sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-04 05:18:06 +03:00
Code
3e3269d34b
samba-mirror/source3/rpc_client/cli_samr.c
Günther Deschner 0e1695df7f Fix gcc11 compiler issue "-Werror=maybe-uninitialized" 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699

../../source4/dsdb/common/util_links.c: In function ‘ndr_guid_compare’:
../../source4/dsdb/common/util_links.c:38:29: error: ‘v1_data’ may be used uninitialized [-Werror=maybe-uninitialized]
   38 |         struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data));
      |                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/dsdb/common/util_links.c:22:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/dsdb/common/util_links.c:37:17: note: ‘v1_data’ declared here
   37 |         uint8_t v1_data[16];
      |                 ^~~~~~~
cc1: all warnings being treated as errors

[1729/3991] Compiling source3/smbd/smbXsrv_open.c
../../libcli/auth/smbencrypt.c: In function ‘decode_wkssvc_join_password_buffer’:
../../libcli/auth/smbencrypt.c:1045:32: error: ‘_confounder’ may be used uninitialized [-Werror=maybe-uninitialized]
 1045 |         DATA_BLOB confounder = data_blob_const(_confounder, 8);
      |                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../libcli/auth/smbencrypt.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../libcli/auth/smbencrypt.c:1044:17: note: ‘_confounder’ declared here
 1044 |         uint8_t _confounder[8];
      |                 ^~~~~~~~~~~
cc1: all warnings being treated as errors

[2624/3991] Compiling source4/torture/rpc/samr.c
../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user2’:
../../source3/rpc_client/cli_samr.c:158:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
  158 |         DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
                 from ../../source3/include/includes.h:256,
                 from ../../source3/rpc_client/cli_samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source3/rpc_client/cli_samr.c:152:17: note: ‘old_nt_hash’ declared here
  152 |         uint8_t old_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user3’:
../../source3/rpc_client/cli_samr.c:365:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
  365 |         DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
      |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
                 from ../../source3/include/includes.h:256,
                 from ../../source3/rpc_client/cli_samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source3/rpc_client/cli_samr.c:358:17: note: ‘old_nt_hash’ declared here
  358 |         uint8_t old_nt_hash[16];
      |                 ^~~~~~~~~~~
cc1: all warnings being treated as errors

[3399/3991] Compiling source3/rpcclient/cmd_spotlight.c
../../source3/smbd/smbXsrv_open.c: In function ‘smbXsrv_open_set_replay_cache’:
../../source3/smbd/smbXsrv_open.c:936:26: error: ‘data’ may be used uninitialized [-Werror=maybe-uninitialized]
  936 |         DATA_BLOB blob = data_blob_const(data, ARRAY_SIZE(data));
      |                          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
                 from ../../source3/include/includes.h:256,
                 from ../../source3/smbd/smbXsrv_open.c:21:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source3/smbd/smbXsrv_open.c:935:17: note: ‘data’ declared here
  935 |         uint8_t data[SMBXSRV_OPEN_REPLAY_CACHE_FIXED_SIZE];
      |                 ^~~~
cc1: all warnings being treated as errors

../../source3/rpcclient/cmd_spotlight.c: In function ‘cmd_mdssvc_fetch_properties’:
../../source3/rpcclient/cmd_spotlight.c:60:18: error: ‘share_path’ may be used uninitialized [-Werror=maybe-uninitialized]
   60 |         status = dcerpc_mdssvc_open(b, mem_ctx,
      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   61 |                                     &device_id,
      |                                     ~~~~~~~~~~~
   62 |                                     &unkn1,
      |                                     ~~~~~~~
   63 |                                     &unkn2,
      |                                     ~~~~~~~
   64 |                                     argv[2],
      |                                     ~~~~~~~~
   65 |                                     argv[1],
      |                                     ~~~~~~~~
   66 |                                     share_path,
      |                                     ~~~~~~~~~~~
   67 |                                     &share_handle);
      |                                     ~~~~~~~~~~~~~~
In file included from ../../source3/rpcclient/cmd_spotlight.c:24:
source3/../librpc/gen_ndr/ndr_mdssvc_c.h:26:10: note: by argument 8 of type ‘const char *’ to ‘dcerpc_mdssvc_open’ declared here
   26 | NTSTATUS dcerpc_mdssvc_open(struct dcerpc_binding_handle *h,
      |          ^~~~~~~~~~~~~~~~~~
../../source3/rpcclient/cmd_spotlight.c:40:14: note: ‘share_path’ declared here
   40 |         char share_path[1025];
      |              ^~~~~~~~~~
cc1: all warnings being treated as errors

