adding experimental set user password command to rpcclient, it returns

error wrong password against nt.  ????
(This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90)

6 files changed, 207 insertions, 27 deletions

diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index c445d91f57..53ffb24cfd 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -2,8 +2,8 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    NT Domain Authentication SMB / MSRPC client
-   Copyright (C) Andrew Tridgell 1994-1997
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Andrew Tridgell 1994-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c
index 4d9cdf5f15..adf3c7281e 100644
--- a/source3/rpcclient/cmd_reg.c
+++ b/source3/rpcclient/cmd_reg.c
@@ -2,8 +2,8 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    NT Domain Authentication SMB / MSRPC client
-   Copyright (C) Andrew Tridgell 1994-1997
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Andrew Tridgell 1994-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 4ed82fbe28..d8ebc56ab6 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -2,8 +2,8 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    NT Domain Authentication SMB / MSRPC client
-   Copyright (C) Andrew Tridgell 1994-1997
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Andrew Tridgell 1994-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -2511,6 +2511,174 @@ void cmd_sam_query_user(struct client_info *info)
 
 
 /****************************************************************************
+experimental SAM user set.
+****************************************************************************/
+void cmd_sam_set_userinfo(struct client_info *info)
+{
+	uint16 fnum;
+	fstring srv_name;
+	fstring domain;
+	fstring sid_str;
+	DOM_SID sid;
+	BOOL res = True;
+	BOOL res1 = True;
+	uint32 argc = 0;
+	char **argv = NULL;
+	uint32 cp_argc = 0;
+	char **cp_argv = NULL;
+	extern int optind;
+	int opt;
+	BOOL set_passwd = False;
+
+	fstring user_name;
+	fstring password;
+	fstring tmp;
+
+	char *names[1];
+	uint32 num_rids;
+	uint32 rid[MAX_LOOKUP_SIDS];
+	uint32 type[MAX_LOOKUP_SIDS];
+	POLICY_HND sam_pol;
+	POLICY_HND pol_dom;
+
+	fstrcpy(domain, info->dom.level5_dom);
+	sid_copy(&sid, &info->dom.level5_sid);
+
+	if (sid.num_auths == 0)
+	{
+		report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");
+		return;
+	}
+
+	/* create arguments array */
+	while (next_token(NULL, tmp, NULL, sizeof(tmp)))
+	{
+		add_chars_to_array(&argc, &argv, tmp);
+	}
+
+	cp_argc = argc;
+	cp_argv = argv;
+
+	if (cp_argc == 0)
+	{
+		report(out_hnd, "samuserset <name> [-p password]\n");
+		return;
+	}
+
+	safe_strcpy(user_name, cp_argv[0], sizeof(user_name));
+
+	cp_argc--;
+	cp_argv++;
+
+	if (cp_argc == 0)
+	{
+		fstring pass_str;
+		char *pass;
+		slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:",
+		         user_name);
+		pass = (char*)getpass(pass_str);
+
+		if (pass != NULL)
+		{
+			safe_strcpy(password, pass,
+				    sizeof(password)-1);
+			set_passwd = True;
+		}
+	}
+	else
+	{
+		optind = -1;
+		while ((opt = getopt(cp_argc, cp_argv,"p:")) != EOF)
+		{
+			switch (opt)
+			{
+				case 'p':
+				{
+					set_passwd = True;
+					safe_strcpy(password, optarg,
+					            sizeof(password)-1);
+					break;
+				}
+			}
+		}
+	}
+
+	fstrcpy(srv_name, "\\\\");
+	fstrcat(srv_name, info->dest_host);
+	strupper(srv_name);
+
+	sid_to_string(sid_str, &sid);
+
+	report(out_hnd, "SAM Set User Info: %s\n", user_name);
+	report(out_hnd, "Password: %s\n", password);
+
+	/* open SAMR session.  negotiate credentials */
+	res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False;
+
+	/* establish a connection. */
+	res = res ? samr_connect(smb_cli, fnum,
+				srv_name, 0x02000000,
+				&sam_pol) : False;
+
+	/* connect to the domain */
+	res = res ? samr_open_domain(smb_cli, fnum,
+	            &sam_pol, 0x304, &sid,
+	            &pol_dom) : False;
+
+	/* look up user rid */
+	names[0] = user_name;
+	res1 = res ? samr_query_lookup_names(smb_cli, fnum,
+					&pol_dom, 0x3e8,
+					1, names,
+					&num_rids, rid, type) : False;
+
+	/* send set user info */
+	if (res1 && num_rids == 1)
+	{
+		void *usr = NULL;
+		uint32 switch_value = 0;
+		if (set_passwd)
+		{
+			SAM_USER_INFO_24 *p = malloc(sizeof(SAM_USER_INFO_24));
+			encode_pw_buffer(p->pass, password,
+			               strlen(password), True);
+			SamOEMhash(p->pass, smb_cli->sess_key, 1);
+
+			usr = p;
+			switch_value = 24;
+		}
+		if (usr != NULL)
+		{
+			res1 = set_samr_query_userinfo(smb_cli, fnum,
+					    &pol_dom,
+					    switch_value, rid[0], usr);
+		}
+	}
+	res = res ? samr_close(smb_cli, fnum,
+	            &sam_pol) : False;
+
+	res = res ? samr_close(smb_cli, fnum,
+	            &pol_dom) : False;
+
+	/* close the session */
+	cli_nt_session_close(smb_cli, fnum);
+
+	if (res1)
+	{
+		report(out_hnd, "Set User Info: OK\n");
+		DEBUG(5,("cmd_sam_query_user: succeeded\n"));
+	}
+	else
+	{
+		report(out_hnd, "Set User Info: Failed\n");
+		DEBUG(5,("cmd_sam_query_user: failed\n"));
+	}
+
+	free_char_array(argc, argv);
+}
+
+
+/****************************************************************************
 experimental SAM query display info.
 ****************************************************************************/
 void cmd_sam_query_dispinfo(struct client_info *info)
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 59ad1ede87..63ea653c63 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -2,8 +2,8 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    NT Domain Authentication SMB / MSRPC client
-   Copyright (C) Andrew Tridgell 1994-1997
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+   Copyright (C) Andrew Tridgell 1994-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -109,28 +109,43 @@ BOOL msrpc_srv_enum_tprt(struct cli_state *cli,
 				const char* dest_srv,
 				uint32 info_level,
 				SRV_TPRT_INFO_CTR *ctr,
-				uint32 pref_sz,
-				ENUM_HND *hnd)
+				TPRT_INFO_FN(tprt_fn))
 {
 	uint16 fnum;
 
