コード例 #1
0
ファイル: samr_password.c プロジェクト: Alexandr-Galko/samba
/*
  set password via encrypted NT and LM hash buffers
*/
NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
				   struct ldb_context *sam_ctx,
				   struct ldb_dn *account_dn,
				   struct ldb_dn *domain_dn,
				   TALLOC_CTX *mem_ctx,
				   const uint8_t *lm_pwd_hash,
				   const uint8_t *nt_pwd_hash)
{
	struct samr_Password *d_lm_pwd_hash = NULL, *d_nt_pwd_hash = NULL;
	DATA_BLOB session_key = data_blob(NULL, 0);
	DATA_BLOB in, out;
	NTSTATUS nt_status = NT_STATUS_OK;

	nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
	if (!NT_STATUS_IS_OK(nt_status)) {
		return nt_status;
	}

	if (lm_pwd_hash != NULL) {
		in = data_blob_const(lm_pwd_hash, 16);
		out = data_blob_talloc_zero(mem_ctx, 16);

		sess_crypt_blob(&out, &in, &session_key, false);

		d_lm_pwd_hash = (struct samr_Password *) out.data;
	}
	if (nt_pwd_hash != NULL) {
		in = data_blob_const(nt_pwd_hash, 16);
		out = data_blob_talloc_zero(mem_ctx, 16);

		sess_crypt_blob(&out, &in, &session_key, false);

		d_nt_pwd_hash = (struct samr_Password *) out.data;
	}

	if ((d_lm_pwd_hash != NULL) || (d_nt_pwd_hash != NULL)) {
		nt_status = samdb_set_password(sam_ctx, mem_ctx, account_dn,
					       domain_dn, NULL,
					       d_lm_pwd_hash, d_nt_pwd_hash,
					       NULL, NULL, /* this is a password set */
					       NULL, NULL);
	}

	return nt_status;
}
コード例 #2
0
ファイル: smbencrypt.c プロジェクト: edwacode/r6300v2
char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
{
	DATA_BLOB data_out, sess_key;
	uchar nt_hash[16];
	uint32_t length;
	uint32_t version;
	fstring cleartextpwd;

	if (!data_in || !pass)
		return NULL;

	/* generate md4 password-hash derived from the NT UNICODE password */
	E_md4hash(pass, nt_hash);

	/* hashed twice with md4 */
	mdfour(nt_hash, nt_hash, 16);

	/* 16-Byte session-key */
	sess_key = data_blob(nt_hash, 16);
	if (sess_key.data == NULL)
		return NULL;
	
	data_out = data_blob(NULL, data_in->length);
	if (data_out.data == NULL)
		return NULL;
	
	/* decrypt with des3 */
	sess_crypt_blob(&data_out, data_in, &sess_key, 0);

	/* 4 Byte length, 4 Byte version */
	length  = IVAL(data_out.data, 0);
	version = IVAL(data_out.data, 4);

	if (length > data_in->length - 8) {
		DEBUG(0,("decrypt_trustdom_secret: invalid length (%d)\n", length));
		return NULL;
	}
	
	if (version != 1) {
		DEBUG(0,("decrypt_trustdom_secret: unknown version number (%d)\n", version));
		return NULL;
	}
	
	rpcstr_pull(cleartextpwd, data_out.data + 8, sizeof(fstring), length, 0 );

#ifdef DEBUG_PASSWORD
	DEBUG(100,("decrypt_trustdom_secret: length is: %d, version is: %d, password is: %s\n", 
				length, version, cleartextpwd));
#endif

	data_blob_free(&data_out);
	data_blob_free(&sess_key);
	
	return SMB_STRDUP(cleartextpwd);

}