diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-05-09 12:42:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:51:51 -0500 |
commit | dce84ffd379012812170f68f7de8aab73123f0b3 (patch) | |
tree | c5f6973838572fd06c07d6771f5286bc2073b569 /source4/librpc | |
parent | 55fa62be31c9027d84be0e4caad3ee59d78ca1b0 (diff) | |
download | samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.gz samba-dce84ffd379012812170f68f7de8aab73123f0b3.tar.bz2 samba-dce84ffd379012812170f68f7de8aab73123f0b3.zip |
r610: - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 8 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 2 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_ntlm.c | 8 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 4 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 26 |
5 files changed, 17 insertions, 31 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 399bd6c543..24961aa362 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -68,14 +68,6 @@ interface netlogon uint8 data[8]; } netr_Credential; - typedef [flag(NDR_PAHEX)] struct { - uint8 session_key[8]; - uint32 sequence; - netr_Credential seed; - netr_Credential client; - netr_Credential server; - } netr_CredentialState; - typedef struct { [value(strlen_m(r->string)*2)] uint16 size; [value(r->size)] uint16 length; diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index c79d14bec0..5c7f01c658 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -35,7 +35,7 @@ struct dcerpc_security { uchar *data, size_t length, DATA_BLOB *sig); NTSTATUS (*sign_packet)(struct dcerpc_security *, const uchar *data, size_t length, DATA_BLOB *sig); - NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]); + NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key); void (*security_end)(struct dcerpc_security *); }; diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c index 194b1aa865..fa4232c94a 100644 --- a/source4/librpc/rpc/dcerpc_ntlm.c +++ b/source4/librpc/rpc/dcerpc_ntlm.c @@ -57,13 +57,13 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security, } static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, - uint8 session_key[16]) + DATA_BLOB *session_key) { struct ntlmssp_state *ntlmssp_state = dcerpc_security->private; - if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) { - return NT_STATUS_UNSUCCESSFUL; + if (!ntlmssp_state->session_key.data) { + return NT_STATUS_NO_USER_SESSION_KEY; } - memcpy(session_key, ntlmssp_state->session_key.data, 16); + *session_key = ntlmssp_state->session_key; return NT_STATUS_OK; } diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 504c8dfd6f..a88d3c1b3e 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -57,7 +57,7 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security, } static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security, - uint8 session_key[16]) + DATA_BLOB *session_key) { return NT_STATUS_NOT_IMPLEMENTED; } @@ -84,7 +84,7 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p, struct netr_ServerReqChallenge r; struct netr_ServerAuthenticate2 a; uint8 mach_pwd[16]; - struct netr_CredentialState creds; + struct creds_CredentialState creds; const char *workgroup, *workstation; uint32 negotiate_flags = 0; diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 0e045e0033..dce325d7e1 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -673,27 +673,21 @@ NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2, only works for the ncacn_np transport */ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, - uint8 session_key[16]) + DATA_BLOB *session_key) { struct cli_tree *tree; - memset(session_key, 0, 16); - + if (p->security_state) { + return p->security_state->session_key(p->security_state, session_key); + } + tree = dcerpc_smb_tree(p); if (tree) { - memcpy(session_key, - tree->session->transport->negotiate.user_session_key, - 16); - } - - if (p->security_state) { - NTSTATUS status; - - status = p->security_state->session_key(p->security_state, session_key); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (tree->session->user_session_key.data) { + *session_key = tree->session->user_session_key; + return NT_STATUS_OK; } } - - return NT_STATUS_OK; + + return NT_STATUS_NO_USER_SESSION_KEY; } |