diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 4 | ||||
-rw-r--r-- | source3/libsmb/smbdes.c | 4 | ||||
-rw-r--r-- | source3/libsmb/smbencrypt.c | 9 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 85 |
4 files changed, 25 insertions, 77 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 3a15e8d689..cb61009a64 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -852,7 +852,7 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], /*The following definitions come from libsmb/smbdes.c */ -void smbhash(unsigned char *out, const uchar *in, unsigned char *key, int forw); +void smbhash(unsigned char *out, const uchar *in, const uchar *key, int forw); void E_P16(unsigned char *p14,unsigned char *p16); void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out); @@ -894,7 +894,7 @@ void ntv2_owf_gen(const uchar owf[16], uchar kr_buf[16]); void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]); BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode); -BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, char nt_hash[16]); +BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, const uchar *key); void create_ntlmssp_resp(struct pwd_info *pwd, char *domain, char *user_name, char *my_name, uint32 ntlmssp_cli_flgs, diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c index ba214a2eb0..e60b93d6a2 100644 --- a/source3/libsmb/smbdes.c +++ b/source3/libsmb/smbdes.c @@ -259,7 +259,7 @@ static void dohash(char *out, char *in, char *key, int forw) permute(out, rl, perm6, 64); } -static void str_to_key(unsigned char *str,unsigned char *key) +static void str_to_key(const uchar *str, uchar *key) { int i; @@ -277,7 +277,7 @@ static void str_to_key(unsigned char *str,unsigned char *key) } -void smbhash(unsigned char *out, const uchar *in, unsigned char *key, int forw) +void smbhash(unsigned char *out, const uchar *in, const uchar *key, int forw) { int i; char outb[64]; diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 3227caaa95..ace6cdc300 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -444,21 +444,18 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ return True; } -BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, char nt_hash[16]) +BOOL nt_decrypt_string2(STRING2 *out, const STRING2 *in, const uchar *key) { uchar bufhdr[8]; int datalen; - uchar key[16]; - uchar *keyptr = key; - uchar *keyend = key + sizeof(key); + const uchar *keyptr = key; + const uchar *keyend = key + 16; uchar *outbuf = (uchar *)out->buffer; const uchar *inbuf = (const uchar *)in->buffer; const uchar *inbufend; - mdfour(key, nt_hash, 16); - smbhash(bufhdr, inbuf, keyptr, 0); datalen = IVAL(bufhdr, 0); diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a7c15307a1..7706d0cd83 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -332,7 +332,7 @@ BOOL lsa_open_policy2( const char *server_name, POLICY_HND *hnd, lsa_io_q_open_pol2("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_OPENPOLICY2, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_OPENPOLICY2, &buf, &rbuf)) { LSA_R_OPEN_POL2 r_o; BOOL p; @@ -376,14 +376,6 @@ BOOL lsa_open_secret( const POLICY_HND *hnd, LSA_Q_OPEN_SECRET q_o; BOOL valid_pol = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -399,7 +391,7 @@ BOOL lsa_open_secret( const POLICY_HND *hnd, lsa_io_q_open_secret("", &q_o, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_OPENSECRET, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_OPENSECRET, &buf, &rbuf)) { LSA_R_OPEN_SECRET r_o; BOOL p; @@ -439,14 +431,6 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, LSA_Q_QUERY_SECRET q_q; BOOL valid_info = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -462,7 +446,7 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, lsa_io_q_query_secret("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_QUERYSECRET, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_QUERYSECRET, &buf, &rbuf)) { LSA_R_QUERY_SECRET r_q; BOOL p; @@ -481,11 +465,19 @@ BOOL lsa_query_secret(POLICY_HND *hnd, STRING2 *secret, (r_q.info.value.ptr_secret != 0) && (r_q.info.ptr_update != 0)) { + uchar sess_key[16]; STRING2 enc_secret; memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2)); memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME)); + if (!cli_get_usr_sesskey(hnd, sess_key)) + { + return False; + } +#ifdef DEBUG_PASSWORD + dump_data(100, sess_key, 16); +#endif valid_info = nt_decrypt_string2(secret, &enc_secret, - (char*)(cli->usr.pwd.smb_nt_pwd)); + sess_key); } } @@ -511,14 +503,6 @@ BOOL lsa_lookup_names( POLICY_HND *hnd, LSA_Q_LOOKUP_NAMES q_l; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -535,7 +519,7 @@ BOOL lsa_lookup_names( POLICY_HND *hnd, lsa_io_q_lookup_names("", &q_l, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPNAMES, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { LSA_R_LOOKUP_NAMES r_l; DOM_R_REF ref; @@ -650,14 +634,6 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd, LSA_Q_LOOKUP_SIDS q_l; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - ZERO_STRUCT(q_l); if (hnd == NULL || num_sids == 0 || sids == NULL) return False; @@ -689,7 +665,7 @@ BOOL lsa_lookup_sids(POLICY_HND *hnd, lsa_io_q_lookup_sids("", &q_l, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_LOOKUPSIDS, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -803,14 +779,6 @@ BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class, LSA_Q_QUERY_INFO q_q; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - ZERO_STRUCTP(domain_sid); domain_name[0] = 0; @@ -830,7 +798,7 @@ BOOL lsa_query_info_pol(POLICY_HND *hnd, uint16 info_class, lsa_io_q_query("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_QUERYINFOPOLICY, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_QUERYINFOPOLICY, &buf, &rbuf)) { LSA_R_QUERY_INFO r_q; BOOL p; @@ -920,14 +888,6 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, LSA_Q_ENUM_TRUST_DOM q_q; BOOL valid_response = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL || num_doms == NULL || names == NULL) return False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); @@ -935,7 +895,7 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, /* create and send a MSRPC command with api LSA_ENUMTRUSTDOM */ - DEBUG(4,("LSA Query Info Policy\n")); + DEBUG(4,("LSA Enum Trusted Domains\n")); /* store the parameters */ make_q_enum_trust_dom(&q_q, hnd, *enum_ctx, 0xffffffff); @@ -944,7 +904,7 @@ BOOL lsa_enum_trust_dom(POLICY_HND *hnd, uint32 *enum_ctx, lsa_io_q_enum_trust_dom("", &q_q, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_ENUMTRUSTDOM, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_ENUMTRUSTDOM, &buf, &rbuf)) { LSA_R_ENUM_TRUST_DOM r_q; BOOL p; @@ -1002,14 +962,6 @@ BOOL lsa_close(POLICY_HND *hnd) LSA_Q_CLOSE q_c; BOOL valid_close = False; - struct cli_state *cli = NULL; - uint16 fnum = 0xffff; - - if (!cli_state_get(hnd, &cli, &fnum)) - { - return False; - } - if (hnd == NULL) return False; /* create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -1026,7 +978,7 @@ BOOL lsa_close(POLICY_HND *hnd) lsa_io_q_close("", &q_c, &buf, 0); /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, fnum, LSA_CLOSE, &buf, &rbuf)) + if (rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { LSA_R_CLOSE r_c; BOOL p; @@ -1070,4 +1022,3 @@ BOOL lsa_close(POLICY_HND *hnd) return valid_close; } - |