From eee140d7da8088884c392ebefbef3ad3650aceb0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Feb 2007 13:34:04 +0000
Subject: r21300: let the caller decide if it wants rid decrypted hashes or not

metze
(This used to be commit 8711d01ffd080c43512b88b995daf2d6b7c06ba1)
---
 source4/libnet/libnet_samdump.c        |  1 +
 source4/libnet/libnet_samdump_keytab.c |  1 +
 source4/libnet/libnet_samsync_ldb.c    |  1 +
 source4/libnet/libnet_vampire.c        | 11 ++++++++---
 source4/libnet/libnet_vampire.h        |  1 +
 5 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c
index 8ece324741..7953454616 100644
--- a/source4/libnet/libnet_samdump.c
+++ b/source4/libnet/libnet_samdump.c
@@ -163,6 +163,7 @@ NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct
 
 	r2.out.error_string            = NULL;
 	r2.in.binding_string           = r->in.binding_string;
+	r2.in.rid_crypt                = lp_parm_bool(-1, "vampire", "rid decrypt", True);
 	r2.in.init_fn                  = NULL;
 	r2.in.delta_fn                 = libnet_samdump_fn;
 	r2.in.fn_ctx                   = samdump_state;
diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c
index b61469ea00..ae95da43ba 100644
--- a/source4/libnet/libnet_samdump_keytab.c
+++ b/source4/libnet/libnet_samdump_keytab.c
@@ -100,6 +100,7 @@ NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
 
 	r2.out.error_string            = NULL;
 	r2.in.binding_string           = r->in.binding_string;
+	r2.in.rid_crypt                = true;
 	r2.in.init_fn                  = NULL;
 	r2.in.delta_fn                 = libnet_samdump_keytab_fn;
 	r2.in.fn_ctx                   = discard_const(r->in.keytab_name);
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index 3b4ba304e4..648eb8eed9 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -1215,6 +1215,7 @@ NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, str
 
 	r2.out.error_string    = NULL;
 	r2.in.binding_string   = r->in.binding_string;
+	r2.in.rid_crypt	       = true;
 	r2.in.init_fn          = libnet_samsync_ldb_init;
 	r2.in.delta_fn         = libnet_samsync_ldb_fn;
 	r2.in.fn_ctx           = state;
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index 32879e7610..9b63f1b511 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -38,6 +38,7 @@
  */
 static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 			 struct creds_CredentialState *creds,
+			 bool rid_crypt,
 			 enum netr_SamDatabaseID database,
 			 struct netr_DELTA_ENUM *delta,
 			 char **error_string) 
@@ -50,7 +51,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 	const char *username = user->account_name.string;
 	NTSTATUS nt_status;
 
-	if (lp_parm_bool(-1, "vampire", "rid_decrypt", True)) {
+	if (rid_crypt) {
 		if (user->lm_password_present) {
 			sam_rid_crypt(rid, user->lmpassword.hash, lm_hash.hash, 0);
 			user->lmpassword = lm_hash;
@@ -74,7 +75,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 		nt_status = ndr_pull_struct_blob(&data, mem_ctx, &keys, (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS);
 		if (NT_STATUS_IS_OK(nt_status)) {
 			if (keys.keys.keys2.lmpassword.length == 16) {
-				if (lp_parm_bool(-1, "vampire", "rid decrypt", True)) {
+				if (rid_crypt) {
 					sam_rid_crypt(rid, keys.keys.keys2.lmpassword.pwd.hash, lm_hash.hash, 0);
 					user->lmpassword = lm_hash;
 				} else {
@@ -83,7 +84,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 				user->lm_password_present = True;
 			}
 			if (keys.keys.keys2.ntpassword.length == 16) {
-				if (lp_parm_bool(-1, "vampire", "rid decrypt", True)) {
+				if (rid_crypt) {
 					sam_rid_crypt(rid, keys.keys.keys2.ntpassword.pwd.hash, nt_hash.hash, 0);
 					user->ntpassword = nt_hash;
 				} else {
@@ -91,6 +92,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 				}
 				user->nt_password_present = True;
 			}
+			/* TODO: rid decrypt history fields */
 		} else {
 			*error_string = talloc_asprintf(mem_ctx, "Failed to parse Sensitive Data for %s:", username);
 			dump_data(10, data.data, data.length);
@@ -128,6 +130,7 @@ static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx,
 
 static NTSTATUS fix_delta(TALLOC_CTX *mem_ctx, 		
 			  struct creds_CredentialState *creds,
+			  bool rid_crypt,
 			  enum netr_SamDatabaseID database,
 			  struct netr_DELTA_ENUM *delta,
 			  char **error_string)
@@ -139,6 +142,7 @@ static NTSTATUS fix_delta(TALLOC_CTX *mem_ctx,
 	{
 		nt_status = fix_user(mem_ctx, 
 				     creds,
+				     rid_crypt,
 				     database,
 				     delta,
 				     error_string);
@@ -354,6 +358,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
 				 * de-obfuscating the data */
 				nt_status = fix_delta(delta_ctx, 
 						      creds, 
+						      r->in.rid_crypt,
 						      dbsync.in.database_id,
 						      &dbsync.out.delta_enum_array->delta_enum[d], 
 						      &error_string);
diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h
index a3735d1848..80200b6771 100644
--- a/source4/libnet/libnet_vampire.h
+++ b/source4/libnet/libnet_vampire.h
@@ -33,6 +33,7 @@ struct libnet_SamSync_state {
 struct libnet_SamSync {
 	struct {
 		const char *binding_string;
+		bool rid_crypt;
 		NTSTATUS (*init_fn)(TALLOC_CTX *mem_ctx, 		
 				    void *private,
 				    struct libnet_SamSync_state *samsync_state,
-- 
cgit