From c82322be0012f8bf467d75681bd82322eba11145 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Tue, 9 Jul 2019 13:01:49 +0200

Subject: [PATCH 020/187] s4:libnet: Use encode_rc4_passwd_buffer() in

 libnet_SetPassword_samr_handle_26()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 5afa402bb7ba11a8eefc6e14047eeec1f3327681)

---

 source4/libnet/libnet_passwd.c | 47 ++++++++--------------------------

 1 file changed, 11 insertions(+), 36 deletions(-)

diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c

index 97ce7f58ddf..0beea077bd0 100644

--- a/source4/libnet/libnet_passwd.c

+++ b/source4/libnet/libnet_passwd.c

@@ -23,6 +23,7 @@

 #include "../lib/crypto/crypto.h"

 #include "libcli/auth/libcli_auth.h"

 #include "librpc/gen_ndr/ndr_samr_c.h"

+#include "source4/librpc/rpc/dcerpc.h"

 #include "lib/crypto/gnutls_helpers.h"

 #include <gnutls/gnutls.h>

@@ -276,10 +277,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA

 	struct samr_SetUserInfo2 sui;

 	union samr_UserInfo u_info;

 	DATA_BLOB session_key;

-	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);

-	uint8_t confounder[16];	

-	gnutls_hash_hd_t hash_hnd = NULL;

-	int rc;

 	if (r->samr_handle.in.info21) {

 		return NT_STATUS_INVALID_PARAMETER_MIX;

@@ -287,9 +284,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA

 	/* prepare samr_SetUserInfo2 level 26 */

 	ZERO_STRUCT(u_info);

-	encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE);

 	u_info.info26.password_expired = 0;

-	

+

 	status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);

 	if (!NT_STATUS_IS_OK(status)) {

 		r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,

@@ -297,38 +293,18 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA

 								  nt_errstr(status));

 		return status;

 	}

-	

-	generate_random_buffer((uint8_t *)confounder, 16);

-

-	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);

-	if (rc < 0) {

-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);

-		goto out;

-	}

-	rc = gnutls_hash(hash_hnd, confounder, 16);

-	if (rc < 0) {

-		gnutls_hash_deinit(hash_hnd, NULL);

-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);

-		goto out;

-	}

-	rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);

-	if (rc < 0) {

-		gnutls_hash_deinit(hash_hnd, NULL);

-		status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);

-		goto out;

+	status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword,

+					  &session_key,

+					  &u_info.info26.password);

+	if (!NT_STATUS_IS_OK(status)) {

+		r->samr_handle.out.error_string =

+			talloc_asprintf(mem_ctx,

+					"encode_rc4_passwd_buffer failed: %s",

+					nt_errstr(status));

+		return status;

 	}

-	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);

-

-	arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);

-	ZERO_ARRAY_LEN(confounded_session_key.data,

-		       confounded_session_key.length);

-	data_blob_free(&confounded_session_key);

-

-	memcpy(&u_info.info26.password.data[516], confounder, 16);

-	ZERO_ARRAY(confounder);

-

 	sui.in.user_handle = r->samr_handle.in.user_handle;

 	sui.in.info = &u_info;

 	sui.in.level = 26;

@@ -346,7 +322,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA

 					  r->samr_handle.in.account_name, nt_errstr(status));

 	}

-out:

 	return status;

 }

-- 

2.23.0