From f94d6b0a9231b9cc15fb403e97b8d107d16c76b0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 22 Feb 2000 23:02:58 +0000 Subject: trying to track down why createuser -j option doesn't work on nt5, it turns out that they use a different format for the $MACHINE.ACC secrets. AGH! --- source/libsmb/smbencrypt.c | 3 ++- source/rpc_client/cli_lsarpc.c | 18 ++++++++++++++++++ source/rpc_client/msrpc_lsarpc.c | 4 ++-- source/rpcclient/cmd_lsarpc.c | 3 ++- source/rpcclient/cmd_samr.c | 16 ++++++---------- 5 files changed, 30 insertions(+), 14 deletions(-) diff --git a/source/libsmb/smbencrypt.c b/source/libsmb/smbencrypt.c index 0a50893ce21..902bc3f5623 100644 --- a/source/libsmb/smbencrypt.c +++ b/source/libsmb/smbencrypt.c @@ -525,12 +525,13 @@ BOOL nt_decrypt_string2(STRING2 * out, const STRING2 * in, const uchar * key) datalen = IVAL(out->buffer, 0); + dump_data_pw("nt_decrypt_string2\n", out->buffer, out->str_str_len); + if (datalen != in->str_str_len - 8) { DEBUG(2, ("nt_decrypt_string2: length-match failed\n")); return False; } - dump_data_pw("nt_decrypt_string2\n", out->buffer, out->str_str_len); return True; } diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 7190df03507..e9568734ded 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -484,6 +484,13 @@ uint32 lsa_set_secret(POLICY_HND *hnd, const STRING2 * secret) LSA_Q_SET_SECRET q_q; uchar sess_key[16]; +#if 0 + char data[12] = + { + 0x1a, 0x32, 0xb6, 0x63, 0xd7, 0x08, 0x79, 0x64, + 0x9c, 0x36, 0x94, 0x8b + }; +#endif uint32 status = NT_STATUS_NOPROBLEMO; if (hnd == NULL) @@ -507,6 +514,17 @@ uint32 lsa_set_secret(POLICY_HND *hnd, const STRING2 * secret) return NT_STATUS_INVALID_PARAMETER; } dump_data_pw("sess_key:", sess_key, 16); + +#if 0 + memcpy(&q_q.value.enc_secret.buffer, data, sizeof(data)); + q_q.value.enc_secret.str_str_len = sizeof(data); + q_q.value.enc_secret.str_max_len = sizeof(data); + if (!nt_decrypt_string2(&q_q.value.enc_secret, secret, sess_key)) + { + return NT_STATUS_INVALID_PARAMETER; + } +#endif + if (!nt_encrypt_string2(&q_q.value.enc_secret, secret, sess_key)) { return NT_STATUS_INVALID_PARAMETER; diff --git a/source/rpc_client/msrpc_lsarpc.c b/source/rpc_client/msrpc_lsarpc.c index 900c0cb5130..d9030389815 100644 --- a/source/rpc_client/msrpc_lsarpc.c +++ b/source/rpc_client/msrpc_lsarpc.c @@ -254,12 +254,12 @@ BOOL msrpc_lsa_set_secret(const char *srv_name, secret_store_data(&secret, data, len); /* lookup domain controller; receive a policy handle */ - res = res ? lsa_open_policy2(srv_name, + res = res ? lsa_open_policy(srv_name, &lsa_pol, True, 0x02000000) : False; /* lookup domain controller; receive a policy handle */ res1 = res ? lsa_open_secret(&lsa_pol, - secret_name, 0x020003, &pol_sec) : False; + secret_name, 0x02000000, &pol_sec) : False; res2 = res1 ? (lsa_set_secret(&pol_sec, &secret) == diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 8bf779f535c..dade205a7a3 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -421,7 +421,8 @@ void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[]) secret_name = argv[1]; - if (msrpc_lsa_query_secret(srv_name, secret_name, NULL, &last_update)) + if (msrpc_lsa_query_secret(srv_name, secret_name, &secret, + &last_update)) { int i; report(out_hnd, "\tValue : "); diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 40a77069639..cb1a9a2e66f 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -1080,6 +1080,9 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) return; } + upw.uni_str_len = 0xc; + upw.uni_max_len = 0xc; +#if 0 upw.uni_str_len = 0x78; upw.uni_max_len = 0x78; generate_random_buffer(rnd_data, sizeof(rnd_data), True); @@ -1091,8 +1094,10 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) upw.buffer[i] = rnd_data[j]; } +#endif password = (char*)upw.buffer; plen = upw.uni_str_len * 2; + generate_random_buffer(password, plen, True); } if (join_domain) @@ -1155,16 +1160,7 @@ void cmd_sam_create_dom_user(struct client_info *info, int argc, char *argv[]) if (res1) { STRING2 secret; - - ZERO_STRUCT(secret); - - secret.str_max_len = 16+8; - secret.undoc = 0; - secret.str_str_len = 16+8; - - SIVAL(secret.buffer, 0, 16); - SIVAL(secret.buffer, 4, 0x01); - memcpy(secret.buffer+8, ntpw, 16); + secret_store_data(&secret, ntpw, 16); res2 = lsa_set_secret(&pol_sec, &secret) == NT_STATUS_NOPROBLEMO; -- cgit v1.2.1