Context Navigation

source: vendor/3.6.0/source4/libnet/libnet_passwd.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 24.7 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3
4	Copyright (C) Stefan Metzmacher 2004
5	Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
6
7	This program is free software; you can redistribute it and/or modify
8	it under the terms of the GNU General Public License as published by
9	the Free Software Foundation; either version 3 of the License, or
10	(at your option) any later version.
11
12	This program is distributed in the hope that it will be useful,
13	but WITHOUT ANY WARRANTY; without even the implied warranty of
14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	GNU General Public License for more details.
16
17	You should have received a copy of the GNU General Public License
18	along with this program. If not, see <http://www.gnu.org/licenses/>.
19	*/
20
21	#include "includes.h"
22	#include "libnet/libnet.h"
23	#include "../lib/crypto/crypto.h"
24	#include "libcli/auth/libcli_auth.h"
25	#include "librpc/gen_ndr/ndr_samr_c.h"
26
27	/*
28	* do a password change using DCERPC/SAMR calls
29	* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation)
30	* 2. try samr_ChangePasswordUser3
31	* 3. try samr_ChangePasswordUser2
32	* 4. try samr_OemChangePasswordUser2
33	* (not yet: 5. try samr_ChangePasswordUser)
34	*/
35	static NTSTATUS libnet_ChangePassword_samr(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_ChangePassword *r)
36	{
37	NTSTATUS status;
38	struct libnet_RpcConnect c;
39	#if 0
40	struct policy_handle user_handle;
41	struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
42	struct samr_ChangePasswordUser pw;
43	#endif
44	struct samr_OemChangePasswordUser2 oe2;
45	struct samr_ChangePasswordUser2 pw2;
46	struct samr_ChangePasswordUser3 pw3;
47	struct lsa_String server, account;
48	struct lsa_AsciiString a_server, a_account;
49	struct samr_CryptPassword nt_pass, lm_pass;
50	struct samr_Password nt_verifier, lm_verifier;
51	uint8_t old_nt_hash[16], new_nt_hash[16];
52	uint8_t old_lm_hash[16], new_lm_hash[16];
53	struct samr_DomInfo1 *dominfo = NULL;
54	struct userPwdChangeFailureInformation *reject = NULL;
55
56	ZERO_STRUCT(c);
57
58	/* prepare connect to the SAMR pipe of the users domain PDC */
59	c.level = LIBNET_RPC_CONNECT_PDC;
60	c.in.name = r->samr.in.domain_name;
61	c.in.dcerpc_iface = &ndr_table_samr;
62	c.in.dcerpc_flags = DCERPC_ANON_FALLBACK;
63
64	/* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
65	status = libnet_RpcConnect(ctx, mem_ctx, &c);
66	if (!NT_STATUS_IS_OK(status)) {
67	r->samr.out.error_string = talloc_asprintf(mem_ctx,
68	"Connection to SAMR pipe of PDC of domain '%s' failed: %s",
69	r->samr.in.domain_name, nt_errstr(status));
70	return status;
71	}
72
73	/* prepare password change for account */
74	server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
75	account.string = r->samr.in.account_name;
76
77	E_md4hash(r->samr.in.oldpassword, old_nt_hash);
78	E_md4hash(r->samr.in.newpassword, new_nt_hash);
79
80	E_deshash(r->samr.in.oldpassword, old_lm_hash);
81	E_deshash(r->samr.in.newpassword, new_lm_hash);
82
83	/* prepare samr_ChangePasswordUser3 */
84	encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_UNICODE);
85	arcfour_crypt(lm_pass.data, old_nt_hash, 516);
86	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
87
88	encode_pw_buffer(nt_pass.data, r->samr.in.newpassword, STR_UNICODE);
89	arcfour_crypt(nt_pass.data, old_nt_hash, 516);
90	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
91
