From c3a798cb7a11f95fc4a96b88eaa6b03581ccf409 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 25 Nov 2004 04:10:19 +0000
Subject: r3954: bring Samba3 into line with the Samba4 password change code
 (This used to be commit 04a6573f894800b9d939d9b4be48790437352804)

---
 source3/smbd/chgpasswd.c | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index c91f8599c9..cc27d3baca 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -753,9 +753,8 @@ static NTSTATUS check_oem_password(const char *user,
 	uint16 acct_ctrl;
 	uint32 new_pw_len;
 	uchar new_nt_hash[16];
-	uchar old_nt_hash_plain[16];
 	uchar new_lm_hash[16];
-	uchar old_lm_hash_plain[16];
+	uchar verifier[16];
 	char no_pw[2];
 	BOOL ret;
 
@@ -784,7 +783,7 @@ static NTSTATUS check_oem_password(const char *user,
 		return NT_STATUS_ACCOUNT_DISABLED;
 	}
 
-	if (acct_ctrl & ACB_PWNOTREQ && lp_null_passwords()) {
+	if ((acct_ctrl & ACB_PWNOTREQ) && lp_null_passwords()) {
 		/* construct a null password (in case one is needed */
 		no_pw[0] = 0;
 		no_pw[1] = 0;
@@ -854,12 +853,10 @@ static NTSTATUS check_oem_password(const char *user,
 
 		if (nt_pw) {
 			/*
-			 * Now use new_nt_hash as the key to see if the old
-			 * password matches.
+			 * check the NT verifier
 			 */
-			D_P16(new_nt_hash, old_nt_hash_encrypted, old_nt_hash_plain);
-			
-			if (memcmp(nt_pw, old_nt_hash_plain, 16)) {
+			E_old_pw_hash(new_nt_hash, nt_pw, verifier);
+			if (memcmp(verifier, old_nt_hash_encrypted, 16)) {
 				DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
 				pdb_free_sam(&sampass);
 				return NT_STATUS_WRONG_PASSWORD;
@@ -884,12 +881,10 @@ static NTSTATUS check_oem_password(const char *user,
 		
 		if (lanman_pw) {
 			/*
-			 * Now use new_nt_hash as the key to see if the old
-			 * LM password matches.
+			 * check the lm verifier
 			 */
-			D_P16(new_nt_hash, old_lm_hash_encrypted, old_lm_hash_plain);
-			
-			if (memcmp(lanman_pw, old_lm_hash_plain, 16)) {
+			E_old_pw_hash(new_nt_hash, lanman_pw, verifier);
+			if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
 				DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
 				pdb_free_sam(&sampass);
 				return NT_STATUS_WRONG_PASSWORD;
@@ -908,12 +903,10 @@ static NTSTATUS check_oem_password(const char *user,
 		E_deshash(new_passwd, new_lm_hash);
 
 		/*
-		 * Now use new_lm_hash as the key to see if the old
-		 * password matches.
+		 * check the lm verifier
 		 */
-		D_P16(new_lm_hash, old_lm_hash_encrypted, old_lm_hash_plain);
-		
-		if (memcmp(lanman_pw, old_lm_hash_plain, 16)) {
+		E_old_pw_hash(new_lm_hash, lanman_pw, verifier);
+		if (memcmp(verifier, old_lm_hash_encrypted, 16)) {
 			DEBUG(0,("check_oem_password: old lm password doesn't match.\n"));
 			pdb_free_sam(&sampass);
 			return NT_STATUS_WRONG_PASSWORD;
-- 
cgit