From 8267564e1c52b3d335bf892ab71963bfb0e6e7e8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 16 Oct 2009 12:09:55 +0200 Subject: s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling. Following Andrew's advice, let's straight md4 the plaintext blob and avoid trying to get a paintext string out of the input the client sends. Guenther --- source3/rpc_server/srv_netlog_nt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/rpc_server/srv_netlog_nt.c') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 4b83279897..491754f76a 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -827,6 +827,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, struct samu *sampass; DATA_BLOB plaintext; struct samr_CryptPassword password_buf; + struct samr_Password nt_hash; become_root(); status = netr_creds_server_step_check(p, p->mem_ctx, @@ -852,6 +853,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, return NT_STATUS_WRONG_PASSWORD; } + mdfour(nt_hash.hash, plaintext.data, plaintext.length); + status = netr_find_machine_account(p->mem_ctx, creds->account_name, &sampass); @@ -861,8 +864,8 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, status = netr_set_machine_account_password(sampass, sampass, - &plaintext, NULL, + &nt_hash, NULL); TALLOC_FREE(sampass); return status; -- cgit