Author: ekohl Date: Sun Feb 9 20:51:39 2014 New Revision: 62080 URL: http://svn.reactos.org/svn/reactos?rev=62080&view=rev Log: [SAMLIB] SamChangePasswordUser: Encrypt the old and the new password hashes before calling the remote function. [SAMSRV] SamrChangePasswordUser: Decrypt the old and the new password hashes before checking the old password and storing the new password. Modified: trunk/reactos/dll/win32/samlib/samlib.c trunk/reactos/dll/win32/samsrv/samrpc.c trunk/reactos/dll/win32/samsrv/samsrv.h Modified: trunk/reactos/dll/win32/samlib/samlib.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samlib/samlib.c?… ============================================================================== --- trunk/reactos/dll/win32/samlib/samlib.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samlib/samlib.c [iso-8859-1] Sun Feb 9 20:51:39 2014 @@ -45,6 +45,12 @@ SystemFunction007(PUNICODE_STRING string, LPBYTE hash); +NTSTATUS +WINAPI +SystemFunction012(const BYTE *in, + const BYTE *key, + LPBYTE out); + /* GLOBALS *******************************************************************/ @@ -254,6 +260,13 @@ BOOLEAN NewLmPasswordPresent = FALSE; NTSTATUS Status; + ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm; + ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm; + ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt; + ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt; + PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL; + PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL; + /* Calculate the NT hash for the old password */ Status = SystemFunction007(OldPassword, (LPBYTE)&OldNtPassword); @@ -312,15 +325,57 @@ } } + if (OldLmPasswordPresent && NewLmPasswordPresent) + { + Status = SystemFunction012((const BYTE *)&OldLmPassword, + (const BYTE *)&NewLmPassword, + (LPBYTE)&OldLmEncryptedWithNewLm); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + + Status = SystemFunction012((const BYTE *)&NewLmPassword, + (const BYTE *)&OldLmPassword, + (LPBYTE)&NewLmEncryptedWithOldLm); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + + pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm; + pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm; + } + + Status = SystemFunction012((const BYTE *)&OldNtPassword, + (const BYTE *)&NewNtPassword, + (LPBYTE)&OldNtEncryptedWithNewNt); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + + Status = SystemFunction012((const BYTE *)&NewNtPassword, + (const BYTE *)&OldNtPassword, + (LPBYTE)&NewNtEncryptedWithOldNt); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status); + return Status; + } + RpcTryExcept { Status = SamrChangePasswordUser((SAMPR_HANDLE)UserHandle, OldLmPasswordPresent && NewLmPasswordPresent, - &OldLmPassword, - &NewLmPassword, + pOldLmEncryptedWithNewLm, + pNewLmEncryptedWithOldLm, TRUE, - &OldNtPassword, - &NewNtPassword, + &OldNtEncryptedWithNewNt, + &NewNtEncryptedWithOldNt, FALSE, NULL, FALSE, Modified: trunk/reactos/dll/win32/samsrv/samrpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samrpc.c?… ============================================================================== --- trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] Sun Feb 9 20:51:39 2014 @@ -8047,10 +8047,10 @@ { ENCRYPTED_LM_OWF_PASSWORD StoredLmPassword; ENCRYPTED_NT_OWF_PASSWORD StoredNtPassword; - PENCRYPTED_LM_OWF_PASSWORD OldLmPassword; - PENCRYPTED_LM_OWF_PASSWORD NewLmPassword; - PENCRYPTED_NT_OWF_PASSWORD OldNtPassword; - PENCRYPTED_NT_OWF_PASSWORD NewNtPassword; + ENCRYPTED_LM_OWF_PASSWORD OldLmPassword; + ENCRYPTED_LM_OWF_PASSWORD NewLmPassword; + ENCRYPTED_NT_OWF_PASSWORD OldNtPassword; + ENCRYPTED_NT_OWF_PASSWORD NewNtPassword; BOOLEAN StoredLmPresent = FALSE; BOOLEAN StoredNtPresent = FALSE; BOOLEAN StoredLmEmpty = TRUE; @@ -8153,21 +8153,62 @@ if (!NT_SUCCESS(Status)) { TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status); - return Status; + goto done; } if (DomainFixedData.MinPasswordAge.QuadPart > 0) { if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart)) - return STATUS_ACCOUNT_RESTRICTION; - } - } - - /* FIXME: Decrypt passwords */ - OldLmPassword = OldLmEncryptedWithNewLm; - NewLmPassword = NewLmEncryptedWithOldLm; - OldNtPassword = OldNtEncryptedWithNewNt; - NewNtPassword = NewNtEncryptedWithOldNt; + { + Status = STATUS_ACCOUNT_RESTRICTION; + goto done; + } + } + } + + /* Decrypt the LM passwords, if present */ + if (LmPresent) + { + Status = SystemFunction013((const BYTE *)NewLmEncryptedWithOldLm, + (const BYTE *)&StoredLmPassword, + (LPBYTE)&NewLmPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + + Status = SystemFunction013((const BYTE *)OldLmEncryptedWithNewLm, + (const BYTE *)&NewLmPassword, + (LPBYTE)&OldLmPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + } + + /* Decrypt the NT passwords, if present */ + if (NtPresent) + { + Status = SystemFunction013((const BYTE *)NewNtEncryptedWithOldNt, + (const BYTE *)&StoredNtPassword, + (LPBYTE)&NewNtPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + + Status = SystemFunction013((const BYTE *)OldNtEncryptedWithNewNt, + (const BYTE *)&NewNtPassword, + (LPBYTE)&OldNtPassword); + if (!NT_SUCCESS(Status)) + { + TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status); + goto done; + } + } /* Check if the old passwords match the stored ones */ if (NtPresent) @@ -8175,7 +8216,7 @@ if (LmPresent) { if (!RtlEqualMemory(&StoredLmPassword, - OldLmPassword, + &OldLmPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old LM Password does not match!\n"); @@ -8184,7 +8225,7 @@ else { if (!RtlEqualMemory(&StoredNtPassword, - OldNtPassword, + &OldNtPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old NT Password does not match!\n"); @@ -8195,7 +8236,7 @@ else { if (!RtlEqualMemory(&StoredNtPassword, - OldNtPassword, + &OldNtPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old NT Password does not match!\n"); @@ -8208,7 +8249,7 @@ if (LmPresent) { if (!RtlEqualMemory(&StoredLmPassword, - OldLmPassword, + &OldLmPassword, sizeof(ENCRYPTED_LM_OWF_PASSWORD))) { TRACE("Old LM Password does not match!\n"); @@ -8225,9 +8266,9 @@ if (NT_SUCCESS(Status)) { Status = SampSetUserPassword(UserObject, - NewNtPassword, + &NewNtPassword, NtPresent, - NewLmPassword, + &NewLmPassword, LmPresent); if (NT_SUCCESS(Status)) { Modified: trunk/reactos/dll/win32/samsrv/samsrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.h?… ============================================================================== --- trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] Sun Feb 9 20:51:39 2014 @@ -434,4 +434,10 @@ SystemFunction007(PUNICODE_STRING string, LPBYTE hash); +NTSTATUS +WINAPI +SystemFunction013(const BYTE *in, + const BYTE *key, + LPBYTE out); + #endif /* _SAMSRV_PCH_ */