92	pw3.in.server = &server;
93	pw3.in.account = &account;
94	pw3.in.nt_password = &nt_pass;
95	pw3.in.nt_verifier = &nt_verifier;
96	pw3.in.lm_change = 1;
97	pw3.in.lm_password = &lm_pass;
98	pw3.in.lm_verifier = &lm_verifier;
99	pw3.in.password3 = NULL;
100	pw3.out.dominfo = &dominfo;
101	pw3.out.reject = &reject;
102
103	/* 2. try samr_ChangePasswordUser3 */
104	status = dcerpc_samr_ChangePasswordUser3_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &pw3);
105	if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
106	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pw3.out.result)) {
107	status = pw3.out.result;
108	}
109	if (!NT_STATUS_IS_OK(status)) {
110	r->samr.out.error_string = talloc_asprintf(mem_ctx,
111	"samr_ChangePasswordUser3 failed: %s",
112	nt_errstr(status));
113	r->samr.out.error_string = talloc_asprintf(mem_ctx,
114	"samr_ChangePasswordUser3 for '%s\\%s' failed: %s",
115	r->samr.in.domain_name, r->samr.in.account_name,
116	nt_errstr(status));
117	}
118	goto disconnect;
119	}
120
121	/* prepare samr_ChangePasswordUser2 */
122	encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII\|STR_TERMINATE);
123	arcfour_crypt(lm_pass.data, old_lm_hash, 516);
124	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
125
126	encode_pw_buffer(nt_pass.data, r->samr.in.newpassword, STR_UNICODE);
127	arcfour_crypt(nt_pass.data, old_nt_hash, 516);
128	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
129
130	pw2.in.server = &server;
131	pw2.in.account = &account;
132	pw2.in.nt_password = &nt_pass;
133	pw2.in.nt_verifier = &nt_verifier;
134	pw2.in.lm_change = 1;
135	pw2.in.lm_password = &lm_pass;
136	pw2.in.lm_verifier = &lm_verifier;
137
138	/* 3. try samr_ChangePasswordUser2 */
139	status = dcerpc_samr_ChangePasswordUser2_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &pw2);
140	if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
141	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(pw2.out.result)) {
142	status = pw2.out.result;
143	}
144	if (!NT_STATUS_IS_OK(status)) {
145	r->samr.out.error_string = talloc_asprintf(mem_ctx,
146	"samr_ChangePasswordUser2 for '%s\\%s' failed: %s",
147	r->samr.in.domain_name, r->samr.in.account_name,
148	nt_errstr(status));
149	}
150	goto disconnect;
151	}
152
153
154	/* prepare samr_OemChangePasswordUser2 */
155	a_server.string = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(c.out.dcerpc_pipe));
156	a_account.string = r->samr.in.account_name;
157
158	encode_pw_buffer(lm_pass.data, r->samr.in.newpassword, STR_ASCII);
159	arcfour_crypt(lm_pass.data, old_lm_hash, 516);
160	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
161
162	oe2.in.server = &a_server;
163	oe2.in.account = &a_account;
164	oe2.in.password = &lm_pass;
165	oe2.in.hash = &lm_verifier;
166
167	/* 4. try samr_OemChangePasswordUser2 */
168	status = dcerpc_samr_OemChangePasswordUser2_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &oe2);
169	if (!NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
170	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(oe2.out.result)) {
171	status = oe2.out.result;
172	}
173	if (!NT_STATUS_IS_OK(oe2.out.result)) {
174	r->samr.out.error_string = talloc_asprintf(mem_ctx,
175	"samr_OemChangePasswordUser2 for '%s\\%s' failed: %s",
176	r->samr.in.domain_name, r->samr.in.account_name,
177	nt_errstr(status));
178	}
179	goto disconnect;
180	}
181
182	#if 0
183	/* prepare samr_ChangePasswordUser */
184	E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
185	E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
