From 83036e7fd2ca6733cb98ce695fd3e0c4b9d018db Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Feb 2008 01:50:01 +0100 Subject: Use rpccli_samr_ChangePasswordUser2 in rpccli_samr_chgpasswd_user() and friends. Guenther (This used to be commit a49220b5c881b618739bc4735c595e32be7073c7) --- source3/rpc_client/cli_samr.c | 145 +++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 81 deletions(-) (limited to 'source3') diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index d94649c4eb..6a4d0dd009 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -475,81 +475,68 @@ NTSTATUS rpccli_samr_query_alias_info(struct rpc_pipe_client *cli, TALLOC_CTX *m /* User change password */ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, - const char *oldpassword ) + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword) { - prs_struct qbuf, rbuf; - SAMR_Q_CHGPASSWD_USER q; - SAMR_R_CHGPASSWD_USER r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lanman_hash_enc; - uchar new_nt_password[516]; - uchar new_lm_password[516]; uchar old_nt_hash[16]; uchar old_lanman_hash[16]; - uchar old_nt_hash_enc[16]; - uchar old_lanman_hash_enc[16]; - uchar new_nt_hash[16]; uchar new_lanman_hash[16]; - - char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + struct lsa_String server, account; + char *srv_name_slash = NULL; DEBUG(10,("rpccli_samr_chgpasswd_user\n")); - ZERO_STRUCT(q); - ZERO_STRUCT(r); + init_lsa_String(&server, srv_name_slash); + init_lsa_String(&account, username); + + srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + if (!srv_name_slash) { + return NT_STATUS_NO_MEMORY; + } /* Calculate the MD4 hash (NT compatible) of the password */ E_md4hash(oldpassword, old_nt_hash); E_md4hash(newpassword, new_nt_hash); - if (lp_client_lanman_auth() - && E_deshash(newpassword, new_lanman_hash) - && E_deshash(oldpassword, old_lanman_hash)) { + if (lp_client_lanman_auth() && + E_deshash(newpassword, new_lanman_hash) && + E_deshash(oldpassword, old_lanman_hash)) { /* E_deshash returns false for 'long' passwords (> 14 DOS chars). This allows us to match Win2k, which does not store a LM hash for these passwords (which would reduce the effective password length to 14) */ - encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE); + encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); - SamOEMhash( new_lm_password, old_nt_hash, 516); - E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc); + SamOEMhash(new_lm_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); } else { ZERO_STRUCT(new_lm_password); ZERO_STRUCT(old_lanman_hash_enc); } - encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE); - - SamOEMhash( new_nt_password, old_nt_hash, 516); - E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc); - - /* Marshall data and send request */ - - init_samr_q_chgpasswd_user(&q, srv_name_slash, username, - new_nt_password, - old_nt_hash_enc, - new_lm_password, - old_lanman_hash_enc); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER, - q, r, - qbuf, rbuf, - samr_io_q_chgpasswd_user, - samr_io_r_chgpasswd_user, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ + encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } + SamOEMhash(new_nt_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); - done: + result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lanman_hash_enc); return result; } @@ -557,48 +544,44 @@ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, /* User change password given blobs */ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - DATA_BLOB new_nt_password, - DATA_BLOB old_nt_hash_enc, - DATA_BLOB new_lm_password, - DATA_BLOB old_lm_hash_enc) + TALLOC_CTX *mem_ctx, + const char *username, + DATA_BLOB new_nt_password_blob, + DATA_BLOB old_nt_hash_enc_blob, + DATA_BLOB new_lm_password_blob, + DATA_BLOB old_lm_hash_enc_blob) { - prs_struct qbuf, rbuf; - SAMR_Q_CHGPASSWD_USER q; - SAMR_R_CHGPASSWD_USER r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lm_hash_enc; + struct lsa_String server, account; + char *srv_name_slash = NULL; DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n")); - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_chgpasswd_user(&q, srv_name_slash, username, - new_nt_password.data, - old_nt_hash_enc.data, - new_lm_password.data, - old_lm_hash_enc.data); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER, - q, r, - qbuf, rbuf, - samr_io_q_chgpasswd_user, - samr_io_r_chgpasswd_user, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; + srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + if (!srv_name_slash) { + return NT_STATUS_NO_MEMORY; } - done: + init_lsa_String(&server, srv_name_slash); + init_lsa_String(&account, username); + memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); + memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); + memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); + memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); + + result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lm_hash_enc); return result; } -- cgit