1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

8 Commits

Author SHA1 Message Date
Günther Deschner
9051351509 s3-libnet-samsync: pass sequence number pointer to process routine.
Guenther
2008-11-18 16:05:03 +01:00
Günther Deschner
8c67159755 s3-libnet-samsync: move all modules to startup,process,finish callbacks.
Guenther
2008-11-18 16:04:54 +01:00
Günther Deschner
eef8de5c88 s3-libnet-samsync: use samsync_ops.
Guenther
2008-11-18 16:04:39 +01:00
Günther Deschner
d10293dfdc s3-libnet-samsync: add samsync_ops to all samsync modules.
Guenther
2008-11-18 16:04:30 +01:00
Günther Deschner
3fa7a1b085 s3-libnet_samsync: print new line in display output.
Guenther
2008-11-04 19:55:07 +01:00
Jeremy Allison
f53578daf4 Fix net rpc vampire, based on an *amazing* piece of debugging work by "Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch.  In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file.  What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false.  So I think the
rid_crypt param should be false in fetch_database().

If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash().  I believe this is what is scrambling my passwords.

These methods were refactored somewhere in the 3.3 branch.  Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false.  I think that's correct.  But the
second bug has carried through in the sam_account_from_delta()
function:

 208         if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
 209                 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
 210                 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
 211         }
 212
 213         if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
 214                 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
 215                 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);

If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field.  So the LanMan and NT hashes look like they're being put in
the opposite fields."

Fix this by removing the rid_crypt parameter.
Jeremy.
2008-10-22 13:21:23 -07:00
Günther Deschner
92df9ae393 net_vampire: use bool for last_query information in samsync.
Guenther
(This used to be commit fa1976e23a)
2008-06-27 01:59:26 +02:00
Günther Deschner
bd6fece98a net_vampire: move out display routines to one file.
Guenther
(This used to be commit 64b48a07e7)
2008-06-23 23:38:52 +02:00