1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

auth/credentials: add cli_credentials_set_old_utf16_password()

This is required to set the previous trust account password.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Stefan Metzmacher 2015-01-30 16:20:27 +00:00 committed by Günther Deschner
parent 016c4ce84f
commit 33fcfb37c4
2 changed files with 49 additions and 0 deletions

View File

@ -196,6 +196,8 @@ void cli_credentials_set_kvno(struct cli_credentials *cred,
bool cli_credentials_set_utf16_password(struct cli_credentials *cred,
const DATA_BLOB *password_utf16,
enum credentials_obtained obtained);
bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred,
const DATA_BLOB *password_utf16);
bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained);

View File

@ -268,6 +268,53 @@ _PUBLIC_ bool cli_credentials_set_utf16_password(struct cli_credentials *cred,
return false;
}
/*
* Set a old utf16 password on the credentials context.
*
* This is required because the nt_hash is calculated over the raw utf16 blob,
* which might not be completely valid utf16, which means the conversion
* from CH_UTF16MUNGED to CH_UTF8 might loose information.
*/
_PUBLIC_ bool cli_credentials_set_old_utf16_password(struct cli_credentials *cred,
const DATA_BLOB *password_utf16)
{
struct samr_Password *nt_hash = NULL;
char *password_talloc = NULL;
size_t password_len = 0;
bool ok;
if (password_utf16 == NULL) {
return cli_credentials_set_old_password(cred, NULL, CRED_SPECIFIED);
}
nt_hash = talloc(cred, struct samr_Password);
if (nt_hash == NULL) {
return false;
}
ok = convert_string_talloc(cred,
CH_UTF16MUNGED, CH_UTF8,
password_utf16->data,
password_utf16->length,
(void *)&password_talloc,
&password_len);
if (!ok) {
TALLOC_FREE(nt_hash);
return false;
}
ok = cli_credentials_set_old_password(cred, password_talloc, CRED_SPECIFIED);
TALLOC_FREE(password_talloc);
if (!ok) {
TALLOC_FREE(nt_hash);
return false;
}
mdfour(nt_hash->hash, password_utf16->data, password_utf16->length);
cred->old_nt_hash = nt_hash;
return true;
}
_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
const struct samr_Password *nt_hash,
enum credentials_obtained obtained)