Re: [Samba] BUG: Bad passwords from Vampire / NT migration

Jeremy Allison Wed, 22 Oct 2008 12:36:47 -0700

On Wed, Oct 22, 2008 at 12:15:00PM -0700, Jeremy Allison wrote:

> Great catch. Both look valid to me. I think the best fix for
> 3.2 is to always set rid_crypt to true, and remove all the
> other sam_pwd_hash() calls - just do it in the one place.
> 
> Ok, here is a quick patch for 3.2. It removes some silly
> static buffers and changes all calls to samsync_fix_delta_array()
> to set rid_crypt = true and then removes all the extra
> crypto sam_pwd_hash() calls that are no longer needed.
> 
> Can you confirm it works for you and I'll check it in
> with your credit, and then fix 3.3 and master in the
> same way.


Sorry, missed the ntpasswd <--> lmpasswd swap.

Here's the correct version for 3.2.

Jeremy.

diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index 13a7bce..9ab3a59 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -65,21 +65,19 @@ static void display_account_info(uint32_t rid,
                                 struct netr_DELTA_USER *r)
 {
        fstring hex_nt_passwd, hex_lm_passwd;
-       uchar lm_passwd[16], nt_passwd[16];
-       static uchar zero_buf[16];
+       uchar zero_buf[16];
 
+       memset(zero_buf, '\0', sizeof(zero_buf));
        /* Decode hashes from password hash (if they are not NULL) */
 
        if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
-               sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0);
-               pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags);
+               pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
        } else {
                pdb_sethexpwd(hex_lm_passwd, NULL, 0);
        }
 
        if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
-               sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0);
-               pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags);
+               pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags);
        } else {
                pdb_sethexpwd(hex_nt_passwd, NULL, 0);
        }
@@ -391,7 +389,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd,
 
                samsync_fix_delta_array(mem_ctx,
                                        &session_key,
-                                       false,
+                                       true,
                                        database_id,
                                        delta_enum_array);
 
@@ -466,8 +464,9 @@ static NTSTATUS sam_account_from_delta(struct samu *account,
 {
        const char *old_string, *new_string;
        time_t unix_time, stored_time;
-       uchar lm_passwd[16], nt_passwd[16];
-       static uchar zero_buf[16];
+       uchar zero_buf[16];
+
+       memset(zero_buf, '\0', sizeof(zero_buf));
 
        /* Username, fullname, home dir, dir drive, logon script, acct
           desc, workstations, profile. */
@@ -631,14 +630,12 @@ static NTSTATUS sam_account_from_delta(struct samu 
*account,
           think this channel is secure enough - don't set the passwords at all
           in that case
        */
-       if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
-               sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
-               pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
+       if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
+               pdb_set_lanman_passwd(account, r->lmpassword.hash, PDB_CHANGED);
        }
 
-       if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
-               sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
-               pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
+       if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
+               pdb_set_nt_passwd(account, r->ntpassword.hash, PDB_CHANGED);
        }
 
        /* TODO: account expiry time */
@@ -1755,15 +1752,16 @@ static NTSTATUS fetch_account_info_to_ldif(struct 
netr_DELTA_USER *r,
        fstring username, logonscript, homedrive, homepath = "", homedir = "";
        fstring hex_nt_passwd, hex_lm_passwd;
        fstring description, profilepath, fullname, sambaSID;
-       uchar lm_passwd[16], nt_passwd[16];
        char *flags, *user_rdn;
        const char *ou;
        const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-       static uchar zero_buf[16];
+       uchar zero_buf[16];
        uint32 rid = 0, group_rid = 0, gidNumber = 0;
        time_t unix_time;
        int i;
 
+       memset(zero_buf, '\0', sizeof(zero_buf));
+
        /* Get the username */
        fstrcpy(username, r->account_name.string);
 
@@ -1808,14 +1806,12 @@ static NTSTATUS fetch_account_info_to_ldif(struct 
netr_DELTA_USER *r,
 
        /* Get lm and nt password data */
        if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
-               sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0);
-               pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags);
+               pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
        } else {
                pdb_sethexpwd(hex_lm_passwd, NULL, 0);
        }
        if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
-               sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0);
-               pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags);
+               pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags);
        } else {
                pdb_sethexpwd(hex_nt_passwd, NULL, 0);
        }

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BUG: Bad passwords from Vampire / NT migration

Reply via email to