diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-01-30 09:21:59 +0000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2015-03-30 13:41:25 +0200 |
commit | 54e68e94ee878878df394e596ca5ea118b105bba (patch) | |
tree | 109970b1d524fa63e1d0f7c779fb78f4518c63ff | |
parent | 3e1e58711c7fb8047cb90d61ee0d0402f5aa0be8 (diff) | |
download | samba-54e68e94ee878878df394e596ca5ea118b105bba.tar.gz |
s3:trusts_util: generate completely random passwords in trust_pw_change()
Instead of having every 2nd byte as '\0' in the utf16 password,
because the utf8 form is based on an ascii subset, we convert
the random buffer from CH_UTF16MUNGED to CH_UTF8.
This way we have a random but valid utf8 string,
which is almost like what Windows is doing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
-rw-r--r-- | source3/libsmb/trusts_util.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 108d25b2bb5..c56949ef41a 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -66,7 +66,9 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, int timeout = 0; struct timeval tv = { 0, }; size_t new_len = DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH; + uint8_t new_password_buffer[256 * 2] = { 0, }; char *new_trust_passwd = NULL; + size_t len = 0; uint32_t new_version = 0; uint32_t *new_trust_version = NULL; NTSTATUS status; @@ -179,10 +181,19 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, return NT_STATUS_OK; } - /* Create a random machine account password */ - new_trust_passwd = generate_random_password(frame, new_len, new_len); - if (new_trust_passwd == NULL) { - DEBUG(0, ("generate_random_password failed\n")); + /* + * Create a random machine account password + * We create a random buffer and convert that to utf8. + * This is similar to what windows is doing. + */ + generate_secret_buffer(new_password_buffer, new_len * 2); + ok = convert_string_talloc(frame, + CH_UTF16MUNGED, CH_UTF8, + new_password_buffer, new_len * 2, + (void *)&new_trust_passwd, &len); + ZERO_STRUCT(new_password_buffer); + if (!ok) { + DEBUG(0, ("convert_string_talloc failed\n")); TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } |