|
 |
1524bc |
From 36dfd6496dc9b954b2243bbb5293af8ce332cf4f Mon Sep 17 00:00:00 2001
|
|
|
1524bc |
From: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Date: Wed, 16 Jan 2019 12:41:32 +0100
|
|
|
1524bc |
Subject: [PATCH 032/187] s3:rpc_client: Use init_samr_CryptPassword in
|
|
|
1524bc |
cli_samr rpc_client
|
|
|
1524bc |
|
|
|
1524bc |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
1524bc |
|
|
|
1524bc |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
1524bc |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
1524bc |
(cherry picked from commit a95647e12ac75ffda42d95b41144596a078aebd6)
|
|
|
1524bc |
---
|
|
|
1524bc |
source3/rpc_client/cli_samr.c | 59 ++++++++++++++++++++++++++++-------
|
|
|
1524bc |
source3/wscript_build | 2 +-
|
|
|
1524bc |
2 files changed, 48 insertions(+), 13 deletions(-)
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
|
|
|
1524bc |
index 7764e1a8540..452e9593f6a 100644
|
|
|
1524bc |
--- a/source3/rpc_client/cli_samr.c
|
|
|
1524bc |
+++ b/source3/rpc_client/cli_samr.c
|
|
|
1524bc |
@@ -26,8 +26,8 @@
|
|
|
1524bc |
#include "../libcli/auth/libcli_auth.h"
|
|
|
1524bc |
#include "../librpc/gen_ndr/ndr_samr_c.h"
|
|
|
1524bc |
#include "rpc_client/cli_samr.h"
|
|
|
1524bc |
-#include "../lib/crypto/arcfour.h"
|
|
|
1524bc |
#include "rpc_client/init_lsa.h"
|
|
|
1524bc |
+#include "rpc_client/init_samr.h"
|
|
|
1524bc |
|
|
|
1524bc |
/* User change password */
|
|
|
1524bc |
|
|
|
1524bc |
@@ -128,6 +128,8 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
|
|
|
1524bc |
uint8_t new_lanman_hash[16];
|
|
|
1524bc |
struct lsa_String server, account;
|
|
|
1524bc |
|
|
|
1524bc |
+ DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
|
|
|
1524bc |
+
|
|
|
1524bc |
DEBUG(10,("rpccli_samr_chgpasswd_user2\n"));
|
|
|
1524bc |
|
|
|
1524bc |
init_lsa_String(&server, srv_name_slash);
|
|
|
1524bc |
@@ -144,19 +146,25 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
|
|
|
1524bc |
DOS chars). This allows us to match Win2k, which
|
|
|
1524bc |
does not store a LM hash for these passwords (which
|
|
|
1524bc |
would reduce the effective password length to 14) */
|
|
|
1524bc |
+ status = init_samr_CryptPassword(newpassword,
|
|
|
1524bc |
+ &session_key,
|
|
|
1524bc |
+ &new_lm_password);
|
|
|
1524bc |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
+ return status;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
|
|
|
1524bc |
- encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
|
|
|
1524bc |
-
|
|
|
1524bc |
- arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
|
|
|
1524bc |
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
|
|
|
1524bc |
} else {
|
|
|
1524bc |
ZERO_STRUCT(new_lm_password);
|
|
|
1524bc |
ZERO_STRUCT(old_lanman_hash_enc);
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
- encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
|
|
|
1524bc |
-
|
|
|
1524bc |
- arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
|
|
|
1524bc |
+ status = init_samr_CryptPassword(newpassword,
|
|
|
1524bc |
+ &session_key,
|
|
|
1524bc |
+ &new_nt_password);
|
|
|
1524bc |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
+ return status;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
|
|
|
1524bc |
|
|
|
1524bc |
status = dcerpc_samr_ChangePasswordUser2(h,
|
|
|
1524bc |
@@ -170,6 +178,15 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h,
|
|
|
1524bc |
&old_lanman_hash_enc,
|
|
|
1524bc |
presult);
|
|
|
1524bc |
|
|
|
1524bc |
+ ZERO_STRUCT(new_nt_password);
|
|
|
1524bc |
