Univention Bugzilla – Attachment 10495 Details for
Bug 46745
Disabling DES keys with Samba not possible: S4-Connector: sync_from_ucs: Primary:Kerberos missing
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Allow des-cbc-md5 to be dummy hash
samba_allow_dummy_hash_instead_of_des_cbc_md5.patch (text/plain), 2.38 KB, created by
Julia Bremer
on 2020-09-16 22:33:57 CEST
(
hide
)
Description:
Allow des-cbc-md5 to be dummy hash
Filename:
MIME Type:
Creator:
Julia Bremer
Created:
2020-09-16 22:33:57 CEST
Size:
2.38 KB
patch
obsolete
>Index: samba-4.10.1/source4/dsdb/samdb/ldb_modules/password_hash.c >=================================================================== >--- samba-4.10.1.orig/source4/dsdb/samdb/ldb_modules/password_hash.c >+++ samba-4.10.1/source4/dsdb/samdb/ldb_modules/password_hash.c >@@ -419,9 +419,10 @@ static int password_hash_bypass(struct l > "PrimaryKerberos num_old_keys > num_keys"); > } > >- if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5) { >+ if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5 && >+ k->ctr.ctr3.keys[0].keytype != DUMMY_NTHASH_KEYTYPE) { > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, >- "PrimaryKerberos key[0] != DES_CBC_MD5"); >+ "PrimaryKerberos key[0] != DES_CBC_MD5 and != DUMMY_NTHASH_KEYTYPE"); > } > // W2k8 and later DCs pass a dummy NThash to W2k3 DCs > // [MS-SAMR] Section 2.2.10.8 footnote <23> >@@ -430,7 +431,8 @@ static int password_hash_bypass(struct l > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, > "PrimaryKerberos key[1] != DES_CBC_CRC and != DUMMY_NTHASH_KEYTYPE"); > } >- if (k->ctr.ctr3.keys[0].value_len != 8) { >+ if (k->ctr.ctr3.keys[0].value_len != 8 && >+ k->ctr.ctr3.keys[0].keytype == ENCTYPE_DES_CBC_MD5) { > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, > "PrimaryKerberos key[0] value_len != 8"); > } >@@ -512,9 +514,10 @@ static int password_hash_bypass(struct l > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, > "KerberosNewerKeys key[1] != AES128"); > } >- if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5) { >+ if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5 && >+ k->ctr.ctr4.keys[2].keytype != DUMMY_NTHASH_KEYTYPE) { > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, >- "KerberosNewerKeys key[2] != DES_CBC_MD5"); >+ "KerberosNewerKeys key[2] != DES_CBC_MD5 and != DUMMY_NTHASH_KEYTYPE"); > } > // W2k8 and later DCs pass a dummy NThash to W2k3 DCs > // [MS-SAMR] Section 2.2.10.8 footnote <23> >@@ -532,7 +535,8 @@ static int password_hash_bypass(struct l > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, > "KerberosNewerKeys key[1] value_len != 16"); > } >- if (k->ctr.ctr4.keys[2].value_len != 8) { >+ if (k->ctr.ctr4.keys[2].value_len != 8 && >+ k->ctr.ctr4.keys[2].keytype == ENCTYPE_DES_CBC_MD5) { > return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, > "KerberosNewerKeys key[2] value_len != 8"); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10495">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 46745
: 10495