{
return NT_STATUS_NO_MEMORY;
}
- if (IS_BITS_SET_ALL(usr->acb_info, ACB_DISABLED))
- {
- return NT_STATUS_ACCESS_DENIED;
- }
make_sam_user_info12(ctr->info.id12,
usr->acb_info,
usr->lm_pwd, usr->nt_pwd);
}
case 0x12:
{
- DEBUG(0,("samr_io_userinfo_ctr: security breach!\n"));
- return False;
-#if 0
if (ps->io)
{
/* reading */
return False;
}
break;
-#endif
}
case 21:
{
return False;
}
- if (q_u.switch_value == 0x12)
- {
- DEBUG(0,("api_samr_set_userinfo: possible password attack (info level 0x12)\n"));
-
- r_u.status = NT_STATUS_INVALID_INFO_CLASS;
- }
- else
- {
- r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr);
- }
+ r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr);
free_samr_q_set_userinfo(&q_u);
return samr_io_r_set_userinfo("", &r_u, rdata, 0);
case 0x12:
{
SAM_USER_INFO_12 *id12 = ctr->info.id12;
+ SamOEMhash(id12->lm_pwd, user_sess_key, 0);
+ SamOEMhash(id12->nt_pwd, user_sess_key, 0);
if (!set_user_info_12(tdb_usr, id12))
{
DEBUG(10,
SAM_USERINFO_CTR * ctr)
{
TDB_CONTEXT *tdb_usr = NULL;
+ uchar user_sess_key[16];
/* find the domain sid associated with the policy handle */
if (!get_tdbsam(get_global_hnd_cache(), pol, &tdb_usr))
DEBUG(5, ("samr_reply_set_userinfo2\n"));
+ if (!pol_get_usr_sesskey(get_global_hnd_cache(), pol, user_sess_key))
+ {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
if (ctr == NULL)
{
DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value)
{
+ case 0x12:
+ {
+ SAM_USER_INFO_12 *id12 = ctr->info.id12;
+#if 0
+ lm_owf_gen("test", user_sess_key);
+#endif
+ dump_data_pw("user_sess_key:", user_sess_key, 16);
+ SamOEMhash(id12->lm_pwd, user_sess_key, 3);
+ SamOEMhash(id12->nt_pwd, user_sess_key, 3);
+ dump_data_pw("user_sess_key:", id12->nt_pwd, 16);
+ if (!set_user_info_12(tdb_usr, id12))
+ {
+ DEBUG(10,
+ ("_samr_set_userinfo 0x12 failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ break;
+ }
+
case 16:
{
SAM_USER_INFO_10 *id10 = ctr->info.id10;