Rework Samba3 to use new libcli/auth code (partial)

This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett

3 files changed, 44 insertions, 3 deletions

diff --git a/libcli/auth/credentials.h b/libcli/auth/credentials.h
index 4e11cb090f..a3dd363064 100644
--- a/libcli/auth/credentials.h
+++ b/libcli/auth/credentials.h
@@ -35,12 +35,51 @@ struct creds_CredentialState {
 	struct dom_sid *sid;
 };
 
-/* for the timebeing, use the same neg flags as Samba3. */
 /* The 7 here seems to be required to get Win2k not to downgrade us
    to NT4.  Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS     0x000701ff
+#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
+/*
+	(NETLOGON_NEG_ACCOUNT_LOCKOUT |
+	 NETLOGON_NEG_PERSISTENT_SAMREPL |
+	 NETLOGON_NEG_ARCFOUR |
+	 NETLOGON_NEG_PROMOTION_COUNT |
+	 NETLOGON_NEG_CHANGELOG_BDC |
+	 NETLOGON_NEG_FULL_SYNC_REPL |
+	 NETLOGON_NEG_MULTIPLE_SIDS |
+	 NETLOGON_NEG_REDO |
+	 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+	 NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+	 NETLOGON_NEG_PASSWORD_SET2 |
+	 NETLOGON_NEG_GETDOMAININFO)
+*/
+#define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT	0x2010b000
 
 /* these are the flags that ADS clients use */
+/*
+	(NETLOGON_NEG_ACCOUNT_LOCKOUT |
+	 NETLOGON_NEG_PERSISTENT_SAMREPL |
+	 NETLOGON_NEG_ARCFOUR |
+	 NETLOGON_NEG_PROMOTION_COUNT |
+	 NETLOGON_NEG_CHANGELOG_BDC |
+	 NETLOGON_NEG_FULL_SYNC_REPL |
+	 NETLOGON_NEG_MULTIPLE_SIDS |
+	 NETLOGON_NEG_REDO |
+	 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
+	 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
+	 NETLOGON_NEG_GENERIC_PASSTHROUGH |
+	 NETLOGON_NEG_CONCURRENT_RPC |
+	 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
+	 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
+	 NETLOGON_NEG_128BIT |
+	 NETLOGON_NEG_TRANSITIVE_TRUSTS |
+	 NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+	 NETLOGON_NEG_PASSWORD_SET2 |
+	 NETLOGON_NEG_GETDOMAININFO |
+	 NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+	 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
+	 NETLOGON_NEG_SCHANNEL)
+*/
+
 #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
 
 
diff --git a/libcli/auth/libcli_auth.h b/libcli/auth/libcli_auth.h
index ec1c1e7d98..f278ee539e 100644
--- a/libcli/auth/libcli_auth.h
+++ b/libcli/auth/libcli_auth.h
@@ -18,7 +18,10 @@
 #define __LIBCLI_AUTH_H__
 
 #include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/wkssvc.h"
 #include "libcli/auth/credentials.h"
+#include "libcli/auth/ntlm_check.h"
 #include "libcli/auth/proto.h"
+#include "libcli/auth/msrpc_parse.h"
 
 #endif /* __LIBCLI_AUTH_H__ */
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 0805b1b043..5ad03cfe12 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -23,7 +23,6 @@
 #include "../lib/crypto/crypto.h"
 #include "librpc/gen_ndr/netlogon.h"
 #include "libcli/auth/libcli_auth.h"
-#include "auth/ntlm/ntlm_check.h"
 
 /****************************************************************************
  Core of smb password checking routine.