976606e72cf5f7cd3ef574fcdb02ed39ab9ae170
[kai/samba.git] / source4 / libnet / libnet_passwd.c
1 /* 
2    Unix SMB/CIFS implementation.
3    
4    Copyright (C) Stefan Metzmacher      2004
5    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
6    
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11    
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16    
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "libnet/libnet.h"
23 #include "../lib/crypto/crypto.h"
24 #include "libcli/auth/libcli_auth.h"
25 #include "librpc/gen_ndr/ndr_samr_c.h"
26
27 /*
28  * do a password change using DCERPC/SAMR calls
29  * 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation)
30  * 2. try samr_ChangePasswordUser3
31  * 3. try samr_ChangePasswordUser2
32  * 4. try samr_OemChangePasswordUser2
33  * (not yet: 5. try samr_ChangePasswordUser)
34  */
35 static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_ChangePassword *r)
36 {
37         NTSTATUS status;
38         struct libnet_RpcConnect c;
39 #if 0
40         struct policy_handle user_handle;
41         struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
42         struct samr_ChangePasswordUser pw;
43 #endif
44         struct samr_OemChangePasswordUser2 oe2;
45         struct samr_ChangePasswordUser2 pw2;
46         struct samr_ChangePasswordUser3 pw3;
47         struct lsa_String server, account;
48         struct lsa_AsciiString a_server, a_account;
49         struct samr_CryptPassword nt_pass, lm_pass;
50         struct samr_Password nt_verifier, lm_verifier;
51         uint8_t old_nt_hash[16], new_nt_hash[16];
52         uint8_t old_lm_hash[16], new_lm_hash[16];
53         struct samr_DomInfo1 *dominfo = NULL;
54         struct samr_ChangeReject *reject = NULL;
55
56         /* prepare connect to the SAMR pipe of the users domain PDC */
57         c.level                    = LIBNET_RPC_CONNECT_PDC;
58         c.in.name                  = r->samr.in.domain_name;
59         c.in.dcerpc_iface          = &ndr_table_samr;
60
61         /* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
62         status = libnet_RpcConnect(ctx, mem_ctx, &c);
63         if (!NT_STATUS_IS_OK(status)) {
64                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
65                                                 "Connection to SAMR pipe of PDC of domain '%s' failed: %s",
66                                                 r->samr.in.domain_name, nt_errstr(status));
67                 return status;
68         }
69
70         /* prepare password change for account */
71         server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
72         account.string = r->samr.in.account_name;
73
74         E_md4hash(r->samr.in.oldpassword, old_nt_hash);
75         E_md4hash(r->samr.in.newpassword, new_nt_hash);
76
77         E_deshash(r->samr.in.oldpassword, old_lm_hash);
78         E_deshash(r->samr.in.newpassword, new_lm_hash);
79
80         /* prepare samr_ChangePasswordUser3 */
81         encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_UNICODE);
82         arcfour_crypt(lm_pass.data, old_nt_hash, 516);
83         E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
84
85         encode_pw_buffer(nt_pass.data,  r->samr.in.newpassword, STR_UNICODE);
86         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
87         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
88
89         pw3.in.server = &server;
90         pw3.in.account = &account;
91         pw3.in.nt_password = &nt_pass;
92         pw3.in.nt_verifier = &nt_verifier;
93         pw3.in.lm_change = 1;
94         pw3.in.lm_password = &lm_pass;
95         pw3.in.lm_verifier = &lm_verifier;
96         pw3.in.password3 = NULL;
97         pw3.out.dominfo = &dominfo;
98         pw3.out.reject = &reject;
99
100         /* 2. try samr_ChangePasswordUser3 */
101         status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3);
102         if (!NT_STATUS_IS_OK(status)) {
103                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
104                                                 "samr_ChangePasswordUser3 failed: %s",
105                                                 nt_errstr(status));
106                 goto ChangePasswordUser2;
107         }
108
109         /* check result of samr_ChangePasswordUser3 */
110         if (!NT_STATUS_IS_OK(pw3.out.result)) {
111                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
112                                                 "samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
