}
/* Decrypts password-blob with session-key
- * @param nt_hash NT hash for the session key
+ * @param pass password for session-key
* @param data_in DATA_BLOB encrypted password
*
* Returns cleartext password in CH_UNIX
* Caller must free the returned string
*/
-char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in)
+char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
{
DATA_BLOB data_out, sess_key;
+ uchar nt_hash[16];
uint32_t length;
uint32_t version;
fstring cleartextpwd;
- if (!data_in || !nt_hash)
+ if (!data_in || !pass)
return NULL;
+ /* generate md4 password-hash derived from the NT UNICODE password */
+ E_md4hash(pass, nt_hash);
+
/* hashed twice with md4 */
mdfour(nt_hash, nt_hash, 16);
return result;
}
-static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
- uint8_t nt_hash[16])
+static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password)
{
char *pwd, *pwd_old;
memcpy(data.data, p->password->data, p->password->length);
memcpy(data_old.data, p->old_password->data, p->old_password->length);
- pwd = decrypt_trustdom_secret(nt_hash, &data);
- pwd_old = decrypt_trustdom_secret(nt_hash, &data_old);
+ pwd = decrypt_trustdom_secret(password, &data);
+ pwd_old = decrypt_trustdom_secret(password, &data_old);
d_printf("Password:\t%s\n", pwd);
d_printf("Old Password:\t%s\n", pwd_old);
static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
union lsa_TrustedDomainInfo *info,
enum lsa_TrustDomInfoEnum info_class,
- uint8_t nt_hash[16])
+ const char *pass)
{
switch (info_class) {
case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
- display_trust_dom_info_4(&info->password, nt_hash);
+ display_trust_dom_info_4(&info->password, pass);
break;
default: {
const char *str = NULL;
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
- uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
if (!NT_STATUS_IS_OK(result))
goto done;
- if (!rpccli_get_pwd_hash(cli, nt_hash)) {
- d_fprintf(stderr, "Could not get pwd hash\n");
- goto done;
- }
-
- display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
+ display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
struct lsa_String trusted_domain;
- uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [name] [info_class]\n", argv[0]);
if (!NT_STATUS_IS_OK(result))
goto done;
- if (!rpccli_get_pwd_hash(cli, nt_hash)) {
- d_fprintf(stderr, "Could not get pwd hash\n");
- goto done;
- }
-
- display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
+ display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);
union lsa_TrustedDomainInfo *info = NULL;
DOM_SID dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
- uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
if (!NT_STATUS_IS_OK(result))
goto done;
- if (!rpccli_get_pwd_hash(cli, nt_hash)) {
- d_fprintf(stderr, "Could not get pwd hash\n");
- goto done;
- }
-
- display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
+ display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);
NTSTATUS nt_status;
union lsa_TrustedDomainInfo *info = NULL;
char *cleartextpwd = NULL;
- uint8_t nt_hash[16];
DATA_BLOB data;
nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
data = data_blob(info->password.password->data,
info->password.password->length);
- if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
- DEBUG(0, ("Could not retrieve password hash\n"));
- goto done;
- }
-
- cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
+ cleartextpwd = decrypt_trustdom_secret(
+ rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data);
if (cleartextpwd == NULL) {
DEBUG(0,("retrieved NULL password\n"));