summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-03-16 21:27:58 +1100
committerAndrew Bartlett <abartlet@samba.org>2009-04-14 16:23:35 +1000
commitf28f113d8e76824b080359c90efd9c92de533740 (patch)
tree063c8cf44e1a26adce9128f3e24ee55274292090 /source3/include
parentfd3be5c4e5e185115eec59752a22f7f354f860ca (diff)
downloadsamba-f28f113d8e76824b080359c90efd9c92de533740.tar.gz
samba-f28f113d8e76824b080359c90efd9c92de533740.tar.bz2
samba-f28f113d8e76824b080359c90efd9c92de533740.zip
Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/proto.h142
-rw-r--r--source3/include/rpc_dce.h45
2 files changed, 17 insertions, 170 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b8ba8c03ad..64b1d7c43c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1782,6 +1782,23 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
const char *sitename,
struct sockaddr_storage *pss);
+
+/* The following definitions come from libsmb/credentials.c */
+
+char *credstr(const unsigned char *cred);
+void creds_server_init(uint32 neg_flags,
+ struct dcinfo *dc,
+ struct netr_Credential *clnt_chal,
+ struct netr_Credential *srv_chal,
+ const unsigned char mach_pw[16],
+ struct netr_Credential *init_chal_out);
+bool netlogon_creds_server_check(const struct dcinfo *dc,
+ const struct netr_Credential *rcv_cli_chal_in);
+bool netlogon_creds_server_step(struct dcinfo *dc,
+ const struct netr_Authenticator *received_cred,
+ struct netr_Authenticator *cred_out);
+void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw);
+
/* The following definitions come from libads/kerberos_keytab.c */
int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
@@ -2933,31 +2950,6 @@ void delete_negative_conn_cache(const char *domain, const char *server);
void flush_negative_conn_cache( void );
void flush_negative_conn_cache_for_domain(const char *domain);
-/* The following definitions come from libsmb/credentials.c */
-
-char *credstr(const unsigned char *cred);
-void creds_server_init(uint32 neg_flags,
- struct dcinfo *dc,
- struct netr_Credential *clnt_chal,
- struct netr_Credential *srv_chal,
- const unsigned char mach_pw[16],
- struct netr_Credential *init_chal_out);
-bool netlogon_creds_server_check(const struct dcinfo *dc,
- const struct netr_Credential *rcv_cli_chal_in);
-bool netlogon_creds_server_step(struct dcinfo *dc,
- const struct netr_Authenticator *received_cred,
- struct netr_Authenticator *cred_out);
-void creds_client_init(uint32 neg_flags,
- struct dcinfo *dc,
- struct netr_Credential *clnt_chal,
- struct netr_Credential *srv_chal,
- const unsigned char mach_pw[16],
- struct netr_Credential *init_chal_out);
-bool netlogon_creds_client_check(const struct dcinfo *dc,
- const struct netr_Credential *rcv_srv_chal_in);
-void netlogon_creds_client_step(struct dcinfo *dc,
- struct netr_Authenticator *next_cred_out);
-
/* The following definitions come from ../librpc/rpc/dcerpc_error.c */
const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code);
@@ -3109,21 +3101,6 @@ const char *get_nt_error_c_code(NTSTATUS nt_code);
NTSTATUS nt_status_string_to_code(const char *nt_status_str);
NTSTATUS nt_status_squash(NTSTATUS nt_status);
-/* The following definitions come from libsmb/ntlm_check.c */
-
-NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
- const DATA_BLOB *challenge,
- const DATA_BLOB *lm_response,
- const DATA_BLOB *nt_response,
- const DATA_BLOB *lm_interactive_pwd,
- const DATA_BLOB *nt_interactive_pwd,
- const char *username,
- const char *client_username,
- const char *client_domain,
- const uint8 *lm_pw, const uint8 *nt_pw,
- DATA_BLOB *user_sess_key,
- DATA_BLOB *lm_sess_key);
-
/* The following definitions come from libsmb/ntlmssp.c */
void debug_ntlmssp_flags(uint32 neg_flags);
@@ -3145,13 +3122,6 @@ DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx)
NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state);
NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state);
-/* The following definitions come from libsmb/ntlmssp_parse.c */
-
-bool msrpc_gen(DATA_BLOB *blob,
- const char *format, ...);
-bool msrpc_parse(const DATA_BLOB *blob,
- const char *format, ...);
-
/* The following definitions come from libsmb/ntlmssp_sign.c */
NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
@@ -3235,84 +3205,6 @@ void srv_set_signing(struct smbd_server_connection *conn,
const DATA_BLOB user_session_key,
const DATA_BLOB response);
-/* The following definitions come from libsmb/smbdes.c */
-
-void des_crypt56(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw);
-void E_P16(const unsigned char *p14,unsigned char *p16);
-void E_P24(const unsigned char *p21, const unsigned char *c8, unsigned char *p24);
-void D_P16(const unsigned char *p14, const unsigned char *in, unsigned char *out);
-void E_old_pw_hash( unsigned char *p14, const unsigned char *in, unsigned char *out);
-void des_crypt128(unsigned char out[8], const unsigned char in[8], const unsigned char key[16]);
-void des_crypt64(unsigned char out[8], const unsigned char in[8], const unsigned char key[8]);
-void des_crypt112(unsigned char out[8], const unsigned char in[8], const unsigned char key[14], int forw);
