diff options
-rw-r--r-- | source3/smbd/lanman.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 26debc2963..8c4d60cef9 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -2840,6 +2840,8 @@ static bool api_SetUserPassword(connection_struct *conn,uint16 vuid, struct samr_Password new_lm_hash; int errcode = NERR_badpass; uint32_t rid; + int encrypted; + int min_pwd_length; /* Skip 2 strings. */ p = skip_string(param,tpscnt,np); @@ -2872,6 +2874,18 @@ static bool api_SetUserPassword(connection_struct *conn,uint16 vuid, memcpy(pass1,p,16); memcpy(pass2,p+16,16); + encrypted = get_safe_SVAL(param,tpscnt,p+32,0,-1); + if (encrypted == -1) { + errcode = W_ERROR_V(WERR_INVALID_PARAM); + goto out; + } + + min_pwd_length = get_safe_SVAL(param,tpscnt,p+34,0,-1); + if (min_pwd_length == -1) { + errcode = W_ERROR_V(WERR_INVALID_PARAM); + goto out; + } + *rparam_len = 4; *rparam = smb_realloc_limit(*rparam,*rparam_len); if (!*rparam) { @@ -2880,7 +2894,8 @@ static bool api_SetUserPassword(connection_struct *conn,uint16 vuid, *rdata_len = 0; - DEBUG(3,("Set password for <%s>\n",user)); + DEBUG(3,("Set password for <%s> (encrypted: %d, min_pwd_length: %d)\n", + user, encrypted, min_pwd_length)); ZERO_STRUCT(connect_handle); ZERO_STRUCT(domain_handle); @@ -2966,8 +2981,15 @@ static bool api_SetUserPassword(connection_struct *conn,uint16 vuid, goto out; } - E_deshash(pass1, old_lm_hash.hash); - E_deshash(pass2, new_lm_hash.hash); + if (encrypted == 0) { + E_deshash(pass1, old_lm_hash.hash); + E_deshash(pass2, new_lm_hash.hash); + } else { + ZERO_STRUCT(old_lm_hash); + ZERO_STRUCT(new_lm_hash); + memcpy(old_lm_hash.hash, pass1, MIN(strlen(pass1), 16)); + memcpy(new_lm_hash.hash, pass1, MIN(strlen(pass2), 16)); + } status = rpccli_samr_ChangePasswordUser(cli, mem_ctx, &user_handle, |