attempting to get samr_set_userinfo2 info level 0x12 working.

author Luke Leighton <lkcl@samba.org>

Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)

committer Luke Leighton <lkcl@samba.org>

Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)
author Luke Leighton <lkcl@samba.org>
Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)
committer Luke Leighton <lkcl@samba.org>
Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c

index a07059a4e14d1a0f37856d52d31212aaa622eba4..27a30cd1343601051832673fc061a3f1873bf4b4 100644 (file)
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -5508,10 +5508,6 @@ uint32 make_samr_userinfo_ctr_usr21(SAM_USERINFO_CTR *ctr,
                         {
                                 return NT_STATUS_NO_MEMORY;
                         }
-                       if (IS_BITS_SET_ALL(usr->acb_info, ACB_DISABLED))
-                       {
-                               return NT_STATUS_ACCESS_DENIED;
-                       }
                         make_sam_user_info12(ctr->info.id12,
                                              usr->acb_info,
                                              usr->lm_pwd, usr->nt_pwd); 
@@ -5636,9 +5632,6 @@ BOOL samr_io_userinfo_ctr(char *desc,  SAM_USERINFO_CTR *ctr, prs_struct *ps, in
                 }
                 case 0x12:
                 {
-                       DEBUG(0,("samr_io_userinfo_ctr: security breach!\n"));
-                       return False;
-#if 0
                         if (ps->io)
                         {
                                 /* reading */
@@ -5655,7 +5648,6 @@ BOOL samr_io_userinfo_ctr(char *desc,  SAM_USERINFO_CTR *ctr, prs_struct *ps, in
                                 return False;
                         }
                         break;
-#endif
                 }
                 case 21:
                 {
diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c

index 25a7c77b6e3182caa72a77b9390b0311663855ba..bf1bc16f77c602afa70b82ff6e4c43f00da04f76 100644 (file)
--- a/source/rpc_server/srv_samr.c
+++ b/source/rpc_server/srv_samr.c
@@ -851,16 +851,7 @@ static BOOL api_samr_set_userinfo( rpcsrv_struct *p, prs_struct *data, prs_struc
                 return False;
         }
  
-       if (q_u.switch_value == 0x12)
-       {
-               DEBUG(0,("api_samr_set_userinfo: possible password attack (info level 0x12)\n"));
-
-               r_u.status = NT_STATUS_INVALID_INFO_CLASS;
-       }
-       else
-       {
-               r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr);
-       }
+       r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr);
  
         free_samr_q_set_userinfo(&q_u);
         return samr_io_r_set_userinfo("", &r_u, rdata, 0);
diff --git a/source/samrd/srv_samr_usr_tdb.c b/source/samrd/srv_samr_usr_tdb.c

index 7c0ead27112e2fb38328492fdf62bdc6e572b889..056fd34d3b1918ac9409d8b0b0ecd1d40976896b 100644 (file)
--- a/source/samrd/srv_samr_usr_tdb.c
+++ b/source/samrd/srv_samr_usr_tdb.c
@@ -614,6 +614,8 @@ uint32 _samr_set_userinfo(const POLICY_HND *pol, uint16 switch_value,
                 case 0x12:
                 {
                         SAM_USER_INFO_12 *id12 = ctr->info.id12;
+                       SamOEMhash(id12->lm_pwd, user_sess_key, 0);
+                       SamOEMhash(id12->nt_pwd, user_sess_key, 0);
                         if (!set_user_info_12(tdb_usr, id12))
                         {
                                 DEBUG(10,
@@ -676,6 +678,7 @@ uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value,
                            SAM_USERINFO_CTR * ctr)
  {
         TDB_CONTEXT *tdb_usr = NULL;
+       uchar user_sess_key[16];
  
         /* find the domain sid associated with the policy handle */
         if (!get_tdbsam(get_global_hnd_cache(), pol, &tdb_usr))
@@ -685,6 +688,11 @@ uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value,
  
         DEBUG(5, ("samr_reply_set_userinfo2\n"));
  
+       if (!pol_get_usr_sesskey(get_global_hnd_cache(), pol, user_sess_key))
+       {
+               return NT_STATUS_INVALID_HANDLE;
+       }
+
         if (ctr == NULL)
         {
                 DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
@@ -696,6 +704,25 @@ uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value,
         /* ok!  user info levels (lots: see MSDEV help), off we go... */
         switch (switch_value)
         {
+               case 0x12:
+               {
+                       SAM_USER_INFO_12 *id12 = ctr->info.id12;
+#if 0
+                       lm_owf_gen("test", user_sess_key);
+#endif
+                       dump_data_pw("user_sess_key:", user_sess_key, 16);
+                       SamOEMhash(id12->lm_pwd, user_sess_key, 3);
+                       SamOEMhash(id12->nt_pwd, user_sess_key, 3);
+                       dump_data_pw("user_sess_key:", id12->nt_pwd, 16);
+                       if (!set_user_info_12(tdb_usr, id12))
+                       {
+                               DEBUG(10,
+                                     ("_samr_set_userinfo 0x12 failed\n"));
+                               return NT_STATUS_ACCESS_DENIED;
+                       }
+                       break;
+               }
+
                 case 16:
                 {
                         SAM_USER_INFO_10 *id10 = ctr->info.id10;
author	Luke Leighton <lkcl@samba.org>
	Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)
committer	Luke Leighton <lkcl@samba.org>
	Tue, 7 Mar 2000 02:57:08 +0000 (02:57 +0000)
source/rpc_parse/parse_samr.c		patch \| blob \| history
source/rpc_server/srv_samr.c		patch \| blob \| history
source/samrd/srv_samr_usr_tdb.c		patch \| blob \| history