1) had to fix samr "create user" and "set user info" (level 23).
2) had to fix netlogon enum trust domains
3) registry key needed \\ in it not \.
BOOL clear_buffer5(BUFFER5 **str);
BOOL make_buffer5(BUFFER5 *str, char *buf, int len);
BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth);
+BOOL make_buffer2_multi(BUFFER2 *str, char *const* const buf, uint32 num);
BOOL make_buffer2(BUFFER2 *str, const char *buf, int len);
BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, int depth);
BOOL make_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf);
/* NET_R_TRUST_DOM_LIST - response to LSA Trusted Domains */
typedef struct net_r_trust_dom_info
{
- UNISTR2 uni_trust_dom_name[MAX_TRUST_DOMS];
+ BUFFER2 uni_trust_dom_name;
uint32 status; /* return code */
return &disp_info;
}
-static void select_name(fstring string, char **name, const UNISTR2 *from)
+static void select_name(fstring *string, char **name, const UNISTR2 *from)
{
if (from->buffer != 0)
{
- unistr2_to_ascii(string, from, sizeof(string));
- *name = string;
+ unistr2_to_ascii(*string, from, sizeof(*string));
+ *name = *string;
}
}
if (from == NULL || to == NULL) return;
- memcpy(to, from, sizeof(*from));
-
- select_name(nt_name , &to->nt_name , &from->uni_user_name );
- select_name(full_name , &to->full_name , &from->uni_full_name );
- select_name(home_dir , &to->home_dir , &from->uni_home_dir );
- select_name(dir_drive , &to->dir_drive , &from->uni_dir_drive );
- select_name(logon_script, &to->logon_script, &from->uni_logon_script);
- select_name(profile_path, &to->profile_path, &from->uni_profile_path);
- select_name(acct_desc , &to->acct_desc , &from->uni_acct_desc );
- select_name(workstations, &to->workstations, &from->uni_workstations);
- select_name(unknown_str , &to->unknown_str , &from->uni_unknown_str );
- select_name(munged_dial , &to->munged_dial , &from->uni_munged_dial );
+ to->logon_time = from->logon_time;
+ to->logoff_time = from->logoff_time;
+ to->kickoff_time = from->kickoff_time;
+ to->pass_last_set_time = from->pass_last_set_time;
+ to->pass_can_change_time = from->pass_can_change_time;
+ to->pass_must_change_time = from->pass_must_change_time;
+
+ select_name(&nt_name , &to->nt_name , &from->uni_user_name );
+ select_name(&full_name , &to->full_name , &from->uni_full_name );
+ select_name(&home_dir , &to->home_dir , &from->uni_home_dir );
+ select_name(&dir_drive , &to->dir_drive , &from->uni_dir_drive );
+ select_name(&logon_script, &to->logon_script, &from->uni_logon_script);
+ select_name(&profile_path, &to->profile_path, &from->uni_profile_path);
+ select_name(&acct_desc , &to->acct_desc , &from->uni_acct_desc );
+ select_name(&workstations, &to->workstations, &from->uni_workstations);
+ select_name(&unknown_str , &to->unknown_str , &from->uni_unknown_str );
+ select_name(&munged_dial , &to->munged_dial , &from->uni_munged_dial );
+
+ to->unix_uid = (uid_t)-1;
+ to->unix_gid = (gid_t)-1;
+ to->user_rid = from->user_rid;
+ to->group_rid = from->group_rid;
+
+ to->smb_passwd = NULL;
+ to->smb_nt_passwd = NULL;
+
+ to->acct_ctrl = from->acb_info;
+ to->unknown_3 = from->unknown_3;
+
+ to->logon_divs = from->logon_divs;
+ to->hours_len = from->logon_hrs.len;
+ memcpy(to->hours, from->logon_hrs.hours, MAX_HOURS_LEN);
+
+ to->unknown_5 = from->unknown_5;
+ to->unknown_6 = from->unknown_6;
}
return True;
}
+/*******************************************************************
+creates a BUFFER2 structure.
+********************************************************************/
+BOOL make_buffer2_multi(BUFFER2 *str, char *const* const buf, uint32 num)
+{
+ int i;
+ char *dest = (char*)str->buffer;
+ size_t max_len = sizeof(str->buffer)-1;
+
+ ZERO_STRUCTP(str);
+
+ str->buf_max_len = 0;
+ str->undoc = 0;
+
+ for (i = 0; i < num && max_len > 0; i++)
+ {
+ size_t len = buf[i] != NULL ? strlen(buf[i]) : 0;
+
+ str->buf_max_len += len * 2;
+ str->buf_len += len * 2;
+
+ ascii_to_unibuf(dest, buf[i], max_len);
+
+ dest += len * 2 + 2;
+ max_len -= len * 2 + 2;
+ }
+
+ return True;
+}
+
/*******************************************************************
creates a BUFFER2 structure.
