s3-samr: implement _samr_ChangePasswordUser().

This is vastly copied from samba4 samr server. Guenther
author: Günther Deschner <gd@samba.org> 2009-05-08 00:16:43 +0200
committer: Günther Deschner <gd@samba.org> 2009-05-08 00:46:49 +0200
commit: 5773d7d10253f6f53a9ae96e9979a87393b242a6 (patch)
tree: db21863620cf1d001edaf8c2934dda96683cabf0 /source3
parent: d17c6af57c6e5ec10d71a9fcbffc6ce4d34a553f (diff)
download: samba-5773d7d10253f6f53a9ae96e9979a87393b242a6.tar.gz
samba-5773d7d10253f6f53a9ae96e9979a87393b242a6.tar.bz2
samba-5773d7d10253f6f53a9ae96e9979a87393b242a6.zip
1 files changed, 106 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index cef8c08c64..1a1b5e9a74 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1769,6 +1769,112 @@ NTSTATUS _samr_LookupNames(pipes_struct *p,
 	return status;
 }
 
+/****************************************************************
+ _samr_ChangePasswordUser
+****************************************************************/
+
+NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
+				  struct samr_ChangePasswordUser *r)
+{
+	NTSTATUS status;
+	bool ret = false;
+	struct samr_user_info *uinfo;
+	struct samu *pwd;
+	struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
+	struct samr_Password lm_pwd, nt_pwd;
+
+	uinfo = policy_handle_find(p, r->in.user_handle,
+				   SAMR_USER_ACCESS_SET_PASSWORD, NULL,
+				   struct samr_user_info, &status);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
+		  sid_string_dbg(&uinfo->sid)));
+
+	if (!(pwd = samu_new(NULL))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	become_root();
+	ret = pdb_getsampwsid(pwd, &uinfo->sid);
+	unbecome_root();
+
+	if (!ret) {
+		TALLOC_FREE(pwd);
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
+	{
+		const uint8_t *lm_pass, *nt_pass;
+
+		lm_pass = pdb_get_lanman_passwd(pwd);
+		nt_pass = pdb_get_nt_passwd(pwd);
+
+		memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
+		memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
+	}
+
+	/* basic sanity checking on parameters.  Do this before any database ops */
+	if (!r->in.lm_present || !r->in.nt_present ||
+	    !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
+	    !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
+		/* we should really handle a change with lm not
+		   present */
+		status = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto out;
+	}
+
+	/* decrypt and check the new lm hash */
+	D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
+	D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
+	if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
+		status = NT_STATUS_WRONG_PASSWORD;
+		goto out;
+	}
+
+	/* decrypt and check the new nt hash */
+	D_P16(nt_pwd.hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash);
+	D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
+	if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
+		status = NT_STATUS_WRONG_PASSWORD;
+		goto out;
+	}
+
+	/* The NT Cross is not required by Win2k3 R2, but if present
+	   check the nt cross hash */
+	if (r->in.cross1_present && r->in.nt_cross) {
+		D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
+		if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
+			status = NT_STATUS_WRONG_PASSWORD;
+			goto out;
+		}
+	}
+
+	/* The LM Cross is not required by Win2k3 R2, but if present
+	   check the lm cross hash */
+	if (r->in.cross2_present && r->in.lm_cross) {
+		D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
+		if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
+			status = NT_STATUS_WRONG_PASSWORD;
+			goto out;
+		}
+	}
+
+	if (!pdb_set_nt_passwd(pwd, new_ntPwdHash.hash, PDB_CHANGED) ||
+	    !pdb_set_lanman_passwd(pwd, new_lmPwdHash.hash, PDB_CHANGED)) {
+		status = NT_STATUS_ACCESS_DENIED;
+		goto out;
+	}
+
+	status = pdb_update_sam_account(pwd);
+ out:
+	TALLOC_FREE(pwd);
+
+	return status;
+}
+
 /*******************************************************************
  _samr_ChangePasswordUser2
  ********************************************************************/
@@ -6108,16 +6214,6 @@ NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
-				  struct samr_ChangePasswordUser *r)
-{
-	p->rng_fault_state = true;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************
-****************************************************************/
-
 NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p,
 					  struct samr_TestPrivateFunctionsDomain *r)
 {
author	Günther Deschner <gd@samba.org>	2009-05-08 00:16:43 +0200
committer	Günther Deschner <gd@samba.org>	2009-05-08 00:46:49 +0200
commit	5773d7d10253f6f53a9ae96e9979a87393b242a6 (patch)
tree	db21863620cf1d001edaf8c2934dda96683cabf0 /source3
parent	d17c6af57c6e5ec10d71a9fcbffc6ce4d34a553f (diff)
download	samba-5773d7d10253f6f53a9ae96e9979a87393b242a6.tar.gz samba-5773d7d10253f6f53a9ae96e9979a87393b242a6.tar.bz2 samba-5773d7d10253f6f53a9ae96e9979a87393b242a6.zip