[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2311-ge48737f

Günther Deschner gd at samba.org
Sat Feb 16 15:08:17 GMT 2008 

The branch, v3-2-test has been updated
       via  e48737f04d2324b604f3290904ec6163a6242ae5 (commit)
       via  33f91c894488687a42500e751eb9016d99d9129c (commit)
       via  2fb73a3545634982d17d3823cb629f06c5779fc0 (commit)
      from  7845a0d9a8f938c1be888ab2d9aa6c35d6f1dbad (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit e48737f04d2324b604f3290904ec6163a6242ae5
Author: Günther Deschner <gd at samba.org>
Date:   Sat Feb 16 16:06:55 2008 +0100

    Remove unused marshalling for NET_SRV_PWSET.
    
    Guenther

commit 33f91c894488687a42500e751eb9016d99d9129c
Author: Günther Deschner <gd at samba.org>
Date:   Sat Feb 16 16:04:01 2008 +0100

    Use rpccli_netr_ServerPasswordSet in "just_change_the_password()".
    
    Guenther

commit 2fb73a3545634982d17d3823cb629f06c5779fc0
Author: Günther Deschner <gd at samba.org>
Date:   Sat Feb 16 15:14:04 2008 +0100

    Remove unused creds_server_check and creds_server_step.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source/include/rpc_netlogon.h    |   13 -------
 source/libsmb/credentials.c      |   41 -----------------------
 source/libsmb/trusts_util.c      |   27 ++++++++++++++-
 source/rpc_client/cli_netlogon.c |   48 --------------------------
 source/rpc_parse/parse_net.c     |   68 --------------------------------------
 5 files changed, 26 insertions(+), 171 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h
index e8414ed..044368d 100644
--- a/source/include/rpc_netlogon.h
+++ b/source/include/rpc_netlogon.h
@@ -309,19 +309,6 @@ typedef struct net_r_auth3_info {
 } NET_R_AUTH_3;
 
 
-/* NET_Q_SRV_PWSET */
-typedef struct net_q_srv_pwset_info {
-	DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
-	uint8 pwd[16]; /* new password - undocumented. */
-} NET_Q_SRV_PWSET;
-    
-/* NET_R_SRV_PWSET */
-typedef struct net_r_srv_pwset_info {
-	DOM_CRED srv_cred;     /* server-calculated credentials */
-
-	NTSTATUS status; /* return code */
-} NET_R_SRV_PWSET;
-
 /* NET_ID_INFO_2 */
 typedef struct net_network_info_2 {
 	uint32            ptr_id_info2;        /* pointer to id_info_2 */
diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c
index 328b931..2dcbdf3 100644
--- a/source/libsmb/credentials.c
+++ b/source/libsmb/credentials.c
@@ -213,18 +213,6 @@ void creds_server_init(uint32 neg_flags,
  Check a credential sent by the client.
 ****************************************************************************/
 
-bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in)
-{
-	if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) {
-		DEBUG(5,("creds_server_check: challenge : %s\n", credstr(rcv_cli_chal_in->data)));
-		DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data)));
-		DEBUG(2,("creds_server_check: credentials check failed.\n"));
-		return False;
-	}
-	DEBUG(10,("creds_server_check: credentials check OK.\n"));
-	return True;
-}
-
 bool netlogon_creds_server_check(const struct dcinfo *dc,
 				 const struct netr_Credential *rcv_cli_chal_in)
 {
@@ -260,35 +248,6 @@ static void creds_reseed(struct dcinfo *dc)
  Step the server credential chain one forward. 
 ****************************************************************************/
 
-bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
-{
-	bool ret;
-	struct dcinfo tmp_dc = *dc;
-
-	/* Do all operations on a temporary copy of the dc,
-	   which we throw away if the checks fail. */
-
-	tmp_dc.sequence = received_cred->timestamp.time;
-
-	creds_step(&tmp_dc);
-
-	/* Create the outgoing credentials */
-	cred_out->timestamp.time = tmp_dc.sequence + 1;
-	memcpy(&cred_out->challenge.data, tmp_dc.srv_chal.data,
-	       sizeof(cred_out->challenge.data));
-
-	creds_reseed(&tmp_dc);
-
-	ret = creds_server_check(&tmp_dc, &received_cred->challenge);
-	if (!ret) {
-		return False;
-	}
-
-	/* creds step succeeded - replace the current creds. */
-	*dc = tmp_dc;
-	return True;
-}
-
 bool netlogon_creds_server_step(struct dcinfo *dc,
 				const struct netr_Authenticator *received_cred,
 				struct netr_Authenticator *cred_out)
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 11f691b..1e92bf2 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -58,7 +58,32 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 		}
 	}
 
