Rework Samba3 to use new libcli/auth code (partial)

This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2009-03-16 21:27:58 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2009-04-14 16:23:35 +1000
commit: f28f113d8e76824b080359c90efd9c92de533740 (patch)
tree: 063c8cf44e1a26adce9128f3e24ee55274292090 /source3/include
parent: fd3be5c4e5e185115eec59752a22f7f354f860ca (diff)
download: samba-f28f113d8e76824b080359c90efd9c92de533740.tar.gz
samba-f28f113d8e76824b080359c90efd9c92de533740.tar.bz2
samba-f28f113d8e76824b080359c90efd9c92de533740.zip
2 files changed, 17 insertions, 170 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b8ba8c03ad..64b1d7c43c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1782,6 +1782,23 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 						const char *sitename,
 						struct sockaddr_storage *pss);
 
+
+/* The following definitions come from libsmb/credentials.c  */
+
+char *credstr(const unsigned char *cred);
+void creds_server_init(uint32 neg_flags,
+			struct dcinfo *dc,
+			struct netr_Credential *clnt_chal,
+			struct netr_Credential *srv_chal,
+			const unsigned char mach_pw[16],
+			struct netr_Credential *init_chal_out);
+bool netlogon_creds_server_check(const struct dcinfo *dc,
+				 const struct netr_Credential *rcv_cli_chal_in);
+bool netlogon_creds_server_step(struct dcinfo *dc,
+				const struct netr_Authenticator *received_cred,
+				struct netr_Authenticator *cred_out);
+void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw);
+
 /* The following definitions come from libads/kerberos_keytab.c  */
 
 int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
@@ -2933,31 +2950,6 @@ void delete_negative_conn_cache(const char *domain, const char *server);
 void flush_negative_conn_cache( void );
 void flush_negative_conn_cache_for_domain(const char *domain);
 
-/* The following definitions come from libsmb/credentials.c  */
-
-char *credstr(const unsigned char *cred);
-void creds_server_init(uint32 neg_flags,
-			struct dcinfo *dc,
-			struct netr_Credential *clnt_chal,
-			struct netr_Credential *srv_chal,
-			const unsigned char mach_pw[16],
-			struct netr_Credential *init_chal_out);
-bool netlogon_creds_server_check(const struct dcinfo *dc,
-				 const struct netr_Credential *rcv_cli_chal_in);
-bool netlogon_creds_server_step(struct dcinfo *dc,
-				const struct netr_Authenticator *received_cred,
-				struct netr_Authenticator *cred_out);
-void creds_client_init(uint32 neg_flags,
-			struct dcinfo *dc,
-			struct netr_Credential *clnt_chal,
-			struct netr_Credential *srv_chal,
-			const unsigned char mach_pw[16],
-			struct netr_Credential *init_chal_out);
-bool netlogon_creds_client_check(const struct dcinfo *dc,
-				 const struct netr_Credential *rcv_srv_chal_in);
-void netlogon_creds_client_step(struct dcinfo *dc,
-				struct netr_Authenticator *next_cred_out);
-
 /* The following definitions come from ../librpc/rpc/dcerpc_error.c  */
 
 const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code);
@@ -3109,21 +3101,6 @@ const char *get_nt_error_c_code(NTSTATUS nt_code);
 NTSTATUS nt_status_string_to_code(const char *nt_status_str);
 NTSTATUS nt_status_squash(NTSTATUS nt_status);
 
-/* The following definitions come from libsmb/ntlm_check.c  */
-
-NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
-			     const DATA_BLOB *challenge,
-			     const DATA_BLOB *lm_response,
-			     const DATA_BLOB *nt_response,
-			     const DATA_BLOB *lm_interactive_pwd,
-			     const DATA_BLOB *nt_interactive_pwd,
-			     const char *username, 
-			     const char *client_username, 
-			     const char *client_domain,
-			     const uint8 *lm_pw, const uint8 *nt_pw, 
-			     DATA_BLOB *user_sess_key, 
-			     DATA_BLOB *lm_sess_key);
-
 /* The following definitions come from libsmb/ntlmssp.c  */
 
 void debug_ntlmssp_flags(uint32 neg_flags);
@@ -3145,13 +3122,6 @@ DATA_BLOB ntlmssp_weaken_keys(NTLMSSP_STATE *ntlmssp_state, TALLOC_CTX *mem_ctx)
 NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state);
 NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state);
 
