From c82322be0012f8bf467d75681bd82322eba11145 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 9 Jul 2019 13:01:49 +0200 Subject: [PATCH 020/187] s4:libnet: Use encode_rc4_passwd_buffer() in libnet_SetPassword_samr_handle_26() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 5afa402bb7ba11a8eefc6e14047eeec1f3327681) --- source4/libnet/libnet_passwd.c | 47 ++++++++-------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 97ce7f58ddf..0beea077bd0 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -23,6 +23,7 @@ #include "../lib/crypto/crypto.h" #include "libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_samr_c.h" +#include "source4/librpc/rpc/dcerpc.h" #include "lib/crypto/gnutls_helpers.h" #include @@ -276,10 +277,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA struct samr_SetUserInfo2 sui; union samr_UserInfo u_info; DATA_BLOB session_key; - DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); - uint8_t confounder[16]; - gnutls_hash_hd_t hash_hnd = NULL; - int rc; if (r->samr_handle.in.info21) { return NT_STATUS_INVALID_PARAMETER_MIX; @@ -287,9 +284,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA /* prepare samr_SetUserInfo2 level 26 */ ZERO_STRUCT(u_info); - encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE); u_info.info26.password_expired = 0; - + status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key); if (!NT_STATUS_IS_OK(status)) { r->samr_handle.out.error_string = talloc_asprintf(mem_ctx, @@ -297,38 +293,18 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA nt_errstr(status)); return status; } - - generate_random_buffer((uint8_t *)confounder, 16); - - rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5); - if (rc < 0) { - status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED); - goto out; - } - rc = gnutls_hash(hash_hnd, confounder, 16); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED); - goto out; - } - rc = gnutls_hash(hash_hnd, session_key.data, session_key.length); - if (rc < 0) { - gnutls_hash_deinit(hash_hnd, NULL); - status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED); - goto out; + status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword, + &session_key, + &u_info.info26.password); + if (!NT_STATUS_IS_OK(status)) { + r->samr_handle.out.error_string = + talloc_asprintf(mem_ctx, + "encode_rc4_passwd_buffer failed: %s", + nt_errstr(status)); + return status; } - gnutls_hash_deinit(hash_hnd, confounded_session_key.data); - - arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key); - ZERO_ARRAY_LEN(confounded_session_key.data, - confounded_session_key.length); - data_blob_free(&confounded_session_key); - - memcpy(&u_info.info26.password.data[516], confounder, 16); - ZERO_ARRAY(confounder); - sui.in.user_handle = r->samr_handle.in.user_handle; sui.in.info = &u_info; sui.in.level = 26; @@ -346,7 +322,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA r->samr_handle.in.account_name, nt_errstr(status)); } -out: return status; } -- 2.23.0