source/libnet/libnet_samsync.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Extract the user/system database from a remote SamSync server
   5
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
   7    Copyright (C) Guenther Deschner <gd@samba.org> 2008
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23
  24 #include "includes.h"
  25
  26 /**
  27  * Decrypt and extract the user's passwords.
  28  *
  29  * The writes decrypted (no longer 'RID encrypted' or arcfour encrypted)
  30  * passwords back into the structure
  31  */
  32
  33 static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
  34                          DATA_BLOB *session_key,
  35                          bool rid_crypt,
  36                          enum netr_SamDatabaseID database_id,
  37                          struct netr_DELTA_ENUM *delta)
  38 {
  39
  40         uint32_t rid = delta->delta_id_union.rid;
  41         struct netr_DELTA_USER *user = delta->delta_union.user;
  42         struct samr_Password lm_hash;
  43         struct samr_Password nt_hash;
  44         const char *username = user->account_name.string;
  45
  46         if (rid_crypt) {
  47                 if (user->lm_password_present) {
  48                         sam_pwd_hash(rid, user->lmpassword.hash, lm_hash.hash, 0);
  49                         user->lmpassword = lm_hash;
  50                 }
  51
  52                 if (user->nt_password_present) {
  53                         sam_pwd_hash(rid, user->ntpassword.hash, nt_hash.hash, 0);
  54                         user->ntpassword = nt_hash;
  55                 }
  56         }
  57
  58         if (user->user_private_info.SensitiveData) {
  59                 DATA_BLOB data;
  60                 struct netr_USER_KEYS keys;
  61                 enum ndr_err_code ndr_err;
  62                 data.data = user->user_private_info.SensitiveData;
  63                 data.length = user->user_private_info.DataLength;
  64                 SamOEMhashBlob(data.data, data.length, session_key);
  65                 user->user_private_info.SensitiveData = data.data;
  66                 user->user_private_info.DataLength = data.length;
  67
  68                 ndr_err = ndr_pull_struct_blob(&data, mem_ctx, &keys,
  69                         (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS);
  70                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
  71                         dump_data(10, data.data, data.length);
  72                         return ndr_map_error2ntstatus(ndr_err);
  73                 }
  74
  75                 if (keys.keys.keys2.lmpassword.length == 16) {
  76                         if (rid_crypt) {
  77                                 sam_pwd_hash(rid,
  78                                              keys.keys.keys2.lmpassword.pwd.hash,
  79                                              lm_hash.hash, 0);
  80                                 user->lmpassword = lm_hash;
  81                         } else {
  82                                 user->lmpassword = keys.keys.keys2.lmpassword.pwd;
  83                         }
  84                         user->lm_password_present = true;
  85                 }
  86                 if (keys.keys.keys2.ntpassword.length == 16) {
  87                         if (rid_crypt) {
  88                                 sam_pwd_hash(rid,
  89                                              keys.keys.keys2.ntpassword.pwd.hash,
  90                                              nt_hash.hash, 0);
  91                                 user->ntpassword = nt_hash;
  92                         } else {
  93                                 user->ntpassword = keys.keys.keys2.ntpassword.pwd;
  94                         }
  95                         user->nt_password_present = true;
  96                 }
  97                 /* TODO: rid decrypt history fields */
  98         }
  99         return NT_STATUS_OK;
 100 }
 101
 102 /**
 103  * Decrypt and extract the secrets
 104  *
 105  * The writes decrypted secrets back into the structure
 106  */
 107 static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx,
 108                            DATA_BLOB *session_key,
 109                            enum netr_SamDatabaseID database_id,
 110                            struct netr_DELTA_ENUM *delta)
 111 {
 112         struct netr_DELTA_SECRET *secret = delta->delta_union.secret;
 113
 114         SamOEMhashBlob(secret->current_cipher.cipher_data,
 115                        secret->current_cipher.maxlen,
 116                        session_key);
 117
 118         SamOEMhashBlob(secret->old_cipher.cipher_data,
 119                        secret->old_cipher.maxlen,
 120                        session_key);
 121
 122         return NT_STATUS_OK;
 123 }
 124
 125 /**
 126  * Fix up the delta, dealing with encryption issues so that the final
 127  * callback need only do the printing or application logic
 128  */
 129
 130 static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx,
 131                                   DATA_BLOB *session_key,
 132                                   bool rid_crypt,
 133                                   enum netr_SamDatabaseID database_id,
 134                                   struct netr_DELTA_ENUM *delta)
 135 {
 136         NTSTATUS status = NT_STATUS_OK;
 137
 138         switch (delta->delta_type) {
 139                 case NETR_DELTA_USER:
 140
 141                         status = fix_user(mem_ctx,
 142                                           session_key,
 143                                           rid_crypt,
 144                                           database_id,
 145                                           delta);
 146                         break;
 147                 case NETR_DELTA_SECRET:
 148
 149                         status = fix_secret(mem_ctx,
 150                                             session_key,
 151                                             database_id,
 152                                             delta);
 153                         break;
 154                 default:
 155                         break;
 156         }
 157
 158         return status;
 159 }
 160
 161 /**
 162  * Fix up the delta, dealing with encryption issues so that the final
 163  * callback need only do the printing or application logic
 164  */
 165
 166 NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
 167                                  DATA_BLOB *session_key,
 168                                  bool rid_crypt,
 169                                  enum netr_SamDatabaseID database_id,
 170                                  struct netr_DELTA_ENUM_ARRAY *r)
 171 {
 172         NTSTATUS status;
 173         int i;
 174
 175         for (i = 0; i < r->num_deltas; i++) {
 176
 177                 status = samsync_fix_delta(mem_ctx,
 178                                            session_key,
 179                                            rid_crypt,
 180                                            database_id,
 181                                            &r->delta_enum[i]);
 182                 if (!NT_STATUS_IS_OK(status)) {
 183                         return status;
 184                 }
 185         }
 186
 187         return NT_STATUS_OK;
 188 }