static bool wbinfo_change_user_password(const char *username) { wbcErr wbc_status; char *old_password = NULL; char *new_password = NULL; old_password = wbinfo_prompt_pass("old", username); new_password = wbinfo_prompt_pass("new", username); wbc_status = wbcChangeUserPassword(username, old_password, new_password); /* Display response */ d_printf("Password change for user %s %s\n", username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); SAFE_FREE(old_password); SAFE_FREE(new_password); return WBC_ERROR_IS_OK(wbc_status); }
static bool test_wbc_change_password(struct torture_context *tctx) { wbcErr ret; const char *oldpass = getenv("PASSWORD"); const char *newpass = "******"; struct samr_CryptPassword new_nt_password; struct samr_CryptPassword new_lm_password; struct samr_Password old_nt_hash_enc; struct samr_Password old_lanman_hash_enc; uint8_t old_nt_hash[16]; uint8_t old_lanman_hash[16]; uint8_t new_nt_hash[16]; uint8_t new_lanman_hash[16]; struct wbcChangePasswordParams params; if (oldpass == NULL) { torture_skip(tctx, "skipping wbcChangeUserPassword test as old password cannot be retrieved\n"); } ZERO_STRUCT(params); E_md4hash(oldpass, old_nt_hash); E_md4hash(newpass, new_nt_hash); if (lpcfg_client_lanman_auth(tctx->lp_ctx) && E_deshash(newpass, new_lanman_hash) && E_deshash(oldpass, old_lanman_hash)) { /* E_deshash returns false for 'long' passwords (> 14 DOS chars). This allows us to match Win2k, which does not store a LM hash for these passwords (which would reduce the effective password length to 14) */ encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE); arcfour_crypt(new_lm_password.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); params.old_password.response.old_lm_hash_enc_length = sizeof(old_lanman_hash_enc.hash); params.old_password.response.old_lm_hash_enc_data = old_lanman_hash_enc.hash; params.new_password.response.lm_length = sizeof(new_lm_password.data); params.new_password.response.lm_data = new_lm_password.data; } else { ZERO_STRUCT(new_lm_password); ZERO_STRUCT(old_lanman_hash_enc); } encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE); arcfour_crypt(new_nt_password.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); params.old_password.response.old_nt_hash_enc_length = sizeof(old_nt_hash_enc.hash); params.old_password.response.old_nt_hash_enc_data = old_nt_hash_enc.hash; params.new_password.response.nt_length = sizeof(new_nt_password.data); params.new_password.response.nt_data = new_nt_password.data; params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE; params.account_name = getenv("USERNAME"); params.domain_name = "SAMBA-TEST"; ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "wbcChangeUserPassword failed"); if (!test_wbc_authenticate_user_int(tctx, "Koo8irei")) { return false; } ret = wbcChangeUserPassword(getenv("USERNAME"), "Koo8irei", getenv("PASSWORD")); torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS, "wbcChangeUserPassword failed"); return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD")); }