diff options
| author | Günther Deschner <gd@samba.org> | 2005-06-08 13:59:03 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:57:07 -0500 |
| commit | 4bc39f05b77a8601506fa144a20d7e9ab9c3efe6 (patch) | |
| tree | 036c75fbca39972e96861b32cb7c0964983d32cc /source3/libsmb | |
| parent | eeca5507319cbfd6c72fef95a8faf2931c6c138c (diff) | |
| download | samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.tar.gz samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.tar.bz2 samba-4bc39f05b77a8601506fa144a20d7e9ab9c3efe6.zip | |
r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
(This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index ab61f6b419..8361c35a8e 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -583,3 +583,69 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi memcpy(&out->data[i], bout, MIN(8, in->length-i)); } } + +/* Decrypts password-blob with session-key + * @param pass password for session-key + * @param data_in DATA_BLOB encrypted password + * + * Returns cleartext password in CH_UNIX + * Caller must free the returned string + */ + +char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in) +{ + DATA_BLOB data_out, sess_key; + uchar nt_hash[16]; + uint32_t length; + uint32_t version; + fstring cleartextpwd; + + if (!data_in || !pass) + return NULL; + + /* generate md4 password-hash derived from the NT UNICODE password */ + E_md4hash(pass, nt_hash); + + /* hashed twice with md4 */ + mdfour(nt_hash, nt_hash, 16); + + /* 16-Byte session-key */ + sess_key = data_blob(nt_hash, 16); + if (sess_key.data == NULL) + return NULL; + + data_out = data_blob(NULL, data_in->length); + if (data_out.data == NULL) + return NULL; + + /* decrypt with des3 */ + sess_crypt_blob(&data_out, data_in, &sess_key, 0); + + /* 4 Byte length, 4 Byte version */ + length = IVAL(data_out.data, 0); + version = IVAL(data_out.data, 4); + + if (length > data_in->length - 8) { + DEBUG(0,("decrypt_trustdom_secret: invalid length (%d)\n", length)); + return NULL; + } + + if (version != 1) { + DEBUG(0,("decrypt_trustdom_secret: unknown version number (%d)\n", version)); + return NULL; + } + + rpcstr_pull(cleartextpwd, data_out.data + 8, sizeof(fstring), length, 0 ); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("decrypt_trustdom_secret: length is: %d, version is: %d, password is: %s\n", + length, version, cleartextpwd)); +#endif + + data_blob_free(&data_out); + data_blob_free(&sess_key); + + return SMB_STRDUP(cleartextpwd); + +} + |