libcli:auth: Add encode_rc4_passwd_buffer()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index a67c89d8552ba7483b5073e004ec2c7f45357ad0..67caaca8c41e65fba489ede04431653b1be0adba 100644 (file)
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -181,6 +181,13 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
                      size_t *new_pw_len,
                      charset_t string_charset);
 
+/***********************************************************
+ Encode an arc4 password change buffer.
+************************************************************/
+NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
+                                 const DATA_BLOB *session_key,
+                                 struct samr_CryptPasswordEx *out_crypt_pwd);
+
 /***********************************************************
  Decode an arc4 encrypted password change buffer.
 ************************************************************/

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index b7b17130f076b295d5e4b15689411290764e04ac..793012553b28ff44bd60798c0e05935b2ee074bf 100644 (file)
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -839,6 +839,48 @@ bool decode_pw_buffer(TALLOC_CTX *ctx,
        return true;
 }
 
+/***********************************************************
+ Encode an arc4 password change buffer.
+************************************************************/
+NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
+                                 const DATA_BLOB *session_key,
+                                 struct samr_CryptPasswordEx *out_crypt_pwd)
+{
+       uint8_t _confounder[16] = {0};
+       DATA_BLOB confounder = data_blob_const(_confounder, 16);
+       DATA_BLOB pw_data = data_blob_const(out_crypt_pwd->data, 516);
+       bool ok;
+       int rc;
+
+       ok = encode_pw_buffer(pw_data.data, passwd, STR_UNICODE);
+       if (!ok) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       generate_random_buffer(confounder.data, confounder.length);
+
+       rc = samba_gnutls_arcfour_confounded_md5(&confounder,
+                                                session_key,
+                                                &pw_data,
+                                                SAMBA_GNUTLS_ENCRYPT);
+       if (rc < 0) {
+               ZERO_ARRAY(_confounder);
+               data_blob_clear(&pw_data);
+               return gnutls_error_to_ntstatus(rc, NT_STATUS_ACCESS_DISABLED_BY_POLICY_OTHER);
+       }
+
+       /*
+        * The packet format is the 516 byte RC4 encrypted
+        * pasword followed by the 16 byte counfounder
+        * The confounder is a salt to prevent pre-computed hash attacks on the
+        * database.
+        */
+       memcpy(&out_crypt_pwd->data[516], confounder.data, confounder.length);
+       ZERO_ARRAY(_confounder);
+
+       return NT_STATUS_OK;
+}
+
 /***********************************************************
  Decode an arc4 encrypted password change buffer.
 ************************************************************/