mirror of
https://github.com/samba-team/samba.git
synced 2025-08-04 08:22:08 +03:00
Make Samba3 use the new common libcli/auth code
This is particuarly in the netlogon client (but not server at this stage)
This commit is contained in:
Andrew Bartlett
@ -374,7 +374,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
|
||||
lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \
|
||||
lib/wins_srv.o \
|
||||
lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \
|
||||
lib/util_unistr.o ../lib/util/charset/util_unistr.c lib/util_file.o \
|
||||
lib/util_unistr.o lib/util_file.o \
|
||||
lib/util.o lib/util_sock.o lib/sock_exec.o lib/util_sec.o \
|
||||
lib/substitute.o lib/dbwrap_util.o \
|
||||
lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \
|
||||
@ -447,7 +447,7 @@ DCE_RPC_ERR_OBJ = ../librpc/rpc/dcerpc_error.o
|
||||
|
||||
LIBSMB_ERR_OBJ0 = $(NTERR_OBJ) $(DOSERR_OBJ) $(ERRORMAP_OBJ) $(DCE_RPC_ERR_OBJ)
|
||||
|
||||
LIBSMB_ERR_OBJ1 = ../libcli/auth/smbdes.o ../libcli/auth/smbencrypt.o ../libcli/auth/msrpc_parse.o
|
||||
LIBSMB_ERR_OBJ1 = ../libcli/auth/smbdes.o ../libcli/auth/smbencrypt.o ../libcli/auth/msrpc_parse.o ../libcli/auth/session.o
|
||||
|
||||
LIBSMB_ERR_OBJ = $(LIBSMB_ERR_OBJ0) $(LIBSMB_ERR_OBJ1) \
|
||||
$(RPC_PARSE_OBJ1) \
|
||||
@ -930,7 +930,9 @@ LIBNET_OBJ = libnet/libnet_join.o \
|
||||
libnet/libnet_samsync_keytab.o \
|
||||
libnet/libnet_dssync.o \
|
||||
libnet/libnet_dssync_keytab.o \
|
||||
librpc/gen_ndr/ndr_libnet_join.o
|
||||
librpc/gen_ndr/ndr_libnet_join.o \
|
||||
../libcli/samsync/decrypt.o \
|
||||
../libcli/drsuapi/repl_decrypt.o
|
||||
|
||||
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
|
||||
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
|
||||
|
||||
@ -69,15 +69,13 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
|
||||
* rpccli_netlogon_sam_network_logon_ex can decrypt the session keys.
|
||||
*/
|
||||
|
||||
p->dc = talloc(p, struct dcinfo);
|
||||
p->dc = netlogon_creds_client_init_session_key(p, schannel_key);
|
||||
if (p->dc == NULL) {
|
||||
DEBUG(0, ("talloc failed\n"));
|
||||
TALLOC_FREE(p);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
memcpy(p->dc->sess_key, schannel_key, 16);
|
||||
|
||||
status = rpccli_netlogon_sam_network_logon_ex(
|
||||
p, p,
|
||||
user_info->logon_parameters,/* flags such as 'allow
|
||||
@ -257,7 +255,7 @@ static NTSTATUS check_netlogond_security(const struct auth_context *auth_context
|
||||
goto done;
|
||||
}
|
||||
|
||||
memcpy(schannel_key, p->dc->sess_key, 16);
|
||||
memcpy(schannel_key, p->dc->session_key, 16);
|
||||
secrets_store_local_schannel_key(schannel_key);
|
||||
|
||||
TALLOC_FREE(p);
|
||||
|
||||
@ -40,7 +40,9 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
|
||||
{
|
||||
uint32 acct_ctrl;
|
||||
const uint8 *lm_pw, *nt_pw;
|
||||
struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash;
|
||||
const char *username = pdb_get_username(sampass);
|
||||
bool got_lm = false, got_nt = false;
|
||||
|
||||
acct_ctrl = pdb_get_acct_ctrl(sampass);
|
||||
if (acct_ctrl & ACB_PWNOTREQ) {
|
||||
@ -55,14 +57,46 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
|
||||
|
||||
lm_pw = pdb_get_lanman_passwd(sampass);
|
||||
nt_pw = pdb_get_nt_passwd(sampass);
|
||||
|
||||
return ntlm_password_check(mem_ctx, &auth_context->challenge,
|
||||
if (lm_pw) {
|
||||
memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash));
|
||||
}
