/// <summary>
/// The SamrUnicodeChangePasswordUser2 method changes a
/// user account's password. Opnum: 55
/// </summary>
/// <param name="BindingHandle">
/// An RPC binding handle parameter as specified in [C706-Ch2Intro].
/// </param>
/// <param name="ServerName">
/// A null-terminated string containing the NETBIOS name
/// of the server; this parameter MAY servers ignore the
/// ServerName parameter. be ignored by the server.
/// </param>
/// <param name="UserName">
/// The name of the user. See the message processing later
/// in this section for details on how this value is used
/// as a database key to locate the account that is the
/// target of this password change operation.
/// </param>
/// <param name="NewPasswordEncryptedWithOldNt">
/// A clear text password encrypted according to the specification
/// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is
/// the NT hash of the existing password for the target
/// user (as presented by the client in the OldNtOwfPasswordEncryptedWithNewNt
/// parameter).
/// </param>
/// <param name="OldNtOwfPasswordEncryptedWithNewNt">
/// The NT hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the NT hash of the clear text password obtained
/// from decrypting NewPasswordEncryptedWithOldNt.
/// </param>
/// <param name="LmPresent">
/// If this parameter is zero, NewPasswordEncryptedWithOldLm
/// and OldLmOwfPasswordEncryptedWithOldLm MUST be ignored;
/// otherwise these fields MUST be processed.
/// </param>
/// <param name="NewPasswordEncryptedWithOldLm">
/// A clear text password encrypted according to the specification
/// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is
/// the LM hash of the existing password for the target
/// user (as presented by the client).
/// </param>
/// <param name="OldLmOwfPasswordEncryptedWithNewNt">
/// The LM hash the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the NT hash of the clear text password obtained
/// from decrypting NewPasswordEncryptedWithOldNt.
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrUnicodeChangePasswordUser2(System.IntPtr BindingHandle,
_RPC_UNICODE_STRING ServerName,
_RPC_UNICODE_STRING UserName,
_SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt,
_ENCRYPTED_LM_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt,
byte LmPresent,
_SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
_ENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewNt)
{
return rpc.SamrUnicodeChangePasswordUser2(BindingHandle, ServerName,
UserName, NewPasswordEncryptedWithOldNt, OldNtOwfPasswordEncryptedWithNewNt,
LmPresent, NewPasswordEncryptedWithOldLm, OldLmOwfPasswordEncryptedWithNewNt);
}
/// <summary>
/// The SamrChangePasswordUser method changes the password
/// of a user object. Opnum: 38
/// </summary>
/// <param name="UserHandle">
/// An RPC context handle, as specified in section , representing
/// a user object.
/// </param>
/// <param name="LmPresent">
/// If this parameter is zero, the LmOldEncryptedWithLmNew
/// and LmNewEncryptedWithLmOld fields MUST be ignored
/// by the server; otherwise these fields MUST be processed.
/// </param>
/// <param name="OldLmEncryptedWithNewLm">
/// The LM hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the LM hash of the new password for the target
/// user (as presented by the client in the LmNewEncryptedWithLmOld
/// parameter).
/// </param>
/// <param name="NewLmEncryptedWithOldLm">
/// The LM hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_LM_OWF_PASSWORD, where the key is the
/// LM hash of the existing password for the target user
/// (as presented by the client in the LmOldEncryptedWithLmNew
/// parameter).
/// </param>
/// <param name="NtPresent">
/// If this parameter is zero, NtOldEncryptedWithNtNew and
/// NtNewEncryptedWithNtOld MUST be ignored by the server;
/// otherwise these fields MUST be processed.
/// </param>
/// <param name="OldNtEncryptedWithNewNt">
/// The NT hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_NT_OWF_PASSWORD, where
/// the key is the NT hash of the new password for the
/// target user (as presented by the client).
/// </param>
/// <param name="NewNtEncryptedWithOldNt">
/// The NT hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_NT_OWF_PASSWORD, where the key is the
/// NT hash of the existing password for the target user
/// (as presented by the client).