113                                                 r->samr.in.domain_name, r->samr.in.account_name, 
114                                                 nt_errstr(pw3.out.result));
115                                                 /* TODO: give the reason of the reject */
116                 if (NT_STATUS_EQUAL(pw3.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
117                         status = pw3.out.result;
118                         goto disconnect;
119                 }
120                 goto ChangePasswordUser2;
121         }
122
123         goto disconnect;
124
125 ChangePasswordUser2:
126         /* prepare samr_ChangePasswordUser2 */
127         encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII|STR_TERMINATE);
128         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
129         E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
130
131         encode_pw_buffer(nt_pass.data, r->samr.in.newpassword, STR_UNICODE);
132         arcfour_crypt(nt_pass.data, old_nt_hash, 516);
133         E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
134
135         pw2.in.server = &server;
136         pw2.in.account = &account;
137         pw2.in.nt_password = &nt_pass;
138         pw2.in.nt_verifier = &nt_verifier;
139         pw2.in.lm_change = 1;
140         pw2.in.lm_password = &lm_pass;
141         pw2.in.lm_verifier = &lm_verifier;
142
143         /* 3. try samr_ChangePasswordUser2 */
144         status = dcerpc_samr_ChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &pw2);
145         if (!NT_STATUS_IS_OK(status)) {
146                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
147                                                 "samr_ChangePasswordUser2 failed: %s",
148                                                 nt_errstr(status));
149                 goto OemChangePasswordUser2;
150         }
151
152         /* check result of samr_ChangePasswordUser2 */
153         if (!NT_STATUS_IS_OK(pw2.out.result)) {
154                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
155                                                 "samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
156                                                 r->samr.in.domain_name, r->samr.in.account_name, 
157                                                 nt_errstr(pw2.out.result));
158                 if (NT_STATUS_EQUAL(pw2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
159                         status = pw2.out.result;
160                         goto disconnect;
161                 }
162                 goto OemChangePasswordUser2;
163         }
164
165         goto disconnect;
166
167 OemChangePasswordUser2:
168         /* prepare samr_OemChangePasswordUser2 */
169         a_server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
170         a_account.string = r->samr.in.account_name;
171
172         encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII);
173         arcfour_crypt(lm_pass.data, old_lm_hash, 516);
174         E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
175
176         oe2.in.server = &a_server;
177         oe2.in.account = &a_account;
178         oe2.in.password = &lm_pass;
179         oe2.in.hash = &lm_verifier;
180
181         /* 4. try samr_OemChangePasswordUser2 */
182         status = dcerpc_samr_OemChangePasswordUser2(c.out.dcerpc_pipe, mem_ctx, &oe2);
183         if (!NT_STATUS_IS_OK(status)) {
184                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
185                                                 "samr_OemChangePasswordUser2 failed: %s",
186                                                 nt_errstr(status));
187                 goto ChangePasswordUser;
188         }
189
190         /* check result of samr_OemChangePasswordUser2 */
191         if (!NT_STATUS_IS_OK(oe2.out.result)) {
192                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
193                                                 "samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
194                                                 r->samr.in.domain_name, r->samr.in.account_name, 
195                                                 nt_errstr(oe2.out.result));
196                 if (NT_STATUS_EQUAL(oe2.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
197                         status = oe2.out.result;
198                         goto disconnect;
199                 }
200                 goto ChangePasswordUser;
201         }
202
203         goto disconnect;
204
205 ChangePasswordUser:
206 #if 0