-/* The following definitions come from libsmb/ntlmssp_parse.c  */
-
-bool msrpc_gen(DATA_BLOB *blob,
-	       const char *format, ...);
-bool msrpc_parse(const DATA_BLOB *blob,
-		 const char *format, ...);
-
 /* The following definitions come from libsmb/ntlmssp_sign.c  */
 
 NTSTATUS ntlmssp_sign_packet(NTLMSSP_STATE *ntlmssp_state,
@@ -3235,84 +3205,6 @@ void srv_set_signing(struct smbd_server_connection *conn,
 		     const DATA_BLOB user_session_key,
 		     const DATA_BLOB response);
 
-/* The following definitions come from libsmb/smbdes.c  */
-
-void des_crypt56(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw);
-void E_P16(const unsigned char *p14,unsigned char *p16);
-void E_P24(const unsigned char *p21, const unsigned char *c8, unsigned char *p24);
-void D_P16(const unsigned char *p14, const unsigned char *in, unsigned char *out);
-void E_old_pw_hash( unsigned char *p14, const unsigned char *in, unsigned char *out);
-void des_crypt128(unsigned char out[8], const unsigned char in[8], const unsigned char key[16]);
-void des_crypt64(unsigned char out[8], const unsigned char in[8], const unsigned char key[8]);
-void des_crypt112(unsigned char out[8], const unsigned char in[8], const unsigned char key[14], int forw);
-void cred_hash3(unsigned char *out, const unsigned char *in, const unsigned char *key, int forw);
-void des_crypt112_16(unsigned char out[16], unsigned char in[16], const unsigned char key[14], int forw);
-void SamOEMhash( unsigned char *data, const unsigned char key[16], size_t len);
-void SamOEMhashBlob( unsigned char *data, size_t len, DATA_BLOB *key);
-void sam_pwd_hash(unsigned int rid, const uchar *in, uchar *out, int forw);
-
-/* The following definitions come from libsmb/smbencrypt.c  */
-
-void SMBencrypt_hash(const uchar lm_hash[16], const uchar *c8, uchar p24[24]);
-bool SMBencrypt(const char *passwd, const uchar *c8, uchar p24[24]);
-void E_md4hash(const char *passwd, uchar p16[16]);
-void E_md5hash(const uchar salt[16], const uchar nthash[16], uchar hash_out[16]);
-bool E_deshash(const char *passwd, uchar p16[16]);
-void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16]);
-bool ntv2_owf_gen(const uchar owf[16],
-		  const char *user_in, const char *domain_in,
-		  bool upper_case_domain, /* Transform the domain into UPPER case */
-		  uchar kr_buf[16]);
-void SMBOWFencrypt(const uchar passwd[16], const uchar *c8, uchar p24[24]);
-void NTLMSSPOWFencrypt(const uchar passwd[8], const uchar *ntlmchalresp, uchar p24[24]);
-void SMBNTencrypt_hash(const uchar nt_hash[16], uchar *c8, uchar *p24);
-void SMBNTencrypt(const char *passwd, uchar *c8, uchar *p24);
-void SMBOWFencrypt_ntv2(const uchar kr[16],
-			const DATA_BLOB *srv_chal,
-			const DATA_BLOB *cli_chal,
-			uchar resp_buf[16]);
-void SMBsesskeygen_ntv2(const uchar kr[16],
-			const uchar * nt_resp, uint8 sess_key[16]);
-void SMBsesskeygen_ntv1(const uchar kr[16],
-			const uchar * nt_resp, uint8 sess_key[16]);
-void SMBsesskeygen_lm_sess_key(const uchar lm_hash[16],
-			const uchar lm_resp[24], /* only uses 8 */ 
-			uint8 sess_key[16]);
-DATA_BLOB NTLMv2_generate_names_blob(const char *hostname, 
-				     const char *domain);
-bool SMBNTLMv2encrypt_hash(const char *user, const char *domain, const uchar nt_hash[16], 
-		      const DATA_BLOB *server_chal, 
-		      const DATA_BLOB *names_blob,
-		      DATA_BLOB *lm_response, DATA_BLOB *nt_response, 
-		      DATA_BLOB *user_session_key) ;
-bool SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, 
-		      const DATA_BLOB *server_chal, 
-		      const DATA_BLOB *names_blob,
-		      DATA_BLOB *lm_response, DATA_BLOB *nt_response, 
-		      DATA_BLOB *user_session_key) ;
-bool encode_pw_buffer(uint8 buffer[516], const char *password, int string_flags);
-bool decode_pw_buffer(TALLOC_CTX *ctx,
-			uint8 in_buffer[516],
-			char **pp_new_pwrd,
-			uint32 *new_pw_len,
-			int string_flags);
-void encode_or_decode_arc4_passwd_buffer(unsigned char pw_buf[532], const DATA_BLOB *psession_key);
-void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *session_key, int forward);
-char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in);
-void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-					const char *pwd,
-					DATA_BLOB *session_key,
-					struct wkssvc_PasswordBuffer **pwd_buf);
-WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-					  struct wkssvc_PasswordBuffer *pwd_buf,
-					  DATA_BLOB *session_key,
-					  char **pwd);
-DATA_BLOB decrypt_drsuapi_blob(TALLOC_CTX *mem_ctx,
-			       const DATA_BLOB *session_key,
-			       bool rcrypt,
-			       uint32_t rid,
-			       const DATA_BLOB *buffer);
-
 /* The following definitions come from libsmb/smberr.c  */
 
