From bdbc959a9afd7fab159f235551c25139763af100 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 2 Oct 1998 18:45:07 +0000 Subject: - static function "create_new_hashes" was identical to "nt_lm_owf_gen". create_new_hashes didn't zero the buffer for the md4hash: nt_lm_owf_gen did, because jeremy sorted this out a couple of days ago. call nt_lm_owf_gen instead. - call SMBOWFencrypt from SMBencrypt and SMBNTencrypt. - added #ifdef DEBUG_PASSWORD debug password calls. (This used to be commit a4e7cc3e46b713aa0ae55de74a1c70921bef578d) --- source3/include/rpc_samr.h | 4 ++-- source3/libsmb/smbencrypt.c | 46 +++++++++++++++++++++++++++++++++---------- source3/rpc_server/srv_samr.c | 2 +- source3/utils/smbpasswd.c | 25 ++--------------------- 4 files changed, 41 insertions(+), 36 deletions(-) diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index bcce64b6be..2e569396b9 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -334,13 +334,13 @@ typedef struct sam_unkown_info_2_info pointer is referring to */ - uint32 unknown_4; /* 0x0000 0099 */ + uint32 unknown_4; /* 0x0000 0099, 0x0000 0045 */ uint32 unknown_5; /* 0x0000 0000 */ uint32 unknown_6 ; /* 0x0000 0001 */ uint32 unknown_7 ; /* 0x0000 0003 */ uint32 unknown_8 ; /* 0x0000 0001 */ - uint32 unknown_9 ; /* 0x0000 0008 */ + uint32 unknown_9 ; /* 0x0000 0008, 0x0000 0006 */ uint32 unknown_10; /* 0x0000 0003 */ uint8 padding[16]; /* 16 bytes zeros */ diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 89c6eba810..bf9736d724 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -32,15 +32,23 @@ extern int DEBUGLEVEL; encrypted password into p24 */ void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) { - uchar p14[15], p21[21]; + uchar p14[15], p21[21]; - memset(p21,'\0',21); - memset(p14,'\0',14); - StrnCpy((char *)p14,(char *)passwd,14); + memset(p21,'\0',21); + memset(p14,'\0',14); + StrnCpy((char *)p14,(char *)passwd,14); + + strupper((char *)p14); + E_P16(p14, p21); + + SMBOWFencrypt(p21, c8, p24); - strupper((char *)p14); - E_P16(p14, p21); - E_P24(p21, c8, p24); +#ifdef DEBUG_PASSWORD + DEBUG(100,("SMBencrypt: lm#, challenge, response\n")); + dump_data(100, p21, 16); + dump_data(100, c8, 8); + dump_data(100, p24, 24); +#endif } /* Routines for Windows NT MD4 Hash functions. */ @@ -102,13 +110,19 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { char passwd[130]; - memset(passwd,'\0',130); - safe_strcpy( passwd, pwd, sizeof(passwd)-1); + memset(passwd,'\0',130); + safe_strcpy( passwd, pwd, sizeof(passwd)-1); /* Calculate the MD4 hash (NT compatible) of the password */ memset(nt_p16, '\0', 16); E_md4hash((uchar *)passwd, nt_p16); +#ifdef DEBUG_PASSWORD + DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, nt_p16, 16); +#endif + /* Mangle the passwords into Lanman format */ passwd[14] = '\0'; strupper(passwd); @@ -118,6 +132,11 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) memset(p16, '\0', 16); E_P16((uchar *) passwd, (uchar *)p16); +#ifdef DEBUG_PASSWORD + DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, p16, 16); +#endif /* clear out local copy of user's password (just being paranoid). */ bzero(passwd, sizeof(passwd)); } @@ -143,7 +162,14 @@ void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) memset(p21,'\0',21); E_md4hash(passwd, p21); - E_P24(p21, c8, p24); + SMBOWFencrypt(p21, c8, p24); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n")); + dump_data(100, p21, 16); + dump_data(100, c8, 8); + dump_data(100, p24, 24); +#endif } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 2516637599..22827f9f5c 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -1298,7 +1298,7 @@ static struct api_struct api_samr_cmds [] = { "SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias }, { "SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain }, { "SAMR_UNKNOWN_3" , SAMR_UNKNOWN_3 , api_samr_unknown_3 }, - { NULL , 0 , NULL } + { NULL , 0 , NULL } }; /******************************************************************* diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index e5e5424a2b..5ea0854230 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -113,27 +113,6 @@ unable to join domain.\n", prog_name); return (int)ret; } -/************************************************************* - Utility function to create password hashes. -*************************************************************/ - -static void create_new_hashes( char *new_passwd, uchar *new_p16, uchar *new_nt_p16) -{ - memset(new_nt_p16, '\0', 16); - E_md4hash((uchar *) new_passwd, new_nt_p16); - - /* Mangle the password into Lanman format */ - new_passwd[14] = '\0'; - strupper(new_passwd); - - /* - * Calculate the SMB (lanman) hash functions of the new password. - */ - - memset(new_p16, '\0', 16); - E_P16((uchar *) new_passwd, new_p16); -} - /************************************************************* Utility function to prompt for new password. *************************************************************/ @@ -555,7 +534,7 @@ int main(int argc, char **argv) /* Calculate the MD4 hash (NT compatible) of the new password. */ - create_new_hashes( new_passwd, new_p16, new_nt_p16); + nt_lm_owf_gen( new_passwd, new_nt_p16, new_p16); /* * Open the smbpaswd file. @@ -634,7 +613,7 @@ int main(int argc, char **argv) else if (enable_user) { if(smb_pwent->smb_passwd == NULL) { prompt_for_new_password(new_passwd); - create_new_hashes( new_passwd, new_p16, new_nt_p16); + nt_lm_owf_gen( new_passwd, new_nt_p16, new_p16); smb_pwent->smb_passwd = new_p16; smb_pwent->smb_nt_passwd = new_nt_p16; } -- cgit