This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "libnet/libnet.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
struct samr_Password nt_verifier, lm_verifier;
uint8_t old_nt_hash[16], new_nt_hash[16];
uint8_t old_lm_hash[16], new_lm_hash[16];
+ struct samr_DomInfo1 *dominfo = NULL;
+ struct userPwdChangeFailureInformation *reject = NULL;
+
+ ZERO_STRUCT(c);
/* prepare connect to the SAMR pipe of the users domain PDC */
c.level = LIBNET_RPC_CONNECT_PDC;
c.in.name = r->samr.in.domain_name;
- c.in.dcerpc_iface = &dcerpc_table_samr;
+ c.in.dcerpc_iface = &ndr_table_samr;
+ c.in.dcerpc_flags = DCERPC_ANON_FALLBACK;
/* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
status = libnet_RpcConnect(ctx, mem_ctx, &c);
pw3.in.lm_password = &lm_pass;
pw3.in.lm_verifier = &lm_verifier;
pw3.in.password3 = NULL;
+ pw3.out.dominfo = &dominfo;
+ pw3.out.reject = &reject;
/* 2. try samr_ChangePasswordUser3 */
- status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3);
- if (!NT_STATUS_IS_OK(status)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser3 failed: %s",
- nt_errstr(status));
- goto ChangePasswordUser2;
- }
-
- /* check result of samr_ChangePasswordUser3 */
- if (!NT_STATUS_IS_OK(pw3.out.result)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
- r->samr.in.domain_name, r->samr.in.account_name,
- nt_errstr(pw3.out.result));
- /* TODO: give the reason of the reject */
- if (NT_STATUS_EQUAL(pw3.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+ status = dcerpc_samr_ChangePasswordUser3_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &pw3);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pw3.out.result)) {
status = pw3.out.result;
- goto disconnect;
}
- goto ChangePasswordUser2;
+ if (!NT_STATUS_IS_OK(status)) {
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_ChangePasswordUser3 failed: %s",
+ nt_errstr(status));
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
+ r->samr.in.domain_name, r->samr.in.account_name,
+ nt_errstr(status));
+ }
+ goto disconnect;
}
- goto disconnect;
-
-ChangePasswordUser2:
/* prepare samr_ChangePasswordUser2 */
encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII|STR_TERMINATE);
arcfour_crypt(lm_pass.data, old_lm_hash, 516);
pw2.in.lm_verifier = &lm_verifier;
/* 3. try samr_ChangePasswordUser2 */
- status = dcerpc_samr_ChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &pw2);
- if (!NT_STATUS_IS_OK(status)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser2 failed: %s",
- nt_errstr(status));
- goto OemChangePasswordUser2;
- }
-
- /* check result of samr_ChangePasswordUser2 */
- if (!NT_STATUS_IS_OK(pw2.out.result)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
- r->samr.in.domain_name, r->samr.in.account_name,
- nt_errstr(pw2.out.result));
- if (NT_STATUS_EQUAL(pw2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+ status = dcerpc_samr_ChangePasswordUser2_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &pw2);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pw2.out.result)) {
status = pw2.out.result;
- goto disconnect;
}
- goto OemChangePasswordUser2;
+ if (!NT_STATUS_IS_OK(status)) {
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
+ r->samr.in.domain_name, r->samr.in.account_name,
+ nt_errstr(status));
+ }
+ goto disconnect;
}
- goto disconnect;
-OemChangePasswordUser2:
/* prepare samr_OemChangePasswordUser2 */
a_server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
a_account.string = r->samr.in.account_name;
oe2.in.hash = &lm_verifier;
/* 4. try samr_OemChangePasswordUser2 */
- status = dcerpc_samr_OemChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &oe2);
- if (!NT_STATUS_IS_OK(status)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_OemChangePasswordUser2 failed: %s",
- nt_errstr(status));
- goto ChangePasswordUser;
- }
-
- /* check result of samr_OemChangePasswordUser2 */
- if (!NT_STATUS_IS_OK(oe2.out.result)) {
- r->samr.out.error_string = talloc_asprintf(mem_ctx,
- "samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
- r->samr.in.domain_name, r->samr.in.account_name,
- nt_errstr(oe2.out.result));
