summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2002-11-10 02:16:43 +0000
committerAndrew Tridgell <tridge@samba.org>2002-11-10 02:16:43 +0000
commit0026d5fb681d834f8db171b8ceed634b1976ad8f (patch)
tree63a21100e3d3e17ef116df5ba27ebcc1efd16288 /source3/utils
parenta46d452926cea70bb59ba470cfc5cb2cde88c027 (diff)
downloadsamba-0026d5fb681d834f8db171b8ceed634b1976ad8f.tar.gz
samba-0026d5fb681d834f8db171b8ceed634b1976ad8f.tar.bz2
samba-0026d5fb681d834f8db171b8ceed634b1976ad8f.zip
make sure we don't try to decode any null password buffers during a
SAM sync. This copes with both unset passwords from NT4 DCs and the null passwords you get from w2k domains. (This used to be commit 20c1cd86aca8040c1fe7497b84bb546526676e48)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_rpc_samsync.c41
1 files changed, 30 insertions, 11 deletions
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 583d50cf4f..34d926ab61 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -56,14 +56,23 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
{
fstring hex_nt_passwd, hex_lm_passwd;
uchar lm_passwd[16], nt_passwd[16];
+ static uchar zero_buf[16];
- /* Decode hashes from password hash */
- sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
- sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
+ /* Decode hashes from password hash (if they are not NULL) */
- /* Encode as strings */
- smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
- smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
+ if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) {
+ sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
+ smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
+ } else {
+ smbpasswd_sethexpwd(hex_lm_passwd, NULL, 0);
+ }
+
+ if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) {
+ sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
+ smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
+ } else {
+ smbpasswd_sethexpwd(hex_nt_passwd, NULL, 0);
+ }
printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
a->user_rid, hex_lm_passwd, hex_nt_passwd,
@@ -194,6 +203,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
{
fstring s;
uchar lm_passwd[16], nt_passwd[16];
+ static uchar zero_buf[16];
/* Username, fullname, home dir, dir drive, logon script, acct
desc, workstations, profile. */
@@ -246,11 +256,20 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED);
- /* Decode hashes from password hash */
- sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
- sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
- pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
- pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
+ /* Decode hashes from password hash
+ Note that win2000 may send us all zeros for the hashes if it doesn't
+ think this channel is secure enough - don't set the passwords at all
+ in that case
+ */
+ if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) {
+ sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
+ pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
+ }
+
+ if (memcmp(delta->pass.buf_nt_pwd, zero_buf, 16) != 0) {
+ sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
+ pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
+ }
/* TODO: account expiry time */