diff options
-rw-r--r-- | source3/include/proto.h | 5 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 86 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 24 |
3 files changed, 83 insertions, 32 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 35ac728921..2b2a85ed4e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -838,8 +838,11 @@ void sam_pwd_hash(uint32 rid, const uchar *in, uchar *out, int forw); void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24); void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); void E_md4hash(uchar *passwd, uchar *p16); +void lm_owf_genW(const UNISTR2 *pwd, uchar p16[16]); void lm_owf_gen(const char *pwd, uchar p16[16]); +void nt_owf_genW(const UNISTR2 *pwd, uchar nt_p16[16]); void nt_owf_gen(const char *pwd, uchar nt_p16[16]); +void nt_lm_owf_genW(const UNISTR2 *pwd, uchar nt_p16[16], uchar lm_p16[16]); void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar lm_p16[16]); void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); void SMBOWFencrypt_ntv2(const uchar kr[16], @@ -861,7 +864,7 @@ void create_ntlmssp_resp(struct pwd_info *pwd, uint32 ntlmssp_cli_flgs, prs_struct *auth_resp); BOOL decode_pw_buffer(const char buffer[516], char *new_passwd, - int new_passwd_size, BOOL nt_pass_set); + int new_passwd_size, uint32 *new_pw_len); BOOL encode_pw_buffer(char buffer[516], const char *new_pass, int new_pw_len, BOOL nt_pass_set); diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 46e979fd18..659dba6562 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -133,6 +133,35 @@ void E_md4hash(uchar *passwd, uchar *p16) } /* Does the LM owf of a user's password */ +void lm_owf_genW(const UNISTR2 *pwd, uchar p16[16]) +{ + char passwd[15]; + + memset(passwd,'\0',15); + if (pwd != NULL) + { + unistr2_to_ascii( passwd, pwd, sizeof(passwd)-1); + } + + /* Mangle the passwords into Lanman format */ + passwd[14] = '\0'; + strupper(passwd); + + /* Calculate the SMB (lanman) hash functions of the password */ + + memset(p16, '\0', 16); + E_P16((uchar *) passwd, (uchar *)p16); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, p16, 16); +#endif + /* clear out local copy of user's password (just being paranoid). */ + bzero(passwd, sizeof(passwd)); +} + +/* Does the LM owf of a user's password */ void lm_owf_gen(const char *pwd, uchar p16[16]) { char passwd[15]; @@ -162,6 +191,30 @@ void lm_owf_gen(const char *pwd, uchar p16[16]) } /* Does both the NT and LM owfs of a user's password */ +void nt_owf_genW(const UNISTR2 *pwd, uchar nt_p16[16]) +{ + UNISTR2 passwd; + + memset(&passwd,'\0',sizeof(passwd)); + if (pwd != NULL) + { + copy_unistr2(&passwd, pwd); + } + + /* Calculate the MD4 hash (NT compatible) of the password */ + memset(nt_p16, '\0', 16); + mdfour(nt_p16, (unsigned char *)passwd.buffer, passwd.uni_str_len * 2); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("nt_owf_gen: pwd, nt#\n")); + dump_data(120, (const char*)passwd.buffer, passwd.uni_str_len * 2); + dump_data(100, nt_p16, 16); +#endif + /* clear out local copy of user's password (just being paranoid). */ + memset(&passwd, 0, sizeof(passwd)); +} + +/* Does both the NT and LM owfs of a user's password */ void nt_owf_gen(const char *pwd, uchar nt_p16[16]) { char passwd[130]; @@ -177,7 +230,7 @@ void nt_owf_gen(const char *pwd, uchar nt_p16[16]) E_md4hash((uchar *)passwd, nt_p16); #ifdef DEBUG_PASSWORD - DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n")); + DEBUG(100,("nt_owf_gen: