return NT_STATUS_WRONG_PASSWORD;
}
+bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
+ uint32_t pw_history_len,
+ const uint8_t *pw_history)
+{
+ static const uint8_t zero_md5_nt_pw[SALTED_MD5_HASH_LEN] = { 0, };
+ int i;
+
+ dump_data(100, nt_pw, NT_HASH_LEN);
+ dump_data(100, pw_history, PW_HISTORY_ENTRY_LEN * pw_history_len);
+
+ for (i=0; i<pw_history_len; i++) {
+ uint8_t new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
+ const uint8_t *current_salt;
+ const uint8_t *old_nt_pw_salted_md5_hash;
+
+ current_salt = &pw_history[i*PW_HISTORY_ENTRY_LEN];
+ old_nt_pw_salted_md5_hash = current_salt + PW_HISTORY_SALT_LEN;
+
+ if (memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash,
+ SALTED_MD5_HASH_LEN) == 0) {
+ /* Ignore zero valued entries. */
+ continue;
+ }
+ /* Create salted versions of new to compare. */
+ E_md5hash(current_salt, nt_pw, new_nt_pw_salted_md5_hash);
+
+ if (memcmp(new_nt_pw_salted_md5_hash,
+ old_nt_pw_salted_md5_hash,
+ SALTED_MD5_HASH_LEN) == 0) {
+ return true;
+ }
+ }
+ return false;
+}
+
/***********************************************************
This routine takes the given password and checks it against
the password history. Returns True if this password has been
static bool check_passwd_history(struct samu *sampass, const char *plaintext)
{
uchar new_nt_p16[NT_HASH_LEN];
- static const uint8_t zero_md5_nt_pw[SALTED_MD5_HASH_LEN] = { 0, };
const uint8 *nt_pw;
const uint8 *pwhistory;
- bool found = False;
- int i;
uint32 pwHisLen, curr_pwHisLen;
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen);
return True;
}
- dump_data(100, new_nt_p16, NT_HASH_LEN);
- dump_data(100, pwhistory, PW_HISTORY_ENTRY_LEN*pwHisLen);
-
- for (i=0; i<pwHisLen; i++) {
- uchar new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
- const uchar *current_salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
- const uchar *old_nt_pw_salted_md5_hash = &pwhistory[(i*PW_HISTORY_ENTRY_LEN)+
- PW_HISTORY_SALT_LEN];
- if (!memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
- /* Ignore zero valued entries. */
- continue;
- }
- /* Create salted versions of new to compare. */
- E_md5hash(current_salt, new_nt_p16, new_nt_pw_salted_md5_hash);
-
- if (!memcmp(new_nt_pw_salted_md5_hash, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
- DEBUG(1,("check_passwd_history: proposed new password for user %s found in history list !\n",
- pdb_get_username(sampass) ));
- found = True;
- break;
- }
+ if (password_in_history(new_nt_p16, pwHisLen, pwhistory)) {
+ DEBUG(1,("check_passwd_history: proposed new password for "
+ "user %s found in history list !\n",
+ pdb_get_username(sampass) ));
+ return true;
}
- return found;
+ return false;
}
/***********************************************************