Rework Samba3 to use new libcli/auth code (partial)

This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett

4 files changed, 16 insertions, 10 deletions

diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 21881ba6a9..2651a8d034 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "utils/net.h"
+#include "../libcli/auth/libcli_auth.h"
 
 static int net_mode_share;
 static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@@ -5738,7 +5739,8 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
 	NTSTATUS nt_status;
 	union lsa_TrustedDomainInfo *info = NULL;
 	char *cleartextpwd = NULL;
-	uint8_t nt_hash[16];
+	uint8_t session_key[16];
+	DATA_BLOB session_key_blob;
 	DATA_BLOB data;
 
 	nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
@@ -5755,12 +5757,13 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
 	data = data_blob(info->password.password->data,
 			 info->password.password->length);
 
-	if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
+	if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) {
 		DEBUG(0, ("Could not retrieve password hash\n"));
 		goto done;
 	}
 
-	cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
+	session_key_blob = data_blob_const(session_key, sizeof(session_key));
+	cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob);
 
 	if (cleartextpwd == NULL) {
 		DEBUG(0,("retrieved NULL password\n"));
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 7f3515ce75..58d6cdc5af 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -20,6 +20,7 @@
 
 #include "includes.h"
 #include "utils/net.h"
+#include "../libcli/auth/libcli_auth.h"
 
 /* Macro for checking RPC error codes to make things more readable */
 
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index e8bd9fbd2b..838aaf5216 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -25,6 +25,7 @@
 
 #include "includes.h"
 #include "utils/ntlm_auth.h"
+#include "../libcli/auth/libcli_auth.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -1977,7 +1978,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
 				encode_pw_buffer(new_lm_pswd.data, newpswd,
 						 STR_UNICODE);
 
-				SamOEMhash(new_lm_pswd.data, old_nt_hash, 516);
+				arcfour_crypt(new_lm_pswd.data, old_nt_hash, 516);
 				E_old_pw_hash(new_nt_hash, old_lm_hash,
 					      old_lm_hash_enc.data);
 			} else {
@@ -1990,7 +1991,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
 			encode_pw_buffer(new_nt_pswd.data, newpswd,
 					 STR_UNICODE);
 	
-			SamOEMhash(new_nt_pswd.data, old_nt_hash, 516);
+			arcfour_crypt(new_nt_pswd.data, old_nt_hash, 516);
 			E_old_pw_hash(new_nt_hash, old_nt_hash,
 				      old_nt_hash_enc.data);
 		}
diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c
index cea4b084f7..0178823801 100644
--- a/source3/utils/ntlm_auth_diagnostics.c
+++ b/source3/utils/ntlm_auth_diagnostics.c
@@ -23,6 +23,7 @@
 
 #include "includes.h"
 #include "utils/ntlm_auth.h"
+#include "../libcli/auth/libcli_auth.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -72,7 +73,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
 	SMBNTencrypt(opt_password,chall.data,nt_response.data);
 
 	E_md4hash(opt_password, nt_hash);
-	SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+	SMBsesskeygen_ntv1(nt_hash, session_key.data);
 
 	switch (break_which) {
 	case BREAK_NONE:
@@ -257,7 +258,7 @@ static bool test_ntlm_in_both(void)
 
 	SMBNTencrypt(opt_password,chall.data,nt_response.data);
 	E_md4hash(opt_password, nt_hash);
-	SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+	SMBsesskeygen_ntv1(nt_hash, session_key.data);
 
 	E_deshash(opt_password, lm_hash); 
 
@@ -316,7 +317,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
 	DATA_BLOB ntlmv2_response = data_blob_null;
 	DATA_BLOB lmv2_response = data_blob_null;
 	DATA_BLOB ntlmv2_session_key = data_blob_null;
-	DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain());
+	DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain());
 
 	uchar user_session_key[16];
 	DATA_BLOB chall = get_challenge();
@@ -326,9 +327,9 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
 	
 	flags |= WBFLAG_PAM_USER_SESSION_KEY;
 
-	if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall,
+	if (!SMBNTLMv2encrypt(NULL, opt_username, opt_domain, opt_password, &chall,
 			      &names_blob,
-			      &lmv2_response, &ntlmv2_response, 
+			      &lmv2_response, &ntlmv2_response, NULL,
 			      &ntlmv2_session_key)) {
 		data_blob_free(&names_blob);
 		return False;