/// <summary> /// The SamrUnicodeChangePasswordUser2 method changes a /// user account's password. Opnum: 55 /// </summary> /// <param name="BindingHandle"> /// An RPC binding handle parameter as specified in [C706-Ch2Intro]. /// </param> /// <param name="ServerName"> /// A null-terminated string containing the NETBIOS name /// of the server; this parameter MAY servers ignore the /// ServerName parameter. be ignored by the server. /// </param> /// <param name="UserName"> /// The name of the user. See the message processing later /// in this section for details on how this value is used /// as a database key to locate the account that is the /// target of this password change operation. /// </param> /// <param name="NewPasswordEncryptedWithOldNt"> /// A clear text password encrypted according to the specification /// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is /// the NT hash of the existing password for the target /// user (as presented by the client in the OldNtOwfPasswordEncryptedWithNewNt /// parameter). /// </param> /// <param name="OldNtOwfPasswordEncryptedWithNewNt"> /// The NT hash of the target user's existing password (as /// presented by the client) encrypted according to the /// specification of ENCRYPTED_LM_OWF_PASSWORD, where the /// key is the NT hash of the clear text password obtained /// from decrypting NewPasswordEncryptedWithOldNt. /// </param> /// <param name="LmPresent"> /// If this parameter is zero, NewPasswordEncryptedWithOldLm /// and OldLmOwfPasswordEncryptedWithOldLm MUST be ignored; /// otherwise these fields MUST be processed. /// </param> /// <param name="NewPasswordEncryptedWithOldLm"> /// A clear text password encrypted according to the specification /// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is /// the LM hash of the existing password for the target /// user (as presented by the client). /// </param> /// <param name="OldLmOwfPasswordEncryptedWithNewNt"> /// The LM hash the target user's existing password (as /// presented by the client) encrypted according to the /// specification of ENCRYPTED_LM_OWF_PASSWORD, where the /// key is the NT hash of the clear text password obtained /// from decrypting NewPasswordEncryptedWithOldNt. /// </param> /// <returns> /// status of the function call, for example: 0 indicates STATUS_SUCCESS /// </returns> public int SamrUnicodeChangePasswordUser2(System.IntPtr BindingHandle, _RPC_UNICODE_STRING ServerName, _RPC_UNICODE_STRING UserName, _SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt, _ENCRYPTED_LM_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt, byte LmPresent, _SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm, _ENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewNt) { return rpc.SamrUnicodeChangePasswordUser2(BindingHandle, ServerName, UserName, NewPasswordEncryptedWithOldNt, OldNtOwfPasswordEncryptedWithNewNt, LmPresent, NewPasswordEncryptedWithOldLm, OldLmOwfPasswordEncryptedWithNewNt); }
/// <summary> /// Gets a password encrypted with session key. /// </summary> /// <param name="password">The password to be encrypted</param> /// <param name="sessionKey">The session key used for encryption.</param> /// <exception cref="ArgumentNullException">Raised when session key is null</exception> /// <returns>The encrypted password.