diff options
| -rw-r--r-- | source3/include/ntlmssp_wrap.h | 2 | ||||
| -rw-r--r-- | source3/libsmb/ntlmssp_wrap.c | 5 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 41 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.h | 2 | ||||
| -rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 38 | ||||
| -rw-r--r-- | source3/utils/net_rpc.c | 12 |
6 files changed, 26 insertions, 74 deletions
diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index 303595dcdd..789842cc65 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -64,8 +64,6 @@ bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans); bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans); const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans); const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans); -const char *auth_ntlmssp_get_client(struct auth_ntlmssp_state *ans); -const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans); NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans, const char *user); NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans, diff --git a/source3/libsmb/ntlmssp_wrap.c b/source3/libsmb/ntlmssp_wrap.c index 817dc62910..da04ceb245 100644 --- a/source3/libsmb/ntlmssp_wrap.c +++ b/source3/libsmb/ntlmssp_wrap.c @@ -120,11 +120,6 @@ const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans) return ans->ntlmssp_state->user; } -const uint8_t *auth_ntlmssp_get_nt_hash(struct auth_ntlmssp_state *ans) -{ - return ans->ntlmssp_state->nt_hash; -} - NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans, const char *user) { diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index c2e28188b9..80e3c4b1ae 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2208,47 +2208,6 @@ struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c) return h; } -bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16]) -{ - struct auth_ntlmssp_state *a = NULL; - struct cli_state *cli; - - if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_NTLMSSP) { - a = talloc_get_type_abort(rpc_cli->auth->auth_ctx, - struct auth_ntlmssp_state); - } else if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_SPNEGO) { - struct spnego_context *spnego_ctx; - enum spnego_mech auth_type; - void *auth_ctx; - NTSTATUS status; - - spnego_ctx = talloc_get_type_abort(rpc_cli->auth->auth_ctx, - struct spnego_context); - status = spnego_get_negotiated_mech(spnego_ctx, - &auth_type, &auth_ctx); - if (!NT_STATUS_IS_OK(status)) { - return false; - } - - if (auth_type == SPNEGO_NTLMSSP) { - a = talloc_get_type_abort(auth_ctx, - struct auth_ntlmssp_state); - } - } - - if (a) { - memcpy(nt_hash, auth_ntlmssp_get_nt_hash(a), 16); - return true; - } - - cli = rpc_pipe_np_smb_conn(rpc_cli); - if (cli == NULL) { - return false; - } - E_md4hash(cli->password ? cli->password : "", nt_hash); - return true; -} - NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx, struct pipe_auth_data **presult) { diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h index 65cc975806..25a134068f 100644 --- a/source3/rpc_client/cli_pipe.h +++ b/source3/rpc_client/cli_pipe.h @@ -52,8 +52,6 @@ unsigned int rpccli_set_timeout(struct rpc_pipe_client *cli, bool rpccli_is_connected(struct rpc_pipe_client *rpc_cli); -bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16]); - NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx, struct pipe_auth_data **presult); diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 3382eb1a5c..8325a61660 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -1162,16 +1162,15 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, } static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, - uint8_t session_key[16]) + DATA_BLOB session_key) { char *pwd, *pwd_old; DATA_BLOB data = data_blob_const(p->password->data, p->password->length); DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length); - DATA_BLOB session_key_blob = data_blob_const(session_key, sizeof(session_key)); - pwd = sess_decrypt_string(talloc_tos(), &data, &session_key_blob); - pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob); + pwd = sess_decrypt_string(talloc_tos(), &data, &session_key); + pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key); d_printf("Password:\t%s\n", pwd); d_printf("Old Password:\t%s\n", pwd_old); @@ -1183,11 +1182,11 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, static void display_trust_dom_info(TALLOC_CTX *mem_ctx, union lsa_TrustedDomainInfo *info, enum lsa_TrustDomInfoEnum info_class, - uint8_t nt_hash[16]) + DATA_BLOB session_key) { switch (info_class) { case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: - display_trust_dom_info_4(&info->password, nt_hash); + display_trust_dom_info_4(&info->password, session_key); break; default: { const char *str = NULL; @@ -1212,7 +1211,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED; union lsa_TrustedDomainInfo *info = NULL; enum lsa_TrustDomInfoEnum info_class = 1; - uint8_t nt_hash[16]; + DATA_BLOB session_key; struct dcerpc_binding_handle *b = cli->binding_handle; if (argc > 3 || argc < 2) { @@ -1244,12 +1243,13 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, goto done; } - if (!rpccli_get_pwd_hash(cli, nt_hash)) { - d_fprintf(stderr, "Could not get pwd hash\n"); + status = cli_get_session_key(mem_ctx, cli, &session_key); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status))); goto done; } - display_trust_dom_info(mem_ctx, info, info_class, nt_hash); + display_trust_dom_info(mem_ctx, info, info_class, session_key); done: dcerpc_lsa_Close(b, mem_ctx, &pol, &result); @@ -1267,8 +1267,8 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, union lsa_TrustedDomainInfo *info = NULL; enum lsa_TrustDomInfoEnum info_class = 1; struct lsa_String trusted_domain; - uint8_t nt_hash[16]; struct dcerpc_binding_handle *b = cli->binding_handle; + DATA_BLOB session_key; if (argc > 3 || argc < 2) { printf("Usage: %s [name] [info_class]\n", argv[0]); @@ -1298,12 +1298,13 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, goto done; } - if (!rpccli_get_pwd_hash(cli, nt_hash)) { - d_fprintf(stderr, "Could not get pwd hash\n"); + status = cli_get_session_key(mem_ctx, cli, &session_key); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status))); goto done; } - display_trust_dom_info(mem_ctx, info, info_class, nt_hash); + display_trust_dom_info(mem_ctx, info, info_class, session_key); done: dcerpc_lsa_Close(b, mem_ctx, &pol, &result); @@ -1321,7 +1322,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, union lsa_TrustedDomainInfo *info = NULL; struct dom_sid dom_sid; enum lsa_TrustDomInfoEnum info_class = 1; - uint8_t nt_hash[16]; + DATA_BLOB session_key; struct dcerpc_binding_handle *b = cli->binding_handle; if (argc > 3 || argc < 2) { @@ -1366,12 +1367,13 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, goto done; } - if (!rpccli_get_pwd_hash(cli, nt_hash)) { - d_fprintf(stderr, "Could not get pwd hash\n"); + status = cli_get_session_key(mem_ctx, cli, &session_key); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status))); goto done; } - display_trust_dom_info(mem_ctx, info, info_class, nt_hash); + display_trust_dom_info(mem_ctx, info, info_class, session_key); done: dcerpc_lsa_Close(b, mem_ctx, &pol, &result); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 592885ac7c..c2fc08693c 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6436,8 +6436,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, NTSTATUS nt_status, result; union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; - uint8_t session_key[16]; - DATA_BLOB session_key_blob; + DATA_BLOB session_key; DATA_BLOB data = data_blob_null; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; @@ -6462,13 +6461,14 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, data = data_blob(info->password.password->data, info->password.password->length); - if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) { - DEBUG(0, ("Could not retrieve password hash\n")); + nt_status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(nt_status))); goto done; } - session_key_blob = data_blob_const(session_key, sizeof(session_key)); - cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob); + cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key); + data_blob_free(&session_key); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n")); |