diff options
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 7 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 10 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 58 |
3 files changed, 30 insertions, 45 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index b99f13638d..c97a640d18 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -1014,6 +1014,11 @@ interface netlogon [out,switch_is(level)] netr_DomainInfo info ); + typedef [flag(NDR_PAHEX)] struct { + uint16 data[256]; + uint32 length; + } netr_CryptPassword; + /*****************/ /* Function 0x1e */ NTSTATUS netr_ServerPasswordSet2( @@ -1022,7 +1027,7 @@ interface netlogon [in] netr_SchannelType secure_channel_type, [in] unistr computer_name, [in] netr_Authenticator credential, - [in] samr_CryptPassword new_password, + [in] netr_CryptPassword new_password, [out] netr_Authenticator return_authenticator ); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 0b6106d485..141aeef1bf 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1018,6 +1018,8 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL char new_pass[512]; uint32_t new_pass_len; + struct samr_CryptPassword password_buf; + const char *attrs[] = {"objectSid", NULL }; const char **domain_attrs = attrs; @@ -1080,10 +1082,12 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL NT_STATUS_HAVE_NO_MEMORY(mod); mod->dn = talloc_reference(mod, msgs[0]->dn); - creds_arcfour_crypt(pipe_state->creds, r->in.new_password.data, 516); + memcpy(password_buf.data, r->in.new_password.data, 512); + SIVAL(password_buf.data,512,r->in.new_password.length); + creds_arcfour_crypt(pipe_state->creds, password_buf.data, 516); - ret = decode_pw_buffer(r->in.new_password.data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE); + ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass), + &new_pass_len, STR_UNICODE); if (!ret) { DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n")); return NT_STATUS_ACCESS_DENIED; diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index c12560ad53..72d039fc42 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -294,37 +294,6 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.secure_channel_type = SEC_CHAN_BDC; r.in.computer_name = TEST_MACHINE_NAME; - password = ""; - E_md4hash(password, r.in.new_password.hash); - - creds_des_encrypt(creds, &r.in.new_password); - /* by changing the machine password to "" - * we check if the server uses password restrictions - * for ServerPasswordSet2 - * (win2k3 accepts "") - */ - printf("Testing a second ServerPasswordSet on machine account\n"); - printf("Changing machine account password to '%s'\n", password); - - creds_client_authenticator(creds, &r.in.credential); - - status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - printf("ServerPasswordSet (2) - %s\n", nt_errstr(status)); - return False; - } - - if (!creds_client_check(creds, &r.out.return_authenticator.cred)) { - printf("Credential chaining failed\n"); - } - - machine_password = password; - - if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { - printf("ServerPasswordSet failed to actually change the password\n"); - return False; - } - password = generate_random_str(mem_ctx, 8); E_md4hash(password, r.in.new_password.hash); @@ -383,6 +352,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) struct netr_ServerPasswordSet2 r; const char *password; struct creds_CredentialState *creds; + struct samr_CryptPassword password_buf; if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) { @@ -394,23 +364,26 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.secure_channel_type = SEC_CHAN_BDC; r.in.computer_name = TEST_MACHINE_NAME; - password = ""; - encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); - creds_arcfour_crypt(creds, r.in.new_password.data, 516); + password = generate_random_str(mem_ctx, 8); + encode_pw_buffer(password_buf.data, password, STR_UNICODE); + creds_arcfour_crypt(creds, password_buf.data, 516); + + memcpy(r.in.new_password.data, password_buf.data, 512); + r.in.new_password.length = IVAL(password_buf.data, 512); /* by changing the machine password to "" * we check if the server uses password restrictions * for ServerPasswordSet2 * (win2k3 accepts "") */ - printf("Testing a second ServerPasswordSet2 on machine account\n"); + printf("Testing ServerPasswordSet2 on machine account\n"); printf("Changing machine account password to '%s'\n", password); creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("ServerPasswordSet (2) - %s\n", nt_errstr(status)); + printf("ServerPasswordSet2 - %s\n", nt_errstr(status)); return False; } @@ -427,17 +400,20 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) /* now try a random password */ password = generate_random_str(mem_ctx, 8); - encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE); - creds_arcfour_crypt(creds, r.in.new_password.data, 516); + encode_pw_buffer(password_buf.data, password, STR_UNICODE); + creds_arcfour_crypt(creds, password_buf.data, 516); - printf("Testing ServerPasswordSet2 on machine account\n"); + memcpy(r.in.new_password.data, password_buf.data, 512); + r.in.new_password.length = IVAL(password_buf.data, 512); + + printf("Testing second ServerPasswordSet2 on machine account\n"); printf("Changing machine account password to '%s'\n", password); creds_client_authenticator(creds, &r.in.credential); status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("ServerPasswordSet2 - %s\n", nt_errstr(status)); + printf("ServerPasswordSet2 (2) - %s\n", nt_errstr(status)); return False; } @@ -456,7 +432,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("ServerPasswordSet (2) - %s\n", nt_errstr(status)); + printf("ServerPasswordSet (3) - %s\n", nt_errstr(status)); return False; } |