207         /* prepare samr_ChangePasswordUser */
208         E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
209         E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
210         E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
211         E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
212         E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
213         E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
214
215         /* TODO: ask for a user_handle */
216         pw.in.handle = &user_handle;
217         pw.in.lm_present = 1;
218         pw.in.old_lm_crypted = &hash1;
219         pw.in.new_lm_crypted = &hash2;
220         pw.in.nt_present = 1;
221         pw.in.old_nt_crypted = &hash3;
222         pw.in.new_nt_crypted = &hash4;
223         pw.in.cross1_present = 1;
224         pw.in.nt_cross = &hash5;
225         pw.in.cross2_present = 1;
226         pw.in.lm_cross = &hash6;
227
228         /* 5. try samr_ChangePasswordUser */
229         status = dcerpc_samr_ChangePasswordUser(c.pdc.out.dcerpc_pipe, mem_ctx, &pw);
230         if (!NT_STATUS_IS_OK(status)) {
231                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
232                                                 "samr_ChangePasswordUser failed: %s",
233                                                 nt_errstr(status));
234                 goto disconnect;
235         }
236
237         /* check result of samr_ChangePasswordUser */
238         if (!NT_STATUS_IS_OK(pw.out.result)) {
239                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
240                                                 "samr_ChangePasswordUser for '%s\\%s' failed: %s",
241                                                 r->samr.in.domain_name, r->samr.in.account_name, 
242                                                 nt_errstr(pw.out.result));
243                 if (NT_STATUS_EQUAL(pw.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
244                         status = pw.out.result;
245                         goto disconnect;
246                 }
247                 goto disconnect;
248         }
249 #endif
250 disconnect:
251         /* close connection */
252         talloc_free(c.out.dcerpc_pipe);
253
254         return status;
255 }
256
257 static NTSTATUS libnet_ChangePassword_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_ChangePassword *r)
258 {
259         NTSTATUS status;
260         union libnet_ChangePassword r2;
261
262         r2.samr.level           = LIBNET_CHANGE_PASSWORD_SAMR;
263         r2.samr.in.account_name = r->generic.in.account_name;
264         r2.samr.in.domain_name  = r->generic.in.domain_name;
265         r2.samr.in.oldpassword  = r->generic.in.oldpassword;
266         r2.samr.in.newpassword  = r->generic.in.newpassword;
267
268         status = libnet_ChangePassword(ctx, mem_ctx, &r2);
269
270         r->generic.out.error_string = r2.samr.out.error_string;
271
272         return status;
273 }
274
275 NTSTATUS libnet_ChangePassword(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_ChangePassword *r)
276 {
277         switch (r->generic.level) {
278                 case LIBNET_CHANGE_PASSWORD_GENERIC:
279                         return libnet_ChangePassword_generic(ctx, mem_ctx, r);
280                 case LIBNET_CHANGE_PASSWORD_SAMR:
281                         return libnet_ChangePassword_samr(ctx, mem_ctx, r);
282                 case LIBNET_CHANGE_PASSWORD_KRB5:
283                         return NT_STATUS_NOT_IMPLEMENTED;
284                 case LIBNET_CHANGE_PASSWORD_LDAP:
285                         return NT_STATUS_NOT_IMPLEMENTED;
286                 case LIBNET_CHANGE_PASSWORD_RAP:
287                         return NT_STATUS_NOT_IMPLEMENTED;
288         }
289
290         return NT_STATUS_INVALID_LEVEL;
291 }
292
293 static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
294 {
295         NTSTATUS status;
296         struct samr_SetUserInfo2 sui;
297         union samr_UserInfo u_info;
298         DATA_BLOB session_key;
299         DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
300         uint8_t confounder[16]; 
301         struct MD5Context md5;
302
303         if (r->samr_handle.in.info21) {
304                 return NT_STATUS_INVALID_PARAMETER_MIX;
305         }
306
307         /* prepare samr_SetUserInfo2 level 26 */
308         ZERO_STRUCT(u_info);
309         encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
310         u_info.info26.pw_len = strlen(r->samr_handle.in.newpassword);
311         