|
||||
if (nt_pw) {
|
||||
memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash));
|
||||
}
|
||||
if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
|
||||
memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash));
|
||||
got_lm = true;
|
||||
}
|
||||
if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
|
||||
memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash));
|
||||
got_nt = true;
|
||||
}
|
||||
if (got_lm || got_nt) {
|
||||
*user_sess_key = data_blob(mem_ctx, 16);
|
||||
if (!user_sess_key->data) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
|
||||
*lm_sess_key = data_blob(NULL, 0);
|
||||
return hash_password_check(mem_ctx, lp_lanman_auth(),
|
||||
got_lm ? &client_lm_hash : NULL,
|
||||
got_nt ? &client_nt_hash : NULL,
|
||||
username,
|
||||
lm_pw ? &lm_hash: NULL,
|
||||
nt_pw ? &nt_hash : NULL);
|
||||
} else {
|
||||
return ntlm_password_check(mem_ctx, lp_lanman_auth(),
|
||||
lp_ntlm_auth(),
|
||||
user_info->logon_parameters,
|
||||
&auth_context->challenge,
|
||||
&user_info->lm_resp, &user_info->nt_resp,
|
||||
&user_info->lm_interactive_pwd, &user_info->nt_interactive_pwd,
|
||||
username,
|
||||
user_info->smb_name,
|
||||
user_info->client_domain,
|
||||
lm_pw, nt_pw, user_sess_key, lm_sess_key);
|
||||
lm_pw ? &lm_hash: NULL,
|
||||
nt_pw ? &nt_hash : NULL,
|
||||
user_sess_key, lm_sess_key);
|
||||
}
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
||||
@ -132,8 +132,8 @@ struct rpc_pipe_client {
|
||||
|
||||
struct cli_pipe_auth_data *auth;
|
||||
|
||||
/* The following is only non-null on a netlogon pipe. */
|
||||
struct dcinfo *dc;
|
||||
/* The following is only non-null on a netlogon client pipe. */
|
||||
struct netlogon_creds_CredentialState *dc;
|
||||
|
||||
/* Used by internal rpc_pipe_client */
|
||||
pipes_struct *pipes_struct;
|
||||
|
||||
@ -68,11 +68,6 @@ enum NTLM_MESSAGE_TYPE
|
||||
#define NTLMSSP_FEATURE_SIGN 0x00000002
|
||||
#define NTLMSSP_FEATURE_SEAL 0x00000004
|
||||
|
||||
#define NTLMSSP_NAME_TYPE_SERVER 0x01
|
||||
#define NTLMSSP_NAME_TYPE_DOMAIN 0x02
|
||||
#define NTLMSSP_NAME_TYPE_SERVER_DNS 0x03
|
||||
#define NTLMSSP_NAME_TYPE_DOMAIN_DNS 0x04
|
||||
|
||||
#define NTLMSSP_SIG_SIZE 16
|
||||
|
||||
typedef struct ntlmssp_state
|
||||
|
||||
@ -5245,7 +5245,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
||||
const struct ndr_syntax_id *interface,
|
||||
enum pipe_auth_level auth_level,
|
||||
const char *domain,
|
||||
const struct dcinfo *pdc,
|
||||
struct netlogon_creds_CredentialState *pdc,
|
||||
struct rpc_pipe_client **presult);
|
||||
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
|
||||
const struct ndr_syntax_id *interface,
|
||||
|
||||
@ -1600,6 +1600,7 @@ size_t push_string_check_fn(const char *function, unsigned int line,
|
||||
return push_ascii(dest, src, dest_len, flags);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Copy a string from a char* src to a unicode or ascii
|
||||
dos codepage destination choosing unicode or ascii based on the
|
||||
@ -1641,6 +1642,43 @@ size_t push_string_base(const char *function, unsigned int line,
|
||||
return push_ascii(dest, src, dest_len, flags);
|
||||
}
|
||||
|
||||
/**
|
||||
Copy a string from a char* src to a unicode or ascii
|
||||
dos codepage destination choosing unicode or ascii based on the
|
||||
flags supplied
|
||||
Return the number of bytes occupied by the string in the destination.
