From 36dfd6496dc9b954b2243bbb5293af8ce332cf4f Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 16 Jan 2019 12:41:32 +0100 Subject: [PATCH 032/187] s3:rpc_client: Use init_samr_CryptPassword in cli_samr rpc_client BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit a95647e12ac75ffda42d95b41144596a078aebd6) --- source3/rpc_client/cli_samr.c | 59 ++++++++++++++++++++++++++++------- source3/wscript_build | 2 +- 2 files changed, 48 insertions(+), 13 deletions(-) diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 7764e1a8540..452e9593f6a 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -26,8 +26,8 @@ #include "../libcli/auth/libcli_auth.h" #include "../librpc/gen_ndr/ndr_samr_c.h" #include "rpc_client/cli_samr.h" -#include "../lib/crypto/arcfour.h" #include "rpc_client/init_lsa.h" +#include "rpc_client/init_samr.h" /* User change password */ @@ -128,6 +128,8 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h, uint8_t new_lanman_hash[16]; struct lsa_String server, account; + DATA_BLOB session_key = data_blob_const(old_nt_hash, 16); + DEBUG(10,("rpccli_samr_chgpasswd_user2\n")); init_lsa_String(&server, srv_name_slash); @@ -144,19 +146,25 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h, DOS chars). This allows us to match Win2k, which does not store a LM hash for these passwords (which would reduce the effective password length to 14) */ + status = init_samr_CryptPassword(newpassword, + &session_key, + &new_lm_password); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); - - arcfour_crypt(new_lm_password.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); } else { ZERO_STRUCT(new_lm_password); ZERO_STRUCT(old_lanman_hash_enc); } - encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); - - arcfour_crypt(new_nt_password.data, old_nt_hash, 516); + status = init_samr_CryptPassword(newpassword, + &session_key, + &new_nt_password); + if (!NT_STATUS_IS_OK(status)) { + return status; + } E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); status = dcerpc_samr_ChangePasswordUser2(h, @@ -170,6 +178,15 @@ NTSTATUS dcerpc_samr_chgpasswd_user2(struct dcerpc_binding_handle *h, &old_lanman_hash_enc, presult); + ZERO_STRUCT(new_nt_password); + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_nt_hash_enc); + ZERO_STRUCT(old_lanman_hash_enc); + ZERO_ARRAY(new_nt_hash); + ZERO_ARRAY(new_lanman_hash); + ZERO_ARRAY(old_nt_hash); + ZERO_ARRAY(old_lanman_hash); + return status; } @@ -308,6 +325,8 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h, struct lsa_String server, account; + DATA_BLOB session_key = data_blob_const(old_nt_hash, 16); + DEBUG(10,("rpccli_samr_chgpasswd_user3\n")); init_lsa_String(&server, srv_name_slash); @@ -324,19 +343,26 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h, DOS chars). This allows us to match Win2k, which does not store a LM hash for these passwords (which would reduce the effective password length to 14) */ + status = init_samr_CryptPassword(newpassword, + &session_key, + &new_lm_password); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); - - arcfour_crypt(new_lm_password.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); } else { ZERO_STRUCT(new_lm_password); ZERO_STRUCT(old_lanman_hash_enc); } - encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); + status = init_samr_CryptPassword(newpassword, + &session_key, + &new_nt_password); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - arcfour_crypt(new_nt_password.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); status = dcerpc_samr_ChangePasswordUser3(h, @@ -353,6 +379,15 @@ NTSTATUS dcerpc_samr_chgpasswd_user3(struct dcerpc_binding_handle *h, reject, presult); + ZERO_STRUCT(new_nt_password); + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_nt_hash_enc); + ZERO_STRUCT(old_lanman_hash_enc); + ZERO_ARRAY(new_nt_hash); + ZERO_ARRAY(new_lanman_hash); + ZERO_ARRAY(old_nt_hash); + ZERO_ARRAY(old_lanman_hash); + return status; } diff --git a/source3/wscript_build b/source3/wscript_build index aa3c7175202..b73f6dc0664 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1009,7 +1009,7 @@ bld.SAMBA3_SUBSYSTEM('errors3', bld.SAMBA3_SUBSYSTEM('LIBCLI_SAMR', source='rpc_client/cli_samr.c', - deps='RPC_NDR_SAMR') + deps='RPC_NDR_SAMR INIT_SAMR') bld.SAMBA3_LIBRARY('libcli_lsa3', source='rpc_client/cli_lsarpc.c', -- 2.23.0