summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-11-25 04:10:19 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:26 -0500
commitc3a798cb7a11f95fc4a96b88eaa6b03581ccf409 (patch)
tree730d1f5e8e18a2eb899ad226239520c9a0bb62da /source3/smbd
parentf3cb4f31a20c01f34d92a4d0a6f76c8ea920af8b (diff)
downloadsamba-c3a798cb7a11f95fc4a96b88eaa6b03581ccf409.tar.gz
samba-c3a798cb7a11f95fc4a96b88eaa6b03581ccf409.tar.bz2
samba-c3a798cb7a11f95fc4a96b88eaa6b03581ccf409.zip
r3954: bring Samba3 into line with the Samba4 password change code
(This used to be commit 04a6573f894800b9d939d9b4be48790437352804)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/chgpasswd.c29
1 files changed, 11 insertions, 18 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index c91f8599c9..cc27d3baca 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -753,9 +753,8 @@ static NTSTATUS check_oem_password(const char *user,
uint16 acct_ctrl;
uint32 new_pw_len;
uchar new_nt_hash[16];
- uchar old_nt_hash_plain[16];
uchar new_lm_hash[16];
- uchar old_lm_hash_plain[16];
+ uchar verifier[16];
char no_pw[2];
BOOL ret;
@@ -784,7 +783,7 @@ static NTSTATUS check_oem_password(const char *user,
return NT_STATUS_ACCOUNT_DISABLED;
}
- if (acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) {
+ if ((acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords()) {
/* construct a null password (in case one is needed */
no_pw[0] = 0;
no_pw[1] = 0;
@@ -854,12 +853,10 @@ static NTSTATUS check_oem_password(const char *user,
if (nt_pw) {
/*
- * Now use new_nt_hash as the key to see if the old
- * password matches.
+ * check the NT verifier
*/
- D_P16(new_nt_hash, old_nt_hash_encrypted, old_nt_hash_plain);
-
- if (memcmp(nt_pw, old_nt_hash_plain, 16)) {
+ E_old_pw_hash(new_nt_hash, nt_pw, verifier);
+ if (memcmp(verifier, old_nt_hash_encrypted, 16)) {
DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
pdb_free_sam(&sampass);
return NT_STATUS_WRONG_PASSWORD;
@@ -884,12 +881,10 @@ static NTSTATUS check_oem_password(const char *user,
if (lanman_pw) {
/*
- * Now use new_nt_hash as the key to see if the old
- * LM password matches.
+ * check the lm verifier
*/
- D_P16(new_nt_hash, old_lm_hash_encrypted, old_lm_hash_plain);
-
- if (memcmp(lanman_pw, old_lm_hash_plain, 16)) {
+ E_old_pw_hash(new_nt_hash, lanman_pw, verifier);
+ if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
pdb_free_sam(&sampass);
return NT_STATUS_WRONG_PASSWORD;
@@ -908,12 +903,10 @@ static NTSTATUS check_oem_password(const char *user,
E_deshash(new_passwd, new_lm_hash);
/*
- * Now use new_lm_hash as the key to see if the old
- * password matches.
+ * check the lm verifier
*/
- D_P16(new_lm_hash, old_lm_hash_encrypted, old_lm_hash_plain);
-
- if (memcmp(lanman_pw, old_lm_hash_plain, 16)) {
+ E_old_pw_hash(new_lm_hash, lanman_pw, verifier);
+ if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
pdb_free_sam(&sampass);
return NT_STATUS_WRONG_PASSWORD;