|
||||
flags can have:
|
||||
STR_TERMINATE means include the null termination.
|
||||
STR_UPPER means uppercase in the destination.
|
||||
STR_ASCII use ascii even with unicode packet.
|
||||
STR_NOALIGN means don't do alignment.
|
||||
dest_len is the maximum length allowed in the destination. If dest_len
|
||||
is -1 then no maxiumum is used.
|
||||
**/
|
||||
|
||||
ssize_t push_string(void *dest, const char *src, size_t dest_len, int flags)
|
||||
{
|
||||
size_t ret;
|
||||
#ifdef DEVELOPER
|
||||
/* We really need to zero fill here, not clobber
|
||||
* region, as we want to ensure that valgrind thinks
|
||||
* all of the outgoing buffer has been written to
|
||||
* so a send() or write() won't trap an error.
|
||||
* JRA.
|
||||
*/
|
||||
memset(dest, '\0', dest_len);
|
||||
#endif
|
||||
|
||||
if (!(flags & STR_ASCII) && \
|
||||
(flags & STR_UNICODE)) {
|
||||
ret = push_ucs2(NULL, dest, src, dest_len, flags);
|
||||
}
|
||||
ret = push_ascii(dest, src, dest_len, flags);
|
||||
if (ret == (size_t)-1) {
|
||||
return -1;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
Copy a string from a unicode or ascii source (depending on
|
||||
|
||||
@ -33,7 +33,7 @@
|
||||
*/
|
||||
|
||||
static NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
|
||||
struct creds_CredentialState *creds,
|
||||
struct netlogon_creds_CredentialState *creds,
|
||||
enum netr_SamDatabaseID database_id,
|
||||
struct netr_DELTA_ENUM_ARRAY *r)
|
||||
{
|
||||
@ -206,7 +206,7 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx,
|
||||
do {
|
||||
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
|
||||
|
||||
creds_client_authenticator(ctx->cli->dc, &credential);
|
||||
netlogon_creds_client_authenticator(ctx->cli->dc, &credential);
|
||||
|
||||
if (ctx->single_object_replication &&
|
||||
!ctx->force_full_replication) {
|
||||
@ -247,7 +247,7 @@ static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
/* Check returned credentials. */
|
||||
if (!creds_client_check(ctx->cli->dc,
|
||||
if (!netlogon_creds_client_check(ctx->cli->dc,
|
||||
&return_authenticator.cred)) {
|
||||
DEBUG(0,("credentials chain check failed\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
@ -41,28 +41,19 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
struct netr_Credential clnt_chal_send;
|
||||
struct netr_Credential srv_chal_recv;
|
||||
struct netr_Credentials *dc;
|
||||
struct samr_Password password;
|
||||
bool retried = false;
|
||||
fstring mach_acct;
|
||||
|
||||
SMB_ASSERT(ndr_syntax_id_equal(&cli->abstract_syntax,
|
||||
&ndr_table_netlogon.syntax_id));
|
||||
|
||||
TALLOC_FREE(cli->dc);
|
||||
cli->dc = talloc_zero(cli, struct dcinfo);
|
||||
if (cli->dc == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
dc = cli->dc;
|
||||
|
||||
/* Store the machine account password we're going to use. */
|
||||
memcpy(dc->mach_pw, machine_pwd, 16);
|
||||
memcpy(password.hash, machine_pwd, 16);
|
||||
|
||||
fstrcpy(dc->remote_machine, "\\\\");
|
||||
fstrcat(dc->remote_machine, server_name);
|
||||
|
||||
fstrcpy(dc->domain, domain);
|
||||
|
||||
fstr_sprintf( dc->mach_acct, "%s$", machine_account);
|
||||
fstr_sprintf( mach_acct, "%s$", machine_account);
|
||||
|
||||
again:
|
||||
/* Create the client challenge. */
|
||||
@ -70,7 +61,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
|
||||
/* Get the server challenge. */
|
||||
result = rpccli_netr_ServerReqChallenge(cli, talloc_tos(),
|
||||
dc->remote_machine,
|
||||
cli->srv_name_slash,
|
||||
clnt_name,
|
