Changeset 228 for branches/samba-3.2.x/source/libnet
- Timestamp:
- May 26, 2009, 9:44:50 AM (16 years ago)
- Location:
- branches/samba-3.2.x/source/libnet
- Files:
-
- 3 edited
-
libnet_join.c (modified) (4 diffs)
-
libnet_proto.h (modified) (1 diff)
-
libnet_samsync.c (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/libnet/libnet_join.c
r141 r228 358 358 spn_array[0] = spn; 359 359 360 if (name_to_fqdn(my_fqdn, r->in.machine_name) && 361 !strequal(my_fqdn, r->in.machine_name)) { 362 363 strlower_m(my_fqdn); 360 if (!name_to_fqdn(my_fqdn, r->in.machine_name) 361 || (strchr(my_fqdn, '.') == NULL)) { 362 fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, 363 r->out.dns_domain_name); 364 } 365 366 strlower_m(my_fqdn); 367 368 if (!strequal(my_fqdn, r->in.machine_name)) { 364 369 spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); 365 370 if (!spn) { … … 730 735 uint32_t user_rid; 731 736 uint32_t acct_flags = ACB_WSTRUST; 732 uchar pwbuf[532];733 struct MD5Context md5ctx;734 uchar md5buffer[16];735 DATA_BLOB digested_session_key;736 uchar md4_trust_password[16];737 737 struct samr_Ids user_rids; 738 738 struct samr_Ids name_types; 739 739 union samr_UserInfo user_info; 740 741 struct samr_CryptPassword crypt_pwd; 742 struct samr_CryptPasswordEx crypt_pwd_ex; 740 743 741 744 ZERO_STRUCT(sam_pol); … … 866 869 } 867 870 868 /* Create a random machine account password and generate the hash */869 870 E_md4hash(r->in.machine_password, md4_trust_password);871 encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);872 873 generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer));874 digested_session_key = data_blob_talloc(mem_ctx, 0, 16);875 876 MD5Init(&md5ctx);877 MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));878 MD5Update(&md5ctx, cli->user_session_key.data,879 cli->user_session_key.length);880 MD5Final(digested_session_key.data, &md5ctx);881 882 SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);883 memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));884 885 871 /* Fill in the additional account flags now */ 886 872 … … 893 879 } 894 880 895 /* Set password and account flags on machine account */ 896 897 ZERO_STRUCT(user_info.info25); 898 899 user_info.info25.info.fields_present = ACCT_NT_PWD_SET | 900 ACCT_LM_PWD_SET | 901 SAMR_FIELD_ACCT_FLAGS; 902 903 user_info.info25.info.acct_flags = acct_flags; 904 memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf)); 881 /* Set account flags on machine account */ 882 ZERO_STRUCT(user_info.info16); 883 user_info.info16.acct_flags = acct_flags; 905 884 906 885 status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, 907 886 &user_pol, 908 25,887 16, 909 888 &user_info); 910 889 890 if (!NT_STATUS_IS_OK(status)) { 891 892 rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, 893 &user_pol); 894 895 libnet_join_set_error_string(mem_ctx, r, 896 "Failed to set account flags for machine account (%s)\n", 897 nt_errstr(status)); 898 goto done; 899 } 900 901 /* Set password on machine account - first try level 26 */ 902 903 init_samr_CryptPasswordEx(r->in.machine_password, 904 &cli->user_session_key, 905 &crypt_pwd_ex); 906 907 init_samr_user_info26(&user_info.info26, &crypt_pwd_ex, 908 PASS_DONT_CHANGE_AT_NEXT_LOGON); 909 910 status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, 911 &user_pol, 912 26, 913 &user_info); 914 911 915 if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { 912 916 913 uchar pwbuf2[516];914 915 encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE);916 917 917 /* retry with level 24 */ 918 init_samr_user_info24(&user_info.info24, pwbuf2, 24); 919 920 SamOEMhashBlob(user_info.info24.password.data, 516, 921 &cli->user_session_key); 918 919 init_samr_CryptPassword(r->in.machine_password, 920 &cli->user_session_key, 921 &crypt_pwd); 922 923 init_samr_user_info24(&user_info.info24, &crypt_pwd, 924 PASS_DONT_CHANGE_AT_NEXT_LOGON); 922 925 923 926 status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, -