186	E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
187	E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
188	E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
189	E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
190
191	/* TODO: ask for a user_handle */
192	pw.in.handle = &user_handle;
193	pw.in.lm_present = 1;
194	pw.in.old_lm_crypted = &hash1;
195	pw.in.new_lm_crypted = &hash2;
196	pw.in.nt_present = 1;
197	pw.in.old_nt_crypted = &hash3;
198	pw.in.new_nt_crypted = &hash4;
199	pw.in.cross1_present = 1;
200	pw.in.nt_cross = &hash5;
201	pw.in.cross2_present = 1;
202	pw.in.lm_cross = &hash6;
203
204	/* 5. try samr_ChangePasswordUser */
205	status = dcerpc_samr_ChangePasswordUser_r(c.pdc.out.dcerpc_pipe->binding_handle, mem_ctx, &pw);
206	if (!NT_STATUS_IS_OK(status)) {
207	r->samr.out.error_string = talloc_asprintf(mem_ctx,
208	"samr_ChangePasswordUser failed: %s",
209	nt_errstr(status));
210	goto disconnect;
211	}
212
213	/* check result of samr_ChangePasswordUser */
214	if (!NT_STATUS_IS_OK(pw.out.result)) {
215	r->samr.out.error_string = talloc_asprintf(mem_ctx,
216	"samr_ChangePasswordUser for '%s\\%s' failed: %s",
217	r->samr.in.domain_name, r->samr.in.account_name,
218	nt_errstr(pw.out.result));
219	if (NT_STATUS_EQUAL(pw.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
220	status = pw.out.result;
221	goto disconnect;
222	}
223	goto disconnect;
224	}
225	#endif
226	disconnect:
227	/* close connection */
228	talloc_unlink(ctx, c.out.dcerpc_pipe);
229
230	return status;
231	}
232
233	static NTSTATUS libnet_ChangePassword_generic(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_ChangePassword *r)
234	{
235	NTSTATUS status;
236	union libnet_ChangePassword r2;
237
238	r2.samr.level = LIBNET_CHANGE_PASSWORD_SAMR;
239	r2.samr.in.account_name = r->generic.in.account_name;
240	r2.samr.in.domain_name = r->generic.in.domain_name;
241	r2.samr.in.oldpassword = r->generic.in.oldpassword;
242	r2.samr.in.newpassword = r->generic.in.newpassword;
243
244	status = libnet_ChangePassword(ctx, mem_ctx, &r2);
245
246	r->generic.out.error_string = r2.samr.out.error_string;
247
248	return status;
249	}
250
251	NTSTATUS libnet_ChangePassword(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_ChangePassword *r)
252	{
253	switch (r->generic.level) {
254	case LIBNET_CHANGE_PASSWORD_GENERIC:
255	return libnet_ChangePassword_generic(ctx, mem_ctx, r);
256	case LIBNET_CHANGE_PASSWORD_SAMR:
257	return libnet_ChangePassword_samr(ctx, mem_ctx, r);
258	case LIBNET_CHANGE_PASSWORD_KRB5:
259	return NT_STATUS_NOT_IMPLEMENTED;
260	case LIBNET_CHANGE_PASSWORD_LDAP:
261	return NT_STATUS_NOT_IMPLEMENTED;
262	case LIBNET_CHANGE_PASSWORD_RAP:
263	return NT_STATUS_NOT_IMPLEMENTED;
264	}
265
266	return NT_STATUS_INVALID_LEVEL;
267	}
268
269	static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
270	{
271	NTSTATUS status;
272	struct samr_SetUserInfo2 sui;
273	union samr_UserInfo u_info;
274	DATA_BLOB session_key;
275	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
276	uint8_t confounder[16];
277	struct MD5Context md5;
278
279	if (r->samr_handle.in.info21) {
280	return NT_STATUS_INVALID_PARAMETER_MIX;
281	}
282
283	/* prepare samr_SetUserInfo2 level 26 */
284	ZERO_STRUCT(u_info);
285	encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
286	u_info.info26.password_expired = 0;
287
288	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
289	if (!NT_STATUS_IS_OK(status)) {
290	r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
291	"dcerpc_fetch_session_key failed: %s",
292	nt_errstr(status));
293	return status;
