[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-2311-ge48737f
Günther Deschner
gd at samba.org
Sat Feb 16 15:08:17 GMT 2008
The branch, v3-2-test has been updated
via e48737f04d2324b604f3290904ec6163a6242ae5 (commit)
via 33f91c894488687a42500e751eb9016d99d9129c (commit)
via 2fb73a3545634982d17d3823cb629f06c5779fc0 (commit)
from 7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit e48737f04d2324b604f3290904ec6163a6242ae5
Author: Günther Deschner <gd at samba.org>
Date: Sat Feb 16 16:06:55 2008 +0100
Remove unused marshalling for NET_SRV_PWSET.
Guenther
commit 33f91c894488687a42500e751eb9016d99d9129c
Author: Günther Deschner <gd at samba.org>
Date: Sat Feb 16 16:04:01 2008 +0100
Use rpccli_netr_ServerPasswordSet in "just_change_the_password()".
Guenther
commit 2fb73a3545634982d17d3823cb629f06c5779fc0
Author: Günther Deschner <gd at samba.org>
Date: Sat Feb 16 15:14:04 2008 +0100
Remove unused creds_server_check and creds_server_step.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_netlogon.h | 13 -------
source/libsmb/credentials.c | 41 -----------------------
source/libsmb/trusts_util.c | 27 ++++++++++++++-
source/rpc_client/cli_netlogon.c | 48 --------------------------
source/rpc_parse/parse_net.c | 68 --------------------------------------
5 files changed, 26 insertions(+), 171 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h
index e8414ed..044368d 100644
--- a/source/include/rpc_netlogon.h
+++ b/source/include/rpc_netlogon.h
@@ -309,19 +309,6 @@ typedef struct net_r_auth3_info {
} NET_R_AUTH_3;
-/* NET_Q_SRV_PWSET */
-typedef struct net_q_srv_pwset_info {
- DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
- uint8 pwd[16]; /* new password - undocumented. */
-} NET_Q_SRV_PWSET;
-
-/* NET_R_SRV_PWSET */
-typedef struct net_r_srv_pwset_info {
- DOM_CRED srv_cred; /* server-calculated credentials */
-
- NTSTATUS status; /* return code */
-} NET_R_SRV_PWSET;
-
/* NET_ID_INFO_2 */
typedef struct net_network_info_2 {
uint32 ptr_id_info2; /* pointer to id_info_2 */
diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c
index 328b931..2dcbdf3 100644
--- a/source/libsmb/credentials.c
+++ b/source/libsmb/credentials.c
@@ -213,18 +213,6 @@ void creds_server_init(uint32 neg_flags,
Check a credential sent by the client.
****************************************************************************/
-bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in)
-{
- if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) {
- DEBUG(5,("creds_server_check: challenge : %s\n", credstr(rcv_cli_chal_in->data)));
- DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data)));
- DEBUG(2,("creds_server_check: credentials check failed.\n"));
- return False;
- }
- DEBUG(10,("creds_server_check: credentials check OK.\n"));
- return True;
-}
-
bool netlogon_creds_server_check(const struct dcinfo *dc,
const struct netr_Credential *rcv_cli_chal_in)
{
@@ -260,35 +248,6 @@ static void creds_reseed(struct dcinfo *dc)
Step the server credential chain one forward.
