109 lines
3.6 KiB
Diff
109 lines
3.6 KiB
Diff
From c82322be0012f8bf467d75681bd82322eba11145 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 9 Jul 2019 13:01:49 +0200
|
|
Subject: [PATCH 020/187] s4:libnet: Use encode_rc4_passwd_buffer() in
|
|
libnet_SetPassword_samr_handle_26()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 5afa402bb7ba11a8eefc6e14047eeec1f3327681)
|
|
---
|
|
source4/libnet/libnet_passwd.c | 47 ++++++++--------------------------
|
|
1 file changed, 11 insertions(+), 36 deletions(-)
|
|
|
|
diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
|
|
index 97ce7f58ddf..0beea077bd0 100644
|
|
--- a/source4/libnet/libnet_passwd.c
|
|
+++ b/source4/libnet/libnet_passwd.c
|
|
@@ -23,6 +23,7 @@
|
|
#include "../lib/crypto/crypto.h"
|
|
#include "libcli/auth/libcli_auth.h"
|
|
#include "librpc/gen_ndr/ndr_samr_c.h"
|
|
+#include "source4/librpc/rpc/dcerpc.h"
|
|
|
|
#include "lib/crypto/gnutls_helpers.h"
|
|
#include <gnutls/gnutls.h>
|
|
@@ -276,10 +277,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
|
struct samr_SetUserInfo2 sui;
|
|
union samr_UserInfo u_info;
|
|
DATA_BLOB session_key;
|
|
- DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
|
|
- uint8_t confounder[16];
|
|
- gnutls_hash_hd_t hash_hnd = NULL;
|
|
- int rc;
|
|
|
|
if (r->samr_handle.in.info21) {
|
|
return NT_STATUS_INVALID_PARAMETER_MIX;
|
|
@@ -287,9 +284,8 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
|
|
|
/* prepare samr_SetUserInfo2 level 26 */
|
|
ZERO_STRUCT(u_info);
|
|
- encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE);
|
|
u_info.info26.password_expired = 0;
|
|
-
|
|
+
|
|
status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key);
|
|
if (!NT_STATUS_IS_OK(status)) {
|
|
r->samr_handle.out.error_string = talloc_asprintf(mem_ctx,
|
|
@@ -297,38 +293,18 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
|
nt_errstr(status));
|
|
return status;
|
|
}
|
|
-
|
|
- generate_random_buffer((uint8_t *)confounder, 16);
|
|
-
|
|
- rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
|
|
- if (rc < 0) {
|
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
|
- goto out;
|
|
- }
|
|
|
|
- rc = gnutls_hash(hash_hnd, confounder, 16);
|
|
- if (rc < 0) {
|
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
|
- goto out;
|
|
- }
|
|
- rc = gnutls_hash(hash_hnd, session_key.data, session_key.length);
|
|
- if (rc < 0) {
|
|
- gnutls_hash_deinit(hash_hnd, NULL);
|
|
- status = gnutls_error_to_ntstatus(rc, NT_STATUS_HASH_NOT_SUPPORTED);
|
|
- goto out;
|
|
+ status = encode_rc4_passwd_buffer(r->samr_handle.in.newpassword,
|
|
+ &session_key,
|
|
+ &u_info.info26.password);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ r->samr_handle.out.error_string =
|
|
+ talloc_asprintf(mem_ctx,
|
|
+ "encode_rc4_passwd_buffer failed: %s",
|
|
+ nt_errstr(status));
|
|
+ return status;
|
|
}
|
|
|
|
- gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
|
|
-
|
|
- arcfour_crypt_blob(u_info.info26.password.data, 516, &confounded_session_key);
|
|
- ZERO_ARRAY_LEN(confounded_session_key.data,
|
|
- confounded_session_key.length);
|
|
- data_blob_free(&confounded_session_key);
|
|
-
|
|
- memcpy(&u_info.info26.password.data[516], confounder, 16);
|
|
- ZERO_ARRAY(confounder);
|
|
-
|
|
sui.in.user_handle = r->samr_handle.in.user_handle;
|
|
sui.in.info = &u_info;
|
|
sui.in.level = 26;
|
|
@@ -346,7 +322,6 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA
|
|
r->samr_handle.in.account_name, nt_errstr(status));
|
|
}
|
|
|
|
-out:
|
|
return status;
|
|
}
|
|
|
|
--
|
|
2.23.0
|
|
|