return nt_status;
}
+
+/* Wrapper function / entry point for use by winbindd */
+NTSTATUS pass_clear_change(char *user, const char *oldpass, const char *newpass,
+ enum samPwdChangeReason *reject_reason)
+{
+ struct samr_CryptPassword new_nt_password;
+ struct samr_CryptPassword new_lm_password;
+ struct samr_Password old_nt_hash_enc;
+ struct samr_Password old_lanman_hash_enc;
+
+ uchar old_nt_hash[16];
+ uchar old_lanman_hash[16];
+ uchar new_nt_hash[16];
+ uchar new_lanman_hash[16];
+
+ E_md4hash(oldpass, old_nt_hash);
+ E_md4hash(newpass, new_nt_hash);
+
+ if (lp_client_lanman_auth() &&
+ E_deshash(newpass, new_lanman_hash) &&
+ E_deshash(oldpass, old_lanman_hash)) {
+
+ /* E_deshash returns false for 'long' passwords (> 14
+ DOS chars). This allows us to match Win2k, which
+ does not store a LM hash for these passwords (which
+ would reduce the effective password length to 14) */
+
+ encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
+ arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
+ E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
+ } else {
+ ZERO_STRUCT(new_lm_password);
+ ZERO_STRUCT(old_lanman_hash_enc);
+ }
+
+ encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
+
+ arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
+ E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
+
+ return pass_oem_change(
+ user,
+ new_lm_password.data, old_lanman_hash_enc.hash,
+ new_nt_password.data, old_nt_hash_enc.hash,
+ reject_reason);
+}
uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16],
enum samPwdChangeReason *reject_reason);
+NTSTATUS pass_clear_change(char *user, const char *oldpass, const char *newpass,
+ enum samPwdChangeReason *reject_reason);
NTSTATUS check_password_complexity(const char *username,
const char *password,
enum samPwdChangeReason *samr_reject_reason);
state->response->data.auth.reject_reason = Undefined;
if (strequal(domain, get_global_sam_name())) {
- struct samr_CryptPassword new_nt_password;
- struct samr_CryptPassword new_lm_password;
- struct samr_Password old_nt_hash_enc;
- struct samr_Password old_lanman_hash_enc;
enum samPwdChangeReason rejectReason;
- uchar old_nt_hash[16];
- uchar old_lanman_hash[16];
- uchar new_nt_hash[16];
- uchar new_lanman_hash[16];
-
contact_domain = NULL;
- E_md4hash(oldpass, old_nt_hash);
- E_md4hash(newpass, new_nt_hash);
-
- if (lp_client_lanman_auth() &&
- E_deshash(newpass, new_lanman_hash) &&
- E_deshash(oldpass, old_lanman_hash)) {
-
- /* E_deshash returns false for 'long' passwords (> 14
- DOS chars). This allows us to match Win2k, which
- does not store a LM hash for these passwords (which
- would reduce the effective password length to 14) */
-
- encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
- arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
- E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
- } else {
- ZERO_STRUCT(new_lm_password);
- ZERO_STRUCT(old_lanman_hash_enc);
- }
-
- encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
-
- arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
- E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
-
- result = pass_oem_change(
- user,
- new_lm_password.data, old_lanman_hash_enc.hash,
- new_nt_password.data, old_nt_hash_enc.hash,
- &rejectReason);
+ result = pass_clear_change(user, oldpass, newpass, &rejectReason);
if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) ) {
state->response->data.auth.reject_reason =
rejectReason;