diff options
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 74 |
1 files changed, 41 insertions, 33 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 413ec12479..69783aefa8 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -437,10 +437,11 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, * ENCTYPE_DES_CBC_MD5 * ENCTYPE_DES_CBC_CRC */ + pkb->version = 3; pkb3->salt.string = io->g.salt; pkb3->num_keys = 2; pkb3->keys = talloc_array(io->ac, - struct package_PrimaryKerberosKey, + struct package_PrimaryKerberosKey3, pkb3->num_keys); if (!pkb3->keys) { ldb_oom(io->ac->module->ldb); @@ -521,12 +522,12 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, const struct supplementalCredentialsBlob *old_scb, - struct package_PrimaryKerberosNewerBlob *pkb) + struct package_PrimaryKerberosBlob *pkb) { - struct package_PrimaryKerberosNewerCtr4 *pkb4 = &pkb->ctr.ctr4; + struct package_PrimaryKerberosCtr4 *pkb4 = &pkb->ctr.ctr4; struct supplementalCredentialsPackage *old_scp = NULL; - struct package_PrimaryKerberosNewerBlob _old_pkb; - struct package_PrimaryKerberosNewerCtr4 *old_pkb4 = NULL; + struct package_PrimaryKerberosBlob _old_pkb; + struct package_PrimaryKerberosCtr4 *old_pkb4 = NULL; uint32_t i; enum ndr_err_code ndr_err; @@ -538,30 +539,37 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, * ENCTYPE_DES_CBC_MD5 * ENCTYPE_DES_CBC_CRC */ - pkb4->salt.string = io->g.salt; - pkb4->num_keys = 4; - pkb4->keys = talloc_array(io->ac, - struct package_PrimaryKerberosNewerKey, - pkb4->num_keys); + pkb->version = 4; + pkb4->salt.string = io->g.salt; + pkb4->default_iteration_count = 4096; + pkb4->num_keys = 4; + + pkb4->keys = talloc_array(io->ac, + struct package_PrimaryKerberosKey4, + pkb4->num_keys); if (!pkb4->keys) { ldb_oom(io->ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - pkb4->keys[0].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; - pkb4->keys[0].value = &io->g.aes_256; - pkb4->keys[1].keytype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; - pkb4->keys[1].value = &io->g.aes_128; - pkb4->keys[2].keytype = ENCTYPE_DES_CBC_MD5; - pkb4->keys[2].value = &io->g.des_md5; - pkb4->keys[3].keytype = ENCTYPE_DES_CBC_CRC; - pkb4->keys[3].value = &io->g.des_crc; + pkb4->keys[0].iteration_count = 4096; + pkb4->keys[0].keytype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + pkb4->keys[0].value = &io->g.aes_256; + pkb4->keys[1].iteration_count = 4096; + pkb4->keys[1].keytype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; + pkb4->keys[1].value = &io->g.aes_128; + pkb4->keys[2].iteration_count = 4096; + pkb4->keys[2].keytype = ENCTYPE_DES_CBC_MD5; + pkb4->keys[2].value = &io->g.des_md5; + pkb4->keys[3].iteration_count = 4096; + pkb4->keys[3].keytype = ENCTYPE_DES_CBC_CRC; + pkb4->keys[3].value = &io->g.des_crc; /* initialize the old keys to zero */ - pkb4->num_old_keys1 = 0; - pkb4->old_keys1 = NULL; - pkb4->num_old_keys2 = 0; - pkb4->old_keys2 = NULL; + pkb4->num_old_keys = 0; + pkb4->old_keys = NULL; + pkb4->num_older_keys = 0; + pkb4->older_keys = NULL; /* if there're no old keys, then we're done */ if (!old_scb) { @@ -580,7 +588,7 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, old_scp = &old_scb->sub.packages[i]; break; } - /* Primary:Kerberos element of supplementalCredentials */ + /* Primary:Kerberos-Newer-Keys element of supplementalCredentials */ if (old_scp) { DATA_BLOB blob; @@ -595,20 +603,20 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, ndr_err = ndr_pull_struct_blob(&blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &_old_pkb, - (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosNewerBlob); + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, "setup_primary_kerberos_newer: " - "failed to pull old package_PrimaryKerberosNewerBlob: %s", + "failed to pull old package_PrimaryKerberosBlob: %s", nt_errstr(status)); return LDB_ERR_OPERATIONS_ERROR; } if (_old_pkb.version != 4) { ldb_asprintf_errstring(io->ac->module->ldb, - "setup_primary_kerberos: " - "package_PrimaryKerberosNewerBlob version[%u] expected[4]", + "setup_primary_kerberos_newer: " + "package_PrimaryKerberosBlob version[%u] expected[4]", _old_pkb.version); return LDB_ERR_OPERATIONS_ERROR; } @@ -622,10 +630,10 @@ static int setup_primary_kerberos_newer(struct setup_password_fields_io *io, } /* fill in the old keys */ - pkb4->num_old_keys1 = old_pkb4->num_keys; - pkb4->old_keys1 = old_pkb4->keys; - pkb4->num_old_keys2 = old_pkb4->num_old_keys1; - pkb4->old_keys2 = old_pkb4->old_keys1; + pkb4->num_old_keys = old_pkb4->num_keys; + pkb4->old_keys = old_pkb4->keys; + pkb4->num_older_keys = old_pkb4->num_old_keys; + pkb4->older_keys = old_pkb4->old_keys; return LDB_SUCCESS; } @@ -980,7 +988,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* Primary:Kerberos-Newer-Keys */ const char **nkn = NULL; struct supplementalCredentialsPackage *pkn = NULL; - struct package_PrimaryKerberosNewerBlob pknb; + struct package_PrimaryKerberosBlob pknb; DATA_BLOB pknb_blob; char *pknb_hexstr; /* Primary:Kerberos */ @@ -1105,7 +1113,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) ndr_err = ndr_push_struct_blob(&pknb_blob, io->ac, lp_iconv_convenience(ldb_get_opaque(io->ac->module->ldb, "loadparm")), &pknb, - (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosNewerBlob); + (ndr_push_flags_fn_t)ndr_push_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); ldb_asprintf_errstring(io->ac->module->ldb, |