diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-11-25 04:10:19 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:26 -0500 |
| commit | c3a798cb7a11f95fc4a96b88eaa6b03581ccf409 (patch) | |
| tree | 730d1f5e8e18a2eb899ad226239520c9a0bb62da | |
| parent | f3cb4f31a20c01f34d92a4d0a6f76c8ea920af8b (diff) | |
| download | samba-c3a798cb7a11f95fc4a96b88eaa6b03581ccf409.tar.gz samba-c3a798cb7a11f95fc4a96b88eaa6b03581ccf409.tar.bz2 samba-c3a798cb7a11f95fc4a96b88eaa6b03581ccf409.zip | |
r3954: bring Samba3 into line with the Samba4 password change code
(This used to be commit 04a6573f894800b9d939d9b4be48790437352804)
| -rw-r--r-- | source3/smbd/chgpasswd.c | 29 |
1 files changed, 11 insertions, 18 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index c91f8599c9..cc27d3baca 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -753,9 +753,8 @@ static NTSTATUS check_oem_password(const char *user, uint16 acct_ctrl; uint32 new_pw_len; uchar new_nt_hash[16]; - uchar old_nt_hash_plain[16]; uchar new_lm_hash[16]; - uchar old_lm_hash_plain[16]; + uchar verifier[16]; char no_pw[2]; BOOL ret; @@ -784,7 +783,7 @@ static NTSTATUS check_oem_password(const char *user, return NT_STATUS_ACCOUNT_DISABLED; } - if (acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) { + if ((acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords()) { /* construct a null password (in case one is needed */ no_pw[0] = 0; no_pw[1] = 0; @@ -854,12 +853,10 @@ static NTSTATUS check_oem_password(const char *user, if (nt_pw) { /* - * Now use new_nt_hash as the key to see if the old - * password matches. + * check the NT verifier */ - D_P16(new_nt_hash, old_nt_hash_encrypted, old_nt_hash_plain); - - if (memcmp(nt_pw, old_nt_hash_plain, 16)) { + E_old_pw_hash(new_nt_hash, nt_pw, verifier); + if (memcmp(verifier, old_nt_hash_encrypted, 16)) { DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); pdb_free_sam(&sampass); return NT_STATUS_WRONG_PASSWORD; @@ -884,12 +881,10 @@ static NTSTATUS check_oem_password(const char *user, if (lanman_pw) { /* - * Now use new_nt_hash as the key to see if the old - * LM password matches. + * check the lm verifier */ - D_P16(new_nt_hash, old_lm_hash_encrypted, old_lm_hash_plain); - - if (memcmp(lanman_pw, old_lm_hash_plain, 16)) { + E_old_pw_hash(new_nt_hash, lanman_pw, verifier); + if (memcmp(verifier, old_lm_hash_encrypted, 16)) { DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); pdb_free_sam(&sampass); return NT_STATUS_WRONG_PASSWORD; @@ -908,12 +903,10 @@ static NTSTATUS check_oem_password(const char *user, E_deshash(new_passwd, new_lm_hash); /* - * Now use new_lm_hash as the key to see if the old - * password matches. + * check the lm verifier */ - D_P16(new_lm_hash, old_lm_hash_encrypted, old_lm_hash_plain); - - if (memcmp(lanman_pw, old_lm_hash_plain, 16)) { + E_old_pw_hash(new_lm_hash, lanman_pw, verifier); + if (memcmp(verifier, old_lm_hash_encrypted, 16)) { DEBUG(0,("check_oem_password: old lm password doesn't match.\n")); pdb_free_sam(&sampass); return NT_STATUS_WRONG_PASSWORD; |