sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s3:libsmb: add trust_pw_new_value() helper function

Browse Source 
This generates a new trust password based on the secure channel type
and lp_security().

NT4 really has a limit of 28 UTF16 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-08-23 12:12:35 +02:00 committed by Ralph Boehme
parent a287754168
commit 9e26ad86fb
2 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source3/include/proto.h
View File

@ -862,6 +862,9 @@ void update_trustdom_cache( void );
struct netlogon_creds_cli_context;
struct messaging_context;
struct dcerpc_binding_handle;
char *trust_pw_new_value(TALLOC_CTX *mem_ctx,
enum netr_SchannelType sec_channel_type,
int security);
NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle *b,

56
source3/libsmb/trusts_util.c
View File

@ -47,6 +47,62 @@ static int trust_pw_change_state_destructor(struct trust_pw_change_state *state)
return 0;
}
char *trust_pw_new_value(TALLOC_CTX *mem_ctx,
enum netr_SchannelType sec_channel_type,
int security)
{
/*
* use secure defaults.
*/
size_t min = 128;
size_t max = 255;
switch (sec_channel_type) {
case SEC_CHAN_WKSTA:
case SEC_CHAN_BDC:
if (security == SEC_DOMAIN) {
/*
* The maximum length of a trust account password.
* Used when we randomly create it, 15 char passwords
* exceed NT4's max password length.
*/
min = 14;
max = 14;
}
break;
case SEC_CHAN_DNS_DOMAIN:
/*
* new_len * 2 = 498 bytes is the largest possible length
* NL_PASSWORD_VERSION consumes the rest of the possible 512 bytes
* and a confounder with at least 2 bytes is required.
*
* Windows uses new_len = 120 => 240 bytes (utf16)
*/
min = 120;
max = 120;
break;
/* fall through */
case SEC_CHAN_DOMAIN:
/*
* The maximum length of a trust account password.
* Used when we randomly create it, 15 char passwords
* exceed NT4's max password length.
*/
min = 14;
max = 14;
break;
default:
break;
}
/*
* Create a random machine account password
* We create a random buffer and convert that to utf8.
* This is similar to what windows is doing.
*/
return generate_random_machine_password(mem_ctx, min, max);
}
NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle *b,