Password history patch.

Thu Jul 22 10:03:57 GMT 2004

On Fri, Jul 09, 2004 at 03:58:57PM -0700, Jeremy Allison wrote:
> Hi Aurélien & Jianliang,
> 
> 	I just finished integrating the password history patches
> into the SAMBA_3_0 SVN codebase (not this change is not in 3.0.5rc1).
> 
> If you could test out this code for both the tdbsam and ldapsam
> cases I'd appreciate it as I know you both worked on this.
> 
> Thanks,
> 
> 	Jeremy.

Hi Jeremy,

Thank you for including the patch, I did some testing with ldapsam but
the behavior does not mimic NT4.

When password history is set to 1 it means that the user is not allowed
to reuse its current password, so the current password needs also to be in
the history.

the attached fix seems to make it behave correctly

Richard.

-- 
Richard Renard
rrenard at idealx.com
-------------- next part --------------

--- source/passdb/pdb_get_set.c.orig	Sat Jun 19 07:41:30 2004
+++ source/passdb/pdb_get_set.c	Sat Jun 19 08:09:07 2004
@@ -1172,18 +1172,10 @@
 {
 	uchar new_lanman_p16[LM_HASH_LEN];
 	uchar new_nt_p16[NT_HASH_LEN];
-	uchar current_ntpw_copy[NT_HASH_LEN];
-	uchar *current_ntpw = NULL;
 
 	if (!sampass || !plaintext)
 		return False;
 
-	/* Store the current password for history purposes. */
-	current_ntpw = (uint8 *)pdb_get_nt_passwd(sampass);
-	if (current_ntpw) {
-		memcpy (current_ntpw_copy, current_ntpw, NT_HASH_LEN);
-	}
-
 	/* Calculate the MD4 hash (NT compatible) of the password */
 	E_md4hash(plaintext, new_nt_p16);
 
@@ -1233,11 +1225,11 @@
 					pwHistLen = current_history_len;
 				}
 			}
-			if (pwhistory && current_ntpw && pwHistLen){
+			if (pwhistory && new_nt_p16 && pwHistLen){
 				if (pwHistLen > 1) {
 					memmove(&pwhistory[NT_HASH_LEN], pwhistory, (pwHistLen -1)*NT_HASH_LEN );
 				}
-				memcpy(pwhistory, current_ntpw_copy, NT_HASH_LEN);
+				memcpy(pwhistory, new_nt_p16, NT_HASH_LEN);
 				pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
 			} else {
 				DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
