mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
auth/credentials: Use salt on credentials object for Creds.get_aes256_key()
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
parent
74f9d2e519
commit
9fc11e329c
@ -351,7 +351,6 @@ NTSTATUS netlogon_creds_session_encrypt(
|
||||
int cli_credentials_get_aes256_key(struct cli_credentials *cred,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct loadparm_context *lp_ctx,
|
||||
const char *salt,
|
||||
DATA_BLOB *aes_256);
|
||||
|
||||
/**
|
||||
|
@ -1484,13 +1484,13 @@ _PUBLIC_ void cli_credentials_set_target_service(struct cli_credentials *cred, c
|
||||
_PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct loadparm_context *lp_ctx,
|
||||
const char *salt,
|
||||
DATA_BLOB *aes_256)
|
||||
{
|
||||
struct smb_krb5_context *smb_krb5_context = NULL;
|
||||
krb5_error_code krb5_ret;
|
||||
int ret;
|
||||
const char *password = NULL;
|
||||
const char *salt = NULL;
|
||||
krb5_data cleartext_data;
|
||||
krb5_data salt_data = {
|
||||
.length = 0,
|
||||
@ -1502,6 +1502,11 @@ _PUBLIC_ int cli_credentials_get_aes256_key(struct cli_credentials *cred,
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
salt = cli_credentials_get_salt_principal(cred);
|
||||
if (salt == NULL) {
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
password = cli_credentials_get_password(cred);
|
||||
if (password == NULL) {
|
||||
return EINVAL;
|
||||
|
@ -1007,7 +1007,6 @@ static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
|
||||
struct loadparm_context *lp_ctx = NULL;
|
||||
TALLOC_CTX *mem_ctx = NULL;
|
||||
PyObject *py_lp_ctx = Py_None;
|
||||
const char *salt = NULL;
|
||||
DATA_BLOB aes_256;
|
||||
int code;
|
||||
PyObject *ret = NULL;
|
||||
@ -1017,7 +1016,7 @@ static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!PyArg_ParseTuple(args, "s|O", &salt, &py_lp_ctx))
|
||||
if (!PyArg_ParseTuple(args, "|O", &py_lp_ctx))
|
||||
return NULL;
|
||||
|
||||
mem_ctx = talloc_new(NULL);
|
||||
@ -1035,7 +1034,6 @@ static PyObject *py_creds_get_aes256_key(PyObject *self, PyObject *args)
|
||||
code = cli_credentials_get_aes256_key(creds,
|
||||
mem_ctx,
|
||||
lp_ctx,
|
||||
salt,
|
||||
&aes_256);
|
||||
if (code != 0) {
|
||||
PyErr_SetString(PyExc_RuntimeError,
|
||||
@ -1629,9 +1627,9 @@ static PyMethodDef py_creds_methods[] = {
|
||||
.ml_name = "get_aes256_key",
|
||||
.ml_meth = py_creds_get_aes256_key,
|
||||
.ml_flags = METH_VARARGS,
|
||||
.ml_doc = "S.get_aes256_key(salt[, lp]) -> bytes\n"
|
||||
.ml_doc = "S.get_aes256_key([lp]) -> bytes\n"
|
||||
"Generate an AES256 key using the current password and\n"
|
||||
"the specified salt",
|
||||
"the salt on this credentials object",
|
||||
},
|
||||
{
|
||||
.ml_name = "encrypt_netr_crypt_password",
|
||||
|
@ -489,7 +489,8 @@ class GetPasswordCommand(Command):
|
||||
decrypted = tmp.get_nt_hash()
|
||||
current_hash = unicodePwd
|
||||
elif aes256_key is not None and kerberos_salt is not None:
|
||||
decrypted = tmp.get_aes256_key(kerberos_salt)
|
||||
tmp.set_kerberos_salt_principal(kerberos_salt)
|
||||
decrypted = tmp.get_aes256_key()
|
||||
current_hash = aes256_key.value
|
||||
|
||||
if current_hash is not None and current_hash == decrypted:
|
||||
|
Loading…
Reference in New Issue
Block a user