Port Samba4 to the new combined libcli/auth functions

For example, some of the new shared functionality was previously in the wkssvc
torture test.

Andrew Bartlett

6 files changed, 11 insertions, 49 deletions

diff --git a/libcli/auth/config.mk b/libcli/auth/config.mk
index 0d440c0f66..5428f04433 100644
--- a/libcli/auth/config.mk
+++ b/libcli/auth/config.mk
@@ -1,3 +1,8 @@
+[SUBSYSTEM::ntlm_check]
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
+
+ntlm_check_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, ntlm_check.o)
+
 [SUBSYSTEM::MSRPC_PARSE]
 
 MSRPC_PARSE_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, msrpc_parse.o)
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index bcb40acda1..f5a73feadc 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -538,7 +538,7 @@ bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flag
 	/* the incoming buffer can be any alignment. */
 	string_flags |= STR_NOALIGN;
 
-	new_pw_len = push_string(new_pw, new_pw,
+	new_pw_len = push_string(new_pw,
 				 password, 
 				 sizeof(new_pw), string_flags);
 	
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 96a13d5ed9..2b9b92812c 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -25,7 +25,7 @@
 #include "lib/ldb/include/ldb.h"
 #include "../lib/util/util_ldb.h"
 #include "auth/auth.h"
-#include "auth/ntlm/ntlm_check.h"
+#include "../libcli/auth/ntlm_check.h"
 #include "auth/ntlm/auth_proto.h"
 #include "auth/auth_sam.h"
 #include "dsdb/samdb/samdb.h"
diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk
index 668c528ea9..a9ae18e7c2 100644
--- a/source4/auth/ntlm/config.mk
+++ b/source4/auth/ntlm/config.mk
@@ -1,10 +1,5 @@
 # NTLM auth server subsystem
 
-[SUBSYSTEM::ntlm_check]
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL
-
-ntlm_check_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, ntlm_check.o)
-
 #######################
 # Start MODULE auth_sam
 [MODULE::auth_sam_module]
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
index 3c34229dff..06b1d05ee4 100644
--- a/source4/torture/rpc/wkssvc.c
+++ b/source4/torture/rpc/wkssvc.c
@@ -1148,43 +1148,6 @@ static bool test_NetrJoinDomain(struct torture_context *tctx,
 	return true;
 }
 
-/* encode a wkssvc_PasswordBuffer for remote joining/unjoining:
- *
- * similar to samr_CryptPasswordEx. Different: 8byte confounder (instead of
- * 16byte), confounder in front of the 516 byte buffer (instead of after that
- * buffer), calling MD5Update() first with session_key and then with confounder
- * (vice versa in samr) - Guenther */
-
-static void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-					       const char *pwd,
-					       DATA_BLOB *session_key,
-					       struct wkssvc_PasswordBuffer *pwd_buf)
-{
-	uint8_t buffer[516];
-	struct MD5Context ctx;
-
-	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
-
-	int confounder_len = 8;
-	uint8_t confounder[8];
-
-	encode_pw_buffer(buffer, pwd, STR_UNICODE);
-
-	generate_random_buffer((uint8_t *)confounder, confounder_len);
-
-	MD5Init(&ctx);
-	MD5Update(&ctx, session_key->data, session_key->length);
-	MD5Update(&ctx, confounder, confounder_len);
-	MD5Final(confounded_session_key.data, &ctx);
-
-	arcfour_crypt_blob(buffer, 516, &confounded_session_key);
-
-	memcpy(&pwd_buf->data[0], confounder, confounder_len);
-	memcpy(&pwd_buf->data[8], buffer, 516);
-
-	data_blob_free(&confounded_session_key);
-}
-
 /*
  * prerequisites for remotely joining an unjoined XP SP2 workstation:
  * - firewall needs to be disabled (or open for ncacn_np access)
@@ -1202,7 +1165,7 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx,
 	const char *domain_admin_account = NULL;
 	const char *domain_admin_password = NULL;
 	const char *domain_name = NULL;
-	struct wkssvc_PasswordBuffer pwd_buf;
+	struct wkssvc_PasswordBuffer *pwd_buf;
 	enum wkssvc_NetJoinStatus join_status;
 	const char *join_name = NULL;
 	WERROR expected_err;
@@ -1253,7 +1216,7 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx,
 	r.in.domain_name = domain_name;
 	r.in.account_ou = NULL;
 	r.in.admin_account = domain_admin_account;
-	r.in.encrypted_password = &pwd_buf;
+	r.in.encrypted_password = pwd_buf;
 	r.in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
 			  WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE;
 
@@ -1286,7 +1249,7 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
 	struct wkssvc_NetrUnjoinDomain2 r;
 	const char *domain_admin_account = NULL;
 	const char *domain_admin_password = NULL;
-	struct wkssvc_PasswordBuffer pwd_buf;
+	struct wkssvc_PasswordBuffer *pwd_buf;
 	enum wkssvc_NetJoinStatus join_status;
 	const char *join_name = NULL;
 	WERROR expected_err;
@@ -1332,7 +1295,7 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx,
 
 	r.in.server_name = dcerpc_server_name(p);
 	r.in.account = domain_admin_account;
-	r.in.encrypted_password = &pwd_buf;
+	r.in.encrypted_password = pwd_buf;
 	r.in.unjoin_flags = 0;
 
 	torture_comment(tctx, "testing NetrUnjoinDomain2 (assuming non-DC)\n");
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 2c6f353252..1c9eabe09a 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -30,7 +30,6 @@
 #include "auth/auth.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "auth/auth_sam.h"
-#include "auth/ntlm/ntlm_check.h"
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/security/security.h"
 #include "lib/events/events.h"