diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-01-30 16:20:27 +0000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2015-03-12 17:13:42 +0100 |
commit | 33fcfb37c476fc836836c344165abc1cba79130e (patch) | |
tree | da7fd418290b2bf1e720c0ea78bd70c090f0403c | |
parent | 016c4ce84f2a34abb705b85d0abd1e17aa1325db (diff) | |
download | samba-33fcfb37c476fc836836c344165abc1cba79130e.tar.gz |
auth/credentials: add cli_credentials_set_old_utf16_password()
This is required to set the previous trust account password.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
-rw-r--r-- | auth/credentials/credentials.h | 2 | ||||
-rw-r--r-- | auth/credentials/credentials_ntlm.c | 47 |
2 files changed, 49 insertions, 0 deletions
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index d875fb57572..fdedd630048 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -196,6 +196,8 @@ void cli_credentials_set_kvno(struct cli_credentials *cred, bool cli_credentials_set_utf16_password(struct cli_credentials *cred, const DATA_BLOB *password_utf16, enum credentials_obtained obtained); +bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred, + const DATA_BLOB *password_utf16); bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained); diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 327cf1396f6..4e122772dea 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -268,6 +268,53 @@ _PUBLIC_ bool cli_credentials_set_utf16_password(struct cli_credentials *cred, return false; } +/* + * Set a old utf16 password on the credentials context. + * + * This is required because the nt_hash is calculated over the raw utf16 blob, + * which might not be completely valid utf16, which means the conversion + * from CH_UTF16MUNGED to CH_UTF8 might loose information. + */ +_PUBLIC_ bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred, + const DATA_BLOB *password_utf16) +{ + struct samr_Password *nt_hash = NULL; + char *password_talloc = NULL; + size_t password_len = 0; + bool ok; + + if (password_utf16 == NULL) { + return cli_credentials_set_old_password(cred, NULL, CRED_SPECIFIED); + } + + nt_hash = talloc(cred, struct samr_Password); + if (nt_hash == NULL) { + return false; + } + + ok = convert_string_talloc(cred, + CH_UTF16MUNGED, CH_UTF8, + password_utf16->data, + password_utf16->length, + (void *)&password_talloc, + &password_len); + if (!ok) { + TALLOC_FREE(nt_hash); + return false; + } + + ok = cli_credentials_set_old_password(cred, password_talloc, CRED_SPECIFIED); + TALLOC_FREE(password_talloc); + if (!ok) { + TALLOC_FREE(nt_hash); + return false; + } + + mdfour(nt_hash->hash, password_utf16->data, password_utf16->length); + cred->old_nt_hash = nt_hash; + return true; +} + _PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained) |