1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()

We should setup io->o.* (the old password attributes) completely in setup_io().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-06-03 16:20:39 +02:00 committed by Andrew Bartlett
parent 02be8a1e8b
commit f3ce752043

View File

@ -1397,7 +1397,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
{
struct ldb_context *ldb;
struct supplementalCredentialsBlob scb;
struct supplementalCredentialsBlob _old_scb;
struct supplementalCredentialsBlob *old_scb = NULL;
/* Packages + (Kerberos-Newer-Keys, Kerberos, WDigest and CLEARTEXT) */
uint32_t num_names = 0;
@ -1452,27 +1451,17 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
return LDB_SUCCESS;
}
/* if there's an old supplementaCredentials blob then parse it */
/* if there's an old supplementaCredentials blob then use it */
if (io->o.supplemental) {
ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac,
&_old_scb,
(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(ldb,
"setup_supplemental_field: "
"failed to pull old supplementalCredentialsBlob: %s",
nt_errstr(status));
return LDB_ERR_OPERATIONS_ERROR;
}
if (_old_scb.sub.signature == SUPPLEMENTAL_CREDENTIALS_SIGNATURE) {
old_scb = &_old_scb;
if (io->o.scb.sub.signature == SUPPLEMENTAL_CREDENTIALS_SIGNATURE) {
old_scb = &io->o.scb;
} else {
ldb_debug(ldb, LDB_DEBUG_ERROR,
"setup_supplemental_field: "
"supplementalCredentialsBlob signature[0x%04X] expected[0x%04X]",
_old_scb.sub.signature, SUPPLEMENTAL_CREDENTIALS_SIGNATURE);
"setup_supplemental_field: "
"supplementalCredentialsBlob "
"signature[0x%04X] expected[0x%04X]",
io->o.scb.sub.signature,
SUPPLEMENTAL_CREDENTIALS_SIGNATURE);
}
}
/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
@ -2707,6 +2696,22 @@ static int setup_io(struct ph_context *ac,
&io->o.lm_history);
io->o.supplemental = ldb_msg_find_ldb_val(existing_msg,
"supplementalCredentials");
if (io->o.supplemental != NULL) {
enum ndr_err_code ndr_err;
ndr_err = ndr_pull_struct_blob_all(io->o.supplemental, io->ac,
&io->o.scb,
(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
ldb_asprintf_errstring(ldb,
"setup_io: failed to pull "
"old supplementalCredentialsBlob: %s",
nt_errstr(status));
return LDB_ERR_OPERATIONS_ERROR;
}
}
}
return LDB_SUCCESS;