From 33fcfb37c476fc836836c344165abc1cba79130e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 30 Jan 2015 16:20:27 +0000 Subject: auth/credentials: add cli_credentials_set_old_utf16_password() This is required to set the previous trust account password. Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner --- auth/credentials/credentials.h | 2 ++ auth/credentials/credentials_ntlm.c | 47 +++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) (limited to 'auth') diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index d875fb57572..fdedd630048 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -196,6 +196,8 @@ void cli_credentials_set_kvno(struct cli_credentials *cred, bool cli_credentials_set_utf16_password(struct cli_credentials *cred, const DATA_BLOB *password_utf16, enum credentials_obtained obtained); +bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred, + const DATA_BLOB *password_utf16); bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained); diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c index 327cf1396f6..4e122772dea 100644 --- a/auth/credentials/credentials_ntlm.c +++ b/auth/credentials/credentials_ntlm.c @@ -268,6 +268,53 @@ _PUBLIC_ bool cli_credentials_set_utf16_password(struct cli_credentials *cred, return false; } +/* + * Set a old utf16 password on the credentials context. + * + * This is required because the nt_hash is calculated over the raw utf16 blob, + * which might not be completely valid utf16, which means the conversion + * from CH_UTF16MUNGED to CH_UTF8 might loose information. + */ +_PUBLIC_ bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred, + const DATA_BLOB *password_utf16) +{ + struct samr_Password *nt_hash = NULL; + char *password_talloc = NULL; + size_t password_len = 0; + bool ok; + + if (password_utf16 == NULL) { + return cli_credentials_set_old_password(cred, NULL, CRED_SPECIFIED); + } + + nt_hash = talloc(cred, struct samr_Password); + if (nt_hash == NULL) { + return false; + } + + ok = convert_string_talloc(cred, + CH_UTF16MUNGED, CH_UTF8, + password_utf16->data, + password_utf16->length, + (void *)&password_talloc, + &password_len); + if (!ok) { + TALLOC_FREE(nt_hash); + return false; + } + + ok = cli_credentials_set_old_password(cred, password_talloc, CRED_SPECIFIED); + TALLOC_FREE(password_talloc); + if (!ok) { + TALLOC_FREE(nt_hash); + return false; + } + + mdfour(nt_hash->hash, password_utf16->data, password_utf16->length); + cred->old_nt_hash = nt_hash; + return true; +} + _PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained) -- cgit v1.2.1