diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-11-06 13:41:34 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-11-06 13:30:15 +0000 |
commit | 0980a3471ed8fcc3a37296857285dc0235e0e0d2 (patch) | |
tree | c8d19711b9dc1e7ea7e13eab07e43cbd47b58c04 /source4 | |
parent | ce203c001db8d9598b6432738abd3081e8d658b8 (diff) | |
download | samba-0980a3471ed8fcc3a37296857285dc0235e0e0d2.tar.gz samba-0980a3471ed8fcc3a37296857285dc0235e0e0d2.tar.bz2 samba-0980a3471ed8fcc3a37296857285dc0235e0e0d2.zip |
s4:DRS-RPC-DSSYNC: don't try to decrypt secret attributes twice
dsdb_extended_replicated_objects_convert() already decrypts the
attributes in place.
This fixes the usage of --option="dssync:print_pwd_blobs=yes".
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Nov 6 13:30:16 UTC 2010 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/drs/rpc/dssync.c | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c index 522123c366..7d1c4ff2c8 100644 --- a/source4/torture/drs/rpc/dssync.c +++ b/source4/torture/drs/rpc/dssync.c @@ -534,8 +534,6 @@ static bool test_analyse_objects(struct torture_context *tctx, for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { WERROR werr; const char *name = NULL; - bool rcrypt = false; - DATA_BLOB *enc_data = NULL; DATA_BLOB plain_data; struct drsuapi_DsReplicaAttribute *attr; ndr_pull_flags_fn_t pull_fn = NULL; @@ -546,19 +544,15 @@ static bool test_analyse_objects(struct torture_context *tctx, switch (attr->attid) { case DRSUAPI_ATTID_dBCSPwd: name = "dBCSPwd"; - rcrypt = true; break; case DRSUAPI_ATTID_unicodePwd: name = "unicodePwd"; - rcrypt = true; break; case DRSUAPI_ATTID_ntPwdHistory: name = "ntPwdHistory"; - rcrypt = true; break; case DRSUAPI_ATTID_lmPwdHistory: name = "lmPwdHistory"; - rcrypt = true; break; case DRSUAPI_ATTID_supplementalCredentials: name = "supplementalCredentials"; @@ -598,23 +592,15 @@ static bool test_analyse_objects(struct torture_context *tctx, if (!attr->value_ctr.values[0].blob) continue; - enc_data = attr->value_ctr.values[0].blob; - ZERO_STRUCT(plain_data); + plain_data = *attr->value_ctr.values[0].blob; - werr = drsuapi_decrypt_attribute_value(ctx, gensec_skey, rcrypt, - rid, - enc_data, &plain_data); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(0, ("Failed to decrypt %s\n", name)); - continue; - } if (!dn_printed) { object_id++; DEBUG(0,("DN[%u] %s\n", object_id, dn)); dn_printed = true; } - DEBUGADD(0,("ATTR: %s enc.length=%lu plain.length=%lu\n", - name, (long)enc_data->length, (long)plain_data.length)); + DEBUGADD(0,("ATTR: %s plain.length=%lu\n", + name, (long)plain_data.length)); if (plain_data.length) { enum ndr_err_code ndr_err; dump_data(0, plain_data.data, plain_data.length); @@ -643,8 +629,6 @@ static bool test_analyse_objects(struct torture_context *tctx, DEBUG(0, ("Failed to decode %s\n", name)); } } - } else { - dump_data(0, enc_data->data, enc_data->length); } talloc_free(ptr); } |