90 lines
3.0 KiB
Diff
90 lines
3.0 KiB
Diff
From 13dfa7d5a1c96d78eca81eb0eb97bc0668561738 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 9 Jul 2019 13:01:10 +0200
|
|
Subject: [PATCH 017/187] libcli:auth: Add encode_rc4_passwd_buffer()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 06d46c447e69a6b384c0089863c343b4924c7caf)
|
|
---
|
|
libcli/auth/proto.h | 7 +++++++
|
|
libcli/auth/smbencrypt.c | 42 ++++++++++++++++++++++++++++++++++++++++
|
|
2 files changed, 49 insertions(+)
|
|
|
|
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
|
|
index a67c89d8552..67caaca8c41 100644
|
|
--- a/libcli/auth/proto.h
|
|
+++ b/libcli/auth/proto.h
|
|
@@ -181,6 +181,13 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
|
size_t *new_pw_len,
|
|
charset_t string_charset);
|
|
|
|
+/***********************************************************
|
|
+ Encode an arc4 password change buffer.
|
|
+************************************************************/
|
|
+NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
|
|
+ const DATA_BLOB *session_key,
|
|
+ struct samr_CryptPasswordEx *out_crypt_pwd);
|
|
+
|
|
/***********************************************************
|
|
Decode an arc4 encrypted password change buffer.
|
|
************************************************************/
|
|
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
|
|
index b7b17130f07..793012553b2 100644
|
|
--- a/libcli/auth/smbencrypt.c
|
|
+++ b/libcli/auth/smbencrypt.c
|
|
@@ -839,6 +839,48 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
|
|
return true;
|
|
}
|
|
|
|
+/***********************************************************
|
|
+ Encode an arc4 password change buffer.
|
|
+************************************************************/
|
|
+NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
|
|
+ const DATA_BLOB *session_key,
|
|
+ struct samr_CryptPasswordEx *out_crypt_pwd)
|
|
+{
|
|
+ uint8_t _confounder[16] = {0};
|
|
+ DATA_BLOB confounder = data_blob_const(_confounder, 16);
|
|
+ DATA_BLOB pw_data = data_blob_const(out_crypt_pwd->data, 516);
|
|
+ bool ok;
|
|
+ int rc;
|
|
+
|
|
+ ok = encode_pw_buffer(pw_data.data, passwd, STR_UNICODE);
|
|
+ if (!ok) {
|
|
+ return NT_STATUS_INVALID_PARAMETER;
|
|
+ }
|
|
+
|
|
+ generate_random_buffer(confounder.data, confounder.length);
|
|
+
|
|
+ rc = samba_gnutls_arcfour_confounded_md5(&confounder,
|
|
+ session_key,
|
|
+ &pw_data,
|
|
+ SAMBA_GNUTLS_ENCRYPT);
|
|
+ if (rc < 0) {
|
|
+ ZERO_ARRAY(_confounder);
|
|
+ data_blob_clear(&pw_data);
|
|
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ * The packet format is the 516 byte RC4 encrypted
|
|
+ * pasword followed by the 16 byte counfounder
|
|
+ * The confounder is a salt to prevent pre-computed hash attacks on the
|
|
+ * database.
|
|
+ */
|
|
+ memcpy(&out_crypt_pwd->data[516], confounder.data, confounder.length);
|
|
+ ZERO_ARRAY(_confounder);
|
|
+
|
|
+ return NT_STATUS_OK;
|
|
+}
|
|
+
|
|
/***********************************************************
|
|
Decode an arc4 encrypted password change buffer.
|
|
************************************************************/
|
|
--
|
|
2.23.0
|
|
|