s3:trusts_util: generate completely random passwords in trust_pw_change()

Instead of having every 2nd byte as '\0' in the utf16 password,
because the utf8 form is based on an ascii subset, we convert
the random buffer from CH_UTF16MUNGED to CH_UTF8.

This way we have a random but valid utf8 string,
which is almost like what Windows is doing.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

1 files changed, 15 insertions, 4 deletions

diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 108d25b2bb5..c56949ef41a 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -66,7 +66,9 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
 	int timeout = 0;
 	struct timeval tv = { 0, };
 	size_t new_len = DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH;
+	uint8_t new_password_buffer[256 * 2] = { 0, };
 	char *new_trust_passwd = NULL;
+	size_t len = 0;
 	uint32_t new_version = 0;
 	uint32_t *new_trust_version = NULL;
 	NTSTATUS status;
@@ -179,10 +181,19 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
 		return NT_STATUS_OK;
 	}
 
-	/* Create a random machine account password */
-	new_trust_passwd = generate_random_password(frame, new_len, new_len);
-	if (new_trust_passwd == NULL) {
-		DEBUG(0, ("generate_random_password failed\n"));
+	/*
+	 * Create a random machine account password
+	 * We create a random buffer and convert that to utf8.
+	 * This is similar to what windows is doing.
+	 */
+	generate_secret_buffer(new_password_buffer, new_len * 2);
+	ok = convert_string_talloc(frame,
+				   CH_UTF16MUNGED, CH_UTF8,
+				   new_password_buffer, new_len * 2,
+				   (void *)&new_trust_passwd, &len);
+	ZERO_STRUCT(new_password_buffer);
+	if (!ok) {
+		DEBUG(0, ("convert_string_talloc failed\n"));
 		TALLOC_FREE(frame);
 		return NT_STATUS_NO_MEMORY;
 	}