svn commit: samba r2021 - branches/SAMBA_4_0/source/libnet

Tue Aug 24 16:28:09 GMT 2004

Author: metze
Date: 2004-08-24 16:28:08 +0000 (Tue, 24 Aug 2004)
New Revision: 2021

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/&rev=2021&nolog=1

Log:
add password change fallback to SetUserInfo level 25,24,23

metze

Modified:
   branches/SAMBA_4_0/source/libnet/libnet_passwd.c


Changeset:
Modified: branches/SAMBA_4_0/source/libnet/libnet_passwd.c
===================================================================

--- branches/SAMBA_4_0/source/libnet/libnet_passwd.c	2004-08-24 15:48:14 UTC (rev 2020)
+++ branches/SAMBA_4_0/source/libnet/libnet_passwd.c	2004-08-24 16:28:08 UTC (rev 2021)
@@ -281,6 +281,9 @@
  * 5. do a samr_LookupNames to get the users rid
  * 6. do a samr_OpenUser to get a user handle
  * 7. try samr_SetUserInfo level 26 to set the password
+ * 8. try samr_SetUserInfo level 25 to set the password
+ * 8. try samr_SetUserInfo level 24 to set the password
+ *10. try samr_SetUserInfo level 23 to set the password
  */
 static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
 {
@@ -447,6 +450,7 @@
 	}
 
 	/* prepare samr_SetUserInfo level 26 */
+	ZERO_STRUCT(u_info);
 	encode_pw_buffer(u_info.info26.password.data, r->samr.in.newpassword, STR_UNICODE);
 	u_info.info26.pw_len = strlen(r->samr.in.newpassword);
 
@@ -489,8 +493,134 @@
 		goto UserInfo25;
 	}
 
+	goto disconnect;
+
 UserInfo25:
+	/* prepare samr_SetUserInfo level 25 */
+	ZERO_STRUCT(u_info);
+	u_info.info25.info.fields_present = SAMR_FIELD_PASSWORD;
+	encode_pw_buffer(u_info.info25.password.data, r->samr.in.newpassword, STR_UNICODE);
 
+	status = dcerpc_fetch_session_key(c.pdc.out.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"dcerpc_fetch_session_key failed: %s\n",
+						nt_errstr(status));
+		goto disconnect;
+	}
+
+	generate_random_buffer((uint8_t *)confounder, 16);
+
+	MD5Init(&md5);
+	MD5Update(&md5, confounder, 16);
+	MD5Update(&md5, session_key.data, session_key.length);
+	MD5Final(confounded_session_key.data, &md5);
+
+	arcfour_crypt_blob(u_info.info25.password.data, 516, &confounded_session_key);
+	memcpy(&u_info.info25.password.data[516], confounder, 16);
+
+	sui.in.handle = &u_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 25;
+
+	/* 8. try samr_SetUserInfo level 25 to set the password */
+	status = dcerpc_samr_SetUserInfo(c.pdc.out.dcerpc_pipe, mem_ctx, &sui);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"SetUserInfo level 25 for [%s] failed: %s\n",
+						r->samr.in.account_name, nt_errstr(status));
+		goto UserInfo24;
+	}
+
+	/* check result of samr_SetUserInfo level 25 */
+	if (!NT_STATUS_IS_OK(sui.out.result)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"SetUserInfo level 25 for [%s] failed: %s\n",
+						r->samr.in.account_name, nt_errstr(sui.out.result));
+		goto UserInfo24;
+	}
+
+	goto disconnect;
+
+UserInfo24:
+	/* prepare samr_SetUserInfo level 24 */
+	ZERO_STRUCT(u_info);
+	encode_pw_buffer(u_info.info24.password.data, r->samr.in.newpassword, STR_UNICODE);
+	/* w2k3 ignores this length */
+	u_info.info24.pw_len = str_charnum(r->samr.in.newpassword)*2;
+
+	status = dcerpc_fetch_session_key(c.pdc.out.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"dcerpc_fetch_session_key failed: %s\n",
+						nt_errstr(status));
+		goto disconnect;
+	}
+
+	arcfour_crypt_blob(u_info.info24.password.data, 516, &session_key);
+
+	sui.in.handle = &u_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 24;
+
+	/* 9. try samr_SetUserInfo level 24 to set the password */
+	status = dcerpc_samr_SetUserInfo(c.pdc.out.dcerpc_pipe, mem_ctx, &sui);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"SetUserInfo level 24 for [%s] failed: %s\n",
+						r->samr.in.account_name, nt_errstr(status));
+		goto UserInfo23;
+	}
+
+	/* check result of samr_SetUserInfo level 24 */
+	if (!NT_STATUS_IS_OK(sui.out.result)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"SetUserInfo level 24 for [%s] failed: %s\n",
+						r->samr.in.account_name, nt_errstr(sui.out.result));
+		goto UserInfo23;
+	}
+
+	goto disconnect;
+
+UserInfo23:
+	/* prepare samr_SetUserInfo level 23 */
+	ZERO_STRUCT(u_info);
+	u_info.info23.info.fields_present = SAMR_FIELD_PASSWORD;
+	encode_pw_buffer(u_info.info23.password.data, r->samr.in.newpassword, STR_UNICODE);
+
+	status = dcerpc_fetch_session_key(c.pdc.out.dcerpc_pipe, &session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"dcerpc_fetch_session_key failed: %s\n",
+						nt_errstr(status));
+		goto disconnect;
+	}
+
+	arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
+
+	sui.in.handle = &u_handle;
+	sui.in.info = &u_info;
+	sui.in.level = 23;
+
+	/* 10. try samr_SetUserInfo level 23 to set the password */
+	status = dcerpc_samr_SetUserInfo(c.pdc.out.dcerpc_pipe, mem_ctx, &sui);
+	if (!NT_STATUS_IS_OK(status)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"SetUserInfo level 23 for [%s] failed: %s\n",
+						r->samr.in.account_name, nt_errstr(status));
+		goto disconnect;
+	}
+
+	/* check result of samr_SetUserInfo level 23 */
+	if (!NT_STATUS_IS_OK(sui.out.result)) {
+		r->samr.out.error_string = talloc_asprintf(mem_ctx,
+						"SetUserInfo level 23 for [%s] failed: %s\n",
+						r->samr.in.account_name, nt_errstr(sui.out.result));
+		goto disconnect;
+	}
+
+	goto disconnect;
+
 disconnect:
 	/* close connection */
 	dcerpc_pipe_close(c.pdc.out.dcerpc_pipe);

