diff options
| author | Günther Deschner <gd@samba.org> | 2009-10-16 12:09:55 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2009-10-16 14:54:57 +0200 |
| commit | 8267564e1c52b3d335bf892ab71963bfb0e6e7e8 (patch) | |
| tree | 1729b83245ab57bea062779fa989cd1d36f0c41f /source3 | |
| parent | c2966a0766998b732c190860879c001d6140863e (diff) | |
| download | samba-8267564e1c52b3d335bf892ab71963bfb0e6e7e8.tar.gz samba-8267564e1c52b3d335bf892ab71963bfb0e6e7e8.tar.bz2 samba-8267564e1c52b3d335bf892ab71963bfb0e6e7e8.zip | |
s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling.
Following Andrew's advice, let's straight md4 the plaintext blob and avoid
trying to get a paintext string out of the input the client sends.
Guenther
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 4b83279897..491754f76a 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -827,6 +827,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, struct samu *sampass; DATA_BLOB plaintext; struct samr_CryptPassword password_buf; + struct samr_Password nt_hash; become_root(); status = netr_creds_server_step_check(p, p->mem_ctx, @@ -852,6 +853,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, return NT_STATUS_WRONG_PASSWORD; } + mdfour(nt_hash.hash, plaintext.data, plaintext.length); + status = netr_find_machine_account(p->mem_ctx, creds->account_name, &sampass); @@ -861,8 +864,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, status = netr_set_machine_account_password(sampass, sampass, - &plaintext, NULL, + &nt_hash, NULL); TALLOC_FREE(sampass); return status; |