sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

libcli:auth: Add encode_rc4_passwd_buffer()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2019-07-09 13:01:10 +02:00 committed by Andrew Bartlett
parent 79ca72ec3d
commit 06d46c447e
2 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libcli/auth/proto.h
View File

@ -181,6 +181,13 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
size_t *new_pw_len,
charset_t string_charset);
/***********************************************************
Encode an arc4 password change buffer.
************************************************************/
NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
const DATA_BLOB *session_key,
struct samr_CryptPasswordEx *out_crypt_pwd);
/***********************************************************
Decode an arc4 encrypted password change buffer.
************************************************************/

42
libcli/auth/smbencrypt.c
View File

@ -839,6 +839,48 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
return true;
}
/***********************************************************
Encode an arc4 password change buffer.
************************************************************/
NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
const DATA_BLOB *session_key,
struct samr_CryptPasswordEx *out_crypt_pwd)
{
uint8_t _confounder[16] = {0};
DATA_BLOB confounder = data_blob_const(_confounder, 16);
DATA_BLOB pw_data = data_blob_const(out_crypt_pwd->data, 516);
bool ok;
int rc;
ok = encode_pw_buffer(pw_data.data, passwd, STR_UNICODE);
if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
generate_random_buffer(confounder.data, confounder.length);
rc = samba_gnutls_arcfour_confounded_md5(&confounder,
session_key,
&pw_data,
SAMBA_GNUTLS_ENCRYPT);
if (rc < 0) {
ZERO_ARRAY(_confounder);
data_blob_clear(&pw_data);
return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
}
/*
* The packet format is the 516 byte RC4 encrypted
* pasword followed by the 16 byte counfounder
* The confounder is a salt to prevent pre-computed hash attacks on the
* database.
*/
memcpy(&out_crypt_pwd->data[516], confounder.data, confounder.length);
ZERO_ARRAY(_confounder);
return NT_STATUS_OK;
}
/***********************************************************
Decode an arc4 encrypted password change buffer.
************************************************************/