rpc_client: use init_samr_CryptPassword(Ex) in client tools.

Guenther
(cherry picked from commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75)

diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c
index 7451cb27c6f2e200126b1461087bea95c1b49a04..86978e4c9fb40d7c957a5c1190d1b46e6ea083f1 100644 (file)
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -734,15 +734,14 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
        struct lsa_String lsa_acct_name;
        uint32_t user_rid;
        uint32_t acct_flags = ACB_WSTRUST;
-       uchar pwbuf[532];
-       struct MD5Context md5ctx;
-       uchar md5buffer[16];
-       DATA_BLOB digested_session_key;
        uchar md4_trust_password[16];
        struct samr_Ids user_rids;
        struct samr_Ids name_types;
        union samr_UserInfo user_info;
 
+       struct samr_CryptPassword crypt_pwd;
+       struct samr_CryptPasswordEx crypt_pwd_ex;
+
        ZERO_STRUCT(sam_pol);
        ZERO_STRUCT(domain_pol);
        ZERO_STRUCT(user_pol);
@@ -873,19 +872,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
        /* Create a random machine account password and generate the hash */
 
        E_md4hash(r->in.machine_password, md4_trust_password);
-       encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);
-
-       generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer));
-       digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
-
-       MD5Init(&md5ctx);
-       MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
-       MD5Update(&md5ctx, cli->user_session_key.data,
-                 cli->user_session_key.length);
-       MD5Final(digested_session_key.data, &md5ctx);
 
-       SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
-       memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
+       init_samr_CryptPasswordEx(r->in.machine_password,
+                                 &cli->user_session_key,
+                                 &crypt_pwd_ex);
 
        /* Fill in the additional account flags now */
 
@@ -906,7 +896,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
                                               SAMR_FIELD_ACCT_FLAGS;
 
        user_info.info25.info.acct_flags = acct_flags;
-       memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf));
+       memcpy(&user_info.info25.password.data, crypt_pwd_ex.data,
+              sizeof(crypt_pwd_ex.data));
 
        status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
                                         &user_pol,
@@ -915,15 +906,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 
        if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
 
-               uchar pwbuf2[516];
-
-               encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE);
-
                /* retry with level 24 */
-               init_samr_user_info24(&user_info.info24, pwbuf2, 24);
 
-               SamOEMhashBlob(user_info.info24.password.data, 516,
-                              &cli->user_session_key);
+               init_samr_CryptPassword(r->in.machine_password,
+                                       &cli->user_session_key,
+                                       &crypt_pwd);
+
+               init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24);
 
                status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
                                                  &user_pol,

diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index ceb429f2feb9bf38f83f54e69e5d9ce1a22f13ea..7f28eeca2eecb8253b6a6f4618f63d651f3ef6e3 100644 (file)
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -804,11 +804,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
 {
        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
        POLICY_HND connect_pol, domain_pol, user_pol;
-       uchar pwbuf[516];
        const char *user;
        const char *new_password;
        char *prompt = NULL;
        union samr_UserInfo info;
+       struct samr_CryptPassword crypt_pwd;
 
        if (argc < 1) {
                d_printf("User must be specified\n");
@@ -878,12 +878,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
 
        /* Set password on account */
 
-       encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
+       init_samr_CryptPassword(new_password,
+                               &cli->user_session_key,
+                               &crypt_pwd);
 
-       init_samr_user_info24(&info.info24, pwbuf, 24);
-
-       SamOEMhashBlob(info.info24.password.data, 516,
-                      &cli->user_session_key);
+       init_samr_user_info24(&info.info24, crypt_pwd.data, 24);
 
        result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
                                          &user_pol,
@@ -5418,9 +5417,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
                struct samr_LogonHours hours;
                struct lsa_BinaryString parameters;
                const int units_per_week = 168;
-               uchar pwbuf[516];
-
-               encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
+               struct samr_CryptPassword crypt_pwd;
 
                ZERO_STRUCT(notime);
                ZERO_STRUCT(hours);
@@ -5434,6 +5431,10 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
                hours.units_per_week = units_per_week;
                memset(hours.bits, 0xFF, units_per_week);
 
+               init_samr_CryptPassword(argv[1],
+                                       &cli->user_session_key,
+                                       &crypt_pwd);
+
                init_samr_user_info23(&info.info23,
                                      notime, notime, notime,
                                      notime, notime, notime,
@@ -5443,10 +5444,7 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
                                      SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD,
                                      hours,
                                      0, 0, 0, 0, 0, 0, 0,
-                                     pwbuf, 24);
-
-               SamOEMhashBlob(info.info23.password.data, 516,
-                              &cli->user_session_key);
+                                     crypt_pwd.data, 24);
 
                result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
                                                  &user_pol,

diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index ea3bb10c226717dcb6dda0d904f20d91eba81564..e178df6dcd8e03ef47a2317d940cc4c18d0bbe90 100644 (file)
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -146,7 +146,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
        /* Password stuff */
 
        char *clear_trust_password = NULL;
-       uchar pwbuf[516];
+       struct samr_CryptPassword crypt_pwd;
        uchar md4_trust_password[16];
        union samr_UserInfo set_info;
 
@@ -333,14 +333,13 @@ int net_rpc_join_newstyle(int argc, const char **argv)
                E_md4hash(clear_trust_password, md4_trust_password);
        }
 
-       encode_pw_buffer(pwbuf, clear_trust_password, STR_UNICODE);
-
        /* Set password on machine account */
 
-       init_samr_user_info24(&set_info.info24, pwbuf, 24);
+       init_samr_CryptPassword(clear_trust_password,
+                               &cli->user_session_key,
+                               &crypt_pwd);
 
-       SamOEMhashBlob(set_info.info24.password.data, 516,
-                      &cli->user_session_key);
+       init_samr_user_info24(&set_info.info24, crypt_pwd.data, 24);
 
        CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
                                               &user_pol,