+ ZERO_STRUCT(new_lm_password);
|
|
|
1524bc |
+ ZERO_STRUCT(old_nt_hash_enc);
|
|
|
1524bc |
+ ZERO_STRUCT(old_lanman_hash_enc);
|
|
|
1524bc |
+ ZERO_ARRAY(new_nt_hash);
|
|
|
1524bc |
+ ZERO_ARRAY(new_lanman_hash);
|
|
|
1524bc |
+ ZERO_ARRAY(old_nt_hash);
|
|
|
1524bc |
+ ZERO_ARRAY(old_lanman_hash);
|
|
|
1524bc |
+
|
|
|
1524bc |
return status;
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
@@ -308,6 +325,8 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
|
|
|
1524bc |
|
|
|
1524bc |
struct lsa_String server, account;
|
|
|
1524bc |
|
|
|
1524bc |
+ DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
|
|
|
1524bc |
+
|
|
|
1524bc |
DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
|
|
|
1524bc |
|
|
|
1524bc |
init_lsa_String(&server, srv_name_slash);
|
|
|
1524bc |
@@ -324,19 +343,26 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
|
|
|
1524bc |
DOS chars). This allows us to match Win2k, which
|
|
|
1524bc |
does not store a LM hash for these passwords (which
|
|
|
1524bc |
would reduce the effective password length to 14) */
|
|
|
1524bc |
+ status = init_samr_CryptPassword(newpassword,
|
|
|
1524bc |
+ &session_key,
|
|
|
1524bc |
+ &new_lm_password);
|
|
|
1524bc |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
+ return status;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
|
|
|
1524bc |
- encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
|
|
|
1524bc |
-
|
|
|
1524bc |
- arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
|
|
|
1524bc |
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
|
|
|
1524bc |
} else {
|
|
|
1524bc |
ZERO_STRUCT(new_lm_password);
|
|
|
1524bc |
ZERO_STRUCT(old_lanman_hash_enc);
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
- encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
|
|
|
1524bc |
+ status = init_samr_CryptPassword(newpassword,
|
|
|
1524bc |
+ &session_key,
|
|
|
1524bc |
+ &new_nt_password);
|
|
|
1524bc |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
1524bc |
+ return status;
|
|
|
1524bc |
+ }
|
|
|
1524bc |
|
|
|
1524bc |
- arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
|
|
|
1524bc |
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
|
|
|
1524bc |
|
|
|
1524bc |
status = dcerpc_samr_ChangePasswordUser3(h,
|
|
|
1524bc |
@@ -353,6 +379,15 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h,
|
|
|
1524bc |
reject,
|
|
|
1524bc |
presult);
|
|
|
1524bc |
|
|
|
1524bc |
+ ZERO_STRUCT(new_nt_password);
|
|
|
1524bc |
+ ZERO_STRUCT(new_lm_password);
|
|
|
1524bc |
+ ZERO_STRUCT(old_nt_hash_enc);
|
|
|
1524bc |
+ ZERO_STRUCT(old_lanman_hash_enc);
|
|
|
1524bc |
+ ZERO_ARRAY(new_nt_hash);
|
|
|
1524bc |
+ ZERO_ARRAY(new_lanman_hash);
|
|
|
1524bc |
+ ZERO_ARRAY(old_nt_hash);
|
|
|
1524bc |
+ ZERO_ARRAY(old_lanman_hash);
|
|
|
1524bc |
+
|
|
|
1524bc |
return status;
|
|
|
1524bc |
}
|
|
|
1524bc |
|
|
|
1524bc |
diff --git a/source3/wscript_build b/source3/wscript_build
|
|
|
1524bc |
index aa3c7175202..b73f6dc0664 100644
|
|
|
1524bc |
--- a/source3/wscript_build
|
|
|
1524bc |
+++ b/source3/wscript_build
|
|
|
1524bc |
@@ -1009,7 +1009,7 @@ bld.SAMBA3_SUBSYSTEM('errors3',
|
|
|
1524bc |
|
|
|
1524bc |
bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR',
|
|
|
1524bc |
source='rpc_client/cli_samr.c',
|
|
|
1524bc |
- deps='RPC_NDR_SAMR')
|
|
|
1524bc |
+ deps='RPC_NDR_SAMR INIT_SAMR')
|
|
|
1524bc |
|
|
|
1524bc |
bld.SAMBA3_LIBRARY('libcli_lsa3',
|
|
|
1524bc |
source='rpc_client/cli_lsarpc.c',
|
|
|
1524bc |
--
|
|
|
1524bc |
2.23.0
|
|
|
1524bc |
|