-void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw);
-void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned char key[14], int forw);
-void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len);
-void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key);
-void sam_pwd_hash(unsigned int rid, const uchar *in, uchar *out, int forw);
-
-/* The following definitions come from libsmb/smbencrypt.c */
-
-void SMBencrypt_hash(const uchar lm_hash[16], const uchar *c8, uchar p24[24]);
-bool SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24]);
-void E_md4hash(const char *passwd, uchar p16[16]);
-void E_md5hash(const uchar salt[16], const uchar nthash[16], uchar hash_out[16]);
-bool E_deshash(const char *passwd, uchar p16[16]);
-void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16]);
-bool ntv2_owf_gen(const uchar owf[16],
- const char *user_in, const char *domain_in,
- bool upper_case_domain, /* Transform the domain into UPPER case */
- uchar kr_buf[16]);
-void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24]);
-void NTLMSSPOWFencrypt(const uchar passwd[8], const uchar *ntlmchalresp, uchar p24[24]);
-void SMBNTencrypt_hash(const uchar nt_hash[16], uchar *c8, uchar *p24);
-void SMBNTencrypt(const char *passwd, uchar *c8, uchar *p24);
-void SMBOWFencrypt_ntv2(const uchar kr[16],
- const DATA_BLOB *srv_chal,
- const DATA_BLOB *cli_chal,
- uchar resp_buf[16]);
-void SMBsesskeygen_ntv2(const uchar kr[16],
- const uchar * nt_resp, uint8 sess_key[16]);
-void SMBsesskeygen_ntv1(const uchar kr[16],
- const uchar * nt_resp, uint8 sess_key[16]);
-void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
- const uchar lm_resp[24], /* only uses 8 */
- uint8 sess_key[16]);
-DATA_BLOB NTLMv2_generate_names_blob(const char *hostname,
- const char *domain);
-bool SMBNTLMv2encrypt_hash(const char *user, const char *domain, const uchar nt_hash[16],
- const DATA_BLOB *server_chal,
- const DATA_BLOB *names_blob,
- DATA_BLOB *lm_response, DATA_BLOB *nt_response,
- DATA_BLOB *user_session_key) ;
-bool SMBNTLMv2encrypt(const char *user, const char *domain, const char *password,
- const DATA_BLOB *server_chal,
- const DATA_BLOB *names_blob,
- DATA_BLOB *lm_response, DATA_BLOB *nt_response,
- DATA_BLOB *user_session_key) ;
-bool encode_pw_buffer(uint8 buffer[516], const char *password, int string_flags);
-bool decode_pw_buffer(TALLOC_CTX *ctx,
- uint8 in_buffer[516],
- char **pp_new_pwrd,
- uint32 *new_pw_len,
- int string_flags);
-void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key);
-void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, int forward);
-char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in);
-void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
- const char *pwd,
- DATA_BLOB *session_key,
- struct wkssvc_PasswordBuffer **pwd_buf);
-WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
- struct wkssvc_PasswordBuffer *pwd_buf,
- DATA_BLOB *session_key,
- char **pwd);
-DATA_BLOB decrypt_drsuapi_blob(TALLOC_CTX *mem_ctx,
- const DATA_BLOB *session_key,
- bool rcrypt,
- uint32_t rid,
- const DATA_BLOB *buffer);
-
/* The following definitions come from libsmb/smberr.c */
const char *smb_dos_err_name(uint8 e_class, uint16 num);
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index ca58040757..8780169c75 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -88,51 +88,6 @@ enum RPC_PKT_TYPE {
#define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 0x20
#define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 0x18
-/* The 7 here seems to be required to get Win2k not to downgrade us
- to NT4. Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
-/*
- (NETLOGON_NEG_ACCOUNT_LOCKOUT |
- NETLOGON_NEG_PERSISTENT_SAMREPL |
- NETLOGON_NEG_ARCFOUR |
- NETLOGON_NEG_PROMOTION_COUNT |
- NETLOGON_NEG_CHANGELOG_BDC |
- NETLOGON_NEG_FULL_SYNC_REPL |
- NETLOGON_NEG_MULTIPLE_SIDS |
- NETLOGON_NEG_REDO |
- NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
- NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
- NETLOGON_NEG_PASSWORD_SET2 |
- NETLOGON_NEG_GETDOMAININFO)
-*/
-#define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT 0x2010b000
-
-/* these are the flags that ADS clients use */
-#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
-/*
- (NETLOGON_NEG_ACCOUNT_LOCKOUT |
- NETLOGON_NEG_PERSISTENT_SAMREPL |
- NETLOGON_NEG_ARCFOUR |
- NETLOGON_NEG_PROMOTION_COUNT |
- NETLOGON_NEG_CHANGELOG_BDC |
- NETLOGON_NEG_FULL_SYNC_REPL |
- NETLOGON_NEG_MULTIPLE_SIDS |
- NETLOGON_NEG_REDO |
- NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
- NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
- NETLOGON_NEG_GENERIC_PASSTHROUGH |
- NETLOGON_NEG_CONCURRENT_RPC |
- NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
- NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
- NETLOGON_NEG_128BIT |
- NETLOGON_NEG_TRANSITIVE_TRUSTS |
- NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
- NETLOGON_NEG_PASSWORD_SET2 |
- NETLOGON_NEG_GETDOMAININFO |
- NETLOGON_NEG_CROSS_FOREST_TRUSTS |
- NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
- NETLOGON_NEG_SCHANNEL)
-*/
enum schannel_direction {
SENDER_IS_INITIATOR,