s3: Factor password_in_history() out of check_passwd_history()

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5b1612029481eb00b3db366cbb56985d874527eb..c0ca96bb926529bb41653312384077d8eac91a55 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6116,6 +6116,9 @@ NTSTATUS pass_oem_change(char *user,
                         uchar password_encrypted_with_nt_hash[516],
                         const uchar old_nt_hash_encrypted[16],
                         enum samPwdChangeReason *reject_reason);
+bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
+                        uint32_t pw_history_len,
+                        const uint8_t *pw_history);
 NTSTATUS check_password_complexity(const char *username,
                                   const char *password,
                                   enum samPwdChangeReason *samr_reject_reason);

diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 70ce75c5524d785f8260a610bb6c8058be16c151..c858c2dfa0be4134a33e7c487e75801ef3e28611 100644 (file)
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1008,6 +1008,41 @@ static NTSTATUS check_oem_password(const char *user,
        return NT_STATUS_WRONG_PASSWORD;
 }
 
+bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
+                        uint32_t pw_history_len,
+                        const uint8_t *pw_history)
+{
+       static const uint8_t zero_md5_nt_pw[SALTED_MD5_HASH_LEN] = { 0, };
+       int i;
+
+       dump_data(100, nt_pw, NT_HASH_LEN);
+       dump_data(100, pw_history, PW_HISTORY_ENTRY_LEN * pw_history_len);
+
+       for (i=0; i<pw_history_len; i++) {
+               uint8_t new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
+               const uint8_t *current_salt;
+               const uint8_t *old_nt_pw_salted_md5_hash;
+
+               current_salt = &pw_history[i*PW_HISTORY_ENTRY_LEN];
+               old_nt_pw_salted_md5_hash = current_salt + PW_HISTORY_SALT_LEN;
+
+               if (memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash,
+                          SALTED_MD5_HASH_LEN) == 0) {
+                       /* Ignore zero valued entries. */
+                       continue;
+               }
+               /* Create salted versions of new to compare. */
+               E_md5hash(current_salt, nt_pw, new_nt_pw_salted_md5_hash);
+
+               if (memcmp(new_nt_pw_salted_md5_hash,
+                          old_nt_pw_salted_md5_hash,
+                          SALTED_MD5_HASH_LEN) == 0) {
+                       return true;
+               }
+       }
+       return false;
+}
+
 /***********************************************************
  This routine takes the given password and checks it against
  the password history. Returns True if this password has been
@@ -1017,11 +1052,8 @@ static NTSTATUS check_oem_password(const char *user,
 static bool check_passwd_history(struct samu *sampass, const char *plaintext)
 {
        uchar new_nt_p16[NT_HASH_LEN];
-       static const uint8_t zero_md5_nt_pw[SALTED_MD5_HASH_LEN] = { 0, };
        const uint8 *nt_pw;
        const uint8 *pwhistory;
-       bool found = False;
-       int i;
        uint32 pwHisLen, curr_pwHisLen;
 
        pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen);
@@ -1048,29 +1080,13 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
                return True;
        }
 
-       dump_data(100, new_nt_p16, NT_HASH_LEN);
-       dump_data(100, pwhistory, PW_HISTORY_ENTRY_LEN*pwHisLen);
-
-       for (i=0; i<pwHisLen; i++) {
-               uchar new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
-               const uchar *current_salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
-               const uchar *old_nt_pw_salted_md5_hash = &pwhistory[(i*PW_HISTORY_ENTRY_LEN)+
-                                                       PW_HISTORY_SALT_LEN];
-               if (!memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
-                       /* Ignore zero valued entries. */
-                       continue;
-               }
-               /* Create salted versions of new to compare. */
-               E_md5hash(current_salt, new_nt_p16, new_nt_pw_salted_md5_hash);
-
-               if (!memcmp(new_nt_pw_salted_md5_hash, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
-                       DEBUG(1,("check_passwd_history: proposed new password for user %s found in history list !\n",
-                               pdb_get_username(sampass) ));
-                       found = True;
-                       break;
-               }
+       if (password_in_history(new_nt_p16, pwHisLen, pwhistory)) {
+               DEBUG(1,("check_passwd_history: proposed new password for "
+                        "user %s found in history list !\n",
+                        pdb_get_username(sampass) ));
+               return true;
        }
-       return found;
+       return false;
 }
 
 /***********************************************************