sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-31 01:48:16 +03:00
Code

r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobody

Browse Source 
has the patience to run test_w2k3.sh to completion :-)

It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2005-03-24 06:30:38 +00:00 committed by Gerald (Jerry) Carter
parent 54c0284679
commit c324d97413
3 changed files with 30 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/librpc/idl/netlogon.idl
View File

@ -1014,6 +1014,11 @@ interface netlogon
[out,switch_is(level)] netr_DomainInfo info
);
typedef [flag(NDR_PAHEX)] struct {
uint16 data[256];
uint32 length;
} netr_CryptPassword;
/*****************/
/* Function 0x1e */
NTSTATUS netr_ServerPasswordSet2(
@ -1022,7 +1027,7 @@ interface netlogon
[in] netr_SchannelType secure_channel_type,
[in] unistr computer_name,
[in] netr_Authenticator credential,
[in] samr_CryptPassword new_password,
[in] netr_CryptPassword new_password,
[out] netr_Authenticator return_authenticator
);

10
source/rpc_server/netlogon/dcerpc_netlogon.c
View File

@ -1018,6 +1018,8 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
char new_pass[512];
uint32_t new_pass_len;
struct samr_CryptPassword password_buf;
const char *attrs[] = {"objectSid", NULL };
const char **domain_attrs = attrs;
@ -1080,10 +1082,12 @@ static NTSTATUS netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALL
NT_STATUS_HAVE_NO_MEMORY(mod);
mod->dn = talloc_reference(mod, msgs[0]->dn);
creds_arcfour_crypt(pipe_state->creds, r->in.new_password.data, 516);
memcpy(password_buf.data, r->in.new_password.data, 512);
SIVAL(password_buf.data,512,r->in.new_password.length);
creds_arcfour_crypt(pipe_state->creds, password_buf.data, 516);
ret = decode_pw_buffer(r->in.new_password.data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE);
ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
&new_pass_len, STR_UNICODE);
if (!ret) {
DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
return NT_STATUS_ACCESS_DENIED;

58
source/torture/rpc/netlogon.c
View File

@ -294,37 +294,6 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
password = "";
E_md4hash(password, r.in.new_password.hash);
creds_des_encrypt(creds, &r.in.new_password);
/* by changing the machine password to ""
* we check if the server uses password restrictions
* for ServerPasswordSet2
* (win2k3 accepts "")
*/
printf("Testing a second ServerPasswordSet on machine account\n");
printf("Changing machine account password to '%s'\n", password);
creds_client_authenticator(creds, &r.in.credential);
status = dcerpc_netr_ServerPasswordSet(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
return False;
}
if (!creds_client_check(creds, &r.out.return_authenticator.cred)) {
printf("Credential chaining failed\n");
}
machine_password = password;
if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME, machine_password, &creds)) {
printf("ServerPasswordSet failed to actually change the password\n");
return False;
}
password = generate_random_str(mem_ctx, 8);
E_md4hash(password, r.in.new_password.hash);
@ -383,6 +352,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
struct netr_ServerPasswordSet2 r;
const char *password;
struct creds_CredentialState *creds;
struct samr_CryptPassword password_buf;
if (!test_SetupCredentials(p, mem_ctx, TEST_MACHINE_NAME,
machine_password, &creds)) {
@ -394,23 +364,26 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
r.in.secure_channel_type = SEC_CHAN_BDC;
r.in.computer_name = TEST_MACHINE_NAME;
password = "";
encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, r.in.new_password.data, 516);
password = generate_random_str(mem_ctx, 8);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, password_buf.data, 516);
memcpy(r.in.new_password.data, password_buf.data, 512);
r.in.new_password.length = IVAL(password_buf.data, 512);
/* by changing the machine password to ""
* we check if the server uses password restrictions
* for ServerPasswordSet2
* (win2k3 accepts "")
*/
printf("Testing a second ServerPasswordSet2 on machine account\n");
printf("Testing ServerPasswordSet2 on machine account\n");
printf("Changing machine account password to '%s'\n", password);
creds_client_authenticator(creds, &r.in.credential);
status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
return False;
}
@ -427,17 +400,20 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
/* now try a random password */
password = generate_random_str(mem_ctx, 8);
encode_pw_buffer(r.in.new_password.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, r.in.new_password.data, 516);
encode_pw_buffer(password_buf.data, password, STR_UNICODE);
creds_arcfour_crypt(creds, password_buf.data, 516);
printf("Testing ServerPasswordSet2 on machine account\n");
memcpy(r.in.new_password.data, password_buf.data, 512);
r.in.new_password.length = IVAL(password_buf.data, 512);
printf("Testing second ServerPasswordSet2 on machine account\n");
printf("Changing machine account password to '%s'\n", password);
creds_client_authenticator(creds, &r.in.credential);
status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("ServerPasswordSet2 - %s\n", nt_errstr(status));
printf("ServerPasswordSet2 (2) - %s\n", nt_errstr(status));
return False;
}
@ -456,7 +432,7 @@ static BOOL test_SetPassword2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
status = dcerpc_netr_ServerPasswordSet2(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
printf("ServerPasswordSet (2) - %s\n", nt_errstr(status));
printf("ServerPasswordSet (3) - %s\n", nt_errstr(status));
return False;
}