****************************************************************************/
-bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
-{
- bool ret;
- struct dcinfo tmp_dc = *dc;
-
- /* Do all operations on a temporary copy of the dc,
- which we throw away if the checks fail. */
-
- tmp_dc.sequence = received_cred->timestamp.time;
-
- creds_step(&tmp_dc);
-
- /* Create the outgoing credentials */
- cred_out->timestamp.time = tmp_dc.sequence + 1;
- memcpy(&cred_out->challenge.data, tmp_dc.srv_chal.data,
- sizeof(cred_out->challenge.data));
-
- creds_reseed(&tmp_dc);
-
- ret = creds_server_check(&tmp_dc, &received_cred->challenge);
- if (!ret) {
- return False;
- }
-
- /* creds step succeeded - replace the current creds. */
- *dc = tmp_dc;
- return True;
-}
-
bool netlogon_creds_server_step(struct dcinfo *dc,
const struct netr_Authenticator *received_cred,
struct netr_Authenticator *cred_out)
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 11f691b..1e92bf2 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -58,7 +58,32 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
}
}
- result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
+ {
+ struct netr_Authenticator clnt_creds, srv_cred;
+ struct samr_Password new_password;
+
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+ cred_hash3(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
+
+ result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+ cli->dc->remote_machine,
+ cli->dc->mach_acct,
+ sec_channel_type,
+ global_myname(),
+ &clnt_creds,
+ &srv_cred,
+ &new_password);
+
+ /* Always check returned credentials. */
+ if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+ DEBUG(0,("rpccli_netr_ServerPasswordSet: "
+ "credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index d84eb01..b50a033 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -577,51 +577,3 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
return result;
}
-
-/***************************************************************************
-LSA Server Password Set.
-****************************************************************************/
-
-NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const char *machine_name, const uint8 hashed_mach_pwd[16])
-{
- prs_struct rbuf;
- prs_struct qbuf;
- DOM_CRED clnt_creds;
- NET_Q_SRV_PWSET q;
- NET_R_SRV_PWSET r;
- uint16 sec_chan_type = 2;
- NTSTATUS result;
-
- creds_client_step(cli->dc, &clnt_creds);
-
- DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n",
- cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
-
- /* store the parameters */
- init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
- cli->dc->mach_acct, sec_chan_type, machine_name,
- &clnt_creds, hashed_mach_pwd);
-
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET,
- q, r,
- qbuf, rbuf,
- net_io_q_srv_pwset,
- net_io_r_srv_pwset,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- /* report error code */
- DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
- }
-
- /* Always check returned credentials. */
- if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
- DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- return result;
-}
diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c
index 1de6c9d..eab8e9b 100644
--- a/source/rpc_parse/parse_net.c
+++ b/source/rpc_parse/parse_net.c
@@ -164,74 +164,6 @@ bool net_io_r_auth_3(const char *desc, NET_R_AUTH_3 *r_a, prs_struct *ps, int de
}
-/*******************************************************************
- Inits a NET_Q_SRV_PWSET.
-********************************************************************/
-
-void init_q_srv_pwset(NET_Q_SRV_PWSET *q_s,
- const char *logon_srv, const char *sess_key, const char *acct_name,
- uint16 sec_chan, const char *comp_name,
- DOM_CRED *cred, const uchar hashed_mach_pwd[16])
-{
- unsigned char nt_cypher[16];
-
- DEBUG(5,("init_q_srv_pwset\n"));
-
- /* Process the new password. */
- cred_hash3( nt_cypher, hashed_mach_pwd, (const unsigned char *)sess_key, 1);
-
- init_clnt_info(&q_s->clnt_id, logon_srv, acct_name, sec_chan, comp_name, cred);
-
- memcpy(q_s->pwd, nt_cypher, sizeof(q_s->pwd));
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_srv_pwset(const char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth)
-{
- if (q_s == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_q_srv_pwset");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!smb_io_clnt_info("", &q_s->clnt_id, ps, depth)) /* client identification/authentication info */
- return False;
- if(!prs_uint8s (False, "pwd", ps, depth, q_s->pwd, 16)) /* new password - undocumented */
- return False;
-
- return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_srv_pwset(const char *desc, NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth)
-{
- if (r_s == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_r_srv_pwset");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!smb_io_cred("", &r_s->srv_cred, ps, depth)) /* server challenge */
- return False;
-
- if(!prs_ntstatus("status", ps, depth, &r_s->status))
- return False;
-
- return True;
-}
-
/*************************************************************************
Init DOM_SID2 array from a string containing multiple sids
*************************************************************************/
--
Samba Shared Repository
More information about the samba-cvs
mailing list