summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-04-12 11:29:59 +1000
committerAndrew Tridgell <tridge@samba.org>2011-04-13 14:47:08 +1000
commitbf431fbedb8119b392b071f903b63e0f9671ee49 (patch)
tree0219ceacfe1fd60c76af66c96f3dc5d7a1154eef
parentd335b635c2a5ebd8ac5478a4293798072ac18d47 (diff)
downloadsamba-bf431fbedb8119b392b071f903b63e0f9671ee49.tar.gz
samba-bf431fbedb8119b392b071f903b63e0f9671ee49.tar.bz2
samba-bf431fbedb8119b392b071f903b63e0f9671ee49.zip
libcli/auth Use convert_string_error to check LM hash calculation.
This allows us to know if the LM hash was built correctly or not. NOTE: talloc_tos() is not available in the common code at this time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--libcli/auth/smbencrypt.c33
1 files changed, 24 insertions, 9 deletions
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 825739ac4b..cbb2eb5c9c 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -116,22 +116,37 @@ void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_ou
bool E_deshash(const char *passwd, uint8_t p16[16])
{
- bool ret = true;
- char dospwd[256];
- ZERO_STRUCT(dospwd);
+ bool ret;
+ uint8_t dospwd[14];
- /* Password must be converted to DOS charset - null terminated, uppercase. */
- push_string(dospwd, passwd, sizeof(dospwd), STR_ASCII|STR_UPPER|STR_TERMINATE);
+ size_t converted_size;
- /* Only the first 14 chars are considered, password need not be null terminated. */
- E_P16((const uint8_t *)dospwd, p16);
+ char *tmpbuf;
- if (strlen(dospwd) > 14) {
- ret = false;
+ ZERO_STRUCT(dospwd);
+
+ tmpbuf = strupper_talloc(NULL, passwd);
+ if (tmpbuf == NULL) {
+ /* Too many callers don't check this result, we need to fill in the buffer with something */
+ safe_strcpy((char *)dospwd, passwd, sizeof(dospwd)-1);
+ E_P16(dospwd, p16);
+ return false;
}
ZERO_STRUCT(dospwd);
+ ret = convert_string_error(CH_UNIX, CH_DOS, tmpbuf, strlen(tmpbuf), dospwd, sizeof(dospwd), &converted_size);
+ talloc_free(tmpbuf);
+
+ /* Only the first 14 chars are considered, password need not
+ * be null terminated. We do this in the error and success
+ * case to avoid returning a fixed 'password' buffer, but
+ * callers should not use it when E_deshash returns false */
+
+ E_P16((const uint8_t *)dospwd, p16);
+
+ ZERO_STRUCT(dospwd);
+
return ret;
}