summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libnet/libnet_join.c37
-rw-r--r--source3/utils/net_rpc.c24
-rw-r--r--source3/utils/net_rpc_join.c11
3 files changed, 29 insertions, 43 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 59dec1a6c3..2f2c71dfce 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -731,15 +731,14 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
struct lsa_String lsa_acct_name;
uint32_t user_rid;
uint32_t acct_flags = ACB_WSTRUST;
- uchar pwbuf[532];
- struct MD5Context md5ctx;
- uchar md5buffer[16];
- DATA_BLOB digested_session_key;
uchar md4_trust_password[16];
struct samr_Ids user_rids;
struct samr_Ids name_types;
union samr_UserInfo user_info;
+ struct samr_CryptPassword crypt_pwd;
+ struct samr_CryptPasswordEx crypt_pwd_ex;
+
ZERO_STRUCT(sam_pol);
ZERO_STRUCT(domain_pol);
ZERO_STRUCT(user_pol);
@@ -871,19 +870,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
/* Create a random machine account password and generate the hash */
E_md4hash(r->in.machine_password, md4_trust_password);
- encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);
-
- generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer));
- digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
-
- MD5Init(&md5ctx);
- MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
- MD5Update(&md5ctx, cli->user_session_key.data,
- cli->user_session_key.length);
- MD5Final(digested_session_key.data, &md5ctx);
- SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
- memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
+ init_samr_CryptPasswordEx(r->in.machine_password,
+ &cli->user_session_key,
+ &crypt_pwd_ex);
/* Fill in the additional account flags now */
@@ -904,7 +894,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
SAMR_FIELD_ACCT_FLAGS;
user_info.info25.info.acct_flags = acct_flags;
- memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf));
+ memcpy(&user_info.info25.password.data, crypt_pwd_ex.data,
+ sizeof(crypt_pwd_ex.data));
status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
&user_pol,
@@ -913,15 +904,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
- uchar pwbuf2[516];
-
- encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE);
-
/* retry with level 24 */
- init_samr_user_info24(&user_info.info24, pwbuf2, 24);
- SamOEMhashBlob(user_info.info24.password.data, 516,
- &cli->user_session_key);
+ init_samr_CryptPassword(r->in.machine_password,
+ &cli->user_session_key,
+ &crypt_pwd);
+
+ init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24);
status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
&user_pol,
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index f6b6d3a095..a3fdb69bd8 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -849,11 +849,11 @@ static NTSTATUS rpc_user_password_internals(struct net_context *c,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND connect_pol, domain_pol, user_pol;
- uchar pwbuf[516];
const char *user;
const char *new_password;
char *prompt = NULL;
union samr_UserInfo info;
+ struct samr_CryptPassword crypt_pwd;
if (argc < 1 || c->display_usage) {
rpc_user_usage(c, argc, argv);
@@ -922,12 +922,11 @@ static NTSTATUS rpc_user_password_internals(struct net_context *c,
/* Set password on account */
- encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
+ init_samr_CryptPassword(new_password,
+ &cli->user_session_key,
+ &crypt_pwd);
- init_samr_user_info24(&info.info24, pwbuf, 24);
-
- SamOEMhashBlob(info.info24.password.data, 516,
- &cli->user_session_key);
+ init_samr_user_info24(&info.info24, crypt_pwd.data, 24);
result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
&user_pol,
@@ -5731,9 +5730,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
struct samr_LogonHours hours;
struct lsa_BinaryString parameters;
const int units_per_week = 168;
- uchar pwbuf[516];
-
- encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
+ struct samr_CryptPassword crypt_pwd;
ZERO_STRUCT(notime);
ZERO_STRUCT(hours);
@@ -5747,6 +5744,10 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
hours.units_per_week = units_per_week;
memset(hours.bits, 0xFF, units_per_week);
+ init_samr_CryptPassword(argv[1],
+ &cli->user_session_key,
+ &crypt_pwd);
+
init_samr_user_info23(&info.info23,
notime, notime, notime,
notime, notime, notime,
@@ -5755,10 +5756,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
hours,
0, 0, 0, 0, 0, 0, 0,
- pwbuf, 24);
-
- SamOEMhashBlob(info.info23.password.data, 516,
- &cli->user_session_key);
+ crypt_pwd.data, 24);
result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
&user_pol,
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index f63cb14b7e..5bc38f979f 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -148,7 +148,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
/* Password stuff */
char *clear_trust_password = NULL;
- uchar pwbuf[516];
+ struct samr_CryptPassword crypt_pwd;
uchar md4_trust_password[16];
union samr_UserInfo set_info;
@@ -337,14 +337,13 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
E_md4hash(clear_trust_password, md4_trust_password);
}
- encode_pw_buffer(pwbuf, clear_trust_password, STR_UNICODE);
-
/* Set password on machine account */
- init_samr_user_info24(&set_info.info24, pwbuf, 24);
+ init_samr_CryptPassword(clear_trust_password,
+ &cli->user_session_key,
+ &crypt_pwd);
- SamOEMhashBlob(set_info.info24.password.data, 516,
- &cli->user_session_key);
+ init_samr_user_info24(&set_info.info24, crypt_pwd.data, 24);
CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
&user_pol,