Remote Password Change from Win95

Christoph Zwerschke christoph.zwerschke at sun1.zuv.uni-heidelberg.de
Thu Mar 18 13:34:43 GMT 1999


  (Configuration:
   Server: Samba 2.0.3 on Solaris7,
   Client: Win95 with or without SP1,
   encrypted passwords)

I solved the problem of changing server passwords
remote from Win95 clients.
When I entered the command:

net password \\server user oldpasswd newpasswd

I always got an "error 86" (wrong password),
even if "oldpasswd" was totally correct.

I found the problem to be the functions

check_lanman_password and change_lanman_password
defined in smbd/chgpasswd.c

Besides the fact, that I don't understand
why both functions take pass1 (oldpasswd)
and pass2 (newpasswd) as parameters
(...check should need only pass1 and
...change should need only pass2 !?),
I found the calculation of LANMan hashes
to be totally wrong. Quick fix:

In check_lanman_password, the following lines:

  /* Get the new lanman hash. */
  D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);

  /* Use this to get the old lanman hash. */
  D_P16(unenc_new_pw, pass1, unenc_old_pw);

should be replaced by something like

 { /* Calculate the old lanman hash */
   uchar pw[14]; memset(pw, '\0', 14);
   fstrcpy(pw, pass1);
   E_P16(pw, unenc_old_pw);
 }

Similar, in in change_lanman_password, the following lines:

  /* Get the new lanman hash. */
  D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);

should be replaced by something like

 { /* calculate the new lanman hash */
   uchar pw[14]; memset(pw, '\0', 14);
   fstrcpy(pw, pass2);
   E_P16(pw, unenc_new_pw);
 }

This works, the oldpasswd is validated
and the newpasswd ist set correctly from Win95.

I'll send a copy of this message to
samba-bugs at samba.org.
By the way: There had been a system
of abbreviations for the subject line
of bug reports, but I find it no where
on the samba web page.
Does anybody know, where it's gone to?

---------------------------------------------------------------------------
Christoph Zwerschke
Zentrale Universitätsverwaltung Heidelberg Abt 3.1-EDV
E-Mail: christoph.zwerschke at sun1.zuv.uni-heidelberg.de
WWW: http://www.zuv.uni-heidelberg.de/edv/zwerschke/



More information about the samba mailing list