rpc_client: use init_samr_CryptPassword(Ex) in client tools.

Guenther
(This used to be commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75)

source3/libnet/libnet_join.c

@@ -731,15 +731,14 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	struct lsa_String lsa_acct_name;
 	uint32_t user_rid;
 	uint32_t acct_flags = ACB_WSTRUST;
-	uchar pwbuf[532];
-	struct MD5Context md5ctx;
-	uchar md5buffer[16];
-	DATA_BLOB digested_session_key;
 	uchar md4_trust_password[16];
 	struct samr_Ids user_rids;
 	struct samr_Ids name_types;
 	union samr_UserInfo user_info;
 
+	struct samr_CryptPassword crypt_pwd;
+	struct samr_CryptPasswordEx crypt_pwd_ex;
+
 	ZERO_STRUCT(sam_pol);
 	ZERO_STRUCT(domain_pol);
 	ZERO_STRUCT(user_pol);
@@ -871,19 +870,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	/* Create a random machine account password and generate the hash */
 
 	E_md4hash(r->in.machine_password, md4_trust_password);
-	encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);
 
-	generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer));
-	digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
-
-	MD5Init(&md5ctx);
-	MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
-	MD5Update(&md5ctx, cli->user_session_key.data,
-		  cli->user_session_key.length);
-	MD5Final(digested_session_key.data, &md5ctx);
-
-	SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
-	memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
+	init_samr_CryptPasswordEx(r->in.machine_password,
+				  &cli->user_session_key,
+				  &crypt_pwd_ex);
 
 	/* Fill in the additional account flags now */
 
@@ -904,7 +894,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 					       SAMR_FIELD_ACCT_FLAGS;
 
 	user_info.info25.info.acct_flags = acct_flags;
-	memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf));
+	memcpy(&user_info.info25.password.data, crypt_pwd_ex.data,
+	       sizeof(crypt_pwd_ex.data));
 
 	status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
 					 &user_pol,
@@ -913,15 +904,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 
 	if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
 
-		uchar pwbuf2[516];
-
-		encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE);
-
 		/* retry with level 24 */
-		init_samr_user_info24(&user_info.info24, pwbuf2, 24);
 
-		SamOEMhashBlob(user_info.info24.password.data, 516,
-			       &cli->user_session_key);
+		init_samr_CryptPassword(r->in.machine_password,
+					&cli->user_session_key,
+					&crypt_pwd);
+
+		init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24);
 
 		status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
 						  &user_pol,

source3/utils/net_rpc.c

@@ -849,11 +849,11 @@ static NTSTATUS rpc_user_password_internals(struct net_context *c,
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol, user_pol;
-	uchar pwbuf[516];
 	const char *user;
 	const char *new_password;
 	char *prompt = NULL;
 	union samr_UserInfo info;
+	struct samr_CryptPassword crypt_pwd;
 
 	if (argc < 1 || c->display_usage) {
 		rpc_user_usage(c, argc, argv);
@@ -922,12 +922,11 @@ static NTSTATUS rpc_user_password_internals(struct net_context *c,
 
 	/* Set password on account */
 
-	encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
+	init_samr_CryptPassword(new_password,
+				&cli->user_session_key,
+				&crypt_pwd);
 
-	init_samr_user_info24(&info.info24, pwbuf, 24);
-
-	SamOEMhashBlob(info.info24.password.data, 516,
-		       &cli->user_session_key);
+	init_samr_user_info24(&info.info24, crypt_pwd.data, 24);
 
 	result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
 					  &user_pol,
@@ -5731,9 +5730,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
 		struct samr_LogonHours hours;
 		struct lsa_BinaryString parameters;
 		const int units_per_week = 168;
-		uchar pwbuf[516];
-
-		encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
+		struct samr_CryptPassword crypt_pwd;
 
 		ZERO_STRUCT(notime);
 		ZERO_STRUCT(hours);
@@ -5747,6 +5744,10 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
 		hours.units_per_week = units_per_week;
 		memset(hours.bits, 0xFF, units_per_week);
 
+		init_samr_CryptPassword(argv[1],
+					&cli->user_session_key,
+					&crypt_pwd);
+
 		init_samr_user_info23(&info.info23,
 				      notime, notime, notime,
 				      notime, notime, notime,
@@ -5755,10 +5756,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c,
 				      0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
 				      hours,
 				      0, 0, 0, 0, 0, 0, 0,
-				      pwbuf, 24);
-
-		SamOEMhashBlob(info.info23.password.data, 516,
-			       &cli->user_session_key);
+				      crypt_pwd.data, 24);
 
 		result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
 						  &user_pol,

source3/utils/net_rpc_join.c

@@ -148,7 +148,7 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 	/* Password stuff */
 
 	char *clear_trust_password = NULL;
-	uchar pwbuf[516];
+	struct samr_CryptPassword crypt_pwd;
 	uchar md4_trust_password[16];
 	union samr_UserInfo set_info;
 
@@ -337,14 +337,13 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 		E_md4hash(clear_trust_password, md4_trust_password);
 	}
 
-	encode_pw_buffer(pwbuf, clear_trust_password, STR_UNICODE);
-
 	/* Set password on machine account */
 
-	init_samr_user_info24(&set_info.info24, pwbuf, 24);
+	init_samr_CryptPassword(clear_trust_password,
+				&cli->user_session_key,
+				&crypt_pwd);
 
-	SamOEMhashBlob(set_info.info24.password.data, 516,
-		       &cli->user_session_key);
+	init_samr_user_info24(&set_info.info24, crypt_pwd.data, 24);
 
 	CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
 					       &user_pol,