Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : RPC pipe client
4 : Copyright (C) Tim Potter 2000-2001,
5 : Copyright (C) Andrew Tridgell 1992-1997,2000,
6 : Copyright (C) Rafal Szczesniak 2002.
7 : Copyright (C) Jeremy Allison 2005.
8 : Copyright (C) Guenther Deschner 2008.
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "rpc_client/rpc_client.h"
26 : #include "../libcli/auth/libcli_auth.h"
27 : #include "../librpc/gen_ndr/ndr_samr_c.h"
28 : #include "rpc_client/cli_samr.h"
29 : #include "rpc_client/init_lsa.h"
30 : #include "rpc_client/init_samr.h"
31 :
32 : /* User change password */
33 :
34 0 : NTSTATUS dcerpc_samr_chgpasswd_user(struct dcerpc_binding_handle *h,
35 : TALLOC_CTX *mem_ctx,
36 : struct policy_handle *user_handle,
37 : const char *newpassword,
38 : const char *oldpassword,
39 : NTSTATUS *presult)
40 : {
41 : NTSTATUS status;
42 : int rc;
43 : struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
44 :
45 0 : uint8_t old_nt_hash[16] = {0};
46 0 : uint8_t old_lm_hash[16] = {0};
47 0 : uint8_t new_nt_hash[16] = {0};
48 0 : uint8_t new_lm_hash[16] = {0};
49 :
50 0 : DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
51 :
52 0 : E_md4hash(oldpassword, old_nt_hash);
53 0 : E_md4hash(newpassword, new_nt_hash);
54 :
55 0 : E_deshash(oldpassword, old_lm_hash);
56 0 : E_deshash(newpassword, new_lm_hash);
57 :
58 0 : rc = E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
59 0 : if (rc != 0) {
60 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
61 0 : goto done;
62 : }
63 0 : rc = E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
64 0 : if (rc != 0) {
65 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
66 0 : goto done;
67 : }
68 0 : rc = E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
69 0 : if (rc != 0) {
70 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
71 0 : goto done;
72 : }
73 0 : rc = E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
74 0 : if (rc != 0) {
75 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
76 0 : goto done;
77 : }
78 0 : rc = E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
79 0 : if (rc != 0) {
80 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
81 0 : goto done;
82 : }
83 0 : rc = E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
84 0 : if (rc != 0) {
85 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
86 0 : goto done;
87 : }
88 :
89 0 : status = dcerpc_samr_ChangePasswordUser(h,
90 : mem_ctx,
91 : user_handle,
92 : true,
93 : &hash1,
94 : &hash2,
95 : true,
96 : &hash3,
97 : &hash4,
98 : true,
99 : &hash5,
100 : true,
101 : &hash6,
102 : presult);
103 :
104 0 : done:
105 0 : ZERO_ARRAY(old_nt_hash);
106 0 : ZERO_ARRAY(old_lm_hash);
107 0 : ZERO_ARRAY(new_nt_hash);
108 0 : ZERO_ARRAY(new_lm_hash);
109 :
110 0 : return status;
111 : }
112 :
113 0 : NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
114 : TALLOC_CTX *mem_ctx,
115 : struct policy_handle *user_handle,
116 : const char *newpassword,
117 : const char *oldpassword)
118 : {
119 : NTSTATUS status;
120 0 : NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
121 :
122 0 : status = dcerpc_samr_chgpasswd_user(cli->binding_handle,
123 : mem_ctx,
124 : user_handle,
125 : newpassword,
126 : oldpassword,
127 : &result);
128 0 : if (!NT_STATUS_IS_OK(status)) {
129 0 : return status;
130 : }
131 :
132 0 : return result;
133 : }
134 :
135 : /* User change password */
136 :
137 5 : NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
138 : TALLOC_CTX *mem_ctx,
139 : const char *srv_name_slash,
140 : const char *username,
141 : const char *newpassword,
142 : const char *oldpassword,
143 : NTSTATUS *presult)
144 : {
145 : NTSTATUS status;
146 : int rc;
147 : struct samr_CryptPassword new_nt_password;
148 : struct samr_CryptPassword new_lm_password;
149 : struct samr_Password old_nt_hash_enc;
