From d74d82bddce5d6cf3f554ff014e08f2aeb2c14bc Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 26 Sep 2001 11:51:25 +0000
Subject: Make use of the pdb_set_plaintext_passwd() update to vastly simplify
 decode_pw_buffer() and the samr password changing routines.

And yes, I know that we can lost some information in the Unicode->UTF->Unicode
bit of this, but its worth the code cleanup.

This also takes into account the possability of multibyte passwords.

Andrew Bartlett
(This used to be commit 42402c87d6bcff71b700e497b74d2600d7ce8b95)
---
 source3/libsmb/smbencrypt.c      | 59 +++++++---------------------------------
 source3/rpc_server/srv_samr_nt.c | 28 ++++++++-----------
 2 files changed, 21 insertions(+), 66 deletions(-)

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index b6273dedfc..119490aa7f 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -292,16 +292,15 @@ BOOL encode_pw_buffer(char buffer[516], const char *new_pass,
 
 /***********************************************************
  decode a password buffer
+ *new_pw_len is the length in bytes of the possibly mulitbyte
+ returned password including termination.
 ************************************************************/
 BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
-		      int new_pwrd_size, uint32 *new_pw_len,
-		      uchar nt_p16[16], uchar p16[16])
+		      int new_pwrd_size, uint32 *new_pw_len)
 {
-	int uni_pw_len=0;
 	int byte_len=0;
 	char unicode_passwd[514];
 	char lm_ascii_passwd[514];
-	char passwd[514];
 
 	/*
 	  Warning !!! : This function is called from some rpc call.
@@ -310,13 +309,6 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 	  If you reuse that code somewhere else check first.
 	*/
 
-	ZERO_STRUCT(unicode_passwd);
-	ZERO_STRUCT(lm_ascii_passwd);
-	ZERO_STRUCT(passwd);
-
-	memset(nt_p16, '\0', 16);
-	memset(p16, '\0', 16);
-
 	/* The length of the new password is in the last 4 bytes of the data buffer. */
 
 	byte_len = IVAL(in_buffer, 512);
@@ -328,50 +320,19 @@ BOOL decode_pw_buffer(char in_buffer[516], char *new_pwrd,
 	/* Password cannot be longer than 128 characters */
 	if ( (byte_len < 0) || (byte_len > new_pwrd_size - 1)) {
 		DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len));
+		DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n"));
 		return False;
 	}
-	
- 	pull_string(NULL, passwd, &in_buffer[512 - byte_len], -1, byte_len, STR_UNICODE);
-	uni_pw_len = byte_len/2;
-
-#ifdef DEBUG_PASSWORD
-	DEBUG(100,("nt_lm_owf_gen: passwd: "));
-	dump_data(100, (char *)passwd, uni_pw_len);
-	DEBUG(100,("len:%d\n", uni_pw_len));
-#endif
-	memcpy(unicode_passwd, &in_buffer[512 - byte_len], byte_len);
-		
-	mdfour(nt_p16, (unsigned char *)unicode_passwd, byte_len);
-	
-#ifdef DEBUG_PASSWORD
-	DEBUG(100,("nt_lm_owf_gen: nt#:"));
-	dump_data(100, (char *)nt_p16, 16);
-	DEBUG(100,("\n"));
-#endif
-	
-	/* Mangle the passwords into Lanman format */
-	memcpy(lm_ascii_passwd, passwd, byte_len/2);
-	lm_ascii_passwd[14] = '\0';
-	strupper(lm_ascii_passwd);
 
-	/* Calculate the SMB (lanman) hash functions of the password */
-	E_P16((uchar *) lm_ascii_passwd, (uchar *)p16);
+	/* decode into the return buffer.  Buffer must be a pstring */
+ 	*new_pw_len = pull_string(NULL, new_pwrd, &in_buffer[512 - byte_len], new_pwrd_size, byte_len, STR_UNICODE);
 
