1 files changed, 15 insertions, 8 deletions

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index f334eeb8f3..ec83cbfdc9 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -88,17 +88,19 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
 
 	status = samdb_result_passwords(mem_ctx, dce_call->conn->dce_ctx->lp_ctx,
 					msg, &lm_pwd, &nt_pwd);
-	if (!NT_STATUS_IS_OK(status) || !lm_pwd || !nt_pwd) {
+	if (!NT_STATUS_IS_OK(status) || !nt_pwd) {
 		ldb_transaction_cancel(sam_ctx);
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
 	/* decrypt and check the new lm hash */
-	D_P16(lm_pwd->hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
-	D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
-	if (memcmp(checkHash.hash, lm_pwd, 16) != 0) {
-		ldb_transaction_cancel(sam_ctx);
-		return NT_STATUS_WRONG_PASSWORD;
+	if (lm_pwd) {
+		D_P16(lm_pwd->hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
+		D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
+		if (memcmp(checkHash.hash, lm_pwd, 16) != 0) {
+			ldb_transaction_cancel(sam_ctx);
+			return NT_STATUS_WRONG_PASSWORD;
+		}
 	}
 
 	/* decrypt and check the new nt hash */
@@ -111,7 +113,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
 	
 	/* The NT Cross is not required by Win2k3 R2, but if present
 	   check the nt cross hash */
-	if (r->in.cross1_present && r->in.nt_cross) {
+	if (r->in.cross1_present && r->in.nt_cross && lm_pwd) {
 		D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash);
 		if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
 			ldb_transaction_cancel(sam_ctx);
@@ -121,7 +123,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
 
 	/* The LM Cross is not required by Win2k3 R2, but if present
 	   check the lm cross hash */
-	if (r->in.cross2_present && r->in.lm_cross) {
+	if (r->in.cross2_present && r->in.lm_cross && lm_pwd) {
 		D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash);
 		if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
 			ldb_transaction_cancel(sam_ctx);
@@ -206,6 +208,11 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	/* this call can only work with lanman auth */
+	if (!lp_lanman_auth(dce_call->conn->dce_ctx->lp_ctx)) {
+		return NT_STATUS_NOT_SUPPORTED;
+	}
+
 	/* To change a password we need to open as system */
 	sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
 	if (sam_ctx == NULL) {