150 : struct samr_Password old_lanman_hash_enc;
151 :
152 5 : uint8_t old_nt_hash[16] = { 0 };
153 : uint8_t old_lanman_hash[16];
154 : uint8_t new_nt_hash[16];
155 : uint8_t new_lanman_hash[16];
156 : struct lsa_String server, account;
157 :
158 5 : DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
159 :
160 5 : DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
161 :
162 5 : init_lsa_String(&server, srv_name_slash);
163 5 : init_lsa_String(&account, username);
164 :
165 : /* Calculate the MD4 hash (NT compatible) of the password */
166 5 : E_md4hash(oldpassword, old_nt_hash);
167 5 : E_md4hash(newpassword, new_nt_hash);
168 :
169 5 : if (lp_client_lanman_auth() &&
170 0 : E_deshash(newpassword, new_lanman_hash) &&
171 0 : E_deshash(oldpassword, old_lanman_hash)) {
172 : /* E_deshash returns false for 'long' passwords (> 14
173 : DOS chars). This allows us to match Win2k, which
174 : does not store a LM hash for these passwords (which
175 : would reduce the effective password length to 14) */
176 0 : status = init_samr_CryptPassword(newpassword,
177 : &session_key,
178 : &new_lm_password);
179 0 : if (!NT_STATUS_IS_OK(status)) {
180 0 : return status;
181 : }
182 :
183 0 : rc = E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
184 0 : if (rc != 0) {
185 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
186 0 : goto done;
187 : }
188 : } else {
189 5 : ZERO_STRUCT(new_lm_password);
190 5 : ZERO_STRUCT(old_lanman_hash_enc);
191 : }
192 :
193 5 : status = init_samr_CryptPassword(newpassword,
194 : &session_key,
195 : &new_nt_password);
196 5 : if (!NT_STATUS_IS_OK(status)) {
197 0 : return status;
198 : }
199 5 : rc = E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
200 5 : if (rc != 0) {
201 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
202 0 : goto done;
203 : }
204 :
205 5 : status = dcerpc_samr_ChangePasswordUser2(h,
206 : mem_ctx,
207 : &server,
208 : &account,
209 : &new_nt_password,
210 : &old_nt_hash_enc,
211 : true,
212 : &new_lm_password,
213 : &old_lanman_hash_enc,
214 : presult);
215 :
216 5 : done:
217 5 : ZERO_STRUCT(new_nt_password);
218 5 : ZERO_STRUCT(new_lm_password);
219 5 : ZERO_STRUCT(old_nt_hash_enc);
220 5 : ZERO_STRUCT(old_lanman_hash_enc);
221 5 : ZERO_ARRAY(new_nt_hash);
222 5 : ZERO_ARRAY(new_lanman_hash);
223 5 : ZERO_ARRAY(old_nt_hash);
224 5 : ZERO_ARRAY(old_lanman_hash);
225 :
226 5 : return status;
227 : }
228 :
229 5 : NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
230 : TALLOC_CTX *mem_ctx,
231 : const char *username,
232 : const char *newpassword,
233 : const char *oldpassword)
234 : {
235 : NTSTATUS status;
236 5 : NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
237 :
238 5 : status = dcerpc_samr_chgpasswd_user2(cli->binding_handle,
239 : mem_ctx,
240 5 : cli->srv_name_slash,
241 : username,
242 : newpassword,
243 : oldpassword,
244 : &result);
245 5 : if (!NT_STATUS_IS_OK(status)) {
246 0 : return status;
247 : }
248 :
249 5 : return result;
250 : }
251 :
252 : /* User change password given blobs */
253 :
254 0 : NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct dcerpc_binding_handle *h,
255 : TALLOC_CTX *mem_ctx,
256 : const char *srv_name_slash,
257 : const char *username,
258 : DATA_BLOB new_nt_password_blob,
259 : DATA_BLOB old_nt_hash_enc_blob,
260 : DATA_BLOB new_lm_password_blob,
261 : DATA_BLOB old_lm_hash_enc_blob,
262 : NTSTATUS *presult)
263 : {
264 : NTSTATUS status;
265 : struct samr_CryptPassword new_nt_password;
266 : struct samr_CryptPassword new_lm_password;
267 : struct samr_Password old_nt_hash_enc;
268 : struct samr_Password old_lm_hash_enc;
269 : struct lsa_String server, account;
270 :
271 0 : DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
272 :
273 0 : ZERO_STRUCT(new_nt_password);
274 0 : ZERO_STRUCT(new_lm_password);
275 0 : ZERO_STRUCT(old_nt_hash_enc);
276 0 : ZERO_STRUCT(old_lm_hash_enc);
