diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-01-30 16:53:40 +0000 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2015-03-12 17:13:43 +0100 |
commit | 2a2cec6f9c5922e689cd79c13e9370eda8a396bb (patch) | |
tree | 3862627c4b6c05d49688ab2e89fabbc8f37d25a7 /source3 | |
parent | 7d36141ba3a6a12b71ef6a0b04184d38c4833c99 (diff) | |
download | samba-2a2cec6f9c5922e689cd79c13e9370eda8a396bb.tar.gz |
s3:pdb_samba_dsdb: return the previous password and the kvno in pdb_samba_dsdb_get_trusteddom_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/pdb_samba_dsdb.c | 91 |
1 files changed, 72 insertions, 19 deletions
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index bbedd88523e..13be2493fcd 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -2286,9 +2286,11 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m, int trust_type; int i; DATA_BLOB password_utf16 = {}; - DATA_BLOB password_nt = {}; + struct samr_Password *password_nt = NULL; + uint32_t password_version = 0; + DATA_BLOB old_password_utf16 = {}; + struct samr_Password *old_password_nt = NULL; struct trustAuthInOutBlob password_blob; - struct AuthenticationInformationArray *auth_array = NULL; enum ndr_err_code ndr_err; NTSTATUS status; time_t last_set_time = 0; @@ -2361,27 +2363,65 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m, return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - auth_array = &password_blob.current; + for (i=0; i < password_blob.current.count; i++) { + struct AuthenticationInformation *a = + &password_blob.current.array[i]; - for (i=0; i < auth_array->count; i++) { - if (auth_array->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { - last_set_time = nt_time_to_unix(auth_array->array[i].LastUpdateTime); + switch (a->AuthType) { + case TRUST_AUTH_TYPE_NONE: + break; + + case TRUST_AUTH_TYPE_VERSION: + password_version = a->AuthInfo.version.version; + break; + + case TRUST_AUTH_TYPE_CLEAR: + last_set_time = nt_time_to_unix(a->LastUpdateTime); + + password_utf16 = data_blob_const(a->AuthInfo.clear.password, + a->AuthInfo.clear.size); + password_nt = NULL; + break; + + case TRUST_AUTH_TYPE_NT4OWF: + if (password_utf16.length != 0) { + break; + } + + last_set_time = nt_time_to_unix(a->LastUpdateTime); - password_utf16 = data_blob_const(auth_array->array[i].AuthInfo.clear.password, - auth_array->array[i].AuthInfo.clear.size); - password_nt = data_blob_null; + password_nt = &a->AuthInfo.nt4owf.password; break; } + } + + for (i=0; i < password_blob.previous.count; i++) { + struct AuthenticationInformation *a = &password_blob.previous.array[i]; + + switch (a->AuthType) { + case TRUST_AUTH_TYPE_NONE: + break; - if (auth_array->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { - last_set_time = nt_time_to_unix(auth_array->array[i].LastUpdateTime); + case TRUST_AUTH_TYPE_VERSION: + break; + + case TRUST_AUTH_TYPE_CLEAR: + old_password_utf16 = data_blob_const(a->AuthInfo.clear.password, + a->AuthInfo.clear.size); + old_password_nt = NULL; + break; + + case TRUST_AUTH_TYPE_NT4OWF: + if (old_password_utf16.length != 0) { + break; + } - password_nt = data_blob_const(auth_array->array[i].AuthInfo.clear.password, - auth_array->array[i].AuthInfo.clear.size); + old_password_nt = &a->AuthInfo.nt4owf.password; + break; } } - if (password_utf16.length == 0 && password_nt.length == 0) { + if (password_utf16.length == 0 && password_nt == NULL) { DEBUG(0, ("Trusted domain %s does not have a " "clear-text nor nt password stored\n", domain)); @@ -2454,14 +2494,26 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m, } } - if (password_nt.length == 16) { - struct samr_Password nt_hash; + if (old_password_nt != NULL) { + ok = cli_credentials_set_old_nt_hash(creds, old_password_nt); + if (!ok) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + } - memcpy(nt_hash.hash, password_nt.data, 16); + if (old_password_utf16.length > 0) { + ok = cli_credentials_set_old_utf16_password(creds, + &old_password_utf16); + if (!ok) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + } - ok = cli_credentials_set_nt_hash(creds, &nt_hash, + if (password_nt != NULL) { + ok = cli_credentials_set_nt_hash(creds, password_nt, CRED_SPECIFIED); - ZERO_STRUCT(nt_hash); if (!ok) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; @@ -2479,6 +2531,7 @@ static NTSTATUS pdb_samba_dsdb_get_trusteddom_creds(struct pdb_methods *m, } cli_credentials_set_password_last_changed_time(creds, last_set_time); + cli_credentials_set_kvno(creds, password_version); if (password_utf16.length > 0 && dns_domain != NULL) { /* |