From 059293cbf4553a3b4dbfe78dcadb362ec344ef3b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 25 Jun 2008 10:35:59 +0200 Subject: rename rpccli_samr_chgpasswd_user to rpccli_samr_chgpasswd_user2. Guenther (This used to be commit 5b4650d56c04be0c498413f17afb2cf6d0e7d548) --- source3/include/proto.h | 10 +++++----- source3/libsmb/passchange.c | 6 +++--- source3/rpc_client/cli_samr.c | 14 +++++++------- source3/rpcclient/cmd_samr.c | 2 +- source3/winbindd/winbindd_pam.c | 6 +++--- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 1aca7f436d..30db25b478 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7144,11 +7144,11 @@ uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ); /* The following definitions come from rpc_client/cli_samr.c */ -NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, - const char *oldpassword); +NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword); NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *username, diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index 8f7cbf265e..3b82e5767f 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -177,8 +177,8 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam } } - result = rpccli_samr_chgpasswd_user(pipe_hnd, talloc_tos(), - user_name, new_passwd, old_passwd); + result = rpccli_samr_chgpasswd_user2(pipe_hnd, talloc_tos(), + user_name, new_passwd, old_passwd); if (NT_STATUS_IS_OK(result)) { /* Great - it all worked! */ cli_shutdown(cli); @@ -207,7 +207,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &result); if ( pipe_hnd && - (NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user( + (NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user2( pipe_hnd, talloc_tos(), user_name, new_passwd, old_passwd)))) { /* Great - it all worked! */ diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 21fecc4196..3ff2ef9d07 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -25,11 +25,11 @@ /* User change password */ -NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, - const char *oldpassword) +NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct samr_CryptPassword new_nt_password; @@ -43,7 +43,7 @@ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, uchar new_lanman_hash[16]; struct lsa_String server, account; - DEBUG(10,("rpccli_samr_chgpasswd_user\n")); + DEBUG(10,("rpccli_samr_chgpasswd_user2\n")); init_lsa_String(&server, cli->srv_name_slash); init_lsa_String(&account, username); @@ -149,7 +149,7 @@ NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli, struct lsa_String server, account; - DEBUG(10,("rpccli_samr_chgpasswd_user3\n")); + DEBUG(10,("rpccli_samr_chgpasswd3\n")); init_lsa_String(&server, cli->srv_name_slash); init_lsa_String(&account, username); diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index cc92fef7e5..711ca80dcc 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -2463,7 +2463,7 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli, goto done; /* Change user password */ - result = rpccli_samr_chgpasswd_user(cli, mem_ctx, user, newpass, oldpass); + result = rpccli_samr_chgpasswd_user2(cli, mem_ctx, user, newpass, oldpass); if (!NT_STATUS_IS_OK(result)) goto done; diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index f548a04d35..40bd869433 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2093,15 +2093,15 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact got_info = True; } - /* only fallback when the chgpasswd3 call is not supported */ + /* only fallback when the chgpasswd_user3 call is not supported */ if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) { - DEBUG(10,("Password change with chgpasswd3 failed with: %s, retrying chgpasswd_user\n", + DEBUG(10,("Password change with chgpasswd3 failed with: %s, retrying chgpasswd_user2\n", nt_errstr(result))); - result = rpccli_samr_chgpasswd_user(cli, state->mem_ctx, user, newpass, oldpass); + result = rpccli_samr_chgpasswd_user2(cli, state->mem_ctx, user, newpass, oldpass); /* Windows 2000 returns NT_STATUS_ACCOUNT_RESTRICTION. Map to the same status code as Windows 2003. */ -- cgit From 14d500c0e7e4261fa8d9dbc12e14d79a424059c3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 25 Jun 2008 21:49:57 +0200 Subject: rename rpccli_samr_chgpasswd3 to rpccli_samr_chgpasswd_user3. Guenther (This used to be commit b1209a039b45985e0b28777e04cba5bcc3de061e) --- source3/include/proto.h | 14 +++++++------- source3/rpc_client/cli_samr.c | 16 ++++++++-------- source3/rpcclient/cmd_samr.c | 12 ++++++------ source3/winbindd/winbindd_pam.c | 14 +++++++------- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 30db25b478..42277277b0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7156,13 +7156,13 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, DATA_BLOB old_nt_hash_enc_blob, DATA_BLOB new_lm_password_blob, DATA_BLOB old_lm_hash_enc_blob); -NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, - const char *oldpassword, - struct samr_DomInfo1 **dominfo1, - struct samr_ChangeReject **reject); +NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword, + struct samr_DomInfo1 **dominfo1, + struct samr_ChangeReject **reject); void get_query_dispinfo_params(int loop_count, uint32 *max_entries, uint32 *max_size); NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli, diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 3ff2ef9d07..d0c71c5bb1 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -127,13 +127,13 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, /* change password 3 */ -NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, - const char *oldpassword, - struct samr_DomInfo1 **dominfo1, - struct samr_ChangeReject **reject) +NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword, + struct samr_DomInfo1 **dominfo1, + struct samr_ChangeReject **reject) { NTSTATUS status; @@ -149,7 +149,7 @@ NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli, struct lsa_String server, account; - DEBUG(10,("rpccli_samr_chgpasswd3\n")); + DEBUG(10,("rpccli_samr_chgpasswd_user3\n")); init_lsa_String(&server, cli->srv_name_slash); init_lsa_String(&account, username); diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 711ca80dcc..a3e8e9bb6b 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -2522,12 +2522,12 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli, goto done; /* Change user password */ - result = rpccli_samr_chgpasswd3(cli, mem_ctx, - user, - newpass, - oldpass, - &info, - &reject); + result = rpccli_samr_chgpasswd_user3(cli, mem_ctx, + user, + newpass, + oldpass, + &info, + &reject); if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 40bd869433..f7001f7716 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2066,12 +2066,12 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact goto done; } - result = rpccli_samr_chgpasswd3(cli, state->mem_ctx, - user, - newpass, - oldpass, - &info, - &reject); + result = rpccli_samr_chgpasswd_user3(cli, state->mem_ctx, + user, + newpass, + oldpass, + &info, + &reject); /* Windows 2003 returns NT_STATUS_PASSWORD_RESTRICTION */ @@ -2098,7 +2098,7 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) { - DEBUG(10,("Password change with chgpasswd3 failed with: %s, retrying chgpasswd_user2\n", + DEBUG(10,("Password change with chgpasswd_user3 failed with: %s, retrying chgpasswd_user2\n", nt_errstr(result))); result = rpccli_samr_chgpasswd_user2(cli, state->mem_ctx, user, newpass, oldpass); -- cgit From 402733b518dada3ffd3a9cb622a8f994ed35a9ac Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 25 Jun 2008 11:50:17 +0200 Subject: rpc_client: add rpccli_samr_chgpasswd_user() call. Guenther (This used to be commit 10fd2baa8320f96286d53b677cf38f3ca3aa88a7) --- source3/include/proto.h | 5 ++++ source3/rpc_client/cli_samr.c | 53 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 42277277b0..1eb5fbda03 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7144,6 +7144,11 @@ uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ); /* The following definitions come from rpc_client/cli_samr.c */ +NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + struct policy_handle *user_handle, + const char *newpassword, + const char *oldpassword); NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *username, diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index d0c71c5bb1..ed42d56a02 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -23,6 +23,59 @@ #include "includes.h" +/* User change password */ + +NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + struct policy_handle *user_handle, + const char *newpassword, + const char *oldpassword) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6; + + uchar old_nt_hash[16]; + uchar old_lm_hash[16]; + uchar new_nt_hash[16]; + uchar new_lm_hash[16]; + + ZERO_STRUCT(old_nt_hash); + ZERO_STRUCT(old_lm_hash); + ZERO_STRUCT(new_nt_hash); + ZERO_STRUCT(new_lm_hash); + + DEBUG(10,("rpccli_samr_chgpasswd_user\n")); + + E_md4hash(oldpassword, old_nt_hash); + E_md4hash(newpassword, new_nt_hash); + + E_deshash(oldpassword, old_lm_hash); + E_deshash(newpassword, new_lm_hash); + + E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash); + E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash); + E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash); + E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash); + E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash); + E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash); + + result = rpccli_samr_ChangePasswordUser(cli, mem_ctx, + user_handle, + true, + &hash1, + &hash2, + true, + &hash3, + &hash4, + true, + &hash5, + true, + &hash6); + + return result; +} + + /* User change password */ NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli, -- cgit From 7139745b018a3d2304aff24a5baef97ec750256a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 25 Jun 2008 11:50:50 +0200 Subject: rpcclient: add samr chgpasswd command. Guenther (This used to be commit b90ae343722eb73c5874d875aa439e4ef92ed06a) --- source3/rpcclient/cmd_samr.c | 93 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index a3e8e9bb6b..e25a358cd3 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -2422,6 +2422,98 @@ done: return result; } +/* Change user password */ + +static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + POLICY_HND connect_pol, domain_pol, user_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + const char *user, *oldpass, *newpass; + uint32 access_mask = MAXIMUM_ALLOWED_ACCESS; + struct samr_Ids rids, types; + struct lsa_String lsa_acct_name; + + if (argc < 3) { + printf("Usage: %s username oldpass newpass\n", argv[0]); + return NT_STATUS_INVALID_PARAMETER; + } + + user = argv[1]; + oldpass = argv[2]; + newpass = argv[3]; + + /* Get sam policy handle */ + + result = rpccli_try_samr_connects(cli, mem_ctx, + MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Get domain policy handle */ + + result = rpccli_samr_OpenDomain(cli, mem_ctx, + &connect_pol, + access_mask, + &domain_sid, + &domain_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + init_lsa_String(&lsa_acct_name, user); + + result = rpccli_samr_LookupNames(cli, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &rids, + &types); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_OpenUser(cli, mem_ctx, + &domain_pol, + access_mask, + rids.ids[0], + &user_pol); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Change user password */ + result = rpccli_samr_chgpasswd_user(cli, mem_ctx, + &user_pol, + newpass, + oldpass); + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + done: + if (is_valid_policy_hnd(&user_pol)) { + rpccli_samr_Close(cli, mem_ctx, &user_pol); + } + if (is_valid_policy_hnd(&domain_pol)) { + rpccli_samr_Close(cli, mem_ctx, &domain_pol); + } + if (is_valid_policy_hnd(&connect_pol)) { + rpccli_samr_Close(cli, mem_ctx, &connect_pol); + } + + return result; +} + + /* Change user password */ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli, @@ -2663,6 +2755,7 @@ struct cmd_set samr_commands[] = { { "getusrdompwinfo", RPC_RTYPE_NTSTATUS, cmd_samr_get_usrdom_pwinfo, NULL, PI_SAMR, NULL, "Retrieve user domain password info", "" }, { "lookupdomain", RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain, NULL, PI_SAMR, NULL, "Lookup Domain Name", "" }, + { "chgpasswd", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd, NULL, PI_SAMR, NULL, "Change user password", "" }, { "chgpasswd2", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd2, NULL, PI_SAMR, NULL, "Change user password", "" }, { "chgpasswd3", RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3, NULL, PI_SAMR, NULL, "Change user password", "" }, { "getdispinfoidx", RPC_RTYPE_NTSTATUS, cmd_samr_get_dispinfo_idx, NULL, PI_SAMR, NULL, "Get Display Information Index", "" }, -- cgit