r995: - renamed many of our crypto routines to use the industry standard

  names rather than our crazy naming scheme. So DES is now called
  des_crypt() rather than smbhash()

- added the code from the solution of the ADS crypto challenge that
  allows Samba to correctly handle a 128 bit session key in all of the
  netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
  from PADL for solving this one!

- restructured the server side rpc authentication to allow for other
  than NTLMSSP sign and seal. This commit just adds the structure, the
  next commit will add schannel server side support.

- added 128 bit session key support to our client side code, and
  testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)

2 files changed, 17 insertions, 13 deletions

diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 58c071dcdb..bfa63c2af7 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -147,7 +147,7 @@ again:
 		return False;
 	}
 
-	SamOEMhashBlob(u.info24.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
 
 	status = dcerpc_samr_SetUserInfo(join.p, mem_ctx, &s);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -274,7 +274,8 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	a.in.credentials = &credentials3;
 	a.out.credentials = &credentials3;
 
-	creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+	creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3, 
+			  NETLOGON_NEG_AUTH2_FLAGS);
 
 	printf("Testing ServerAuthenticate\n");
 
@@ -335,7 +336,8 @@ static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	a.in.credentials = &credentials3;
 	a.out.credentials = &credentials3;
 
-	creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+	creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3, 
+			  negotiate_flags);
 
 	printf("Testing ServerAuthenticate2\n");
 
@@ -374,6 +376,7 @@ static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	r.in.computer_name = TEST_MACHINE_NAME;
 	r.in.credentials = &credentials1;
 	r.out.credentials = &credentials2;
+
 	generate_random_buffer(credentials1.data, sizeof(credentials1.data), False);
 
 	status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r);
@@ -400,7 +403,8 @@ static BOOL test_SetupCredentials3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	a.out.negotiate_flags = &negotiate_flags;
 	a.out.rid = &rid;
 
-	creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3);
+	creds_client_init(creds, &credentials1, &credentials2, mach_pwd, &credentials3,
+			  negotiate_flags);
 
 	printf("Testing ServerAuthenticate3\n");
 
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 3a243abfce..dab1b3bed5 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -364,7 +364,7 @@ static BOOL test_SetUserPass(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		return False;
 	}
 
-	SamOEMhashBlob(u.info24.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info24.password.data, 516, &session_key);
 
 	printf("Testing SetUserInfo level 24 (set password)\n");
 
@@ -408,7 +408,7 @@ static BOOL test_SetUserPass_23(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 		return False;
 	}
 
-	SamOEMhashBlob(u.info23.password.data, 516, &session_key);
+	arcfour_crypt_blob(u.info23.password.data, 516, &session_key);
 
 	printf("Testing SetUserInfo level 23 (set password)\n");
 
@@ -459,7 +459,7 @@ static BOOL test_SetUserPassEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	MD5Update(&ctx, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	SamOEMhashBlob(u.info26.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key);
 	memcpy(&u.info26.password.data[516], confounder, 16);
 
 	printf("Testing SetUserInfo level 26 (set password ex)\n");
@@ -513,7 +513,7 @@ static BOOL test_SetUserPass_25(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	MD5Update(&ctx, session_key.data, session_key.length);
 	MD5Final(confounded_session_key.data, &ctx);
 
-	SamOEMhashBlob(u.info25.password.data, 516, &confounded_session_key);
+	arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key);
 	memcpy(&u.info25.password.data[516], confounder, 16);
 
 	printf("Testing SetUserInfo level 25 (set password ex)\n");
@@ -810,7 +810,7 @@ static BOOL test_OemChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_c
 	E_deshash(newpass, new_lm_hash);
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII);
-	SamOEMhash(lm_pass.data, old_lm_hash, 516);
+	arcfour_crypt(lm_pass.data, old_lm_hash, 516);
 	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
 
 	r.in.server = &server;
@@ -856,11 +856,11 @@ static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	E_deshash(newpass, new_lm_hash);
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
-	SamOEMhash(lm_pass.data, old_lm_hash, 516);
+	arcfour_crypt(lm_pass.data, old_lm_hash, 516);
 	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
 
 	encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
-	SamOEMhash(nt_pass.data, old_nt_hash, 516);
+	arcfour_crypt(nt_pass.data, old_nt_hash, 516);
 	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
 
 	r.in.server = &server;
@@ -909,11 +909,11 @@ static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 	E_deshash(newpass, new_lm_hash);
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
-	SamOEMhash(lm_pass.data, old_nt_hash, 516);
+	arcfour_crypt(lm_pass.data, old_nt_hash, 516);
 	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
 
 	encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
-	SamOEMhash(nt_pass.data, old_nt_hash, 516);
+	arcfour_crypt(nt_pass.data, old_nt_hash, 516);
 	E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash);
 
 	r.in.server = &server;