1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00

s4:rpc_server: Add samr_set_password_aes()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andreas Schneider 2021-08-18 16:21:59 +02:00 committed by Andreas Schneider
parent 1aa403517f
commit 835de358ec

View File

@ -35,6 +35,7 @@
#include "auth/auth_sam.h"
#include "lib/param/loadparm.h"
#include "librpc/rpc/dcerpc_helper.h"
#include "librpc/rpc/dcerpc_samr.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/gnutls.h>
@ -575,3 +576,55 @@ NTSTATUS samr_set_password_buffers(struct dcesrv_call_state *dce_call,
return nt_status;
}
NTSTATUS samr_set_password_aes(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *cdk,
struct ldb_context *sam_ctx,
struct ldb_dn *account_dn,
struct ldb_dn *domain_dn,
struct samr_EncryptedPasswordAES *pwbuf)
{
DATA_BLOB pw_data = data_blob_null;
DATA_BLOB new_password = data_blob_null;
const DATA_BLOB ciphertext =
data_blob_const(pwbuf->cipher, pwbuf->cipher_len);
DATA_BLOB iv = data_blob_const(pwbuf->salt, sizeof(pwbuf->salt));
NTSTATUS nt_status = NT_STATUS_OK;
bool ok;
nt_status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(
mem_ctx,
&ciphertext,
cdk,
&samr_aes256_enc_key_salt,
&samr_aes256_mac_key_salt,
&iv,
pwbuf->auth_data,
&pw_data);
if (!NT_STATUS_IS_OK(nt_status)) {
return NT_STATUS_WRONG_PASSWORD;
}
ok = extract_pwd_blob_from_buffer514(mem_ctx,
pw_data.data,
&new_password);
TALLOC_FREE(pw_data.data);
if (!ok) {
DBG_NOTICE("samr: failed to decode password buffer\n");
return NT_STATUS_WRONG_PASSWORD;
}
nt_status = samdb_set_password(sam_ctx,
mem_ctx,
account_dn,
domain_dn,
&new_password,
NULL,
DSDB_PASSWORD_RESET,
NULL,
NULL);
TALLOC_FREE(new_password.data);
return nt_status;
}