From dce84ffd379012812170f68f7de8aab73123f0b3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 9 May 2004 12:42:18 +0000
Subject: r610:  - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to
 Samba4.   - This required using NETLOGON_NEG_AUTH2_FLAGS for the    
 SetupCredentials2 negotiation flags, which is what Samba3 does,     because
 otherwise the server uses different crypto.   - This tests the returned
 session keys, which we decrypt.

 - Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
   most places.

 - Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
   available.

 - Remove a useless argument to SMBsesskeygen_ntv1

 - move netr_CredentialState from the .idl to the new credentials.h

Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
---
 source4/librpc/idl/netlogon.idl      |  8 --------
 source4/librpc/rpc/dcerpc.h          |  2 +-
 source4/librpc/rpc/dcerpc_ntlm.c     |  8 ++++----
 source4/librpc/rpc/dcerpc_schannel.c |  4 ++--
 source4/librpc/rpc/dcerpc_util.c     | 26 ++++++++++----------------
 5 files changed, 17 insertions(+), 31 deletions(-)

(limited to 'source4/librpc')

diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 399bd6c543..24961aa362 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -68,14 +68,6 @@ interface netlogon
 		uint8 data[8];
 	} netr_Credential;
 
-	typedef [flag(NDR_PAHEX)] struct {
-		uint8 session_key[8];
-		uint32 sequence;
-		netr_Credential seed;
-		netr_Credential client;
-		netr_Credential server;
-	} netr_CredentialState;
-
 	typedef struct {
 		[value(strlen_m(r->string)*2)] uint16 size;
 		[value(r->size)]               uint16 length;
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index c79d14bec0..5c7f01c658 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -35,7 +35,7 @@ struct dcerpc_security {
 				 uchar *data, size_t length, DATA_BLOB *sig);
 	NTSTATUS (*sign_packet)(struct dcerpc_security *, 
 				const uchar *data, size_t length, DATA_BLOB *sig);
-	NTSTATUS (*session_key)(struct dcerpc_security *, uint8 session_key[16]);
+	NTSTATUS (*session_key)(struct dcerpc_security *, DATA_BLOB *session_key);
 	void (*security_end)(struct dcerpc_security *);
 };
 
diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c
index 194b1aa865..fa4232c94a 100644
--- a/source4/librpc/rpc/dcerpc_ntlm.c
+++ b/source4/librpc/rpc/dcerpc_ntlm.c
@@ -57,13 +57,13 @@ static NTSTATUS ntlm_sign_packet(struct dcerpc_security *dcerpc_security,
 }
 
 static NTSTATUS ntlm_session_key(struct dcerpc_security *dcerpc_security, 
-				 uint8 session_key[16])
+				 DATA_BLOB *session_key)
 {
 	struct ntlmssp_state *ntlmssp_state = dcerpc_security->private;
-	if (!ntlmssp_state || ntlmssp_state->session_key.length < 16) {
-		return NT_STATUS_UNSUCCESSFUL;
+	if (!ntlmssp_state->session_key.data) {
+		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
-	memcpy(session_key, ntlmssp_state->session_key.data, 16);
+	*session_key = ntlmssp_state->session_key;
 	return NT_STATUS_OK;
 }
 
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 504c8dfd6f..a88d3c1b3e 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -57,7 +57,7 @@ static NTSTATUS schan_sign_packet(struct dcerpc_security *dcerpc_security,
 }
 
 static NTSTATUS schan_session_key(struct dcerpc_security *dcerpc_security, 
-				  uint8 session_key[16])
+				  DATA_BLOB *session_key)
 {
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
@@ -84,7 +84,7 @@ NTSTATUS dcerpc_schannel_key(struct dcerpc_pipe *p,
 	struct netr_ServerReqChallenge r;
 	struct netr_ServerAuthenticate2 a;
 	uint8 mach_pwd[16];
-	struct netr_CredentialState creds;
+	struct creds_CredentialState creds;
 	const char *workgroup, *workstation;
 	uint32 negotiate_flags = 0;
 
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 0e045e0033..dce325d7e1 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -673,27 +673,21 @@ NTSTATUS dcerpc_secondary_smb(struct dcerpc_pipe *p, struct dcerpc_pipe **p2,
   only works for the ncacn_np transport
 */
 NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
-				  uint8 session_key[16])
+				  DATA_BLOB *session_key)
 {
 	struct cli_tree *tree;
 
-	memset(session_key, 0, 16);
-
+	if (p->security_state) {
+		return p->security_state->session_key(p->security_state, session_key);
+	}
+	
 	tree = dcerpc_smb_tree(p);
 	if (tree) {
-		memcpy(session_key, 
-		       tree->session->transport->negotiate.user_session_key,
-		       16);
-	}
-
-	if (p->security_state) {
-		NTSTATUS status;
-
-		status = p->security_state->session_key(p->security_state, session_key);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
+		if (tree->session->user_session_key.data) {
+			*session_key = tree->session->user_session_key;
+			return NT_STATUS_OK;
 		}
 	}
-	
-	return NT_STATUS_OK;
+
+	return NT_STATUS_NO_USER_SESSION_KEY;
 }
-- 
cgit