From cae821d45926157a250e9fa047e0c8aa8c0c2c54 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 4 Nov 1999 00:09:15 +0000 Subject: adding experimental set user password command to rpcclient, it returns error wrong password against nt. ???? (This used to be commit b3f16e6b5aa5ba1b6afa38ad698646c8e765ec90) --- source3/include/ntdomain.h | 2 + source3/include/proto.h | 13 +++- source3/libsmb/smbencrypt.c | 66 ++++++++++++++++ source3/rpc_client/cli_samr.c | 90 +++++++++++++++++++++ source3/rpc_parse/parse_samr.c | 45 +++++++---- source3/rpcclient/cmd_lsarpc.c | 4 +- source3/rpcclient/cmd_reg.c | 4 +- source3/rpcclient/cmd_samr.c | 172 ++++++++++++++++++++++++++++++++++++++++- source3/rpcclient/cmd_srvsvc.c | 42 +++++----- source3/rpcclient/display.c | 4 +- source3/rpcclient/rpcclient.c | 8 ++ source3/smbd/chgpasswd.c | 31 ++++++++ 12 files changed, 438 insertions(+), 43 deletions(-) diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 120426d182..789a02e086 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -169,5 +169,7 @@ struct acct_info #define SVC_QUERY_FN(fn) void (*fn)(QUERY_SERVICE_CONFIG *) #define SVC_INFO_FN(fn) void (*fn)(ENUM_SRVC_STATUS *) +#define TPRT_INFO_FN(fn) void (*fn)(SRV_TPRT_INFO_CTR *) + #endif /* _NT_DOMAIN_H */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 449a7be805..f700b915f0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1906,6 +1906,10 @@ BOOL delete_samr_dom_alias(struct cli_state *cli, uint16 fnum, BOOL get_samr_query_aliasmem(struct cli_state *cli, uint16 fnum, POLICY_HND *pol_open_domain, uint32 alias_rid, uint32 *num_mem, DOM_SID2 *sid); +BOOL set_samr_query_userinfo(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol_open_domain, + uint32 info_level, + uint32 user_rid, void *usr); BOOL get_samr_query_userinfo(struct cli_state *cli, uint16 fnum, POLICY_HND *pol_open_domain, uint32 info_level, @@ -2017,6 +2021,8 @@ BOOL samr_query_usergroups(struct cli_state *cli, uint16 fnum, BOOL samr_query_groupinfo(struct cli_state *cli, uint16 fnum, POLICY_HND *pol, uint16 switch_value, GROUP_INFO_CTR* ctr); +BOOL samr_set_userinfo(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol, uint16 switch_value, void* usr); BOOL samr_query_userinfo(struct cli_state *cli, uint16 fnum, POLICY_HND *pol, uint16 switch_value, void* usr); BOOL samr_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd); @@ -2829,6 +2835,7 @@ BOOL make_samr_q_set_userinfo(SAMR_Q_SET_USERINFO *q_u, POLICY_HND *hnd, uint16 switch_value, void *info); BOOL samr_io_q_set_userinfo(char *desc, SAMR_Q_SET_USERINFO *q_u, prs_struct *ps, int depth); +void free_samr_q_set_userinfo(SAMR_Q_SET_USERINFO *q_u); BOOL make_samr_r_set_userinfo(SAMR_R_SET_USERINFO *r_u, uint32 status); BOOL samr_io_r_set_userinfo(char *desc, SAMR_R_SET_USERINFO *r_u, prs_struct *ps, int depth); BOOL make_samr_q_connect(SAMR_Q_CONNECT *q_u, @@ -3340,6 +3347,7 @@ void cmd_sam_enum_users(struct client_info *info); void cmd_sam_query_groupmem(struct client_info *info); void cmd_sam_query_group(struct client_info *info); void cmd_sam_query_user(struct client_info *info); +void cmd_sam_set_userinfo(struct client_info *info); void cmd_sam_query_dispinfo(struct client_info *info); void cmd_sam_query_dominfo(struct client_info *info); void cmd_sam_query_aliasmem(struct client_info *info); @@ -3357,8 +3365,7 @@ BOOL msrpc_srv_enum_tprt(struct cli_state *cli, const char* dest_srv, uint32 info_level, SRV_TPRT_INFO_CTR *ctr, - uint32 pref_sz, - ENUM_HND *hnd); + TPRT_INFO_FN(tprt_fn)); void cmd_srv_enum_tprt(struct client_info *info); void cmd_srv_enum_conn(struct client_info *info); void cmd_srv_enum_shares(struct client_info *info); @@ -3525,6 +3532,8 @@ BOOL pass_oem_change(char *user, uchar *ntdata, uchar *nthash); BOOL decode_pw_buffer(const char buffer[516], char *new_passwd, int new_passwd_size, BOOL nt_pass_set); +BOOL encode_pw_buffer(char buffer[516], const char *new_passwd, + int new_pw_len, BOOL