Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 07:46:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SAMLIB]

Browse source 
SamChangePasswordUser: Encrypt the old and the new password hashes before calling the remote function.

[SAMSRV]
SamrChangePasswordUser: Decrypt the old and the new password hashes before checking the old password and storing the new password.

svn path=/trunk/; revision=62080
This commit is contained in:
Eric Kohl 2014-02-09 20:51:39 +00:00
parent 5a930877dd
commit d37199d4cc
3 changed files with 123 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

63
reactos/dll/win32/samlib/samlib.c
View file

@ -45,6 +45,12 @@ WINAPI
SystemFunction007(PUNICODE_STRING string, SystemFunction007(PUNICODE_STRING string,
LPBYTE hash); LPBYTE hash);
NTSTATUS
WINAPI
SystemFunction012(const BYTE *in,
const BYTE *key,
LPBYTE out);
/* GLOBALS *******************************************************************/ /* GLOBALS *******************************************************************/
@ -254,6 +260,13 @@ SamChangePasswordUser(IN SAM_HANDLE UserHandle,
BOOLEAN NewLmPasswordPresent = FALSE; BOOLEAN NewLmPasswordPresent = FALSE;
NTSTATUS Status; NTSTATUS Status;
ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm;
ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm;
ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt;
ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt;
PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL;
PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL;
/* Calculate the NT hash for the old password */ /* Calculate the NT hash for the old password */
Status = SystemFunction007(OldPassword, Status = SystemFunction007(OldPassword,
(LPBYTE)&OldNtPassword); (LPBYTE)&OldNtPassword);
@ -312,15 +325,57 @@ SamChangePasswordUser(IN SAM_HANDLE UserHandle,
} }
} }
if (OldLmPasswordPresent && NewLmPasswordPresent)
{
Status = SystemFunction012((const BYTE *)&OldLmPassword,
(const BYTE *)&NewLmPassword,
(LPBYTE)&OldLmEncryptedWithNewLm);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
return Status;
}
Status = SystemFunction012((const BYTE *)&NewLmPassword,
(const BYTE *)&OldLmPassword,
(LPBYTE)&NewLmEncryptedWithOldLm);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
return Status;
}
pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm;
pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm;
}
Status = SystemFunction012((const BYTE *)&OldNtPassword,
(const BYTE *)&NewNtPassword,
(LPBYTE)&OldNtEncryptedWithNewNt);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
return Status;
}
Status = SystemFunction012((const BYTE *)&NewNtPassword,
(const BYTE *)&OldNtPassword,
(LPBYTE)&NewNtEncryptedWithOldNt);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
return Status;
}
RpcTryExcept RpcTryExcept
{ {
Status = SamrChangePasswordUser((SAMPR_HANDLE)UserHandle, Status = SamrChangePasswordUser((SAMPR_HANDLE)UserHandle,
OldLmPasswordPresent && NewLmPasswordPresent, OldLmPasswordPresent && NewLmPasswordPresent,
&OldLmPassword, pOldLmEncryptedWithNewLm,
&NewLmPassword, pNewLmEncryptedWithOldLm,
TRUE, TRUE,
&OldNtPassword, &OldNtEncryptedWithNewNt,
&NewNtPassword, &NewNtEncryptedWithOldNt,
FALSE, FALSE,
NULL, NULL,
FALSE, FALSE,

