From 618368ead66faf93eac2a8087934ea7590cc9a4b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 19 Aug 2004 15:06:06 +0000 Subject: r1926: fallback to other SAMR ChangePasswordUser levels 1. ChangePasswordUser3 2. ChangePasswordUser2 3. OemChangePasswordUser2 4. ChangePasswordUser (not implemented complete) metze (This used to be commit eb93d38de0dab0d0ad5adf8cfb69623bc35e942a) --- source4/libnet/libnet_passwd.c | 126 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 121 insertions(+), 5 deletions(-) (limited to 'source4/libnet') diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index cdb5160a92..c6ef7b7d3f 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -29,8 +29,16 @@ static NTSTATUS libnet_ChangePassword_rpc(struct libnet_context *ctx, TALLOC_CTX { NTSTATUS status; union libnet_rpc_connect c; +#if 0 + struct policy_handle user_handle; + struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6; + struct samr_ChangePasswordUser pw; +#endif + struct samr_OemChangePasswordUser2 oe2; + struct samr_ChangePasswordUser2 pw2; struct samr_ChangePasswordUser3 pw3; struct samr_Name server, account; + struct samr_AsciiName a_server, a_account; struct samr_CryptPassword nt_pass, lm_pass; struct samr_Password nt_verifier, lm_verifier; uint8_t old_nt_hash[16], new_nt_hash[16]; @@ -47,8 +55,8 @@ static NTSTATUS libnet_ChangePassword_rpc(struct libnet_context *ctx, TALLOC_CTX status = libnet_rpc_connect(ctx, mem_ctx, &c); if (!NT_STATUS_IS_OK(status)) { r->rpc.out.error_string = talloc_asprintf(mem_ctx, - "Connection to SAMR pipe of PDC of domain '%s' failed\n", - r->rpc.in.domain_name); + "Connection to SAMR pipe of PDC of domain '%s' failed: %s\n", + r->rpc.in.domain_name, nt_errstr(status)); return status; } @@ -83,20 +91,128 @@ static NTSTATUS libnet_ChangePassword_rpc(struct libnet_context *ctx, TALLOC_CTX status = dcerpc_samr_ChangePasswordUser3(c.pdc.out.dcerpc_pipe, mem_ctx, &pw3); if (!NT_STATUS_IS_OK(status)) { r->rpc.out.error_string = talloc_asprintf(mem_ctx, - "ChangePassword3 failed: %s\n",nt_errstr(status)); - goto disconnect; + "ChangePasswordUser3 failed: %s\n",nt_errstr(status)); + goto ChangePasswordUser2; } /* check result of password change */ if (!NT_STATUS_IS_OK(pw3.out.result)) { r->rpc.out.error_string = talloc_asprintf(mem_ctx, - "ChangePassword3 for '%s\\%s' failed: %s\n", + "ChangePasswordUser3 for '%s\\%s' failed: %s\n", r->rpc.in.domain_name, r->rpc.in.account_name, nt_errstr(status)); /* TODO: give the reason of the reject */ + goto ChangePasswordUser2; + } + + goto disconnect; + +ChangePasswordUser2: + + encode_pw_buffer(lm_pass.data, r->rpc.in.newpassword, STR_ASCII|STR_TERMINATE); + arcfour_crypt(lm_pass.data, old_lm_hash, 516); + E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); + + encode_pw_buffer(nt_pass.data, r->rpc.in.newpassword, STR_UNICODE); + arcfour_crypt(nt_pass.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash); + + pw2.in.server = &server; + pw2.in.account = &account; + pw2.in.nt_password = &nt_pass; + pw2.in.nt_verifier = &nt_verifier; + pw2.in.lm_change = 1; + pw2.in.lm_password = &lm_pass; + pw2.in.lm_verifier = &lm_verifier; + + status = dcerpc_samr_ChangePasswordUser2(c.pdc.out.dcerpc_pipe, mem_ctx, &pw2); + if (!NT_STATUS_IS_OK(status)) { + r->rpc.out.error_string = talloc_asprintf(mem_ctx, + "ChangePasswordUser2 failed: %s\n",nt_errstr(status)); + goto OemChangePasswordUser2; + } + + /* check result of password change */ + if (!NT_STATUS_IS_OK(pw2.out.result)) { + r->rpc.out.error_string = talloc_asprintf(mem_ctx, + "ChangePasswordUser2 for '%s\\%s' failed: %s\n", + r->rpc.in.domain_name, r->rpc.in.account_name, + nt_errstr(status)); + goto OemChangePasswordUser2; + } + + goto disconnect; + +OemChangePasswordUser2: + + a_server.name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.pdc.out.dcerpc_pipe)); + a_account.name = r->rpc.in.account_name; + + encode_pw_buffer(lm_pass.data, r->rpc.in.newpassword, STR_ASCII); + arcfour_crypt(lm_pass.data, old_lm_hash, 516); + E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); + + oe2.in.server = &a_server; + oe2.in.account = &a_account; + oe2.in.password = &lm_pass; + oe2.in.hash = &lm_verifier; + + status = dcerpc_samr_OemChangePasswordUser2(c.pdc.out.dcerpc_pipe, mem_ctx, &oe2); + if (!NT_STATUS_IS_OK(status)) { + r->rpc.out.error_string = talloc_asprintf(mem_ctx, + "OemChangePasswordUser2 failed: %s\n",nt_errstr(status)); + goto ChangePasswordUser; + } + + /* check result of password change */ + if (!NT_STATUS_IS_OK(pw2.out.result)) { + r->rpc.out.error_string = talloc_asprintf(mem_ctx, + "OemChangePasswordUser2 for '%s\\%s' failed: %s\n", + r->rpc.in.domain_name, r->rpc.in.account_name, + nt_errstr(status)); + goto ChangePasswordUser; + } + + goto disconnect; + +ChangePasswordUser: +#if 0 + E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash); + E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash); + E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash); + E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash); + E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash); + E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash); + + /* TODO: ask for a user_handle */ + pw.in.handle = &user_handle; + pw.in.lm_present = 1; + pw.in.old_lm_crypted = &hash1; + pw.in.new_lm_crypted = &hash2; + pw.in.nt_present = 1; + pw.in.old_nt_crypted = &hash3; + pw.in.new_nt_crypted = &hash4; + pw.in.cross1_present = 1; + pw.in.nt_cross = &hash5; + pw.in.cross2_present = 1; + pw.in.lm_cross = &hash6; + + status = dcerpc_samr_ChangePasswordUser(c.pdc.out.dcerpc_pipe, mem_ctx, &pw); + if (!NT_STATUS_IS_OK(status)) { + r->rpc.out.error_string = talloc_asprintf(mem_ctx, + "ChangePasswordUser failed: %s\n",nt_errstr(status)); goto disconnect; } + /* check result of password change */ + if (!NT_STATUS_IS_OK(pw2.out.result)) { + r->rpc.out.error_string = talloc_asprintf(mem_ctx, + "ChangePasswordUser for '%s\\%s' failed: %s\n", + r->rpc.in.domain_name, r->rpc.in.account_name, + nt_errstr(status)); + goto disconnect; + } +#endif disconnect: /* close connection */ dcerpc_pipe_close(c.pdc.out.dcerpc_pipe); -- cgit