summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2007-02-12 13:34:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:48:05 -0500
commiteee140d7da8088884c392ebefbef3ad3650aceb0 (patch)
treec0ee3a1101855b8e53b046c33c5fad14f84bc091
parentf851eb8dc662c72242388a01dedbfc0f4ec0dfe1 (diff)
downloadsamba-eee140d7da8088884c392ebefbef3ad3650aceb0.tar.gz
samba-eee140d7da8088884c392ebefbef3ad3650aceb0.tar.bz2
samba-eee140d7da8088884c392ebefbef3ad3650aceb0.zip
r21300: let the caller decide if it wants rid decrypted hashes or not
metze (This used to be commit 8711d01ffd080c43512b88b995daf2d6b7c06ba1)
-rw-r--r--source4/libnet/libnet_samdump.c1
-rw-r--r--source4/libnet/libnet_samdump_keytab.c1
-rw-r--r--source4/libnet/libnet_samsync_ldb.c1
-rw-r--r--source4/libnet/libnet_vampire.c11
-rw-r--r--source4/libnet/libnet_vampire.h1
5 files changed, 12 insertions, 3 deletions
diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c
index 8ece324741..7953454616 100644
--- a/source4/libnet/libnet_samdump.c
+++ b/source4/libnet/libnet_samdump.c
@@ -163,6 +163,7 @@ NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
+ r2.in.rid_crypt = lp_parm_bool(-1, "vampire", "rid decrypt", True);
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_fn;
r2.in.fn_ctx = samdump_state;
diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c
index b61469ea00..ae95da43ba 100644
--- a/source4/libnet/libnet_samdump_keytab.c
+++ b/source4/libnet/libnet_samdump_keytab.c
@@ -100,6 +100,7 @@ NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
+ r2.in.rid_crypt = true;
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_keytab_fn;
r2.in.fn_ctx = discard_const(r->in.keytab_name);
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index 3b4ba304e4..648eb8eed9 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -1215,6 +1215,7 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
+ r2.in.rid_crypt = true;
r2.in.init_fn = libnet_samsync_ldb_init;
r2.in.delta_fn = libnet_samsync_ldb_fn;
r2.in.fn_ctx = state;
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index 32879e7610..9b63f1b511 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -38,6 +38,7 @@
*/
static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
struct creds_CredentialState *creds,
+ bool rid_crypt,
enum netr_SamDatabaseID database,
struct netr_DELTA_ENUM *delta,
char **error_string)
@@ -50,7 +51,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
const char *username = user->account_name.string;
NTSTATUS nt_status;
- if (lp_parm_bool(-1, "vampire", "rid_decrypt", True)) {
+ if (rid_crypt) {
if (user->lm_password_present) {
sam_rid_crypt(rid, user->lmpassword.hash, lm_hash.hash, 0);
user->lmpassword = lm_hash;
@@ -74,7 +75,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
nt_status = ndr_pull_struct_blob(&data, mem_ctx, &keys, (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS);
if (NT_STATUS_IS_OK(nt_status)) {
if (keys.keys.keys2.lmpassword.length == 16) {
- if (lp_parm_bool(-1, "vampire", "rid decrypt", True)) {
+ if (rid_crypt) {
sam_rid_crypt(rid, keys.keys.keys2.lmpassword.pwd.hash, lm_hash.hash, 0);
user->lmpassword = lm_hash;
} else {
@@ -83,7 +84,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
user->lm_password_present = True;
}
if (keys.keys.keys2.ntpassword.length == 16) {
- if (lp_parm_bool(-1, "vampire", "rid decrypt", True)) {
+ if (rid_crypt) {
sam_rid_crypt(rid, keys.keys.keys2.ntpassword.pwd.hash, nt_hash.hash, 0);
user->ntpassword = nt_hash;
} else {
@@ -91,6 +92,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
}
user->nt_password_present = True;
}
+ /* TODO: rid decrypt history fields */
} else {
*error_string = talloc_asprintf(mem_ctx, "Failed to parse Sensitive Data for %s:", username);
dump_data(10, data.data, data.length);
@@ -128,6 +130,7 @@ static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx,
static NTSTATUS fix_delta(TALLOC_CTX *mem_ctx,
struct creds_CredentialState *creds,
+ bool rid_crypt,
enum netr_SamDatabaseID database,
struct netr_DELTA_ENUM *delta,
char **error_string)
@@ -139,6 +142,7 @@ static NTSTATUS fix_delta(TALLOC_CTX *mem_ctx,
{
nt_status = fix_user(mem_ctx,
creds,
+ rid_crypt,
database,
delta,
error_string);
@@ -354,6 +358,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
* de-obfuscating the data */
nt_status = fix_delta(delta_ctx,
creds,
+ r->in.rid_crypt,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&error_string);
diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h
index a3735d1848..80200b6771 100644
--- a/source4/libnet/libnet_vampire.h
+++ b/source4/libnet/libnet_vampire.h
@@ -33,6 +33,7 @@ struct libnet_SamSync_state {
struct libnet_SamSync {
struct {
const char *binding_string;
+ bool rid_crypt;
NTSTATUS (*init_fn)(TALLOC_CTX *mem_ctx,
void *private,
struct libnet_SamSync_state *samsync_state,