/// </param>
/// <param name="NtCrossEncryptionPresent">
/// If this parameter is zero, NtNewEncryptedWithLmNew MUST
/// be ignored; otherwise, this field MUST be processed.
/// </param>
/// <param name="NewNtEncryptedWithNewLm">
/// The NT hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_NT_OWF_PASSWORD, where the key is the
/// LM hash of the new password for the target user (as
/// presented by the client).
/// </param>
/// <param name="LmCrossEncryptionPresent">
/// If this parameter is zero, LmNewEncryptedWithNtNew MUST
/// be ignored; otherwise, this field MUST be processed.
/// </param>
/// <param name="NewLmEncryptedWithNewNt">
/// The LM hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_LM_OWF_PASSWORD, where the key is the
/// NT hash of the new password for the target user (as
/// presented by the client).
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrChangePasswordUser(System.IntPtr UserHandle,
byte LmPresent,
_ENCRYPTED_LM_OWF_PASSWORD? OldLmEncryptedWithNewLm,
_ENCRYPTED_LM_OWF_PASSWORD? NewLmEncryptedWithOldLm,
byte NtPresent,
_ENCRYPTED_LM_OWF_PASSWORD? OldNtEncryptedWithNewNt,
_ENCRYPTED_LM_OWF_PASSWORD? NewNtEncryptedWithOldNt,
byte NtCrossEncryptionPresent,
_ENCRYPTED_LM_OWF_PASSWORD? NewNtEncryptedWithNewLm,
byte LmCrossEncryptionPresent,
_ENCRYPTED_LM_OWF_PASSWORD? NewLmEncryptedWithNewNt)
{
return rpc.SamrChangePasswordUser(UserHandle, LmPresent, OldLmEncryptedWithNewLm, NewLmEncryptedWithOldLm,
NtPresent, OldNtEncryptedWithNewNt, NewNtEncryptedWithOldNt, NtCrossEncryptionPresent,
NewNtEncryptedWithNewLm, LmCrossEncryptionPresent, NewLmEncryptedWithNewNt);
}
/// <summary>
/// The SamrOemChangePasswordUser2 method changes a user's
/// password. Opnum: 54
/// </summary>
/// <param name="BindingHandle">
/// An RPC binding handle parameter as specified in [C706-Ch2Intro].
/// </param>
/// <param name="ServerName">
/// A counted string, encoded in the OEM character set,
/// containing the NETBIOS name of the server; this parameter
/// MAY servers ignore the ServerName parameter. be ignored
/// by the server.
/// </param>
/// <param name="UserName">
/// A counted string, encoded in the OEM character set,
/// containing the name of the user whose password is to
/// be changed; see message processing later in this section
/// for details on how this value is used as a database
/// key to locate the account that is the target of this
/// password change operation.
/// </param>
/// <param name="NewPasswordEncryptedWithOldLm">
/// A clear text password encrypted according to the specification
/// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is
/// the LM hash of the existing password for the target
/// user (as presented by the client). The clear text password
/// MUST be encoded in an OEM code page character set (as
/// opposed to UTF-16).
/// </param>
/// <param name="OldLmOwfPasswordEncryptedWithNewLm">
/// The LM hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the LM hash of the clear text password obtained
/// from decrypting NewPasswordEncryptedWithOldLm (see
/// the preceding description for decryption details).
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrOemChangePasswordUser2(System.IntPtr BindingHandle,
_RPC_STRING ServerName,
_RPC_STRING UserName,
_SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
_ENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLm)
{
return rpc.SamrOemChangePasswordUser2(BindingHandle, ServerName,
UserName, NewPasswordEncryptedWithOldLm, OldLmOwfPasswordEncryptedWithNewLm);
}
/// <summary>
/// The SamrSetDSRMPassword method sets a local recovery
/// password. Opnum: 66
/// </summary>
/// <param name="BindingHandle">
/// An RPC binding handle parameter, as specified in [C706-Ch2Intro].
/// </param>
/// <param name="Unused">
/// A string value. This value is not used in the protocol
/// and is ignored by the server.
