/// <summary>
/// The SamrUnicodeChangePasswordUser2 method changes a
/// user account's password. Opnum: 55
/// </summary>
/// <param name="BindingHandle">
/// An RPC binding handle parameter as specified in [C706-Ch2Intro].
/// </param>
/// <param name="ServerName">
/// A null-terminated string containing the NETBIOS name
/// of the server; this parameter MAY servers ignore the
/// ServerName parameter. be ignored by the server.
/// </param>
/// <param name="UserName">
/// The name of the user. See the message processing later
/// in this section for details on how this value is used
/// as a database key to locate the account that is the
/// target of this password change operation.
/// </param>
/// <param name="NewPasswordEncryptedWithOldNt">
/// A clear text password encrypted according to the specification
/// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is
/// the NT hash of the existing password for the target
/// user (as presented by the client in the OldNtOwfPasswordEncryptedWithNewNt
/// parameter).
/// </param>
/// <param name="OldNtOwfPasswordEncryptedWithNewNt">
/// The NT hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the NT hash of the clear text password obtained
/// from decrypting NewPasswordEncryptedWithOldNt.
/// </param>
/// <param name="LmPresent">
/// If this parameter is zero, NewPasswordEncryptedWithOldLm
/// and OldLmOwfPasswordEncryptedWithOldLm MUST be ignored;
/// otherwise these fields MUST be processed.
/// </param>
/// <param name="NewPasswordEncryptedWithOldLm">
/// A clear text password encrypted according to the specification
/// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is
/// the LM hash of the existing password for the target
/// user (as presented by the client).
/// </param>
/// <param name="OldLmOwfPasswordEncryptedWithNewNt">
/// The LM hash the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the NT hash of the clear text password obtained
/// from decrypting NewPasswordEncryptedWithOldNt.
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrUnicodeChangePasswordUser2(System.IntPtr BindingHandle,
_RPC_UNICODE_STRING ServerName,
_RPC_UNICODE_STRING UserName,
_SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt,
_ENCRYPTED_LM_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt,
byte LmPresent,
_SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
_ENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewNt)
{
return rpc.SamrUnicodeChangePasswordUser2(BindingHandle, ServerName,
UserName, NewPasswordEncryptedWithOldNt, OldNtOwfPasswordEncryptedWithNewNt,
LmPresent, NewPasswordEncryptedWithOldLm, OldLmOwfPasswordEncryptedWithNewNt);
}
/// <summary>
/// Gets a password encrypted with session key.
/// </summary>
/// <param name="password">The password to be encrypted</param>
/// <param name="sessionKey">The session key used for encryption.</param>
/// <exception cref="ArgumentNullException">Raised when session key is null</exception>
/// <returns>The encrypted password.</returns>
private _SAMPR_ENCRYPTED_USER_PASSWORD GetPasswordEncryptedWithSessionKey(
string password,
byte[] sessionKey)
{
if (sessionKey == null)
{
throw new ArgumentNullException("sessionKey");
}
_SAMPR_ENCRYPTED_USER_PASSWORD encryptedPwd = new _SAMPR_ENCRYPTED_USER_PASSWORD();
encryptedPwd.Buffer = new byte[encryptedPwdSize + pwdLenSize];
// Get new password bytes
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
// Copy password bytes to the tail of the encryptedPwdSize bytes of buffer
Array.Copy(passwordBytes, 0, encryptedPwd.Buffer,
encryptedPwdSize - passwordBytes.Length, passwordBytes.Length);
// Set password length for the last pwdLenSize bytes of the (encryptedPwdSize + pwdLenSize) bytes
byte[] lengthBytes = BitConverter.GetBytes(passwordBytes.Length);
Array.Copy(lengthBytes, 0, encryptedPwd.Buffer, encryptedPwdSize, pwdLenSize);
// Do RC4 encryption
encryptedPwd.Buffer = RC4Encrypt(encryptedPwd.Buffer, 0, encryptedPwd.Buffer.Length, sessionKey);
return encryptedPwd;
}
/// <summary>
/// The SamrOemChangePasswordUser2 method changes a user's
/// password. Opnum: 54
/// </summary>
/// <param name="BindingHandle">
/// An RPC binding handle parameter as specified in [C706-Ch2Intro].
