Changing of machine passwords now works !!!!!!

smbdes.c: Added cred_hash3.
smbpasswd.c: Fixes for adding a machine account (needs more work).
lib/rpc/server/srv_netlog.c: Turn on the machine password changing
code by default (calls cred_hash3).
Jeremy.
(This used to be commit 50aa513b969c6e41911aeee8207b065f93af0beb)

4 files changed, 58 insertions, 43 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index c5c7c1e846..b1a5edab62 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1673,6 +1673,7 @@ void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out);
 void E_old_pw_hash( unsigned char *p14, unsigned char *in, unsigned char *out);
 void cred_hash1(unsigned char *out,unsigned char *in,unsigned char *key);
 void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key);
+void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key);
 void SamOEMhash( unsigned char *data, unsigned char *key, int val);
 
 /*The following definitions come from  smbencrypt.c  */
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index e5d8f4a1e0..cf46e53ff5 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -347,6 +347,15 @@ void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key)
 	smbhash(out, buf, key2, 1);
 }
 
+void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key)
+{
+        static unsigned char key2[8];
+
+        smbhash(out, in, key, 0);
+        key2[0] = key[7];
+        smbhash(out + 8, in + 8, key2, 0);
+}
+
 void SamOEMhash( unsigned char *data, unsigned char *key, int val)
 {
   unsigned char s_box[256];
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 3912ad7938..b87ecfc646 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -367,11 +367,9 @@ static void api_net_srv_pwset( int uid,
 	NET_Q_SRV_PWSET q_a;
 	uint32 status = NT_STATUS_WRONG_PASSWORD|0xC0000000;
 	DOM_CRED srv_cred;
-#ifdef ALLOW_SRV_PWSET
 	pstring mach_acct;
 	struct smb_passwd *smb_pass;
 	BOOL ret;
-#endif
 	user_struct *vuser;
 
 	if ((vuser = get_valid_user_struct(uid)) == NULL) return;
@@ -387,47 +385,44 @@ static void api_net_srv_pwset( int uid,
 
 		DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
 
-#ifdef ALLOW_SRV_PWSET
-
 		pstrcpy(mach_acct, unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
 									q_a.clnt_id.login.uni_acct_name.uni_str_len));
 
 		DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
 
 		become_root(True);
-		smb_pass = get_smbpwd_entry(mach_acct, 0);
+		smb_pass = getsmbpwnam(mach_acct);
 		unbecome_root(True);
 
 		if (smb_pass != NULL)
 		{
-			unsigned char pwd[16];
-			uint8 mode = 2;
+                  unsigned char pwd[16];
+                  int i;
 
-			memcpy(pwd, q_a.pwd, 16);
+                  DEBUG(0,("Server password set : new given value was :\n"));
+                  for(i = 0; i < 16; i++)
+                    DEBUG(0,("%02X ", q_a.pwd[i]));
+                  DEBUG(0,("\n"));
 
-			if (obfuscate_pwd(pwd, vuser->dc.sess_key, mode))
-			{
-				/* lies!  nt and lm passwords are _not_ the same: don't care */
-				smb_pass->smb_passwd    = pwd;
-				smb_pass->smb_nt_passwd = pwd;
-				smb_pass->acct_ctrl     = ACB_WSTRUST;
-
-				become_root(True);
-				ret = mod_smbpwd_entry(smb_pass);
-				unbecome_root(True);
-
-				if (ret)
-				{
-					/* hooray! */
-					status = 0x0;
-				}
-			}
-		}
+                  cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key);
+
+                  /* lies!  nt and lm passwords are _not_ the same: don't care */
+                  smb_pass->smb_passwd    = pwd;
+                  smb_pass->smb_nt_passwd = pwd;
+                  smb_pass->acct_ctrl     = ACB_WSTRUST;
+
+                  become_root(True);
+                  ret = mod_smbpwd_entry(smb_pass);
+                  unbecome_root(True);
+
+                  if (ret)
+                  {
+                    /* hooray! */
+                    status = 0x0;
+                  }
+                }
 
 		DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
-#else
-		DEBUG(5,("api_net_srv_pwset: server password set being denied\n"));
-#endif
 
 	}
 	else
@@ -436,9 +431,8 @@ static void api_net_srv_pwset( int uid,
 		status = 0xC0000000 | NT_STATUS_NETWORK_CREDENTIAL_CONFLICT;
 	}
 
-	/* construct reply.  always indicate failure.  nt keeps going... */
-	net_reply_srv_pwset(&q_a, rdata,
-					&srv_cred, status);
+	/* Construct reply. */
+	net_reply_srv_pwset(&q_a, rdata, &srv_cred, status);
 }
 
 
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index ca59ae52e9..97a38977dc 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -576,6 +576,25 @@ int main(int argc, char **argv)
     }
 
     if(*user_name) {
+
+      if(machine_account) {
+        int username_len = strlen(user_name);
+        if(username_len >= sizeof(pstring) - 1) {
+          fprintf(stderr, "%s: machine account name too long.\n", user_name);
+          exit(1);
+        }
+
+        if(user_name[username_len-1] != '$') {
+          user_name[username_len] = '$';
+          user_name[username_len+1] = '\0';
+        }
+      }
+
+    /*
+     * Setup the pwd struct to point to known
+     * values for a machine account (it doesn't
+     * exist in /etc/passwd).
+     */
       if((pwd = getpwnam(user_name)) == NULL) {
         fprintf(stderr, "%s: User \"%s\" was not found in system password file.\n", 
                     prog_name, user_name);
@@ -630,6 +649,8 @@ int main(int argc, char **argv)
     strncpy(new_passwd, user_name, sizeof(fstring));
     new_passwd[sizeof(fstring)-1] = '\0';
     strlower(new_passwd);
+    if(new_passwd[strlen(new_passwd)-1] == '$')
+      new_passwd[strlen(new_passwd)-1] = '\0';
   }
 
   /* 
@@ -741,17 +762,7 @@ int main(int argc, char **argv)
    * a '$' etc....
    */
 
-  if(machine_account) {
-    int username_len = strlen(user_name);
-    if(username_len >= sizeof(pstring) - 1) {
-      fprintf(stderr, "%s: machine account name too long.\n", user_name);
-      exit(1);
-    }
-
-    if(user_name[username_len] != '$') {
-      user_name[username_len] = '$';
-      user_name[username_len+1] = '\0';
-    }
+  if(machine_account && !pwd) {
 
     /*
      * Setup the pwd struct to point to known