From: Eric Kohl Date: Sun, 9 Feb 2014 20:51:39 +0000 (+0000) Subject: [SAMLIB] X-Git-Tag: ReactOS-0.3.16-CLT2014~223 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=d37199d4cc8df37fcde61ad40be7c734c82ca5fc [SAMLIB] SamChangePasswordUser: Encrypt the old and the new password hashes before calling the remote function. [SAMSRV] SamrChangePasswordUser: Decrypt the old and the new password hashes before checking the old password and storing the new password. svn path=/trunk/; revision=62080 --- diff --git a/reactos/dll/win32/samlib/samlib.c b/reactos/dll/win32/samlib/samlib.c index 97a41792100..16d3d01a1b0 100644 --- a/reactos/dll/win32/samlib/samlib.c +++ b/reactos/dll/win32/samlib/samlib.c @@ -45,6 +45,12 @@ WINAPI SystemFunction007(PUNICODE_STRING string, LPBYTE hash); +NTSTATUS +WINAPI +SystemFunction012(const BYTE *in, + const BYTE *key, + LPBYTE out); + /* GLOBALS *******************************************************************/ @@ -254,6 +260,13 @@ SamChangePasswordUser(IN SAM_HANDLE UserHandle, BOOLEAN NewLmPasswordPresent = FALSE; NTSTATUS Status; + ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm; + ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm; + ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt; + ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt; + PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL; + PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL; + /* Calculate the NT hash for the old password */ Status = SystemFunction007(OldPassword, (LPBYTE)&OldNtPassword); @@ -312,15 +325,57 @@ SamChangePasswordUser(IN SAM_HANDLE UserHandle, } } + if (OldLmPasswordPresent && NewLmPasswordPresent) + { + Status = SystemFunction012((const BYTE *)&OldLmPassword, + (const BYTE *)&NewLmPassword, + (LPBYTE)&OldLmEncryptedWithNewLm); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + + Status = SystemFunction012((const BYTE *)&NewLmPassword, + (const BYTE *)&OldLmPassword, + (LPBYTE)&NewLmEncryptedWithOldLm); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + + pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm; + pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm; + } + + Status = SystemFunction012((const BYTE *)&OldNtPassword, + (const BYTE *)&NewNtPassword, + (LPBYTE)&OldNtEncryptedWithNewNt); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + + Status = SystemFunction012((const BYTE *)&NewNtPassword, + (const BYTE *)&OldNtPassword, + (LPBYTE)&NewNtEncryptedWithOldNt); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + RpcTryExcept { Status = SamrChangePasswordUser((SAMPR_HANDLE)UserHandle, OldLmPasswordPresent && NewLmPasswordPresent, - &OldLmPassword, - &NewLmPassword, + pOldLmEncryptedWithNewLm, + pNewLmEncryptedWithOldLm, TRUE, - &OldNtPassword, - &NewNtPassword, + &OldNtEncryptedWithNewNt, + &NewNtEncryptedWithOldNt, FALSE, NULL, FALSE, diff --git a/reactos/dll/win32/samsrv/samrpc.c b/reactos/dll/win32/samsrv/samrpc.c index 86c6c1dbd71..9bf30752883 100644 --- a/reactos/dll/win32/samsrv/samrpc.c +++ b/reactos/dll/win32/samsrv/samrpc.c @@ -8047,10 +8047,10 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, { ENCRYPTED_LM_OWF_PASSWORD StoredLmPassword; ENCRYPTED_NT_OWF_PASSWORD StoredNtPassword; - PENCRYPTED_LM_OWF_PASSWORD OldLmPassword; - PENCRYPTED_LM_OWF_PASSWORD NewLmPassword; - PENCRYPTED_NT_OWF_PASSWORD OldNtPassword; - PENCRYPTED_NT_OWF_PASSWORD NewNtPassword; + ENCRYPTED_LM_OWF_PASSWORD OldLmPassword; + ENCRYPTED_LM_OWF_PASSWORD NewLmPassword; + ENCRYPTED_NT_OWF_PASSWORD OldNtPassword; + ENCRYPTED_NT_OWF_PASSWORD NewNtPassword; BOOLEAN StoredLmPresent = FALSE; BOOLEAN StoredNtPresent = FALSE; BOOLEAN StoredLmEmpty = TRUE; @@ -8153,21 +8153,62 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, if (!NT_SUCCESS(Status)) { TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status); - return Status; + goto done; } if (DomainFixedData.MinPasswordAge.QuadPart > 0) { if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart)) - return STATUS_ACCOUNT_RESTRICTION; + { + Status = STATUS_ACCOUNT_RESTRICTION; + goto done; + } + } + } + + /* Decrypt the LM passwords, if present */ + if (LmPresent) + { + Status = SystemFunction013((const BYTE *)NewLmEncryptedWithOldLm, + (const BYTE *)&StoredLmPassword, + (LPBYTE)&NewLmPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + + Status = SystemFunction013((const BYTE *)OldLmEncryptedWithNewLm, + (const BYTE *)&NewLmPassword, + (LPBYTE)&OldLmPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; } } - /* FIXME: Decrypt passwords */ - OldLmPassword = OldLmEncryptedWithNewLm; - NewLmPassword = NewLmEncryptedWithOldLm; - OldNtPassword = OldNtEncryptedWithNewNt; - NewNtPassword = NewNtEncryptedWithOldNt; + /* Decrypt the NT passwords, if present */ + if (NtPresent) + { + Status = SystemFunction013((const BYTE *)NewNtEncryptedWithOldNt, + (const BYTE *)&StoredNtPassword, + (LPBYTE)&NewNtPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + + Status = SystemFunction013((const BYTE *)OldNtEncryptedWithNewNt, + (const BYTE *)&NewNtPassword, + (LPBYTE)&OldNtPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + } /* Check if the old passwords match the stored ones */ if (NtPresent) @@ -8175,7 +8216,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, if (LmPresent) { if (!RtlEqualMemory(&StoredLmPassword, - OldLmPassword, + &OldLmPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old LM Password does not match!\n"); @@ -8184,7 +8225,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, else { if (!RtlEqualMemory(&StoredNtPassword, - OldNtPassword, + &OldNtPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old NT Password does not match!\n"); @@ -8195,7 +8236,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, else { if (!RtlEqualMemory(&StoredNtPassword, - OldNtPassword, + &OldNtPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old NT Password does not match!\n"); @@ -8208,7 +8249,7 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, if (LmPresent) { if (!RtlEqualMemory(&StoredLmPassword, - OldLmPassword, + &OldLmPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old LM Password does not match!\n"); @@ -8225,9 +8266,9 @@ SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, if (NT_SUCCESS(Status)) { Status = SampSetUserPassword(UserObject, - NewNtPassword, + &NewNtPassword, NtPresent, - NewLmPassword, + &NewLmPassword, LmPresent); if (NT_SUCCESS(Status)) { diff --git a/reactos/dll/win32/samsrv/samsrv.h b/reactos/dll/win32/samsrv/samsrv.h index 750957f77d1..325352f0430 100644 --- a/reactos/dll/win32/samsrv/samsrv.h +++ b/reactos/dll/win32/samsrv/samsrv.h @@ -434,4 +434,10 @@ WINAPI SystemFunction007(PUNICODE_STRING string, LPBYTE hash); +NTSTATUS +WINAPI +SystemFunction013(const BYTE *in, + const BYTE *key, + LPBYTE out); + #endif /* _SAMSRV_PCH_ */