1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/rpc_client/cli_samr.c
Andreas Schneider 898fd584a4 s3-rpc_client: Fixed a segfault in rpccli_samr_chng_pswd_auth_crap().
This fixes the WINBIND-WBCLIENT test. The test set
old_lm_hash_enc_blob.length to 0 and we don't check the length here. So
the memcpy segfaulted.
2010-07-18 15:09:24 +02:00

348 lines
9.5 KiB
C

/*
Unix SMB/CIFS implementation.
RPC pipe client
Copyright (C) Tim Potter 2000-2001,
Copyright (C) Andrew Tridgell 1992-1997,2000,
Copyright (C) Rafal Szczesniak 2002.
Copyright (C) Jeremy Allison 2005.
Copyright (C) Guenther Deschner 2008.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/cli_samr.h"
#include "rpc_client/cli_samr.h"
#include "../lib/crypto/arcfour.h"
/* User change password */
NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *user_handle,
const char *newpassword,
const char *oldpassword)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
uchar old_nt_hash[16];
uchar old_lm_hash[16];
uchar new_nt_hash[16];
uchar new_lm_hash[16];
ZERO_STRUCT(old_nt_hash);
ZERO_STRUCT(old_lm_hash);
ZERO_STRUCT(new_nt_hash);
ZERO_STRUCT(new_lm_hash);
DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
E_deshash(oldpassword, old_lm_hash);
E_deshash(newpassword, new_lm_hash);
E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
result = rpccli_samr_ChangePasswordUser(cli, mem_ctx,
user_handle,
true,
&hash1,
&hash2,
true,
&hash3,
&hash4,
true,
&hash5,
true,
&hash6);
return result;
}
/* User change password */
NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uchar old_nt_hash[16];
uchar old_lanman_hash[16];
uchar new_nt_hash[16];
uchar new_lanman_hash[16];
struct lsa_String server, account;
DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
init_lsa_String(&server, cli->srv_name_slash);
init_lsa_String(&account, username);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc);
return result;
}
/* User change password given blobs */
NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
DATA_BLOB new_nt_password_blob,
DATA_BLOB old_nt_hash_enc_blob,
DATA_BLOB new_lm_password_blob,
DATA_BLOB old_lm_hash_enc_blob)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lm_hash_enc;
struct lsa_String server, account;
DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
init_lsa_String(&server, cli->srv_name_slash);
init_lsa_String(&account, username);
if (new_nt_password_blob.length > 0) {
memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
} else {
ZERO_STRUCT(new_nt_password_blob);
}
if (new_lm_password_blob.length > 0) {
memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
} else {
ZERO_STRUCT(new_lm_password);
}
if (old_nt_hash_enc_blob.length > 0) {
memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
} else {
ZERO_STRUCT(old_nt_hash_enc);
}
if (old_lm_hash_enc_blob.length > 0) {
memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
} else {
ZERO_STRUCT(old_lm_hash_enc);
}
result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lm_hash_enc);
return result;
}
/* change password 3 */
NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
struct userPwdChangeFailureInformation **reject)
{
NTSTATUS status;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uchar old_nt_hash[16];
uchar old_lanman_hash[16];
uchar new_nt_hash[16];
uchar new_lanman_hash[16];
struct lsa_String server, account;
DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
init_lsa_String(&server, cli->srv_name_slash);
init_lsa_String(&account, username);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc,
NULL,
dominfo1,
reject);
return status;
}
/* This function returns the bizzare set of (max_entries, max_size) required
for the QueryDisplayInfo RPC to actually work against a domain controller
with large (10k and higher) numbers of users. These values were
obtained by inspection using ethereal and NT4 running User Manager. */
void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
uint32 *max_size)
{
switch(loop_count) {
case 0:
*max_entries = 512;
*max_size = 16383;
break;
case 1:
*max_entries = 1024;
*max_size = 32766;
break;
case 2:
*max_entries = 2048;
*max_size = 65532;
break;
case 3:
*max_entries = 4096;
*max_size = 131064;
break;
default: /* loop_count >= 4 */
*max_entries = 4096;
*max_size = 131071;
break;
}
}
NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
uint32_t access_mask,
struct policy_handle *connect_pol)
{
NTSTATUS status;
union samr_ConnectInfo info_in, info_out;
struct samr_ConnectInfo1 info1;
uint32_t lvl_out = 0;
ZERO_STRUCT(info1);
info1.client_version = SAMR_CONNECT_W2K;
info_in.info1 = info1;
status = rpccli_samr_Connect5(cli, mem_ctx,
cli->srv_name_slash,
access_mask,
1,
&info_in,
&lvl_out,
&info_out,
connect_pol);
if (NT_STATUS_IS_OK(status)) {
return status;
}
status = rpccli_samr_Connect4(cli, mem_ctx,
cli->srv_name_slash,
SAMR_CONNECT_W2K,
access_mask,
connect_pol);
if (NT_STATUS_IS_OK(status)) {
return status;
}
status = rpccli_samr_Connect2(cli, mem_ctx,
cli->srv_name_slash,
access_mask,
connect_pol);
return status;
}