search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Lift the server_messaging_context from send_spoolss_notify2_msg
[Samba/gbeck.git] / source3 / rpc_client / cli_samr.c
blob8c1011293afb6b67e963c3b90042318fa2466e1f
1 /*
2 Unix SMB/CIFS implementation.
3 RPC pipe client
4 Copyright (C) Tim Potter 2000-2001,
5 Copyright (C) Andrew Tridgell 1992-1997,2000,
6 Copyright (C) Rafal Szczesniak 2002.
7 Copyright (C) Jeremy Allison 2005.
8 Copyright (C) Guenther Deschner 2008.
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "../libcli/auth/libcli_auth.h"
26 #include "../librpc/gen_ndr/cli_samr.h"
27 #include "rpc_client/cli_samr.h"
28 #include "../lib/crypto/arcfour.h"
29
30 /* User change password */
31
32 NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
33 TALLOC_CTX *mem_ctx,
34 struct policy_handle *user_handle,
35 const char *newpassword,
36 const char *oldpassword)
37 {
38 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
39 struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6;
40
41 uchar old_nt_hash[16];
42 uchar old_lm_hash[16];
43 uchar new_nt_hash[16];
44 uchar new_lm_hash[16];
45
46 ZERO_STRUCT(old_nt_hash);
47 ZERO_STRUCT(old_lm_hash);
48 ZERO_STRUCT(new_nt_hash);
49 ZERO_STRUCT(new_lm_hash);
50
51 DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
52
53 E_md4hash(oldpassword, old_nt_hash);
54 E_md4hash(newpassword, new_nt_hash);
55
56 E_deshash(oldpassword, old_lm_hash);
57 E_deshash(newpassword, new_lm_hash);
58
59 E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash);
60 E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash);
61 E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash);
62 E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash);
63 E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash);
64 E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash);
65
66 result = rpccli_samr_ChangePasswordUser(cli, mem_ctx,
67 user_handle,
68 true,
69 &hash1,
70 &hash2,
71 true,
72 &hash3,
73 &hash4,
74 true,
75 &hash5,
76 true,
77 &hash6);
78
79 return result;
80 }
81
82
83 /* User change password */
84
85 NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
86 TALLOC_CTX *mem_ctx,
87 const char *username,
88 const char *newpassword,
89 const char *oldpassword)
90 {
91 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
92 struct samr_CryptPassword new_nt_password;
93 struct samr_CryptPassword new_lm_password;
94 struct samr_Password old_nt_hash_enc;
95 struct samr_Password old_lanman_hash_enc;
96
97 uchar old_nt_hash[16];
98 uchar old_lanman_hash[16];
99 uchar new_nt_hash[16];
100 uchar new_lanman_hash[16];
101 struct lsa_String server, account;
102
103 DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
104
105 init_lsa_String(&server, cli->srv_name_slash);
106 init_lsa_String(&account, username);
107
108 /* Calculate the MD4 hash (NT compatible) of the password */
109 E_md4hash(oldpassword, old_nt_hash);
110 E_md4hash(newpassword, new_nt_hash);
111
112 if (lp_client_lanman_auth() &&
113 E_deshash(newpassword, new_lanman_hash) &&
114 E_deshash(oldpassword, old_lanman_hash)) {
115 /* E_deshash returns false for 'long' passwords (> 14
116 DOS chars). This allows us to match Win2k, which
117 does not store a LM hash for these passwords (which
118 would reduce the effective password length to 14) */
119
120 encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
121
122 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
123 E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
124 } else {
125 ZERO_STRUCT(new_lm_password);
126 ZERO_STRUCT(old_lanman_hash_enc);
127 }
128
129 encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
130
131 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
132 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
133
134 result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
135 &server,
136 &account,
137 &new_nt_password,
138 &old_nt_hash_enc,
139 true,
140 &new_lm_password,
141 &old_lanman_hash_enc);
142
143 return result;
144 }
145
146 /* User change password given blobs */
147
148 NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
149 TALLOC_CTX *mem_ctx,
150 const char *username,
151 DATA_BLOB new_nt_password_blob,
152 DATA_BLOB old_nt_hash_enc_blob,
153 DATA_BLOB new_lm_password_blob,
154 DATA_BLOB old_lm_hash_enc_blob)
155 {
156 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
157 struct samr_CryptPassword new_nt_password;
158 struct samr_CryptPassword new_lm_password;
159 struct samr_Password old_nt_hash_enc;
160 struct samr_Password old_lm_hash_enc;
161 struct lsa_String server, account;
162
163 DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
164
165 init_lsa_String(&server, cli->srv_name_slash);