/// </param>
/// <param name="ServerName">
/// A counted string, encoded in the OEM character set,
/// containing the NETBIOS name of the server; this parameter
/// MAY servers ignore the ServerName parameter. be ignored
/// by the server.
/// </param>
/// <param name="UserName">
/// A counted string, encoded in the OEM character set,
/// containing the name of the user whose password is to
/// be changed; see message processing later in this section
/// for details on how this value is used as a database
/// key to locate the account that is the target of this
/// password change operation.
/// </param>
/// <param name="NewPasswordEncryptedWithOldLm">
/// A clear text password encrypted according to the specification
/// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is
/// the LM hash of the existing password for the target
/// user (as presented by the client). The clear text password
/// MUST be encoded in an OEM code page character set (as
/// opposed to UTF-16).
/// </param>
/// <param name="OldLmOwfPasswordEncryptedWithNewLm">
/// The LM hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the LM hash of the clear text password obtained
/// from decrypting NewPasswordEncryptedWithOldLm (see
/// the preceding description for decryption details).
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrOemChangePasswordUser2(System.IntPtr BindingHandle,
_RPC_STRING ServerName,
_RPC_STRING UserName,
_SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
_ENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLm)
{
return rpc.SamrOemChangePasswordUser2(BindingHandle, ServerName,
UserName, NewPasswordEncryptedWithOldLm, OldLmOwfPasswordEncryptedWithNewLm);
}
/// <summary>
/// Validate the existing password encrypted with session key.
/// </summary>
/// <param name="sessionKey">The session key used for encryption.</param>
/// <param name="target"> the target to be validate</param>
/// <returns>validate result</returns>
public bool ValidateOldPasswordEncryptedWithSessionKey(byte[] sessionKey, _SAMPR_ENCRYPTED_USER_PASSWORD target)
{
_SAMPR_ENCRYPTED_USER_PASSWORD expected = GetOldPasswordEncryptedWithSessionKey(sessionKey);
bool isSame = ObjectUtility.DeepCompare(expected, target);
return isSame;
}
public bool ValidateNewPasswordEncryptedWithOldNt(_SAMPR_ENCRYPTED_USER_PASSWORD target)
{
_SAMPR_ENCRYPTED_USER_PASSWORD expected = GetNewPasswordEncryptedWithOldNt();
bool isSame = ObjectUtility.DeepCompare(expected, target);
return isSame;
}
public _SAMPR_ENCRYPTED_USER_PASSWORD GetNewPasswordEncryptedWithOldNt()
{
_SAMPR_ENCRYPTED_USER_PASSWORD encryptedPwd = new _SAMPR_ENCRYPTED_USER_PASSWORD();
encryptedPwd.Buffer = new byte[encryptedPwdSize + pwdLenSize];
// Get new password bytes
byte[] newPwdBytes = Encoding.Unicode.GetBytes(newPwd);
// Copy password bytes to the tail of the encryptedPwdSize bytes of buffer
Array.Copy(newPwdBytes, 0, encryptedPwd.Buffer,
encryptedPwdSize - newPwdBytes.Length, newPwdBytes.Length);
// Set password length for the last pwdLenSize bytes of the (encryptedPwdSize + pwdLenSize) bytes
byte[] lengthBytes = BitConverter.GetBytes(newPwdBytes.Length);
