Univention Bugzilla – Attachment 5990 Details for
Bug 35287
Windows DPAPI fails after repeated user password change
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
check_backupkey.sh
check_backupkey.sh (text/plain), 1.80 KB, created by
Arvid Requate
on 2014-07-10 13:28:07 CEST
(
hide
)
Description:
check_backupkey.sh
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2014-07-10 13:28:07 CEST
Size:
1.80 KB
patch
obsolete
>#!/bin/bash > >eval "$(ucr shell)" > >currentValue=$(ldbsearch -H ldapi:///var/lib/samba/private/ldap_priv/ldapi -b "CN=System,$ldap_base" '(&(objectClass=secret)(CN=BCKUPKEY_PREFERRED Secret))' currentValue | ldapsearch-wrapper | sed -n 's/^currentValue:: //p') > >if [ -z "$currentValue" ]; then > echo "No BCKPKEY_PREFERRED found yet. Ok, nothing to do." > exit 1 >fi > >guid=$(echo "$currentValue" | python -c 'import sys,binascii; from samba.dcerpc.misc import GUID; from samba.ndr import ndr_unpack, ndr_print; print str(ndr_unpack(GUID, binascii.a2b_base64(sys.stdin.read())))') > >currentValue2=$(ldbsearch -H ldapi:///var/lib/samba/private/ldap_priv/ldapi -b "CN=System,$ldap_base" "(&(objectClass=secret)(CN=BCKUPKEY_$guid Secret))" currentValue | ldapsearch-wrapper | sed -n 's/^currentValue:: //p') > >cert=$(echo "$currentValue2" | base64 -d | dd bs=1c skip=1184 | openssl x509 -text -inform DER) > >echo "Currently active ClientWrap Backupkey certificate:" >echo "===============================================================================" >echo "$cert" >echo "===============================================================================" >echo >echo >bits=$(echo "$cert" | sed -n 's/.*RSA Public Key: (\([0-9]*\) bit)/\1/p') >if [ -z "$bits" ]; then > echo "Failed to read number of bits in RSA Public Key, sorry." >fi > >if [ "$bits" != 2048 ]; then > echo "The currently active ClientWrap Backupkey certificate doesn't seem to have 2048 bits (only $bits)." > echo "Disable it?" > echo "A new one will be generated the next time a new user logs on to a freshly bootet windows client." > read -p "Disable it? [y/n] " > if [ "${REPLY^^}" = Y ]; then > ldbdel -H ldapi:///var/lib/samba/private/ldap_priv/ldapi "CN=BCKUPKEY_PREFERRED Secret,CN=System,$ldap_base" > elif [ "${REPLY^^}" != N ]; then > echo "Invalid answer." > fi >else > echo "Everything ok." >fi >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5990">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 35287
:
5986
|
5989
|
5990
|
7084
|
7088