diff options
| author | Luke Leighton <lkcl@samba.org> | 2000-03-07 02:57:08 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 2000-03-07 02:57:08 +0000 |
| commit | 36ae72d06f6f26df4936713c92ffab686299edeb (patch) | |
| tree | 7ffe3e4e675fbf1a9205a70eb50b00ae8ace10a9 | |
| parent | 8b90114159c2396229994c68dee8107778632783 (diff) | |
| download | samba-36ae72d06f6f26df4936713c92ffab686299edeb.tar.gz | |
attempting to get samr_set_userinfo2 info level 0x12 working.
| -rw-r--r-- | source/rpc_parse/parse_samr.c | 8 | ||||
| -rw-r--r-- | source/rpc_server/srv_samr.c | 11 | ||||
| -rw-r--r-- | source/samrd/srv_samr_usr_tdb.c | 27 |
3 files changed, 28 insertions, 18 deletions
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index a07059a4e14..27a30cd1343 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -5508,10 +5508,6 @@ uint32 make_samr_userinfo_ctr_usr21(SAM_USERINFO_CTR *ctr, { return NT_STATUS_NO_MEMORY; } - if (IS_BITS_SET_ALL(usr->acb_info, ACB_DISABLED)) - { - return NT_STATUS_ACCESS_DENIED; - } make_sam_user_info12(ctr->info.id12, usr->acb_info, usr->lm_pwd, usr->nt_pwd); @@ -5636,9 +5632,6 @@ BOOL samr_io_userinfo_ctr(char *desc, SAM_USERINFO_CTR *ctr, prs_struct *ps, in } case 0x12: { - DEBUG(0,("samr_io_userinfo_ctr: security breach!\n")); - return False; -#if 0 if (ps->io) { /* reading */ @@ -5655,7 +5648,6 @@ BOOL samr_io_userinfo_ctr(char *desc, SAM_USERINFO_CTR *ctr, prs_struct *ps, in return False; } break; -#endif } case 21: { diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c index 25a7c77b6e3..bf1bc16f77c 100644 --- a/source/rpc_server/srv_samr.c +++ b/source/rpc_server/srv_samr.c @@ -851,16 +851,7 @@ static BOOL api_samr_set_userinfo( rpcsrv_struct *p, prs_struct *data, prs_struc return False; } - if (q_u.switch_value == 0x12) - { - DEBUG(0,("api_samr_set_userinfo: possible password attack (info level 0x12)\n")); - - r_u.status = NT_STATUS_INVALID_INFO_CLASS; - } - else - { - r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr); - } + r_u.status = _samr_set_userinfo(&q_u.pol, q_u.switch_value, &ctr); free_samr_q_set_userinfo(&q_u); return samr_io_r_set_userinfo("", &r_u, rdata, 0); diff --git a/source/samrd/srv_samr_usr_tdb.c b/source/samrd/srv_samr_usr_tdb.c index 7c0ead27112..056fd34d3b1 100644 --- a/source/samrd/srv_samr_usr_tdb.c +++ b/source/samrd/srv_samr_usr_tdb.c @@ -614,6 +614,8 @@ uint32 _samr_set_userinfo(const POLICY_HND *pol, uint16 switch_value, case 0x12: { SAM_USER_INFO_12 *id12 = ctr->info.id12; + SamOEMhash(id12->lm_pwd, user_sess_key, 0); + SamOEMhash(id12->nt_pwd, user_sess_key, 0); if (!set_user_info_12(tdb_usr, id12)) { DEBUG(10, @@ -676,6 +678,7 @@ uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value, SAM_USERINFO_CTR * ctr) { TDB_CONTEXT *tdb_usr = NULL; + uchar user_sess_key[16]; /* find the domain sid associated with the policy handle */ if (!get_tdbsam(get_global_hnd_cache(), pol, &tdb_usr)) @@ -685,6 +688,11 @@ uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value, DEBUG(5, ("samr_reply_set_userinfo2\n")); + if (!pol_get_usr_sesskey(get_global_hnd_cache(), pol, user_sess_key)) + { + return NT_STATUS_INVALID_HANDLE; + } + if (ctr == NULL) { DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); @@ -696,6 +704,25 @@ uint32 _samr_set_userinfo2(const POLICY_HND *pol, uint16 switch_value, /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { + case 0x12: + { + SAM_USER_INFO_12 *id12 = ctr->info.id12; +#if 0 + lm_owf_gen("test", user_sess_key); +#endif + dump_data_pw("user_sess_key:", user_sess_key, 16); + SamOEMhash(id12->lm_pwd, user_sess_key, 3); + SamOEMhash(id12->nt_pwd, user_sess_key, 3); + dump_data_pw("user_sess_key:", id12->nt_pwd, 16); + if (!set_user_info_12(tdb_usr, id12)) + { + DEBUG(10, + ("_samr_set_userinfo 0x12 failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + break; + } + case 16: { SAM_USER_INFO_10 *id10 = ctr->info.id10; |