s3:passdb: store the plain nt passwords hashes in history, not salted md5

This is in order to be able to do challenge response with the history,
so that this can be checked when an invalid password was entered:
If the given password is wrong but in the history, then the bad password
count should not be updated...

The "lucky" bit here is that the md5 has and the nt hash (md4) both are
16 bytes long.

This is part of the fix for bug #4347 .

Michael
(cherry picked from commit d909861c64cf874b1625039b0e1eace507a29b28)

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 447854bc26bf1a085131b0b070bc5e2127548913..74ed018d2ede6804f1608f64b9a64cea5245df18 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1069,15 +1069,20 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
        }
 
        /*
-        * Create the new salt as the first part of the history entry.
+        * Fill the salt area with 0-s: this indicates that
+        * a plain nt hash is stored in the has area.
+        * The old format was to store a 16 byte salt and
+        * then an md5hash of the nt_hash concatenated with
+        * the salt.
         */
-       generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
+       memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
 
        /*
-        * Generate the md5 hash of the salt+new password as the
-        * second part of the history entry.
+        * Store the plain nt hash in the second 16 bytes.
+        * The old format was to store the md5 hash of
+        * the salt+newpw.
         */
-       E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
+       memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
 
        pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);