summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-10-16 12:09:55 +0200
committerGünther Deschner <gd@samba.org>2009-10-16 14:54:57 +0200
commit8267564e1c52b3d335bf892ab71963bfb0e6e7e8 (patch)
tree1729b83245ab57bea062779fa989cd1d36f0c41f
parentc2966a0766998b732c190860879c001d6140863e (diff)
downloadsamba-8267564e1c52b3d335bf892ab71963bfb0e6e7e8.tar.gz
samba-8267564e1c52b3d335bf892ab71963bfb0e6e7e8.tar.bz2
samba-8267564e1c52b3d335bf892ab71963bfb0e6e7e8.zip
s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling.
Following Andrew's advice, let's straight md4 the plaintext blob and avoid trying to get a paintext string out of the input the client sends. Guenther
-rw-r--r--source3/rpc_server/srv_netlog_nt.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 4b83279897..491754f76a 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -827,6 +827,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
struct samu *sampass;
DATA_BLOB plaintext;
struct samr_CryptPassword password_buf;
+ struct samr_Password nt_hash;
become_root();
status = netr_creds_server_step_check(p, p->mem_ctx,
@@ -852,6 +853,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
return NT_STATUS_WRONG_PASSWORD;
}
+ mdfour(nt_hash.hash, plaintext.data, plaintext.length);
+
status = netr_find_machine_account(p->mem_ctx,
creds->account_name,
&sampass);
@@ -861,8 +864,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
status = netr_set_machine_account_password(sampass,
sampass,
- &plaintext,
NULL,
+ &nt_hash,
NULL);
TALLOC_FREE(sampass);
return status;