summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/libsmb/smbdes.c4
-rw-r--r--source3/libsmb/smbencrypt.c9
-rw-r--r--source3/rpc_client/cli_lsarpc.c85
4 files changed, 25 insertions, 77 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 3a15e8d689..cb61009a64 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -852,7 +852,7 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24],
/*The following definitions come from libsmb/smbdes.c */
-void smbhash(unsigned char *out, const uchar *in, unsigned char *key, int forw);
+void smbhash(unsigned char *out, const uchar *in, const uchar *key, int forw);
void E_P16(unsigned char *p14,unsigned char *p16);
void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);
void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out);
@@ -894,7 +894,7 @@ void ntv2_owf_gen(const uchar owf[16],
uchar kr_buf[16]);
void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]);
BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode);
-BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, char nt_hash[16]);
+BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, const uchar *key);
void create_ntlmssp_resp(struct pwd_info *pwd,
char *domain, char *user_name, char *my_name,
uint32 ntlmssp_cli_flgs,
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index ba214a2eb0..e60b93d6a2 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -259,7 +259,7 @@ static void dohash(char *out, char *in, char *key, int forw)
permute(out, rl, perm6, 64);
}
-static void str_to_key(unsigned char *str,unsigned char *key)
+static void str_to_key(const uchar *str, uchar *key)
{
int i;
@@ -277,7 +277,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
}
-void smbhash(unsigned char *out, const uchar *in, unsigned char *key, int forw)
+void smbhash(unsigned char *out, const uchar *in, const uchar *key, int forw)
{
int i;
char outb[64];
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 3227caaa95..ace6cdc300 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -444,21 +444,18 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
return True;
}
-BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, char nt_hash[16])
+BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, const uchar *key)
{
uchar bufhdr[8];
int datalen;
- uchar key[16];
- uchar *keyptr = key;
- uchar *keyend = key + sizeof(key);
+ const uchar *keyptr = key;
+ const uchar *keyend = key + 16;
uchar *outbuf = (uchar *)out->buffer;
const uchar *inbuf = (const uchar *)in->buffer;
const uchar *inbufend;
- mdfour(key, nt_hash, 16);
-
smbhash(bufhdr, inbuf, keyptr, 0);
datalen = IVAL(bufhdr, 0);
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index a7c15307a1..7706d0cd83 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -332,7 +332,7 @@ BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd,
lsa_io_q_open_pol2("", &q_o, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY2, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_OPENPOLICY2, &buf, &rbuf))
{
LSA_R_OPEN_POL2 r_o;
BOOL p;
@@ -376,14 +376,6 @@ BOOL lsa_open_secret( const POLICY_HND *hnd,
LSA_Q_OPEN_SECRET q_o;
BOOL valid_pol = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
if (hnd == NULL) return False;
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
@@ -399,7 +391,7 @@ BOOL lsa_open_secret( const POLICY_HND *hnd,
lsa_io_q_open_secret("", &q_o, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_OPENSECRET, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_OPENSECRET, &buf, &rbuf))
{
LSA_R_OPEN_SECRET r_o;
BOOL p;
@@ -439,14 +431,6 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret,
LSA_Q_QUERY_SECRET q_q;
BOOL valid_info = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
if (hnd == NULL) return False;
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
@@ -462,7 +446,7 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret,
lsa_io_q_query_secret("", &q_q, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_QUERYSECRET, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_QUERYSECRET, &buf, &rbuf))
{
LSA_R_QUERY_SECRET r_q;
BOOL p;
@@ -481,11 +465,19 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret,
(r_q.info.value.ptr_secret != 0) &&
(r_q.info.ptr_update != 0))
{
+ uchar sess_key[16];
STRING2 enc_secret;
memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2));
memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME));
+ if (!cli_get_usr_sesskey(hnd, sess_key))
+ {
+ return False;
+ }
+#ifdef DEBUG_PASSWORD
+ dump_data(100, sess_key, 16);
+#endif
valid_info = nt_decrypt_string2(secret, &enc_secret,
- (char*)(cli->usr.pwd.smb_nt_pwd));
+ sess_key);
}
}
@@ -511,14 +503,6 @@ BOOL lsa_lookup_names( POLICY_HND *hnd,
LSA_Q_LOOKUP_NAMES q_l;
BOOL valid_response = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
@@ -535,7 +519,7 @@ BOOL lsa_lookup_names( POLICY_HND *hnd,
lsa_io_q_lookup_names("", &q_l, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPNAMES, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf))
{
LSA_R_LOOKUP_NAMES r_l;
DOM_R_REF ref;
@@ -650,14 +634,6 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd,
LSA_Q_LOOKUP_SIDS q_l;
BOOL valid_response = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
ZERO_STRUCT(q_l);
if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
@@ -689,7 +665,7 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd,
lsa_io_q_lookup_sids("", &q_l, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPSIDS, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf))
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
@@ -803,14 +779,6 @@ BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class,
LSA_Q_QUERY_INFO q_q;
BOOL valid_response = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
ZERO_STRUCTP(domain_sid);
domain_name[0] = 0;
@@ -830,7 +798,7 @@ BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class,
lsa_io_q_query("", &q_q, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_QUERYINFOPOLICY, &buf, &rbuf))
{
LSA_R_QUERY_INFO r_q;
BOOL p;
@@ -920,14 +888,6 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx,
LSA_Q_ENUM_TRUST_DOM q_q;
BOOL valid_response = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
if (hnd == NULL || num_doms == NULL || names == NULL) return False;
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
@@ -935,7 +895,7 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx,
/* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */
- DEBUG(4,("LSA Query Info Policy\n"));
+ DEBUG(4,("LSA Enum Trusted Domains\n"));
/* store the parameters */
make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff);
@@ -944,7 +904,7 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx,
lsa_io_q_enum_trust_dom("", &q_q, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_ENUMTRUSTDOM, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_ENUMTRUSTDOM, &buf, &rbuf))
{
LSA_R_ENUM_TRUST_DOM r_q;
BOOL p;
@@ -1002,14 +962,6 @@ BOOL lsa_close(POLICY_HND *hnd)
LSA_Q_CLOSE q_c;
BOOL valid_close = False;
- struct cli_state *cli = NULL;
- uint16 fnum = 0xffff;
-
- if (!cli_state_get(hnd, &cli, &fnum))
- {
- return False;
- }
-
if (hnd == NULL) return False;
/* create and send a MSRPC command with api LSA_OPENPOLICY */
@@ -1026,7 +978,7 @@ BOOL lsa_close(POLICY_HND *hnd)
lsa_io_q_close("", &q_c, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_api_pipe_req(cli, fnum, LSA_CLOSE, &buf, &rbuf))
+ if (rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf))
{
LSA_R_CLOSE r_c;
BOOL p;
@@ -1070,4 +1022,3 @@ BOOL lsa_close(POLICY_HND *hnd)
return valid_close;
}
-