diff options
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/net_rpc.c | 9 | ||||
| -rw-r--r-- | source3/utils/net_rpc_join.c | 3 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth.c | 13 | ||||
| -rw-r--r-- | source3/utils/ntlm_auth_diagnostics.c | 11 |
4 files changed, 21 insertions, 15 deletions
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 0b662819ae..5dd3df9a69 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -22,6 +22,7 @@ #include "includes.h" #include "utils/net.h" +#include "../libcli/auth/libcli_auth.h" static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -5737,7 +5738,8 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, NTSTATUS nt_status; union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; - uint8_t nt_hash[16]; + uint8_t session_key[16]; + DATA_BLOB session_key_blob; DATA_BLOB data; nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx, @@ -5754,12 +5756,13 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, data = data_blob(info->password.password->data, info->password.password->length); - if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) { + if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) { DEBUG(0, ("Could not retrieve password hash\n")); goto done; } - cleartextpwd = decrypt_trustdom_secret(nt_hash, &data); + session_key_blob = data_blob_const(session_key, sizeof(session_key)); + cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n")); diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 1fec140124..78bbce3dfc 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -20,6 +20,7 @@ #include "includes.h" #include "utils/net.h" +#include "../libcli/auth/libcli_auth.h" /* Macro for checking RPC error codes to make things more readable */ @@ -101,7 +102,7 @@ NTSTATUS net_rpc_join_ok(struct net_context *c, const char *domain, ntret = cli_rpc_pipe_open_schannel_with_key( cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, - domain, netlogon_pipe->dc, &pipe_hnd); + domain, &netlogon_pipe->dc, &pipe_hnd); if (!NT_STATUS_IS_OK(ntret)) { DEBUG(0,("net_rpc_join_ok: failed to open schannel session " diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index e8bd9fbd2b..50688bf698 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -25,6 +25,7 @@ #include "includes.h" #include "utils/ntlm_auth.h" +#include "../libcli/auth/libcli_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -566,19 +567,19 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { NTSTATUS nt_status; - uint8 lm_pw[16], nt_pw[16]; + struct samr_Password lm_pw, nt_pw; - nt_lm_owf_gen (opt_password, nt_pw, lm_pw); + nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash); nt_status = ntlm_password_check(ntlmssp_state, + true, true, 0, &ntlmssp_state->chal, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, - NULL, NULL, ntlmssp_state->user, ntlmssp_state->user, ntlmssp_state->domain, - lm_pw, nt_pw, user_session_key, lm_session_key); + &lm_pw, &nt_pw, user_session_key, lm_session_key); if (NT_STATUS_IS_OK(nt_status)) { ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state, @@ -1977,7 +1978,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state, encode_pw_buffer(new_lm_pswd.data, newpswd, STR_UNICODE); - SamOEMhash(new_lm_pswd.data, old_nt_hash, 516); + arcfour_crypt(new_lm_pswd.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_lm_hash, old_lm_hash_enc.data); } else { @@ -1990,7 +1991,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state, encode_pw_buffer(new_nt_pswd.data, newpswd, STR_UNICODE); - SamOEMhash(new_nt_pswd.data, old_nt_hash, 516); + arcfour_crypt(new_nt_pswd.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.data); } diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index cea4b084f7..0178823801 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -23,6 +23,7 @@ #include "includes.h" #include "utils/ntlm_auth.h" +#include "../libcli/auth/libcli_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -72,7 +73,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which) SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); - SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + SMBsesskeygen_ntv1(nt_hash, session_key.data); switch (break_which) { case BREAK_NONE: @@ -257,7 +258,7 @@ static bool test_ntlm_in_both(void) SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); - SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + SMBsesskeygen_ntv1(nt_hash, session_key.data); E_deshash(opt_password, lm_hash); @@ -316,7 +317,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which) DATA_BLOB ntlmv2_response = data_blob_null; DATA_BLOB lmv2_response = data_blob_null; DATA_BLOB ntlmv2_session_key = data_blob_null; - DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain()); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain()); uchar user_session_key[16]; DATA_BLOB chall = get_challenge(); @@ -326,9 +327,9 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which) flags |= WBFLAG_PAM_USER_SESSION_KEY; - if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall, + if (!SMBNTLMv2encrypt(NULL, opt_username, opt_domain, opt_password, &chall, &names_blob, - &lmv2_response, &ntlmv2_response, + &lmv2_response, &ntlmv2_response, NULL, &ntlmv2_session_key)) { data_blob_free(&names_blob); return False; |