/// </param>
/// <param name="UserId">
/// A RID of a user account. See the message processing
/// later in this section for details on restrictions on
/// this value.
/// </param>
/// <param name="EncryptedNtOwfPassword">
/// The NT hash of the new password (as presented by the
/// client) encrypted according to the specification of
/// ENCRYPTED_NT_OWF_PASSWORD, where the key is the User ID.
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrSetDSRMPassword(System.IntPtr BindingHandle, _RPC_UNICODE_STRING Unused,
uint UserId, _ENCRYPTED_LM_OWF_PASSWORD EncryptedNtOwfPassword)
{
return rpc.SamrSetDSRMPassword(BindingHandle, Unused, UserId, EncryptedNtOwfPassword);
}
/// <summary>
/// Validate the NT hash of the existing password (as presented by the client) encrypted according to the
/// specification of ENCRYPTED_NT_OWF_PASSWORD where the key is the 16-byte SMB session key established by
/// the underlying authentication protocol(either Kerberos or NTLM).
/// </summary>
/// <param name="sessionKey">The session key used for encryption.</param>
/// <param name="target"> the target to be validate</param>
/// <returns>validate result</returns>
public bool ValidateOldNtOwfPasswordEncryptedWithSessionKey(byte[] sessionKey, _ENCRYPTED_LM_OWF_PASSWORD target)
{
_ENCRYPTED_LM_OWF_PASSWORD expected = GetOldNtOwfPasswordEncryptedWithSessionKey(sessionKey);
bool isSame = ObjectUtility.DeepCompare(expected, target);
return isSame;
}
/// <summary>
/// The SamrChangePasswordUser method changes the password
/// of a user object. Opnum: 38
/// </summary>
/// <param name="UserHandle">
/// An RPC context handle, as specified in section , representing
/// a user object.
/// </param>
/// <param name="LmPresent">
/// If this parameter is zero, the LmOldEncryptedWithLmNew
/// and LmNewEncryptedWithLmOld fields MUST be ignored
/// by the server; otherwise these fields MUST be processed.
/// </param>
/// <param name="OldLmEncryptedWithNewLm">
/// The LM hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_LM_OWF_PASSWORD, where the
/// key is the LM hash of the new password for the target
/// user (as presented by the client in the LmNewEncryptedWithLmOld
/// parameter).
/// </param>
/// <param name="NewLmEncryptedWithOldLm">
/// The LM hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_LM_OWF_PASSWORD, where the key is the
/// LM hash of the existing password for the target user
/// (as presented by the client in the LmOldEncryptedWithLmNew
/// parameter).
/// </param>
/// <param name="NtPresent">
/// If this parameter is zero, NtOldEncryptedWithNtNew and
/// NtNewEncryptedWithNtOld MUST be ignored by the server;
/// otherwise these fields MUST be processed.
/// </param>
/// <param name="OldNtEncryptedWithNewNt">
/// The NT hash of the target user's existing password (as
/// presented by the client) encrypted according to the
/// specification of ENCRYPTED_NT_OWF_PASSWORD, where
/// the key is the NT hash of the new password for the
/// target user (as presented by the client).
/// </param>
/// <param name="NewNtEncryptedWithOldNt">
/// The NT hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_NT_OWF_PASSWORD, where the key is the
/// NT hash of the existing password for the target user
/// (as presented by the client).
/// </param>
/// <param name="NtCrossEncryptionPresent">
/// If this parameter is zero, NtNewEncryptedWithLmNew MUST
/// be ignored; otherwise, this field MUST be processed.
/// </param>
/// <param name="NewNtEncryptedWithNewLm">
/// The NT hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_NT_OWF_PASSWORD, where the key is the
/// LM hash of the new password for the target user (as
/// presented by the client).
/// </param>
/// <param name="LmCrossEncryptionPresent">
/// If this parameter is zero, LmNewEncryptedWithNtNew MUST
/// be ignored; otherwise, this field MUST be processed.
/// </param>
/// <param name="NewLmEncryptedWithNewNt">
/// The LM hash of the target user's new password (as presented
/// by the client) encrypted according to the specification
/// of ENCRYPTED_LM_OWF_PASSWORD, where the key is the
/// NT hash of the new password for the target user (as
/// presented by the client).
