From 86358fc10bb02bd3069736bedb120f52fa3f6494 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Feb 2006 22:16:03 +0000 Subject: r13396: Add in userinfo26, re-enable userinfo25 - took the knowledge from Samba4 on how to decode the 532 byte password buffers. Getting closer to passing samba4 RPC-SCHANNEL test. Jeremy. (This used to be commit 205db6968a26c43dec64c14d8053d8e66807086f) --- source3/rpc_server/srv_samr_nt.c | 50 +++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 14 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 81344cdc1e..52f922b924 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3316,27 +3316,27 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE break; case 25: -#if 0 - /* - * Currently we don't really know how to unmarshall - * the level 25 struct, and the password encryption - * is different. This is a placeholder for when we - * do understand it. In the meantime just return INVALID - * info level and W2K SP2 drops down to level 23... JRA. - */ - if (!p->session_key.length) { r_u->status = NT_STATUS_NO_USER_SESSION_KEY; } - SamOEMhashBlob(ctr->info.id25->pass, 532, &p->session_key); + encode_or_decode_arc4_passwd_buffer(ctr->info.id25->pass, &p->session_key); dump_data(100, (char *)ctr->info.id25->pass, 532); - if (!set_user_info_pw(ctr->info.id25->pass, &sid)) + if (!set_user_info_pw(ctr->info.id25->pass, pwd)) r_u->status = NT_STATUS_ACCESS_DENIED; break; -#endif - r_u->status = NT_STATUS_INVALID_INFO_CLASS; + + case 26: + if (!p->session_key.length) { + r_u->status = NT_STATUS_NO_USER_SESSION_KEY; + } + encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key); + + dump_data(100, (char *)ctr->info.id26->pass, 516); + + if (!set_user_info_pw(ctr->info.id26->pass, pwd)) + r_u->status = NT_STATUS_ACCESS_DENIED; break; case 23: @@ -3432,7 +3432,7 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ); } - DEBUG(5, ("_samr_set_userinfo: %s does%s possess sufficient rights\n", + DEBUG(5, ("_samr_set_userinfo2: %s does%s possess sufficient rights\n", p->pipe_user_name, has_enough_rights ? "" : " not")); /* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */ @@ -3464,6 +3464,28 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ if (!set_user_info_21(ctr->info.id21, pwd)) return NT_STATUS_ACCESS_DENIED; break; + case 23: + if (!p->session_key.length) { + r_u->status = NT_STATUS_NO_USER_SESSION_KEY; + } + SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key); + + dump_data(100, (char *)ctr->info.id23->pass, 516); + + if (!set_user_info_23(ctr->info.id23, pwd)) + r_u->status = NT_STATUS_ACCESS_DENIED; + break; + case 26: + if (!p->session_key.length) { + r_u->status = NT_STATUS_NO_USER_SESSION_KEY; + } + encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key); + + dump_data(100, (char *)ctr->info.id26->pass, 516); + + if (!set_user_info_pw(ctr->info.id26->pass, pwd)) + r_u->status = NT_STATUS_ACCESS_DENIED; + break; default: r_u->status = NT_STATUS_INVALID_INFO_CLASS; } -- cgit