294	}
295
296	generate_random_buffer((uint8_t *)confounder, 16);
297
298	MD5Init(&md5);
299	MD5Update(&md5, confounder, 16);
300	MD5Update(&md5, session_key.data, session_key.length);
301	MD5Final(confounded_session_key.data, &md5);
302
303	arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);
304	memcpy(&u_info.info26.password.data[516], confounder, 16);
305
306	sui.in.user_handle = r->samr_handle.in.user_handle;
307	sui.in.info = &u_info;
308	sui.in.level = 26;
309
310	/* 7. try samr_SetUserInfo2 level 26 to set the password */
311	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
312	/* check result of samr_SetUserInfo2 level 26 */
313	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
314	status = sui.out.result;
315	}
316	if (!NT_STATUS_IS_OK(status)) {
317	r->samr_handle.out.error_string
318	= talloc_asprintf(mem_ctx,
319	"SetUserInfo2 level 26 for [%s] failed: %s",
320	r->samr_handle.in.account_name, nt_errstr(status));
321	}
322	return status;
323	}
324
325	static NTSTATUS libnet_SetPassword_samr_handle_25(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
326	{
327	NTSTATUS status;
328	struct samr_SetUserInfo2 sui;
329	union samr_UserInfo u_info;
330	DATA_BLOB session_key;
331	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
332	uint8_t confounder[16];
333	struct MD5Context md5;
334
335	if (!r->samr_handle.in.info21) {
336	return NT_STATUS_INVALID_PARAMETER_MIX;
337	}
338
339	/* prepare samr_SetUserInfo2 level 25 */
340	ZERO_STRUCT(u_info);
341	u_info.info25.info = *r->samr_handle.in.info21;
342	u_info.info25.info.fields_present \|= SAMR_FIELD_NT_PASSWORD_PRESENT;
343	encode_pw_buffer(u_info.info25.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
344
345	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
346	if (!NT_STATUS_IS_OK(status)) {
347	r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
348	"dcerpc_fetch_session_key failed: %s",
349	nt_errstr(status));
350	return status;
351	}
352
353	generate_random_buffer((uint8_t *)confounder, 16);
354
355	MD5Init(&md5);
356	MD5Update(&md5, confounder, 16);
357	MD5Update(&md5, session_key.data, session_key.length);
358	MD5Final(confounded_session_key.data, &md5);
359
360	arcfour_crypt_blob(u_info.info25.password.data, 516, &confounded_session_key);
361	memcpy(&u_info.info25.password.data[516], confounder, 16);
362
363	sui.in.user_handle = r->samr_handle.in.user_handle;
364	sui.in.info = &u_info;
365	sui.in.level = 25;
366
367	/* 8. try samr_SetUserInfo2 level 25 to set the password */
368	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
369	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
370	status = sui.out.result;
371	}
372	if (!NT_STATUS_IS_OK(status)) {
373	r->samr_handle.out.error_string
374	= talloc_asprintf(mem_ctx,
375	"SetUserInfo2 level 25 for [%s] failed: %s",
376	r->samr_handle.in.account_name, nt_errstr(status));
377	}
378	return status;
379	}
380
381	static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
382	{
383	NTSTATUS status;
384	struct samr_SetUserInfo2 sui;
385	union samr_UserInfo u_info;
386	DATA_BLOB session_key;
387
388	if (r->samr_handle.in.info21) {
389	return NT_STATUS_INVALID_PARAMETER_MIX;
390	}
391
392	/* prepare samr_SetUserInfo2 level 24 */
393	ZERO_STRUCT(u_info);
394	encode_pw_buffer(u_info.info24.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
395	u_info.info24.password_expired = 0;
396
397	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
398	if (!NT_STATUS_IS_OK(status)) {
399	r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
400	"dcerpc_fetch_session_key failed: %s",
