diff options
Diffstat (limited to 'source/libnet/libnet_samsync.c')
-rw-r--r-- | source/libnet/libnet_samsync.c | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/source/libnet/libnet_samsync.c b/source/libnet/libnet_samsync.c index 61d53c37d0a..8a1433830f5 100644 --- a/source/libnet/libnet_samsync.c +++ b/source/libnet/libnet_samsync.c @@ -32,7 +32,6 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, - bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *delta) { @@ -41,17 +40,29 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, struct netr_DELTA_USER *user = delta->delta_union.user; struct samr_Password lm_hash; struct samr_Password nt_hash; + unsigned char zero_buf[16]; - if (rid_crypt) { - if (user->lm_password_present) { + memset(zero_buf, '\0', sizeof(zero_buf)); + + /* Note that win2000 may send us all zeros + * for the hashes if it doesn't + * think this channel is secure enough. */ + if (user->lm_password_present) { + if (memcmp(user->lmpassword.hash, zero_buf, 16) != 0) { sam_pwd_hash(rid, user->lmpassword.hash, lm_hash.hash, 0); - user->lmpassword = lm_hash; + } else { + memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); } + user->lmpassword = lm_hash; + } - if (user->nt_password_present) { + if (user->nt_password_present) { + if (memcmp(user->ntpassword.hash, zero_buf, 16) != 0) { sam_pwd_hash(rid, user->ntpassword.hash, nt_hash.hash, 0); - user->ntpassword = nt_hash; + } else { + memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); } + user->ntpassword = nt_hash; } if (user->user_private_info.SensitiveData) { @@ -71,26 +82,31 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, return ndr_map_error2ntstatus(ndr_err); } + /* Note that win2000 may send us all zeros + * for the hashes if it doesn't + * think this channel is secure enough. */ if (keys.keys.keys2.lmpassword.length == 16) { - if (rid_crypt) { + if (memcmp(keys.keys.keys2.lmpassword.pwd.hash, + zero_buf, 16) != 0) { sam_pwd_hash(rid, keys.keys.keys2.lmpassword.pwd.hash, lm_hash.hash, 0); - user->lmpassword = lm_hash; } else { - user->lmpassword = keys.keys.keys2.lmpassword.pwd; + memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); } + user->lmpassword = lm_hash; user->lm_password_present = true; } if (keys.keys.keys2.ntpassword.length == 16) { - if (rid_crypt) { + if (memcmp(keys.keys.keys2.ntpassword.pwd.hash, + zero_buf, 16) != 0) { sam_pwd_hash(rid, - keys.keys.keys2.ntpassword.pwd.hash, - nt_hash.hash, 0); - user->ntpassword = nt_hash; + keys.keys.keys2.ntpassword.pwd.hash, + nt_hash.hash, 0); } else { - user->ntpassword = keys.keys.keys2.ntpassword.pwd; + memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); } + user->ntpassword = nt_hash; user->nt_password_present = true; } /* TODO: rid decrypt history fields */ @@ -128,7 +144,6 @@ static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx, static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, - bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *delta) { @@ -139,7 +154,6 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, status = fix_user(mem_ctx, session_key, - rid_crypt, database_id, delta); break; @@ -164,7 +178,6 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, DATA_BLOB *session_key, - bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r) { @@ -175,7 +188,6 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, status = samsync_fix_delta(mem_ctx, session_key, - rid_crypt, database_id, &r->delta_enum[i]); if (!NT_STATUS_IS_OK(status)) { |