/// </param>
/// <returns>
/// status of the function call, for example: 0 indicates STATUS_SUCCESS
/// </returns>
public int SamrChangePasswordUser(
IntPtr UserHandle,
byte LmPresent,
_ENCRYPTED_LM_OWF_PASSWORD? OldLmEncryptedWithNewLm,
_ENCRYPTED_LM_OWF_PASSWORD? NewLmEncryptedWithOldLm,
byte NtPresent,
_ENCRYPTED_LM_OWF_PASSWORD? OldNtEncryptedWithNewNt,
_ENCRYPTED_LM_OWF_PASSWORD? NewNtEncryptedWithOldNt,
byte NtCrossEncryptionPresent,
_ENCRYPTED_LM_OWF_PASSWORD? NewNtEncryptedWithNewLm,
byte LmCrossEncryptionPresent,
_ENCRYPTED_LM_OWF_PASSWORD? NewLmEncryptedWithNewNt)
{
const ushort opnum = 38;
Int3264[] paramList;
int retVal = 0;
SafeIntPtr pOldLmEncryptedWithNewLm = TypeMarshal.ToIntPtr(OldLmEncryptedWithNewLm);
SafeIntPtr pNewLmEncryptedWithOldLm = TypeMarshal.ToIntPtr(NewLmEncryptedWithOldLm);
SafeIntPtr pOldNtEncryptedWithNewNt = TypeMarshal.ToIntPtr(OldNtEncryptedWithNewNt);
SafeIntPtr pNewNtEncryptedWithOldNt = TypeMarshal.ToIntPtr(NewNtEncryptedWithOldNt);
SafeIntPtr pNewNtEncryptedWithNewLm = TypeMarshal.ToIntPtr(NewNtEncryptedWithNewLm);
SafeIntPtr pNewLmEncryptedWithNewNt = TypeMarshal.ToIntPtr(NewLmEncryptedWithNewNt);
paramList = new Int3264[] {
UserHandle,
(uint)LmPresent,
pOldLmEncryptedWithNewLm,
pNewLmEncryptedWithOldLm,
(uint)NtPresent,
pOldNtEncryptedWithNewNt,
pNewNtEncryptedWithOldNt,
(uint)NtCrossEncryptionPresent,
pNewNtEncryptedWithNewLm,
(uint)LmCrossEncryptionPresent,
pNewLmEncryptedWithNewNt,
IntPtr.Zero
};
try
{
using (RpceInt3264Collection outParamList = RpceCall(paramList, opnum))
{
retVal = outParamList[11].ToInt32();
}
}
finally
{
pNewLmEncryptedWithNewNt.Dispose();
pNewLmEncryptedWithOldLm.Dispose();
pNewNtEncryptedWithNewLm.Dispose();
pNewNtEncryptedWithOldNt.Dispose();
pOldLmEncryptedWithNewLm.Dispose();
pOldNtEncryptedWithNewNt.Dispose();
}
return retVal;
}
public bool ValidateOldNtEncryptedWithNewNt(_ENCRYPTED_LM_OWF_PASSWORD target)
{
_ENCRYPTED_LM_OWF_PASSWORD expected = GetOldNtEncryptedWithNewNt();
bool isSame = ObjectUtility.DeepCompare(expected, target);
return isSame;
}
public bool ValidateEncryptedNtOwfPasswordWithUserId(uint userId, _ENCRYPTED_LM_OWF_PASSWORD target)
{
_ENCRYPTED_LM_OWF_PASSWORD expected = GetEncryptedNtOwfPasswordWithUserId(userId);
bool isSame = ObjectUtility.DeepCompare(expected, target);
return isSame;
}
/// <summary>
/// Splits both the block and the key to 2 halves, then transforms the keys, and encrypts the blocks
/// with the transformed keys
/// </summary>
/// <param name="block">The input block to be encrypted</param>
/// <param name="key">The encryption key</param>
/// <returns>The encrypted data</returns>
public static _ENCRYPTED_LM_OWF_PASSWORD EncryptBlockWithKey(byte[] block, byte[] key)
{
// The block size for DES ECB encryption
const int samrEncryptionBlockSize = 8;
_ENCRYPTED_LM_OWF_PASSWORD encryptedPwd = new _ENCRYPTED_LM_OWF_PASSWORD();
byte[] block1 = null;
byte[] block2 = null;
byte[] key1 = null;
byte[] key2 = null;
// Split blocks into 2 blocks with each has the length samrEncryptionBlockSize
