diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-11-11 23:24:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:43 -0500 |
commit | fd5135a63b4c81688c4e2d729380ca954f22286d (patch) | |
tree | 7179bf31f404359a702f94ed5db03a1a4732617c /source4/libcli | |
parent | 32e368502d80517dd7b00c1c3bc8b042887d9db0 (diff) | |
download | samba-fd5135a63b4c81688c4e2d729380ca954f22286d.tar.gz samba-fd5135a63b4c81688c4e2d729380ca954f22286d.tar.bz2 samba-fd5135a63b4c81688c4e2d729380ca954f22286d.zip |
r3686: The results of some work on the NETLOGON pipe:
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/auth/credentials.h | 6 | ||||
-rw-r--r-- | source4/libcli/auth/gensec.h | 1 | ||||
-rw-r--r-- | source4/libcli/util/smbdes.c | 2 | ||||
-rw-r--r-- | source4/libcli/util/smbencrypt.c | 25 |
4 files changed, 19 insertions, 15 deletions
diff --git a/source4/libcli/auth/credentials.h b/source4/libcli/auth/credentials.h index a6e119e1ad..30114fe7fa 100644 --- a/source4/libcli/auth/credentials.h +++ b/source4/libcli/auth/credentials.h @@ -36,12 +36,6 @@ struct creds_CredentialState { to NT4. Actually, anything other than 1ff would seem to do... */ #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff - -#define NETLOGON_NEG_ARCFOUR 0x00000004 -#define NETLOGON_NEG_128BIT 0x00004000 - -#define NETLOGON_NEG_SCHANNEL 0x40000000 - /* these are the flags that ADS clients use */ #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index b2c685332b..23d9861cb7 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -28,7 +28,6 @@ struct gensec_user { const char *realm; const char *name; const char *password; - char schan_session_key[16]; }; struct gensec_target { const char *principal; diff --git a/source4/libcli/util/smbdes.c b/source4/libcli/util/smbdes.c index a7c8f760ea..4e4222b9e6 100644 --- a/source4/libcli/util/smbdes.c +++ b/source4/libcli/util/smbdes.c @@ -439,7 +439,7 @@ void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len) /* Decode a sam password hash into a password. The password hash is the same method used to store passwords in the NT registry. The DES key used is based on the RID of the user. */ -void sam_pwd_hash(uint_t rid, const uint8_t *in, uint8_t *out, int forw) +void sam_rid_crypt(uint_t rid, const uint8_t *in, uint8_t *out, int forw) { uint8_t s[14]; diff --git a/source4/libcli/util/smbencrypt.c b/source4/libcli/util/smbencrypt.c index d327b53f9d..dac8674f03 100644 --- a/source4/libcli/util/smbencrypt.c +++ b/source4/libcli/util/smbencrypt.c @@ -374,15 +374,13 @@ static DATA_BLOB LMv2_generate_response(const uint8_t ntlm_v2_hash[16], return final_response; } -BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, - const DATA_BLOB *server_chal, - const DATA_BLOB *names_blob, - DATA_BLOB *lm_response, DATA_BLOB *nt_response, - DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) +BOOL SMBNTLMv2encrypt_hash(const char *user, const char *domain, const char nt_hash[16], + const DATA_BLOB *server_chal, + const DATA_BLOB *names_blob, + DATA_BLOB *lm_response, DATA_BLOB *nt_response, + DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) { - uint8_t nt_hash[16]; uint8_t ntlm_v2_hash[16]; - E_md4hash(password, nt_hash); /* We don't use the NT# directly. Instead we use it mashed up with the username and domain. @@ -420,6 +418,19 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password return True; } +BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password, + const DATA_BLOB *server_chal, + const DATA_BLOB *names_blob, + DATA_BLOB *lm_response, DATA_BLOB *nt_response, + DATA_BLOB *lm_session_key, DATA_BLOB *user_session_key) +{ + uint8_t nt_hash[16]; + E_md4hash(password, nt_hash); + + return SMBNTLMv2encrypt_hash(user, domain, nt_hash, server_chal, names_blob, + lm_response, nt_response, lm_session_key, user_session_key); +} + /*********************************************************** encode a password buffer with a unicode password. The buffer is filled with random data to make it harder to attack. |