mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
s4:rpc_server: Add samr_set_password_aes()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
1aa403517f
commit
835de358ec
@ -35,6 +35,7 @@
|
||||
#include "auth/auth_sam.h"
|
||||
#include "lib/param/loadparm.h"
|
||||
#include "librpc/rpc/dcerpc_helper.h"
|
||||
#include "librpc/rpc/dcerpc_samr.h"
|
||||
|
||||
#include "lib/crypto/gnutls_helpers.h"
|
||||
#include <gnutls/gnutls.h>
|
||||
@ -575,3 +576,55 @@ NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
|
||||
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
NTSTATUS samr_set_password_aes(struct dcesrv_call_state *dce_call,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
const DATA_BLOB *cdk,
|
||||
struct ldb_context *sam_ctx,
|
||||
struct ldb_dn *account_dn,
|
||||
struct ldb_dn *domain_dn,
|
||||
struct samr_EncryptedPasswordAES *pwbuf)
|
||||
{
|
||||
DATA_BLOB pw_data = data_blob_null;
|
||||
DATA_BLOB new_password = data_blob_null;
|
||||
const DATA_BLOB ciphertext =
|
||||
data_blob_const(pwbuf->cipher, pwbuf->cipher_len);
|
||||
DATA_BLOB iv = data_blob_const(pwbuf->salt, sizeof(pwbuf->salt));
|
||||
NTSTATUS nt_status = NT_STATUS_OK;
|
||||
bool ok;
|
||||
|
||||
nt_status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(
|
||||
mem_ctx,
|
||||
&ciphertext,
|
||||
cdk,
|
||||
&samr_aes256_enc_key_salt,
|
||||
&samr_aes256_mac_key_salt,
|
||||
&iv,
|
||||
pwbuf->auth_data,
|
||||
&pw_data);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
}
|
||||
|
||||
ok = extract_pwd_blob_from_buffer514(mem_ctx,
|
||||
pw_data.data,
|
||||
&new_password);
|
||||
TALLOC_FREE(pw_data.data);
|
||||
if (!ok) {
|
||||
DBG_NOTICE("samr: failed to decode password buffer\n");
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
}
|
||||
|
||||
nt_status = samdb_set_password(sam_ctx,
|
||||
mem_ctx,
|
||||
account_dn,
|
||||
domain_dn,
|
||||
&new_password,
|
||||
NULL,
|
||||
DSDB_PASSWORD_RESET,
|
||||
NULL,
|
||||
NULL);
|
||||
TALLOC_FREE(new_password.data);
|
||||
|
||||
return nt_status;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user