SplitBlock(block, samrEncryptionBlockSize, samrEncryptionBlockSize, out block1, out block2);
// Split keys into 2 underivedKeySize size blocks
SplitBlock(key, underivedKeySize, underivedKeySize, out key1, out key2);
// Derive keys
byte[] transformedKey1 = TransformKey(key1);
byte[] transformedKey2 = TransformKey(key2);
// Do encryption
byte[] encryptedBlock1 = DesEcbEncrypt(block1, transformedKey1);
byte[] encryptedBlock2 = DesEcbEncrypt(block2, transformedKey2);
// Concatenate the encrypted blocks
encryptedPwd.data = MergeBlocks(encryptedBlock1, encryptedBlock2);
return encryptedPwd;
}
/// <summary>
/// Decodes the request stub, and fills the fields of the class
/// </summary>
/// <param name="sessionContext">The session context of the request received</param>
/// <param name="requestStub">The request stub got from RPCE layer</param>
internal override void Decode(SamrServerSessionContext sessionContext, byte[] requestStub)
{
using (RpceInt3264Collection inParams = RpceStubDecoder.ToParamList(
RpceStubHelper.GetPlatform(),
SamrRpcStubFormatString.TypeFormatString,
new RpceStubExprEval[]{
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_INFORMATIONExprEval_0000),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_HOURS_INFORMATIONExprEval_0001),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_ACCOUNT_INFORMATIONExprEval_0002),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_LOGON_HOURSExprEval_0003)},
SamrRpcStubFormatString.ProcFormatString,
SamrRpcStubFormatString.ProcFormatStringOffsetTable[(int)Opnum],
false,
requestStub))
{
Unused = TypeMarshal.ToStruct<_RPC_UNICODE_STRING>(inParams[0]);
UserId = inParams[1].ToUInt32();
EncryptedNtOwfPassword = TypeMarshal.ToStruct<_ENCRYPTED_LM_OWF_PASSWORD>(inParams[2]);
}
}
/// <summary>
/// Decodes the request stub, and fills the fields of the class
/// </summary>
/// <param name="sessionContext">The session context of the request received</param>
/// <param name="requestStub">The request stub got from RPCE layer</param>
internal override void Decode(SamrServerSessionContext sessionContext, byte[] requestStub)
{
using (RpceInt3264Collection inParams = RpceStubDecoder.ToParamList(
RpceStubHelper.GetPlatform(),
SamrRpcStubFormatString.TypeFormatString,
new RpceStubExprEval[]{
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_INFORMATIONExprEval_0000),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_HOURS_INFORMATIONExprEval_0001),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_ACCOUNT_INFORMATIONExprEval_0002),
new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_LOGON_HOURSExprEval_0003)},
SamrRpcStubFormatString.ProcFormatString,
SamrRpcStubFormatString.ProcFormatStringOffsetTable[(int)Opnum],
false,
requestStub))
{
//BindingHandle = inParams[0].ToIntPtr();
ServerName = TypeMarshal.ToStruct<_RPC_STRING>(inParams[0]);
UserName = TypeMarshal.ToStruct<_RPC_STRING>(inParams[1]);
NewPasswordEncryptedWithOldLm = TypeMarshal.ToStruct<_SAMPR_ENCRYPTED_USER_PASSWORD>(inParams[2]);
OldLmOwfPasswordEncryptedWithNewLm = TypeMarshal.ToStruct<_ENCRYPTED_LM_OWF_PASSWORD>(inParams[3]);
}
}
