sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

s3:libnet: let parse_user() in libnet_dssync_keytab.c work without nt hash

Browse Source 
It happens in setups with 'nt hash store = never'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-02-03 14:48:03 +01:00 committed by Andrew Bartlett
parent 01849ab1bc
commit 52df406387
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
source3/libnet/libnet_dssync_keytab.c
View File

@ -278,6 +278,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
spn = talloc_array(mem_ctx, char *, num_spns);
for (count = 0; count < num_spns; count++) {
blob = attr->value_ctr.values[count].blob;
if (blob == NULL) {
continue;
}
pull_string_talloc(spn, NULL, 0,
&spn[count],
blob->data, blob->length,
@ -285,6 +288,18 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
}
}
if (attr->attid == DRSUAPI_ATTID_unicodePwd &&
cur->meta_data_ctr != NULL &&
cur->meta_data_ctr->count ==
cur->object.attribute_ctr.num_attributes)
{
/*
* pick the kvno from the unicodePwd
* meta data, even without a unicodePwd blob
*/
kvno = cur->meta_data_ctr->meta_data[i].version;
}
if (attr->value_ctr.num_values != 1) {
continue;
}
@ -304,18 +319,6 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
memcpy(&nt_passwd, blob->data, 16);
got_pwd = true;
/* pick the kvno from the meta_data version,
* thanks, metze, for explaining this */
if (!cur->meta_data_ctr) {
break;
}
if (cur->meta_data_ctr->count !=
cur->object.attribute_ctr.num_attributes) {
break;
}
kvno = cur->meta_data_ctr->meta_data[i].version;
break;
case DRSUAPI_ATTID_ntPwdHistory:
pwd_history_len = blob->length / 16;
@ -353,11 +356,6 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
}
}
if (!got_pwd) {
DEBUG(10, ("no password (unicodePwd) found - skipping.\n"));
return NT_STATUS_OK;
}
if (name) {
status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, 0, object_dn,
"SAMACCOUNTNAME",
@ -422,12 +420,14 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
}
DEBUGADD(1,("\n"));
status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL,
ENCTYPE_ARCFOUR_HMAC,
data_blob_talloc(mem_ctx, nt_passwd, 16));
if (got_pwd) {
status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL,
ENCTYPE_ARCFOUR_HMAC,
data_blob_talloc(mem_ctx, nt_passwd, 16));
if (!NT_STATUS_IS_OK(status)) {
return status;
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
/* add kerberos keys (if any) */