is correct before calling. JRA.
************************************************************/
-static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
- char *old_passwd, char *new_passwd,
- bool as_root,
- enum samPwdChangeReason *samr_reject_reason)
+NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
+ char *old_passwd, char *new_passwd,
+ bool as_root,
+ enum samPwdChangeReason *samr_reject_reason)
{
uint32_t min_len;
uint32_t refuse;
}
NTSTATUS samr_set_password_aes(TALLOC_CTX *mem_ctx,
- struct samu *sampass,
- const char *rhost,
const DATA_BLOB *cdk,
struct samr_EncryptedPasswordAES *pwbuf,
- enum samPwdChangeReason *reject_reason)
+ char **new_password_str)
{
DATA_BLOB pw_data = data_blob_null;
DATA_BLOB new_password = data_blob_null;
const DATA_BLOB ciphertext =
data_blob_const(pwbuf->cipher, pwbuf->cipher_len);
DATA_BLOB iv = data_blob_const(pwbuf->salt, sizeof(pwbuf->salt));
- char *new_password_str = NULL;
NTSTATUS status;
bool ok;
+ *new_password_str = NULL;
+
status = samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(
mem_ctx,
&ciphertext,
return NT_STATUS_WRONG_PASSWORD;
}
- new_password_str = talloc_strndup(mem_ctx,
- (char *)new_password.data,
- new_password.length);
+ *new_password_str = talloc_strndup(mem_ctx,
+ (char *)new_password.data,
+ new_password.length);
TALLOC_FREE(new_password.data);
- if (new_password_str == NULL) {
+ if (*new_password_str == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ talloc_keep_secret(*new_password_str);
- become_root();
- status = change_oem_password(sampass,
- rhost,
- NULL,
- new_password_str,
- true,
- reject_reason);
- unbecome_root();
- TALLOC_FREE(new_password_str);
-
- return status;
+ return NT_STATUS_OK;
}
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
- enum samPwdChangeReason reject_reason;
char *rhost = NULL;
struct samu *sampass = NULL;
char *username = NULL;
.data = cdk_data,
.length = sizeof(cdk_data),
};
+ char *new_passwd = NULL;
NTSTATUS status = NT_STATUS_WRONG_PASSWORD;
bool ok;
int rc;
}
status = samr_set_password_aes(frame,
- sampass,
- rhost,
&cdk,
r->in.password,
- &reject_reason);
+ &new_passwd);
BURN_DATA(cdk_data);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
- return NT_STATUS_WRONG_PASSWORD;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
+ become_root();
+ status = change_oem_password(sampass,
+ rhost,
+ NULL,
+ new_passwd,
+ true,
+ NULL);
+ unbecome_root();
+ TALLOC_FREE(new_passwd);
+
done:
TALLOC_FREE(frame);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
return status;
#else /* HAVE_GNUTLS_PBKDF2 */
p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
const char *oldpass, const char *newpass, bool as_root);
+NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
+ char *old_passwd, char *new_passwd,
+ bool as_root,
+ enum samPwdChangeReason *samr_reject_reason);
NTSTATUS pass_oem_change(char *user, const char *rhost,
uchar password_encrypted_with_lm_hash[516],
const uchar old_lm_hash_encrypted[16],
const char *password,
enum samPwdChangeReason *samr_reject_reason);
NTSTATUS samr_set_password_aes(TALLOC_CTX *mem_ctx,
- struct samu *sampass,
- const char *rhost,
const DATA_BLOB *cdk,
struct samr_EncryptedPasswordAES *pwbuf,
- enum samPwdChangeReason *reject_reason);
+ char **new_password_str);
projects / thirdparty / samba.git / commitdiff