nt_pass_set); BOOL check_oem_password(char *user, uchar *lmdata, uchar *lmhash, uchar *ntdata, uchar *nthash, diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index b4f2cb1601..b25e27550c 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -429,3 +429,69 @@ void create_ntlmssp_resp(struct pwd_info *pwd, smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, auth_resp, 0); mem_realloc_data(auth_resp->data, auth_resp->offset); } + +/*********************************************************** + decode a password buffer +************************************************************/ +BOOL decode_pw_buffer(const char buffer[516], char *new_passwd, + int new_passwd_size, BOOL nt_pass_set) +{ + /* + * The length of the new password is in the last 4 bytes of + * the data buffer. + */ + + uint32 new_pw_len = IVAL(buffer, 512); + if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1) + { + DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len)); + return False; + } + + if (nt_pass_set) + { + /* + * nt passwords are in unicode + */ + int uni_pw_len = new_pw_len; + new_pw_len /= 2; + unibuf_to_ascii(new_passwd, &buffer[512-uni_pw_len], new_pw_len); + } + else + { + memcpy(new_passwd, &buffer[512-new_pw_len], new_pw_len); + new_passwd[new_pw_len] = '\0'; + } + + return True; +} + +/*********************************************************** + encode a password buffer +************************************************************/ +BOOL encode_pw_buffer(char buffer[516], const char *new_pass, + int new_pw_len, BOOL nt_pass_set) +{ + if (nt_pass_set) + { + /* + * nt passwords are in unicode. last char overwrites NULL + * in ascii_to_unibuf, so use SIVAL *afterwards*. + */ + new_pw_len *= 2; + ascii_to_unibuf(&buffer[512-new_pw_len], new_pass, new_pw_len); + } + else + { + memcpy(&buffer[512-new_pw_len], new_pass, new_pw_len); + } + + /* + * The length of the new password is in the last 4 bytes of + * the data buffer. + */ + + SIVAL(buffer, 512, new_pw_len); + + return True; +} diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 4ec658e664..08a81040ef 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -303,6 +303,41 @@ BOOL get_samr_query_aliasmem(struct cli_state *cli, uint16 fnum, return samr_close(cli, fnum,&pol_open_alias) && ret; } +/**************************************************************************** +do a SAMR set user info +****************************************************************************/ +BOOL set_samr_query_userinfo(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol_open_domain, + uint32 info_level, + uint32 user_rid, void *usr) +{ + POLICY_HND pol_open_user; + BOOL ret = True; + + if (pol_open_domain == NULL || usr == NULL) return False; + + /* send open domain (on user sid) */ + if (!samr_open_user(cli, fnum, + pol_open_domain, + 0x02000000, user_rid, + &pol_open_user)) + { + return False; + } + + /* send user info query */ + if (!samr_set_userinfo(cli, fnum, + &pol_open_user, + info_level, usr)) + { + DEBUG(5,("samr_set_userinfo: error in query user info, level 0x%x\n", + info_level)); + ret = False; + } + + return samr_close(cli, fnum,&pol_open_user) && ret; +} + /**************************************************************************** do a SAMR query user info ****************************************************************************/ @@ -2415,6 +2450,61 @@ BOOL samr_query_groupinfo(struct cli_state *cli, uint16 fnum, return valid_query; } +/**************************************************************************** +do a SAMR Set User Info +****************************************************************************/ +BOOL samr_set_userinfo(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol, uint16 switch_value, void* usr) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_SET_USERINFO q_o; + BOOL valid_query = False; + + DEBUG(4,("SAMR Set User Info. level: %d\n", switch_value)); + + if (pol == NULL || usr == NULL || switch_value == 