 #ifdef DEBUG_PASSWORD
-	DEBUG(100,("nt_lm_owf_gen: lm#:"));
-	dump_data(100, (char *)p16, 16);
-	DEBUG(100,("\n"));
+	DEBUG(100,("decode_pw_buffer: new_pwrd: "));
+	dump_data(100, (char *)new_pwrd, *new_pw_len);
+	DEBUG(100,("multibyte len:%d\n", *new_pw_len));
+	DEBUG(100,("original char len:%d\n", byte_len/2));
 #endif
-
-	/* copy the password and it's length to the return buffer */	
-	*new_pw_len = byte_len/2;
-	memcpy(new_pwrd, passwd, uni_pw_len);
-	new_pwrd[uni_pw_len]='\0';
-	
-	/* clear out local copy of user's password (just being paranoid). */
-	ZERO_STRUCT(unicode_passwd);
-	ZERO_STRUCT(lm_ascii_passwd);
-	ZERO_STRUCT(passwd);
 	
 	return True;
 
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 4ffd1c85b5..4290e24395 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2339,9 +2339,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
 {
 	SAM_ACCOUNT *pwd = NULL;
 	SAM_ACCOUNT *new_pwd = NULL;
-	uint8 nt_hash[16];
-	uint8 lm_hash[16];
-	pstring buf;
+	pstring plaintext_buf;
 	uint32 len;
 	uint16 acct_ctrl;
  
@@ -2366,13 +2364,12 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
 	
 	copy_id23_to_sam_passwd(new_pwd, id23);
  
-	if (!decode_pw_buffer((char*)id23->pass, buf, 256, &len, nt_hash, lm_hash)) {
+	if (!decode_pw_buffer((char*)id23->pass, plaintext_buf, 256, &len)) {
 		pdb_free_sam(new_pwd);
 		return False;
  	}
   
-	pdb_set_lanman_passwd (new_pwd, lm_hash);
-	pdb_set_nt_passwd     (new_pwd, nt_hash);
+	pdb_set_plaintext_passwd (new_pwd, plaintext_buf);
  
 	/* if it's a trust account, don't update /etc/passwd */
 	if ( ( (acct_ctrl &  ACB_DOMTRUST) == ACB_DOMTRUST ) ||
@@ -2382,13 +2379,13 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
 	} else  {
 		/* update the UNIX password */
 		if (lp_unix_password_sync() )
-			if(!chgpasswd(pdb_get_username(new_pwd), "", buf, True)) {
+			if(!chgpasswd(pdb_get_username(new_pwd), "", plaintext_buf, True)) {
 				pdb_free_sam(new_pwd);
 				return False;
 			}
 	}
  
-	memset(buf, 0, sizeof(buf));
+	ZERO_STRUCT(plaintext_buf);
  
 	if(!pdb_update_sam_account(new_pwd, True)) {
 		pdb_free_sam(new_pwd);
@@ -2407,10 +2404,8 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
 static BOOL set_user_info_pw(char *pass, uint32 rid)
 {
 	SAM_ACCOUNT *pwd = NULL;
-	uchar nt_hash[16];
-	uchar lm_hash[16];
 	uint32 len;
-	pstring buf;
+	pstring plaintext_buf;
 	uint16 acct_ctrl;
  
  	pdb_init_sam(&pwd);
@@ -2422,15 +2417,14 @@ static BOOL set_user_info_pw(char *pass, uint32 rid)
 	
 	acct_ctrl = pdb_get_acct_ctrl(pwd);
 
-	memset(buf, 0, sizeof(buf));
+	ZERO_STRUCT(plaintext_buf);
  
-	if (!decode_pw_buffer(pass, buf, 256, &len, nt_hash, lm_hash)) {
+	if (!decode_pw_buffer(pass, plaintext_buf, 256, &len)) {
 		pdb_free_sam(pwd);
 		return False;
  	}
 
-	pdb_set_lanman_passwd (pwd, lm_hash);
-	pdb_set_nt_passwd     (pwd, nt_hash);
+	pdb_set_plaintext_passwd (pwd, plaintext_buf);
  
 	/* if it's a trust account, don't update /etc/passwd */
 	if ( ( (acct_ctrl &  ACB_DOMTRUST) == ACB_DOMTRUST ) ||
@@ -2440,13 +2434,13 @@ static BOOL set_user_info_pw(char *pass, uint32 rid)
 	} else {
 		/* update the UNIX password */
 		if (lp_unix_password_sync())
-			if(!chgpasswd(pdb_get_username(pwd), "", buf, True)) {
+			if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
 				pdb_free_sam(pwd);
 				return False;
 			}
 	}
  
-	memset(buf, 0, sizeof(buf));
+	ZERO_STRUCT(plaintext_buf);
  
 	DEBUG(5,("set_user_info_pw: pdb_update_sam_account()\n"));
  
-- 
cgit