From c129261c506c6b941630fd7f4bc72820eb272761 Mon Sep 17 00:00:00 2001

From: Andrew Bartlett <abartlet@samba.org>

Date: Fri, 1 Nov 2013 14:55:44 +1300

Subject: [PATCH 1/4] CVE-2013-4496:s3-samr: Block attempts to crack passwords

 via repeated password changes

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andreas Schneider <asn@samba.org>

---

 source3/rpc_server/samr/srv_samr_chgpasswd.c |   55 ++++++++++++++++

 source3/rpc_server/samr/srv_samr_nt.c        |   90 +++++++++++++++++++++-----

 2 files changed, 129 insertions(+), 16 deletions(-)

diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c

index db1f459..1c9c33a 100644

--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c

+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c

@@ -1106,6 +1106,8 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,

 	struct samu *sampass = NULL;

 	NTSTATUS nt_status;

 	bool ret = false;

+	bool updated_badpw = false;

+	NTSTATUS update_login_attempts_status;

 	if (!(sampass = samu_new(NULL))) {

 		return NT_STATUS_NO_MEMORY;

@@ -1121,6 +1123,13 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,

 		return NT_STATUS_NO_SUCH_USER;

 	}

+	/* Quit if the account was locked out. */

+	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {

+		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", user));

+		TALLOC_FREE(sampass);

+		return NT_STATUS_ACCOUNT_LOCKED_OUT;

+	}

+

 	nt_status = check_oem_password(user,

 				       password_encrypted_with_lm_hash,

 				       old_lm_hash_encrypted,

@@ -1129,6 +1138,52 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,

 				       sampass,

 				       &new_passwd);

+	/*

+	 * Notify passdb backend of login success/failure. If not

+	 * NT_STATUS_OK the backend doesn't like the login

+	 */

+	update_login_attempts_status = pdb_update_login_attempts(sampass,

+						NT_STATUS_IS_OK(nt_status));

+

+	if (!NT_STATUS_IS_OK(nt_status)) {

+		bool increment_bad_pw_count = false;

+

+		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) &&

+		    (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&

+		    NT_STATUS_IS_OK(update_login_attempts_status))

+		{

+			increment_bad_pw_count = true;

+		}

+

+		if (increment_bad_pw_count) {

+			pdb_increment_bad_password_count(sampass);

+			updated_badpw = true;

+		} else {

+			pdb_update_bad_password_count(sampass,

+						      &updated_badpw);

+		}

+	} else {

+

+		if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&

+		    (pdb_get_bad_password_count(sampass) > 0)){

+			pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);

+			pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);

+			updated_badpw = true;

+		}

+	}

+

+	if (updated_badpw) {

+		NTSTATUS update_status;

+		become_root();

+		update_status = pdb_update_sam_account(sampass);

+		unbecome_root();

+

+		if (!NT_STATUS_IS_OK(update_status)) {

+			DEBUG(1, ("Failed to modify entry: %s\n",

+				  nt_errstr(update_status)));

+		}

+	}

+

 	if (!NT_STATUS_IS_OK(nt_status)) {

 		TALLOC_FREE(sampass);

 		return nt_status;

diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c

index b366eda..98e8bea 100644

--- a/source3/rpc_server/samr/srv_samr_nt.c

+++ b/source3/rpc_server/samr/srv_samr_nt.c

@@ -1722,9 +1722,11 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 	NTSTATUS status;

 	bool ret = false;

 	struct samr_user_info *uinfo;

-	struct samu *pwd;

+	struct samu *pwd = NULL;

 	struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;

 	struct samr_Password lm_pwd, nt_pwd;

+	bool updated_badpw = false;

+	NTSTATUS update_login_attempts_status;

 	uinfo = policy_handle_find(p, r->in.user_handle,

 				   SAMR_USER_ACCESS_SET_PASSWORD, NULL,

@@ -1736,6 +1738,15 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 	DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",

 		  sid_string_dbg(&uinfo->sid)));

+	/* basic sanity checking on parameters.  Do this before any database ops */

+	if (!r->in.lm_present || !r->in.nt_present ||

+	    !r->in.old_lm_crypted || !r->in.new_lm_crypted ||

+	    !r->in.old_nt_crypted || !r->in.new_nt_crypted) {

+		/* we should really handle a change with lm not

+		   present */

+		return NT_STATUS_INVALID_PARAMETER_MIX;

+	}

+

 	if (!(pwd = samu_new(NULL))) {

 		return NT_STATUS_NO_MEMORY;