 	BOOL res = True;
 	BOOL res1 = True;
 
+	ENUM_HND hnd;
+
+	hnd.ptr_hnd = 1;
+	hnd.handle = 0;
+
 	/* open srvsvc session. */
 	res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, &fnum) : False;
 
 	/* enumerate transports on server */
 	res1 = res ? do_srv_net_srv_tprt_enum(smb_cli, fnum,
 				dest_srv, 
-	            info_level, ctr, pref_sz, hnd) : False;
+	            info_level, ctr, 0xffffffff, &hnd) : False;
 
 	/* close the session */
 	cli_nt_session_close(smb_cli, fnum);
 
+	tprt_fn(ctr);
+
+	free_srv_tprt_ctr(ctr);
+
 	return res1;
 }
 
+static void srv_display_tprt_ctr(SRV_TPRT_INFO_CTR *ctr)
+{
+	display_srv_tprt_info_ctr(out_hnd, ACTION_HEADER   , ctr);
+	display_srv_tprt_info_ctr(out_hnd, ACTION_ENUMERATE, ctr);
+	display_srv_tprt_info_ctr(out_hnd, ACTION_FOOTER   , ctr);
+}
+
 /****************************************************************************
 server enum transports
 ****************************************************************************/
@@ -139,9 +154,7 @@ void cmd_srv_enum_tprt(struct client_info *info)
 	fstring dest_srv;
 	fstring tmp;
 	SRV_TPRT_INFO_CTR ctr;
-	ENUM_HND hnd;
 	uint32 info_level = 0;
-	uint32 pref_sz = 0xffffffff;
 
 	bzero(&ctr, sizeof(ctr));
 
@@ -159,19 +172,10 @@ void cmd_srv_enum_tprt(struct client_info *info)
 
 	DEBUG(5, ("cmd_srv_enum_tprt: smb_cli->fd:%d\n", smb_cli->fd));
 
-	hnd.ptr_hnd = 1;
-	hnd.handle = 0;
-
 	/* enumerate transports on server */
-	if (msrpc_srv_enum_tprt(smb_cli, dest_srv, 
-	            info_level, &ctr, pref_sz, &hnd))
-	{
-		display_srv_tprt_info_ctr(out_hnd, ACTION_HEADER   , &ctr);
-		display_srv_tprt_info_ctr(out_hnd, ACTION_ENUMERATE, &ctr);
-		display_srv_tprt_info_ctr(out_hnd, ACTION_FOOTER   , &ctr);
-	}
-
-	free_srv_tprt_ctr(&ctr);
+	msrpc_srv_enum_tprt(smb_cli, dest_srv, 
+	            info_level, &ctr, 
+	            srv_display_tprt_ctr);
 }
 
 /****************************************************************************
diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c
index bb99769201..74d75776b4 100644
--- a/source3/rpcclient/display.c
+++ b/source3/rpcclient/display.c
@@ -2,8 +2,8 @@
    Unix SMB/Netbios implementation.
    Version 1.9.
    Samba utility functions
-   Copyright (C) Andrew Tridgell 1992-1998
-   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1998
+   Copyright (C) Andrew Tridgell 1992-1999
+   Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 471fb52327..f5b23c018b 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -414,6 +414,12 @@ commands[] =
 		{COMPL_NONE, COMPL_NONE}
 	},
 	{
+		"samuserset",
+		cmd_sam_set_userinfo,
+		"<username> [-p password] SAM User Set Info (experimental!)",
+		{COMPL_SAMUSR, COMPL_NONE}
+	},
+	{
 		"samuser",
 		cmd_sam_query_user,
 		"<username> SAM User Query (experimental!)",
@@ -1557,6 +1563,8 @@ static char *complete_cmd_null(char *text, int state)
 		pwd_read(&(smb_cli->pwd), "Enter Password:", True);
 	}
 
+	mdfour(smb_cli->sess_key, smb_cli->pwd.smb_nt_pwd, 16);
+
 	/* paranoia: destroy the local copy of the password */
 	bzero(password, sizeof(password));