5 files changed, 73 insertions, 115 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 5f115e537b..32485ead9f 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -21,6 +21,7 @@
 */
 
 #include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
 
 /****************************************************************************
  Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
@@ -40,28 +41,19 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	struct netr_Credential clnt_chal_send;
 	struct netr_Credential srv_chal_recv;
-	struct dcinfo *dc;
+	struct samr_Password password;
 	bool retried = false;
+	fstring mach_acct;
 
 	SMB_ASSERT(ndr_syntax_id_equal(&cli->abstract_syntax,
 				       &ndr_table_netlogon.syntax_id));
 
 	TALLOC_FREE(cli->dc);
-	cli->dc = talloc_zero(cli, struct dcinfo);
-	if (cli->dc == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	dc = cli->dc;
 
 	/* Store the machine account password we're going to use. */
-	memcpy(dc->mach_pw, machine_pwd, 16);
-
-	fstrcpy(dc->remote_machine, "\\\\");
-	fstrcat(dc->remote_machine, server_name);
-
-	fstrcpy(dc->domain, domain);
+	memcpy(password.hash, machine_pwd, 16);
 
-	fstr_sprintf( dc->mach_acct, "%s$", machine_account);
+	fstr_sprintf( mach_acct, "%s$", machine_account);
 
  again:
 	/* Create the client challenge. */
@@ -69,7 +61,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 
 	/* Get the server challenge. */
 	result = rpccli_netr_ServerReqChallenge(cli, talloc_tos(),
-						dc->remote_machine,
+						cli->srv_name_slash,
 						clnt_name,
 						&clnt_chal_send,
 						&srv_chal_recv);
@@ -78,22 +70,29 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	}
 
 	/* Calculate the session key and client credentials */
-	creds_client_init(*neg_flags_inout,
-			dc,
-			&clnt_chal_send,
-			&srv_chal_recv,
-			machine_pwd,
-			&clnt_chal_send);
+	
+	cli->dc = netlogon_creds_client_init(cli,
+				    clnt_name,
+				    machine_account, 
+				    &clnt_chal_send,
+				    &srv_chal_recv,
+				    &password,
+				    &clnt_chal_send,
+				    *neg_flags_inout);
+
+	if (!cli->dc) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/*
 	 * Send client auth-2 challenge and receive server repy.
 	 */
 
 	result = rpccli_netr_ServerAuthenticate2(cli, talloc_tos(),
-						 dc->remote_machine,
-						 dc->mach_acct,
+						 cli->srv_name_slash,
+						 cli->dc->account_name,
 						 sec_chan_type,
-						 clnt_name,
+						 cli->dc->computer_name,
 						 &clnt_chal_send, /* input. */
 						 &srv_chal_recv, /* output. */
 						 neg_flags_inout);
@@ -102,7 +101,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	 * with the returned neg_flags - gd */
 
 	if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && !retried) {
-		retried = true;
+		TALLOC_FREE(cli->dc);
 		goto again;
 	}
 
@@ -115,7 +114,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	 * server received challenge.
 	 */
 
-	if (!netlogon_creds_client_check(dc, &srv_chal_recv)) {
+	if (!netlogon_creds_client_check(cli->dc, &srv_chal_recv)) {
 		/*
 		 * Server replied with bad credential. Fail.
 		 */
@@ -169,7 +168,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 
 	/* Initialise input parameters */
 
-	netlogon_creds_client_step(cli->dc, &clnt_creds);
+	netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
 
 	switch (logon_type) {
 	case NetlogonInteractiveInformation: {
@@ -179,43 +178,20 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 		struct samr_Password lmpassword;
 		struct samr_Password ntpassword;
 
-		unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
-
-		unsigned char lm_owf[16];
-		unsigned char nt_owf[16];
-		unsigned char key[16];
-
 		password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo);
 		if (!password_info) {
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
-
-#ifdef DEBUG_PASSWORD
-		DEBUG(100,("lm cypher:"));
-		dump_data(100, lm_owf_user_pwd, 16);
-
-		DEBUG(100,("nt cypher:"));
-		dump_data(100, nt_owf_user_pwd, 16);
-#endif
-		memset(key, 0, 16);
-		memcpy(key, cli->dc->sess_key, 8);
+		nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash);
 
