diff options
-rw-r--r-- | source3/libnet/libnet_join.c | 37 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 24 | ||||
-rw-r--r-- | source3/utils/net_rpc_join.c | 11 |
3 files changed, 29 insertions, 43 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 59dec1a6c3..2f2c71dfce 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -731,15 +731,14 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct lsa_String lsa_acct_name; uint32_t user_rid; uint32_t acct_flags = ACB_WSTRUST; - uchar pwbuf[532]; - struct MD5Context md5ctx; - uchar md5buffer[16]; - DATA_BLOB digested_session_key; uchar md4_trust_password[16]; struct samr_Ids user_rids; struct samr_Ids name_types; union samr_UserInfo user_info; + struct samr_CryptPassword crypt_pwd; + struct samr_CryptPasswordEx crypt_pwd_ex; + ZERO_STRUCT(sam_pol); ZERO_STRUCT(domain_pol); ZERO_STRUCT(user_pol); @@ -871,19 +870,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Create a random machine account password and generate the hash */ E_md4hash(r->in.machine_password, md4_trust_password); - encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE); - - generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer)); - digested_session_key = data_blob_talloc(mem_ctx, 0, 16); - - MD5Init(&md5ctx); - MD5Update(&md5ctx, md5buffer, sizeof(md5buffer)); - MD5Update(&md5ctx, cli->user_session_key.data, - cli->user_session_key.length); - MD5Final(digested_session_key.data, &md5ctx); - SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); - memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer)); + init_samr_CryptPasswordEx(r->in.machine_password, + &cli->user_session_key, + &crypt_pwd_ex); /* Fill in the additional account flags now */ @@ -904,7 +894,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SAMR_FIELD_ACCT_FLAGS; user_info.info25.info.acct_flags = acct_flags; - memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf)); + memcpy(&user_info.info25.password.data, crypt_pwd_ex.data, + sizeof(crypt_pwd_ex.data)); status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, &user_pol, @@ -913,15 +904,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { - uchar pwbuf2[516]; - - encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE); - /* retry with level 24 */ - init_samr_user_info24(&user_info.info24, pwbuf2, 24); - SamOEMhashBlob(user_info.info24.password.data, 516, - &cli->user_session_key); + init_samr_CryptPassword(r->in.machine_password, + &cli->user_session_key, + &crypt_pwd); + + init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24); status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index f6b6d3a095..a3fdb69bd8 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -849,11 +849,11 @@ static NTSTATUS rpc_user_password_internals(struct net_context *c, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND connect_pol, domain_pol, user_pol; - uchar pwbuf[516]; const char *user; const char *new_password; char *prompt = NULL; union samr_UserInfo info; + struct samr_CryptPassword crypt_pwd; if (argc < 1 || c->display_usage) { rpc_user_usage(c, argc, argv); @@ -922,12 +922,11 @@ static NTSTATUS rpc_user_password_internals(struct net_context *c, /* Set password on account */ - encode_pw_buffer(pwbuf, new_password, STR_UNICODE); + init_samr_CryptPassword(new_password, + &cli->user_session_key, + &crypt_pwd); - init_samr_user_info24(&info.info24, pwbuf, 24); - - SamOEMhashBlob(info.info24.password.data, 516, - &cli->user_session_key); + init_samr_user_info24(&info.info24, crypt_pwd.data, 24); result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, @@ -5731,9 +5730,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, struct samr_LogonHours hours; struct lsa_BinaryString parameters; const int units_per_week = 168; - uchar pwbuf[516]; - - encode_pw_buffer(pwbuf, argv[1], STR_UNICODE); + struct samr_CryptPassword crypt_pwd; ZERO_STRUCT(notime); ZERO_STRUCT(hours); @@ -5747,6 +5744,10 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, hours.units_per_week = units_per_week; memset(hours.bits, 0xFF, units_per_week); + init_samr_CryptPassword(argv[1], + &cli->user_session_key, + &crypt_pwd); + init_samr_user_info23(&info.info23, notime, notime, notime, notime, notime, notime, @@ -5755,10 +5756,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, hours, 0, 0, 0, 0, 0, 0, 0, - pwbuf, 24); - - SamOEMhashBlob(info.info23.password.data, 516, - &cli->user_session_key); + crypt_pwd.data, 24); result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index f63cb14b7e..5bc38f979f 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -148,7 +148,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) /* Password stuff */ char *clear_trust_password = NULL; - uchar pwbuf[516]; + struct samr_CryptPassword crypt_pwd; uchar md4_trust_password[16]; union samr_UserInfo set_info; @@ -337,14 +337,13 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) E_md4hash(clear_trust_password, md4_trust_password); } - encode_pw_buffer(pwbuf, clear_trust_password, STR_UNICODE); - /* Set password on machine account */ - init_samr_user_info24(&set_info.info24, pwbuf, 24); + init_samr_CryptPassword(clear_trust_password, + &cli->user_session_key, + &crypt_pwd); - SamOEMhashBlob(set_info.info24.password.data, 516, - &cli->user_session_key); + init_samr_user_info24(&set_info.info24, crypt_pwd.data, 24); CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, |