312         status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
313         if (!NT_STATUS_IS_OK(status)) {
314                 r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
315                                                                   "dcerpc_fetch_session_key failed: %s",
316                                                                   nt_errstr(status));
317                 return status;
318         }
319         
320         generate_random_buffer((uint8_t *)confounder, 16);
321         
322         MD5Init(&md5);
323         MD5Update(&md5, confounder, 16);
324         MD5Update(&md5, session_key.data, session_key.length);
325         MD5Final(confounded_session_key.data, &md5);
326         
327         arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);
328         memcpy(&u_info.info26.password.data[516], confounder, 16);
329         
330         sui.in.user_handle = r->samr_handle.in.user_handle;
331         sui.in.info = &u_info;
332         sui.in.level = 26;
333         
334         /* 7. try samr_SetUserInfo2 level 26 to set the password */
335         status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
336         /* check result of samr_SetUserInfo2 level 26 */
337         if (!NT_STATUS_IS_OK(status)) {
338                 r->samr_handle.out.error_string
339                         = talloc_asprintf(mem_ctx,
340                                           "SetUserInfo2 level 26 for [%s] failed: %s",
341                                           r->samr_handle.in.account_name, nt_errstr(status));
342         }
343         return status;
344 }
345
346 static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
347 {
348         NTSTATUS status;
349         struct samr_SetUserInfo2 sui;
350         union samr_UserInfo u_info;
351         DATA_BLOB session_key;
352         DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
353         uint8_t confounder[16]; 
354         struct MD5Context md5;
355
356         if (!r->samr_handle.in.info21) {
357                 return NT_STATUS_INVALID_PARAMETER_MIX;
358         }
359
360         /* prepare samr_SetUserInfo2 level 25 */
361         ZERO_STRUCT(u_info);
362         u_info.info25.info = *r->samr_handle.in.info21;
363         u_info.info25.info.fields_present |= SAMR_FIELD_PASSWORD;
364         encode_pw_buffer(u_info.info25.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
365
366         status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
367         if (!NT_STATUS_IS_OK(status)) {
368                 r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
369                                                 "dcerpc_fetch_session_key failed: %s",
370                                                 nt_errstr(status));
371                 return status;
372         }
373
374         generate_random_buffer((uint8_t *)confounder, 16);
375
376         MD5Init(&md5);
377         MD5Update(&md5, confounder, 16);
378         MD5Update(&md5, session_key.data, session_key.length);
379         MD5Final(confounded_session_key.data, &md5);
380
381         arcfour_crypt_blob(u_info.info25.password.data, 516, &confounded_session_key);
382         memcpy(&u_info.info25.password.data[516], confounder, 16);
383
384         sui.in.user_handle = r->samr_handle.in.user_handle;
385         sui.in.info = &u_info;
386         sui.in.level = 25;
387
388         /* 8. try samr_SetUserInfo2 level 25 to set the password */
389         status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
390         if (!NT_STATUS_IS_OK(status)) {
391                 r->samr_handle.out.error_string
392                         = talloc_asprintf(mem_ctx,
393                                           "SetUserInfo2 level 25 for [%s] failed: %s",
394                                           r->samr_handle.in.account_name, nt_errstr(status));
395         }
396         return status;
397 }
398
399 static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
400 {
401         NTSTATUS status;
402         struct samr_SetUserInfo2 sui;
403         union samr_UserInfo u_info;
404         DATA_BLOB session_key;
405
406         if (r->samr_handle.in.info21) {
407                 return NT_STATUS_INVALID_PARAMETER_MIX;
408         }
409
410         /* prepare samr_SetUserInfo2 level 24 */
411         ZERO_STRUCT(u_info);
412         encode_pw_buffer(u_info.info24.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
413         /* w2k3 ignores this length */
414         u_info.info24.pw_len = strlen_m(r->samr_handle.in.newpassword)*2;
415