0) return False; + + /* create and send a MSRPC command with api SAMR_SET_USERINFO */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + /* store the parameters */ + make_samr_q_set_userinfo(&q_o, pol, switch_value, usr); + + /* turn parameters into data stream */ + samr_io_q_set_userinfo("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, fnum, SAMR_SET_USERINFO, &data, &rdata)) + { + SAMR_R_SET_USERINFO r_o; + BOOL p; + + samr_io_r_set_userinfo("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(4,("SAMR_R_QUERY_USERINFO: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + valid_query = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_query; +} + /**************************************************************************** do a SAMR Query User Info ****************************************************************************/ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index c41d7014bd..de87c42473 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -5341,27 +5341,19 @@ BOOL make_samr_q_set_userinfo(SAMR_Q_SET_USERINFO *q_u, memcpy(&(q_u->pol), hnd, sizeof(q_u->pol)); q_u->switch_value = switch_value; q_u->switch_value2 = switch_value; + q_u->info.id = info; switch (switch_value) { case 0x18: - { - q_u->info.id24 = (SAM_USER_INFO_24*)info; - - break; - } - case 0x17: { - q_u->info.id23 = (SAM_USER_INFO_23*)info; - break; } - default: { DEBUG(4,("make_samr_q_set_userinfo: unsupported switch level\n")); - break; + return False; } } @@ -5397,8 +5389,12 @@ BOOL samr_io_q_set_userinfo(char *desc, SAMR_Q_SET_USERINFO *q_u, prs_struct *ps } case 24: { - q_u->info.id = (SAM_USER_INFO_24*)Realloc(NULL, - sizeof(*q_u->info.id24)); + if (ps->io) + { + /* reading */ + q_u->info.id = (SAM_USER_INFO_24*)Realloc(NULL, + sizeof(*q_u->info.id24)); + } if (q_u->info.id == NULL) { DEBUG(2,("samr_io_q_query_userinfo: info pointer not initialised\n")); @@ -5409,8 +5405,12 @@ BOOL samr_io_q_set_userinfo(char *desc, SAMR_Q_SET_USERINFO *q_u, prs_struct *ps } case 23: { - q_u->info.id = (SAM_USER_INFO_23*)Realloc(NULL, - sizeof(*q_u->info.id23)); + if (ps->io) + { + /* reading */ + q_u->info.id = (SAM_USER_INFO_23*)Realloc(NULL, + sizeof(*q_u->info.id23)); + } if (q_u->info.id == NULL) { DEBUG(2,("samr_io_q_query_userinfo: info pointer not initialised\n")); @@ -5428,9 +5428,26 @@ BOOL samr_io_q_set_userinfo(char *desc, SAMR_Q_SET_USERINFO *q_u, prs_struct *ps } prs_align(ps); + if (!ps->io) + { + free_samr_q_set_userinfo(q_u); + } + return True; } +/******************************************************************* +frees a structure. +********************************************************************/ +void free_samr_q_set_userinfo(SAMR_Q_SET_USERINFO *q_u) +{ + if (q_u->info.id == NULL) + { + free(q_u->info.id); + } + q_u->info.id = NULL; +} + /******************************************************************* makes a SAMR_R_SET_USERINFO structure. ********************************************************************/ diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index c445d91f57..53ffb24cfd 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -2,8 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Andrew Tridgell 1994-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c index 4d9cdf5f15..adf3c7281e 100644 --- a/source3/rpcclient/cmd_reg.c +++ b/source3/rpcclient/cmd_reg.c @@ -2,8 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Andrew Tridgell 1994-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 4ed82fbe28..d8ebc56ab6 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -2,8 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Andrew Tridgell 1994-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -2510,6 +2510,174 @@ void cmd_sam_query_user(struct client_info *info) } +/**************************************************************************** +experimental SAM user set. +****************************************************************************/ +void cmd_sam_set_userinfo(struct client_info *info) +{ + uint16 fnum; + fstring srv_name; + fstring domain; + fstring sid_str; + DOM_SID sid; + BOOL res = True; + BOOL res1 = True; + uint32 argc = 0; + char **argv = NULL; + uint32 cp_argc = 0; + char **cp_argv = NULL; + extern int optind; + int opt; + BOOL set_passwd = False; + + fstring user_name; + fstring password; + fstring tmp; + + char *names[1]; + uint32 num_rids; + uint32 rid[MAX_LOOKUP_SIDS]; + uint32 type[MAX_LOOKUP_SIDS]; + POLICY_HND sam_pol; + POLICY_HND pol_dom; + + fstrcpy(domain, info->dom.level5_dom); + sid_copy(&sid, &info->dom.level5_sid); + + if (sid.num_auths == 0) + { + report(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); + return; + } + + /* create arguments array */ + while (next_token(NULL, tmp, NULL, sizeof(tmp))) + { + add_chars_to_array(&argc, &argv, tmp); + } + + cp_argc = argc; + cp_argv = argv; + + if (cp_argc == 0) + { + report(out_hnd, "samuserset [-p password]\n"); + return; + } + + safe_strcpy(user_name, cp_argv[0], sizeof(user_name)); + + cp_argc--; + cp_argv++; + + if (cp_argc == 0) + { + fstring pass_str; + char *pass; + slprintf(pass_str, sizeof(pass_str)-1, "Enter %s's Password:", + user_name); + pass = (char*)getpass(pass_str); + + if (pass != NULL) + { + safe_strcpy(password, pass, + sizeof(password)-1); + set_passwd = True; + } + } + else + { + optind = -1; + while ((opt = getopt(cp_argc, cp_argv,"p:")) != EOF) + { + switch (opt) + { + case 'p': + { + set_passwd = True; + safe_strcpy(password, optarg, + sizeof(password)-1); + break; + } + } + } + } + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->dest_host); + strupper(srv_name); + + sid_to_string(sid_str, &sid); + + report(out_hnd, "SAM Set User Info: %s\n", user_name); + report(out_hnd, "Password: %s\n", password); + + /* open SAMR session. negotiate credentials */ + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, &fnum) : False; + + /* establish a connection. */ + res = res ? samr_connect(smb_cli, fnum, + srv_name, 0x02000000, + &sam_pol) : False; + + /* connect to the domain */ + res = res ? samr_open_domain(smb_cli, fnum, + &sam_pol, 0x304, &sid, + &pol_dom) : False; + + /* look up user rid */ + names[0] = user_name; + res1 = res ? samr_query_lookup_names(smb_cli, fnum, + &pol_dom, 0x3e8, + 1, names, + &num_rids, rid, type) : False; + + /* send set user info */ + if (res1 && num_rids == 1) + { + void *usr = NULL; + uint32 switch_value = 0; + if (set_passwd) + { + SAM_USER_INFO_24 *p = malloc(sizeof(SAM_USER_INFO_24)); + encode_pw_buffer(p->pass, password, + strlen(password), True); + SamOEMhash(p->pass, smb_cli->sess_key, 1); + + usr = p; + switch_value = 24; + } + if (usr != NULL) + { + res1 = set_samr_query_userinfo(smb_cli, fnum, + &pol_dom, + switch_value, rid[0], usr); + } + } + res = res ? samr_close(smb_cli, fnum, + &sam_pol) : False; + + res = res ? samr_close(smb_cli, fnum, + &pol_dom) : False; + + /* close the session */ + cli_nt_session_close(smb_cli, fnum); + + if (res1) + { + report(out_hnd, "Set User Info: OK\n"); + DEBUG(5,("cmd_sam_query_user: succeeded\n")); + } + else + { + report(out_hnd, "Set User Info: Failed\n"); + DEBUG(5,("cmd_sam_query_user: failed\n")); + } + + free_char_array(argc, argv); +} + + /**************************************************************************** experimental SAM query display info. ****************************************************************************/ diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c index 59ad1ede87..63ea653c63 100644 --- a/source3/rpcclient/cmd_srvsvc.c +++ b/source3/rpcclient/cmd_srvsvc.c @@ -2,8 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Andrew Tridgell 1994-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -109,28 +109,43 @@ BOOL msrpc_srv_enum_tprt(struct cli_state *cli, const char* dest_srv, uint32 info_level, SRV_TPRT_INFO_CTR *ctr, - uint32 pref_sz, - ENUM_HND *hnd) + TPRT_INFO_FN(tprt_fn)) { uint16 fnum; BOOL