incorrect password length - bug?
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 29 19:51:35 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 29 Jan 2003, Pierre Belanger wrote:
> Reference:
>
> http://lists.samba.org/pipermail/samba-technical/2001-August/015596.html
>
> I was playing around with smbpasswd last night. I first thought
> something committed in CVS broke something, I checked all changes
> made since the past 1-2 days and found nothing :( I than
> downgraded to an old copie of samba I kept and was quite surprised
> to see I was still having the same behavior!
>
> Here we go. Using smbpasswd -r localhost -U <username>
> if you type in the wrong current (old) password, smbd
> reports:
>
> [2003/01/29 14:13:05, 0] smbd/chgpasswd.c:check_oem_password(817)
> check_oem_password: incorrect password length (1980737076).
>
> This value comes from new_pw_len = IVAL(lmdata, 512) in
> chgpasswd.c . I tried hard to find the reason, even with
> debug level @ 9, I caaaaan't :(
The passeord change is done by sending a large buffer and encrypting it
with the old password. The first 512 bytes a random junk and the
clear text of the new password is tagged on. Since you used a wrong old
password, the buffer cannot be decryptesd correctly when smbd uses the
correct password. Thus the length field is invalid. Make sense?
I could be more specific, but I would need to look back at that code
again to refresh my memory.
I think there was a password change bug in older 2.2 releases (pre 2.2.6
IIRC). The post you cite might have been an unsupportd info level. I
can't remember.
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+ODDIIR7qMdg1EfYRArDhAJ9csgoqCZJXz+VAR7tmeD06zyrdlACgyXf+
vggjtLZOnhjV4NfffDbky8I=
=wukB
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list