Remove the "pwd" struct from rpc_pipe_client

The only user of this was decrypt_trustdom_secret, and this only needs the NT
hash anyway.
(This used to be commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351)

5 files changed, 49 insertions, 20 deletions

diff --git a/source3/include/client.h b/source3/include/client.h
index 5cfc9a6f92..9cbfa51bb1 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -73,7 +73,6 @@ struct rpc_pipe_client {
 
 	char *domain;
 	char *user_name;
-	struct pwd_info pwd;
 
 	uint16 max_xmit_frag;
 	uint16 max_recv_frag;
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index e7198b801d..11f8780a47 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -630,27 +630,23 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi
 }
 
 /* Decrypts password-blob with session-key
- * @param pass		password for session-key
+ * @param nt_hash	NT hash for the session key
  * @param data_in 	DATA_BLOB encrypted password
  *
  * Returns cleartext password in CH_UNIX 
  * Caller must free the returned string
  */
 
-char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
+char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in)
 {
 	DATA_BLOB data_out, sess_key;
-	uchar nt_hash[16];
 	uint32_t length;
 	uint32_t version;
 	fstring cleartextpwd;
 
-	if (!data_in || !pass)
+	if (!data_in || !nt_hash)
 		return NULL;
 
-	/* generate md4 password-hash derived from the NT UNICODE password */
-	E_md4hash(pass, nt_hash);
-
 	/* hashed twice with md4 */
 	mdfour(nt_hash, nt_hash, 16);
 
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index d4ce45446b..828307cace 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2139,6 +2139,18 @@ bool rpccli_is_pipe_idx(struct rpc_pipe_client *cli, int pipe_idx)
 	return (cli->abstract_syntax == pipe_names[pipe_idx].abstr_syntax);
 }
 
+bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16])
+{
+	if (!((cli->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP)
+	      || (cli->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
+		E_md4hash(cli->cli->pwd.password, nt_hash);
+		return true;
+	}
+
+	memcpy(nt_hash, cli->auth.a_u.ntlmssp_state->nt_hash, 16);
+	return true;
+}
+
 struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p)
 {
 	return p->cli;
@@ -2337,8 +2349,6 @@ static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_sta
 		goto err;
 	}
 
-	pwd_set_cleartext(&result->pwd, password);
-
 	*perr = ntlmssp_client_start(&ntlmssp_state);
 	if (!NT_STATUS_IS_OK(*perr)) {
 		goto err;
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 88e49546b1..0419c87c98 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -948,7 +948,8 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 	return result;
 }
 
-static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password)
+static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
+				     uint8_t nt_hash[16])
 {
 	char *pwd, *pwd_old;
 	
@@ -958,8 +959,8 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, cons
 	memcpy(data.data, p->password->data, p->password->length);
 	memcpy(data_old.data, p->old_password->data, p->old_password->length);
 	
-	pwd 	= decrypt_trustdom_secret(password, &data);
-	pwd_old = decrypt_trustdom_secret(password, &data_old);
+	pwd 	= decrypt_trustdom_secret(nt_hash, &data);
+	pwd_old = decrypt_trustdom_secret(nt_hash, &data_old);
 	
 	d_printf("Password:\t%s\n", pwd);
 	d_printf("Old Password:\t%s\n", pwd_old);
@@ -974,11 +975,11 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, cons
 static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
 				   union lsa_TrustedDomainInfo *info,
 				   enum lsa_TrustDomInfoEnum info_class,
-				   const char *pass)
+				   uint8_t nt_hash[16])
 {
 	switch (info_class) {
 		case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
-			display_trust_dom_info_4(&info->password, pass);
+			display_trust_dom_info_4(&info->password, nt_hash);
 			break;
 		default: {
 			const char *str = NULL;
@@ -1003,6 +1004,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
 	uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	union lsa_TrustedDomainInfo *info = NULL;
 	enum lsa_TrustDomInfoEnum info_class = 1;
+	uint8_t nt_hash[16];
 
 	if (argc > 3 || argc < 2) {
 		printf("Usage: %s [sid] [info_class]\n", argv[0]);
@@ -1028,7 +1030,12 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
+	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
+		d_fprintf(stderr, "Could not get pwd hash\n");
+		goto done;
+	}
+
+	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
 
  done:
 	rpccli_lsa_Close(cli, mem_ctx, &pol);
@@ -1046,6 +1053,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 	union lsa_TrustedDomainInfo *info = NULL;
 	enum lsa_TrustDomInfoEnum info_class = 1;
 	struct lsa_String trusted_domain;
+	uint8_t nt_hash[16];
 
 	if (argc > 3 || argc < 2) {
 		printf("Usage: %s [name] [info_class]\n", argv[0]);
@@ -1070,7 +1078,12 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
+	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
+		d_fprintf(stderr, "Could not get pwd hash\n");
+		goto done;
+	}
+
+	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
 
  done:
 	rpccli_lsa_Close(cli, mem_ctx, &pol);
@@ -1088,6 +1101,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
 	union lsa_TrustedDomainInfo *info = NULL;
 	DOM_SID dom_sid;
 	enum lsa_TrustDomInfoEnum info_class = 1;
+	uint8_t nt_hash[16];
 
 	if (argc > 3 || argc < 2) {
 		printf("Usage: %s [sid] [info_class]\n", argv[0]);
@@ -1123,7 +1137,12 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
+	if (!rpccli_get_pwd_hash(cli, nt_hash)) {
+		d_fprintf(stderr, "Could not get pwd hash\n");
+		goto done;
+	}
+
+	display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
 
  done:
 	rpccli_lsa_Close(cli, mem_ctx, &pol);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 5845c14314..24965755fb 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -5929,6 +5929,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
 	NTSTATUS nt_status;
 	union lsa_TrustedDomainInfo *info = NULL;
 	char *cleartextpwd = NULL;
+	uint8_t nt_hash[16];
 	DATA_BLOB data;
 
 	nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
@@ -5945,8 +5946,12 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
 	data = data_blob(info->password.password->data,
 			 info->password.password->length);
 
-	cleartextpwd = decrypt_trustdom_secret(
-		rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data);
+	if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
+		DEBUG(0, ("Could not retrieve password hash\n"));
+		goto done;
+	}
+
+	cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
 
 	if (cleartextpwd == NULL) {
 		DEBUG(0,("retrieved NULL password\n"));