277 :
278 0 : init_lsa_String(&server, srv_name_slash);
279 0 : init_lsa_String(&account, username);
280 :
281 0 : if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) {
282 0 : memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
283 : }
284 :
285 0 : if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) {
286 0 : memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
287 : }
288 :
289 0 : if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) {
290 0 : memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
291 : }
292 :
293 0 : if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) {
294 0 : memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
295 : }
296 :
297 0 : status = dcerpc_samr_ChangePasswordUser2(h,
298 : mem_ctx,
299 : &server,
300 : &account,
301 : &new_nt_password,
302 : &old_nt_hash_enc,
303 : true,
304 : &new_lm_password,
305 : &old_lm_hash_enc,
306 : presult);
307 :
308 0 : return status;
309 : }
310 :
311 0 : NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
312 : TALLOC_CTX *mem_ctx,
313 : const char *username,
314 : DATA_BLOB new_nt_password_blob,
315 : DATA_BLOB old_nt_hash_enc_blob,
316 : DATA_BLOB new_lm_password_blob,
317 : DATA_BLOB old_lm_hash_enc_blob)
318 : {
319 : NTSTATUS status;
320 0 : NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
321 :
322 0 : status = dcerpc_samr_chng_pswd_auth_crap(cli->binding_handle,
323 : mem_ctx,
324 0 : cli->srv_name_slash,
325 : username,
326 : new_nt_password_blob,
327 : old_nt_hash_enc_blob,
328 : new_lm_password_blob,
329 : old_lm_hash_enc_blob,
330 : &result);
331 0 : if (!NT_STATUS_IS_OK(status)) {
332 0 : return status;
333 : }
334 :
335 0 : return result;
336 : }
337 :
338 : /* change password 3 */
339 :
340 0 : NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
341 : TALLOC_CTX *mem_ctx,
342 : const char *srv_name_slash,
343 : const char *username,
344 : const char *newpassword,
345 : const char *oldpassword,
346 : struct samr_DomInfo1 **dominfo1,
347 : struct userPwdChangeFailureInformation **reject,
348 : NTSTATUS *presult)
349 : {
350 : NTSTATUS status;
351 : int rc;
352 :
353 : struct samr_CryptPassword new_nt_password;
354 : struct samr_CryptPassword new_lm_password;
355 : struct samr_Password old_nt_hash_enc;
356 : struct samr_Password old_lanman_hash_enc;
357 :
358 0 : uint8_t old_nt_hash[16] = { 0 };
359 : uint8_t old_lanman_hash[16];
360 : uint8_t new_nt_hash[16];
361 : uint8_t new_lanman_hash[16];
362 :
363 : struct lsa_String server, account;
364 :
365 0 : DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
366 :
367 0 : DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
368 :
369 0 : init_lsa_String(&server, srv_name_slash);
370 0 : init_lsa_String(&account, username);
371 :
372 : /* Calculate the MD4 hash (NT compatible) of the password */
373 0 : E_md4hash(oldpassword, old_nt_hash);
374 0 : E_md4hash(newpassword, new_nt_hash);
375 :
376 0 : if (lp_client_lanman_auth() &&
377 0 : E_deshash(newpassword, new_lanman_hash) &&
378 0 : E_deshash(oldpassword, old_lanman_hash)) {
379 : /* E_deshash returns false for 'long' passwords (> 14
380 : DOS chars). This allows us to match Win2k, which
381 : does not store a LM hash for these passwords (which
382 : would reduce the effective password length to 14) */
383 0 : status = init_samr_CryptPassword(newpassword,
384 : &session_key,
385 : &new_lm_password);
386 0 : if (!NT_STATUS_IS_OK(status)) {
387 0 : return status;
388 : }
389 :
390 0 : rc = E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
391 0 : if (rc != 0) {
392 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
393 0 : goto done;
394 : }
395 : } else {
396 0 : ZERO_STRUCT(new_lm_password);
397 0 : ZERO_STRUCT(old_lanman_hash_enc);
398 : }
399 :
400 0 : status = init_samr_CryptPassword(newpassword,
401 : &session_key,
402 : &new_nt_password);
