From 8f20a5512a91cb9c6e2e50040cd0b61d39521d69 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 21 Jun 2010 21:16:20 +0200 Subject: s4:samr_password.c - add a function which sets the password through encrypted password hashes Used for password sets on "samr_SetUserInfo" level 18 and 21. --- source4/rpc_server/samr/samr_password.c | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'source4/rpc_server/samr') diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 288df91b09..a8099646ef 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -554,3 +554,51 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, NULL, NULL); } +/* + set password via encrypted NT and LM hash buffers +*/ +NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call, + struct ldb_context *sam_ctx, + struct ldb_dn *account_dn, + struct ldb_dn *domain_dn, + TALLOC_CTX *mem_ctx, + const uint8_t *lm_pwd_hash, + const uint8_t *nt_pwd_hash) +{ + struct samr_Password *d_lm_pwd_hash = NULL, *d_nt_pwd_hash = NULL; + DATA_BLOB session_key = data_blob(NULL, 0); + DATA_BLOB in, out; + NTSTATUS nt_status = NT_STATUS_OK; + + nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + if (lm_pwd_hash != NULL) { + in = data_blob_const(lm_pwd_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + + sess_crypt_blob(&out, &in, &session_key, false); + + d_lm_pwd_hash = (struct samr_Password *) out.data; + } + if (nt_pwd_hash != NULL) { + in = data_blob_const(nt_pwd_hash, 16); + out = data_blob_talloc_zero(mem_ctx, 16); + + sess_crypt_blob(&out, &in, &session_key, false); + + d_nt_pwd_hash = (struct samr_Password *) out.data; + } + + if ((d_lm_pwd_hash != NULL) || (d_nt_pwd_hash != NULL)) { + nt_status = samdb_set_password(sam_ctx, mem_ctx, account_dn, + domain_dn, NULL, + d_lm_pwd_hash, d_nt_pwd_hash, + false, /* this is a password set */ + NULL, NULL); + } + + return nt_status; +} -- cgit