SAM database "set user info".

----------------------------

- removed DOM_RID4

- removed SAMR_UNKNOWN_32

- added SAMR_SET_USERINFO (opcode 0x32)

- added level 0x1 to SAMR_QUERY_DOM_INFO (needed for create user)

- fixed pwdb_gethexpwd() it was failing on XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

- added mod_sam21pwd_entry()

- preparing to call mod_sam21pwd_entry()

- added "user session key" to user_struct.dc.  this is md4(nt#) and is
  needed to decode user's clear-text passwords in SAMR_SET_USERINFO.

- split code out in chgpasswd.c to decode 516 byte password buffers.
(This used to be commit 2e58ed742435befe419aa366c4052019fede8c23)

3 files changed, 204 insertions, 52 deletions

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index ec5b547c86..54d26650e9 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -211,8 +211,16 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	uchar nt_owf[24];
 	struct smb_passwd *smb_pass = NULL;
 	
+	user_struct *vuser = get_valid_user_struct(p->vuid);
+
 	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
 
+	if (vuser == NULL)
+	{
+		DEBUG(0,("get user struct %d failed\n", p->vuid));
+		return False;
+	}
+
 	if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
 	if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
 	if (p->ntlmssp_resp.hdr_usr    .str_str_len == 0) return False;
@@ -256,7 +264,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	become_root(True);
 	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
 	                      (uchar*)p->ntlmssp_chal.challenge,
-	                      lm_owf, nt_owf, NULL);
+	                      lm_owf, nt_owf, NULL, vuser->dc.user_sess_key);
 	smb_pass = getsmbpwnam(p->user_name);
 	unbecome_root(True);
 
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 531fcf6add..4361c0772e 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -140,7 +140,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
 	p->ntlmssp_auth      = False;
 	
 	fstrcpy(p->name, pipe_name);
-	
+
 	DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
 		 pipe_name, i, pipes_open));
 	
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 2dd7801e81..2437163f2b 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -1944,6 +1944,27 @@ static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
 }
 
 /*******************************************************************
+ set_user_info_23
+ ********************************************************************/
+static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
+{
+	static struct sam_passwd *pwd;
+	fstring new_pw;
+	if (!decode_pw_buffer(id23->pass, new_pw, sizeof(new_pw), True))
+	{
+		return False;
+	}
+#ifdef DEBUG_PASSWORD
+	DEBUG(0,("New Password: %s\n", new_pw));
+#endif
+#if 0
+	return mod_sam21pwd_entry(&pwd, True);
+#else
+	return True;
+#endif
+}
+
+/*******************************************************************
  api_samr_query_userinfo
  ********************************************************************/
 static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
@@ -1955,6 +1976,87 @@ static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *
 
 
 /*******************************************************************
+ samr_reply_set_userinfo
+ ********************************************************************/
+static void samr_reply_set_userinfo(SAMR_Q_SET_USERINFO *q_u,
+				prs_struct *rdata, uchar user_sess_key[16])
+{
+	SAMR_R_SET_USERINFO r_u;
+
+	uint32 status = 0x0;
+	uint32 rid = 0x0;
+
+	DEBUG(5,("samr_reply_set_userinfo: %d\n", __LINE__));
+
+	/* search for the handle */
+	if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+	{
+		status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+	}
+
+	/* find the user's rid */
+	if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
+	{
+		status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
+	}
+
+	DEBUG(5,("samr_reply_set_userinfo: rid:0x%x\n", rid));
+
+	/* ok!  user info levels (there are lots: see MSDEV help), off we go... */
+	if (status == 0x0)
+	{
+		switch (q_u->switch_value)
+		{
+			case 23:
+			{
+				SAM_USER_INFO_23 *id23 = q_u->info.id23;
+				SamOEMhash(id23->pass, user_sess_key, True);
+				status = set_user_info_23(id23, rid) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
+				break;
+			}
+
+			default:
+			{
+				status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+
+				break;
+			}
+		}
+	}
+
+	make_samr_r_set_userinfo(&r_u, status);
+
+	/* store the response in the SMB stream */
+	samr_io_r_set_userinfo("", &r_u, rdata, 0);
+
+	DEBUG(5,("samr_reply_set_userinfo: %d\n", __LINE__));
+
+}
+
+/*******************************************************************
+ api_samr_set_userinfo
+ ********************************************************************/
+static void api_samr_set_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+	user_struct *vuser = get_valid_user_struct(vuid);
+	SAMR_Q_SET_USERINFO q_u;
+	ZERO_STRUCT(q_u);
+
+#ifdef DEBUG_PASSWORD
+	DEBUG(100,("set user info: sess_key: "));
+	dump_data(100, vuser->dc.user_sess_key, 16);
+#endif
+	samr_io_q_set_userinfo("", &q_u, data, 0);
+	samr_reply_set_userinfo(&q_u, rdata, vuser->dc.user_sess_key);
+
+	if (q_u.info.id != NULL)
+	{
+		free(q_u.info.id);
+	}
+}
+
+
+/*******************************************************************
  samr_reply_query_usergroups
  ********************************************************************/
 static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
@@ -2310,6 +2412,13 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
 
 				break;
 			}
+			case 0x01:
+			{
+				switch_value = 0x1;
+				make_unk_info1(&ctr.info.inf1);
+
+				break;
+			}
 			default:
 			{
 				status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
@@ -2340,50 +2449,19 @@ static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *
 
