From 6c8f7e400540421320e3cbd80f7e1a9551dfed14 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 17 Mar 2009 14:03:02 +1100 Subject: Port Samba4 to the new combined libcli/auth functions For example, some of the new shared functionality was previously in the wkssvc torture test. Andrew Bartlett --- libcli/auth/config.mk | 5 +++++ libcli/auth/smbencrypt.c | 2 +- source4/auth/ntlm/auth_sam.c | 2 +- source4/auth/ntlm/config.mk | 5 ----- source4/torture/rpc/wkssvc.c | 45 ++++---------------------------------------- source4/utils/ntlm_auth.c | 1 - 6 files changed, 11 insertions(+), 49 deletions(-) diff --git a/libcli/auth/config.mk b/libcli/auth/config.mk index 0d440c0f66..5428f04433 100644 --- a/libcli/auth/config.mk +++ b/libcli/auth/config.mk @@ -1,3 +1,8 @@ +[SUBSYSTEM::ntlm_check] +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL + +ntlm_check_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, ntlm_check.o) + [SUBSYSTEM::MSRPC_PARSE] MSRPC_PARSE_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/auth/, msrpc_parse.o) diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c index bcb40acda1..f5a73feadc 100644 --- a/libcli/auth/smbencrypt.c +++ b/libcli/auth/smbencrypt.c @@ -538,7 +538,7 @@ bool encode_pw_buffer(uint8_t buffer[516], const char *password, int string_flag /* the incoming buffer can be any alignment. */ string_flags |= STR_NOALIGN; - new_pw_len = push_string(new_pw, new_pw, + new_pw_len = push_string(new_pw, password, sizeof(new_pw), string_flags); diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 96a13d5ed9..2b9b92812c 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -25,7 +25,7 @@ #include "lib/ldb/include/ldb.h" #include "../lib/util/util_ldb.h" #include "auth/auth.h" -#include "auth/ntlm/ntlm_check.h" +#include "../libcli/auth/ntlm_check.h" #include "auth/ntlm/auth_proto.h" #include "auth/auth_sam.h" #include "dsdb/samdb/samdb.h" diff --git a/source4/auth/ntlm/config.mk b/source4/auth/ntlm/config.mk index 668c528ea9..a9ae18e7c2 100644 --- a/source4/auth/ntlm/config.mk +++ b/source4/auth/ntlm/config.mk @@ -1,10 +1,5 @@ # NTLM auth server subsystem -[SUBSYSTEM::ntlm_check] -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL - -ntlm_check_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, ntlm_check.o) - ####################### # Start MODULE auth_sam [MODULE::auth_sam_module] diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c index 3c34229dff..06b1d05ee4 100644 --- a/source4/torture/rpc/wkssvc.c +++ b/source4/torture/rpc/wkssvc.c @@ -1148,43 +1148,6 @@ static bool test_NetrJoinDomain(struct torture_context *tctx, return true; } -/* encode a wkssvc_PasswordBuffer for remote joining/unjoining: - * - * similar to samr_CryptPasswordEx. Different: 8byte confounder (instead of - * 16byte), confounder in front of the 516 byte buffer (instead of after that - * buffer), calling MD5Update() first with session_key and then with confounder - * (vice versa in samr) - Guenther */ - -static void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx, - const char *pwd, - DATA_BLOB *session_key, - struct wkssvc_PasswordBuffer *pwd_buf) -{ - uint8_t buffer[516]; - struct MD5Context ctx; - - DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16); - - int confounder_len = 8; - uint8_t confounder[8]; - - encode_pw_buffer(buffer, pwd, STR_UNICODE); - - generate_random_buffer((uint8_t *)confounder, confounder_len); - - MD5Init(&ctx); - MD5Update(&ctx, session_key->data, session_key->length); - MD5Update(&ctx, confounder, confounder_len); - MD5Final(confounded_session_key.data, &ctx); - - arcfour_crypt_blob(buffer, 516, &confounded_session_key); - - memcpy(&pwd_buf->data[0], confounder, confounder_len); - memcpy(&pwd_buf->data[8], buffer, 516); - - data_blob_free(&confounded_session_key); -} - /* * prerequisites for remotely joining an unjoined XP SP2 workstation: * - firewall needs to be disabled (or open for ncacn_np access) @@ -1202,7 +1165,7 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx, const char *domain_admin_account = NULL; const char *domain_admin_password = NULL; const char *domain_name = NULL; - struct wkssvc_PasswordBuffer pwd_buf; + struct wkssvc_PasswordBuffer *pwd_buf; enum wkssvc_NetJoinStatus join_status; const char *join_name = NULL; WERROR expected_err; @@ -1253,7 +1216,7 @@ static bool test_NetrJoinDomain2(struct torture_context *tctx, r.in.domain_name = domain_name; r.in.account_ou = NULL; r.in.admin_account = domain_admin_account; - r.in.encrypted_password = &pwd_buf; + r.in.encrypted_password = pwd_buf; r.in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; @@ -1286,7 +1249,7 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx, struct wkssvc_NetrUnjoinDomain2 r; const char *domain_admin_account = NULL; const char *domain_admin_password = NULL; - struct wkssvc_PasswordBuffer pwd_buf; + struct wkssvc_PasswordBuffer *pwd_buf; enum wkssvc_NetJoinStatus join_status; const char *join_name = NULL; WERROR expected_err; @@ -1332,7 +1295,7 @@ static bool test_NetrUnjoinDomain2(struct torture_context *tctx, r.in.server_name = dcerpc_server_name(p); r.in.account = domain_admin_account; - r.in.encrypted_password = &pwd_buf; + r.in.encrypted_password = pwd_buf; r.in.unjoin_flags = 0; torture_comment(tctx, "testing NetrUnjoinDomain2 (assuming non-DC)\n"); diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index 2c6f353252..1c9eabe09a 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -30,7 +30,6 @@ #include "auth/auth.h" #include "librpc/gen_ndr/ndr_netlogon.h" #include "auth/auth_sam.h" -#include "auth/ntlm/ntlm_check.h" #include "libcli/auth/libcli_auth.h" #include "libcli/security/security.h" #include "lib/events/events.h" -- cgit