416         status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
417         if (!NT_STATUS_IS_OK(status)) {
418                 r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
419                                                 "dcerpc_fetch_session_key failed: %s",
420                                                 nt_errstr(status));
421                 return status;
422         }
423
424         arcfour_crypt_blob(u_info.info24.password.data, 516, &session_key);
425
426         sui.in.user_handle = r->samr_handle.in.user_handle;
427         sui.in.info = &u_info;
428         sui.in.level = 24;
429
430         /* 9. try samr_SetUserInfo2 level 24 to set the password */
431         status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
432         if (!NT_STATUS_IS_OK(status)) {
433                 r->samr_handle.out.error_string
434                         = talloc_asprintf(mem_ctx,
435                                           "SetUserInfo2 level 24 for [%s] failed: %s",
436                                           r->samr_handle.in.account_name, nt_errstr(status));
437         }
438         return status;
439 }
440
441 static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
442 {
443         NTSTATUS status;
444         struct samr_SetUserInfo2 sui;
445         union samr_UserInfo u_info;
446         DATA_BLOB session_key;
447
448         if (!r->samr_handle.in.info21) {
449                 return NT_STATUS_INVALID_PARAMETER_MIX;
450         }
451
452         /* prepare samr_SetUserInfo2 level 23 */
453         ZERO_STRUCT(u_info);
454         u_info.info23.info = *r->samr_handle.in.info21;
455         u_info.info23.info.fields_present |= SAMR_FIELD_PASSWORD;
456         encode_pw_buffer(u_info.info23.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
457
458         status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
459         if (!NT_STATUS_IS_OK(status)) {
460                 r->samr_handle.out.error_string
461                         = talloc_asprintf(mem_ctx,
462                                           "dcerpc_fetch_session_key failed: %s",
463                                           nt_errstr(status));
464                 return status;
465         }
466
467         arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
468
469         sui.in.user_handle = r->samr_handle.in.user_handle;
470         sui.in.info = &u_info;
471         sui.in.level = 23;
472
473         /* 10. try samr_SetUserInfo2 level 23 to set the password */
474         status = dcerpc_samr_SetUserInfo2(r->samr_handle.in.dcerpc_pipe, mem_ctx, &sui);
475         if (!NT_STATUS_IS_OK(status)) {
476                 r->samr_handle.out.error_string
477                         = talloc_asprintf(mem_ctx,
478                                           "SetUserInfo2 level 23 for [%s] failed: %s",
479                                           r->samr_handle.in.account_name, nt_errstr(status));
480         }
481         return status;
482 }
483
484 /*
485  * 1. try samr_SetUserInfo2 level 26 to set the password
486  * 2. try samr_SetUserInfo2 level 25 to set the password
487  * 3. try samr_SetUserInfo2 level 24 to set the password
488  * 4. try samr_SetUserInfo2 level 23 to set the password
489 */
490 static NTSTATUS libnet_SetPassword_samr_handle(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
491 {
492
493         NTSTATUS status;
494         enum libnet_SetPassword_level levels[] = {
495                 LIBNET_SET_PASSWORD_SAMR_HANDLE_26,
496                 LIBNET_SET_PASSWORD_SAMR_HANDLE_25,
497                 LIBNET_SET_PASSWORD_SAMR_HANDLE_24,
498                 LIBNET_SET_PASSWORD_SAMR_HANDLE_23,
499         };
500         int i;
501
502         for (i=0; i < ARRAY_SIZE(levels); i++) {
503                 r->generic.level = levels[i];
504                 status = libnet_SetPassword(ctx, mem_ctx, r);
505                 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)
506                     || NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER_MIX)
507                     || NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
508                         /* Try another password set mechanism */
509                         continue;
510                 }
511                 break;
512         }
513         
514         return status;
515 }
516 /*
517  * set a password with DCERPC/SAMR calls
518  * 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation)
519  *    is it correct to contact the the pdc of the domain of the user who's password should be set?
