for x in range(1, 30):
virtual_attributes["virtualWDigest%02d" % x] = {}
+# Add Kerberos virtual attributes
+virtual_attributes["virtualKerberosSalt"] = {}
+
virtual_attributes_help = "The attributes to display (comma separated). "
virtual_attributes_help += "Possible supported virtual attributes: %s" % ", ".join(sorted(virtual_attributes.keys()))
if len(disabled_virtual_attributes) != 0:
# first matching scheme
return (None, scheme_match)
+ def get_kerberos_ctr():
+ primary_krb5 = get_package("Primary:Kerberos-Newer-Keys")
+ if primary_krb5 is None:
+ primary_krb5 = get_package("Primary:Kerberos")
+ if primary_krb5 is None:
+ return (0, None)
+ krb5_blob = ndr_unpack(drsblobs.package_PrimaryKerberosBlob,
+ primary_krb5)
+ return (krb5_blob.version, krb5_blob.ctr)
+
# We use sort here in order to have a predictable processing order
for a in sorted(virtual_attributes.keys()):
if not a.lower() in lower_attrs:
v = get_package("Primary:SambaGPG", min_idx=-1)
if v is None:
continue
+ elif a == "virtualKerberosSalt":
+ (krb5_v, krb5_ctr) = get_kerberos_ctr()
+ if krb5_v not in [3, 4]:
+ continue
+ v = krb5_ctr.salt.string
elif a.startswith("virtualWDigest"):
primary_wdigest = get_package("Primary:WDigest")
if primary_wdigest is None:
https://msdn.microsoft.com/en-us/library/cc245680.aspx
is incorrect
+ virtualKerberosSalt: This results the salt string that is used to compute
+ Kerberos keys from a UTF-8 cleartext password.
+
virtualSambaGPG: The raw cleartext as stored in the
'Primary:SambaGPG' buffer inside of the
supplementalCredentials attribute.
https://msdn.microsoft.com/en-us/library/cc245680.aspx
is incorrect.
+ virtualKerberosSalt: This results the salt string that is used to compute
+ Kerberos keys from a UTF-8 cleartext password.
+
virtualSambaGPG: The raw cleartext as stored in the
'Primary:SambaGPG' buffer inside of the
supplementalCredentials attribute.