1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Let rpccli_samr_chgpasswd3 use rpccli_samr_ChangePasswordUser3 internally.

Guenther
This commit is contained in:
Günther Deschner 2008-02-05 20:14:54 +01:00
parent 07c28f3086
commit ffbfd19ad7
3 changed files with 82 additions and 70 deletions

View File

@ -22,6 +22,11 @@
#include "includes.h"
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/* Query user info */
NTSTATUS rpccli_samr_query_userinfo(struct rpc_pipe_client *cli,
@ -601,80 +606,76 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
/* change password 3 */
NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword,
SAM_UNK_INFO_1 *info,
SAMR_CHANGE_REJECT *reject)
struct samr_DomInfo1 **dominfo1,
struct samr_ChangeReject **reject)
{
prs_struct qbuf, rbuf;
SAMR_Q_CHGPASSWD_USER3 q;
SAMR_R_CHGPASSWD_USER3 r;
NTSTATUS status;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uchar new_nt_password[516];
uchar new_lm_password[516];
uchar old_nt_hash[16];
uchar old_lanman_hash[16];
uchar old_nt_hash_enc[16];
uchar old_lanman_hash_enc[16];
uchar new_nt_hash[16];
uchar new_lanman_hash[16];
char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
struct lsa_String server, account;
char *srv_name_slash = NULL;
DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
if (!srv_name_slash) {
return NT_STATUS_NO_MEMORY;
}
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth()
&& E_deshash(newpassword, new_lanman_hash)
&& E_deshash(oldpassword, old_lanman_hash)) {
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE);
encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
SamOEMhash( new_lm_password, old_nt_hash, 516);
E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc);
SamOEMhash(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE);
SamOEMhash( new_nt_password, old_nt_hash, 516);
E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc);
encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
/* Marshall data and send request */
SamOEMhash(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
init_samr_q_chgpasswd_user3(&q, srv_name_slash, username,
new_nt_password,
old_nt_hash_enc,
new_lm_password,
old_lanman_hash_enc);
r.info = info;
r.reject = reject;
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER3,
q, r,
qbuf, rbuf,
samr_io_q_chgpasswd_user3,
samr_io_r_chgpasswd_user3,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
return r.status;
status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc,
NULL,
dominfo1,
reject);
return status;
}
/* This function returns the bizzare set of (max_entries, max_size) required

View File

@ -2367,10 +2367,10 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
user = argv[1];
oldpass = argv[2];
newpass = argv[3];
/* Get sam policy handle */
result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
&connect_pol);
if (!NT_STATUS_IS_OK(result))
@ -2406,16 +2406,16 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
/* Change user password */
static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc, const char **argv)
int argc, const char **argv)
{
POLICY_HND connect_pol, domain_pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
const char *user, *oldpass, *newpass;
uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
SAM_UNK_INFO_1 info;
SAMR_CHANGE_REJECT reject;
struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL;
if (argc < 3) {
printf("Usage: %s username oldpass newpass\n", argv[0]);
@ -2446,13 +2446,18 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
goto done;
/* Change user password */
result = rpccli_samr_chgpasswd3(cli, mem_ctx, user, newpass, oldpass, &info, &reject);
result = rpccli_samr_chgpasswd3(cli, mem_ctx,
user,
newpass,
oldpass,
&info,
&reject);
if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
/*display_sam_dom_info_1(&info);*/
display_sam_dom_info_1(info);
switch (reject.reject_reason) {
switch (reject->reason) {
case SAMR_REJECT_TOO_SHORT:
d_printf("SAMR_REJECT_TOO_SHORT\n");
break;
@ -2466,7 +2471,8 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
d_printf("SAMR_REJECT_OTHER\n");
break;
default:
d_printf("unknown reject reason: %d\n", reject.reject_reason);
d_printf("unknown reject reason: %d\n",
reject->reason);
break;
}
}

View File

@ -1936,8 +1936,8 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
POLICY_HND dom_pol;
struct rpc_pipe_client *cli;
bool got_info = False;
SAM_UNK_INFO_1 info;
SAMR_CHANGE_REJECT reject;
struct samr_DomInfo1 *info = NULL;
struct samr_ChangeReject *reject = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring domain, user;
@ -1965,24 +1965,29 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
goto done;
}
result = rpccli_samr_chgpasswd3(cli, state->mem_ctx, user, newpass, oldpass, &info, &reject);
result = rpccli_samr_chgpasswd3(cli, state->mem_ctx,
user,
newpass,
oldpass,
&info,
&reject);
/* Windows 2003 returns NT_STATUS_PASSWORD_RESTRICTION */
if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) ) {
state->response.data.auth.policy.min_length_password =
info.min_length_password;
state->response.data.auth.policy.password_history =
info.password_history;
state->response.data.auth.policy.password_properties =
info.password_properties;
state->response.data.auth.policy.expire =
nt_time_to_unix_abs(&info.expire);
state->response.data.auth.policy.min_passwordage =
nt_time_to_unix_abs(&info.min_passwordage);
state->response.data.auth.policy.min_length_password =
info->min_password_length;
state->response.data.auth.policy.password_history =
info->password_history_length;
state->response.data.auth.policy.password_properties =
info->password_properties;
state->response.data.auth.policy.expire =
nt_time_to_unix_abs((NTTIME *)&info->max_password_age);
state->response.data.auth.policy.min_passwordage =
nt_time_to_unix_abs((NTTIME *)&info->min_password_age);
state->response.data.auth.reject_reason =
reject.reject_reason;
state->response.data.auth.reject_reason =
reject->reason;
got_info = True;
}