401	nt_errstr(status));
402	return status;
403	}
404
405	arcfour_crypt_blob(u_info.info24.password.data, 516, &session_key);
406
407	sui.in.user_handle = r->samr_handle.in.user_handle;
408	sui.in.info = &u_info;
409	sui.in.level = 24;
410
411	/* 9. try samr_SetUserInfo2 level 24 to set the password */
412	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
413	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
414	status = sui.out.result;
415	}
416	if (!NT_STATUS_IS_OK(status)) {
417	r->samr_handle.out.error_string
418	= talloc_asprintf(mem_ctx,
419	"SetUserInfo2 level 24 for [%s] failed: %s",
420	r->samr_handle.in.account_name, nt_errstr(status));
421	}
422	return status;
423	}
424
425	static NTSTATUS libnet_SetPassword_samr_handle_23(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
426	{
427	NTSTATUS status;
428	struct samr_SetUserInfo2 sui;
429	union samr_UserInfo u_info;
430	DATA_BLOB session_key;
431
432	if (!r->samr_handle.in.info21) {
433	return NT_STATUS_INVALID_PARAMETER_MIX;
434	}
435
436	/* prepare samr_SetUserInfo2 level 23 */
437	ZERO_STRUCT(u_info);
438	u_info.info23.info = *r->samr_handle.in.info21;
439	u_info.info23.info.fields_present \|= SAMR_FIELD_NT_PASSWORD_PRESENT;
440	encode_pw_buffer(u_info.info23.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
441
442	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
443	if (!NT_STATUS_IS_OK(status)) {
444	r->samr_handle.out.error_string
445	= talloc_asprintf(mem_ctx,
446	"dcerpc_fetch_session_key failed: %s",
447	nt_errstr(status));
448	return status;
449	}
450
451	arcfour_crypt_blob(u_info.info23.password.data, 516, &session_key);
452
453	sui.in.user_handle = r->samr_handle.in.user_handle;
454	sui.in.info = &u_info;
455	sui.in.level = 23;
456
457	/* 10. try samr_SetUserInfo2 level 23 to set the password */
458	status = dcerpc_samr_SetUserInfo2_r(r->samr_handle.in.dcerpc_pipe->binding_handle, mem_ctx, &sui);
459	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sui.out.result)) {
460	status = sui.out.result;
461	}
462	if (!NT_STATUS_IS_OK(status)) {
463	r->samr_handle.out.error_string
464	= talloc_asprintf(mem_ctx,
465	"SetUserInfo2 level 23 for [%s] failed: %s",
466	r->samr_handle.in.account_name, nt_errstr(status));
467	}
468	return status;
469	}
470
471	/*
472	* 1. try samr_SetUserInfo2 level 26 to set the password
473	* 2. try samr_SetUserInfo2 level 25 to set the password
474	* 3. try samr_SetUserInfo2 level 24 to set the password
475	* 4. try samr_SetUserInfo2 level 23 to set the password
476	*/
477	static NTSTATUS libnet_SetPassword_samr_handle(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
478	{
479
480	NTSTATUS status;
481	enum libnet_SetPassword_level levels[] = {
482	LIBNET_SET_PASSWORD_SAMR_HANDLE_26,
483	LIBNET_SET_PASSWORD_SAMR_HANDLE_25,
484	LIBNET_SET_PASSWORD_SAMR_HANDLE_24,
485	LIBNET_SET_PASSWORD_SAMR_HANDLE_23,
486	};
487	unsigned int i;
488
489	for (i=0; i < ARRAY_SIZE(levels); i++) {
490	r->generic.level = levels[i];
491	status = libnet_SetPassword(ctx, mem_ctx, r);
492	if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)
493	\|\| NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER_MIX)
494	\|\| NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
495	/* Try another password set mechanism */
496	continue;
497	}
498	break;
499	}
500
501	return status;
502	}
503	/*
504	* set a password with DCERPC/SAMR calls
505	* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation)
506	* is it correct to contact the the pdc of the domain of the user who's password should be set?
