libcli:auth: Pass samr_CryptPasswordEx to decode_rc4_passwd_buffer()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 1bcbeddb2280bca9ad1c3759b2747d9bd4b1beb6..a67c89d8552ba7483b5073e004ec2c7f45357ad0 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -184,8 +184,8 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
 /***********************************************************
  Decode an arc4 encrypted password change buffer.
 ************************************************************/
-NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],
-                                 const DATA_BLOB *psession_key);
+NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,
+                                 struct samr_CryptPasswordEx *inout_crypt_pwd);
 
 /***********************************************************
  encode a password buffer with an already unicode password.  The

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 7e343f715772b5565e69ad21ab7e597f68a69a3c..b7b17130f076b295d5e4b15689411290764e04ac 100644 (file)
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -843,12 +843,12 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
  Decode an arc4 encrypted password change buffer.
 ************************************************************/
 
-NTSTATUS decode_rc4_passwd_buffer(unsigned char pw_buf[532],
-                                 const DATA_BLOB *psession_key)
+NTSTATUS decode_rc4_passwd_buffer(const DATA_BLOB *psession_key,
+                                 struct samr_CryptPasswordEx *inout_crypt_pwd)
 {
        /* Confounder is last 16 bytes. */
-       DATA_BLOB confounder = data_blob_const(&pw_buf[516], 16);
-       DATA_BLOB pw_data = data_blob_const(pw_buf, 516);
+       DATA_BLOB confounder = data_blob_const(&inout_crypt_pwd->data[516], 16);
+       DATA_BLOB pw_data = data_blob_const(&inout_crypt_pwd->data, 516);
        int rc;
 
        rc = samba_gnutls_arcfour_confounded_md5(&confounder,

diff --git a/libcli/auth/tests/test_rc4_passwd_buffer.c b/libcli/auth/tests/test_rc4_passwd_buffer.c
index eb7377032305fcbd6d73e8e8beea1c37494d9a5a..3bf371c5dd5609e6563f5bd1b5d282e90091e563 100644 (file)
--- a/libcli/auth/tests/test_rc4_passwd_buffer.c
+++ b/libcli/auth/tests/test_rc4_passwd_buffer.c
@@ -114,7 +114,7 @@ static void torture_decode_rc4_passwd_buffer(void **state)
               encrypted_test_blob,
               sizeof(out_pwd_buf.data));
 
-       status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);
+       status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);
        assert_true(NT_STATUS_IS_OK(status));
 
        ok = decode_pw_buffer(NULL,
@@ -143,7 +143,7 @@ static void torture_rc4_passwd_buffer(void **state)
                                           &out_pwd_buf);
        assert_true(NT_STATUS_IS_OK(status));
 
-       status = decode_rc4_passwd_buffer(out_pwd_buf.data, &session_key);
+       status = decode_rc4_passwd_buffer(&session_key, &out_pwd_buf);
        assert_true(NT_STATUS_IS_OK(status));
 
        ok = decode_pw_buffer(NULL,
@@ -154,6 +154,7 @@ static void torture_rc4_passwd_buffer(void **state)
        assert_true(ok);
        assert_int_equal(password_decoded_len, strlen(PASSWORD));
        assert_string_equal(password_decoded, PASSWORD);
+       talloc_free(password_decoded);
 }
 
 int main(int argc, char *argv[])

diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 4dc9132511f895aa24706022d2039b1716ae6218..fd5c453e0ebb8cffc2d8c66db2070009b3404b13 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -5185,9 +5185,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
                        if(!NT_STATUS_IS_OK(status)) {
                                break;
                        }
-                       status = decode_rc4_passwd_buffer(
-                               info->info25.password.data,
-                               &session_key);
+                       status = decode_rc4_passwd_buffer(&session_key,
+                                       &info->info25.password);
                        if (!NT_STATUS_IS_OK(status)) {
                                break;
                        }
@@ -5204,9 +5203,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
                        if(!NT_STATUS_IS_OK(status)) {
                                break;
                        }
-                       status = decode_rc4_passwd_buffer(
-                               info->info26.password.data,
-                               &session_key);
+                       status = decode_rc4_passwd_buffer(&session_key,
+                                       &info->info26.password);
                        if (!NT_STATUS_IS_OK(status)) {
                                break;
                        }