</returns> private _SAMPR_ENCRYPTED_USER_PASSWORD GetPasswordEncryptedWithSessionKey( string password, byte[] sessionKey) { if (sessionKey == null) { throw new ArgumentNullException("sessionKey"); } _SAMPR_ENCRYPTED_USER_PASSWORD encryptedPwd = new _SAMPR_ENCRYPTED_USER_PASSWORD(); encryptedPwd.Buffer = new byte[encryptedPwdSize + pwdLenSize]; // Get new password bytes byte[] passwordBytes = Encoding.Unicode.GetBytes(password); // Copy password bytes to the tail of the encryptedPwdSize bytes of buffer Array.Copy(passwordBytes, 0, encryptedPwd.Buffer, encryptedPwdSize - passwordBytes.Length, passwordBytes.Length); // Set password length for the last pwdLenSize bytes of the (encryptedPwdSize + pwdLenSize) bytes byte[] lengthBytes = BitConverter.GetBytes(passwordBytes.Length); Array.Copy(lengthBytes, 0, encryptedPwd.Buffer, encryptedPwdSize, pwdLenSize); // Do RC4 encryption encryptedPwd.Buffer = RC4Encrypt(encryptedPwd.Buffer, 0, encryptedPwd.Buffer.Length, sessionKey); return encryptedPwd; }
/// <summary> /// The SamrOemChangePasswordUser2 method changes a user's /// password. Opnum: 54 /// </summary> /// <param name="BindingHandle"> /// An RPC binding handle parameter as specified in [C706-Ch2Intro]. /// </param> /// <param name="ServerName"> /// A counted string, encoded in the OEM character set, /// containing the NETBIOS name of the server; this parameter /// MAY servers ignore the ServerName parameter. be ignored /// by the server. /// </param> /// <param name="UserName"> /// A counted string, encoded in the OEM character set, /// containing the name of the user whose password is to /// be changed; see message processing later in this section /// for details on how this value is used as a database /// key to locate the account that is the target of this /// password change operation. /// </param> /// <param name="NewPasswordEncryptedWithOldLm"> /// A clear text password encrypted according to the specification /// of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is /// the LM hash of the existing password for the target /// user (as presented by the client). The clear text password /// MUST be encoded in an OEM code page character set (as /// opposed to UTF-16). /// </param> /// <param name="OldLmOwfPasswordEncryptedWithNewLm"> /// The LM hash of the target user's existing password (as /// presented by the client) encrypted according to the /// specification of ENCRYPTED_LM_OWF_PASSWORD, where the /// key is the LM hash of the clear text password obtained /// from decrypting NewPasswordEncryptedWithOldLm (see /// the preceding description for decryption details). /// </param> /// <returns> /// status of the function call, for example: 0 indicates STATUS_SUCCESS /// </returns> public int SamrOemChangePasswordUser2(System.IntPtr BindingHandle, _RPC_STRING ServerName, _RPC_STRING UserName, _SAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm, _ENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLm) { return rpc.SamrOemChangePasswordUser2(BindingHandle, ServerName, UserName, NewPasswordEncryptedWithOldLm, OldLmOwfPasswordEncryptedWithNewLm); }
/// <summary> /// Validate the existing password encrypted with session key. /// </summary> /// <param name="sessionKey">The session key used for encryption.</param> /// <param name="target"> the target to be validate</param> /// <returns>validate result</returns> public bool ValidateOldPasswordEncryptedWithSessionKey(byte[] sessionKey, _SAMPR_ENCRYPTED_USER_PASSWORD target) { _SAMPR_ENCRYPTED_USER_PASSWORD expected = GetOldPasswordEncryptedWithSessionKey(sessionKey); bool isSame = ObjectUtility.DeepCompare(expected, target); return isSame; }
public bool ValidateNewPasswordEncryptedWithOldNt(_SAMPR_ENCRYPTED_USER_PASSWORD target) { _SAMPR_ENCRYPTED_USER_PASSWORD expected = GetNewPasswordEncryptedWithOldNt(); bool isSame = ObjectUtility.DeepCompare(expected, target); return isSame; }
