/* * Set the password on some account, for which we have already * opened a SAM handle with appropriate rights, passed in here * as sam_handle, along with the new password as cleartext. * * This builds a struct SAMPR_USER_INTERNAL5_INFORMATION [MS-SAMR] * containing the new password, encrypted with our session key. */ DWORD netr_set_user_password( mlsvc_handle_t *user_handle, char *new_pw_clear) { unsigned char ssn_key[SMBAUTH_HASH_SZ]; struct samr_SetUserInfo24 info; if (ndr_rpc_get_ssnkey(user_handle, ssn_key, SMBAUTH_HASH_SZ)) return (NT_STATUS_INTERNAL_ERROR); (void) memset(&info, 0, sizeof (info)); samr_make_encrypted_password(&info.encr_pw, new_pw_clear, ssn_key); /* Rather not leave the session key around. */ (void) memset(ssn_key, 0, sizeof (ssn_key)); return (samr_set_user_info(user_handle, 24, &info)); }
/*ARGSUSED*/ DWORD samr_set_user_info(mlsvc_handle_t *user_handle) { unsigned char ssn_key[SMBAUTH_SESSION_KEY_SZ]; struct samr_SetUserInfo arg; int opnum; DWORD status = 0; if (ndr_is_null_handle(user_handle)) return (NT_STATUS_INVALID_PARAMETER); if (ndr_rpc_get_ssnkey(user_handle, ssn_key, sizeof (ssn_key))) return (NT_STATUS_INVALID_PARAMETER); opnum = SAMR_OPNUM_SetUserInfo; bzero(&arg, sizeof (struct samr_SetUserInfo)); (void) memcpy(&arg.user_handle, &user_handle->handle, sizeof (samr_handle_t)); arg.info.index = SAMR_SET_USER_INFO_23; arg.info.switch_value = SAMR_SET_USER_INFO_23; samr_set_user_unknowns(&arg.info.ru.info23); samr_set_user_logon_hours(&arg); if (samr_set_user_password(ssn_key, arg.info.ru.info23.password) < 0) status = NT_STATUS_INTERNAL_ERROR; if (ndr_rpc_call(user_handle, opnum, &arg) != 0) { status = NT_STATUS_INVALID_PARAMETER; } else if (arg.status != 0) { ndr_rpc_status(user_handle, opnum, arg.status); status = NT_SC_VALUE(arg.status); } ndr_rpc_release(user_handle); return (status); }