- if (NT_STATUS_EQUAL(oe2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+ status = dcerpc_samr_OemChangePasswordUser2_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &oe2);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(oe2.out.result)) {
status = oe2.out.result;
- goto disconnect;
}
- goto ChangePasswordUser;
+ if (!NT_STATUS_IS_OK(oe2.out.result)) {
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
+ r->samr.in.domain_name, r->samr.in.account_name,
+ nt_errstr(status));
+ }
+ goto disconnect;
}
- goto disconnect;
-
-ChangePasswordUser:
#if 0
/* prepare samr_ChangePasswordUser */
E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
pw.in.lm_cross = &hash6;
/* 5. try samr_ChangePasswordUser */
- status = dcerpc_samr_ChangePasswordUser(c.pdc.out.dcerpc_pipe, mem_ctx, &pw);
+ status = dcerpc_samr_ChangePasswordUser_r(c.pdc.out.dcerpc_pipe->binding_handle, mem_ctx, &pw);
if (!NT_STATUS_IS_OK(status)) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_ChangePasswordUser failed: %s",
#endif
disconnect:
/* close connection */
- talloc_free(c.out.dcerpc_pipe);
+ talloc_unlink(ctx, c.out.dcerpc_pipe);
return status;
}
/* prepare samr_SetUserInfo2 level 26 */
ZERO_STRUCT(u_info);
encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
- u_info.info26.pw_len = strlen(r->samr_handle.in.newpassword);
+ u_info.info26.password_expired = 0;
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
if (!NT_STATUS_IS_OK(status)) {
sui.in.level = 26;
/* 7. try samr_SetUserInfo2 level 26 to set the password */
- status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
+ status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
/* check result of samr_SetUserInfo2 level 26 */
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+ status = sui.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr_handle.out.error_string
= talloc_asprintf(mem_ctx,
/* prepare samr_SetUserInfo2 level 25 */
ZERO_STRUCT(u_info);
u_info.info25.info = *r->samr_handle.in.info21;
- u_info.info25.info.fields_present |= SAMR_FIELD_PASSWORD;
+ u_info.info25.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
encode_pw_buffer(u_info.info25.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
sui.in.level = 25;
/* 8. try samr_SetUserInfo2 level 25 to set the password */
- status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
+ status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+ status = sui.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr_handle.out.error_string
= talloc_asprintf(mem_ctx,
/* prepare samr_SetUserInfo2 level 24 */
ZERO_STRUCT(u_info);
encode_pw_buffer(u_info.info24.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
- /* w2k3 ignores this length */
- u_info.info24.pw_len = strlen_m(r->samr_handle.in.newpassword)*2;
+ u_info.info24.password_expired = 0;
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
if (!NT_STATUS_IS_OK(status)) {
sui.in.level = 24;
/* 9. try samr_SetUserInfo2 level 24 to set the password */
- status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
+ status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+ status = sui.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr_handle.out.error_string
= talloc_asprintf(mem_ctx,
/* prepare samr_SetUserInfo2 level 23 */
ZERO_STRUCT(u_info);
u_info.info23.info = *r->samr_handle.in.info21;
- u_info.info23.info.fields_present |= SAMR_FIELD_PASSWORD;
+ u_info.info23.info.fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
encode_pw_buffer(u_info.info23.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
sui.in.level = 23;
/* 10. try samr_SetUserInfo2 level 23 to set the password */
- status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
+ status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
+ status = sui.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr_handle.out.error_string
= talloc_asprintf(mem_ctx,
LIBNET_SET_PASSWORD_SAMR_HANDLE_24,
LIBNET_SET_PASSWORD_SAMR_HANDLE_23,
};
- int i;
+ unsigned int i;
for (i=0; i < ARRAY_SIZE(levels); i++) {
r->generic.level = levels[i];
status = libnet_SetPassword(ctx, mem_ctx, r);
if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)
|| NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER_MIX)
- || NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+ || NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
/* Try another password set mechanism */
continue;
}
struct samr_Connect sc;
struct policy_handle p_handle;
struct samr_LookupDomain ld;
+ struct dom_sid2 *sid = NULL;
struct lsa_String d_name;
struct samr_OpenDomain od;
struct policy_handle d_handle;
struct samr_LookupNames ln;
+ struct samr_Ids rids, types;
struct samr_OpenUser ou;
struct policy_handle u_handle;
union libnet_SetPassword r2;
+ ZERO_STRUCT(c);
/* prepare connect to the SAMR pipe of users domain PDC */
c.level = LIBNET_RPC_CONNECT_PDC;
c.in.name = r->samr.in.domain_name;
- c.in.dcerpc_iface = &dcerpc_table_samr;
-
+ c.in.dcerpc_iface = &ndr_table_samr;
+
/* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
status = libnet_RpcConnect(ctx, mem_ctx, &c);
if (!NT_STATUS_IS_OK(status)) {
sc.out.connect_handle = &p_handle;
/* 2. do a samr_Connect to get a policy handle */
- status = dcerpc_samr_Connect(c.out.dcerpc_pipe, mem_ctx, &sc);
+ status = dcerpc_samr_Connect_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &sc);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sc.out.result)) {
+ status = sc.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_Connect failed: %s",
d_name.string = r->samr.in.domain_name;
ld.in.connect_handle = &p_handle;
ld.in.domain_name = &d_name;
+ ld.out.sid = &sid;
/* 3. do a samr_LookupDomain to get the domain sid */
- status = dcerpc_samr_LookupDomain(c.out.dcerpc_pipe, mem_ctx, &ld);
+ status = dcerpc_samr_LookupDomain_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ld);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ld.out.result)) {
+ status = ld.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_LookupDomain for [%s] failed: %s",
ZERO_STRUCT(d_handle);
od.in.connect_handle = &p_handle;
od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
- od.in.sid = ld.out.sid;
+ od.in.sid = *ld.out.sid;
od.out.domain_handle = &d_handle;
/* 4. do a samr_OpenDomain to get a domain handle */
- status = dcerpc_samr_OpenDomain(c.out.dcerpc_pipe, mem_ctx, &od);
+ status = dcerpc_samr_OpenDomain_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &od);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(od.out.result)) {
+ status = od.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_OpenDomain for [%s] failed: %s",
ln.in.domain_handle = &d_handle;
ln.in.num_names = 1;
ln.in.names = talloc_array(mem_ctx, struct lsa_String, 1);
+ ln.out.rids = &rids;
+ ln.out.types = &types;
if (!ln.in.names) {
r->samr.out.error_string = "Out of Memory";
return NT_STATUS_NO_MEMORY;
ln.in.names[0].string = r->samr.in.account_name;
/* 5. do a samr_LookupNames to get the users rid */
- status = dcerpc_samr_LookupNames(c.out.dcerpc_pipe, mem_ctx, &ln);
+ status = dcerpc_samr_LookupNames_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ln);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ln.out.result)) {
+ status = ln.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_LookupNames for [%s] failed: %s",
}
/* check if we got one RID for the user */
- if (ln.out.rids.count != 1) {
+ if (ln.out.rids->count != 1) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_LookupNames for [%s] returns %d RIDs",
- r->samr.in.account_name, ln.out.rids.count);
+ r->samr.in.account_name, ln.out.rids->count);
status = NT_STATUS_INVALID_PARAMETER;
goto disconnect;
}
ZERO_STRUCT(u_handle);
ou.in.domain_handle = &d_handle;
ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
- ou.in.rid = ln.out.rids.ids[0];
+ ou.in.rid = ln.out.rids->ids[0];
ou.out.user_handle = &u_handle;
/* 6. do a samr_OpenUser to get a user handle */
- status = dcerpc_samr_OpenUser(c.out.dcerpc_pipe, mem_ctx, &ou);
+ status = dcerpc_samr_OpenUser_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ou);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ou.out.result)) {
+ status = ou.out.result;
+ }
if (!NT_STATUS_IS_OK(status)) {
r->samr.out.error_string = talloc_asprintf(mem_ctx,
"samr_OpenUser for [%s] failed: %s",
disconnect:
/* close connection */
- talloc_free(c.out.dcerpc_pipe);
+ talloc_unlink(ctx, c.out.dcerpc_pipe);
return status;
}