public _SAMPR_ENCRYPTED_USER_PASSWORD GetNewPasswordEncryptedWithOldNt() { _SAMPR_ENCRYPTED_USER_PASSWORD encryptedPwd = new _SAMPR_ENCRYPTED_USER_PASSWORD(); encryptedPwd.Buffer = new byte[encryptedPwdSize + pwdLenSize]; // Get new password bytes byte[] newPwdBytes = Encoding.Unicode.GetBytes(newPwd); // Copy password bytes to the tail of the encryptedPwdSize bytes of buffer Array.Copy(newPwdBytes, 0, encryptedPwd.Buffer, encryptedPwdSize - newPwdBytes.Length, newPwdBytes.Length); // Set password length for the last pwdLenSize bytes of the (encryptedPwdSize + pwdLenSize) bytes byte[] lengthBytes = BitConverter.GetBytes(newPwdBytes.Length); Array.Copy(lengthBytes, 0, encryptedPwd.Buffer, encryptedPwdSize, pwdLenSize); // Get NT hash of existing password byte[] oldNtowf = GetHashWithNTOWFv1(existingPwd); // Do RC4 encryption encryptedPwd.Buffer = RC4Encrypt(encryptedPwd.Buffer, 0, encryptedPwd.Buffer.Length, oldNtowf); return encryptedPwd; }
public _SAMPR_ENCRYPTED_USER_PASSWORD GetNewPasswordEncryptedWithOldLm(PasswordType passwordType) { _SAMPR_ENCRYPTED_USER_PASSWORD encryptedPwd = new _SAMPR_ENCRYPTED_USER_PASSWORD(); encryptedPwd.Buffer = new byte[encryptedPwdSize + pwdLenSize]; Encoding targetEncoding; if (passwordType == PasswordType.Oem) { // Windows OEM encoding is ASCII targetEncoding = Encoding.ASCII; } else if (passwordType == PasswordType.Unicode) { targetEncoding = Encoding.Unicode; } else { throw new InvalidOperationException("Invalid password type"); } // Get new password bytes byte[] newPwdBytes = targetEncoding.GetBytes(newPwd); // Copy password bytes to the tail of the encryptedPwdSize bytes of buffer Array.Copy(newPwdBytes, 0, encryptedPwd.Buffer, encryptedPwdSize - newPwdBytes.Length, newPwdBytes.Length); // Set password length for the last pwdLenSize bytes of the (encryptedPwdSize + pwdLenSize) bytes byte[] lengthBytes = BitConverter.GetBytes(newPwdBytes.Length); Array.Copy(lengthBytes, 0, encryptedPwd.Buffer, encryptedPwdSize, lengthBytes.Length); // Get LM hash of existing password byte[] oldLmowf = GetHashWithLMOWFv1(existingPwd); // Do RC4 encryption encryptedPwd.Buffer = RC4Encrypt(encryptedPwd.Buffer, 0, encryptedPwd.Buffer.Length, oldLmowf); return encryptedPwd; }
/// <summary> /// Decodes the request stub, and fills the fields of the class /// </summary> /// <param name="sessionContext">The session context of the request received</param> /// <param name="requestStub">The request stub got from RPCE layer</param> internal override void Decode(SamrServerSessionContext sessionContext, byte[] requestStub) { using (RpceInt3264Collection inParams = RpceStubDecoder.ToParamList( RpceStubHelper.GetPlatform(), SamrRpcStubFormatString.TypeFormatString, new RpceStubExprEval[]{ new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_INFORMATIONExprEval_0000), new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_LOGON_HOURS_INFORMATIONExprEval_0001), new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_USER_ACCOUNT_INFORMATIONExprEval_0002), new RpceStubExprEval(SamrRpcAdapter.samr_SAMPR_LOGON_HOURSExprEval_0003)}, SamrRpcStubFormatString.ProcFormatString, SamrRpcStubFormatString.ProcFormatStringOffsetTable[(int)Opnum], false, requestStub)) { ServerName = TypeMarshal.ToStruct<_RPC_UNICODE_STRING>(inParams[0]); UserName = TypeMarshal.ToStruct<_RPC_UNICODE_STRING>(inParams[1]); NewPasswordEncryptedWithOldNt = TypeMarshal.ToStruct<_SAMPR_ENCRYPTED_USER_PASSWORD>(inParams[2]); OldNtOwfPasswordEncryptedWithNewNt = TypeMarshal.ToStruct<_ENCRYPTED_LM_OWF_PASSWORD>(inParams[3]); LmPresent = (byte)inParams[4].ToInt32(); NewPasswordEncryptedWithOldLm = TypeMarshal.ToStruct<_SAMPR_ENCRYPTED_USER_PASSWORD>(inParams[5]); OldLmOwfPasswordEncryptedWithNewNt = TypeMarshal.ToStruct<_ENCRYPTED_LM_OWF_PASSWORD>(inParams[6]); } }