From f28f113d8e76824b080359c90efd9c92de533740 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Mar 2009 21:27:58 +1100 Subject: Rework Samba3 to use new libcli/auth code (partial) This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett --- libcli/auth/credentials.h | 43 +++++++++++++++++++++++++++++++++++++++++-- libcli/auth/libcli_auth.h | 3 +++ libcli/auth/ntlm_check.c | 1 - 3 files changed, 44 insertions(+), 3 deletions(-) (limited to 'libcli/auth') diff --git a/libcli/auth/credentials.h b/libcli/auth/credentials.h index 4e11cb090f..a3dd363064 100644 --- a/libcli/auth/credentials.h +++ b/libcli/auth/credentials.h @@ -35,12 +35,51 @@ struct creds_CredentialState { struct dom_sid *sid; }; -/* for the timebeing, use the same neg flags as Samba3. */ /* The 7 here seems to be required to get Win2k not to downgrade us to NT4. Actually, anything other than 1ff would seem to do... */ -#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff +#define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff +/* + (NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_DNS_DOMAIN_TRUSTS | + NETLOGON_NEG_PASSWORD_SET2 | + NETLOGON_NEG_GETDOMAININFO) +*/ +#define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT 0x2010b000 /* these are the flags that ADS clients use */ +/* + (NETLOGON_NEG_ACCOUNT_LOCKOUT | + NETLOGON_NEG_PERSISTENT_SAMREPL | + NETLOGON_NEG_ARCFOUR | + NETLOGON_NEG_PROMOTION_COUNT | + NETLOGON_NEG_CHANGELOG_BDC | + NETLOGON_NEG_FULL_SYNC_REPL | + NETLOGON_NEG_MULTIPLE_SIDS | + NETLOGON_NEG_REDO | + NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | + NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | + NETLOGON_NEG_GENERIC_PASSTHROUGH | + NETLOGON_NEG_CONCURRENT_RPC | + NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | + NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | + NETLOGON_NEG_128BIT | + NETLOGON_NEG_TRANSITIVE_TRUSTS | + NETLOGON_NEG_DNS_DOMAIN_TRUSTS | + NETLOGON_NEG_PASSWORD_SET2 | + NETLOGON_NEG_GETDOMAININFO | + NETLOGON_NEG_CROSS_FOREST_TRUSTS | + NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | + NETLOGON_NEG_SCHANNEL) +*/ + #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) diff --git a/libcli/auth/libcli_auth.h b/libcli/auth/libcli_auth.h index ec1c1e7d98..f278ee539e 100644 --- a/libcli/auth/libcli_auth.h +++ b/libcli/auth/libcli_auth.h @@ -18,7 +18,10 @@ #define __LIBCLI_AUTH_H__ #include "librpc/gen_ndr/netlogon.h" +#include "librpc/gen_ndr/wkssvc.h" #include "libcli/auth/credentials.h" +#include "libcli/auth/ntlm_check.h" #include "libcli/auth/proto.h" +#include "libcli/auth/msrpc_parse.h" #endif /* __LIBCLI_AUTH_H__ */ diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 0805b1b043..5ad03cfe12 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -23,7 +23,6 @@ #include "../lib/crypto/crypto.h" #include "librpc/gen_ndr/netlogon.h" #include "libcli/auth/libcli_auth.h" -#include "auth/ntlm/ntlm_check.h" /**************************************************************************** Core of smb password checking routine. -- cgit