/*
* Set the password on some account, for which we have already
* opened a SAM handle with appropriate rights, passed in here
* as sam_handle, along with the new password as cleartext.
*
* This builds a struct SAMPR_USER_INTERNAL5_INFORMATION [MS-SAMR]
* containing the new password, encrypted with our session key.
*/
DWORD
netr_set_user_password(
mlsvc_handle_t *user_handle,
char *new_pw_clear)
{
unsigned char ssn_key[SMBAUTH_HASH_SZ];
struct samr_SetUserInfo24 info;
if (ndr_rpc_get_ssnkey(user_handle, ssn_key, SMBAUTH_HASH_SZ))
return (NT_STATUS_INTERNAL_ERROR);
(void) memset(&info, 0, sizeof (info));
samr_make_encrypted_password(&info.encr_pw, new_pw_clear, ssn_key);
/* Rather not leave the session key around. */
(void) memset(ssn_key, 0, sizeof (ssn_key));
return (samr_set_user_info(user_handle, 24, &info));
}
/*ARGSUSED*/
DWORD
samr_set_user_info(mlsvc_handle_t *user_handle)
{
unsigned char ssn_key[SMBAUTH_SESSION_KEY_SZ];
struct samr_SetUserInfo arg;
int opnum;
DWORD status = 0;
if (ndr_is_null_handle(user_handle))
return (NT_STATUS_INVALID_PARAMETER);
if (ndr_rpc_get_ssnkey(user_handle, ssn_key, sizeof (ssn_key)))
return (NT_STATUS_INVALID_PARAMETER);
opnum = SAMR_OPNUM_SetUserInfo;
bzero(&arg, sizeof (struct samr_SetUserInfo));
(void) memcpy(&arg.user_handle, &user_handle->handle,
sizeof (samr_handle_t));
arg.info.index = SAMR_SET_USER_INFO_23;
arg.info.switch_value = SAMR_SET_USER_INFO_23;
samr_set_user_unknowns(&arg.info.ru.info23);
samr_set_user_logon_hours(&arg);
if (samr_set_user_password(ssn_key, arg.info.ru.info23.password) < 0)
status = NT_STATUS_INTERNAL_ERROR;
if (ndr_rpc_call(user_handle, opnum, &arg) != 0) {
status = NT_STATUS_INVALID_PARAMETER;
} else if (arg.status != 0) {
ndr_rpc_status(user_handle, opnum, arg.status);
status = NT_SC_VALUE(arg.status);
}
ndr_rpc_release(user_handle);
return (status);
}