 const char *smb_dos_err_name(uint8 e_class, uint16 num);
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index ca58040757..8780169c75 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -88,51 +88,6 @@ enum RPC_PKT_TYPE {
 #define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 	0x20
 #define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 	0x18
 
-/* The 7 here seems to be required to get Win2k not to downgrade us
-   to NT4.  Actually, anything other than 1ff would seem to do... */
-#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
-/*
-	(NETLOGON_NEG_ACCOUNT_LOCKOUT |
-	 NETLOGON_NEG_PERSISTENT_SAMREPL |
-	 NETLOGON_NEG_ARCFOUR |
-	 NETLOGON_NEG_PROMOTION_COUNT |
-	 NETLOGON_NEG_CHANGELOG_BDC |
-	 NETLOGON_NEG_FULL_SYNC_REPL |
-	 NETLOGON_NEG_MULTIPLE_SIDS |
-	 NETLOGON_NEG_REDO |
-	 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
-	 NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
-	 NETLOGON_NEG_PASSWORD_SET2 |
-	 NETLOGON_NEG_GETDOMAININFO)
-*/
-#define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT	0x2010b000
-
-/* these are the flags that ADS clients use */
-#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600fffff
-/*
-	(NETLOGON_NEG_ACCOUNT_LOCKOUT |
-	 NETLOGON_NEG_PERSISTENT_SAMREPL |
-	 NETLOGON_NEG_ARCFOUR |
-	 NETLOGON_NEG_PROMOTION_COUNT |
-	 NETLOGON_NEG_CHANGELOG_BDC |
-	 NETLOGON_NEG_FULL_SYNC_REPL |
-	 NETLOGON_NEG_MULTIPLE_SIDS |
-	 NETLOGON_NEG_REDO |
-	 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
-	 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
-	 NETLOGON_NEG_GENERIC_PASSTHROUGH |
-	 NETLOGON_NEG_CONCURRENT_RPC |
-	 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
-	 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
-	 NETLOGON_NEG_128BIT |
-	 NETLOGON_NEG_TRANSITIVE_TRUSTS |
-	 NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
-	 NETLOGON_NEG_PASSWORD_SET2 |
-	 NETLOGON_NEG_GETDOMAININFO |
-	 NETLOGON_NEG_CROSS_FOREST_TRUSTS |
-	 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
-	 NETLOGON_NEG_SCHANNEL)
-*/
 
 enum schannel_direction {
 	SENDER_IS_INITIATOR,
author	Andrew Bartlett <abartlet@samba.org>	2009-03-16 21:27:58 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2009-04-14 16:23:35 +1000
commit	f28f113d8e76824b080359c90efd9c92de533740 (patch)
tree	063c8cf44e1a26adce9128f3e24ee55274292090 /source3/include
parent	fd3be5c4e5e185115eec59752a22f7f354f860ca (diff)
download	samba-f28f113d8e76824b080359c90efd9c92de533740.tar.gz samba-f28f113d8e76824b080359c90efd9c92de533740.tar.bz2 samba-f28f113d8e76824b080359c90efd9c92de533740.zip