From: Stefan Metzmacher Date: Thu, 3 Feb 2022 13:48:03 +0000 (+0100) Subject: s3:libnet: let parse_user() in libnet_dssync_keytab.c work without nt hash X-Git-Tag: tdb-1.4.11~644 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52df4063871bb6b18e84e559a94fd05ebf33b012;p=thirdparty%2Fsamba.git s3:libnet: let parse_user() in libnet_dssync_keytab.c work without nt hash It happens in setups with 'nt hash store = never'. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 41893b4f7fd..e954e0edada 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -278,6 +278,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, spn = talloc_array(mem_ctx, char *, num_spns); for (count = 0; count < num_spns; count++) { blob = attr->value_ctr.values[count].blob; + if (blob == NULL) { + continue; + } pull_string_talloc(spn, NULL, 0, &spn[count], blob->data, blob->length, @@ -285,6 +288,18 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } } + if (attr->attid == DRSUAPI_ATTID_unicodePwd && + cur->meta_data_ctr != NULL && + cur->meta_data_ctr->count == + cur->object.attribute_ctr.num_attributes) + { + /* + * pick the kvno from the unicodePwd + * meta data, even without a unicodePwd blob + */ + kvno = cur->meta_data_ctr->meta_data[i].version; + } + if (attr->value_ctr.num_values != 1) { continue; } @@ -304,18 +319,6 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, memcpy(&nt_passwd, blob->data, 16); got_pwd = true; - - /* pick the kvno from the meta_data version, - * thanks, metze, for explaining this */ - - if (!cur->meta_data_ctr) { - break; - } - if (cur->meta_data_ctr->count != - cur->object.attribute_ctr.num_attributes) { - break; - } - kvno = cur->meta_data_ctr->meta_data[i].version; break; case DRSUAPI_ATTID_ntPwdHistory: pwd_history_len = blob->length / 16; @@ -353,11 +356,6 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } } - if (!got_pwd) { - DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); - return NT_STATUS_OK; - } - if (name) { status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, "SAMACCOUNTNAME", @@ -422,12 +420,14 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } DEBUGADD(1,("\n")); - status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, - ENCTYPE_ARCFOUR_HMAC, - data_blob_talloc(mem_ctx, nt_passwd, 16)); + if (got_pwd) { + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, + ENCTYPE_ARCFOUR_HMAC, + data_blob_talloc(mem_ctx, nt_passwd, 16)); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (!NT_STATUS_IS_OK(status)) { + return status; + } } /* add kerberos keys (if any) */