403 0 : if (!NT_STATUS_IS_OK(status)) {
404 0 : return status;
405 : }
406 :
407 0 : rc = E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
408 0 : if (rc != 0) {
409 0 : status = gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
410 0 : goto done;
411 : }
412 :
413 0 : status = dcerpc_samr_ChangePasswordUser3(h,
414 : mem_ctx,
415 : &server,
416 : &account,
417 : &new_nt_password,
418 : &old_nt_hash_enc,
419 : true,
420 : &new_lm_password,
421 : &old_lanman_hash_enc,
422 : NULL,
423 : dominfo1,
424 : reject,
425 : presult);
426 :
427 0 : done:
428 0 : ZERO_STRUCT(new_nt_password);
429 0 : ZERO_STRUCT(new_lm_password);
430 0 : ZERO_STRUCT(old_nt_hash_enc);
431 0 : ZERO_STRUCT(old_lanman_hash_enc);
432 0 : ZERO_ARRAY(new_nt_hash);
433 0 : ZERO_ARRAY(new_lanman_hash);
434 0 : ZERO_ARRAY(old_nt_hash);
435 0 : ZERO_ARRAY(old_lanman_hash);
436 :
437 0 : return status;
438 : }
439 :
440 0 : NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
441 : TALLOC_CTX *mem_ctx,
442 : const char *username,
443 : const char *newpassword,
444 : const char *oldpassword,
445 : struct samr_DomInfo1 **dominfo1,
446 : struct userPwdChangeFailureInformation **reject)
447 : {
448 : NTSTATUS status;
449 0 : NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
450 :
451 0 : status = dcerpc_samr_chgpasswd_user3(cli->binding_handle,
452 : mem_ctx,
453 0 : cli->srv_name_slash,
454 : username,
455 : newpassword,
456 : oldpassword,
457 : dominfo1,
458 : reject,
459 : &result);
460 0 : if (!NT_STATUS_IS_OK(status)) {
461 0 : return status;
462 : }
463 :
464 0 : return result;
465 : }
466 :
467 : /* This function returns the bizzare set of (max_entries, max_size) required
468 : for the QueryDisplayInfo RPC to actually work against a domain controller
469 : with large (10k and higher) numbers of users. These values were
470 : obtained by inspection using ethereal and NT4 running User Manager. */
471 :
472 0 : void dcerpc_get_query_dispinfo_params(int loop_count,
473 : uint32_t *max_entries,
474 : uint32_t *max_size)
475 : {
476 0 : switch(loop_count) {
477 0 : case 0:
478 0 : *max_entries = 512;
479 0 : *max_size = 16383;
480 0 : break;
481 0 : case 1:
482 0 : *max_entries = 1024;
483 0 : *max_size = 32766;
484 0 : break;
485 0 : case 2:
486 0 : *max_entries = 2048;
487 0 : *max_size = 65532;
488 0 : break;
489 0 : case 3:
490 0 : *max_entries = 4096;
491 0 : *max_size = 131064;
492 0 : break;
493 0 : default: /* loop_count >= 4 */
494 0 : *max_entries = 4096;
495 0 : *max_size = 131071;
496 0 : break;
497 : }
498 0 : }
499 :
500 82 : NTSTATUS dcerpc_try_samr_connects(struct dcerpc_binding_handle *h,
501 : TALLOC_CTX *mem_ctx,
502 : const char *srv_name_slash,
503 : uint32_t access_mask,
504 : struct policy_handle *connect_pol,
505 : NTSTATUS *presult)
506 : {
507 : NTSTATUS status;
508 : union samr_ConnectInfo info_in, info_out;
509 : struct samr_ConnectInfo1 info1;
510 82 : uint32_t lvl_out = 0;
511 :
512 82 : ZERO_STRUCT(info1);
513 :
514 82 : info1.client_version = SAMR_CONNECT_W2K;
515 82 : info_in.info1 = info1;
516 :
517 82 : status = dcerpc_samr_Connect5(h,
518 : mem_ctx,
519 : srv_name_slash,
520 : access_mask,
521 : 1,
522 : &info_in,
523 : &lvl_out,
524 : &info_out,
525 : connect_pol,
526 : presult);
527 82 : if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(*presult)) {
528 82 : return status;
529 : }
530 :
531 0 : status = dcerpc_samr_Connect4(h,
532 : mem_ctx,
533 : srv_name_slash,
534 : SAMR_CONNECT_W2K,
535 : access_mask,
536 : connect_pol,
537 : presult);
538 0 : if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(*presult)) {
539 0 : return status;
540 : }
541 :
542 0 : status = dcerpc_samr_Connect2(h,
543 : mem_ctx,
544 : srv_name_slash,
545 : access_mask,
546 : connect_pol,
547 : presult);
548 :
549 0 : return status;
550 : }
551 :
552 : /* vim: set ts=8 sw=8 noet cindent: */
|
