summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2009-03-16 21:27:58 +1100
committerAndrew Bartlett <abartlet@samba.org>2009-04-14 16:23:35 +1000
commitf28f113d8e76824b080359c90efd9c92de533740 (patch)
tree063c8cf44e1a26adce9128f3e24ee55274292090 /source3/utils
parentfd3be5c4e5e185115eec59752a22f7f354f860ca (diff)
downloadsamba-f28f113d8e76824b080359c90efd9c92de533740.tar.gz
samba-f28f113d8e76824b080359c90efd9c92de533740.tar.bz2
samba-f28f113d8e76824b080359c90efd9c92de533740.zip
Rework Samba3 to use new libcli/auth code (partial)
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/net_rpc.c9
-rw-r--r--source3/utils/net_rpc_join.c1
-rw-r--r--source3/utils/ntlm_auth.c5
-rw-r--r--source3/utils/ntlm_auth_diagnostics.c11
4 files changed, 16 insertions, 10 deletions
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 21881ba6a9..2651a8d034 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "utils/net.h"
+#include "../libcli/auth/libcli_auth.h"
static int net_mode_share;
static bool sync_files(struct copy_clistate *cp_clistate, const char *mask);
@@ -5738,7 +5739,8 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
NTSTATUS nt_status;
union lsa_TrustedDomainInfo *info = NULL;
char *cleartextpwd = NULL;
- uint8_t nt_hash[16];
+ uint8_t session_key[16];
+ DATA_BLOB session_key_blob;
DATA_BLOB data;
nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
@@ -5755,12 +5757,13 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
data = data_blob(info->password.password->data,
info->password.password->length);
- if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
+ if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) {
DEBUG(0, ("Could not retrieve password hash\n"));
goto done;
}
- cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
+ session_key_blob = data_blob_const(session_key, sizeof(session_key));
+ cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob);
if (cleartextpwd == NULL) {
DEBUG(0,("retrieved NULL password\n"));
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 7f3515ce75..58d6cdc5af 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "utils/net.h"
+#include "../libcli/auth/libcli_auth.h"
/* Macro for checking RPC error codes to make things more readable */
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index e8bd9fbd2b..838aaf5216 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "utils/ntlm_auth.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -1977,7 +1978,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
encode_pw_buffer(new_lm_pswd.data, newpswd,
STR_UNICODE);
- SamOEMhash(new_lm_pswd.data, old_nt_hash, 516);
+ arcfour_crypt(new_lm_pswd.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lm_hash,
old_lm_hash_enc.data);
} else {
@@ -1990,7 +1991,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
encode_pw_buffer(new_nt_pswd.data, newpswd,
STR_UNICODE);
- SamOEMhash(new_nt_pswd.data, old_nt_hash, 516);
+ arcfour_crypt(new_nt_pswd.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash,
old_nt_hash_enc.data);
}
diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c
index cea4b084f7..0178823801 100644
--- a/source3/utils/ntlm_auth_diagnostics.c
+++ b/source3/utils/ntlm_auth_diagnostics.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "utils/ntlm_auth.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -72,7 +73,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which)
SMBNTencrypt(opt_password,chall.data,nt_response.data);
E_md4hash(opt_password, nt_hash);
- SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+ SMBsesskeygen_ntv1(nt_hash, session_key.data);
switch (break_which) {
case BREAK_NONE:
@@ -257,7 +258,7 @@ static bool test_ntlm_in_both(void)
SMBNTencrypt(opt_password,chall.data,nt_response.data);
E_md4hash(opt_password, nt_hash);
- SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
+ SMBsesskeygen_ntv1(nt_hash, session_key.data);
E_deshash(opt_password, lm_hash);
@@ -316,7 +317,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
DATA_BLOB ntlmv2_response = data_blob_null;
DATA_BLOB lmv2_response = data_blob_null;
DATA_BLOB ntlmv2_session_key = data_blob_null;
- DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain());
+ DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain());
uchar user_session_key[16];
DATA_BLOB chall = get_challenge();
@@ -326,9 +327,9 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
flags |= WBFLAG_PAM_USER_SESSION_KEY;
- if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall,
+ if (!SMBNTLMv2encrypt(NULL, opt_username, opt_domain, opt_password, &chall,
&names_blob,
- &lmv2_response, &ntlmv2_response,
+ &lmv2_response, &ntlmv2_response, NULL,
&ntlmv2_session_key)) {
data_blob_free(&names_blob);
return False;