2 files changed, 36 insertions, 15 deletions

diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c
index d282b0135a..80b938b460 100644
--- a/source4/libcli/util/smbdes.c
+++ b/source4/libcli/util/smbdes.c
@@ -357,7 +357,8 @@ void cred_hash3(unsigned char *out, unsigned char *in, const unsigned char *key,
         smbhash(out + 8, in + 8, key2, forw);
 }
 
-void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
+
+void SamOEMhashBlob(unsigned char *data, int len, const DATA_BLOB *key)
 {
 	unsigned char s_box[256];
 	unsigned char index_i = 0;
@@ -369,23 +370,22 @@ void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
 		s_box[ind] = (unsigned char)ind;
 	}
 
-	for( ind = 0; ind < 256; ind++) {
+	for (ind = 0; ind < 256; ind++) {
 		unsigned char tc;
-		
-		j += (s_box[ind] + key[ind%16]);
-		
+
+		j += (s_box[ind] + key->data[ind%key->length]);
+
 		tc = s_box[ind];
 		s_box[ind] = s_box[j];
 		s_box[j] = tc;
 	}
-
-	for (ind = 0; ind < val; ind++){
+	for (ind = 0; ind < len; ind++) {
 		unsigned char tc;
 		unsigned char t;
 
 		index_i++;
 		index_j += s_box[index_i];
-		
+
 		tc = s_box[index_i];
 		s_box[index_i] = s_box[index_j];
 		s_box[index_j] = tc;
@@ -395,6 +395,20 @@ void SamOEMhash( unsigned char *data, const unsigned char *key, int val)
 	}
 }
 
+/*
+  a varient that assumes a 16 byte key. This should be removed
+  when the last user is gone
+*/
+void SamOEMhash(unsigned char *data, const unsigned char keystr[16], int len)
+{
+	DATA_BLOB key;
+
+	key.length = 16;
+	key.data = keystr;
+	
+	SamOEMhashBlob(data, len, &key);
+}
+
 
 /* Decode a sam password hash into a password.  The password hash is the
    same method used to store passwords in the NT registry.  The DES key
diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c
index 13d56e1e78..a1c026a27d 100644
--- a/source4/libcli/util/smbencrypt.c
+++ b/source4/libcli/util/smbencrypt.c
@@ -460,21 +460,28 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password
 }
 
 /***********************************************************
- encode a password buffer.  The caller gets to figure out 
- what to put in it.
+ encode a password buffer with a unicode password.  The buffer
+ is filled with random data to make it harder to attack.
 ************************************************************/
-BOOL encode_pw_buffer(char buffer[516], char *new_pw, int new_pw_length)
+BOOL encode_pw_buffer(char buffer[516], const char *password, int string_flags)
 {
-	generate_random_buffer((unsigned char *)buffer, 516, True);
+	uchar new_pw[512];
+	size_t new_pw_len;
 
-	memcpy(&buffer[512 - new_pw_length], new_pw, new_pw_length);
+	new_pw_len = push_string(NULL, new_pw,
+				 password, 
+				 sizeof(new_pw), string_flags);
+	
+	memcpy(&buffer[512 - new_pw_len], new_pw, new_pw_len);
+
+	generate_random_buffer((unsigned char *)buffer, 512 - new_pw_len, True);
 
 	/* 
 	 * The length of the new password is in the last 4 bytes of
 	 * the data buffer.
 	 */
-	SIVAL(buffer, 512, new_pw_length);
-
+	SIVAL(buffer, 512, new_pw_len);
+	ZERO_STRUCT(new_pw);
 	return True;
 }