diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 59 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 28 |
2 files changed, 21 insertions, 66 deletions
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index b6273dedfc..119490aa7f 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -292,16 +292,15 @@ BOOL encode_pw_buffer(char buffer[516], const char *new_pass, /*********************************************************** decode a password buffer + *new_pw_len is the length in bytes of the possibly mulitbyte + returned password including termination. ************************************************************/ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd, - int new_pwrd_size, uint32 *new_pw_len, - uchar nt_p16[16], uchar p16[16]) + int new_pwrd_size, uint32 *new_pw_len) { - int uni_pw_len=0; int byte_len=0; char unicode_passwd[514]; char lm_ascii_passwd[514]; - char passwd[514]; /* Warning !!! : This function is called from some rpc call. @@ -310,13 +309,6 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd, If you reuse that code somewhere else check first. */ - ZERO_STRUCT(unicode_passwd); - ZERO_STRUCT(lm_ascii_passwd); - ZERO_STRUCT(passwd); - - memset(nt_p16, '\0', 16); - memset(p16, '\0', 16); - /* The length of the new password is in the last 4 bytes of the data buffer. */ byte_len = IVAL(in_buffer, 512); @@ -328,50 +320,19 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd, /* Password cannot be longer than 128 characters */ if ( (byte_len < 0) || (byte_len > new_pwrd_size - 1)) { DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len)); + DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n")); return False; } - - pull_string(NULL, passwd, &in_buffer[512 - byte_len], -1, byte_len, STR_UNICODE); - uni_pw_len = byte_len/2; - -#ifdef DEBUG_PASSWORD - DEBUG(100,("nt_lm_owf_gen: passwd: ")); - dump_data(100, (char *)passwd, uni_pw_len); - DEBUG(100,("len:%d\n", uni_pw_len)); -#endif - memcpy(unicode_passwd, &in_buffer[512 - byte_len], byte_len); - - mdfour(nt_p16, (unsigned char *)unicode_passwd, byte_len); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("nt_lm_owf_gen: nt#:")); - dump_data(100, (char *)nt_p16, 16); - DEBUG(100,("\n")); -#endif - - /* Mangle the passwords into Lanman format */ - memcpy(lm_ascii_passwd, passwd, byte_len/2); - lm_ascii_passwd[14] = '\0'; - strupper(lm_ascii_passwd); - /* Calculate the SMB (lanman) hash functions of the password */ - E_P16((uchar *) lm_ascii_passwd, (uchar *)p16); + /* decode into the return buffer. Buffer must be a pstring */ + *new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, STR_UNICODE); #ifdef DEBUG_PASSWORD - DEBUG(100,("nt_lm_owf_gen: lm#:")); - dump_data(100, (char *)p16, 16); - DEBUG(100,("\n")); + DEBUG(100,("decode_pw_buffer: new_pwrd: ")); + dump_data(100, (char *)new_pwrd, *new_pw_len); + DEBUG(100,("multibyte len:%d\n", *new_pw_len)); + DEBUG(100,("original char len:%d\n", byte_len/2)); #endif - - /* copy the password and it's length to the return buffer */ - *new_pw_len = byte_len/2; - memcpy(new_pwrd, passwd, uni_pw_len); - new_pwrd[uni_pw_len]='\0'; - - /* clear out local copy of user's password (just being paranoid). */ - ZERO_STRUCT(unicode_passwd); - ZERO_STRUCT(lm_ascii_passwd); - ZERO_STRUCT(passwd); return True; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4ffd1c85b5..4290e24395 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2339,9 +2339,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) { SAM_ACCOUNT *pwd = NULL; SAM_ACCOUNT *new_pwd = NULL; - uint8 nt_hash[16]; - uint8 lm_hash[16]; - pstring buf; + pstring plaintext_buf; uint32 len; uint16 acct_ctrl; @@ -2366,13 +2364,12 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) copy_id23_to_sam_passwd(new_pwd, id23); - if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len, nt_hash, lm_hash)) { + if (!decode_pw_buffer((char*)id23->pass, plaintext_buf, 256, &len)) { pdb_free_sam(new_pwd); return False; } - pdb_set_lanman_passwd (new_pwd, lm_hash); - pdb_set_nt_passwd (new_pwd, nt_hash); + pdb_set_plaintext_passwd (new_pwd, plaintext_buf); /* if it's a trust account, don't update /etc/passwd */ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || @@ -2382,13 +2379,13 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) } else { /* update the UNIX password */ if (lp_unix_password_sync() ) - if(!chgpasswd(pdb_get_username(new_pwd), "", buf, True)) { + if(!chgpasswd(pdb_get_username(new_pwd), "", plaintext_buf, True)) { pdb_free_sam(new_pwd); return False; } } - memset(buf, 0, sizeof(buf)); + ZERO_STRUCT(plaintext_buf); if(!pdb_update_sam_account(new_pwd, True)) { pdb_free_sam(new_pwd); @@ -2407,10 +2404,8 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid) static BOOL set_user_info_pw(char *pass, uint32 rid) { SAM_ACCOUNT *pwd = NULL; - uchar nt_hash[16]; - uchar lm_hash[16]; uint32 len; - pstring buf; + pstring plaintext_buf; uint16 acct_ctrl; pdb_init_sam(&pwd); @@ -2422,15 +2417,14 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) acct_ctrl = pdb_get_acct_ctrl(pwd); - memset(buf, 0, sizeof(buf)); + ZERO_STRUCT(plaintext_buf); - if (!decode_pw_buffer(pass, buf, 256, &len, nt_hash, lm_hash)) { + if (!decode_pw_buffer(pass, plaintext_buf, 256, &len)) { pdb_free_sam(pwd); return False; } - pdb_set_lanman_passwd (pwd, lm_hash); - pdb_set_nt_passwd (pwd, nt_hash); + pdb_set_plaintext_passwd (pwd, plaintext_buf); /* if it's a trust account, don't update /etc/passwd */ if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || @@ -2440,13 +2434,13 @@ static BOOL set_user_info_pw(char *pass, uint32 rid) } else { /* update the UNIX password */ if (lp_unix_password_sync()) - if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) { + if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) { pdb_free_sam(pwd); return False; } } - memset(buf, 0, sizeof(buf)); + ZERO_STRUCT(plaintext_buf); DEBUG(5,("set_user_info_pw: pdb_update_sam_account()\n")); |