1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source3/passdb
Alexander Bokovoy f3e349bebc krb5-samba: interdomain trust uses different salt principal
Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)

The salt principal for the BLA$ user object was generated wrong.

dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA

dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000

The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.

While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep  5 03:57:22 CEST 2018 on sn-devel-144
2018-09-05 03:57:22 +02:00
..
ABI s3:passdb: add create_builtin_guests() 2018-03-19 20:30:49 +01:00
account_pol.c lib: Pass mem_ctx to state_path() 2018-08-17 11:30:11 +02:00
login_cache.c lib: Pass mem_ctx to cache_path() 2018-08-17 14:28:51 +02:00
lookup_sid.c passdb: Fix a typo 2017-11-13 23:54:46 +01:00
lookup_sid.h s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. 2015-07-28 21:35:58 +02:00
machine_account_secrets.c krb5-samba: interdomain trust uses different salt principal 2018-09-05 03:57:22 +02:00
machine_sid.c s3:passdb formatting changes 2012-09-27 04:36:52 +02:00
machine_sid.h s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam() 2012-07-12 18:36:02 +02:00
passdb.c s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials() 2017-02-24 18:40:14 +01:00
pdb_compat.c Convert all uses of uint32/16/8 to _t in source3/passdb. 2015-05-12 01:32:12 +02:00
pdb_get_set.c Add --set-nt-hash option to pdbedit to update user password from nt-hash hexstring. 2015-11-30 03:49:25 +01:00
pdb_interface.c lib: Use messaging_send_all instead of message_send_all 2017-12-05 00:56:13 +01:00
pdb_ldap_schema.c s3-passdb: Remove obsolte ldapsam_compat support. 2012-07-03 21:56:49 +02:00
pdb_ldap_schema.h s3-passdb: Remove obsolte ldapsam_compat support. 2012-07-03 21:56:49 +02:00
pdb_ldap_util.c Fix Jean François name to be UTF-8 2018-05-09 10:38:57 +02:00
pdb_ldap_util.h
pdb_ldap.c Fix Jean François name to be UTF-8 2018-05-09 10:38:57 +02:00
pdb_ldap.h lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *) 2017-04-22 01:17:00 +02:00
pdb_nds.c pdb_nds: Fix CID 1273401 Unused value 2018-04-07 02:11:20 +02:00
pdb_nds.h lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *) 2017-04-22 01:17:00 +02:00
pdb_samba_dsdb.c Fix spelling s/coult/could/ 2018-05-12 02:09:26 +02:00
pdb_secrets.c Convert all uses of uint32/16/8 to _t in source3/passdb. 2015-05-12 01:32:12 +02:00
pdb_secrets.h Convert all uses of uint32/16/8 to _t in source3/passdb. 2015-05-12 01:32:12 +02:00
pdb_smbpasswd.c s3:passdb: Fix size of ascii_p16 2018-05-17 17:30:09 +02:00
pdb_smbpasswd.h lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *) 2017-04-22 01:17:00 +02:00
pdb_tdb.c lib: Pass mem_ctx to state_path() 2018-08-17 11:30:11 +02:00
pdb_tdb.h lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *) 2017-04-22 01:17:00 +02:00
pdb_unixid.c
pdb_util.c s3:passdb: add create_builtin_guests() 2018-03-19 20:30:49 +01:00
py_passdb.c s3/py_passdb: initialize optional parameters earlier 2018-04-13 07:27:14 +02:00
secrets_lsa.c s3:secrets: rename secrets_delete() to secrets_delete_entry() 2017-06-27 16:57:45 +02:00
secrets.c s3:passdb: Don't leak memory on error in fetch_ldap_pw() 2018-08-11 01:49:16 +02:00
wscript_build wscript_build: fix c modules deps name for Python 3 2018-04-05 08:59:09 +02:00