507	* 2. do a samr_Connect to get a policy handle
508	* 3. do a samr_LookupDomain to get the domain sid
509	* 4. do a samr_OpenDomain to get a domain handle
510	* 5. do a samr_LookupNames to get the users rid
511	* 6. do a samr_OpenUser to get a user handle
512	* 7 call libnet_SetPassword_samr_handle to set the password
513	*/
514	static NTSTATUS libnet_SetPassword_samr(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
515	{
516	NTSTATUS status;
517	struct libnet_RpcConnect c;
518	struct samr_Connect sc;
519	struct policy_handle p_handle;
520	struct samr_LookupDomain ld;
521	struct dom_sid2 *sid = NULL;
522	struct lsa_String d_name;
523	struct samr_OpenDomain od;
524	struct policy_handle d_handle;
525	struct samr_LookupNames ln;
526	struct samr_Ids rids, types;
527	struct samr_OpenUser ou;
528	struct policy_handle u_handle;
529	union libnet_SetPassword r2;
530
531	ZERO_STRUCT(c);
532	/* prepare connect to the SAMR pipe of users domain PDC */
533	c.level = LIBNET_RPC_CONNECT_PDC;
534	c.in.name = r->samr.in.domain_name;
535	c.in.dcerpc_iface = &ndr_table_samr;
536
537	/* 1. connect to the SAMR pipe of users domain PDC (maybe a standalone server or workstation) */
538	status = libnet_RpcConnect(ctx, mem_ctx, &c);
539	if (!NT_STATUS_IS_OK(status)) {
540	r->samr.out.error_string = talloc_asprintf(mem_ctx,
541	"Connection to SAMR pipe of PDC of domain '%s' failed: %s",
542	r->samr.in.domain_name, nt_errstr(status));
543	return status;
544	}
545
546	/* prepare samr_Connect */
547	ZERO_STRUCT(p_handle);
548	sc.in.system_name = NULL;
549	sc.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
550	sc.out.connect_handle = &p_handle;
551
552	/* 2. do a samr_Connect to get a policy handle */
553	status = dcerpc_samr_Connect_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &sc);
554	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(sc.out.result)) {
555	status = sc.out.result;
556	}
557	if (!NT_STATUS_IS_OK(status)) {
558	r->samr.out.error_string = talloc_asprintf(mem_ctx,
559	"samr_Connect failed: %s",
560	nt_errstr(status));
561	goto disconnect;
562	}
563
564	/* prepare samr_LookupDomain */
565	d_name.string = r->samr.in.domain_name;
566	ld.in.connect_handle = &p_handle;
567	ld.in.domain_name = &d_name;
568	ld.out.sid = &sid;
569
570	/* 3. do a samr_LookupDomain to get the domain sid */
571	status = dcerpc_samr_LookupDomain_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ld);
572	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ld.out.result)) {
573	status = ld.out.result;
574	}
575	if (!NT_STATUS_IS_OK(status)) {
576	r->samr.out.error_string = talloc_asprintf(mem_ctx,
577	"samr_LookupDomain for [%s] failed: %s",
578	r->samr.in.domain_name, nt_errstr(status));
579	goto disconnect;
580	}
581
582	/* prepare samr_OpenDomain */
583	ZERO_STRUCT(d_handle);
584	od.in.connect_handle = &p_handle;
585	od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
586	od.in.sid = *ld.out.sid;
587	od.out.domain_handle = &d_handle;
588
589	/* 4. do a samr_OpenDomain to get a domain handle */
590	status = dcerpc_samr_OpenDomain_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &od);
591	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(od.out.result)) {
592	status = od.out.result;
593	}
594	if (!NT_STATUS_IS_OK(status)) {
595	r->samr.out.error_string = talloc_asprintf(mem_ctx,
596	"samr_OpenDomain for [%s] failed: %s",
597	r->samr.in.domain_name, nt_errstr(status));
598	goto disconnect;
599	}
600
601	/* prepare samr_LookupNames */
602	ln.in.domain_handle = &d_handle;
603	ln.in.num_names = 1;
604	ln.in.names = talloc_array(mem_ctx, struct lsa_String, 1);
605	ln.out.rids = &rids;
606	ln.out.types = &types;
607	if (!ln.in.names) {
608	r->samr.out.error_string = "Out of Memory";
609	return NT_STATUS_NO_MEMORY;
610	}
611	ln.in.names[0].string = r->samr.in.account_name;