75
reactos/dll/win32/samsrv/samrpc.c
View file

@ -8047,10 +8047,10 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
{ {
ENCRYPTED_LM_OWF_PASSWORD StoredLmPassword; ENCRYPTED_LM_OWF_PASSWORD StoredLmPassword;
ENCRYPTED_NT_OWF_PASSWORD StoredNtPassword; ENCRYPTED_NT_OWF_PASSWORD StoredNtPassword;
PENCRYPTED_LM_OWF_PASSWORD OldLmPassword; ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
PENCRYPTED_LM_OWF_PASSWORD NewLmPassword; ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
PENCRYPTED_NT_OWF_PASSWORD OldNtPassword; ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
PENCRYPTED_NT_OWF_PASSWORD NewNtPassword; ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
BOOLEAN StoredLmPresent = FALSE; BOOLEAN StoredLmPresent = FALSE;
BOOLEAN StoredNtPresent = FALSE; BOOLEAN StoredNtPresent = FALSE;
BOOLEAN StoredLmEmpty = TRUE; BOOLEAN StoredLmEmpty = TRUE;
@ -8153,21 +8153,62 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status); TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status);
return Status; goto done;
} }
if (DomainFixedData.MinPasswordAge.QuadPart > 0) if (DomainFixedData.MinPasswordAge.QuadPart > 0)
{ {
if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart)) if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart))
return STATUS_ACCOUNT_RESTRICTION; {
Status = STATUS_ACCOUNT_RESTRICTION;
goto done;
}
} }
} }
/* FIXME: Decrypt passwords */ /* Decrypt the LM passwords, if present */
OldLmPassword = OldLmEncryptedWithNewLm; if (LmPresent)
NewLmPassword = NewLmEncryptedWithOldLm; {
OldNtPassword = OldNtEncryptedWithNewNt; Status = SystemFunction013((const BYTE *)NewLmEncryptedWithOldLm,
NewNtPassword = NewNtEncryptedWithOldNt; (const BYTE *)&StoredLmPassword,
(LPBYTE)&NewLmPassword);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = SystemFunction013((const BYTE *)OldLmEncryptedWithNewLm,
(const BYTE *)&NewLmPassword,
(LPBYTE)&OldLmPassword);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
goto done;
}
}
/* Decrypt the NT passwords, if present */
if (NtPresent)
{
Status = SystemFunction013((const BYTE *)NewNtEncryptedWithOldNt,
(const BYTE *)&StoredNtPassword,
(LPBYTE)&NewNtPassword);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = SystemFunction013((const BYTE *)OldNtEncryptedWithNewNt,
(const BYTE *)&NewNtPassword,
(LPBYTE)&OldNtPassword);
if (!NT_SUCCESS(Status))
{
TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
goto done;
}
}
/* Check if the old passwords match the stored ones */ /* Check if the old passwords match the stored ones */
if (NtPresent) if (NtPresent)
@ -8175,7 +8216,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
if (LmPresent) if (LmPresent)
{ {
if (!RtlEqualMemory(&StoredLmPassword, if (!RtlEqualMemory(&StoredLmPassword,
OldLmPassword, &OldLmPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD))) sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{ {
TRACE("Old LM Password does not match!\n"); TRACE("Old LM Password does not match!\n");
@ -8184,7 +8225,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
else else
{ {
if (!RtlEqualMemory(&StoredNtPassword, if (!RtlEqualMemory(&StoredNtPassword,
OldNtPassword, &OldNtPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD))) sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{ {
TRACE("Old NT Password does not match!\n"); TRACE("Old NT Password does not match!\n");
@ -8195,7 +8236,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
else else
{ {
if (!RtlEqualMemory(&StoredNtPassword, if (!RtlEqualMemory(&StoredNtPassword,
OldNtPassword, &OldNtPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD))) sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{ {
TRACE("Old NT Password does not match!\n"); TRACE("Old NT Password does not match!\n");
@ -8208,7 +8249,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
if (LmPresent) if (LmPresent)
{ {
if (!RtlEqualMemory(&StoredLmPassword, if (!RtlEqualMemory(&StoredLmPassword,
OldLmPassword, &OldLmPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD))) sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{ {
TRACE("Old LM Password does not match!\n"); TRACE("Old LM Password does not match!\n");
@ -8225,9 +8266,9 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {
Status = SampSetUserPassword(UserObject, Status = SampSetUserPassword(UserObject,
NewNtPassword, &NewNtPassword,
NtPresent, NtPresent,
NewLmPassword, &NewLmPassword,
LmPresent); LmPresent);
if (NT_SUCCESS(Status)) if (NT_SUCCESS(Status))
{ {

6
reactos/dll/win32/samsrv/samsrv.h
View file

@ -434,4 +434,10 @@ WINAPI
SystemFunction007(PUNICODE_STRING string, SystemFunction007(PUNICODE_STRING string,
LPBYTE hash); LPBYTE hash);
NTSTATUS
WINAPI
SystemFunction013(const BYTE *in,
const BYTE *key,
LPBYTE out);
#endif /* _SAMSRV_PCH_ */ #endif /* _SAMSRV_PCH_ */