||||
&clnt_chal_send,
|
||||
&srv_chal_recv);
|
||||
@ -79,22 +70,29 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
}
|
||||
|
||||
/* Calculate the session key and client credentials */
|
||||
creds_client_init(*neg_flags_inout,
|
||||
dc,
|
||||
|
||||
cli->dc = netlogon_creds_client_init(cli,
|
||||
clnt_name,
|
||||
machine_account,
|
||||
&clnt_chal_send,
|
||||
&srv_chal_recv,
|
||||
machine_pwd,
|
||||
&clnt_chal_send);
|
||||
&password,
|
||||
&clnt_chal_send,
|
||||
*neg_flags_inout);
|
||||
|
||||
if (!cli->dc) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/*
|
||||
* Send client auth-2 challenge and receive server repy.
|
||||
*/
|
||||
|
||||
result = rpccli_netr_ServerAuthenticate2(cli, talloc_tos(),
|
||||
dc->remote_machine,
|
||||
dc->mach_acct,
|
||||
cli->srv_name_slash,
|
||||
cli->dc->account_name,
|
||||
sec_chan_type,
|
||||
clnt_name,
|
||||
cli->dc->computer_name,
|
||||
&clnt_chal_send, /* input. */
|
||||
&srv_chal_recv, /* output. */
|
||||
neg_flags_inout);
|
||||
@ -103,7 +101,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
* with the returned neg_flags - gd */
|
||||
|
||||
if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && !retried) {
|
||||
retried = true;
|
||||
TALLOC_FREE(cli->dc);
|
||||
goto again;
|
||||
}
|
||||
|
||||
@ -116,7 +114,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
|
||||
* server received challenge.
|
||||
*/
|
||||
|
||||
if (!netlogon_creds_client_check(dc, &srv_chal_recv)) {
|
||||
if (!netlogon_creds_client_check(cli->dc, &srv_chal_recv)) {
|
||||
/*
|
||||
* Server replied with bad credential. Fail.
|
||||
*/
|
||||
@ -170,7 +168,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
|
||||
|
||||
/* Initialise input parameters */
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &clnt_creds);
|
||||
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
|
||||
|
||||
switch (logon_type) {
|
||||
case NetlogonInteractiveInformation: {
|
||||
@ -180,43 +178,20 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
|
||||
struct samr_Password lmpassword;
|
||||
struct samr_Password ntpassword;
|
||||
|
||||
unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
|
||||
|
||||
unsigned char lm_owf[16];
|
||||
unsigned char nt_owf[16];
|
||||
unsigned char key[16];
|
||||
|
||||
password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo);
|
||||
if (!password_info) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
|
||||
nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("lm cypher:"));
|
||||
dump_data(100, lm_owf_user_pwd, 16);
|
||||
|
||||
DEBUG(100,("nt cypher:"));
|
||||
dump_data(100, nt_owf_user_pwd, 16);
|
||||
#endif
|
||||
memset(key, 0, 16);
|
||||
memcpy(key, cli->dc->sess_key, 8);
|
||||
|
||||
memcpy(lm_owf, lm_owf_user_pwd, 16);
|
||||
arcfour_crypt(lm_owf, key, 16);
|
||||
memcpy(nt_owf, nt_owf_user_pwd, 16);
|
||||
arcfour_crypt(nt_owf, key, 16);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("encrypt of lm owf password:"));
|
||||
dump_data(100, lm_owf, 16);
|
||||
|
||||
DEBUG(100,("encrypt of nt owf password:"));
|
||||
dump_data(100, nt_owf, 16);
|
||||
#endif
|
||||
memcpy(lmpassword.hash, lm_owf, 16);
|
||||
memcpy(ntpassword.hash, nt_owf, 16);
|
||||
if (cli->dc->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
||||
netlogon_creds_arcfour_crypt(cli->dc, lmpassword.hash, 16);
|
||||
netlogon_creds_arcfour_crypt(cli->dc, ntpassword.hash, 16);
|
||||
} else {
|
||||
netlogon_creds_des_encrypt(cli->dc, &lmpassword);
|
||||
