IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch. In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file. What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false. So I think the
rid_crypt param should be false in fetch_database().
If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash(). I believe this is what is scrambling my passwords.
These methods were refactored somewhere in the 3.3 branch. Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false. I think that's correct. But the
second bug has carried through in the sam_account_from_delta()
function:
208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
211 }
212
213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field. So the LanMan and NT hashes look like they're being put in
the opposite fields."
Fix this by removing the rid_crypt parameter.
Jeremy.
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
With gcc 4.1.3 on Ubuntu 7.10 the following build warning occurs:
Compiling libnet/libnet_samsync_keytab.c
cc1: warnings being treated as errors
libnet/libnet_samsync_keytab.c: In function ‘fetch_sam_entries_keytab’:
libnet/libnet_samsync_keytab.c:102: warning: ‘entry.enctype’ is used uninitialized in this function
Fixed by initializing to ENCTYPE_NULL
Don't leak temporary data to callers but use a temporary context
that is freed at the end.
Michael
(This used to be commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25)
Use the libnet_dssync_context as a talloc context for the
result_message and error_message string members.
Using the passed in mem_ctx makes the implicit assumption
that mem_ctx is at least as long-lived as the libnet_dssync_context,
which is wrong.
Michael
(This used to be commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc)
Initialize it to false.
And pass it down to the libnet_keytab context in
libnet_dssync_keytab.c:keytab_startup().
Unused yet.
Michael
Note: This might not be not 100% clean design to put this into the
toplevel dssync context while it is keytab specific. But then, on the
other hand, other imaginable backends might want to use this flag, too...
(This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be)
Triggered by the flag clean_old_entries from the libnet_keytab_contex
(unused yet...).
Michael
(This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f)
to allow for removing all entries with given principal and enctype without
repecting the kvno (i.e. cleaning "old" entries...)
This is called with ignore_kvno == false from libnet_keytab_add_entry() to
keep the original behaviour.
Michael
(This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a)
I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.
Michael
(This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)