********************************************************************/
BOOL make_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
uint32 num_doms, char **dom_name)
{
- uint32 i = 0;
-
if (r_t == NULL) return False;
DEBUG(5,("make_r_trust_dom\n"));
- for (i = 0; i < MAX_TRUST_DOMS; i++)
- {
- r_t->uni_trust_dom_name[i].uni_str_len = 0;
- r_t->uni_trust_dom_name[i].uni_max_len = 0;
- }
- if (num_doms > MAX_TRUST_DOMS) num_doms = MAX_TRUST_DOMS;
-
- for (i = 0; i < num_doms; i++)
+ make_buffer2_multi(&r_t->uni_trust_dom_name,
+ dom_name, num_doms);
+ if (num_doms == 0)
{
- fstring domain_name;
- fstrcpy(domain_name, dom_name[i]);
- strupper(domain_name);
- make_unistr2(&(r_t->uni_trust_dom_name[i]), domain_name, strlen(domain_name)+1);
- /* the use of UNISTR2 here is non-standard. */
- r_t->uni_trust_dom_name[i].undoc = 0x1;
+ r_t->uni_trust_dom_name.buf_max_len = 0x2;
+ r_t->uni_trust_dom_name.buf_len = 0x2;
}
+ r_t->uni_trust_dom_name.undoc = 0x1;
r_t->status = 0;
********************************************************************/
BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth)
{
- uint32 i;
if (r_t == NULL) return False;
prs_debug(ps, depth, desc, "net_io_r_trust_dom");
depth++;
- for (i = 0; i < MAX_TRUST_DOMS; i++)
- {
- if (r_t->uni_trust_dom_name[i].uni_str_len == 0) break;
- smb_io_unistr2("", &(r_t->uni_trust_dom_name[i]), True, ps, depth);
- }
+ smb_io_buffer2("", &r_t->uni_trust_dom_name, True, ps, depth);
+ prs_align(ps);
prs_uint32("status", ps, depth, &(r_t->status));
DEBUG(5,("samr_make_r_unknown_2c\n"));
- q_u->unknown_0 = 0x00160000;
+ q_u->unknown_0 = 0x00150000;
q_u->unknown_1 = 0x00000000;
q_u->status = status;
if (!ps->io)
{
+ /* writing */
free_samr_q_set_userinfo(q_u);
}
/* store the response in the SMB stream */
net_io_r_trust_dom("", &r_t, rdata, 0);
- DEBUG(6,("net_reply_trust_dom_listlogon_ctrl2: %d\n", __LINE__));
+ DEBUG(6,("net_reply_trust_dom_list: %d\n", __LINE__));
}
DEBUG(5,("reg_open_entry: %s\n", name));
/* lkcl XXXX do a check on the name, here */
if (!strequal(name, "SYSTEM\\CurrentControlSet\\Control\\ProductOptions") ||
- !strequal(name, "SYSTEM\\CurrentControlSet\\Services\\NETLOGON\Parameters"))
+ !strequal(name, "SYSTEM\\CurrentControlSet\\Services\\NETLOGON\\Parameters"))
{
status = 0xC000000 | NT_STATUS_ACCESS_DENIED;
}
static uchar lm_hash[16];
pstring new_pw;
+ if (id23 == NULL)
+ {
+ DEBUG(5, ("set_user_info_23: NULL id23\n"));
+ return False;
+ }
if (pwd == NULL)
{
return False;
DEBUG(5,("samr_reply_set_userinfo: rid:0x%x\n", rid));
/* ok! user info levels (there are lots: see MSDEV help), off we go... */
+ if (status == 0x0 && q_u->info.id == NULL)
+ {
+ DEBUG(5,("samr_reply_set_userinfo: NULL info level\n"));
+ status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+ }
+
if (status == 0x0)
{
switch (q_u->switch_value)
case 23:
{
SAM_USER_INFO_23 *id23 = q_u->info.id23;
- SamOEMhash(id23->pass, user_sess_key, True);
+ SamOEMhash(id23->pass, user_sess_key, 1);
+#if DEBUG_PASSWORD
+ DEBUG(100,("pass buff:\n"));
+ dump_data(100, id23->pass, sizeof(id23->pass));
+#endif
+ dbgflush();
+
status = set_user_info_23(id23, rid) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
break;
}
pstring msg_str;
if (!local_password_change(user_name, True,
- q_u->acb_info, 0xffff,
+ q_u->acb_info | ACB_DISABLED, 0xffff,
NULL,
err_str, sizeof(err_str),
msg_str, sizeof(msg_str)))