mirror of
https://github.com/samba-team/samba.git
synced 2025-01-27 14:04:05 +03:00
ff4fb6935a
To support password change for machine or trusted domain accounts in Active Directory environment we need to pass down actual plain text password instead of NT hashes. This would allow a backend like ipasam to update Kerberos keys as well as NT hashes. By calling samr_SetUserInfo2 info level 26 we ensure PASSDB layer can actually get the plain text password. If PASSDB backend implements pdb_update_sam_account() callback, it then gets the plain text password from samr_SetUserInfo2. A plain text password is a data blob represented as up to 256 WCHARs. It is UTF-16 coded on wire and we have its length from the buffer. SetUserInfo2 SAMR call chain in decode_pw_buffer() does explicitly expect 512+4 bytes in the buffer. It then calls convert_string_talloc() to convert it to UNIX charset passing the correct value of the plaintext password length. However, convert_string_talloc() expects the length of input string *including* the terminating null and we pass just the string length. convert_string_talloc() then explicitly null-terminates the resulting string by adding two nulls. In most cases UNIX charset is UTF-8, so we get null-terminated UTF-8 string down to PASSDB layer. MS-SAMR does not limit what does the password should contain. It says it is 'userPassword' value. Either 'userPassword' or 'unicodePwd' cannot contain null characters according to MS-ADTS 3.1.1.3.1.5 because they must be proper UTF-8 and UTF-16 strings accordingly. We are talking to our own SAMR service here. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>