r3977: fixed the lmPwdHash change in the rpc server (we were not fetching the

lm hash from the samdb, and thus not checking the verifier)

fixed the client side to calculate the lm verifier based on the nt
hash, not the lm hash (confirmed using w2k3)

source/rpc_server/samr/samr_password.c

@@ -251,7 +251,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	const char *user_dn, *domain_dn = NULL;
 	int ret;
 	struct ldb_message **res, mod;
-	const char * const attrs[] = { "objectSid", "ntPwdHash", "unicodePwd", NULL };
+	const char * const attrs[] = { "objectSid", "ntPwdHash", "lmPwdHash", "unicodePwd", NULL };
 	const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength", 
 					   "pwdProperties", "minPwdAge", "maxPwdAge", 
 					   NULL };

source/torture/rpc/samr.c

@@ -1036,7 +1036,7 @@ static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
 	arcfour_crypt(lm_pass.data, old_lm_hash, 516);
-	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
 
 	encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
 	arcfour_crypt(nt_pass.data, old_nt_hash, 516);
@@ -1091,7 +1091,7 @@ static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
 	arcfour_crypt(lm_pass.data, old_nt_hash, 516);
-	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
 
 	encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
 	arcfour_crypt(nt_pass.data, old_nt_hash, 516);