From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 23 Feb 2021 13:03:25 +0000 (+1300)
Subject: provision: Decrease the length of random machine passwords
X-Git-Tag: tevent-0.11.0~1304
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=609ca657652862fd9c81fd11f818efb74f72ff55;p=thirdparty%2Fsamba.git

provision: Decrease the length of random machine passwords

The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/join.py b/python/samba/join.py
index 28698e1744c..d78375441fb 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -136,7 +136,7 @@ class DCJoinContext(object):
         if machinepass is not None:
             ctx.acct_pass = machinepass
         else:
-            ctx.acct_pass = samba.generate_random_machine_password(128, 255)
+            ctx.acct_pass = samba.generate_random_machine_password(120, 120)
 
         ctx.dnsdomain = ctx.samdb.domain_dns_name()
 
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index b87ad38eeff..2531f51ffc8 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1925,7 +1925,7 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
     if krbtgtpass is None:
         krbtgtpass = samba.generate_random_machine_password(128, 255)
     if machinepass is None:
-        machinepass = samba.generate_random_machine_password(128, 255)
+        machinepass = samba.generate_random_machine_password(120, 120)
     if dnspass is None:
         dnspass = samba.generate_random_password(128, 255)
 
diff --git a/python/samba/tests/samba_tool/provision_userPassword_crypt.py b/python/samba/tests/samba_tool/provision_userPassword_crypt.py
index 234daba3064..32205b6b9f9 100644
--- a/python/samba/tests/samba_tool/provision_userPassword_crypt.py
+++ b/python/samba/tests/samba_tool/provision_userPassword_crypt.py
@@ -55,7 +55,7 @@ class ProvisionUserPasswordTestCase(SambaToolCmdTest):
         return self.run_command(command)
 
     def test_crypt(self):
-        (result, out, err) = self.provision("FooBar123")
+        (result, out, err) = self.provision()
         self.assertEqual(0, result)
 
     def tearDown(self):
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index a0de1b7d3e0..3f07b3f20d6 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -164,7 +164,7 @@ NTSTATUS libnet_vampire_cb_prepare_db(void *private_data,
 	settings.realm = s->realm;
 	settings.domain = s->domain_name;
 	settings.server_dn_str = p->dest_dsa->server_dn_str;
-	settings.machine_password = generate_random_machine_password(s, 128, 255);
+	settings.machine_password = generate_random_machine_password(s, 120, 120);
 	settings.targetdir = s->targetdir;
 	settings.use_ntvfs = true;
 	status = provision_bare(s, s->lp_ctx, &settings, &result);
diff --git a/source4/scripting/bin/renamedc b/source4/scripting/bin/renamedc
index 6a9bd1c82bd..ef3aa75db76 100755
--- a/source4/scripting/bin/renamedc
+++ b/source4/scripting/bin/renamedc
@@ -95,7 +95,7 @@ if __name__ == '__main__':
 
     # Then change password and samaccountname and dnshostname
     msg = ldb.Message(newdn)
-    machinepass = samba.generate_random_machine_password(128, 255)
+    machinepass = samba.generate_random_machine_password(120, 120)
     mputf16 = machinepass.encode('utf-16-le')
 
     account = "%s$" % opts.newname.upper()