1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Remove the "pwd" struct from rpc_pipe_client

The only user of this was decrypt_trustdom_secret, and this only needs the NT
hash anyway.
This commit is contained in:
Volker Lendecke 2008-04-21 08:01:51 +02:00 committed by Günther Deschner
parent 8a5fadf6a1
commit 3d8c2a47e6
5 changed files with 49 additions and 20 deletions

View File

@ -73,7 +73,6 @@ struct rpc_pipe_client {
char *domain;
char *user_name;
struct pwd_info pwd;
uint16 max_xmit_frag;
uint16 max_recv_frag;

View File

@ -630,27 +630,23 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi
}
/* Decrypts password-blob with session-key
* @param pass password for session-key
* @param nt_hash NT hash for the session key
* @param data_in DATA_BLOB encrypted password
*
* Returns cleartext password in CH_UNIX
* Caller must free the returned string
*/
char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in)
{
DATA_BLOB data_out, sess_key;
uchar nt_hash[16];
uint32_t length;
uint32_t version;
fstring cleartextpwd;
if (!data_in || !pass)
if (!data_in || !nt_hash)
return NULL;
/* generate md4 password-hash derived from the NT UNICODE password */
E_md4hash(pass, nt_hash);
/* hashed twice with md4 */
mdfour(nt_hash, nt_hash, 16);

View File

@ -2139,6 +2139,18 @@ bool rpccli_is_pipe_idx(struct rpc_pipe_client *cli, int pipe_idx)
return (cli->abstract_syntax == pipe_names[pipe_idx].abstr_syntax);
}
bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16])
{
if (!((cli->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP)
|| (cli->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
E_md4hash(cli->cli->pwd.password, nt_hash);
return true;
}
memcpy(nt_hash, cli->auth.a_u.ntlmssp_state->nt_hash, 16);
return true;
}
struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p)
{
return p->cli;
@ -2337,8 +2349,6 @@ static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_sta
goto err;
}
pwd_set_cleartext(&result->pwd, password);
*perr = ntlmssp_client_start(&ntlmssp_state);
if (!NT_STATUS_IS_OK(*perr)) {
goto err;

View File

@ -948,7 +948,8 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
return result;
}
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password)
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
uint8_t nt_hash[16])
{
char *pwd, *pwd_old;
@ -958,8 +959,8 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, cons
memcpy(data.data, p->password->data, p->password->length);
memcpy(data_old.data, p->old_password->data, p->old_password->length);
pwd = decrypt_trustdom_secret(password, &data);
pwd_old = decrypt_trustdom_secret(password, &data_old);
pwd = decrypt_trustdom_secret(nt_hash, &data);
pwd_old = decrypt_trustdom_secret(nt_hash, &data_old);
d_printf("Password:\t%s\n", pwd);
d_printf("Old Password:\t%s\n", pwd_old);
@ -974,11 +975,11 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, cons
static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
union lsa_TrustedDomainInfo *info,
enum lsa_TrustDomInfoEnum info_class,
const char *pass)
uint8_t nt_hash[16])
{
switch (info_class) {
case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
display_trust_dom_info_4(&info->password, pass);
display_trust_dom_info_4(&info->password, nt_hash);
break;
default: {
const char *str = NULL;
@ -1003,6 +1004,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
@ -1028,7 +1030,12 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
if (!NT_STATUS_IS_OK(result))
goto done;
display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
d_fprintf(stderr, "Could not get pwd hash\n");
goto done;
}
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);
@ -1046,6 +1053,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
struct lsa_String trusted_domain;
uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [name] [info_class]\n", argv[0]);
@ -1070,7 +1078,12 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
if (!NT_STATUS_IS_OK(result))
goto done;
display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
d_fprintf(stderr, "Could not get pwd hash\n");
goto done;
}
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);
@ -1088,6 +1101,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
union lsa_TrustedDomainInfo *info = NULL;
DOM_SID dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
uint8_t nt_hash[16];
if (argc > 3 || argc < 2) {
printf("Usage: %s [sid] [info_class]\n", argv[0]);
@ -1123,7 +1137,12 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
if (!NT_STATUS_IS_OK(result))
goto done;
display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
d_fprintf(stderr, "Could not get pwd hash\n");
goto done;
}
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
done:
rpccli_lsa_Close(cli, mem_ctx, &pol);

View File

@ -5929,6 +5929,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
NTSTATUS nt_status;
union lsa_TrustedDomainInfo *info = NULL;
char *cleartextpwd = NULL;
uint8_t nt_hash[16];
DATA_BLOB data;
nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
@ -5945,8 +5946,12 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
data = data_blob(info->password.password->data,
info->password.password->length);
cleartextpwd = decrypt_trustdom_secret(
rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data);
if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
DEBUG(0, ("Could not retrieve password hash\n"));
goto done;
}
cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
if (cleartextpwd == NULL) {
DEBUG(0,("retrieved NULL password\n"));