s3:passdb: store the plain nt passwords hashes in history, not salted md5

This is in order to be able to do challenge response with the history,
so that this can be checked when an invalid password was entered:
If the given password is wrong but in the history, then the bad password
count should not be updated...

The "lucky" bit here is that the md5 has and the nt hash (md4) both are
16 bytes long.

This is part of the fix for bug #4347 .

Michael

1 files changed, 10 insertions, 5 deletions

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 005cf46a62..7fc9f92b2c 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1070,15 +1070,20 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
 	}
 
 	/*
-	 * Create the new salt as the first part of the history entry.
+	 * Fill the salt area with 0-s: this indicates that
+	 * a plain nt hash is stored in the has area.
+	 * The old format was to store a 16 byte salt and
+	 * then an md5hash of the nt_hash concatenated with
+	 * the salt.
 	 */
-	generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
+	memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
 
 	/*
-	 * Generate the md5 hash of the salt+new password as the
-	 * second part of the history entry.
+	 * Store the plain nt hash in the second 16 bytes.
+	 * The old format was to store the md5 hash of
+	 * the salt+newpw.
 	 */
-	E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
+	memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
 
 	pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);