|
Lines 419-427
static int password_hash_bypass(struct l
|
Link Here
|
|---|
|
|---|
| 419 |
"PrimaryKerberos num_old_keys > num_keys"); |
419 |
"PrimaryKerberos num_old_keys > num_keys"); |
| 420 |
} |
420 |
} |
| 421 |
|
421 |
|
| 422 |
if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5) { |
422 |
if (k->ctr.ctr3.keys[0].keytype != ENCTYPE_DES_CBC_MD5 && |
|
|
423 |
k->ctr.ctr3.keys[0].keytype != DUMMY_NTHASH_KEYTYPE) { |
| 423 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
424 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 424 |
"PrimaryKerberos key[0] != DES_CBC_MD5"); |
425 |
"PrimaryKerberos key[0] != DES_CBC_MD5 and != DUMMY_NTHASH_KEYTYPE"); |
| 425 |
} |
426 |
} |
| 426 |
// W2k8 and later DCs pass a dummy NThash to W2k3 DCs |
427 |
// W2k8 and later DCs pass a dummy NThash to W2k3 DCs |
| 427 |
// [MS-SAMR] Section 2.2.10.8 footnote <23> |
428 |
// [MS-SAMR] Section 2.2.10.8 footnote <23> |
|
Lines 430-436
static int password_hash_bypass(struct l
|
Link Here
|
|---|
|
|---|
| 430 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
431 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 431 |
"PrimaryKerberos key[1] != DES_CBC_CRC and != DUMMY_NTHASH_KEYTYPE"); |
432 |
"PrimaryKerberos key[1] != DES_CBC_CRC and != DUMMY_NTHASH_KEYTYPE"); |
| 432 |
} |
433 |
} |
| 433 |
if (k->ctr.ctr3.keys[0].value_len != 8) { |
434 |
if (k->ctr.ctr3.keys[0].value_len != 8 && |
|
|
435 |
k->ctr.ctr3.keys[0].keytype == ENCTYPE_DES_CBC_MD5) { |
| 434 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
436 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 435 |
"PrimaryKerberos key[0] value_len != 8"); |
437 |
"PrimaryKerberos key[0] value_len != 8"); |
| 436 |
} |
438 |
} |
|
Lines 512-520
static int password_hash_bypass(struct l
|
Link Here
|
|---|
|
|---|
| 512 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
514 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 513 |
"KerberosNewerKeys key[1] != AES128"); |
515 |
"KerberosNewerKeys key[1] != AES128"); |
| 514 |
} |
516 |
} |
| 515 |
if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5) { |
517 |
if (k->ctr.ctr4.keys[2].keytype != ENCTYPE_DES_CBC_MD5 && |
|
|
518 |
k->ctr.ctr4.keys[2].keytype != DUMMY_NTHASH_KEYTYPE) { |
| 516 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
519 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 517 |
"KerberosNewerKeys key[2] != DES_CBC_MD5"); |
520 |
"KerberosNewerKeys key[2] != DES_CBC_MD5 and != DUMMY_NTHASH_KEYTYPE"); |
| 518 |
} |
521 |
} |
| 519 |
// W2k8 and later DCs pass a dummy NThash to W2k3 DCs |
522 |
// W2k8 and later DCs pass a dummy NThash to W2k3 DCs |
| 520 |
// [MS-SAMR] Section 2.2.10.8 footnote <23> |
523 |
// [MS-SAMR] Section 2.2.10.8 footnote <23> |
|
Lines 532-538
static int password_hash_bypass(struct l
|
Link Here
|
|---|
|
|---|
| 532 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
535 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 533 |
"KerberosNewerKeys key[1] value_len != 16"); |
536 |
"KerberosNewerKeys key[1] value_len != 16"); |
| 534 |
} |
537 |
} |
| 535 |
if (k->ctr.ctr4.keys[2].value_len != 8) { |
538 |
if (k->ctr.ctr4.keys[2].value_len != 8 && |
|
|
539 |
k->ctr.ctr4.keys[2].keytype == ENCTYPE_DES_CBC_MD5) { |
| 536 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
540 |
return ldb_error(ldb, LDB_ERR_CONSTRAINT_VIOLATION, |
| 537 |
"KerberosNewerKeys key[2] value_len != 8"); |
541 |
"KerberosNewerKeys key[2] value_len != 8"); |
| 538 |
} |
542 |
} |