 	}

@@ -1749,6 +1760,14 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 		return NT_STATUS_WRONG_PASSWORD;

 	}

+	/* Quit if the account was locked out. */

+	if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {

+		DEBUG(3, ("Account for user %s was locked out.\n",

+			  pdb_get_username(pwd)));

+		status = NT_STATUS_ACCOUNT_LOCKED_OUT;

+		goto out;

+	}

+

 	{

 		const uint8_t *lm_pass, *nt_pass;

@@ -1757,29 +1776,19 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 		if (!lm_pass || !nt_pass) {

 			status = NT_STATUS_WRONG_PASSWORD;

-			goto out;

+			goto update_login;

 		}

 		memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));

 		memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));

 	}

-	/* basic sanity checking on parameters.  Do this before any database ops */

-	if (!r->in.lm_present || !r->in.nt_present ||

-	    !r->in.old_lm_crypted || !r->in.new_lm_crypted ||

-	    !r->in.old_nt_crypted || !r->in.new_nt_crypted) {

-		/* we should really handle a change with lm not

-		   present */

-		status = NT_STATUS_INVALID_PARAMETER_MIX;

-		goto out;

-	}

-

 	/* decrypt and check the new lm hash */

 	D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);

 	D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);

 	if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {

 		status = NT_STATUS_WRONG_PASSWORD;

-		goto out;

+		goto update_login;

 	}

 	/* decrypt and check the new nt hash */

@@ -1787,7 +1796,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 	D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);

 	if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {

 		status = NT_STATUS_WRONG_PASSWORD;

-		goto out;

+		goto update_login;

 	}

 	/* The NT Cross is not required by Win2k3 R2, but if present

@@ -1796,7 +1805,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 		D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);

 		if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {

 			status = NT_STATUS_WRONG_PASSWORD;

-			goto out;

+			goto update_login;

 		}

 	}

@@ -1806,7 +1815,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 		D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);

 		if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {

 			status = NT_STATUS_WRONG_PASSWORD;

-			goto out;

+			goto update_login;

 		}

 	}

@@ -1817,6 +1826,55 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 	}

 	status = pdb_update_sam_account(pwd);

+

+update_login:

+

+	/*

+	 * Notify passdb backend of login success/failure. If not

+	 * NT_STATUS_OK the backend doesn't like the login

+	 */

+	update_login_attempts_status = pdb_update_login_attempts(pwd,

+						NT_STATUS_IS_OK(status));

+

+	if (!NT_STATUS_IS_OK(status)) {

+		bool increment_bad_pw_count = false;

+

+		if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&

+		    (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&

+		    NT_STATUS_IS_OK(update_login_attempts_status))

+		{

+			increment_bad_pw_count = true;

+		}

+

+		if (increment_bad_pw_count) {

+			pdb_increment_bad_password_count(pwd);

+			updated_badpw = true;

+		} else {

+			pdb_update_bad_password_count(pwd,

+						      &updated_badpw);

+		}

+	} else {

+

+		if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&

+		    (pdb_get_bad_password_count(pwd) > 0)){

+			pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);

+			pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);

+			updated_badpw = true;

+		}

+	}

+

+	if (updated_badpw) {

+		NTSTATUS update_status;

+		become_root();

+		update_status = pdb_update_sam_account(pwd);

+		unbecome_root();

+

+		if (!NT_STATUS_IS_OK(update_status)) {

+			DEBUG(1, ("Failed to modify entry: %s\n",

+				  nt_errstr(update_status)));

+		}

+	}

+

  out:

 	TALLOC_FREE(pwd);

-- 

1.7.9.5

From fab5ee090e2e4765441b82e17a6cbb98523f6943 Mon Sep 17 00:00:00 2001

From: Stefan Metzmacher <metze@samba.org>

Date: Tue, 5 Nov 2013 14:04:20 +0100

Subject: [PATCH 2/4] CVE-2013-4496:s3:auth: fix memory leak in the

 ACCOUNT_LOCKED_OUT case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Jeremy Allison <jra@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Andreas Schneider <asn@samba.org>

---

 source3/auth/check_samsec.c |    1 +

 1 file changed, 1 insertion(+)

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c

index 7ed8cc2..94f30b1 100644

--- a/source3/auth/check_samsec.c

+++ b/source3/auth/check_samsec.c

@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,

 	/* Quit if the account was locked out. */

 	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {

 		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));

+		TALLOC_FREE(sampass);

 		return NT_STATUS_ACCOUNT_LOCKED_OUT;

 	}

-- 

1.7.9.5

From bf3443c12f2a67481eb2e45ca41b906c438d06da Mon Sep 17 00:00:00 2001

From: Andrew Bartlett <abartlet@samba.org>

Date: Tue, 5 Nov 2013 16:16:46 +1300

Subject: [PATCH 3/4] CVE-2013-4496:samr: Remove ChangePasswordUser

This old password change mechanism does not provide the plaintext to

validate against password complexity, and it is not used by modern

clients.

