From 1c9117746b616fcb8ab251834888b57c4a1c29bf Mon Sep 17 00:00:00 2001 From: Alberto Maria Fiaschi Date: Wed, 10 Jun 2015 15:26:58 +0200 Subject: Add --set-nt-hash option to pdbedit to update user password from nt-hash hexstring. Useful to take in sync password from other repository. (Modify MASK_USER_GOOD to include new flag BIT_PWSETNTHASH) pdbedit -vw show also password hashes . Split pdb_set_plaintext_passwd in two function: pdb_set_plaintext_passwd and pdb_update_history. pdb_update_history update password history and is call from pdb_set_plaintext_passwd. Signed-off-by: Alberto Maria Fiaschi Reviewed-by: Garming Sam Reviewed-by: Andrew Bartlett --- source3/passdb/pdb_get_set.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'source3/passdb/pdb_get_set.c') diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 9f274594a34..74a71cbf04b 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -999,10 +999,6 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) { uchar new_lanman_p16[LM_HASH_LEN]; uchar new_nt_p16[NT_HASH_LEN]; - uchar *pwhistory; - uint32_t pwHistLen; - uint32_t current_history_len; - const uint8_t *current_history; if (!plaintext) return False; @@ -1032,6 +1028,21 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED)) return False; + + return pdb_update_history(sampass, new_nt_p16); +} + +/********************************************************************* + Update password history after change + ********************************************************************/ + +bool pdb_update_history(struct samu *sampass, const uint8_t new_nt[NT_HASH_LEN]) +{ + uchar *pwhistory; + uint32_t pwHistLen; + uint32_t current_history_len; + const uint8_t *current_history; + if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) { /* * No password history for non-user accounts @@ -1055,7 +1066,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) */ current_history = pdb_get_pw_history(sampass, ¤t_history_len); if ((current_history_len != 0) && (current_history == NULL)) { - DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n")); + DEBUG(1, ("pdb_update_history: pwhistory == NULL!\n")); return false; } @@ -1096,11 +1107,12 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) * The old format was to store the md5 hash of * the salt+newpw. */ - memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN); + memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt, SALTED_MD5_HASH_LEN); pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED); return True; + } /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */ -- cgit v1.2.1