166 init_lsa_String(&account, username);
167
168 if (new_nt_password_blob.length > 0) {
169 memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
170 } else {
171 ZERO_STRUCT(new_nt_password_blob);
172 }
173
174 if (new_lm_password_blob.length > 0) {
175 memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
176 } else {
177 ZERO_STRUCT(new_lm_password);
178 }
179
180 if (old_nt_hash_enc_blob.length > 0) {
181 memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
182 } else {
183 ZERO_STRUCT(old_nt_hash_enc);
184 }
185
186 if (old_lm_hash_enc_blob.length > 0) {
187 memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
188 } else {
189 ZERO_STRUCT(old_lm_hash_enc);
190 }
191
192 result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
193 &server,
194 &account,
195 &new_nt_password,
196 &old_nt_hash_enc,
197 true,
198 &new_lm_password,
199 &old_lm_hash_enc);
200 return result;
201 }
202
203
204 /* change password 3 */
205
206 NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
207 TALLOC_CTX *mem_ctx,
208 const char *username,
209 const char *newpassword,
210 const char *oldpassword,
211 struct samr_DomInfo1 **dominfo1,
212 struct userPwdChangeFailureInformation **reject)
213 {
214 NTSTATUS status;
215
216 struct samr_CryptPassword new_nt_password;
217 struct samr_CryptPassword new_lm_password;
218 struct samr_Password old_nt_hash_enc;
219 struct samr_Password old_lanman_hash_enc;
220
221 uchar old_nt_hash[16];
222 uchar old_lanman_hash[16];
223 uchar new_nt_hash[16];
224 uchar new_lanman_hash[16];
225
226 struct lsa_String server, account;
227
228 DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
229
230 init_lsa_String(&server, cli->srv_name_slash);
231 init_lsa_String(&account, username);
232
233 /* Calculate the MD4 hash (NT compatible) of the password */
234 E_md4hash(oldpassword, old_nt_hash);
235 E_md4hash(newpassword, new_nt_hash);
236
237 if (lp_client_lanman_auth() &&
238 E_deshash(newpassword, new_lanman_hash) &&
239 E_deshash(oldpassword, old_lanman_hash)) {
240 /* E_deshash returns false for 'long' passwords (> 14
241 DOS chars). This allows us to match Win2k, which
242 does not store a LM hash for these passwords (which
243 would reduce the effective password length to 14) */
244
245 encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
246
247 arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
248 E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
249 } else {
250 ZERO_STRUCT(new_lm_password);
251 ZERO_STRUCT(old_lanman_hash_enc);
252 }
253
254 encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
255
256 arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
257 E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
258
259 status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
260 &server,
261 &account,
262 &new_nt_password,
263 &old_nt_hash_enc,
264 true,
265 &new_lm_password,
266 &old_lanman_hash_enc,
267 NULL,
268 dominfo1,
269 reject);
270 return status;
271 }
272
273 /* This function returns the bizzare set of (max_entries, max_size) required
274 for the QueryDisplayInfo RPC to actually work against a domain controller
275 with large (10k and higher) numbers of users. These values were
276 obtained by inspection using ethereal and NT4 running User Manager. */
277
278 void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
279 uint32 *max_size)
280 {
281 switch(loop_count) {
282 case 0:
283 *max_entries = 512;
284 *max_size = 16383;
285 break;
286 case 1:
287 *max_entries = 1024;
288 *max_size = 32766;
289 break;
290 case 2:
291 *max_entries = 2048;
292 *max_size = 65532;
293 break;
294 case 3:
295 *max_entries = 4096;
296 *max_size = 131064;
297 break;
298 default: /* loop_count >= 4 */
299 *max_entries = 4096;
300 *max_size = 131071;
301 break;
302 }
303 }
304
305 NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli,
306 TALLOC_CTX *mem_ctx,
307 uint32_t access_mask,
308 struct policy_handle *connect_pol)
309 {
310 NTSTATUS status;
311 union samr_ConnectInfo info_in, info_out;
312 struct samr_ConnectInfo1 info1;
313 uint32_t lvl_out = 0;
314
315 ZERO_STRUCT(info1);
316
317 info1.client_version = SAMR_CONNECT_W2K;
318 info_in.info1 = info1;
319
320 status = rpccli_samr_Connect5(cli, mem_ctx,
321 cli->srv_name_slash,
322 access_mask,
323 1,
324 &info_in,
325 &lvl_out,
326 &info_out,
327 connect_pol);
328 if (NT_STATUS_IS_OK(status)) {
329 return status;
330 }
331
332 status = rpccli_samr_Connect4(cli, mem_ctx,
333 cli->srv_name_slash,
334 SAMR_CONNECT_W2K,
335 access_mask,
336 connect_pol);
337 if (NT_STATUS_IS_OK(status)) {
338 return status;
339 }
340
341 status = rpccli_samr_Connect2(cli, mem_ctx,
342 cli->srv_name_slash,
343 access_mask,
344 connect_pol);
345 return status;
346 }
347
WIP