summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_samr.c89
1 files changed, 89 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 047d0a1f95..fb95da97ae 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -1205,6 +1205,95 @@ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
return result;
}
+/* change password 3 */
+
+NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ const char *username,
+ const char *newpassword,
+ const char *oldpassword,
+ SAM_UNK_INFO_1 **info,
+ SAMR_CHANGE_REJECT **reject)
+{
+ prs_struct qbuf, rbuf;
+ SAMR_Q_CHGPASSWD3 q;
+ SAMR_R_CHGPASSWD3 r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+
+ uchar new_nt_password[516];
+ uchar new_lm_password[516];
+ uchar old_nt_hash[16];
+ uchar old_lanman_hash[16];
+ uchar old_nt_hash_enc[16];
+ uchar old_lanman_hash_enc[16];
+
+ uchar new_nt_hash[16];
+ uchar new_lanman_hash[16];
+
+ char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+
+ DEBUG(10,("rpccli_samr_chgpasswd3\n"));
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ *info = NULL;
+ *reject = NULL;
+
+ /* Calculate the MD4 hash (NT compatible) of the password */
+ E_md4hash(oldpassword, old_nt_hash);
+ E_md4hash(newpassword, new_nt_hash);
+
+ if (lp_client_lanman_auth()
+ && E_deshash(newpassword, new_lanman_hash)
+ && E_deshash(oldpassword, old_lanman_hash)) {
+ /* E_deshash returns false for 'long' passwords (> 14
+ DOS chars). This allows us to match Win2k, which
+ does not store a LM hash for these passwords (which
+ would reduce the effective password length to 14) */
+
+ encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE);
+
+ SamOEMhash( new_lm_password, old_nt_hash, 516);
+ E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc);
+ } else {
+ ZERO_STRUCT(new_lm_password);
+ ZERO_STRUCT(old_lanman_hash_enc);
+ }
+
+ encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE);
+
+ SamOEMhash( new_nt_password, old_nt_hash, 516);
+ E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc);
+
+ /* Marshall data and send request */
+
+ init_samr_q_chgpasswd3(&q, srv_name_slash, username,
+ new_nt_password,
+ old_nt_hash_enc,
+ new_lm_password,
+ old_lanman_hash_enc);
+
+ CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD3,
+ q, r,
+ qbuf, rbuf,
+ samr_io_q_chgpasswd3,
+ samr_io_r_chgpasswd3,
+ NT_STATUS_UNSUCCESSFUL);
+
+ /* Return output parameters */
+
+ if (!NT_STATUS_IS_OK(result = r.status)) {
+ *info = &r.info;
+ *reject = &r.reject;
+ goto done;
+ }
+
+ done:
+
+ return result;
+}
+
/* This function returns the bizzare set of (max_entries, max_size) required
for the QueryDisplayInfo RPC to actually work against a domain controller
with large (10k and higher) numbers of users. These values were