../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2’:
../../source4/torture/rpc/samr.c:2266:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2266 |                 = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2263:17: note: ‘old_nt_hash’ declared here
 2263 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2_ntstatus’:
../../source4/torture/rpc/samr.c:2371:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2371 |                 = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2368:17: note: ‘old_nt_hash’ declared here
 2368 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser3’:
../../source4/torture/rpc/samr.c:2478:38: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2478 |         DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16);
      |                                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2473:17: note: ‘old_nt_hash’ declared here
 2473 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordRandomBytes’:
../../source4/torture/rpc/samr.c:2794:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
 2794 |                 = data_blob_const(old_nt_hash,
      |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2795 |                                   sizeof(old_nt_hash));
      |                                   ~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
                 from ../../source4/include/includes.h:62,
                 from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
  116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
      |                    ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2792:17: note: ‘old_nt_hash’ declared here
 2792 |         uint8_t old_nt_hash[16], new_nt_hash[16];
      |                 ^~~~~~~~~~~
cc1: all warnings being treated as errors

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-05-07 06:23:32 +00:00

553 lines
14 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
RPC pipe client
Copyright (C) Tim Potter 2000-2001,
Copyright (C) Andrew Tridgell 1992-1997,2000,
Copyright (C) Rafal Szczesniak 2002.
Copyright (C) Jeremy Allison 2005.
Copyright (C) Guenther Deschner 2008.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "rpc_client/rpc_client.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/cli_samr.h"
#include "rpc_client/init_lsa.h"
#include "rpc_client/init_samr.h"
/* User change password */
NTSTATUS dcerpc_samr_chgpasswd_user(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
struct policy_handle *user_handle,
const char *newpassword,
const char *oldpassword,
NTSTATUS *presult)
{
NTSTATUS status;
int rc;
struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
uint8_t old_nt_hash[16] = {0};
uint8_t old_lm_hash[16] = {0};
uint8_t new_nt_hash[16] = {0};
uint8_t new_lm_hash[16] = {0};
DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
E_deshash(oldpassword, old_lm_hash);
E_deshash(newpassword, new_lm_hash);
rc = E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
rc = E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
rc = E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
rc = E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
rc = E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
rc = E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
status = dcerpc_samr_ChangePasswordUser(h,
mem_ctx,
user_handle,
true,
&hash1,
&hash2,
true,
&hash3,
&hash4,
true,
&hash5,
true,
&hash6,
presult);
done:
ZERO_ARRAY(old_nt_hash);
ZERO_ARRAY(old_lm_hash);
ZERO_ARRAY(new_nt_hash);
ZERO_ARRAY(new_lm_hash);
return status;
}
NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *user_handle,
const char *newpassword,
const char *oldpassword)
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
status = dcerpc_samr_chgpasswd_user(cli->binding_handle,
mem_ctx,
user_handle,
newpassword,
oldpassword,
&result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return result;
}
/* User change password */
NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
const char *srv_name_slash,
const char *username,
const char *newpassword,
const char *oldpassword,
NTSTATUS *presult)
{
NTSTATUS status;
int rc;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uint8_t old_nt_hash[16] = { 0 };
uint8_t old_lanman_hash[16];
uint8_t new_nt_hash[16];
uint8_t new_lanman_hash[16];
struct lsa_String server, account;
DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
status = init_samr_CryptPassword(newpassword,
&session_key,
&new_lm_password);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
rc = E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
status = init_samr_CryptPassword(newpassword,
&session_key,
&new_nt_password);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
rc = E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
status = dcerpc_samr_ChangePasswordUser2(h,
mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc,
presult);
done:
ZERO_STRUCT(new_nt_password);
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_nt_hash_enc);
ZERO_STRUCT(old_lanman_hash_enc);
ZERO_ARRAY(new_nt_hash);
ZERO_ARRAY(new_lanman_hash);
ZERO_ARRAY(old_nt_hash);
ZERO_ARRAY(old_lanman_hash);
return status;
}
NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword)
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
status = dcerpc_samr_chgpasswd_user2(cli->binding_handle,
