From b5a9f7c684d494375899864435403055b7b0e45a Mon Sep 17 00:00:00 2001 From: root Date: Sun, 16 Aug 2015 21:14:40 +0200 Subject: [PATCH 2/4] Store user LM/NT-passwords in auth_user_info_dc structure. To be able to use the user passwords in the Kerberos PAC generation functions, store them as an additional field in the function that prepares the corresponding auth_user_info_dc structure for the PAC generation helpers. --- librpc/idl/auth.idl | 1 + source4/auth/sam.c | 30 ++++++++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl index 0bed671..5bd0c79 100644 --- a/librpc/idl/auth.idl +++ b/librpc/idl/auth.idl @@ -80,6 +80,7 @@ interface auth auth_user_info *info; [noprint] DATA_BLOB user_session_key; [noprint] DATA_BLOB lm_session_key; + PAC_CREDENTIAL_NTLM_SECPKG *passwords; } auth_user_info_dc; typedef [public] struct { diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 767e44c..4085aa9 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -281,6 +281,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, NTSTATUS status; struct auth_user_info_dc *user_info_dc; struct auth_user_info *info; + struct PAC_CREDENTIAL_NTLM_SECPKG *passwords; const char *str, *filter; /* SIDs for the account and his primary group */ struct dom_sid *account_sid; @@ -293,12 +294,13 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct dom_sid *domain_sid; TALLOC_CTX *tmp_ctx; struct ldb_message_element *el; + const struct ldb_val *val; user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); NT_STATUS_HAVE_NO_MEMORY(user_info_dc); tmp_ctx = talloc_new(user_info_dc); - NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc, user_info_dc); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(tmp_ctx, user_info_dc); sids = talloc_array(user_info_dc, struct dom_sid, 2); NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sids, user_info_dc); @@ -366,7 +368,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, user_info_dc->num_sids = num_sids; user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); - NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->info, user_info_dc); info->account_name = talloc_steal(info, ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL)); @@ -435,6 +437,30 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, user_info_dc); } + user_info_dc->passwords = passwords = + talloc_zero(user_info_dc, struct PAC_CREDENTIAL_NTLM_SECPKG); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->passwords, user_info_dc); + + val = ldb_msg_find_ldb_val(msg, "dBCSPwd"); + if (val && (val->length >= sizeof(passwords->lmpwd.hash))) { + DEBUG(5, ("Passing LM password hash through credentials set\n")); + passwords->flags |= PAC_CREDENTIAL_NTLM_HAS_LMPWD; + memcpy(passwords->lmpwd.hash, val->data, MIN(val->length, + sizeof(passwords->lmpwd.hash))); + } else { + DEBUG(2, ("No LM password hash present, not passing through credset\n")); + } + + val = ldb_msg_find_ldb_val(msg, "unicodePwd"); + if (val && (val->length >= sizeof(passwords->ntpwd.hash))) { + DEBUG(5, ("Passing NT password hash through credentials set\n")); + passwords->flags |= PAC_CREDENTIAL_NTLM_HAS_NTPWD; + memcpy(passwords->ntpwd.hash, val->data, MIN(val->length, + sizeof(passwords->ntpwd.hash))); + } else { + DEBUG(2, ("No NT Password hash present, not passing through credset\n")); + } + if (info->acct_flags & ACB_SVRTRUST) { /* the SID_NT_ENTERPRISE_DCS SID gets added into the PAC */ -- 2.1.4