520  * 2. do a samr_Connect to get a policy handle
521  * 3. do a samr_LookupDomain to get the domain sid
522  * 4. do a samr_OpenDomain to get a domain handle
523  * 5. do a samr_LookupNames to get the users rid
524  * 6. do a samr_OpenUser to get a user handle
525  * 7  call libnet_SetPassword_samr_handle to set the password
526  */
527 static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
528 {
529         NTSTATUS status;
530         struct libnet_RpcConnect c;
531         struct samr_Connect sc;
532         struct policy_handle p_handle;
533         struct samr_LookupDomain ld;
534         struct dom_sid2 *sid = NULL;
535         struct lsa_String d_name;
536         struct samr_OpenDomain od;
537         struct policy_handle d_handle;
538         struct samr_LookupNames ln;
539         struct samr_Ids rids, types;
540         struct samr_OpenUser ou;
541         struct policy_handle u_handle;
542         union libnet_SetPassword r2;
543
544         /* prepare connect to the SAMR pipe of users domain PDC */
545         c.level               = LIBNET_RPC_CONNECT_PDC;
546         c.in.name             = r->samr.in.domain_name;
547         c.in.dcerpc_iface     = &ndr_table_samr;
548
549         /* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
550         status = libnet_RpcConnect(ctx, mem_ctx, &c);
551         if (!NT_STATUS_IS_OK(status)) {
552                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
553                                                            "Connection to SAMR pipe of PDC of domain '%s' failed: %s",
554                                                            r->samr.in.domain_name, nt_errstr(status));
555                 return status;
556         }
557
558         /* prepare samr_Connect */
559         ZERO_STRUCT(p_handle);
560         sc.in.system_name = NULL;
561         sc.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
562         sc.out.connect_handle = &p_handle;
563
564         /* 2. do a samr_Connect to get a policy handle */
565         status = dcerpc_samr_Connect(c.out.dcerpc_pipe, mem_ctx, &sc);
566         if (!NT_STATUS_IS_OK(status)) {
567                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
568                                                 "samr_Connect failed: %s",
569                                                 nt_errstr(status));
570                 goto disconnect;
571         }
572
573         /* prepare samr_LookupDomain */
574         d_name.string = r->samr.in.domain_name;
575         ld.in.connect_handle = &p_handle;
576         ld.in.domain_name = &d_name;
577         ld.out.sid = &sid;
578
579         /* 3. do a samr_LookupDomain to get the domain sid */
580         status = dcerpc_samr_LookupDomain(c.out.dcerpc_pipe, mem_ctx, &ld);
581         if (!NT_STATUS_IS_OK(status)) {
582                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
583                                                 "samr_LookupDomain for [%s] failed: %s",
584                                                 r->samr.in.domain_name, nt_errstr(status));
585                 goto disconnect;
586         }
587
588         /* prepare samr_OpenDomain */
589         ZERO_STRUCT(d_handle);
590         od.in.connect_handle = &p_handle;
591         od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
592         od.in.sid = *ld.out.sid;
593         od.out.domain_handle = &d_handle;
594
595         /* 4. do a samr_OpenDomain to get a domain handle */
596         status = dcerpc_samr_OpenDomain(c.out.dcerpc_pipe, mem_ctx, &od);
597         if (!NT_STATUS_IS_OK(status)) {
598                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
599                                                 "samr_OpenDomain for [%s] failed: %s",
600                                                 r->samr.in.domain_name, nt_errstr(status));
601                 goto disconnect;
602         }
603
604         /* prepare samr_LookupNames */
605         ln.in.domain_handle = &d_handle;
606         ln.in.num_names = 1;
607         ln.in.names = talloc_array(mem_ctx, struct lsa_String, 1);
608         ln.out.rids = &rids;
609         ln.out.types = &types;
610         if (!ln.in.names) {
611                 r->samr.out.error_string = "Out of Memory";
612                 return NT_STATUS_NO_MEMORY;
613         }
614         ln.in.names[0].string = r->samr.in.account_name;
615
616         /* 5. do a samr_LookupNames to get the users rid */
617         status = dcerpc_samr_LookupNames(c.out.dcerpc_pipe, mem_ctx, &ln);
