s3-samr: fix samr_SetUserInfo level 18 server-side.

Guenther

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 54aa534311ba7bc4da9593f55311bd77454322ca..513634019bc1652410f62cdfd7d2b4c626746b67 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3701,29 +3701,58 @@ static bool set_user_info_16(struct samr_UserInfo16 *id16,
  set_user_info_18
  ********************************************************************/
 
-static bool set_user_info_18(struct samr_UserInfo18 *id18,
-                            struct samu *pwd)
+static NTSTATUS set_user_info_18(struct samr_UserInfo18 *id18,
+                                TALLOC_CTX *mem_ctx,
+                                DATA_BLOB *session_key,
+                                struct samu *pwd)
 {
        if (id18 == NULL) {
                DEBUG(2, ("set_user_info_18: id18 is NULL\n"));
-               return False;
+               return NT_STATUS_INVALID_PARAMETER;
        }
 
-       if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) {
-               return False;
+       if (id18->nt_pwd_active || id18->lm_pwd_active) {
+               if (!session_key->length) {
+                       return NT_STATUS_NO_USER_SESSION_KEY;
+               }
        }
-       if (!pdb_set_nt_passwd     (pwd, id18->nt_pwd.hash, PDB_CHANGED)) {
-               return False;
+
+       if (id18->nt_pwd_active) {
+
+               DATA_BLOB in, out;
+
+               in = data_blob_const(id18->nt_pwd.hash, 16);
+               out = data_blob_talloc_zero(mem_ctx, 16);
+
+               sess_crypt_blob(&out, &in, session_key, false);
+
+               if (!pdb_set_nt_passwd(pwd, out.data, PDB_CHANGED)) {
+                       return NT_STATUS_ACCESS_DENIED;
+               }
        }
-       if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) {
-               return False;
+
+       if (id18->lm_pwd_active) {
+
+               DATA_BLOB in, out;
+
+               in = data_blob_const(id18->lm_pwd.hash, 16);
+               out = data_blob_talloc_zero(mem_ctx, 16);
+
+               sess_crypt_blob(&out, &in, session_key, false);
+
+               if (!pdb_set_lanman_passwd(pwd, out.data, PDB_CHANGED)) {
+                       return NT_STATUS_ACCESS_DENIED;
+               }
        }
 
-       if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
-               return False;
-       }
+       if (id18->password_expired) {
+               pdb_set_pass_last_set_time(pwd, 0, PDB_CHANGED);
+       } else {
+               /* FIXME */
+               pdb_set_pass_last_set_time(pwd, time(NULL), PDB_CHANGED);
+       }
 
-       return True;
+       return pdb_update_sam_account(pwd);
 }
 
 /*******************************************************************
@@ -4180,9 +4209,10 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
 
                case 18:
                        /* Used by AS/U JRA. */
-                       if (!set_user_info_18(&info->info18, pwd)) {
-                               status = NT_STATUS_ACCESS_DENIED;
-                       }
+                       status = set_user_info_18(&info->info18,
+                                                 p->mem_ctx,
+                                                 &p->server_info->user_session_key,
+                                                 pwd);
                        break;
 
                case 20: