s3:smbd:password_in_history: treat entry with 0 salt as 0 + plain nt hash

This is to introduce a new format of the password history, maintaining backwards
compatibility: The old format was 16 byte hash + 16 byte md5(salt + nt hash).
The new format is 16 zero bytes and 16 bytes nt hash.

This will allow us to respect the last X entries of the nt password history
when deciding whether to increment the bad password count.

This is part of the fix for bug #4347 .

Michael

1 files changed, 24 insertions, 6 deletions

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index c858c2dfa0..dcefc82bba 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1031,13 +1031,31 @@ bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
 			/* Ignore zero valued entries. */
 			continue;
 		}
-		/* Create salted versions of new to compare. */
-		E_md5hash(current_salt, nt_pw, new_nt_pw_salted_md5_hash);
 
-		if (memcmp(new_nt_pw_salted_md5_hash,
-			   old_nt_pw_salted_md5_hash,
-			   SALTED_MD5_HASH_LEN) == 0) {
-			return true;
+		if (memcmp(zero_md5_nt_pw, current_salt,
+			   PW_HISTORY_SALT_LEN) == 0)
+		{
+			/*
+			 * New format: zero salt and then plain nt hash.
+			 * Directly compare the hashes.
+			 */
+			if (memcmp(nt_pw, old_nt_pw_salted_md5_hash,
+				   SALTED_MD5_HASH_LEN) == 0)
+			{
+				return true;
+			}
+		} else {
+			/*
+			 * Old format: md5sum of salted nt hash.
+			 * Create salted version of new pw to compare.
+			 */
+			E_md5hash(current_salt, nt_pw, new_nt_pw_salted_md5_hash);
+
+			if (memcmp(new_nt_pw_salted_md5_hash,
+				   old_nt_pw_salted_md5_hash,
+				   SALTED_MD5_HASH_LEN) == 0) {
+				return true;
+			}
 		}
 	}
 	return false;