pwd, nt#\n")); dump_data(120, passwd, strlen(passwd)); dump_data(100, nt_p16, 16); #endif @@ -185,6 +238,13 @@ void nt_owf_gen(const char *pwd, uchar nt_p16[16]) bzero(passwd, sizeof(passwd)); } +/* Does both the NT and LM owfs of a user's UNICODE password */ +void nt_lm_owf_genW(const UNISTR2 *pwd, uchar nt_p16[16], uchar lm_p16[16]) +{ + nt_owf_genW(pwd, nt_p16); + lm_owf_genW(pwd, lm_p16); +} + /* Does both the NT and LM owfs of a user's password */ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar lm_p16[16]) { @@ -434,39 +494,27 @@ void create_ntlmssp_resp(struct pwd_info *pwd, decode a password buffer ************************************************************/ BOOL decode_pw_buffer(const char buffer[516], char *new_passwd, - int new_passwd_size, BOOL nt_pass_set) + int new_passwd_size, uint32 *new_pw_len) { /* * The length of the new password is in the last 4 bytes of * the data buffer. */ - uint32 new_pw_len = IVAL(buffer, 512); + (*new_pw_len) = IVAL(buffer, 512); #ifdef DEBUG_PASSWORD dump_data(100, buffer, 516); #endif - if (new_pw_len < 0 || new_pw_len > new_passwd_size - 1) + if ((*new_pw_len) < 0 || (*new_pw_len) > new_passwd_size - 1) { - DEBUG(0,("check_oem_password: incorrect password length (%d).\n", new_pw_len)); + DEBUG(0,("check_oem_password: incorrect password length (%d).\n", (*new_pw_len))); return False; } - if (nt_pass_set) - { - /* - * nt passwords are in unicode - */ - int uni_pw_len = new_pw_len; - new_pw_len /= 2; - unibuf_to_ascii(new_passwd, &buffer[512-uni_pw_len], new_pw_len); - } - else - { - memcpy(new_passwd, &buffer[512-new_pw_len], new_pw_len); - new_passwd[new_pw_len] = '\0'; - } + memcpy(new_passwd, &buffer[512-(*new_pw_len)], (*new_pw_len)); + new_passwd[(*new_pw_len)] = '\0'; return True; } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index a220e38b07..e55a6b2ce8 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -2052,7 +2052,8 @@ static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid) struct sam_passwd new_pwd; static uchar nt_hash[16]; static uchar lm_hash[16]; - pstring new_pw; + UNISTR2 new_pw; + uint32 len; if (pwd == NULL) { @@ -2062,16 +2063,15 @@ static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid) pwdb_init_sam(&new_pwd); copy_sam_passwd(&new_pwd, pwd); - if (!decode_pw_buffer(id24->pass, new_pw, sizeof(new_pw), True)) + if (!decode_pw_buffer(id24->pass, (char *)new_pw.buffer, 256, &len)) { return False; } -#ifdef DEBUG_PASSWORD - DEBUG(0,("New Password: %s\n", new_pw)); -#endif + new_pw.uni_max_len = len / 2; + new_pw.uni_str_len = len / 2; - nt_lm_owf_gen(new_pw, nt_hash, lm_hash); + nt_lm_owf_genW(&new_pw, nt_hash, lm_hash); new_pwd.smb_passwd = lm_hash; new_pwd.smb_nt_passwd = nt_hash; @@ -2088,7 +2088,8 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) struct sam_passwd new_pwd; static uchar nt_hash[16]; static uchar lm_hash[16]; - pstring new_pw; + UNISTR2 new_pw; + uint32 len; if (id23 == NULL) { @@ -2104,16 +2105,15 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) copy_sam_passwd(&new_pwd, pwd); copy_id23_to_sam_passwd(&new_pwd, id23); - if (!decode_pw_buffer(id23->pass, new_pw, sizeof(new_pw), True)) + if (!decode_pw_buffer(id23->pass, (char*)new_pw.buffer, 256, &len)) { return False; } -#ifdef DEBUG_PASSWORD - DEBUG(0,("New Password: %s\n", new_pw)); -#endif + new_pw.uni_max_len = len / 2; + new_pw.uni_str_len = len / 2; - nt_lm_owf_gen(new_pw, nt_hash, lm_hash); + nt_lm_owf_genW(&new_pw, nt_hash, lm_hash); new_pwd.smb_passwd = lm_hash; new_pwd.smb_nt_passwd = nt_hash; |