netlogon_creds_des_encrypt(cli->dc, &ntpassword);
|
||||
}
|
||||
|
||||
init_netr_PasswordInfo(password_info,
|
||||
domain,
|
||||
@ -281,7 +256,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
|
||||
}
|
||||
|
||||
result = rpccli_netr_LogonSamLogon(cli, mem_ctx,
|
||||
cli->dc->remote_machine,
|
||||
cli->srv_name_slash,
|
||||
global_myname(),
|
||||
&clnt_creds,
|
||||
&ret_creds,
|
||||
@ -291,13 +266,11 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
|
||||
&validation,
|
||||
&authoritative);
|
||||
|
||||
if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
|
||||
/* Check returned credentials if present. */
|
||||
/* Always check returned credentials */
|
||||
if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
|
||||
DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -353,7 +326,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &clnt_creds);
|
||||
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
|
||||
|
||||
if (server[0] != '\\' && server[1] != '\\') {
|
||||
server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
|
||||
@ -408,23 +381,13 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
if (memcmp(zeros, validation.sam3->base.key.key, 16) != 0) {
|
||||
arcfour_crypt(validation.sam3->base.key.key,
|
||||
cli->dc->sess_key, 16);
|
||||
}
|
||||
|
||||
if (memcmp(zeros, validation.sam3->base.LMSessKey.key, 8) != 0) {
|
||||
arcfour_crypt(validation.sam3->base.LMSessKey.key,
|
||||
cli->dc->sess_key, 8);
|
||||
}
|
||||
|
||||
if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
|
||||
/* Check returned credentials if present. */
|
||||
/* Always check returned credentials. */
|
||||
if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
|
||||
DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
|
||||
|
||||
*info3 = validation.sam3;
|
||||
|
||||
@ -525,15 +488,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
if (memcmp(zeros, validation.sam3->base.key.key, 16) != 0) {
|
||||
arcfour_crypt(validation.sam3->base.key.key,
|
||||
cli->dc->sess_key, 16);
|
||||
}
|
||||
|
||||
if (memcmp(zeros, validation.sam3->base.LMSessKey.key, 8) != 0) {
|
||||
arcfour_crypt(validation.sam3->base.LMSessKey.key,
|
||||
cli->dc->sess_key, 8);
|
||||
}
|
||||
netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
|
||||
|
||||
*info3 = validation.sam3;
|
||||
|
||||
@ -575,21 +530,21 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
|
||||
return result;
|
||||
}
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &clnt_creds);
|
||||
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
|
||||
|
||||
if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) {
|
||||
|
||||
struct netr_CryptPassword new_password;
|
||||
|
||||
init_netr_CryptPassword(new_trust_pwd_cleartext,
|
||||
cli->dc->sess_key,
|
||||
cli->dc->session_key,
|
||||
&new_password);
|
||||
|
||||
result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx,
|
||||
cli->dc->remote_machine,
|
||||
cli->dc->mach_acct,
|
||||
cli->srv_name_slash,
|
||||
cli->dc->account_name,
|
||||
sec_channel_type,
|
||||
global_myname(),
|
||||
cli->dc->computer_name,
|
||||
&clnt_creds,
|
||||
&srv_cred,
|
||||
&new_password);
|
||||
@ -601,16 +556,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
|
||||
} else {
|
||||
|
||||
struct samr_Password new_password;
|
||||
|
||||
cred_hash3(new_password.hash,
|
||||
new_trust_passwd_hash,
|
||||
cli->dc->sess_key, 1);
|
||||
memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash));
|
||||