The missing features in both implementations (by design) were:

 - the password complexity checks (no plaintext)

 - the minimum password length (no plaintext)

Additionally, the source3 version did not check:

 - the minimum password age

 - pdb_get_pass_can_change() which checks the security

   descriptor for the 'user cannot change password' setting.

 - the password history

 - the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly

only made available to administrative users with permission

to reset the password.  It is removed here so that it is not

mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Stefan Metzmacher <metze@samba.org>

---

 source3/rpc_server/samr/srv_samr_nt.c   |  169 +-------------------

 source3/smbd/lanman.c                   |  254 -------------------------------

 source4/rpc_server/samr/samr_password.c |  145 +-----------------

 source4/torture/rpc/samr.c              |    6 +

 4 files changed, 20 insertions(+), 554 deletions(-)

diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c

index 98e8bea..99f03ec 100644

--- a/source3/rpc_server/samr/srv_samr_nt.c

+++ b/source3/rpc_server/samr/srv_samr_nt.c

@@ -1713,172 +1713,19 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p,

 }

 /****************************************************************

- _samr_ChangePasswordUser

+ _samr_ChangePasswordUser.  

+ 

+ So old it is just not worth implementing

+ because it does not supply a plaintext and so we can't do password

+ complexity checking and cannot update other services that use a

+ plaintext password via passwd chat/pam password change/ldap password

+ sync.

 ****************************************************************/

 NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,

 				  struct samr_ChangePasswordUser *r)

 {

-	NTSTATUS status;

-	bool ret = false;

-	struct samr_user_info *uinfo;

-	struct samu *pwd = NULL;

-	struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;

-	struct samr_Password lm_pwd, nt_pwd;

-	bool updated_badpw = false;

-	NTSTATUS update_login_attempts_status;

-

-	uinfo = policy_handle_find(p, r->in.user_handle,

-				   SAMR_USER_ACCESS_SET_PASSWORD, NULL,

-				   struct samr_user_info, &status);

-	if (!NT_STATUS_IS_OK(status)) {

-		return status;

-	}

-

-	DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",

-		  sid_string_dbg(&uinfo->sid)));

-

-	/* basic sanity checking on parameters.  Do this before any database ops */

-	if (!r->in.lm_present || !r->in.nt_present ||

-	    !r->in.old_lm_crypted || !r->in.new_lm_crypted ||

-	    !r->in.old_nt_crypted || !r->in.new_nt_crypted) {

-		/* we should really handle a change with lm not

-		   present */

-		return NT_STATUS_INVALID_PARAMETER_MIX;

-	}

-

-	if (!(pwd = samu_new(NULL))) {

-		return NT_STATUS_NO_MEMORY;

-	}

-

-	become_root();

-	ret = pdb_getsampwsid(pwd, &uinfo->sid);

-	unbecome_root();

-

-	if (!ret) {

-		TALLOC_FREE(pwd);

-		return NT_STATUS_WRONG_PASSWORD;

-	}

-

-	/* Quit if the account was locked out. */

-	if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {

-		DEBUG(3, ("Account for user %s was locked out.\n",

-			  pdb_get_username(pwd)));

-		status = NT_STATUS_ACCOUNT_LOCKED_OUT;

-		goto out;

-	}

-

-	{

-		const uint8_t *lm_pass, *nt_pass;

-

-		lm_pass = pdb_get_lanman_passwd(pwd);

-		nt_pass = pdb_get_nt_passwd(pwd);

-

-		if (!lm_pass || !nt_pass) {

-			status = NT_STATUS_WRONG_PASSWORD;

-			goto update_login;

-		}

-

-		memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));

-		memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));

-	}

-

-	/* decrypt and check the new lm hash */

-	D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);

-	D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);

-	if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {

-		status = NT_STATUS_WRONG_PASSWORD;

-		goto update_login;

-	}

-

-	/* decrypt and check the new nt hash */

-	D_P16(nt_pwd.hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash);

-	D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);

