[SAMLIB]
authorEric Kohl <eric.kohl@reactos.org>
Sun, 9 Feb 2014 20:51:39 +0000 (20:51 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Sun, 9 Feb 2014 20:51:39 +0000 (20:51 +0000)
SamChangePasswordUser: Encrypt the old and the new password hashes before calling the remote function.

[SAMSRV]
SamrChangePasswordUser: Decrypt the old and the new password hashes before checking the old password and storing the new password.

svn path=/trunk/; revision=62080

reactos/dll/win32/samlib/samlib.c
reactos/dll/win32/samsrv/samrpc.c
reactos/dll/win32/samsrv/samsrv.h

index 97a4179..16d3d01 100644 (file)
@@ -45,6 +45,12 @@ WINAPI
 SystemFunction007(PUNICODE_STRING string,
                   LPBYTE hash);
 
+NTSTATUS
+WINAPI
+SystemFunction012(const BYTE *in,
+                  const BYTE *key,
+                  LPBYTE out);
+
 /* GLOBALS *******************************************************************/
 
 
@@ -254,6 +260,13 @@ SamChangePasswordUser(IN SAM_HANDLE UserHandle,
     BOOLEAN NewLmPasswordPresent = FALSE;
     NTSTATUS Status;
 
+    ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm;
+    ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm;
+    ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt;
+    ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt;
+    PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL;
+    PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL;
+
     /* Calculate the NT hash for the old password */
     Status = SystemFunction007(OldPassword,
                                (LPBYTE)&OldNtPassword);
@@ -312,15 +325,57 @@ SamChangePasswordUser(IN SAM_HANDLE UserHandle,
         }
     }
 
+    if (OldLmPasswordPresent && NewLmPasswordPresent)
+    {
+        Status = SystemFunction012((const BYTE *)&OldLmPassword,
+                                   (const BYTE *)&NewLmPassword,
+                                   (LPBYTE)&OldLmEncryptedWithNewLm);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
+            return Status;
+        }
+
+        Status = SystemFunction012((const BYTE *)&NewLmPassword,
+                                   (const BYTE *)&OldLmPassword,
+                                   (LPBYTE)&NewLmEncryptedWithOldLm);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
+            return Status;
+        }
+
+        pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm;
+        pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm;
+    }
+
+    Status = SystemFunction012((const BYTE *)&OldNtPassword,
+                               (const BYTE *)&NewNtPassword,
+                               (LPBYTE)&OldNtEncryptedWithNewNt);
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
+        return Status;
+    }
+
+    Status = SystemFunction012((const BYTE *)&NewNtPassword,
+                               (const BYTE *)&OldNtPassword,
+                               (LPBYTE)&NewNtEncryptedWithOldNt);
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
+        return Status;
+    }
+
     RpcTryExcept
     {
         Status = SamrChangePasswordUser((SAMPR_HANDLE)UserHandle,
                                         OldLmPasswordPresent && NewLmPasswordPresent,
-                                        &OldLmPassword,
-                                        &NewLmPassword,
+                                        pOldLmEncryptedWithNewLm,
+                                        pNewLmEncryptedWithOldLm,
                                         TRUE,
-                                        &OldNtPassword,
-                                        &NewNtPassword,
+                                        &OldNtEncryptedWithNewNt,
+                                        &NewNtEncryptedWithOldNt,
                                         FALSE,
                                         NULL,
                                         FALSE,
index 86c6c1d..9bf3075 100644 (file)
@@ -8047,10 +8047,10 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
 {
     ENCRYPTED_LM_OWF_PASSWORD StoredLmPassword;
     ENCRYPTED_NT_OWF_PASSWORD StoredNtPassword;
-    PENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
-    PENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
-    PENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
-    PENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
+    ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
+    ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
+    ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
+    ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
     BOOLEAN StoredLmPresent = FALSE;
     BOOLEAN StoredNtPresent = FALSE;
     BOOLEAN StoredLmEmpty = TRUE;
@@ -8153,21 +8153,62 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
         if (!NT_SUCCESS(Status))
         {
             TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status);
-            return Status;
+            goto done;
         }
 