branches/samba-3.2.x/source/libnet/libnet_proto.h
r139 r228 25 25 NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, 26 26 DATA_BLOB *session_key, 27 bool rid_crypt,28 27 enum netr_SamDatabaseID database_id, 29 28 struct netr_DELTA_ENUM_ARRAY *r); -
branches/samba-3.2.x/source/libnet/libnet_samsync.c
r139 r228 33 33 static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, 34 34 DATA_BLOB *session_key, 35 bool rid_crypt,36 35 enum netr_SamDatabaseID database_id, 37 36 struct netr_DELTA_ENUM *delta) … … 42 41 struct samr_Password lm_hash; 43 42 struct samr_Password nt_hash; 43 unsigned char zero_buf[16]; 44 44 45 if (rid_crypt) { 46 if (user->lm_password_present) { 45 memset(zero_buf, '\0', sizeof(zero_buf)); 46 47 /* Note that win2000 may send us all zeros 48 * for the hashes if it doesn't 49 * think this channel is secure enough. */ 50 if (user->lm_password_present) { 51 if (memcmp(user->lmpassword.hash, zero_buf, 16) != 0) { 47 52 sam_pwd_hash(rid, user->lmpassword.hash, lm_hash.hash, 0); 48 user->lmpassword = lm_hash; 53 } else { 54 memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); 49 55 } 56 user->lmpassword = lm_hash; 57 } 50 58 51 if (user->nt_password_present) { 59 if (user->nt_password_present) { 60 if (memcmp(user->ntpassword.hash, zero_buf, 16) != 0) { 52 61 sam_pwd_hash(rid, user->ntpassword.hash, nt_hash.hash, 0); 53 user->ntpassword = nt_hash; 62 } else { 63 memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); 54 64 } 65 user->ntpassword = nt_hash; 55 66 } 56 67 … … 72 83 } 73 84 85 /* Note that win2000 may send us all zeros 86 * for the hashes if it doesn't 87 * think this channel is secure enough. */ 74 88 if (keys.keys.keys2.lmpassword.length == 16) { 75 if (rid_crypt) { 89 if (memcmp(keys.keys.keys2.lmpassword.pwd.hash, 90 zero_buf, 16) != 0) { 76 91 sam_pwd_hash(rid, 77 92 keys.keys.keys2.lmpassword.pwd.hash, 78 93 lm_hash.hash, 0); 79 user->lmpassword = lm_hash;80 94 } else { 81 user->lmpassword = keys.keys.keys2.lmpassword.pwd;95 memset(lm_hash.hash, '\0', sizeof(lm_hash.hash)); 82 96 } 97 user->lmpassword = lm_hash; 83 98 user->lm_password_present = true; 84 99 } 85 100 if (keys.keys.keys2.ntpassword.length == 16) { 86 if (rid_crypt) { 101 if (memcmp(keys.keys.keys2.ntpassword.pwd.hash, 102 zero_buf, 16) != 0) { 87 103 sam_pwd_hash(rid, 88 keys.keys.keys2.ntpassword.pwd.hash, 89 nt_hash.hash, 0); 90 user->ntpassword = nt_hash; 104 keys.keys.keys2.ntpassword.pwd.hash, 105 nt_hash.hash, 0); 91 106 } else { 92 user->ntpassword = keys.keys.keys2.ntpassword.pwd;107 memset(nt_hash.hash, '\0', sizeof(nt_hash.hash)); 93 108 } 109 user->ntpassword = nt_hash; 94 110 user->nt_password_present = true; 95 111 } … … 129 145 static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, 130 146 DATA_BLOB *session_key, 131 bool rid_crypt,132 147 enum netr_SamDatabaseID database_id, 133 148 struct netr_DELTA_ENUM *delta) … … 140 155 status = fix_user(mem_ctx, 141 156 session_key, 142 rid_crypt,143 157 database_id, 144 158 delta); … … 165 179 NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, 166 180 DATA_BLOB *session_key, 167 bool rid_crypt,168 181 enum netr_SamDatabaseID database_id, 169 182 struct netr_DELTA_ENUM_ARRAY *r) … … 176 189 status = samsync_fix_delta(mem_ctx, 177 190 session_key, 178 rid_crypt,179 191 database_id, 180 192 &r->delta_enum[i]);
Note:
See TracChangeset
for help on using the changeset viewer.
