2 Unix SMB/CIFS implementation.
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Rafal Szczesniak 2002.
7 Copyright (C) Jeremy Allison 2005.
8 Copyright (C) Guenther Deschner 2008.
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "../libcli/auth/libcli_auth.h"
26 #include "../librpc/gen_ndr/cli_samr.h"
28 /* User change password */
30 NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
32 struct policy_handle *user_handle,
33 const char *newpassword,
34 const char *oldpassword)
36 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
37 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
39 uchar old_nt_hash[16];
40 uchar old_lm_hash[16];
41 uchar new_nt_hash[16];
42 uchar new_lm_hash[16];
44 ZERO_STRUCT(old_nt_hash);
45 ZERO_STRUCT(old_lm_hash);
46 ZERO_STRUCT(new_nt_hash);
47 ZERO_STRUCT(new_lm_hash);
49 DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
51 E_md4hash(oldpassword, old_nt_hash);
52 E_md4hash(newpassword, new_nt_hash);
54 E_deshash(oldpassword, old_lm_hash);
55 E_deshash(newpassword, new_lm_hash);
57 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
58 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
59 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
60 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
61 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
62 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
64 result = rpccli_samr_ChangePasswordUser(cli, mem_ctx,
81 /* User change password */
83 NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
86 const char *newpassword,
87 const char *oldpassword)
89 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
90 struct samr_CryptPassword new_nt_password;
91 struct samr_CryptPassword new_lm_password;
92 struct samr_Password old_nt_hash_enc;
93 struct samr_Password old_lanman_hash_enc;
95 uchar old_nt_hash[16];
96 uchar old_lanman_hash[16];
97 uchar new_nt_hash[16];
98 uchar new_lanman_hash[16];
99 struct lsa_String server, account;
101 DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
103 init_lsa_String(&server, cli->srv_name_slash);
104 init_lsa_String(&account, username);
106 /* Calculate the MD4 hash (NT compatible) of the password */
107 E_md4hash(oldpassword, old_nt_hash);
108 E_md4hash(newpassword, new_nt_hash);
110 if (lp_client_lanman_auth() &&
111 E_deshash(newpassword, new_lanman_hash) &&
112 E_deshash(oldpassword, old_lanman_hash)) {
113 /* E_deshash returns false for 'long' passwords (> 14
114 DOS chars). This allows us to match Win2k, which
115 does not store a LM hash for these passwords (which
116 would reduce the effective password length to 14) */
118 encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
120 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
121 E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
123 ZERO_STRUCT(new_lm_password);
124 ZERO_STRUCT(old_lanman_hash_enc);
127 encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
129 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
130 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
132 result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
139 &old_lanman_hash_enc);
144 /* User change password given blobs */
146 NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
148 const char *username,
149 DATA_BLOB new_nt_password_blob,
150 DATA_BLOB old_nt_hash_enc_blob,
151 DATA_BLOB new_lm_password_blob,
152 DATA_BLOB old_lm_hash_enc_blob)
154 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
155 struct samr_CryptPassword new_nt_password;
156 struct samr_CryptPassword new_lm_password;
157 struct samr_Password old_nt_hash_enc;
158 struct samr_Password old_lm_hash_enc;
159 struct lsa_String server, account;
161 DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
163 init_lsa_String(&server, cli->srv_name_slash);
164 init_lsa_String(&account, username);
166 memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
167 memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
168 memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
169 memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
171 result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
183 /* change password 3 */
185 NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
187 const char *username,
188 const char *newpassword,
189 const char *oldpassword,
190 struct samr_DomInfo1 **dominfo1,
191 struct userPwdChangeFailureInformation **reject)
195 struct samr_CryptPassword new_nt_password;
196 struct samr_CryptPassword new_lm_password;
197 struct samr_Password old_nt_hash_enc;
198 struct samr_Password old_lanman_hash_enc;
200 uchar old_nt_hash[16];
201 uchar old_lanman_hash[16];
202 uchar new_nt_hash[16];
203 uchar new_lanman_hash[16];
205 struct lsa_String server, account;
207 DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
209 init_lsa_String(&server, cli->srv_name_slash);
210 init_lsa_String(&account, username);
212 /* Calculate the MD4 hash (NT compatible) of the password */
213 E_md4hash(oldpassword, old_nt_hash);
214 E_md4hash(newpassword, new_nt_hash);
216 if (lp_client_lanman_auth() &&
217 E_deshash(newpassword, new_lanman_hash) &&
218 E_deshash(oldpassword, old_lanman_hash)) {
219 /* E_deshash returns false for 'long' passwords (> 14
220 DOS chars). This allows us to match Win2k, which
221 does not store a LM hash for these passwords (which
222 would reduce the effective password length to 14) */
224 encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
226 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
227 E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
229 ZERO_STRUCT(new_lm_password);
230 ZERO_STRUCT(old_lanman_hash_enc);
233 encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
235 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
236 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
238 status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
245 &old_lanman_hash_enc,
252 /* This function returns the bizzare set of (max_entries, max_size) required
253 for the QueryDisplayInfo RPC to actually work against a domain controller
254 with large (10k and higher) numbers of users. These values were
255 obtained by inspection using ethereal and NT4 running User Manager. */
257 void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
277 default: /* loop_count >= 4 */
284 NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,
286 uint32_t access_mask,
287 struct policy_handle *connect_pol)
290 union samr_ConnectInfo info_in, info_out;
291 struct samr_ConnectInfo1 info1;
292 uint32_t lvl_out = 0;
296 info1.client_version = SAMR_CONNECT_W2K;
297 info_in.info1 = info1;
299 status = rpccli_samr_Connect5(cli, mem_ctx,
307 if (NT_STATUS_IS_OK(status)) {
311 status = rpccli_samr_Connect4(cli, mem_ctx,
316 if (NT_STATUS_IS_OK(status)) {
320 status = rpccli_samr_Connect2(cli, mem_ctx,