(merge from 3.0)

Make more functions static, and remove duplication in the use of functions
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c

(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).

This also includes some >14 character password changes, and the start
of a move away from using 'admin user' to determine if the user is
root (as root can login without setting 'admin user').

Andrew Bartlett
(This used to be commit be0704abb919152c359a735023283acbf9be3076)

1 files changed, 14 insertions, 3 deletions

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 869165f1dc..be03157636 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1102,13 +1102,24 @@ BOOL pdb_set_plaintext_passwd (SAM_ACCOUNT *sampass, const char *plaintext)
 	if (!sampass || !plaintext)
 		return False;
 	
-	nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
+	/* Calculate the MD4 hash (NT compatible) of the password */
+	E_md4hash(plaintext, new_nt_p16);
 
 	if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED)) 
 		return False;
 
-	if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) 
-		return False;
+	if (!E_deshash(plaintext, new_lanman_p16)) {
+		/* E_deshash returns false for 'long' passwords (> 14
+		   DOS chars).  This allows us to match Win2k, which
+		   does not store a LM hash for these passwords (which
+		   would reduce the effective password length to 14 */
+
+		if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED)) 
+			return False;
+	} else {
+		if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED)) 
+			return False;
+	}
 
 	if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED)) 
 		return False;