diff options
author | Stefan Metzmacher <metze@samba.org> | 2007-02-12 13:34:04 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:48:05 -0500 |
commit | eee140d7da8088884c392ebefbef3ad3650aceb0 (patch) | |
tree | c0ee3a1101855b8e53b046c33c5fad14f84bc091 | |
parent | f851eb8dc662c72242388a01dedbfc0f4ec0dfe1 (diff) | |
download | samba-eee140d7da8088884c392ebefbef3ad3650aceb0.tar.gz samba-eee140d7da8088884c392ebefbef3ad3650aceb0.tar.bz2 samba-eee140d7da8088884c392ebefbef3ad3650aceb0.zip |
r21300: let the caller decide if it wants rid decrypted hashes or not
metze
(This used to be commit 8711d01ffd080c43512b88b995daf2d6b7c06ba1)
-rw-r--r-- | source4/libnet/libnet_samdump.c | 1 | ||||
-rw-r--r-- | source4/libnet/libnet_samdump_keytab.c | 1 | ||||
-rw-r--r-- | source4/libnet/libnet_samsync_ldb.c | 1 | ||||
-rw-r--r-- | source4/libnet/libnet_vampire.c | 11 | ||||
-rw-r--r-- | source4/libnet/libnet_vampire.h | 1 |
5 files changed, 12 insertions, 3 deletions
diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c index 8ece324741..7953454616 100644 --- a/source4/libnet/libnet_samdump.c +++ b/source4/libnet/libnet_samdump.c @@ -163,6 +163,7 @@ NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; + r2.in.rid_crypt = lp_parm_bool(-1, "vampire", "rid decrypt", True); r2.in.init_fn = NULL; r2.in.delta_fn = libnet_samdump_fn; r2.in.fn_ctx = samdump_state; diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c index b61469ea00..ae95da43ba 100644 --- a/source4/libnet/libnet_samdump_keytab.c +++ b/source4/libnet/libnet_samdump_keytab.c @@ -100,6 +100,7 @@ NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; + r2.in.rid_crypt = true; r2.in.init_fn = NULL; r2.in.delta_fn = libnet_samdump_keytab_fn; r2.in.fn_ctx = discard_const(r->in.keytab_name); diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 3b4ba304e4..648eb8eed9 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -1215,6 +1215,7 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; + r2.in.rid_crypt = true; r2.in.init_fn = libnet_samsync_ldb_init; r2.in.delta_fn = libnet_samsync_ldb_fn; r2.in.fn_ctx = state; diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index 32879e7610..9b63f1b511 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -38,6 +38,7 @@ */ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, struct creds_CredentialState *creds, + bool rid_crypt, enum netr_SamDatabaseID database, struct netr_DELTA_ENUM *delta, char **error_string) @@ -50,7 +51,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, const char *username = user->account_name.string; NTSTATUS nt_status; - if (lp_parm_bool(-1, "vampire", "rid_decrypt", True)) { + if (rid_crypt) { if (user->lm_password_present) { sam_rid_crypt(rid, user->lmpassword.hash, lm_hash.hash, 0); user->lmpassword = lm_hash; @@ -74,7 +75,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, nt_status = ndr_pull_struct_blob(&data, mem_ctx, &keys, (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS); if (NT_STATUS_IS_OK(nt_status)) { if (keys.keys.keys2.lmpassword.length == 16) { - if (lp_parm_bool(-1, "vampire", "rid decrypt", True)) { + if (rid_crypt) { sam_rid_crypt(rid, keys.keys.keys2.lmpassword.pwd.hash, lm_hash.hash, 0); user->lmpassword = lm_hash; } else { @@ -83,7 +84,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, user->lm_password_present = True; } if (keys.keys.keys2.ntpassword.length == 16) { - if (lp_parm_bool(-1, "vampire", "rid decrypt", True)) { + if (rid_crypt) { sam_rid_crypt(rid, keys.keys.keys2.ntpassword.pwd.hash, nt_hash.hash, 0); user->ntpassword = nt_hash; } else { @@ -91,6 +92,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, } user->nt_password_present = True; } + /* TODO: rid decrypt history fields */ } else { *error_string = talloc_asprintf(mem_ctx, "Failed to parse Sensitive Data for %s:", username); dump_data(10, data.data, data.length); @@ -128,6 +130,7 @@ static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx, static NTSTATUS fix_delta(TALLOC_CTX *mem_ctx, struct creds_CredentialState *creds, + bool rid_crypt, enum netr_SamDatabaseID database, struct netr_DELTA_ENUM *delta, char **error_string) @@ -139,6 +142,7 @@ static NTSTATUS fix_delta(TALLOC_CTX *mem_ctx, { nt_status = fix_user(mem_ctx, creds, + rid_crypt, database, delta, error_string); @@ -354,6 +358,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx * de-obfuscating the data */ nt_status = fix_delta(delta_ctx, creds, + r->in.rid_crypt, dbsync.in.database_id, &dbsync.out.delta_enum_array->delta_enum[d], &error_string); diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h index a3735d1848..80200b6771 100644 --- a/source4/libnet/libnet_vampire.h +++ b/source4/libnet/libnet_vampire.h @@ -33,6 +33,7 @@ struct libnet_SamSync_state { struct libnet_SamSync { struct { const char *binding_string; + bool rid_crypt; NTSTATUS (*init_fn)(TALLOC_CTX *mem_ctx, void *private, struct libnet_SamSync_state *samsync_state, |