summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-04-17 19:29:51 +0000
committerJeremy Allison <jra@samba.org>1998-04-17 19:29:51 +0000
commit373d7c62577c13e1a85043844953a8d779858432 (patch)
treebaefa96a0cdba07e3d71ce6c3ecf26396347d886
parenta406ad5039bcdefb67b2093a42275882e71078c9 (diff)
downloadsamba-373d7c62577c13e1a85043844953a8d779858432.tar.gz
samba-373d7c62577c13e1a85043844953a8d779858432.tar.bz2
samba-373d7c62577c13e1a85043844953a8d779858432.zip
Changing of machine passwords now works !!!!!!
smbdes.c: Added cred_hash3. smbpasswd.c: Fixes for adding a machine account (needs more work). lib/rpc/server/srv_netlog.c: Turn on the machine password changing code by default (calls cred_hash3). Jeremy. (This used to be commit 50aa513b969c6e41911aeee8207b065f93af0beb)
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/libsmb/smbdes.c9
-rw-r--r--source3/rpc_server/srv_netlog.c58
-rw-r--r--source3/utils/smbpasswd.c33
4 files changed, 58 insertions, 43 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index c5c7c1e846..b1a5edab62 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1673,6 +1673,7 @@ void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out);
void E_old_pw_hash( unsigned char *p14, unsigned char *in, unsigned char *out);
void cred_hash1(unsigned char *out,unsigned char *in,unsigned char *key);
void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key);
+void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key);
void SamOEMhash( unsigned char *data, unsigned char *key, int val);
/*The following definitions come from smbencrypt.c */
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index e5d8f4a1e0..cf46e53ff5 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -347,6 +347,15 @@ void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key)
smbhash(out, buf, key2, 1);
}
+void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key)
+{
+ static unsigned char key2[8];
+
+ smbhash(out, in, key, 0);
+ key2[0] = key[7];
+ smbhash(out + 8, in + 8, key2, 0);
+}
+
void SamOEMhash( unsigned char *data, unsigned char *key, int val)
{
unsigned char s_box[256];
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 3912ad7938..b87ecfc646 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -367,11 +367,9 @@ static void api_net_srv_pwset( int uid,
NET_Q_SRV_PWSET q_a;
uint32 status = NT_STATUS_WRONG_PASSWORD|0xC0000000;
DOM_CRED srv_cred;
-#ifdef ALLOW_SRV_PWSET
pstring mach_acct;
struct smb_passwd *smb_pass;
BOOL ret;
-#endif
user_struct *vuser;
if ((vuser = get_valid_user_struct(uid)) == NULL) return;
@@ -387,47 +385,44 @@ static void api_net_srv_pwset( int uid,
DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
-#ifdef ALLOW_SRV_PWSET
-
pstrcpy(mach_acct, unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
q_a.clnt_id.login.uni_acct_name.uni_str_len));
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
become_root(True);
- smb_pass = get_smbpwd_entry(mach_acct, 0);
+ smb_pass = getsmbpwnam(mach_acct);
unbecome_root(True);
if (smb_pass != NULL)
{
- unsigned char pwd[16];
- uint8 mode = 2;
+ unsigned char pwd[16];
+ int i;
- memcpy(pwd, q_a.pwd, 16);
+ DEBUG(0,("Server password set : new given value was :\n"));
+ for(i = 0; i < 16; i++)
+ DEBUG(0,("%02X ", q_a.pwd[i]));
+ DEBUG(0,("\n"));
- if (obfuscate_pwd(pwd, vuser->dc.sess_key, mode))
- {
- /* lies! nt and lm passwords are _not_ the same: don't care */
- smb_pass->smb_passwd = pwd;
- smb_pass->smb_nt_passwd = pwd;
- smb_pass->acct_ctrl = ACB_WSTRUST;
-
- become_root(True);
- ret = mod_smbpwd_entry(smb_pass);
- unbecome_root(True);
-
- if (ret)
- {
- /* hooray! */
- status = 0x0;
- }
- }
- }
+ cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key);
+
+ /* lies! nt and lm passwords are _not_ the same: don't care */
+ smb_pass->smb_passwd = pwd;
+ smb_pass->smb_nt_passwd = pwd;
+ smb_pass->acct_ctrl = ACB_WSTRUST;
+
+ become_root(True);
+ ret = mod_smbpwd_entry(smb_pass);
+ unbecome_root(True);
+
+ if (ret)
+ {
+ /* hooray! */
+ status = 0x0;
+ }
+ }
DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
-#else
- DEBUG(5,("api_net_srv_pwset: server password set being denied\n"));
-#endif
}
else
@@ -436,9 +431,8 @@ static void api_net_srv_pwset( int uid,
status = 0xC0000000 | NT_STATUS_NETWORK_CREDENTIAL_CONFLICT;
}
- /* construct reply. always indicate failure. nt keeps going... */
- net_reply_srv_pwset(&q_a, rdata,
- &srv_cred, status);
+ /* Construct reply. */
+ net_reply_srv_pwset(&q_a, rdata, &srv_cred, status);
}
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index ca59ae52e9..97a38977dc 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -576,6 +576,25 @@ int main(int argc, char **argv)
}
if(*user_name) {
+
+ if(machine_account) {
+ int username_len = strlen(user_name);
+ if(username_len >= sizeof(pstring) - 1) {
+ fprintf(stderr, "%s: machine account name too long.\n", user_name);
+ exit(1);
+ }
+
+ if(user_name[username_len-1] != '$') {
+ user_name[username_len] = '$';
+ user_name[username_len+1] = '\0';
+ }
+ }
+
+ /*
+ * Setup the pwd struct to point to known
+ * values for a machine account (it doesn't
+ * exist in /etc/passwd).
+ */
if((pwd = getpwnam(user_name)) == NULL) {
fprintf(stderr, "%s: User \"%s\" was not found in system password file.\n",
prog_name, user_name);
@@ -630,6 +649,8 @@ int main(int argc, char **argv)
strncpy(new_passwd, user_name, sizeof(fstring));
new_passwd[sizeof(fstring)-1] = '\0';
strlower(new_passwd);
+ if(new_passwd[strlen(new_passwd)-1] == '$')
+ new_passwd[strlen(new_passwd)-1] = '\0';
}
/*
@@ -741,17 +762,7 @@ int main(int argc, char **argv)
* a '$' etc....
*/
- if(machine_account) {
- int username_len = strlen(user_name);
- if(username_len >= sizeof(pstring) - 1) {
- fprintf(stderr, "%s: machine account name too long.\n", user_name);
- exit(1);
- }
-
- if(user_name[username_len] != '$') {
- user_name[username_len] = '$';
- user_name[username_len+1] = '\0';
- }
+ if(machine_account && !pwd) {
/*
* Setup the pwd struct to point to known