_rpc_service.c / rpc_service_create_internal to support the parameters of Service Start Name and Password. These parameters specify which account
the service should be started and run as.

I've added code to pass the params from the command line to rpc_service_create_internal.  However,  when  rpccli_svcctl_CreateServiceW  is called with the svcStartName and password it always returns an error usually invalid parameter.

Reading the MS-SCMR spec it specifies that the password field is an LPBYTE unicode array. Tracing through the code it appears that ndr_push_svcctl_CreateServiceW is not handling the password field appropriately.

So I added the following lines to handle the password similar to the other unicode strings in that request.

			NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.password, CH_UTF16)));
			NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, 0));
			NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.password, CH_UTF16)));
			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.password, ndr_charset_length(r->in.password, CH_UTF16), sizeof(uint16_t), CH_UTF16));


After adding this i still get an error / failure but it returns WERR_OK and still fails the call.

I did some additional testing against SC.EXE (The windows command line service control tool) and when examining the packets sent from sc vs net it appears as though the password parameter is being encrypted by SC before being sent.
 
Anybody have any experience with this or can offer any suggestions?

BTW, I'm working on the 3.5.6 source tree. I believe the same condition exist in 3.60rc1

Thanks