bool mod_hash::lm(wstring * chaine, wstring * hash) { bool status = false; UNICODE_STRING maChaine; OEM_STRING maDestination; BYTE monTab[16]; RtlInitUnicodeString(&maChaine, chaine->c_str()); if(NT_SUCCESS(RtlUpcaseUnicodeStringToOemString(&maDestination, &maChaine, TRUE))) { if(status = NT_SUCCESS(SystemFunction006(maDestination.Buffer, monTab))) hash->assign(mod_text::stringOfHex(monTab, sizeof(monTab))); RtlFreeOemString(&maDestination); } return status; }
static NTSTATUS MsvpCheckPassword(PUNICODE_STRING UserPassword, PSAMPR_USER_INFO_BUFFER UserInfo) { ENCRYPTED_NT_OWF_PASSWORD UserNtPassword; ENCRYPTED_LM_OWF_PASSWORD UserLmPassword; BOOLEAN UserLmPasswordPresent = FALSE; BOOLEAN UserNtPasswordPresent = FALSE; OEM_STRING LmPwdString; CHAR LmPwdBuffer[15]; NTSTATUS Status; TRACE("(%p %p)\n", UserPassword, UserInfo); /* Calculate the LM password and hash for the users password */ LmPwdString.Length = 15; LmPwdString.MaximumLength = 15; LmPwdString.Buffer = LmPwdBuffer; ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength); Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString, UserPassword, FALSE); if (NT_SUCCESS(Status)) { /* Calculate the LM hash value of the users password */ Status = SystemFunction006(LmPwdString.Buffer, (LPSTR)&UserLmPassword); if (NT_SUCCESS(Status)) { UserLmPasswordPresent = TRUE; } } /* Calculate the NT hash of the users password */ Status = SystemFunction007(UserPassword, (LPBYTE)&UserNtPassword); if (NT_SUCCESS(Status)) { UserNtPasswordPresent = TRUE; } Status = STATUS_WRONG_PASSWORD; /* Succeed, if no password has been set */ if (UserInfo->All.NtPasswordPresent == FALSE && UserInfo->All.LmPasswordPresent == FALSE) { TRACE("No password check!\n"); Status = STATUS_SUCCESS; goto done; } /* Succeed, if NT password matches */ if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent) { TRACE("Check NT password hashes:\n"); if (RtlEqualMemory(&UserNtPassword, UserInfo->All.NtOwfPassword.Buffer, sizeof(ENCRYPTED_NT_OWF_PASSWORD))) { TRACE(" success!\n"); Status = STATUS_SUCCESS; goto done; } TRACE(" failed!\n"); } /* Succeed, if LM password matches */ if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent) { TRACE("Check LM password hashes:\n"); if (RtlEqualMemory(&UserLmPassword, UserInfo->All.LmOwfPassword.Buffer, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE(" success!\n"); Status = STATUS_SUCCESS; goto done; } TRACE(" failed!\n"); } done: return Status; }
static NTSTATUS MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus) { PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer; ULONG_PTR PtrOffset; SAMPR_HANDLE ServerHandle = NULL; SAMPR_HANDLE DomainHandle = NULL; SAMPR_HANDLE UserHandle = NULL; PRPC_SID DomainSid = NULL; RPC_UNICODE_STRING Names[1]; SAMPR_ULONG_ARRAY RelativeIds = {0, NULL}; SAMPR_ULONG_ARRAY Use = {0, NULL}; NTSTATUS Status; ENCRYPTED_NT_OWF_PASSWORD OldNtPassword; ENCRYPTED_NT_OWF_PASSWORD NewNtPassword; ENCRYPTED_LM_OWF_PASSWORD OldLmPassword; ENCRYPTED_LM_OWF_PASSWORD NewLmPassword; OEM_STRING LmPwdString; CHAR LmPwdBuffer[15]; BOOLEAN OldLmPasswordPresent = FALSE; BOOLEAN NewLmPasswordPresent = FALSE; ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm; ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm; ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt; ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt; PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL; PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL; TRACE("()\n"); RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer; /* Fix-up pointers in the request buffer info */ PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase; RequestBuffer->DomainName.Buffer = FIXUP_POINTER(RequestBuffer->DomainName.Buffer, PtrOffset); RequestBuffer->AccountName.Buffer = FIXUP_POINTER(RequestBuffer->AccountName.Buffer, PtrOffset); RequestBuffer->OldPassword.Buffer = FIXUP_POINTER(RequestBuffer->OldPassword.Buffer, PtrOffset); RequestBuffer->NewPassword.Buffer = FIXUP_POINTER(RequestBuffer->NewPassword.Buffer, PtrOffset); TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer); TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer); TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer); TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer); /* Connect to the SAM server */ Status = SamIConnect(NULL, &ServerHandle, SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, TRUE); if (!NT_SUCCESS(Status)) { TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status); goto done; } /* Get the domain SID */ Status = SamrLookupDomainInSamServer(ServerHandle, (PRPC_UNICODE_STRING)&RequestBuffer->DomainName, &DomainSid); if (!NT_SUCCESS(Status)) { TRACE("SamrLookupDomainInSamServer failed (Status %08lx)\n", Status); goto done; } /* Open the domain */ Status = SamrOpenDomain(ServerHandle, DOMAIN_LOOKUP, DomainSid, &DomainHandle); if (!NT_SUCCESS(Status)) { TRACE("SamrOpenDomain failed (Status %08lx)\n", Status); goto done; } Names[0].Length = RequestBuffer->AccountName.Length; Names[0].MaximumLength = RequestBuffer->AccountName.MaximumLength; Names[0].Buffer = RequestBuffer->AccountName.Buffer; /* Try to get the RID for the user name */ Status = SamrLookupNamesInDomain(DomainHandle, 1, Names, &RelativeIds, &Use); if (!NT_SUCCESS(Status)) { TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status); Status = STATUS_NO_SUCH_USER; goto done; } /* Fail, if it is not a user account */ if (Use.Element[0] != SidTypeUser) { TRACE("Account is not a user account!\n"); Status = STATUS_NO_SUCH_USER; goto done; } /* Open the user object */ Status = SamrOpenUser(DomainHandle, USER_CHANGE_PASSWORD, RelativeIds.Element[0], &UserHandle); if (!NT_SUCCESS(Status)) { TRACE("SamrOpenUser failed (Status %08lx)\n", Status); goto done; } /* Calculate the NT hash for the old password */ Status = SystemFunction007(&RequestBuffer->OldPassword, (LPBYTE)&OldNtPassword); if (!NT_SUCCESS(Status)) { TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status); goto done; } /* Calculate the NT hash for the new password */ Status = SystemFunction007(&RequestBuffer->NewPassword, (LPBYTE)&NewNtPassword); if (!NT_SUCCESS(Status)) { TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status); goto done; } /* Calculate the LM password and hash for the old password */ LmPwdString.Length = 15; LmPwdString.MaximumLength = 15; LmPwdString.Buffer = LmPwdBuffer; ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength); Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString, &RequestBuffer->OldPassword, FALSE); if (NT_SUCCESS(Status)) { /* Calculate the LM hash value of the password */ Status = SystemFunction006(LmPwdString.Buffer, (LPSTR)&OldLmPassword); if (NT_SUCCESS(Status)) { OldLmPasswordPresent = TRUE; } } /* Calculate the LM password and hash for the new password */ LmPwdString.Length = 15; LmPwdString.MaximumLength = 15; LmPwdString.Buffer = LmPwdBuffer; ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength); Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString, &RequestBuffer->NewPassword, FALSE); if (NT_SUCCESS(Status)) { /* Calculate the LM hash value of the password */ Status = SystemFunction006(LmPwdString.Buffer, (LPSTR)&NewLmPassword); if (NT_SUCCESS(Status)) { NewLmPasswordPresent = TRUE; } } /* Encrypt the old and new LM passwords, if they exist */ if (OldLmPasswordPresent && NewLmPasswordPresent) { /* Encrypt the old LM password */ Status = SystemFunction012((const BYTE *)&OldLmPassword, (const BYTE *)&NewLmPassword, (LPBYTE)&OldLmEncryptedWithNewLm); if (!NT_SUCCESS(Status)) { TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); goto done; } /* Encrypt the new LM password */ Status = SystemFunction012((const BYTE *)&NewLmPassword, (const BYTE *)&OldLmPassword, (LPBYTE)&NewLmEncryptedWithOldLm); if (!NT_SUCCESS(Status)) { TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); goto done; } pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm; pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm; } /* Encrypt the old NT password */ Status = SystemFunction012((const BYTE *)&OldNtPassword, (const BYTE *)&NewNtPassword, (LPBYTE)&OldNtEncryptedWithNewNt); if (!NT_SUCCESS(Status)) { TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); goto done; } /* Encrypt the new NT password */ Status = SystemFunction012((const BYTE *)&NewNtPassword, (const BYTE *)&OldNtPassword, (LPBYTE)&NewNtEncryptedWithOldNt); if (!NT_SUCCESS(Status)) { TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); goto done; } /* Change the password */ Status = SamrChangePasswordUser(UserHandle, OldLmPasswordPresent && NewLmPasswordPresent, pOldLmEncryptedWithNewLm, pNewLmEncryptedWithOldLm, TRUE, &OldNtEncryptedWithNewNt, &NewNtEncryptedWithOldNt, FALSE, NULL, FALSE, NULL); if (!NT_SUCCESS(Status)) { TRACE("SamrChangePasswordUser failed (Status %08lx)\n", Status); goto done; } done: if (UserHandle != NULL) SamrCloseHandle(&UserHandle); SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds); SamIFree_SAMPR_ULONG_ARRAY(&Use); if (DomainHandle != NULL) SamrCloseHandle(&DomainHandle); if (DomainSid != NULL) SamIFreeVoid(DomainSid); if (ServerHandle != NULL) SamrCloseHandle(&ServerHandle); return Status; }