Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
"Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch. In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file. What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false. So I think the
rid_crypt param should be false in fetch_database().
If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash(). I believe this is what is scrambling my passwords.
These methods were refactored somewhere in the 3.3 branch. Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false. I think that's correct. But the
second bug has carried through in the sam_account_from_delta()
function:
208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
211 }
212
213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field. So the LanMan and NT hashes look like they're being put in
the opposite fields."
Fix this by removing the rid_crypt parameter.
Jeremy.
|
|
Samba 4.
|
|
Guenther
|
|
Guenther
|
|
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
|
|
|
|
Guenther
|
|
Guenther
|
|
With gcc 4.1.3 on Ubuntu 7.10 the following build warning occurs:
Compiling libnet/libnet_samsync_keytab.c
cc1: warnings being treated as errors
libnet/libnet_samsync_keytab.c: In function ‘fetch_sam_entries_keytab’:
libnet/libnet_samsync_keytab.c:102: warning: ‘entry.enctype’ is used uninitialized in this function
Fixed by initializing to ENCTYPE_NULL
|
|
Michael
(This used to be commit 81cc1af1e699e454fbb1d12636d002f845231006)
|
|
Michael
(This used to be commit 96d1c780bf9524b929e6026776602a5288aea73d)
|
|
Guenther
(This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
|
|
Guenther
(This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
|
|
Guenther
(This used to be commit da6e0f4f375aa533c4c765891c960070478972eb)
|
|
Michael
(This used to be commit 32df05bd1f49f2290ad69f84d5a47207b1469629)
|
|
Jeremy.
(This used to be commit 5abd12eec1c9b6d30af5ec1ba16c0922e78d5bea)
|
|
metze
(This used to be commit ba18af00cc79a4e92372d3c1151061f200bc0655)
|
|
Don't leak temporary data to callers but use a temporary context
that is freed at the end.
Michael
(This used to be commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25)
|
|
Use the libnet_dssync_context as a talloc context for the
result_message and error_message string members.
Using the passed in mem_ctx makes the implicit assumption
that mem_ctx is at least as long-lived as the libnet_dssync_context,
which is wrong.
Michael
(This used to be commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc)
|
|
Michael
(This used to be commit 1072bd9f96ff3853e5ff58239123fc8c76a99063)
|
|
Michael
(This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d)
|
|
Initialize it to false.
And pass it down to the libnet_keytab context in
libnet_dssync_keytab.c:keytab_startup().
Unused yet.
Michael
Note: This might not be not 100% clean design to put this into the
toplevel dssync context while it is keytab specific. But then, on the
other hand, other imaginable backends might want to use this flag, too...
(This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be)
|
|
Triggered by the flag clean_old_entries from the libnet_keytab_contex
(unused yet...).
Michael
(This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f)
|
|
to allow for removing all entries with given principal and enctype without
repecting the kvno (i.e. cleaning "old" entries...)
This is called with ignore_kvno == false from libnet_keytab_add_entry() to
keep the original behaviour.
Michael
(This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a)
|
|
Michael
(This used to be commit f40eb8cc20a297c57f6db22e0c2457ce7425d00c)
|
|
Michael
(This used to be commit d0bd9195f04ae0f45c2e571d31625b31347f13e9)
|
|
list as write filter.
I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.
Michael
(This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)
|
|
Michael
(This used to be commit 50b1673289f5c147bdb4953f3511a7afe783758c)
|
|
So that it is more obvious what this controls.
Michael
(This used to be commit 2360f0a19f0fb89798b814a02cfca335a4a35b6d)
|
|
Michael
(This used to be commit ec959b4609c3f4927a9f2811c46d738f9c78a914)
|
|
replication.
Just specify several DNs separated by spaces on the command line of
"net rpc vampire keytab" to get the passwords for each of these
accouns via single object replication.
Michael
(This used to be commit 6e53dc2db882d88470be5dfa1155b420fac8e6c5)
|
|
...where it belongs.
Michael
(This used to be commit 012b33f1c52df086e4f20e7494248d98fbced76a)
|
|
libnet_dssync_getncchanges().
Michael
(This used to be commit 93cda1aa0a627e81eff46547b247801aec2880a3)
|
|
Before, this used the old uptodate vector in the request...
Michael
(This used to be commit 04fb9322d5f52d5cb3d9fe2a95dbfb2481ab7f9d)
|
|
Untangle parsing of results and processing.
Make loop logic more obvious.
Call finishing operation after the loop, not inside.
Michael
(This used to be commit 47c8b3391cb1bb9656f93b55f9ea39c78b74ed36)
|
|
libnet_dssync_build_request().
Michael
(This used to be commit d745c1af405058ec23d7d0c139505576a99f9057)
|
|
I.e. replication without keeping track of the up to date vector.
Michael
(This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac)
|
|
When retreiving a diff replication, the sAMAccountName attribute is usually
not replicated. So in order to build the principle, we need to store the
sAMAccounName in the keytab, referenced by the DN of the object, so that
it can be retrieved if necessary.
It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name
with kvno=0 and ENCTYPE_NONE.
Michael
(This used to be commit 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e)
|
|
libnet_keytab_add_entry().
This makes libnet_keytab_remove_entries static and moves it up.
libnet_keytab_add_entry() now removes the duplicates in advance.
No special handling neede for the UTDV - this is also needed
for other entries...
Michael
(This used to be commit 3c463745445f6b64017918f442bf1021be219e83)
|
|
Michael
(This used to be commit d3354c3516b56f254583f3dd065302b27d02af2b)
|
|
Michael
(This used to be commit 9fbc3d49035123ec11cc2248f0b14661dd1e9b2d)
|
|
This will in particular allow us to store ENCTYPE_NULL.
Michael
(This used to be commit 85c7e3ae29a6f25ed0b6917ff73baea9c6c905c6)
|
|
This is a stripped down version of smb_krb5_kt_add_entry() that
takes one explicit enctype instead of an array. And it does
not neither salting of keys nor cleanup of old entries.
Michael
(This used to be commit c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3)
|
|
For debugging purposes.
Michael
(This used to be commit 6913919e3a36ebff87a882ba589d36bcd0781ee6)
|
|
new one.
Michael
(This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f)
|
|
This can be used to remove entries of given principal, kvno and enctype.
Michael
(This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087)
|
|
Michael
(This used to be commit 344428d96c9be87eae1d715a8b8fcd6ad02142f8)
|