r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1

This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)

1 files changed, 44 insertions, 0 deletions

diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index ea8db63642..4c6a868e7f 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1288,6 +1288,50 @@ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
 	return result;
 }
 
+/* User change passwd with auth crap */
+
+NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx, 
+					 const char *username, 
+					 DATA_BLOB new_nt_password,
+					 DATA_BLOB old_nt_hash_enc,
+					 DATA_BLOB new_lm_password,
+					 DATA_BLOB old_lm_hash_enc)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_CHGPASSWD_USER q;
+	SAMR_R_CHGPASSWD_USER r;
+	char *srv_name_slash;
+
+	if (!(srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s",
+					       cli->cli->desthost))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	DEBUG(5,("rpccli_samr_chng_pswd_auth_crap on server: %s\n",
+		 srv_name_slash));
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Marshall data and send request */
+
+	init_samr_q_chgpasswd_user(&q, srv_name_slash, username, 
+				   new_nt_password.data, 
+				   old_nt_hash_enc.data, 
+				   new_lm_password.data, 
+				   old_lm_hash_enc.data);
+
+	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER,
+		   q, r,
+		   qbuf, rbuf,
+		   samr_io_q_chgpasswd_user,
+		   samr_io_r_chgpasswd_user,
+		   NT_STATUS_UNSUCCESSFUL);
+
+	return r.status;
+}
+
 /* change password 3 */
 
 NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,