-	if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {

-		status = NT_STATUS_WRONG_PASSWORD;

-		goto update_login;

-	}

-

-	/* The NT Cross is not required by Win2k3 R2, but if present

-	   check the nt cross hash */

-	if (r->in.cross1_present && r->in.nt_cross) {

-		D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);

-		if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {

-			status = NT_STATUS_WRONG_PASSWORD;

-			goto update_login;

-		}

-	}

-

-	/* The LM Cross is not required by Win2k3 R2, but if present

-	   check the lm cross hash */

-	if (r->in.cross2_present && r->in.lm_cross) {

-		D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);

-		if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {

-			status = NT_STATUS_WRONG_PASSWORD;

-			goto update_login;

-		}

-	}

-

-	if (!pdb_set_nt_passwd(pwd, new_ntPwdHash.hash, PDB_CHANGED) ||

-	    !pdb_set_lanman_passwd(pwd, new_lmPwdHash.hash, PDB_CHANGED)) {

-		status = NT_STATUS_ACCESS_DENIED;

-		goto out;

-	}

-

-	status = pdb_update_sam_account(pwd);

-

-update_login:

-

-	/*

-	 * Notify passdb backend of login success/failure. If not

-	 * NT_STATUS_OK the backend doesn't like the login

-	 */

-	update_login_attempts_status = pdb_update_login_attempts(pwd,

-						NT_STATUS_IS_OK(status));

-

-	if (!NT_STATUS_IS_OK(status)) {

-		bool increment_bad_pw_count = false;

-

-		if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&

-		    (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&

-		    NT_STATUS_IS_OK(update_login_attempts_status))

-		{

-			increment_bad_pw_count = true;

-		}

-

-		if (increment_bad_pw_count) {

-			pdb_increment_bad_password_count(pwd);

-			updated_badpw = true;

-		} else {

-			pdb_update_bad_password_count(pwd,

-						      &updated_badpw);

-		}

-	} else {

-

-		if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&

-		    (pdb_get_bad_password_count(pwd) > 0)){

-			pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);

-			pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);

-			updated_badpw = true;

-		}

-	}

-

-	if (updated_badpw) {

-		NTSTATUS update_status;

-		become_root();

-		update_status = pdb_update_sam_account(pwd);

-		unbecome_root();

-

-		if (!NT_STATUS_IS_OK(update_status)) {

-			DEBUG(1, ("Failed to modify entry: %s\n",

-				  nt_errstr(update_status)));

-		}

-	}

-

- out:

-	TALLOC_FREE(pwd);

-

-	return status;

+	return NT_STATUS_NOT_IMPLEMENTED;

 }

 /*******************************************************************

diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c

index e6b9530..1b734a7 100644

--- a/source3/smbd/lanman.c

+++ b/source3/smbd/lanman.c

@@ -2948,259 +2948,6 @@ static bool api_NetRemoteTOD(struct smbd_server_connection *sconn,

 }

 /****************************************************************************

- Set the user password.

-*****************************************************************************/

-

-static bool api_SetUserPassword(struct smbd_server_connection *sconn,

-				connection_struct *conn,uint64_t vuid,

-				char *param, int tpscnt,

-				char *data, int tdscnt,

-				int mdrcnt,int mprcnt,

-				char **rdata,char **rparam,

-				int *rdata_len,int *rparam_len)

-{

-	char *np = get_safe_str_ptr(param,tpscnt,param,2);

-	char *p = NULL;

-	fstring user;

-	fstring pass1,pass2;

-	TALLOC_CTX *mem_ctx = talloc_tos();

-	NTSTATUS status, result;

-	struct rpc_pipe_client *cli = NULL;

-	struct policy_handle connect_handle, domain_handle, user_handle;

-	struct lsa_String domain_name;

-	struct dom_sid2 *domain_sid;

-	struct lsa_String names;

-	struct samr_Ids rids;

-	struct samr_Ids types;

-	struct samr_Password old_lm_hash;

-	struct samr_Password new_lm_hash;

-	int errcode = NERR_badpass;

-	uint32_t rid;

-	int encrypted;

-	int min_pwd_length;

-	struct dcerpc_binding_handle *b = NULL;

-

-	/* Skip 2 strings. */

-	p = skip_string(param,tpscnt,np);

-	p = skip_string(param,tpscnt,p);

-

-	if (!np || !p) {

-		return False;

-	}

-

-	/* Do we have a string ? */

-	if (skip_string(param,tpscnt,p) == NULL) {

-		return False;

-	}

-	pull_ascii_fstring(user,p);

-

-	p = skip_string(param,tpscnt,p);

-	if (!p) {

-		return False;

-	}

-

-	memset(pass1,'\0',sizeof(pass1));

-	memset(pass2,'\0',sizeof(pass2));

-	/*

-	 * We use 31 here not 32 as we're checking

-	 * the last byte we want to access is safe.