res = True; BOOL res1 = True; + ENUM_HND hnd; + + hnd.ptr_hnd = 1; + hnd.handle = 0; + /* open srvsvc session. */ res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, &fnum) : False; /* enumerate transports on server */ res1 = res ? do_srv_net_srv_tprt_enum(smb_cli, fnum, dest_srv, - info_level, ctr, pref_sz, hnd) : False; + info_level, ctr, 0xffffffff, &hnd) : False; /* close the session */ cli_nt_session_close(smb_cli, fnum); + tprt_fn(ctr); + + free_srv_tprt_ctr(ctr); + return res1; } +static void srv_display_tprt_ctr(SRV_TPRT_INFO_CTR *ctr) +{ + display_srv_tprt_info_ctr(out_hnd, ACTION_HEADER , ctr); + display_srv_tprt_info_ctr(out_hnd, ACTION_ENUMERATE, ctr); + display_srv_tprt_info_ctr(out_hnd, ACTION_FOOTER , ctr); +} + /**************************************************************************** server enum transports ****************************************************************************/ @@ -139,9 +154,7 @@ void cmd_srv_enum_tprt(struct client_info *info) fstring dest_srv; fstring tmp; SRV_TPRT_INFO_CTR ctr; - ENUM_HND hnd; uint32 info_level = 0; - uint32 pref_sz = 0xffffffff; bzero(&ctr, sizeof(ctr)); @@ -159,19 +172,10 @@ void cmd_srv_enum_tprt(struct client_info *info) DEBUG(5, ("cmd_srv_enum_tprt: smb_cli->fd:%d\n", smb_cli->fd)); - hnd.ptr_hnd = 1; - hnd.handle = 0; - /* enumerate transports on server */ - if (msrpc_srv_enum_tprt(smb_cli, dest_srv, - info_level, &ctr, pref_sz, &hnd)) - { - display_srv_tprt_info_ctr(out_hnd, ACTION_HEADER , &ctr); - display_srv_tprt_info_ctr(out_hnd, ACTION_ENUMERATE, &ctr); - display_srv_tprt_info_ctr(out_hnd, ACTION_FOOTER , &ctr); - } - - free_srv_tprt_ctr(&ctr); + msrpc_srv_enum_tprt(smb_cli, dest_srv, + info_level, &ctr, + srv_display_tprt_ctr); } /**************************************************************************** diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c index bb99769201..74d75776b4 100644 --- a/source3/rpcclient/display.c +++ b/source3/rpcclient/display.c @@ -2,8 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. Samba utility functions - Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Luke Kenneth Casson Leighton 1996 - 1998 + Copyright (C) Andrew Tridgell 1992-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index 471fb52327..f5b23c018b 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -413,6 +413,12 @@ commands[] = "NT SAM Password Change", {COMPL_NONE, COMPL_NONE} }, + { + "samuserset", + cmd_sam_set_userinfo, + " [-p password] SAM User Set Info (experimental!)", + {COMPL_SAMUSR, COMPL_NONE} + }, { "samuser", cmd_sam_query_user, @@ -1557,6 +1563,8 @@ static char *complete_cmd_null(char *text, int state) pwd_read(&(smb_cli->pwd), "Enter Password:", True); } + mdfour(smb_cli->sess_key, smb_cli->pwd.smb_nt_pwd, 16); + /* paranoia: destroy the local copy of the password */ bzero(password, sizeof(password)); diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index f84ae0ccb5..fa208acdc8 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -641,6 +641,37 @@ BOOL decode_pw_buffer(const char buffer[516], char *new_passwd, return True; } +/*********************************************************** + encode a password buffer +************************************************************/ +BOOL encode_pw_buffer(char buffer[516], const char *new_passwd, + int new_pw_len, BOOL nt_pass_set) +{ + if (nt_pass_set) + { + /* + * nt passwords are in unicode. last char overwrites NULL + * in ascii_to_unibuf, so use SIVAL *afterwards*. + */ + int uni_pw_len = new_pw_len; + new_pw_len /= 2; + ascii_to_unibuf(&buffer[512-uni_pw_len], new_passwd, new_pw_len); + } + else + { + memcpy(&buffer[512-new_pw_len], new_passwd, new_pw_len); + } + + /* + * The length of the new password is in the last 4 bytes of + * the data buffer. + */ + + SIVAL(buffer, 512, new_passwd_size); + + return True; +} + /*********************************************************** Code to check the OEM hashed password. -- cgit