2025-01-11 05:18:09 +03:00 · 2004-04-26 03:07:46 +00:00 · 2004-04-26 03:07:46 +00:00 · 3fb30e46be
commit 3fb30e46be
parent 0d1c529cdc
2 changed files with 33 additions and 37 deletions
--- a/source4/librpc/idl/samr.idl
+++ b/source4/librpc/idl/samr.idl
@ -735,24 +735,21 @@
 	} samr_Hash;

 	/*
-	  this interface is quite mysterious. I can make w2k3 give me
-	  NT_STATUS_PASSWORD_RESTRICTION and NT_STATUS_WRONG_PASSWORD
-	  with various options, but so far I haven't managed a successful
-	  password change. Perhaps this interface is disabled now?
-	  Needs testing against NT4
+	  this is a password change interface that doesn't give
+	  the server the plaintext password. Depricated.
 	*/
 	NTSTATUS samr_ChangePasswordUser(
 		[in,ref]    policy_handle *handle,
-		[in]        bool8 unknown1,
-		[in]        samr_Hash *hash1,
-		[in]        samr_Hash *hash2,
-		[in]        bool8 unknown2,
-		[in]        samr_Hash *hash3,
-		[in]        samr_Hash *hash4,
-		[in]        bool8 unknown3,
-		[in]        samr_Hash *hash5,
-		[in]        bool8 unknown4,
-		[in]        samr_Hash *hash6
+		[in]        bool8 lm_present,
+		[in]        samr_Hash *old_lm_crypted,
+		[in]        samr_Hash *new_lm_crypted,
+		[in]        bool8 nt_present,
+		[in]        samr_Hash *old_nt_crypted,
+		[in]        samr_Hash *new_nt_crypted,
+		[in]        bool8 cross1_present,
+		[in]        samr_Hash *nt_cross,
+		[in]        bool8 cross2_present,
+		[in]        samr_Hash *lm_cross
 		);

 	/************************/
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@ -524,7 +524,7 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	struct samr_ChangePasswordUser r;
 	BOOL ret = True;
-	struct samr_Hash hash1, hash2, hash3, hash4;
+	struct samr_Hash hash1, hash2, hash3, hash4, hash5, hash6;
 	struct policy_handle user_handle;
 	char *oldpass = *password;
 	char *newpass = samr_rand_pass(mem_ctx);	
@ -540,36 +540,34 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,

 	E_md4hash(oldpass, old_nt_hash);
 	E_md4hash(newpass, new_nt_hash);
-
 	E_deshash(oldpass, old_lm_hash);
 	E_deshash(newpass, new_lm_hash);

-	memcpy(hash1.hash, new_lm_hash, 16);
-	SamOEMhash(hash1.hash, old_lm_hash, 16);
-	E_old_pw_hash(new_lm_hash, old_lm_hash, hash2.hash);
-
-	memcpy(hash3.hash, new_lm_hash, 16);
-	SamOEMhash(hash3.hash, old_nt_hash, 16);
-	E_old_pw_hash(new_nt_hash, old_nt_hash, hash4.hash);
+	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
+	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
+	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
+	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
+	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);

 	r.in.handle = &user_handle;
-	r.in.unknown1 = 1;
-	r.in.hash1 = &hash1;
-	r.in.hash2 = &hash2;
-	r.in.unknown2 = 1;
-	r.in.hash3 = &hash3;
-	r.in.hash4 = &hash4;
-	r.in.unknown3 = 1;
-	r.in.hash5 = &hash1;
-	r.in.unknown4 = 1;
-	r.in.hash6 = &hash3;
+	r.in.lm_present = 1;
+	r.in.old_lm_crypted = &hash1;
+	r.in.new_lm_crypted = &hash2;
+	r.in.nt_present = 1;
+	r.in.old_nt_crypted = &hash3;
+	r.in.new_nt_crypted = &hash4;
+	r.in.cross1_present = 1;
+	r.in.nt_cross = &hash5;
+	r.in.cross2_present = 1;
+	r.in.lm_cross = &hash6;

 	status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r);
-	/* because we don't yet have the right code above, we expect
-	   WRONG_PASSWORD back */
-	if (!NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, status)) {
+	if (!NT_STATUS_IS_OK(status)) {
 		printf("ChangePasswordUser failed - %s\n", nt_errstr(status));
 		ret = False;
+	} else {
+		*password = newpass;
 	}

 	if (!test_Close(p, mem_ctx, &user_handle)) {
@ -2719,3 +2717,4 @@ BOOL torture_rpc_samr(int dummy)

 	return ret;
 }
+