netlogon_creds_des_encrypt(cli->dc, &new_password);
|
||||
|
||||
result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
|
||||
cli->dc->remote_machine,
|
||||
cli->dc->mach_acct,
|
||||
cli->srv_name_slash,
|
||||
cli->dc->account_name,
|
||||
sec_channel_type,
|
||||
global_myname(),
|
||||
cli->dc->computer_name,
|
||||
&clnt_creds,
|
||||
&srv_cred,
|
||||
&new_password);
|
||||
|
||||
@ -3851,7 +3851,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
||||
const struct ndr_syntax_id *interface,
|
||||
enum pipe_auth_level auth_level,
|
||||
const char *domain,
|
||||
const struct dcinfo *pdc,
|
||||
struct netlogon_creds_CredentialState *pdc,
|
||||
struct rpc_pipe_client **presult)
|
||||
{
|
||||
struct rpc_pipe_client *result;
|
||||
@ -3864,7 +3864,7 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
||||
}
|
||||
|
||||
status = rpccli_schannel_bind_data(result, domain, auth_level,
|
||||
pdc->sess_key, &auth);
|
||||
pdc->session_key, &auth);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
|
||||
nt_errstr(status)));
|
||||
@ -3883,11 +3883,11 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
|
||||
|
||||
/*
|
||||
* The credentials on a new netlogon pipe are the ones we are passed
|
||||
* in - copy them over.
|
||||
* in - reference them in
|
||||
*/
|
||||
result->dc = (struct dcinfo *)talloc_memdup(result, pdc, sizeof(*pdc));
|
||||
result->dc = talloc_reference(result, pdc);
|
||||
if (result->dc == NULL) {
|
||||
DEBUG(0, ("talloc failed\n"));
|
||||
DEBUG(0, ("talloc reference failed\n"));
|
||||
TALLOC_FREE(result);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
@ -585,7 +585,7 @@ static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli,
|
||||
do {
|
||||
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &credential);
|
||||
netlogon_creds_client_authenticator(cli->dc, &credential);
|
||||
|
||||
result = rpccli_netr_DatabaseSync2(cli, mem_ctx,
|
||||
logon_server,
|
||||
@ -648,7 +648,7 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli,
|
||||
do {
|
||||
struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &credential);
|
||||
netlogon_creds_client_authenticator(cli->dc, &credential);
|
||||
|
||||
result = rpccli_netr_DatabaseDeltas(cli, mem_ctx,
|
||||
logon_server,
|
||||
@ -1083,7 +1083,7 @@ static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli,
|
||||
return status;
|
||||
}
|
||||
|
||||
netlogon_creds_client_step(cli->dc, &clnt_creds);
|
||||
netlogon_creds_client_authenticator(cli->dc, &clnt_creds);
|
||||
|
||||
ZERO_STRUCT(e);
|
||||
|
||||
@ -1128,7 +1128,7 @@ static NTSTATUS cmd_netlogon_capabilities(struct rpc_pipe_client *cli,
|
||||
}
|
||||
|
||||
#if 0
|
||||
netlogon_creds_client_step(cli->dc, &credential);
|
||||
netlogon_creds_client_authenticator(cli->dc, &credential);
|
||||
#else
|
||||
ZERO_STRUCT(credential);
|
||||
#endif
|
||||
|
||||
@ -567,15 +567,15 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
|
||||
static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
uint8 lm_pw[16], nt_pw[16];
|
||||
struct samr_Password lm_pw, nt_pw;
|
||||
|
||||
nt_lm_owf_gen (opt_password, nt_pw, lm_pw);
|
||||
nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash);
|
||||
|
||||
nt_status = ntlm_password_check(ntlmssp_state,
|
||||
true, true,
|
||||
&ntlmssp_state->chal,
|
||||
&ntlmssp_state->lm_resp,
|
||||
&ntlmssp_state->nt_resp,
|
||||
NULL, NULL,
|
||||
ntlmssp_state->user,
|
||||
ntlmssp_state->user,
|
||||
ntlmssp_state->domain,
|
||||
|
||||
Reference in New Issue
Block a user