diff options
-rw-r--r-- | source4/librpc/idl/samr.idl | 27 | ||||
-rw-r--r-- | source4/torture/rpc/samr.c | 43 |
2 files changed, 33 insertions, 37 deletions
diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl index 3de5459bd5..92b7a3fa91 100644 --- a/source4/librpc/idl/samr.idl +++ b/source4/librpc/idl/samr.idl @@ -735,24 +735,21 @@ } samr_Hash; /* - this interface is quite mysterious. I can make w2k3 give me - NT_STATUS_PASSWORD_RESTRICTION and NT_STATUS_WRONG_PASSWORD - with various options, but so far I haven't managed a successful - password change. Perhaps this interface is disabled now? - Needs testing against NT4 + this is a password change interface that doesn't give + the server the plaintext password. Depricated. */ NTSTATUS samr_ChangePasswordUser( [in,ref] policy_handle *handle, - [in] bool8 unknown1, - [in] samr_Hash *hash1, - [in] samr_Hash *hash2, - [in] bool8 unknown2, - [in] samr_Hash *hash3, - [in] samr_Hash *hash4, - [in] bool8 unknown3, - [in] samr_Hash *hash5, - [in] bool8 unknown4, - [in] samr_Hash *hash6 + [in] bool8 lm_present, + [in] samr_Hash *old_lm_crypted, + [in] samr_Hash *new_lm_crypted, + [in] bool8 nt_present, + [in] samr_Hash *old_nt_crypted, + [in] samr_Hash *new_nt_crypted, + [in] bool8 cross1_present, + [in] samr_Hash *nt_cross, + [in] bool8 cross2_present, + [in] samr_Hash *lm_cross ); /************************/ diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 1e5cfb561a..12639de688 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -524,7 +524,7 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct samr_ChangePasswordUser r; BOOL ret = True; - struct samr_Hash hash1, hash2, hash3, hash4; + struct samr_Hash hash1, hash2, hash3, hash4, hash5, hash6; struct policy_handle user_handle; char *oldpass = *password; char *newpass = samr_rand_pass(mem_ctx); @@ -540,36 +540,34 @@ static BOOL test_ChangePasswordUser(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); - E_deshash(oldpass, old_lm_hash); E_deshash(newpass, new_lm_hash); - memcpy(hash1.hash, new_lm_hash, 16); - SamOEMhash(hash1.hash, old_lm_hash, 16); - E_old_pw_hash(new_lm_hash, old_lm_hash, hash2.hash); - - memcpy(hash3.hash, new_lm_hash, 16); - SamOEMhash(hash3.hash, old_nt_hash, 16); - E_old_pw_hash(new_nt_hash, old_nt_hash, hash4.hash); + E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash); + E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash); + E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash); + E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash); + E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash); + E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash); r.in.handle = &user_handle; - r.in.unknown1 = 1; - r.in.hash1 = &hash1; - r.in.hash2 = &hash2; - r.in.unknown2 = 1; - r.in.hash3 = &hash3; - r.in.hash4 = &hash4; - r.in.unknown3 = 1; - r.in.hash5 = &hash1; - r.in.unknown4 = 1; - r.in.hash6 = &hash3; + r.in.lm_present = 1; + r.in.old_lm_crypted = &hash1; + r.in.new_lm_crypted = &hash2; + r.in.nt_present = 1; + r.in.old_nt_crypted = &hash3; + r.in.new_nt_crypted = &hash4; + r.in.cross1_present = 1; + r.in.nt_cross = &hash5; + r.in.cross2_present = 1; + r.in.lm_cross = &hash6; status = dcerpc_samr_ChangePasswordUser(p, mem_ctx, &r); - /* because we don't yet have the right code above, we expect - WRONG_PASSWORD back */ - if (!NT_STATUS_EQUAL(NT_STATUS_WRONG_PASSWORD, status)) { + if (!NT_STATUS_IS_OK(status)) { printf("ChangePasswordUser failed - %s\n", nt_errstr(status)); ret = False; + } else { + *password = newpass; } if (!test_Close(p, mem_ctx, &user_handle)) { @@ -2719,3 +2717,4 @@ BOOL torture_rpc_samr(int dummy) return ret; } + |