         if (DomainFixedData.MinPasswordAge.QuadPart > 0)
         {
             if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart))
-                return STATUS_ACCOUNT_RESTRICTION;
+            {
+                Status = STATUS_ACCOUNT_RESTRICTION;
+                goto done;
+            }
+        }
+    }
+
+    /* Decrypt the LM passwords, if present */
+    if (LmPresent)
+    {
+        Status = SystemFunction013((const BYTE *)NewLmEncryptedWithOldLm,
+                                   (const BYTE *)&StoredLmPassword,
+                                   (LPBYTE)&NewLmPassword);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+            goto done;
+        }
+
+        Status = SystemFunction013((const BYTE *)OldLmEncryptedWithNewLm,
+                                   (const BYTE *)&NewLmPassword,
+                                   (LPBYTE)&OldLmPassword);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+            goto done;
         }
     }
 
-    /* FIXME: Decrypt passwords */
-    OldLmPassword = OldLmEncryptedWithNewLm;
-    NewLmPassword = NewLmEncryptedWithOldLm;
-    OldNtPassword = OldNtEncryptedWithNewNt;
-    NewNtPassword = NewNtEncryptedWithOldNt;
+    /* Decrypt the NT passwords, if present */
+    if (NtPresent)
+    {
+        Status = SystemFunction013((const BYTE *)NewNtEncryptedWithOldNt,
+                                   (const BYTE *)&StoredNtPassword,
+                                   (LPBYTE)&NewNtPassword);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+            goto done;
+        }
+
+        Status = SystemFunction013((const BYTE *)OldNtEncryptedWithNewNt,
+                                   (const BYTE *)&NewNtPassword,
+                                   (LPBYTE)&OldNtPassword);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+            goto done;
+        }
+    }
 
     /* Check if the old passwords match the stored ones */
     if (NtPresent)
@@ -8175,7 +8216,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
         if (LmPresent)
         {
             if (!RtlEqualMemory(&StoredLmPassword,
-                                OldLmPassword,
+                                &OldLmPassword,
                                 sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
             {
                 TRACE("Old LM Password does not match!\n");
@@ -8184,7 +8225,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
             else
             {
                 if (!RtlEqualMemory(&StoredNtPassword,
-                                    OldNtPassword,
+                                    &OldNtPassword,
                                     sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
                 {
                     TRACE("Old NT Password does not match!\n");
@@ -8195,7 +8236,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
         else
         {
             if (!RtlEqualMemory(&StoredNtPassword,
-                                OldNtPassword,
+                                &OldNtPassword,
                                 sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
             {
                 TRACE("Old NT Password does not match!\n");
@@ -8208,7 +8249,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
         if (LmPresent)
         {
             if (!RtlEqualMemory(&StoredLmPassword,
-                                OldLmPassword,
+                                &OldLmPassword,
                                 sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
             {
                 TRACE("Old LM Password does not match!\n");
@@ -8225,9 +8266,9 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle,
     if (NT_SUCCESS(Status))
     {
         Status = SampSetUserPassword(UserObject,
-                                     NewNtPassword,
+                                     &NewNtPassword,
                                      NtPresent,
-                                     NewLmPassword,
+                                     &NewLmPassword,
                                      LmPresent);
         if (NT_SUCCESS(Status))
         {
index 750957f..325352f 100644 (file)
@@ -434,4 +434,10 @@ WINAPI
 SystemFunction007(PUNICODE_STRING string,
                   LPBYTE hash);
 
+NTSTATUS
+WINAPI
+SystemFunction013(const BYTE *in,
+                  const BYTE *key,
+                  LPBYTE out);
+
 #endif /* _SAMSRV_PCH_ */