mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Remove the "pwd" struct from rpc_pipe_client
The only user of this was decrypt_trustdom_secret, and this only needs the NT hash anyway.
This commit is contained in:
parent
8a5fadf6a1
commit
3d8c2a47e6
@ -73,7 +73,6 @@ struct rpc_pipe_client {
|
||||
|
||||
char *domain;
|
||||
char *user_name;
|
||||
struct pwd_info pwd;
|
||||
|
||||
uint16 max_xmit_frag;
|
||||
uint16 max_recv_frag;
|
||||
|
@ -630,27 +630,23 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi
|
||||
}
|
||||
|
||||
/* Decrypts password-blob with session-key
|
||||
* @param pass password for session-key
|
||||
* @param nt_hash NT hash for the session key
|
||||
* @param data_in DATA_BLOB encrypted password
|
||||
*
|
||||
* Returns cleartext password in CH_UNIX
|
||||
* Caller must free the returned string
|
||||
*/
|
||||
|
||||
char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
|
||||
char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in)
|
||||
{
|
||||
DATA_BLOB data_out, sess_key;
|
||||
uchar nt_hash[16];
|
||||
uint32_t length;
|
||||
uint32_t version;
|
||||
fstring cleartextpwd;
|
||||
|
||||
if (!data_in || !pass)
|
||||
if (!data_in || !nt_hash)
|
||||
return NULL;
|
||||
|
||||
/* generate md4 password-hash derived from the NT UNICODE password */
|
||||
E_md4hash(pass, nt_hash);
|
||||
|
||||
/* hashed twice with md4 */
|
||||
mdfour(nt_hash, nt_hash, 16);
|
||||
|
||||
|
@ -2139,6 +2139,18 @@ bool rpccli_is_pipe_idx(struct rpc_pipe_client *cli, int pipe_idx)
|
||||
return (cli->abstract_syntax == pipe_names[pipe_idx].abstr_syntax);
|
||||
}
|
||||
|
||||
bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16])
|
||||
{
|
||||
if (!((cli->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP)
|
||||
|| (cli->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
|
||||
E_md4hash(cli->cli->pwd.password, nt_hash);
|
||||
return true;
|
||||
}
|
||||
|
||||
memcpy(nt_hash, cli->auth.a_u.ntlmssp_state->nt_hash, 16);
|
||||
return true;
|
||||
}
|
||||
|
||||
struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p)
|
||||
{
|
||||
return p->cli;
|
||||
@ -2337,8 +2349,6 @@ static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_sta
|
||||
goto err;
|
||||
}
|
||||
|
||||
pwd_set_cleartext(&result->pwd, password);
|
||||
|
||||
*perr = ntlmssp_client_start(&ntlmssp_state);
|
||||
if (!NT_STATUS_IS_OK(*perr)) {
|
||||
goto err;
|
||||
|
@ -948,7 +948,8 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password)
|
||||
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
|
||||
uint8_t nt_hash[16])
|
||||
{
|
||||
char *pwd, *pwd_old;
|
||||
|
||||
@ -958,8 +959,8 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, cons
|
||||
memcpy(data.data, p->password->data, p->password->length);
|
||||
memcpy(data_old.data, p->old_password->data, p->old_password->length);
|
||||
|
||||
pwd = decrypt_trustdom_secret(password, &data);
|
||||
pwd_old = decrypt_trustdom_secret(password, &data_old);
|
||||
pwd = decrypt_trustdom_secret(nt_hash, &data);
|
||||
pwd_old = decrypt_trustdom_secret(nt_hash, &data_old);
|
||||
|
||||
d_printf("Password:\t%s\n", pwd);
|
||||
d_printf("Old Password:\t%s\n", pwd_old);
|
||||
@ -974,11 +975,11 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, cons
|
||||
static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
|
||||
union lsa_TrustedDomainInfo *info,
|
||||
enum lsa_TrustDomInfoEnum info_class,
|
||||
const char *pass)
|
||||
uint8_t nt_hash[16])
|
||||
{
|
||||
switch (info_class) {
|
||||
case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
|
||||
display_trust_dom_info_4(&info->password, pass);
|
||||
display_trust_dom_info_4(&info->password, nt_hash);
|
||||
break;
|
||||
default: {
|
||||
const char *str = NULL;
|
||||
@ -1003,6 +1004,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
|
||||
uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
|
||||
union lsa_TrustedDomainInfo *info = NULL;
|
||||
enum lsa_TrustDomInfoEnum info_class = 1;
|
||||
uint8_t nt_hash[16];
|
||||
|
||||
if (argc > 3 || argc < 2) {
|
||||
printf("Usage: %s [sid] [info_class]\n", argv[0]);
|
||||
@ -1028,7 +1030,12 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
|
||||
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
|
||||
d_fprintf(stderr, "Could not get pwd hash\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
|
||||
|
||||
done:
|
||||
rpccli_lsa_Close(cli, mem_ctx, &pol);
|
||||
@ -1046,6 +1053,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
|
||||
union lsa_TrustedDomainInfo *info = NULL;
|
||||
enum lsa_TrustDomInfoEnum info_class = 1;
|
||||
struct lsa_String trusted_domain;
|
||||
uint8_t nt_hash[16];
|
||||
|
||||
if (argc > 3 || argc < 2) {
|
||||
printf("Usage: %s [name] [info_class]\n", argv[0]);
|
||||
@ -1070,7 +1078,12 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
|
||||
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
|
||||
d_fprintf(stderr, "Could not get pwd hash\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
|
||||
|
||||
done:
|
||||
rpccli_lsa_Close(cli, mem_ctx, &pol);
|
||||
@ -1088,6 +1101,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
|
||||
union lsa_TrustedDomainInfo *info = NULL;
|
||||
DOM_SID dom_sid;
|
||||
enum lsa_TrustDomInfoEnum info_class = 1;
|
||||
uint8_t nt_hash[16];
|
||||
|
||||
if (argc > 3 || argc < 2) {
|
||||
printf("Usage: %s [sid] [info_class]\n", argv[0]);
|
||||
@ -1123,7 +1137,12 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
goto done;
|
||||
|
||||
display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password);
|
||||
if (!rpccli_get_pwd_hash(cli, nt_hash)) {
|
||||
d_fprintf(stderr, "Could not get pwd hash\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
|
||||
|
||||
done:
|
||||
rpccli_lsa_Close(cli, mem_ctx, &pol);
|
||||
|
@ -5929,6 +5929,7 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
|
||||
NTSTATUS nt_status;
|
||||
union lsa_TrustedDomainInfo *info = NULL;
|
||||
char *cleartextpwd = NULL;
|
||||
uint8_t nt_hash[16];
|
||||
DATA_BLOB data;
|
||||
|
||||
nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx,
|
||||
@ -5945,8 +5946,12 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd,
|
||||
data = data_blob(info->password.password->data,
|
||||
info->password.password->length);
|
||||
|
||||
cleartextpwd = decrypt_trustdom_secret(
|
||||
rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data);
|
||||
if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) {
|
||||
DEBUG(0, ("Could not retrieve password hash\n"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
cleartextpwd = decrypt_trustdom_secret(nt_hash, &data);
|
||||
|
||||
if (cleartextpwd == NULL) {
|
||||
DEBUG(0,("retrieved NULL password\n"));
|
||||
|
Loading…
Reference in New Issue
Block a user