618         if (!NT_STATUS_IS_OK(status)) {
619                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
620                                                 "samr_LookupNames for [%s] failed: %s",
621                                                 r->samr.in.account_name, nt_errstr(status));
622                 goto disconnect;
623         }
624
625         /* check if we got one RID for the user */
626         if (ln.out.rids->count != 1) {
627                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
628                                                 "samr_LookupNames for [%s] returns %d RIDs",
629                                                 r->samr.in.account_name, ln.out.rids->count);
630                 status = NT_STATUS_INVALID_PARAMETER;
631                 goto disconnect;        
632         }
633
634         /* prepare samr_OpenUser */
635         ZERO_STRUCT(u_handle);
636         ou.in.domain_handle = &d_handle;
637         ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
638         ou.in.rid = ln.out.rids->ids[0];
639         ou.out.user_handle = &u_handle;
640
641         /* 6. do a samr_OpenUser to get a user handle */
642         status = dcerpc_samr_OpenUser(c.out.dcerpc_pipe, mem_ctx, &ou);
643         if (!NT_STATUS_IS_OK(status)) {
644                 r->samr.out.error_string = talloc_asprintf(mem_ctx,
645                                                 "samr_OpenUser for [%s] failed: %s",
646                                                 r->samr.in.account_name, nt_errstr(status));
647                 goto disconnect;
648         }
649
650         r2.samr_handle.level            = LIBNET_SET_PASSWORD_SAMR_HANDLE;
651         r2.samr_handle.in.account_name  = r->samr.in.account_name;
652         r2.samr_handle.in.newpassword   = r->samr.in.newpassword;
653         r2.samr_handle.in.user_handle   = &u_handle;
654         r2.samr_handle.in.dcerpc_pipe   = c.out.dcerpc_pipe;
655         r2.samr_handle.in.info21        = NULL;
656
657         status = libnet_SetPassword(ctx, mem_ctx, &r2);
658
659         r->generic.out.error_string = r2.samr_handle.out.error_string;
660
661 disconnect:
662         /* close connection */
663         talloc_free(c.out.dcerpc_pipe);
664
665         return status;
666 }
667
668 static NTSTATUS libnet_SetPassword_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
669 {
670         NTSTATUS status;
671         union libnet_SetPassword r2;
672
673         r2.samr.level           = LIBNET_SET_PASSWORD_SAMR;
674         r2.samr.in.account_name = r->generic.in.account_name;
675         r2.samr.in.domain_name  = r->generic.in.domain_name;
676         r2.samr.in.newpassword  = r->generic.in.newpassword;
677
678         r->generic.out.error_string = "Unknown Error";
679         status = libnet_SetPassword(ctx, mem_ctx, &r2);
680
681         r->generic.out.error_string = r2.samr.out.error_string;
682
683         return status;
684 }
685
686 NTSTATUS libnet_SetPassword(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_SetPassword *r)
687 {
688         switch (r->generic.level) {
689                 case LIBNET_SET_PASSWORD_GENERIC:
690                         return libnet_SetPassword_generic(ctx, mem_ctx, r);
691                 case LIBNET_SET_PASSWORD_SAMR:
692                         return libnet_SetPassword_samr(ctx, mem_ctx, r);
693                 case LIBNET_SET_PASSWORD_SAMR_HANDLE:
694                         return libnet_SetPassword_samr_handle(ctx, mem_ctx, r);
695                 case LIBNET_SET_PASSWORD_SAMR_HANDLE_26:
696                         return libnet_SetPassword_samr_handle_26(ctx, mem_ctx, r);
697                 case LIBNET_SET_PASSWORD_SAMR_HANDLE_25:
698                         return libnet_SetPassword_samr_handle_25(ctx, mem_ctx, r);
699                 case LIBNET_SET_PASSWORD_SAMR_HANDLE_24:
700                         return libnet_SetPassword_samr_handle_24(ctx, mem_ctx, r);
701                 case LIBNET_SET_PASSWORD_SAMR_HANDLE_23:
702                         return libnet_SetPassword_samr_handle_23(ctx, mem_ctx, r);
703                 case LIBNET_SET_PASSWORD_KRB5:
704                         return NT_STATUS_NOT_IMPLEMENTED;
705                 case LIBNET_SET_PASSWORD_LDAP:
706                         return NT_STATUS_NOT_IMPLEMENTED;
707                 case LIBNET_SET_PASSWORD_RAP:
708                         return NT_STATUS_NOT_IMPLEMENTED;
709         }
710
711         return NT_STATUS_INVALID_LEVEL;
712 }