From f28f113d8e76824b080359c90efd9c92de533740 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 16 Mar 2009 21:27:58 +1100 Subject: Rework Samba3 to use new libcli/auth code (partial) This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett --- source3/utils/net_rpc.c | 9 ++++++--- source3/utils/net_rpc_join.c | 1 + source3/utils/ntlm_auth.c | 5 +++-- source3/utils/ntlm_auth_diagnostics.c | 11 ++++++----- 4 files changed, 16 insertions(+), 10 deletions(-) (limited to 'source3/utils') diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 21881ba6a9..2651a8d034 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -22,6 +22,7 @@ #include "includes.h" #include "utils/net.h" +#include "../libcli/auth/libcli_auth.h" static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); @@ -5738,7 +5739,8 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, NTSTATUS nt_status; union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; - uint8_t nt_hash[16]; + uint8_t session_key[16]; + DATA_BLOB session_key_blob; DATA_BLOB data; nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx, @@ -5755,12 +5757,13 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, data = data_blob(info->password.password->data, info->password.password->length); - if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) { + if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) { DEBUG(0, ("Could not retrieve password hash\n")); goto done; } - cleartextpwd = decrypt_trustdom_secret(nt_hash, &data); + session_key_blob = data_blob_const(session_key, sizeof(session_key)); + cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n")); diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 7f3515ce75..58d6cdc5af 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -20,6 +20,7 @@ #include "includes.h" #include "utils/net.h" +#include "../libcli/auth/libcli_auth.h" /* Macro for checking RPC error codes to make things more readable */ diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index e8bd9fbd2b..838aaf5216 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -25,6 +25,7 @@ #include "includes.h" #include "utils/ntlm_auth.h" +#include "../libcli/auth/libcli_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -1977,7 +1978,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state, encode_pw_buffer(new_lm_pswd.data, newpswd, STR_UNICODE); - SamOEMhash(new_lm_pswd.data, old_nt_hash, 516); + arcfour_crypt(new_lm_pswd.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_lm_hash, old_lm_hash_enc.data); } else { @@ -1990,7 +1991,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state, encode_pw_buffer(new_nt_pswd.data, newpswd, STR_UNICODE); - SamOEMhash(new_nt_pswd.data, old_nt_hash, 516); + arcfour_crypt(new_nt_pswd.data, old_nt_hash, 516); E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.data); } diff --git a/source3/utils/ntlm_auth_diagnostics.c b/source3/utils/ntlm_auth_diagnostics.c index cea4b084f7..0178823801 100644 --- a/source3/utils/ntlm_auth_diagnostics.c +++ b/source3/utils/ntlm_auth_diagnostics.c @@ -23,6 +23,7 @@ #include "includes.h" #include "utils/ntlm_auth.h" +#include "../libcli/auth/libcli_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -72,7 +73,7 @@ static bool test_lm_ntlm_broken(enum ntlm_break break_which) SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); - SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + SMBsesskeygen_ntv1(nt_hash, session_key.data); switch (break_which) { case BREAK_NONE: @@ -257,7 +258,7 @@ static bool test_ntlm_in_both(void) SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); - SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data); + SMBsesskeygen_ntv1(nt_hash, session_key.data); E_deshash(opt_password, lm_hash); @@ -316,7 +317,7 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which) DATA_BLOB ntlmv2_response = data_blob_null; DATA_BLOB lmv2_response = data_blob_null; DATA_BLOB ntlmv2_session_key = data_blob_null; - DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain()); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(NULL, get_winbind_netbios_name(), get_winbind_domain()); uchar user_session_key[16]; DATA_BLOB chall = get_challenge(); @@ -326,9 +327,9 @@ static bool test_lmv2_ntlmv2_broken(enum ntlm_break break_which) flags |= WBFLAG_PAM_USER_SESSION_KEY; - if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall, + if (!SMBNTLMv2encrypt(NULL, opt_username, opt_domain, opt_password, &chall, &names_blob, - &lmv2_response, &ntlmv2_response, + &lmv2_response, &ntlmv2_response, NULL, &ntlmv2_session_key)) { data_blob_free(&names_blob); return False; -- cgit