-	result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
+	{
+		struct netr_Authenticator clnt_creds, srv_cred;
+		struct samr_Password new_password;
+
+		netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+		cred_hash3(new_password.hash,
+			   new_trust_passwd_hash,
+			   cli->dc->sess_key, 1);
+
+		result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+						       cli->dc->remote_machine,
+						       cli->dc->mach_acct,
+						       sec_channel_type,
+						       global_myname(),
+						       &clnt_creds,
+						       &srv_cred,
+						       &new_password);
+
+		/* Always check returned credentials. */
+		if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+			DEBUG(0,("rpccli_netr_ServerPasswordSet: "
+				"credentials chain check failed\n"));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
 
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index d84eb01..b50a033 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -577,51 +577,3 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
 
         return result;
 }
-
-/***************************************************************************
-LSA Server Password Set.
-****************************************************************************/
-
-NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-			   const char *machine_name, const uint8 hashed_mach_pwd[16])
-{
-	prs_struct rbuf;
-	prs_struct qbuf; 
-	DOM_CRED clnt_creds;
-	NET_Q_SRV_PWSET q;
-	NET_R_SRV_PWSET r;
-	uint16 sec_chan_type = 2;
-	NTSTATUS result;
-
-	creds_client_step(cli->dc, &clnt_creds);
-	
-	DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n",
-		 cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
-	
-        /* store the parameters */
-	init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
-			 cli->dc->mach_acct, sec_chan_type, machine_name, 
-			 &clnt_creds, hashed_mach_pwd);
-	
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_srv_pwset,
-		net_io_r_srv_pwset,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		/* report error code */
-		DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
-	}
-
-	/* Always check returned credentials. */
-	if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
-		DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	return result;
-}
diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c
index 1de6c9d..eab8e9b 100644
--- a/source/rpc_parse/parse_net.c
+++ b/source/rpc_parse/parse_net.c
@@ -164,74 +164,6 @@ bool net_io_r_auth_3(const char *desc, NET_R_AUTH_3 *r_a, prs_struct *ps, int de
 }
 
 
-/*******************************************************************
- Inits a NET_Q_SRV_PWSET.
-********************************************************************/
-
-void init_q_srv_pwset(NET_Q_SRV_PWSET *q_s,
-		const char *logon_srv, const char *sess_key, const char *acct_name, 
-                uint16 sec_chan, const char *comp_name,
-		DOM_CRED *cred, const uchar hashed_mach_pwd[16])
-{
-	unsigned char nt_cypher[16];
-	
-	DEBUG(5,("init_q_srv_pwset\n"));
-	
-	/* Process the new password. */
-	cred_hash3( nt_cypher, hashed_mach_pwd, (const unsigned char *)sess_key, 1);
-
-	init_clnt_info(&q_s->clnt_id, logon_srv, acct_name, sec_chan, comp_name, cred);
-
-	memcpy(q_s->pwd, nt_cypher, sizeof(q_s->pwd)); 
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_srv_pwset(const char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth)
-{
-	if (q_s == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_srv_pwset");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_clnt_info("", &q_s->clnt_id, ps, depth)) /* client identification/authentication info */
-		return False;
-	if(!prs_uint8s (False, "pwd", ps, depth, q_s->pwd, 16)) /* new password - undocumented */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_srv_pwset(const char *desc, NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth)
-{
-	if (r_s == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_srv_pwset");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_cred("", &r_s->srv_cred, ps, depth)) /* server challenge */
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_s->status))
-		return False;
-
-	return True;
-}
-
 /*************************************************************************
  Init DOM_SID2 array from a string containing multiple sids
  *************************************************************************/


-- 
Samba Shared Repository

More information about the samba-cvs mailing list