mem_ctx,
cli->srv_name_slash,
username,
newpassword,
oldpassword,
&result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return result;
}
/* User change password given blobs */
NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
const char *srv_name_slash,
const char *username,
DATA_BLOB new_nt_password_blob,
DATA_BLOB old_nt_hash_enc_blob,
DATA_BLOB new_lm_password_blob,
DATA_BLOB old_lm_hash_enc_blob,
NTSTATUS *presult)
{
NTSTATUS status;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lm_hash_enc;
struct lsa_String server, account;
DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
ZERO_STRUCT(new_nt_password);
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_nt_hash_enc);
ZERO_STRUCT(old_lm_hash_enc);
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) {
memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
}
if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) {
memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
}
if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) {
memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
}
if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) {
memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
}
status = dcerpc_samr_ChangePasswordUser2(h,
mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lm_hash_enc,
presult);
return status;
}
NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
DATA_BLOB new_nt_password_blob,
DATA_BLOB old_nt_hash_enc_blob,
DATA_BLOB new_lm_password_blob,
DATA_BLOB old_lm_hash_enc_blob)
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
status = dcerpc_samr_chng_pswd_auth_crap(cli->binding_handle,
mem_ctx,
cli->srv_name_slash,
username,
new_nt_password_blob,
old_nt_hash_enc_blob,
new_lm_password_blob,
old_lm_hash_enc_blob,
&result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return result;
}
/* change password 3 */
NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
const char *srv_name_slash,
const char *username,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
struct userPwdChangeFailureInformation **reject,
NTSTATUS *presult)
{
NTSTATUS status;
int rc;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uint8_t old_nt_hash[16] = { 0 };
uint8_t old_lanman_hash[16];
uint8_t new_nt_hash[16];
uint8_t new_lanman_hash[16];
struct lsa_String server, account;
DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
status = init_samr_CryptPassword(newpassword,
&session_key,
&new_lm_password);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
rc = E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
status = init_samr_CryptPassword(newpassword,
&session_key,
&new_nt_password);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
rc = E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
if (rc != 0) {
status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
goto done;
}
status = dcerpc_samr_ChangePasswordUser3(h,
mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc,
NULL,
dominfo1,
reject,
presult);
done:
ZERO_STRUCT(new_nt_password);
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_nt_hash_enc);
ZERO_STRUCT(old_lanman_hash_enc);
ZERO_ARRAY(new_nt_hash);
ZERO_ARRAY(new_lanman_hash);
ZERO_ARRAY(old_nt_hash);
ZERO_ARRAY(old_lanman_hash);
return status;
}
NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
struct userPwdChangeFailureInformation **reject)
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
status = dcerpc_samr_chgpasswd_user3(cli->binding_handle,
mem_ctx,
cli->srv_name_slash,
username,
newpassword,
oldpassword,
dominfo1,
reject,
&result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return result;
}
/* This function returns the bizzare set of (max_entries, max_size) required
for the QueryDisplayInfo RPC to actually work against a domain controller
with large (10k and higher) numbers of users. These values were
obtained by inspection using ethereal and NT4 running User Manager. */
void dcerpc_get_query_dispinfo_params(int loop_count,
uint32_t *max_entries,
uint32_t *max_size)
{
switch(loop_count) {
case 0:
*max_entries = 512;
*max_size = 16383;
break;
case 1:
*max_entries = 1024;
*max_size = 32766;
break;
case 2:
*max_entries = 2048;
*max_size = 65532;
break;
case 3:
*max_entries = 4096;
*max_size = 131064;
break;
default: /* loop_count >= 4 */
*max_entries = 4096;
*max_size = 131071;
break;
}
}
NTSTATUS dcerpc_try_samr_connects(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
const char *srv_name_slash,
uint32_t access_mask,
struct policy_handle *connect_pol,
NTSTATUS *presult)
{
NTSTATUS status;
union samr_ConnectInfo info_in, info_out;
struct samr_ConnectInfo1 info1;
uint32_t lvl_out = 0;
ZERO_STRUCT(info1);
info1.client_version = SAMR_CONNECT_W2K;
info_in.info1 = info1;
status = dcerpc_samr_Connect5(h,
mem_ctx,
srv_name_slash,
access_mask,
1,
&info_in,
&lvl_out,
&info_out,
connect_pol,
presult);
if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(*presult)) {
return status;
}
status = dcerpc_samr_Connect4(h,
mem_ctx,
srv_name_slash,
SAMR_CONNECT_W2K,
access_mask,
connect_pol,
presult);
if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(*presult)) {
return status;
}
status = dcerpc_samr_Connect2(h,
mem_ctx,
srv_name_slash,
access_mask,
connect_pol,
presult);
return status;
}
/* vim: set ts=8 sw=8 noet cindent: */
View Git Blame Copy Permalink