summaryrefslogtreecommitdiff
path: root/source4/libcli
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-10-16 12:48:16 +1100
committerAndrew Bartlett <abartlet@samba.org>2008-10-16 12:48:16 +1100
commit7c88ea8aadfc2be0726cbe555543cfab8804c470 (patch)
tree56f84c94f69e06880c6ad416117f0a1d7e7f5882 /source4/libcli
parentfc54ca014b21b655b643697475c6a0c05e773fc4 (diff)
downloadsamba-7c88ea8aadfc2be0726cbe555543cfab8804c470.tar.gz
samba-7c88ea8aadfc2be0726cbe555543cfab8804c470.tar.bz2
samba-7c88ea8aadfc2be0726cbe555543cfab8804c470.zip
Create a 'straight paper path' for UTF16 passwords.
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/auth/smbencrypt.c33
1 files changed, 32 insertions, 1 deletions
diff --git a/source4/libcli/auth/smbencrypt.c b/source4/libcli/auth/smbencrypt.c
index 3af7e45002..6eb8767140 100644
--- a/source4/libcli/auth/smbencrypt.c
+++ b/source4/libcli/auth/smbencrypt.c
@@ -536,9 +536,40 @@ bool decode_pw_buffer(uint8_t in_buffer[516], char *new_pwrd,
#ifdef DEBUG_PASSWORD
DEBUG(100,("decode_pw_buffer: new_pwrd: "));
dump_data(100, (const uint8_t *)new_pwrd, converted_pw_len);
- DEBUG(100,("multibyte len:%d\n", converted_pw_len));
+ DEBUG(100,("multibyte len:%d\n", (int)converted_pw_len));
DEBUG(100,("original char len:%d\n", byte_len/2));
#endif
return true;
}
+
+/***********************************************************
+ decode a password buffer
+ *new_pw_size is the length in bytes of the extracted unicode password
+************************************************************/
+bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
+ uint8_t in_buffer[516], DATA_BLOB *new_pass)
+{
+ int byte_len=0;
+
+ /* The length of the new password is in the last 4 bytes of the data buffer. */
+
+ byte_len = IVAL(in_buffer, 512);
+
+#ifdef DEBUG_PASSWORD
+ dump_data(100, in_buffer, 516);
+#endif
+
+ /* Password cannot be longer than the size of the password buffer */
+ if ( (byte_len < 0) || (byte_len > 512)) {
+ return false;
+ }
+
+ *new_pass = data_blob_talloc(mem_ctx, &in_buffer[512 - byte_len], byte_len);
+
+ if (!*new_pass->data) {
+ return false;
+ }
+
+ return true;
+}