From: Volker Lendecke Date: Fri, 25 Apr 2008 14:32:44 +0000 (+0200) Subject: Revert "Remove the "pwd" struct from rpc_pipe_client" X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1db152ed07e748727b99e3bb2895faa5bc48bf04;p=thirdparty%2Fsamba.git Revert "Remove the "pwd" struct from rpc_pipe_client" This reverts commit 3d8c2a47e677a4c4aacf4abf148b1bd8163c3351. --- diff --git a/source/include/client.h b/source/include/client.h index 9cbfa51bb1f..5cfc9a6f920 100644 --- a/source/include/client.h +++ b/source/include/client.h @@ -73,6 +73,7 @@ struct rpc_pipe_client { char *domain; char *user_name; + struct pwd_info pwd; uint16 max_xmit_frag; uint16 max_recv_frag; diff --git a/source/libsmb/smbencrypt.c b/source/libsmb/smbencrypt.c index 11f8780a47b..e7198b801d3 100644 --- a/source/libsmb/smbencrypt.c +++ b/source/libsmb/smbencrypt.c @@ -630,23 +630,27 @@ void sess_crypt_blob(DATA_BLOB *out, const DATA_BLOB *in, const DATA_BLOB *sessi } /* Decrypts password-blob with session-key - * @param nt_hash NT hash for the session key + * @param pass password for session-key * @param data_in DATA_BLOB encrypted password * * Returns cleartext password in CH_UNIX * Caller must free the returned string */ -char *decrypt_trustdom_secret(uint8_t nt_hash[16], DATA_BLOB *data_in) +char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in) { DATA_BLOB data_out, sess_key; + uchar nt_hash[16]; uint32_t length; uint32_t version; fstring cleartextpwd; - if (!data_in || !nt_hash) + if (!data_in || !pass) return NULL; + /* generate md4 password-hash derived from the NT UNICODE password */ + E_md4hash(pass, nt_hash); + /* hashed twice with md4 */ mdfour(nt_hash, nt_hash, 16); diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 828307cace8..d4ce45446b0 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -2139,18 +2139,6 @@ bool rpccli_is_pipe_idx(struct rpc_pipe_client *cli, int pipe_idx) return (cli->abstract_syntax == pipe_names[pipe_idx].abstr_syntax); } -bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16]) -{ - if (!((cli->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) - || (cli->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { - E_md4hash(cli->cli->pwd.password, nt_hash); - return true; - } - - memcpy(nt_hash, cli->auth.a_u.ntlmssp_state->nt_hash, 16); - return true; -} - struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p) { return p->cli; @@ -2349,6 +2337,8 @@ static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_sta goto err; } + pwd_set_cleartext(&result->pwd, password); + *perr = ntlmssp_client_start(&ntlmssp_state); if (!NT_STATUS_IS_OK(*perr)) { goto err; diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 0419c87c988..88e49546b13 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -948,8 +948,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, return result; } -static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, - uint8_t nt_hash[16]) +static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, const char *password) { char *pwd, *pwd_old; @@ -959,8 +958,8 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, memcpy(data.data, p->password->data, p->password->length); memcpy(data_old.data, p->old_password->data, p->old_password->length); - pwd = decrypt_trustdom_secret(nt_hash, &data); - pwd_old = decrypt_trustdom_secret(nt_hash, &data_old); + pwd = decrypt_trustdom_secret(password, &data); + pwd_old = decrypt_trustdom_secret(password, &data_old); d_printf("Password:\t%s\n", pwd); d_printf("Old Password:\t%s\n", pwd_old); @@ -975,11 +974,11 @@ static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p, static void display_trust_dom_info(TALLOC_CTX *mem_ctx, union lsa_TrustedDomainInfo *info, enum lsa_TrustDomInfoEnum info_class, - uint8_t nt_hash[16]) + const char *pass) { switch (info_class) { case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: - display_trust_dom_info_4(&info->password, nt_hash); + display_trust_dom_info_4(&info->password, pass); break; default: { const char *str = NULL; @@ -1004,7 +1003,6 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, uint32 access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED; union lsa_TrustedDomainInfo *info = NULL; enum lsa_TrustDomInfoEnum info_class = 1; - uint8_t nt_hash[16]; if (argc > 3 || argc < 2) { printf("Usage: %s [sid] [info_class]\n", argv[0]); @@ -1030,12 +1028,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (!rpccli_get_pwd_hash(cli, nt_hash)) { - d_fprintf(stderr, "Could not get pwd hash\n"); - goto done; - } - - display_trust_dom_info(mem_ctx, info, info_class, nt_hash); + display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password); done: rpccli_lsa_Close(cli, mem_ctx, &pol); @@ -1053,7 +1046,6 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, union lsa_TrustedDomainInfo *info = NULL; enum lsa_TrustDomInfoEnum info_class = 1; struct lsa_String trusted_domain; - uint8_t nt_hash[16]; if (argc > 3 || argc < 2) { printf("Usage: %s [name] [info_class]\n", argv[0]); @@ -1078,12 +1070,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (!rpccli_get_pwd_hash(cli, nt_hash)) { - d_fprintf(stderr, "Could not get pwd hash\n"); - goto done; - } - - display_trust_dom_info(mem_ctx, info, info_class, nt_hash); + display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password); done: rpccli_lsa_Close(cli, mem_ctx, &pol); @@ -1101,7 +1088,6 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, union lsa_TrustedDomainInfo *info = NULL; DOM_SID dom_sid; enum lsa_TrustDomInfoEnum info_class = 1; - uint8_t nt_hash[16]; if (argc > 3 || argc < 2) { printf("Usage: %s [sid] [info_class]\n", argv[0]); @@ -1137,12 +1123,7 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - if (!rpccli_get_pwd_hash(cli, nt_hash)) { - d_fprintf(stderr, "Could not get pwd hash\n"); - goto done; - } - - display_trust_dom_info(mem_ctx, info, info_class, nt_hash); + display_trust_dom_info(mem_ctx, info, info_class, cli->pwd.password); done: rpccli_lsa_Close(cli, mem_ctx, &pol); diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 24965755fbb..5845c143140 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -5929,7 +5929,6 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, NTSTATUS nt_status; union lsa_TrustedDomainInfo *info = NULL; char *cleartextpwd = NULL; - uint8_t nt_hash[16]; DATA_BLOB data; nt_status = rpccli_lsa_QueryTrustedDomainInfoBySid(pipe_hnd, mem_ctx, @@ -5946,12 +5945,8 @@ static NTSTATUS vampire_trusted_domain(struct rpc_pipe_client *pipe_hnd, data = data_blob(info->password.password->data, info->password.password->length); - if (!rpccli_get_pwd_hash(pipe_hnd, nt_hash)) { - DEBUG(0, ("Could not retrieve password hash\n")); - goto done; - } - - cleartextpwd = decrypt_trustdom_secret(nt_hash, &data); + cleartextpwd = decrypt_trustdom_secret( + rpc_pipe_np_smb_conn(pipe_hnd)->pwd.password, &data); if (cleartextpwd == NULL) { DEBUG(0,("retrieved NULL password\n"));