diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-04-12 11:29:59 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-04-13 14:47:08 +1000 |
commit | bf431fbedb8119b392b071f903b63e0f9671ee49 (patch) | |
tree | 0219ceacfe1fd60c76af66c96f3dc5d7a1154eef | |
parent | d335b635c2a5ebd8ac5478a4293798072ac18d47 (diff) | |
download | samba-bf431fbedb8119b392b071f903b63e0f9671ee49.tar.gz samba-bf431fbedb8119b392b071f903b63e0f9671ee49.tar.bz2 samba-bf431fbedb8119b392b071f903b63e0f9671ee49.zip |
libcli/auth Use convert_string_error to check LM hash calculation.
This allows us to know if the LM hash was built correctly or not.
NOTE: talloc_tos() is not available in the common code at this time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r-- | libcli/auth/smbencrypt.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index 825739ac4b..cbb2eb5c9c 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -116,22 +116,37 @@ void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_ou bool E_deshash(const char *passwd, uint8_t p16[16]) { - bool ret = true; - char dospwd[256]; - ZERO_STRUCT(dospwd); + bool ret; + uint8_t dospwd[14]; - /* Password must be converted to DOS charset - null terminated, uppercase. */ - push_string(dospwd, passwd, sizeof(dospwd), STR_ASCII|STR_UPPER|STR_TERMINATE); + size_t converted_size; - /* Only the first 14 chars are considered, password need not be null terminated. */ - E_P16((const uint8_t *)dospwd, p16); + char *tmpbuf; - if (strlen(dospwd) > 14) { - ret = false; + ZERO_STRUCT(dospwd); + + tmpbuf = strupper_talloc(NULL, passwd); + if (tmpbuf == NULL) { + /* Too many callers don't check this result, we need to fill in the buffer with something */ + safe_strcpy((char *)dospwd, passwd, sizeof(dospwd)-1); + E_P16(dospwd, p16); + return false; } ZERO_STRUCT(dospwd); + ret = convert_string_error(CH_UNIX, CH_DOS, tmpbuf, strlen(tmpbuf), dospwd, sizeof(dospwd), &converted_size); + talloc_free(tmpbuf); + + /* Only the first 14 chars are considered, password need not + * be null terminated. We do this in the error and success + * case to avoid returning a fixed 'password' buffer, but + * callers should not use it when E_deshash returns false */ + + E_P16((const uint8_t *)dospwd, p16); + + ZERO_STRUCT(dospwd); + return ret; } |