diff options
| -rw-r--r-- | source3/include/ntdomain.h | 6 | ||||
| -rw-r--r-- | source3/libsmb/credentials.c | 32 | ||||
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 52 | ||||
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 6 |
4 files changed, 47 insertions, 49 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 6537d5a7fb..b89b0fea3a 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -135,9 +135,9 @@ struct handle_list { /* Domain controller authentication protocol info */ struct dcinfo { uint32 sequence; /* "timestamp" from client. */ - DOM_CHAL seed_chal; - DOM_CHAL clnt_chal; /* Client credential */ - DOM_CHAL srv_chal; /* Server credential */ + struct netr_Credential seed_chal; + struct netr_Credential clnt_chal; /* Client credential */ + struct netr_Credential srv_chal; /* Server credential */ unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */ unsigned char mach_pw[16]; /* md4(machine password) */ diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 0043f4e6a9..328b931df0 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -42,9 +42,9 @@ char *credstr(const unsigned char *cred) ****************************************************************************/ static void creds_init_128(struct dcinfo *dc, - const DOM_CHAL *clnt_chal_in, - const DOM_CHAL *srv_chal_in, - const unsigned char mach_pw[16]) + const struct netr_Credential *clnt_chal_in, + const struct netr_Credential *srv_chal_in, + const unsigned char mach_pw[16]) { unsigned char zero[4], tmp[16]; HMACMD5Context ctx; @@ -94,9 +94,9 @@ static void creds_init_128(struct dcinfo *dc, ****************************************************************************/ static void creds_init_64(struct dcinfo *dc, - const DOM_CHAL *clnt_chal_in, - const DOM_CHAL *srv_chal_in, - const unsigned char mach_pw[16]) + const struct netr_Credential *clnt_chal_in, + const struct netr_Credential *srv_chal_in, + const unsigned char mach_pw[16]) { uint32 sum[2]; unsigned char sum2[8]; @@ -177,10 +177,10 @@ static void creds_step(struct dcinfo *dc) void creds_server_init(uint32 neg_flags, struct dcinfo *dc, - DOM_CHAL *clnt_chal, - DOM_CHAL *srv_chal, + struct netr_Credential *clnt_chal, + struct netr_Credential *srv_chal, const unsigned char mach_pw[16], - DOM_CHAL *init_chal_out) + struct netr_Credential *init_chal_out) { DEBUG(10,("creds_server_init: neg_flags : %x\n", (unsigned int)neg_flags)); DEBUG(10,("creds_server_init: client chal : %s\n", credstr(clnt_chal->data) )); @@ -246,7 +246,7 @@ bool netlogon_creds_server_check(const struct dcinfo *dc, static void creds_reseed(struct dcinfo *dc) { - DOM_CHAL time_chal; + struct netr_Credential time_chal; SIVAL(time_chal.data, 0, IVAL(dc->seed_chal.data, 0) + dc->sequence + 1); SIVAL(time_chal.data, 4, IVAL(dc->seed_chal.data, 4)); @@ -274,7 +274,8 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE /* Create the outgoing credentials */ cred_out->timestamp.time = tmp_dc.sequence + 1; - cred_out->challenge = tmp_dc.srv_chal; + memcpy(&cred_out->challenge.data, tmp_dc.srv_chal.data, + sizeof(cred_out->challenge.data)); creds_reseed(&tmp_dc); @@ -324,10 +325,10 @@ bool netlogon_creds_server_step(struct dcinfo *dc, void creds_client_init(uint32 neg_flags, struct dcinfo *dc, - DOM_CHAL *clnt_chal, - DOM_CHAL *srv_chal, + struct netr_Credential *clnt_chal, + struct netr_Credential *srv_chal, const unsigned char mach_pw[16], - DOM_CHAL *init_chal_out) + struct netr_Credential *init_chal_out) { dc->sequence = time(NULL); @@ -406,7 +407,8 @@ void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out) creds_step(dc); creds_reseed(dc); - next_cred_out->challenge = dc->clnt_chal; + memcpy(&next_cred_out->challenge.data, dc->clnt_chal.data, + sizeof(next_cred_out->challenge.data)); next_cred_out->timestamp.time = dc->sequence; } diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index f15340ffec..5d6f32980d 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -251,17 +251,17 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, ****************************************************************************/ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, - const char *server_name, - const char *domain, - const char *clnt_name, - const char *machine_account, - const unsigned char machine_pwd[16], - uint32 sec_chan_type, - uint32 *neg_flags_inout) + const char *server_name, + const char *domain, + const char *clnt_name, + const char *machine_account, + const unsigned char machine_pwd[16], + enum netr_SchannelType sec_chan_type, + uint32_t *neg_flags_inout) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CHAL clnt_chal_send; - DOM_CHAL srv_chal_recv; + struct netr_Credential clnt_chal_send; + struct netr_Credential srv_chal_recv; struct dcinfo *dc; SMB_ASSERT(cli->pipe_idx == PI_NETLOGON); @@ -288,13 +288,11 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, generate_random_buffer(clnt_chal_send.data, 8); /* Get the server challenge. */ - result = rpccli_net_req_chal(cli, - cli->mem_ctx, - dc->remote_machine, - clnt_name, - &clnt_chal_send, - &srv_chal_recv); - + result = rpccli_netr_ServerReqChallenge(cli, cli->mem_ctx, + dc->remote_machine, + clnt_name, + &clnt_chal_send, + &srv_chal_recv); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -307,20 +305,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, machine_pwd, &clnt_chal_send); - /* + /* * Send client auth-2 challenge and receive server repy. */ - result = rpccli_net_auth2(cli, - cli->mem_ctx, - dc->remote_machine, - dc->mach_acct, - sec_chan_type, - clnt_name, - neg_flags_inout, - &clnt_chal_send, /* input. */ - &srv_chal_recv); /* output */ - + result = rpccli_netr_ServerAuthenticate2(cli, cli->mem_ctx, + dc->remote_machine, + dc->mach_acct, + sec_chan_type, + clnt_name, + &clnt_chal_send, /* input. */ + &srv_chal_recv, /* output. */ + neg_flags_inout); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -330,7 +326,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, * server received challenge. */ - if (!creds_client_check(dc, &srv_chal_recv)) { + if (!netlogon_creds_client_check(dc, &srv_chal_recv)) { /* * Server replied with bad credential. Fail. */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 3e15d38043..017c4fe046 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -35,7 +35,7 @@ extern userdom_struct current_user_info; *************************************************************************/ static void init_net_r_req_chal(struct netr_Credential *r, - DOM_CHAL *srv_chal) + struct netr_Credential *srv_chal) { DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__)); @@ -406,7 +406,7 @@ NTSTATUS _netr_ServerAuthenticate(pipes_struct *p, struct netr_ServerAuthenticate *r) { NTSTATUS status; - DOM_CHAL srv_chal_out; + struct netr_Credential srv_chal_out; if (!p->dc || !p->dc->challenge_sent) { return NT_STATUS_ACCESS_DENIED; @@ -465,7 +465,7 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, { NTSTATUS status; uint32_t srv_flgs; - DOM_CHAL srv_chal_out; + struct netr_Credential srv_chal_out; /* We use this as the key to store the creds: */ /* r->in.computer_name */ |