-		memcpy(lm_owf, lm_owf_user_pwd, 16);
-		SamOEMhash(lm_owf, key, 16);
-		memcpy(nt_owf, nt_owf_user_pwd, 16);
-		SamOEMhash(nt_owf, key, 16);
-
-#ifdef DEBUG_PASSWORD
-		DEBUG(100,("encrypt of lm owf password:"));
-		dump_data(100, lm_owf, 16);
-
-		DEBUG(100,("encrypt of nt owf password:"));
-		dump_data(100, nt_owf, 16);
-#endif
-		memcpy(lmpassword.hash, lm_owf, 16);
-		memcpy(ntpassword.hash, nt_owf, 16);
+		if (cli->dc->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+			netlogon_creds_arcfour_crypt(cli->dc, lmpassword.hash, 16);
+			netlogon_creds_arcfour_crypt(cli->dc, ntpassword.hash, 16);
+		} else {
+			netlogon_creds_des_encrypt(cli->dc, &lmpassword);
+			netlogon_creds_des_encrypt(cli->dc, &ntpassword);
+		}
 
 		init_netr_PasswordInfo(password_info,
 				       domain,
@@ -280,7 +256,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 	}
 
 	result = rpccli_netr_LogonSamLogon(cli, mem_ctx,
-					   cli->dc->remote_machine,
+					   cli->srv_name_slash,
 					   global_myname(),
 					   &clnt_creds,
 					   &ret_creds,
@@ -290,12 +266,10 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 					   &validation,
 					   &authoritative);
 
-	if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
-		/* Check returned credentials if present. */
-		if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
-			DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
+	/* Always check returned credentials */
+	if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
+		DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	return result;
@@ -352,7 +326,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	netlogon_creds_client_step(cli->dc, &clnt_creds);
+	netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
 
 	if (server[0] != '\\' && server[1] != '\\') {
 		server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
@@ -407,23 +381,13 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
 		return result;
 	}
 
-	if (memcmp(zeros, validation.sam3->base.key.key, 16) != 0) {
-		SamOEMhash(validation.sam3->base.key.key,
-			   cli->dc->sess_key, 16);
-	}
-
-	if (memcmp(zeros, validation.sam3->base.LMSessKey.key, 8) != 0) {
-		SamOEMhash(validation.sam3->base.LMSessKey.key,
-			   cli->dc->sess_key, 8);
+	/* Always check returned credentials. */
+	if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
+		DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
-		/* Check returned credentials if present. */
-		if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
-			DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
-	}
+	netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
 
 	*info3 = validation.sam3;
 
@@ -524,15 +488,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
 		return result;
 	}
 
-	if (memcmp(zeros, validation.sam3->base.key.key, 16) != 0) {
-		SamOEMhash(validation.sam3->base.key.key,
-			   cli->dc->sess_key, 16);
-	}
-
-	if (memcmp(zeros, validation.sam3->base.LMSessKey.key, 8) != 0) {
-		SamOEMhash(validation.sam3->base.LMSessKey.key,
-			   cli->dc->sess_key, 8);
-	}
+	netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
 
 	*info3 = validation.sam3;
 
@@ -574,21 +530,21 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 		return result;
 	}
 
-	netlogon_creds_client_step(cli->dc, &clnt_creds);
+	netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
 
 	if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
 
 		struct netr_CryptPassword new_password;
 
 		init_netr_CryptPassword(new_trust_pwd_cleartext,
-					cli->dc->sess_key,
+					cli->dc->session_key,
 					&new_password);
 
 		result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
-							cli->dc->remote_machine,
-							cli->dc->mach_acct,
+							cli->srv_name_slash,
+							cli->dc->account_name,
 							sec_channel_type,
-							global_myname(),
+							cli->dc->computer_name,
 							&clnt_creds,
 							&srv_cred,
 							&new_password);
@@ -600,16 +556,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 	} else {
 
 		struct samr_Password new_password;
-
-		cred_hash3(new_password.hash,
-			   new_trust_passwd_hash,
-			   cli->dc->sess_key, 1);
+		memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash));
+		netlogon_creds_des_encrypt(cli->dc, &new_password);
 
 		result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
-						       cli->dc->remote_machine,
-						       cli->dc->mach_acct,
+						       cli->srv_name_slash,
+						       cli->dc->account_name,
 						       sec_channel_type,
-						       global_myname(),
+						       cli->dc->computer_name,
 						       &clnt_creds,
 						       &srv_cred,
 						       &new_password);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index a8cc33f585..567794db88 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -18,6 +18,7 @@
  */
 
 #include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
 #include "librpc/gen_ndr/cli_epmapper.h"
 
