diff options
-rw-r--r-- | source3/include/ntdomain.h | 19 | ||||
-rw-r--r-- | source3/include/proto.h | 6 | ||||
-rw-r--r-- | source3/passdb/secrets.c | 167 |
3 files changed, 0 insertions, 192 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index ce5d606c57..53e89a8751 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -112,25 +112,6 @@ typedef struct _input_data { struct handle_list; -/* Domain controller authentication protocol info */ -struct dcinfo { - uint32 sequence; /* "timestamp" from client. */ - struct netr_Credential seed_chal; - struct netr_Credential clnt_chal; /* Client credential */ - struct netr_Credential srv_chal; /* Server credential */ - - unsigned char sess_key[16]; /* Session key */ - unsigned char mach_pw[16]; /* md4(machine password) */ - - fstring mach_acct; /* Machine name we've authenticated. */ - - fstring remote_machine; /* Machine name we've authenticated. */ - fstring domain; - - bool challenge_sent; - bool authenticated; -}; - typedef struct pipe_rpc_fns { struct pipe_rpc_fns *next, *prev; diff --git a/source3/include/proto.h b/source3/include/proto.h index a745c07b17..b87e3b7f91 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4716,12 +4716,6 @@ bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfi bool secrets_fetch_afs_key(const char *cell, struct afs_key *result); void secrets_fetch_ipc_userpass(char **username, char **domain, char **password); TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx); -bool secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, - const char *remote_machine, - const struct dcinfo *pdc); -bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx, - const char *remote_machine, - struct dcinfo **ppdc); bool secrets_store_generic(const char *owner, const char *key, const char *secret); char *secrets_fetch_generic(const char *owner, const char *key); bool secrets_store_local_schannel_key(uint8_t schannel_key[16]); diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index cecf13a7db..0e66e3cf01 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -1187,173 +1187,6 @@ TDB_CONTEXT *open_schannel_session_store(TALLOC_CTX *mem_ctx) return tdb_sc; } -/****************************************************************************** - Store the schannel state after an AUTH2 call. - Note we must be root here. -*******************************************************************************/ - -bool secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, - const char *remote_machine, - const struct dcinfo *pdc) -{ - TDB_CONTEXT *tdb_sc = NULL; - TDB_DATA value; - bool ret; - char *keystr = talloc_asprintf_strupper_m(mem_ctx, "%s/%s", - SECRETS_SCHANNEL_STATE, - remote_machine); - if (!keystr) { - return False; - } - - /* Work out how large the record is. */ - value.dsize = tdb_pack(NULL, 0, "dBBBBBfff", - pdc->sequence, - 8, pdc->seed_chal.data, - 8, pdc->clnt_chal.data, - 8, pdc->srv_chal.data, - 16, pdc->sess_key, - 16, pdc->mach_pw, - pdc->mach_acct, - pdc->remote_machine, - pdc->domain); - - value.dptr = TALLOC_ARRAY(mem_ctx, uint8, value.dsize); - if (!value.dptr) { - TALLOC_FREE(keystr); - return False; - } - - value.dsize = tdb_pack(value.dptr, value.dsize, "dBBBBBfff", - pdc->sequence, - 8, pdc->seed_chal.data, - 8, pdc->clnt_chal.data, - 8, pdc->srv_chal.data, - 16, pdc->sess_key, - 16, pdc->mach_pw, - pdc->mach_acct, - pdc->remote_machine, - pdc->domain); - - tdb_sc = open_schannel_session_store(mem_ctx); - if (!tdb_sc) { - TALLOC_FREE(keystr); - TALLOC_FREE(value.dptr); - return False; - } - - ret = (tdb_store_bystring(tdb_sc, keystr, value, TDB_REPLACE) == 0 ? True : False); - - DEBUG(3,("secrets_store_schannel_session_info: stored schannel info with key %s\n", - keystr )); - - tdb_close(tdb_sc); - TALLOC_FREE(keystr); - TALLOC_FREE(value.dptr); - return ret; -} - -/****************************************************************************** - Restore the schannel state on a client reconnect. - Note we must be root here. -*******************************************************************************/ - -bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx, - const char *remote_machine, - struct dcinfo **ppdc) -{ - TDB_CONTEXT *tdb_sc = NULL; - TDB_DATA value; - unsigned char *pseed_chal = NULL; - unsigned char *pclnt_chal = NULL; - unsigned char *psrv_chal = NULL; - unsigned char *psess_key = NULL; - unsigned char *pmach_pw = NULL; - uint32 l1, l2, l3, l4, l5; - int ret; - struct dcinfo *pdc = NULL; - char *keystr = talloc_asprintf_strupper_m(mem_ctx, "%s/%s", - SECRETS_SCHANNEL_STATE, - remote_machine); - - *ppdc = NULL; - - if (!keystr) { - return False; - } - - tdb_sc = open_schannel_session_store(mem_ctx); - if (!tdb_sc) { - TALLOC_FREE(keystr); - return False; - } - - value = tdb_fetch_bystring(tdb_sc, keystr); - if (!value.dptr) { - DEBUG(0,("secrets_restore_schannel_session_info: Failed to find entry with key %s\n", - keystr )); - tdb_close(tdb_sc); - return False; - } - - pdc = TALLOC_ZERO_P(mem_ctx, struct dcinfo); - - /* Retrieve the record. */ - ret = tdb_unpack(value.dptr, value.dsize, "dBBBBBfff", - &pdc->sequence, - &l1, &pseed_chal, - &l2, &pclnt_chal, - &l3, &psrv_chal, - &l4, &psess_key, - &l5, &pmach_pw, - &pdc->mach_acct, - &pdc->remote_machine, - &pdc->domain); - - if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 16 || l5 != 16) { - /* Bad record - delete it. */ - tdb_delete_bystring(tdb_sc, keystr); - tdb_close(tdb_sc); - TALLOC_FREE(keystr); - TALLOC_FREE(pdc); - SAFE_FREE(pseed_chal); - SAFE_FREE(pclnt_chal); - SAFE_FREE(psrv_chal); - SAFE_FREE(psess_key); - SAFE_FREE(pmach_pw); - SAFE_FREE(value.dptr); - return False; - } - - tdb_close(tdb_sc); - - memcpy(pdc->seed_chal.data, pseed_chal, 8); - memcpy(pdc->clnt_chal.data, pclnt_chal, 8); - memcpy(pdc->srv_chal.data, psrv_chal, 8); - memcpy(pdc->sess_key, psess_key, 16); - memcpy(pdc->mach_pw, pmach_pw, 16); - - /* We know these are true so didn't bother to store them. */ - pdc->challenge_sent = True; - pdc->authenticated = True; - - DEBUG(3,("secrets_restore_schannel_session_info: restored schannel info key %s\n", - keystr )); - - SAFE_FREE(pseed_chal); - SAFE_FREE(pclnt_chal); - SAFE_FREE(psrv_chal); - SAFE_FREE(psess_key); - SAFE_FREE(pmach_pw); - - TALLOC_FREE(keystr); - SAFE_FREE(value.dptr); - - *ppdc = pdc; - - return True; -} - bool secrets_store_generic(const char *owner, const char *key, const char *secret) { char *tdbkey = NULL; |