summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-05-09 12:42:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:51:51 -0500
commitdce84ffd379012812170f68f7de8aab73123f0b3 (patch)
treec5f6973838572fd06c07d6771f5286bc2073b569 /source4/librpc
parent55fa62be31c9027d84be0e4caad3ee59d78ca1b0 (diff)
downloadsamba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.gz
samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.bz2
samba-dce84ffd379012812170f68f7de8aab73123f0b3.zip
r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the SetupCredentials2 negotiation flags, which is what Samba3 does, because otherwise the server uses different crypto. - This tests the returned session keys, which we decrypt. - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in most places. - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is available. - Remove a useless argument to SMBsesskeygen_ntv1 - move netr_CredentialState from the .idl to the new credentials.h Andrew Bartlett (This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/idl/netlogon.idl8
-rw-r--r--source4/librpc/rpc/dcerpc.h2
-rw-r--r--source4/librpc/rpc/dcerpc_ntlm.c8
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c4
-rw-r--r--source4/librpc/rpc/dcerpc_util.c26
5 files changed, 17 insertions, 31 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 399bd6c543..24961aa362 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -68,14 +68,6 @@ interface netlogon
uint8 data[8];
} netr_Credential;
- typedef [flag(NDR_PAHEX)] struct {
- uint8 session_key[8];
- uint32 sequence;
- netr_Credential seed;
- netr_Credential client;
- netr_Credential server;
- } netr_CredentialState;
-
typedef struct {
[value(strlen_m(r->string)*2)] uint16 size;
[value(r->size)] uint16 length;
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index c79d14bec0..5c7f01c658 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -35,7 +35,7 @@ struct dcerpc_security {
uchar *data, size_t length, DATA_BLOB *sig);
NTSTATUS (*sign_packet)(struct dcerpc_security *,
const uchar *data, size_t length, DATA_BLOB *sig);
- NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]);
+ NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key);
void (*security_end)(struct dcerpc_security *);
};
diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index 194b1aa865..fa4232c94a 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -57,13 +57,13 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
}
static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security,
- uint8 session_key[16])
+ DATA_BLOB *session_key)
{
struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
- if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) {
- return NT_STATUS_UNSUCCESSFUL;
+ if (!ntlmssp_state->session_key.data) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
}
- memcpy(session_key, ntlmssp_state->session_key.data, 16);
+ *session_key = ntlmssp_state->session_key;
return NT_STATUS_OK;
}
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 504c8dfd6f..a88d3c1b3e 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -57,7 +57,7 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security,
}
static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security,
- uint8 session_key[16])
+ DATA_BLOB *session_key)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -84,7 +84,7 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
struct netr_ServerReqChallenge r;
struct netr_ServerAuthenticate2 a;
uint8 mach_pwd[16];
- struct netr_CredentialState creds;
+ struct creds_CredentialState creds;
const char *workgroup, *workstation;
uint32 negotiate_flags = 0;
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 0e045e0033..dce325d7e1 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -673,27 +673,21 @@ NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2,
only works for the ncacn_np transport
*/
NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
- uint8 session_key[16])
+ DATA_BLOB *session_key)
{
struct cli_tree *tree;
- memset(session_key, 0, 16);
-
+ if (p->security_state) {
+ return p->security_state->session_key(p->security_state, session_key);
+ }
+
tree = dcerpc_smb_tree(p);
if (tree) {
- memcpy(session_key,
- tree->session->transport->negotiate.user_session_key,
- 16);
- }
-
- if (p->security_state) {
- NTSTATUS status;
-
- status = p->security_state->session_key(p->security_state, session_key);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (tree->session->user_session_key.data) {
+ *session_key = tree->session->user_session_key;
+ return NT_STATUS_OK;
}
}
-
- return NT_STATUS_OK;
+
+ return NT_STATUS_NO_USER_SESSION_KEY;
}