 #undef DBGC_CLASS
@@ -3850,7 +3851,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
 					     const struct ndr_syntax_id *interface,
 					     enum pipe_auth_level auth_level,
 					     const char *domain,
-					     const struct dcinfo *pdc,
+					     struct netlogon_creds_CredentialState *pdc,
 					     struct rpc_pipe_client **presult)
 {
 	struct rpc_pipe_client *result;
@@ -3863,7 +3864,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
 	}
 
 	status = rpccli_schannel_bind_data(result, domain, auth_level,
-					   pdc->sess_key, &auth);
+					   pdc->session_key, &auth);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
 			  nt_errstr(status)));
@@ -3882,11 +3883,11 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
 
 	/*
 	 * The credentials on a new netlogon pipe are the ones we are passed
-	 * in - copy them over.
+	 * in - reference them in
 	 */
-	result->dc = (struct dcinfo *)talloc_memdup(result, pdc, sizeof(*pdc));
+	result->dc = talloc_reference(result, pdc);
 	if (result->dc == NULL) {
-		DEBUG(0, ("talloc failed\n"));
+		DEBUG(0, ("talloc reference failed\n"));
 		TALLOC_FREE(result);
 		return NT_STATUS_NO_MEMORY;
 	}
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 86bc041374..5a0dff2965 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -22,6 +22,7 @@
 */
 
 #include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
 
 /* User change password */
 
@@ -115,7 +116,7 @@ NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
 
 		encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
 
-		SamOEMhash(new_lm_password.data, old_nt_hash, 516);
+		arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
 		E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
 	} else {
 		ZERO_STRUCT(new_lm_password);
@@ -124,7 +125,7 @@ NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli,
 
 	encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
 
-	SamOEMhash(new_nt_password.data, old_nt_hash, 516);
+	arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
 	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 
 	result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
@@ -221,7 +222,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
 
 		encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
 
-		SamOEMhash(new_lm_password.data, old_nt_hash, 516);
+		arcfour_crypt(new_lm_password.data, old_nt_hash, 516);
 		E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
 	} else {
 		ZERO_STRUCT(new_lm_password);
@@ -230,7 +231,7 @@ NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli,
 
 	encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
 
-	SamOEMhash(new_nt_password.data, old_nt_hash, 516);
+	arcfour_crypt(new_nt_password.data, old_nt_hash, 516);
 	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 
 	status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
index 793b9c7de5..cb49381eac 100644
--- a/source3/rpc_client/init_netlogon.c
+++ b/source3/rpc_client/init_netlogon.c
@@ -18,6 +18,7 @@
  */
 
 #include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
 
 /*******************************************************************
  inits a structure.
@@ -259,7 +260,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
 		       MIN(sizeof(user_session_key.key),
 			   server_info->user_session_key.length));
 		if (pipe_session_key) {
-			SamOEMhash(user_session_key.key, pipe_session_key, 16);
+			arcfour_crypt(user_session_key.key, pipe_session_key, 16);
 		}
 	}
 	if (server_info->lm_session_key.length) {
@@ -268,7 +269,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
 		       MIN(sizeof(lm_session_key.key),
 			   server_info->lm_session_key.length));
 		if (pipe_session_key) {
-			SamOEMhash(lm_session_key.key, pipe_session_key, 8);
+			arcfour_crypt(lm_session_key.key, pipe_session_key, 8);
 		}
 	}
 
@@ -418,7 +419,7 @@ void init_netr_CryptPassword(const char *pwd,
 
 	encode_pw_buffer(password_buf.data, pwd, STR_UNICODE);
 
-	SamOEMhash(password_buf.data, session_key, 516);
+	arcfour_crypt(password_buf.data, session_key, 516);
 	memcpy(pwd_buf->data, password_buf.data, 512);
 	pwd_buf->length = IVAL(password_buf.data, 512);
 }
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
index ecc6310510..6843869965 100644
--- a/source3/rpc_client/init_samr.c
+++ b/source3/rpc_client/init_samr.c
@@ -18,6 +18,7 @@
  */
 
 #include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
 
 /*************************************************************************
  inits a samr_CryptPasswordEx structure
@@ -44,7 +45,7 @@ void init_samr_CryptPasswordEx(const char *pwd,
 			    session_key->length);
 	MD5Final(confounded_session_key.data, &md5_ctx);
 
-	SamOEMhashBlob(pwbuf, 516, &confounded_session_key);
+	arcfour_crypt_blob(pwbuf, 516, &confounded_session_key);
 	memcpy(&pwbuf[516], confounder, 16);
 
 	memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf));
@@ -62,5 +63,5 @@ void init_samr_CryptPassword(const char *pwd,
 	/* samr_CryptPassword */
 
 	encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE);
-	SamOEMhashBlob(pwd_buf->data, 516, session_key);
+	arcfour_crypt_blob(pwd_buf->data, 516, session_key);
 }