-	 */

-	if (!is_offset_safe(param,tpscnt,p,31)) {

-		return False;

-	}

-	memcpy(pass1,p,16);

-	memcpy(pass2,p+16,16);

-

-	encrypted = get_safe_SVAL(param,tpscnt,p+32,0,-1);

-	if (encrypted == -1) {

-		errcode = W_ERROR_V(WERR_INVALID_PARAM);

-		goto out;

-	}

-

-	min_pwd_length = get_safe_SVAL(param,tpscnt,p+34,0,-1);

-	if (min_pwd_length == -1) {

-		errcode = W_ERROR_V(WERR_INVALID_PARAM);

-		goto out;

-	}

-

-	*rparam_len = 4;

-	*rparam = smb_realloc_limit(*rparam,*rparam_len);

-	if (!*rparam) {

-		return False;

-	}

-

-	*rdata_len = 0;

-

-	DEBUG(3,("Set password for <%s> (encrypted: %d, min_pwd_length: %d)\n",

-		user, encrypted, min_pwd_length));

-

-	ZERO_STRUCT(connect_handle);

-	ZERO_STRUCT(domain_handle);

-	ZERO_STRUCT(user_handle);

-

-	status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id,

-					conn->session_info,

-					conn->sconn->remote_address,

-					conn->sconn->msg_ctx,

-					&cli;;

-	if (!NT_STATUS_IS_OK(status)) {

-		DEBUG(0,("api_SetUserPassword: could not connect to samr: %s\n",

-			  nt_errstr(status)));

-		errcode = W_ERROR_V(ntstatus_to_werror(status));

-		goto out;

-	}

-

-	b = cli->binding_handle;

-

-	status = dcerpc_samr_Connect2(b, mem_ctx,

-				      lp_netbios_name(),

-				      SAMR_ACCESS_CONNECT_TO_SERVER |

-				      SAMR_ACCESS_ENUM_DOMAINS |

-				      SAMR_ACCESS_LOOKUP_DOMAIN,

-				      &connect_handle,

-				      &result);

-	if (!NT_STATUS_IS_OK(status)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(status));

-		goto out;

-	}

-	if (!NT_STATUS_IS_OK(result)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(result));

-		goto out;

-	}

-

-	init_lsa_String(&domain_name, get_global_sam_name());

-

-	status = dcerpc_samr_LookupDomain(b, mem_ctx,

-					  &connect_handle,

-					  &domain_name,

-					  &domain_sid,

-					  &result);

-	if (!NT_STATUS_IS_OK(status)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(status));

-		goto out;

-	}

-	if (!NT_STATUS_IS_OK(result)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(result));

-		goto out;

-	}

-

-	status = dcerpc_samr_OpenDomain(b, mem_ctx,

-					&connect_handle,

-					SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,

-					domain_sid,

-					&domain_handle,

-					&result);

-	if (!NT_STATUS_IS_OK(status)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(status));

-		goto out;

-	}

-	if (!NT_STATUS_IS_OK(result)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(result));

-		goto out;

-	}

-

-	init_lsa_String(&names, user);

-

-	status = dcerpc_samr_LookupNames(b, mem_ctx,

-					 &domain_handle,

-					 1,

-					 &names,

-					 &rids,

-					 &types,

-					 &result);

-	if (!NT_STATUS_IS_OK(status)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(status));

-		goto out;

-	}

-	if (!NT_STATUS_IS_OK(result)) {

-		errcode = W_ERROR_V(ntstatus_to_werror(result));

-		goto out;

-	}

-

-	if (rids.count != 1) {

-		errcode = W_ERROR_V(WERR_NO_SUCH_USER);

-		goto out;

-	}

-	if (rids.count != types.count) {

-		errcode = W_ERROR_V(WERR_INVALID_PARAM);

-		goto out;

-	}

-	if (types.ids[0] != SID_NAME_USER) {

-		errcode = W_ERROR_V(WERR_INVALID_PARAM);

-		goto out;

-	}

-

-	rid = rids.ids[0];

-

-	status = dcerpc_samr_OpenUser(b, mem_ctx,