diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-09-04 10:16:59 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2018-09-05 13:35:30 +0200 |
commit | fab6d42c6b98e5809d2abef886b16fb73fa27d7b (patch) | |
tree | 28ccf8717ef47c91aab65af3091459f9b6c10a73 /python/samba | |
parent | f7b9267767c7989213fa2d20d356cd12756d6d89 (diff) | |
download | samba-fab6d42c6b98e5809d2abef886b16fb73fa27d7b.tar.gz |
samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords'
This might be useful for someone, but at least it's very useful for
tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 39c281a23673691bab621de1a632d64df2c1c102)
Diffstat (limited to 'python/samba')
-rw-r--r-- | python/samba/netcmd/user.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 3b744a3f4ac..a82ac76fddb 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -199,6 +199,9 @@ for (alg, attr) in [("5", "virtualCryptSHA256"), ("6", "virtualCryptSHA512")]: for x in range(1, 30): virtual_attributes["virtualWDigest%02d" % x] = {} +# Add Kerberos virtual attributes +virtual_attributes["virtualKerberosSalt"] = {} + virtual_attributes_help = "The attributes to display (comma separated). " virtual_attributes_help += "Possible supported virtual attributes: %s" % ", ".join(sorted(virtual_attributes.keys())) if len(disabled_virtual_attributes) != 0: @@ -1217,6 +1220,16 @@ class GetPasswordCommand(Command): # first matching scheme return (None, scheme_match) + def get_kerberos_ctr(): + primary_krb5 = get_package("Primary:Kerberos-Newer-Keys") + if primary_krb5 is None: + primary_krb5 = get_package("Primary:Kerberos") + if primary_krb5 is None: + return (0, None) + krb5_blob = ndr_unpack(drsblobs.package_PrimaryKerberosBlob, + primary_krb5) + return (krb5_blob.version, krb5_blob.ctr) + # We use sort here in order to have a predictable processing order for a in sorted(virtual_attributes.keys()): if not a.lower() in lower_attrs: @@ -1268,6 +1281,11 @@ class GetPasswordCommand(Command): v = get_package("Primary:SambaGPG", min_idx=-1) if v is None: continue + elif a == "virtualKerberosSalt": + (krb5_v, krb5_ctr) = get_kerberos_ctr() + if krb5_v not in [3, 4]: + continue + v = krb5_ctr.salt.string elif a.startswith("virtualWDigest"): primary_wdigest = get_package("Primary:WDigest") if primary_wdigest is None: @@ -1384,6 +1402,9 @@ for which virtual attributes are supported in your environment): https://msdn.microsoft.com/en-us/library/cc245680.aspx is incorrect + virtualKerberosSalt: This results the salt string that is used to compute + Kerberos keys from a UTF-8 cleartext password. + virtualSambaGPG: The raw cleartext as stored in the 'Primary:SambaGPG' buffer inside of the supplementalCredentials attribute. @@ -1551,6 +1572,9 @@ for supported virtual attributes in your environment): https://msdn.microsoft.com/en-us/library/cc245680.aspx is incorrect. + virtualKerberosSalt: This results the salt string that is used to compute + Kerberos keys from a UTF-8 cleartext password. + virtualSambaGPG: The raw cleartext as stored in the 'Primary:SambaGPG' buffer inside of the supplementalCredentials attribute. |