Lines 334-349
static int password_hash_bypass(struct l
|
Link Here
|
---|
|
334 |
"Primary:Packages missing"); |
336 |
"Primary:Packages missing"); |
335 |
} |
337 |
} |
336 |
|
338 |
|
337 |
if (scpk == NULL) { |
|
|
338 |
/* |
339 |
* If Primary:Kerberos is missing w2k8r2 reboots |
340 |
* when a password is changed. |
341 |
*/ |
342 |
return ldb_error(ldb, |
343 |
LDB_ERR_CONSTRAINT_VIOLATION, |
344 |
"Primary:Kerberos missing"); |
345 |
} |
346 |
|
347 |
if (scpp) { |
339 |
if (scpp) { |
348 |
struct package_PackagesBlob *p; |
340 |
struct package_PackagesBlob *p; |
349 |
uint32_t n; |
341 |
uint32_t n; |
Lines 407-440
static int password_hash_bypass(struct l
|
Link Here
|
---|
|
407 |
"PrimaryKerberos strlen(salt) == 0"); |
399 |
"PrimaryKerberos strlen(salt) == 0"); |
408 |
} |
400 |
} |
409 |
|
401 |
|
410 |
if (k->ctr.ctr3.num_keys != 2) { |
|
|
411 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
412 |
"PrimaryKerberos num_keys != 2"); |
413 |
} |
414 |
|
415 |
if (k->ctr.ctr3.num_old_keys > k->ctr.ctr3.num_keys) { |
402 |
if (k->ctr.ctr3.num_old_keys > k->ctr.ctr3.num_keys) { |
416 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
403 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
417 |
"PrimaryKerberos num_old_keys > num_keys"); |
404 |
"PrimaryKerberos num_old_keys > num_keys"); |
418 |
} |
405 |
} |
419 |
|
406 |
|
420 |
if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5) { |
|
|
421 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
422 |
"PrimaryKerberos key[0] != DES_CBC_MD5"); |
423 |
} |
424 |
if (k->ctr.ctr3.keys[1].keytype != ENCTYPE_DES_CBC_CRC) { |
425 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
426 |
"PrimaryKerberos key[1] != DES_CBC_CRC"); |
427 |
} |
428 |
|
429 |
if (k->ctr.ctr3.keys[0].value_len != 8) { |
430 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
431 |
"PrimaryKerberos key[0] value_len != 8"); |
432 |
} |
433 |
if (k->ctr.ctr3.keys[1].value_len != 8) { |
434 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
435 |
"PrimaryKerberos key[1] value_len != 8"); |
436 |
} |
437 |
|
438 |
for (i = 0; i < k->ctr.ctr3.num_old_keys; i++) { |
407 |
for (i = 0; i < k->ctr.ctr3.num_old_keys; i++) { |
439 |
if (k->ctr.ctr3.old_keys[i].keytype == |
408 |
if (k->ctr.ctr3.old_keys[i].keytype == |
440 |
k->ctr.ctr3.keys[i].keytype && |
409 |
k->ctr.ctr3.keys[i].keytype && |
Lines 442-447
static int password_hash_bypass(struct l
|
Link Here
|
---|
|
442 |
k->ctr.ctr3.keys[i].value_len) { |
411 |
k->ctr.ctr3.keys[i].value_len) { |
443 |
continue; |
412 |
continue; |
444 |
} |
413 |
} |
|
|
414 |
if (k->ctr.ctr3.old_keys[i].keytype == DUMMY_NTHASH_KEYTYPE || |
415 |
k->ctr.ctr3.keys[i].keytype == DUMMY_NTHASH_KEYTYPE) { |
416 |
continue; |
417 |
} |
445 |
|
418 |
|
446 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
419 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
447 |
"PrimaryKerberos old_keys type/value_len doesn't match"); |
420 |
"PrimaryKerberos old_keys type/value_len doesn't match"); |
Lines 480-490
static int password_hash_bypass(struct l
|
Link Here
|
---|
|
480 |
"KerberosNewerKeys strlen(salt) == 0"); |
453 |
"KerberosNewerKeys strlen(salt) == 0"); |
481 |
} |
454 |
} |
482 |
|
455 |
|
483 |
if (k->ctr.ctr4.num_keys != 4) { |
|
|
484 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
485 |
"KerberosNewerKeys num_keys != 2"); |
486 |
} |
487 |
|
488 |
if (k->ctr.ctr4.num_old_keys > k->ctr.ctr4.num_keys) { |
456 |
if (k->ctr.ctr4.num_old_keys > k->ctr.ctr4.num_keys) { |
489 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
457 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
490 |
"KerberosNewerKeys num_old_keys > num_keys"); |
458 |
"KerberosNewerKeys num_old_keys > num_keys"); |
Lines 495-517
static int password_hash_bypass(struct l
|
Link Here
|
---|
|
495 |
"KerberosNewerKeys num_older_keys > num_old_keys"); |
463 |
"KerberosNewerKeys num_older_keys > num_old_keys"); |
496 |
} |
464 |
} |
497 |
|
465 |
|
498 |
if (k->ctr.ctr4.keys[0].keytype != ENCTYPE_AES256_CTS_HMAC_SHA1_96) { |
|
|
499 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
500 |
"KerberosNewerKeys key[0] != AES256"); |
501 |
} |
502 |
if (k->ctr.ctr4.keys[1].keytype != ENCTYPE_AES128_CTS_HMAC_SHA1_96) { |
503 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
504 |
"KerberosNewerKeys key[1] != AES128"); |
505 |
} |
506 |
if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5) { |
507 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
508 |
"KerberosNewerKeys key[2] != DES_CBC_MD5"); |
509 |
} |
510 |
if (k->ctr.ctr4.keys[3].keytype != ENCTYPE_DES_CBC_CRC) { |
511 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
512 |
"KerberosNewerKeys key[3] != DES_CBC_CRC"); |
513 |
} |
514 |
|
515 |
if (k->ctr.ctr4.keys[0].value_len != 32) { |
466 |
if (k->ctr.ctr4.keys[0].value_len != 32) { |
516 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
467 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
517 |
"KerberosNewerKeys key[0] value_len != 32"); |
468 |
"KerberosNewerKeys key[0] value_len != 32"); |
Lines 524-530
static int password_hash_bypass(struct l
|
Link Here
|
---|
|
524 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
475 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
525 |
"KerberosNewerKeys key[2] value_len != 8"); |
476 |
"KerberosNewerKeys key[2] value_len != 8"); |
526 |
} |
477 |
} |
527 |
if (k->ctr.ctr4.keys[3].value_len != 8) { |
478 |
if (k->ctr.ctr4.keys[3].value_len != 8 && |
|
|
479 |
k->ctr.ctr4.keys[3].keytype == ENCTYPE_DES_CBC_CRC) { |
528 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
480 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
529 |
"KerberosNewerKeys key[3] value_len != 8"); |
481 |
"KerberosNewerKeys key[3] value_len != 8"); |
530 |
} |
482 |
} |