 
 /*******************************************************************
- samr_reply_unknown_32
+ samr_reply_create_user
  ********************************************************************/
-static void samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
-				prs_struct *rdata,
-				int status)
-{
-	int i;
-	SAMR_R_UNKNOWN_32 r_u;
-
-	/* set up the SAMR unknown_32 response */
-	bzero(r_u.pol.data, POL_HND_SIZE);
-	if (status == 0)
-	{
-		for (i = 4; i < POL_HND_SIZE; i++)
-		{
-			r_u.pol.data[i] = i+1;
-		}
-	}
-
-	make_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
-	r_u.status    = status;
-
-	DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
-
-	/* store the response in the SMB stream */
-	samr_io_r_unknown_32("", &r_u, rdata, 0);
-
-	DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
-
-}
-
-/*******************************************************************
- api_samr_unknown_32
- ********************************************************************/
-static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
+				prs_struct *rdata)
 {
-	uint32 status = 0;
 	struct sam_passwd *sam_pass;
-	fstring mach_acct;
-
-	SAMR_Q_UNKNOWN_32 q_u;
+	fstring user_name;
 
-	/* grab the samr unknown 32 */
-	samr_io_q_unknown_32("", &q_u, data, 0);
+	SAMR_R_CREATE_USER r_u;
+	POLICY_HND pol;
+	uint32 status = 0x0;
+	uint32 user_rid = 0xffffffff;
+	BOOL pol_open = False;
 
 	/* find the machine account: tell the caller if it exists.
 	   lkclXXXX i have *no* idea if this is a problem or not
@@ -2391,26 +2469,91 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat
 	   reply if the account already exists...
 	 */
 
-	unistr2_to_ascii(mach_acct, &q_u.uni_mach_acct, sizeof(mach_acct)-1);
+	/* find the policy handle.  open a policy on it. */
+	if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
+	{
+		status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+	}
 
-	become_root(True);
-	sam_pass = getsam21pwntnam(mach_acct);
-	unbecome_root(True);
+	/* get a (unique) handle.  open a policy on it. */
+	if (status == 0x0 && !(pol_open = open_lsa_policy_hnd(&pol)))
+	{
+		status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	unistr2_to_ascii(user_name, &q_u->uni_name, sizeof(user_name)-1);
+
+	sam_pass = getsam21pwntnam(user_name);
 
 	if (sam_pass != NULL)
 	{
-		/* machine account exists: say so */
+		/* account exists: say so */
 		status = 0xC0000000 | NT_STATUS_USER_EXISTS;
 	}
 	else
 	{
-		/* this could cause trouble... */
-		DEBUG(0,("trouble!\n"));
-		status = 0;
+		pstring err_str;
+		pstring msg_str;
+
+		if (!local_password_change(user_name, True,
+		          q_u->acb_info | ACB_DISABLED, 0xffff,
+		          NULL,
+		          err_str, sizeof(err_str),
+		          msg_str, sizeof(msg_str)))
+		{
+			DEBUG(0,("%s\n", err_str));
+			status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
+		}
+		else
+		{
+			sam_pass = getsam21pwntnam(user_name);
+			if (sam_pass == NULL)
+			{
+				/* account doesn't exist: say so */
+				status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
+			}
+			else
+			{
+				user_rid = sam_pass->user_rid;
+			}
+		}
+	}
+
+	/* associate the RID with the (unique) handle. */
+	if (status == 0x0 && !set_lsa_policy_samr_rid(&pol, user_rid))
+	{
+		/* oh, whoops.  don't know what error message to return, here */
+		status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
+	if (status != 0 && pol_open)
+	{
+		close_lsa_policy_hnd(&pol);
 	}
 
+	DEBUG(5,("samr_create_user: %d\n", __LINE__));
+
+	make_samr_r_create_user(&r_u, &pol, 0x000703ff, user_rid, status);
+
+	/* store the response in the SMB stream */
+	samr_io_r_create_user("", &r_u, rdata, 0);
+
+	DEBUG(5,("samr_create_user: %d\n", __LINE__));
+
+}
+
+/*******************************************************************
+ api_samr_create_user
+ ********************************************************************/
+static void api_samr_create_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+	SAMR_Q_CREATE_USER q_u;
+
+	/* grab the samr unknown 32 */
+	samr_io_q_create_user("", &q_u, data, 0);
+
 	/* construct reply. */
-	samr_reply_unknown_32(&q_u, rdata, status);
+	samr_reply_create_user(&q_u, rdata);
 }
 
 
@@ -2709,6 +2852,7 @@ static struct api_struct api_samr_cmds [] =
 	{ "SAMR_LOOKUP_NAMES"     , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
 	{ "SAMR_OPEN_USER"        , SAMR_OPEN_USER        , api_samr_open_user        },
 	{ "SAMR_QUERY_USERINFO"   , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
+	{ "SAMR_SET_USERINFO"     , SAMR_SET_USERINFO     , api_samr_set_userinfo     },
 	{ "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info   },
 	{ "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
 	{ "SAMR_QUERY_DISPINFO"   , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
@@ -2716,7 +2860,7 @@ static struct api_struct api_samr_cmds [] =
 	{ "SAMR_QUERY_DISPINFO4"  , SAMR_QUERY_DISPINFO4  , api_samr_query_dispinfo   },
 	{ "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
 	{ "SAMR_QUERY_GROUPINFO"  , SAMR_QUERY_GROUPINFO  , api_samr_query_groupinfo  },
-	{ "SAMR_0x32"             , SAMR_UNKNOWN_32       , api_samr_unknown_32       },
+	{ "SAMR_CREATE_USER"      , SAMR_CREATE_USER      , api_samr_create_user      },
 	{ "SAMR_LOOKUP_RIDS"      , SAMR_LOOKUP_RIDS      , api_samr_lookup_rids      },
 	{ "SAMR_UNKNOWN_38"       , SAMR_UNKNOWN_38       , api_samr_unknown_38       },
 	{ "SAMR_CHGPASSWD_USER"   , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },