Revert "Fix net rpc vampire, based on an *amazing* piece of debugging work by "Cooper S. Blake" <the_analogkid@yahoo.com>."

This reverts commit 61046225de8a4cd77e94d8c5c4a8f510bc11b79e.
author: Karolin Seeger <kseeger@samba.org> 2008-11-17 14:02:45 +0100
committer: Karolin Seeger <kseeger@samba.org> 2008-11-17 14:02:45 +0100
commit: 3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df (patch)
tree: 6aa2c4c72022351a11fe009db30fc60de26e0a33
parent: 1ed85fec76414753e2819ff81eef74e80fdebba8 (diff)
download: samba-3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df.tar.gz
samba-3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df.tar.xz
samba-3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df.zip
2 files changed, 41 insertions, 46 deletions
diff --git a/source/libnet/libnet_samsync.c b/source/libnet/libnet_samsync.c
index 8a1433830f5..61d53c37d0a 100644
--- a/source/libnet/libnet_samsync.c
+++ b/source/libnet/libnet_samsync.c
@@ -32,6 +32,7 @@
 
 static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 			 DATA_BLOB *session_key,
+			 bool rid_crypt,
 			 enum netr_SamDatabaseID database_id,
 			 struct netr_DELTA_ENUM *delta)
 {
@@ -40,29 +41,17 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 	struct netr_DELTA_USER *user = delta->delta_union.user;
 	struct samr_Password lm_hash;
 	struct samr_Password nt_hash;
-	unsigned char zero_buf[16];
 
-	memset(zero_buf, '\0', sizeof(zero_buf));
-
-	/* Note that win2000 may send us all zeros
-	 * for the hashes if it doesn't
-	 * think this channel is secure enough. */
-	if (user->lm_password_present) {
-		if (memcmp(user->lmpassword.hash, zero_buf, 16) != 0) {
+	if (rid_crypt) {
+		if (user->lm_password_present) {
 			sam_pwd_hash(rid, user->lmpassword.hash, lm_hash.hash, 0);
-		} else {
-			memset(lm_hash.hash, '\0', sizeof(lm_hash.hash));
+			user->lmpassword = lm_hash;
 		}
-		user->lmpassword = lm_hash;
-	}
 
-	if (user->nt_password_present) {
-		if (memcmp(user->ntpassword.hash, zero_buf, 16) != 0) {
+		if (user->nt_password_present) {
 			sam_pwd_hash(rid, user->ntpassword.hash, nt_hash.hash, 0);
-		} else {
-			memset(nt_hash.hash, '\0', sizeof(nt_hash.hash));
+			user->ntpassword = nt_hash;
 		}
-		user->ntpassword = nt_hash;
 	}
 
 	if (user->user_private_info.SensitiveData) {
@@ -82,31 +71,26 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
 			return ndr_map_error2ntstatus(ndr_err);
 		}
 
-		/* Note that win2000 may send us all zeros
-		 * for the hashes if it doesn't
-		 * think this channel is secure enough. */
 		if (keys.keys.keys2.lmpassword.length == 16) {
-			if (memcmp(keys.keys.keys2.lmpassword.pwd.hash,
-						zero_buf, 16) != 0) {
+			if (rid_crypt) {
 				sam_pwd_hash(rid,
 					     keys.keys.keys2.lmpassword.pwd.hash,
 					     lm_hash.hash, 0);
+				user->lmpassword = lm_hash;
 			} else {
-				memset(lm_hash.hash, '\0', sizeof(lm_hash.hash));
+				user->lmpassword = keys.keys.keys2.lmpassword.pwd;
 			}
-			user->lmpassword = lm_hash;
 			user->lm_password_present = true;
 		}
 		if (keys.keys.keys2.ntpassword.length == 16) {
-			if (memcmp(keys.keys.keys2.ntpassword.pwd.hash,
-						zero_buf, 16) != 0) {
+			if (rid_crypt) {
 				sam_pwd_hash(rid,
-					keys.keys.keys2.ntpassword.pwd.hash,
-					nt_hash.hash, 0);
+					     keys.keys.keys2.ntpassword.pwd.hash,
+					     nt_hash.hash, 0);
+				user->ntpassword = nt_hash;
 			} else {
-				memset(nt_hash.hash, '\0', sizeof(nt_hash.hash));
+				user->ntpassword = keys.keys.keys2.ntpassword.pwd;
 			}
-			user->ntpassword = nt_hash;
 			user->nt_password_present = true;
 		}
 		/* TODO: rid decrypt history fields */
@@ -144,6 +128,7 @@ static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx,
 
 static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
 				  DATA_BLOB *session_key,
+				  bool rid_crypt,
 				  enum netr_SamDatabaseID database_id,
 				  struct netr_DELTA_ENUM *delta)
 {
@@ -154,6 +139,7 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
 
 			status = fix_user(mem_ctx,
 					  session_key,
+					  rid_crypt,
 					  database_id,
 					  delta);
 			break;
@@ -178,6 +164,7 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
 
 NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
 				 DATA_BLOB *session_key,
+				 bool rid_crypt,
 				 enum netr_SamDatabaseID database_id,
 				 struct netr_DELTA_ENUM_ARRAY *r)
 {
@@ -188,6 +175,7 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
 
 		status = samsync_fix_delta(mem_ctx,
 					   session_key,
+					   rid_crypt,
 					   database_id,
 					   &r->delta_enum[i]);
 		if (!NT_STATUS_IS_OK(status)) {
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index 49e5c1a0bc5..13a7bce816c 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -65,19 +65,21 @@ static void display_account_info(uint32_t rid,
 				 struct netr_DELTA_USER *r)
 {
 	fstring hex_nt_passwd, hex_lm_passwd;
-	uchar zero_buf[16];
+	uchar lm_passwd[16], nt_passwd[16];
+	static uchar zero_buf[16];
 
-	memset(zero_buf, '\0', sizeof(zero_buf));
 	/* Decode hashes from password hash (if they are not NULL) */
 
 	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
-		pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
+		sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0);
+		pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_lm_passwd, NULL, 0);
 	}
 
 	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
-		pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags);
+		sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0);
+		pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_nt_passwd, NULL, 0);
 	}
@@ -389,6 +391,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd,
 
 		samsync_fix_delta_array(mem_ctx,
 					&session_key,
+					false,
 					database_id,
 					delta_enum_array);
 
@@ -463,9 +466,8 @@ static NTSTATUS sam_account_from_delta(struct samu *account,
 {
 	const char *old_string, *new_string;
 	time_t unix_time, stored_time;
-	uchar zero_buf[16];
-
-	memset(zero_buf, '\0', sizeof(zero_buf));
+	uchar lm_passwd[16], nt_passwd[16];
+	static uchar zero_buf[16];
 
 	/* Username, fullname, home dir, dir drive, logon script, acct
 	   desc, workstations, profile. */
@@ -629,12 +631,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account,
 	   think this channel is secure enough - don't set the passwords at all
 	   in that case
 	*/
-	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
-		pdb_set_lanman_passwd(account, r->lmpassword.hash, PDB_CHANGED);
+	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
+		pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
 	}
 
-	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
-		pdb_set_nt_passwd(account, r->ntpassword.hash, PDB_CHANGED);
+	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
+		pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
 	}
 
 	/* TODO: account expiry time */
@@ -1253,6 +1257,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type,
 
 		samsync_fix_delta_array(mem_ctx,
 					&session_key,
+					true,
 					database_id,
 					delta_enum_array);
 
@@ -1750,16 +1755,15 @@ static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r,
 	fstring username, logonscript, homedrive, homepath = "", homedir = "";
 	fstring hex_nt_passwd, hex_lm_passwd;
 	fstring description, profilepath, fullname, sambaSID;
+	uchar lm_passwd[16], nt_passwd[16];
 	char *flags, *user_rdn;
 	const char *ou;
 	const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
-	uchar zero_buf[16];
+	static uchar zero_buf[16];
 	uint32 rid = 0, group_rid = 0, gidNumber = 0;
 	time_t unix_time;
 	int i;
 
-	memset(zero_buf, '\0', sizeof(zero_buf));
-
 	/* Get the username */
 	fstrcpy(username, r->account_name.string);
 
@@ -1804,12 +1808,14 @@ static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r,
 
 	/* Get lm and nt password data */
 	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
-		pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags);
+		sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0);
+		pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_lm_passwd, NULL, 0);
 	}
 	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
-		pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags);
+		sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0);
+		pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_nt_passwd, NULL, 0);
 	}
@@ -2167,6 +2173,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 
 		samsync_fix_delta_array(mem_ctx,
 					&session_key,
+					true,
 					database_id,
 					delta_enum_array);
author	Karolin Seeger <kseeger@samba.org>	2008-11-17 14:02:45 +0100
committer	Karolin Seeger <kseeger@samba.org>	2008-11-17 14:02:45 +0100
commit	3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df (patch)
tree	6aa2c4c72022351a11fe009db30fc60de26e0a33
parent	1ed85fec76414753e2819ff81eef74e80fdebba8 (diff)
download	samba-3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df.tar.gz samba-3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df.tar.xz samba-3b0ba20f0ef9c655b2e40dbdd39beb2ff2a536df.zip