Array.Copy(lengthBytes, 0, encryptedPwd.Buffer, encryptedPwdSize, pwdLenSize);
// Get NT hash of existing password
byte[] oldNtowf = GetHashWithNTOWFv1(existingPwd);
// Do RC4 encryption
encryptedPwd.Buffer = RC4Encrypt(encryptedPwd.Buffer, 0, encryptedPwd.Buffer.Length, oldNtowf);
return encryptedPwd;
}
public _SAMPR_ENCRYPTED_USER_PASSWORD GetNewPasswordEncryptedWithOldLm(PasswordType passwordType)
{
_SAMPR_ENCRYPTED_USER_PASSWORD encryptedPwd = new _SAMPR_ENCRYPTED_USER_PASSWORD();
encryptedPwd.Buffer = new byte[encryptedPwdSize + pwdLenSize];
Encoding targetEncoding;
if (passwordType == PasswordType.Oem)
{
// Windows OEM encoding is ASCII
targetEncoding = Encoding.ASCII;
}
else if (passwordType == PasswordType.Unicode)
{
targetEncoding = Encoding.Unicode;
}
else
{
throw new InvalidOperationException("Invalid password type");
}
// Get new password bytes
byte[] newPwdBytes = targetEncoding.GetBytes(newPwd);
// Copy password bytes to the tail of the encryptedPwdSize bytes of buffer
Array.Copy(newPwdBytes, 0, encryptedPwd.Buffer, encryptedPwdSize - newPwdBytes.Length,
newPwdBytes.Length);
// Set password length for the last pwdLenSize bytes of the (encryptedPwdSize + pwdLenSize) bytes
byte[] lengthBytes = BitConverter.GetBytes(newPwdBytes.Length);
Array.Copy(lengthBytes, 0, encryptedPwd.Buffer, encryptedPwdSize, lengthBytes.Length);
// Get LM hash of existing password
byte[] oldLmowf = GetHashWithLMOWFv1(existingPwd);
// Do RC4 encryption
encryptedPwd.Buffer = RC4Encrypt(encryptedPwd.Buffer, 0, encryptedPwd.Buffer.Length, oldLmowf);
return encryptedPwd;
}
/// <summary>
/// Decodes the request stub, and fills the fields of the class
/// </summary>
/// <param name="sessionContext">The session context of the request received</param>
/// <param name="requestStub">The request stub got from RPCE layer</param>
internal override void Decode(SamrServerSessionContext sessionContext, byte[] requestStub)
{
using (RpceInt3264Collection inParams = RpceStubDecoder.ToParamList(
RpceStubHelper.GetPlatform(),
SamrRpcStubFormatString.TypeFormatString,
new RpceStubExprEval[]{
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_INFORMATIONExprEval_0000),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_HOURS_INFORMATIONExprEval_0001),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_ACCOUNT_INFORMATIONExprEval_0002),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_LOGON_HOURSExprEval_0003)},
SamrRpcStubFormatString.ProcFormatString,
SamrRpcStubFormatString.ProcFormatStringOffsetTable[(int)Opnum],
false,
requestStub))
{
ServerName = TypeMarshal.ToStruct<_RPC_UNICODE_STRING>(inParams[0]);
UserName = TypeMarshal.ToStruct<_RPC_UNICODE_STRING>(inParams[1]);
NewPasswordEncryptedWithOldNt = TypeMarshal.ToStruct<_SAMPR_ENCRYPTED_USER_PASSWORD>(inParams[2]);
OldNtOwfPasswordEncryptedWithNewNt = TypeMarshal.ToStruct<_ENCRYPTED_LM_OWF_PASSWORD>(inParams[3]);
LmPresent = (byte)inParams[4].ToInt32();
NewPasswordEncryptedWithOldLm = TypeMarshal.ToStruct<_SAMPR_ENCRYPTED_USER_PASSWORD>(inParams[5]);
OldLmOwfPasswordEncryptedWithNewNt = TypeMarshal.ToStruct<_ENCRYPTED_LM_OWF_PASSWORD>(inParams[6]);
}
}