612
613	/* 5. do a samr_LookupNames to get the users rid */
614	status = dcerpc_samr_LookupNames_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ln);
615	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ln.out.result)) {
616	status = ln.out.result;
617	}
618	if (!NT_STATUS_IS_OK(status)) {
619	r->samr.out.error_string = talloc_asprintf(mem_ctx,
620	"samr_LookupNames for [%s] failed: %s",
621	r->samr.in.account_name, nt_errstr(status));
622	goto disconnect;
623	}
624
625	/* check if we got one RID for the user */
626	if (ln.out.rids->count != 1) {
627	r->samr.out.error_string = talloc_asprintf(mem_ctx,
628	"samr_LookupNames for [%s] returns %d RIDs",
629	r->samr.in.account_name, ln.out.rids->count);
630	status = NT_STATUS_INVALID_PARAMETER;
631	goto disconnect;
632	}
633
634	/* prepare samr_OpenUser */
635	ZERO_STRUCT(u_handle);
636	ou.in.domain_handle = &d_handle;
637	ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
638	ou.in.rid = ln.out.rids->ids[0];
639	ou.out.user_handle = &u_handle;
640
641	/* 6. do a samr_OpenUser to get a user handle */
642	status = dcerpc_samr_OpenUser_r(c.out.dcerpc_pipe->binding_handle, mem_ctx, &ou);
643	if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(ou.out.result)) {
644	status = ou.out.result;
645	}
646	if (!NT_STATUS_IS_OK(status)) {
647	r->samr.out.error_string = talloc_asprintf(mem_ctx,
648	"samr_OpenUser for [%s] failed: %s",
649	r->samr.in.account_name, nt_errstr(status));
650	goto disconnect;
651	}
652
653	r2.samr_handle.level = LIBNET_SET_PASSWORD_SAMR_HANDLE;
654	r2.samr_handle.in.account_name = r->samr.in.account_name;
655	r2.samr_handle.in.newpassword = r->samr.in.newpassword;
656	r2.samr_handle.in.user_handle = &u_handle;
657	r2.samr_handle.in.dcerpc_pipe = c.out.dcerpc_pipe;
658	r2.samr_handle.in.info21 = NULL;
659
660	status = libnet_SetPassword(ctx, mem_ctx, &r2);
661
662	r->generic.out.error_string = r2.samr_handle.out.error_string;
663
664	disconnect:
665	/* close connection */
666	talloc_unlink(ctx, c.out.dcerpc_pipe);
667
668	return status;
669	}
670
671	static NTSTATUS libnet_SetPassword_generic(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
672	{
673	NTSTATUS status;
674	union libnet_SetPassword r2;
675
676	r2.samr.level = LIBNET_SET_PASSWORD_SAMR;
677	r2.samr.in.account_name = r->generic.in.account_name;
678	r2.samr.in.domain_name = r->generic.in.domain_name;
679	r2.samr.in.newpassword = r->generic.in.newpassword;
680
681	r->generic.out.error_string = "Unknown Error";
682	status = libnet_SetPassword(ctx, mem_ctx, &r2);
683
684	r->generic.out.error_string = r2.samr.out.error_string;
685
686	return status;
687	}
688
689	NTSTATUS libnet_SetPassword(struct libnet_context ctx, TALLOC_CTX mem_ctx, union libnet_SetPassword *r)
690	{
691	switch (r->generic.level) {
692	case LIBNET_SET_PASSWORD_GENERIC:
693	return libnet_SetPassword_generic(ctx, mem_ctx, r);
694	case LIBNET_SET_PASSWORD_SAMR:
695	return libnet_SetPassword_samr(ctx, mem_ctx, r);
696	case LIBNET_SET_PASSWORD_SAMR_HANDLE:
697	return libnet_SetPassword_samr_handle(ctx, mem_ctx, r);
698	case LIBNET_SET_PASSWORD_SAMR_HANDLE_26:
699	return libnet_SetPassword_samr_handle_26(ctx, mem_ctx, r);
700	case LIBNET_SET_PASSWORD_SAMR_HANDLE_25:
701	return libnet_SetPassword_samr_handle_25(ctx, mem_ctx, r);
702	case LIBNET_SET_PASSWORD_SAMR_HANDLE_24:
703	return libnet_SetPassword_samr_handle_24(ctx, mem_ctx, r);
704	case LIBNET_SET_PASSWORD_SAMR_HANDLE_23:
705	return libnet_SetPassword_samr_handle_23(ctx, mem_ctx, r);
706	case LIBNET_SET_PASSWORD_KRB5:
707	return NT_STATUS_NOT_IMPLEMENTED;
708	case LIBNET_SET_PASSWORD_LDAP:
709	return NT_STATUS_NOT_IMPLEMENTED;
710	case LIBNET_SET_PASSWORD_RAP:
711	return NT_STATUS_NOT_IMPLEMENTED;
712	}
713
714	return NT_STATUS_INVALID_LEVEL;
715	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: