From 5095d7b1c84e7e37f553867d699a1983f74d4314 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 6 Apr 2009 22:54:44 +1000 Subject: Rework Samba4 to use the new common libcli/auth code In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett --- source4/torture/rpc/samba3rpc.c | 51 ++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 23 deletions(-) (limited to 'source4/torture/rpc/samba3rpc.c') diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index fe128fea52..e31135c0de 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -904,7 +904,7 @@ static bool auth2(struct smbcli_state *cli, struct netr_Credential netr_srv_creds; uint32_t negotiate_flags; struct netr_ServerAuthenticate2 a; - struct creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState *creds_state; struct netr_Credential netr_cred; struct samr_Password mach_pw; @@ -958,11 +958,6 @@ static bool auth2(struct smbcli_state *cli, negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; E_md4hash(cli_credentials_get_password(wks_cred), mach_pw.hash); - creds_state = talloc(mem_ctx, struct creds_CredentialState); - creds_client_init(creds_state, r.in.credentials, - r.out.return_credentials, &mach_pw, - &netr_cred, negotiate_flags); - a.in.server_name = talloc_asprintf( mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe)); a.in.account_name = talloc_asprintf( @@ -974,6 +969,13 @@ static bool auth2(struct smbcli_state *cli, a.in.credentials = &netr_cred; a.out.return_credentials = &netr_cred; + creds_state = netlogon_creds_client_init(mem_ctx, + a.in.account_name, + a.in.computer_name, + r.in.credentials, + r.out.return_credentials, &mach_pw, + &netr_cred, negotiate_flags); + status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a); if (!NT_STATUS_IS_OK(status)) { d_printf("netr_ServerServerAuthenticate2 failed: %s\n", @@ -981,7 +983,7 @@ static bool auth2(struct smbcli_state *cli, goto done; } - if (!creds_client_check(creds_state, a.out.return_credentials)) { + if (!netlogon_creds_client_check(creds_state, a.out.return_credentials)) { d_printf("creds_client_check failed\n"); goto done; } @@ -1054,7 +1056,7 @@ static bool schan(struct smbcli_state *cli, for (i=2; i<4; i++) { int flags; DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key; - struct creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState *creds_state; struct netr_Authenticator netr_auth, netr_auth2; struct netr_NetworkInfo ninfo; struct netr_PasswordInfo pinfo; @@ -1088,7 +1090,7 @@ static bool schan(struct smbcli_state *cli, } creds_state = cli_credentials_get_netlogon_creds(wks_creds); - creds_client_authenticator(creds_state, &netr_auth); + netlogon_creds_client_authenticator(creds_state, &netr_auth); ninfo.identity_info.account_name.string = cli_credentials_get_username(user_creds); @@ -1129,13 +1131,13 @@ static bool schan(struct smbcli_state *cli, } if ((r.out.return_authenticator == NULL) || - (!creds_client_check(creds_state, + (!netlogon_creds_client_check(creds_state, &r.out.return_authenticator->cred))) { d_printf("Credentials check failed!\n"); goto done; } - creds_client_authenticator(creds_state, &netr_auth); + netlogon_creds_client_authenticator(creds_state, &netr_auth); pinfo.identity_info = ninfo.identity_info; ZERO_STRUCT(pinfo.lmpassword.hash); @@ -1161,7 +1163,7 @@ static bool schan(struct smbcli_state *cli, } if ((r.out.return_authenticator == NULL) || - (!creds_client_check(creds_state, + (!netlogon_creds_client_check(creds_state, &r.out.return_authenticator->cred))) { d_printf("Credentials check failed!\n"); goto done; @@ -1171,7 +1173,7 @@ static bool schan(struct smbcli_state *cli, { struct netr_ServerPasswordSet s; char *password = generate_random_str(wks_creds, 8); - struct creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState *creds_state; struct netr_Authenticator credential, return_authenticator; struct samr_Password new_password; @@ -1188,8 +1190,8 @@ static bool schan(struct smbcli_state *cli, E_md4hash(password, new_password.hash); creds_state = cli_credentials_get_netlogon_creds(wks_creds); - creds_des_encrypt(creds_state, &new_password); - creds_client_authenticator(creds_state, &credential); + netlogon_creds_des_encrypt(creds_state, &new_password); + netlogon_creds_client_authenticator(creds_state, &credential); status = dcerpc_netr_ServerPasswordSet(net_pipe, mem_ctx, &s); if (!NT_STATUS_IS_OK(status)) { @@ -1197,8 +1199,8 @@ static bool schan(struct smbcli_state *cli, goto done; } - if (!creds_client_check(creds_state, - &s.out.return_authenticator->cred)) { + if (!netlogon_creds_client_check(creds_state, + &s.out.return_authenticator->cred)) { printf("Credential chaining failed\n"); } @@ -2088,7 +2090,7 @@ bool torture_samba3_rpc_randomauth2(struct torture_context *torture) struct netr_Credential netr_srv_creds; uint32_t negotiate_flags; struct netr_ServerAuthenticate2 a; - struct creds_CredentialState *creds_state; + struct netlogon_creds_CredentialState *creds_state; struct netr_Credential netr_cred; struct samr_Password mach_pw; struct smbcli_state *cli; @@ -2155,11 +2157,6 @@ bool torture_samba3_rpc_randomauth2(struct torture_context *torture) negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS; E_md4hash("foobar", mach_pw.hash); - creds_state = talloc(mem_ctx, struct creds_CredentialState); - creds_client_init(creds_state, r.in.credentials, - r.out.return_credentials, &mach_pw, - &netr_cred, negotiate_flags); - a.in.server_name = talloc_asprintf( mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe)); a.in.account_name = talloc_asprintf( @@ -2171,6 +2168,14 @@ bool torture_samba3_rpc_randomauth2(struct torture_context *torture) a.in.credentials = &netr_cred; a.out.return_credentials = &netr_cred; + creds_state = netlogon_creds_client_init(mem_ctx, + a.in.account_name, + a.in.computer_name, + r.in.credentials, + r.out.return_credentials, &mach_pw, + &netr_cred, negotiate_flags); + + status = dcerpc_netr_ServerAuthenticate2(net_pipe, mem_ctx, &a); if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_TRUST_SAM_ACCOUNT)) { -- cgit