diff options
-rw-r--r-- | source/libnet/libnet_samsync.c | 48 | ||||
-rw-r--r-- | source/utils/net_rpc_samsync.c | 39 |
2 files changed, 41 insertions, 46 deletions
diff --git a/source/libnet/libnet_samsync.c b/source/libnet/libnet_samsync.c index 8a1433830f5..61d53c37d0a 100644 --- a/source/libnet/libnet_samsync.c +++ b/source/libnet/libnet_samsync.c @@ -32,6 +32,7 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, + bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *delta) { @@ -40,29 +41,17 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, struct netr_DELTA_USER *user = delta->delta_union.user; struct samr_Password lm_hash; struct samr_Password nt_hash; - unsigned char zero_buf[16]; - memset(zero_buf, '\0', sizeof(zero_buf)); - - /* Note that win2000 may send us all zeros - * for the hashes if it doesn't - * think this channel is secure enough. */ - if (user->lm_password_present) { - if (memcmp(user->lmpassword.hash, zero_buf, 16) != 0) { + if (rid_crypt) { + if (user->lm_password_present) { sam_pwd_hash(rid, user->lmpassword.hash, lm_hash.hash, 0); - } else { - memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); + user->lmpassword = lm_hash; } - user->lmpassword = lm_hash; - } - if (user->nt_password_present) { - if (memcmp(user->ntpassword.hash, zero_buf, 16) != 0) { + if (user->nt_password_present) { sam_pwd_hash(rid, user->ntpassword.hash, nt_hash.hash, 0); - } else { - memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); + user->ntpassword = nt_hash; } - user->ntpassword = nt_hash; } if (user->user_private_info.SensitiveData) { @@ -82,31 +71,26 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, return ndr_map_error2ntstatus(ndr_err); } - /* Note that win2000 may send us all zeros - * for the hashes if it doesn't - * think this channel is secure enough. */ if (keys.keys.keys2.lmpassword.length == 16) { - if (memcmp(keys.keys.keys2.lmpassword.pwd.hash, - zero_buf, 16) != 0) { + if (rid_crypt) { sam_pwd_hash(rid, keys.keys.keys2.lmpassword.pwd.hash, lm_hash.hash, 0); + user->lmpassword = lm_hash; } else { - memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); + user->lmpassword = keys.keys.keys2.lmpassword.pwd; } - user->lmpassword = lm_hash; user->lm_password_present = true; } if (keys.keys.keys2.ntpassword.length == 16) { - if (memcmp(keys.keys.keys2.ntpassword.pwd.hash, - zero_buf, 16) != 0) { + if (rid_crypt) { sam_pwd_hash(rid, - keys.keys.keys2.ntpassword.pwd.hash, - nt_hash.hash, 0); + keys.keys.keys2.ntpassword.pwd.hash, + nt_hash.hash, 0); + user->ntpassword = nt_hash; } else { - memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); + user->ntpassword = keys.keys.keys2.ntpassword.pwd; } - user->ntpassword = nt_hash; user->nt_password_present = true; } /* TODO: rid decrypt history fields */ @@ -144,6 +128,7 @@ static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx, static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, + bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *delta) { @@ -154,6 +139,7 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, status = fix_user(mem_ctx, session_key, + rid_crypt, database_id, delta); break; @@ -178,6 +164,7 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, + bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r) { @@ -188,6 +175,7 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, status = samsync_fix_delta(mem_ctx, session_key, + rid_crypt, database_id, &r->delta_enum[i]); if (!NT_STATUS_IS_OK(status)) { diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c index 49e5c1a0bc5..13a7bce816c 100644 --- a/source/utils/net_rpc_samsync.c +++ b/source/utils/net_rpc_samsync.c @@ -65,19 +65,21 @@ static void display_account_info(uint32_t rid, struct netr_DELTA_USER *r) { fstring hex_nt_passwd, hex_lm_passwd; - uchar zero_buf[16]; + uchar lm_passwd[16], nt_passwd[16]; + static uchar zero_buf[16]; - memset(zero_buf, '\0', sizeof(zero_buf)); /* Decode hashes from password hash (if they are not NULL) */ if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { - pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags); + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { - pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags); + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } @@ -389,6 +391,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, samsync_fix_delta_array(mem_ctx, &session_key, + false, database_id, delta_enum_array); @@ -463,9 +466,8 @@ static NTSTATUS sam_account_from_delta(struct samu *account, { const char *old_string, *new_string; time_t unix_time, stored_time; - uchar zero_buf[16]; - - memset(zero_buf, '\0', sizeof(zero_buf)); + uchar lm_passwd[16], nt_passwd[16]; + static uchar zero_buf[16]; /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ @@ -629,12 +631,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account, think this channel is secure enough - don't set the passwords at all in that case */ - if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { - pdb_set_lanman_passwd(account, r->lmpassword.hash, PDB_CHANGED); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); + pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); } - if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { - pdb_set_nt_passwd(account, r->ntpassword.hash, PDB_CHANGED); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); + pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); } /* TODO: account expiry time */ @@ -1253,6 +1257,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, samsync_fix_delta_array(mem_ctx, &session_key, + true, database_id, delta_enum_array); @@ -1750,16 +1755,15 @@ static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, fstring username, logonscript, homedrive, homepath = "", homedir = ""; fstring hex_nt_passwd, hex_lm_passwd; fstring description, profilepath, fullname, sambaSID; + uchar lm_passwd[16], nt_passwd[16]; char *flags, *user_rdn; const char *ou; const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; - uchar zero_buf[16]; + static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; time_t unix_time; int i; - memset(zero_buf, '\0', sizeof(zero_buf)); - /* Get the username */ fstrcpy(username, r->account_name.string); @@ -1804,12 +1808,14 @@ static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, /* Get lm and nt password data */ if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { - pdb_sethexpwd(hex_lm_passwd, r->lmpassword.hash, r->acct_flags); + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { - pdb_sethexpwd(hex_nt_passwd, r->ntpassword.hash, r->acct_flags); + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } @@ -2167,6 +2173,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, samsync_fix_delta_array(mem_ctx, &session_key, + true, database_id, delta_enum_array); |