return h;
}
-bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
-{
- struct auth_ntlmssp_state *a = NULL;
- struct cli_state *cli;
-
- if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_NTLMSSP) {
- a = talloc_get_type_abort(rpc_cli->auth->auth_ctx,
- struct auth_ntlmssp_state);
- } else if (rpc_cli->auth->auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
- struct spnego_context *spnego_ctx;
- enum spnego_mech auth_type;
- void *auth_ctx;
- NTSTATUS status;
-
- spnego_ctx = talloc_get_type_abort(rpc_cli->auth->auth_ctx,
- struct spnego_context);
- status = spnego_get_negotiated_mech(spnego_ctx,
- &auth_type, &auth_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- return false;
- }
-
- if (auth_type == SPNEGO_NTLMSSP) {
- a = talloc_get_type_abort(auth_ctx,
- struct auth_ntlmssp_state);
- }
- }
-
- if (a) {
- memcpy(nt_hash, auth_ntlmssp_get_nt_hash(a), 16);
- return true;
- }
-
- cli = rpc_pipe_np_smb_conn(rpc_cli);
- if (cli == NULL) {
- return false;
- }
- E_md4hash(cli->password ? cli->password : "", nt_hash);
- return true;
-}
-
NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
struct pipe_auth_data **presult)
{
}
static void display_trust_dom_info_4(struct lsa_TrustDomainInfoPassword *p,
- uint8_t session_key[16])
+ DATA_BLOB session_key)
{
char *pwd, *pwd_old;
DATA_BLOB data = data_blob_const(p->password->data, p->password->length);
DATA_BLOB data_old = data_blob_const(p->old_password->data, p->old_password->length);
- DATA_BLOB session_key_blob = data_blob_const(session_key, sizeof(session_key));
- pwd = sess_decrypt_string(talloc_tos(), &data, &session_key_blob);
- pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key_blob);
+ pwd = sess_decrypt_string(talloc_tos(), &data, &session_key);
+ pwd_old = sess_decrypt_string(talloc_tos(), &data_old, &session_key);
d_printf("Password:\t%s\n", pwd);
d_printf("Old Password:\t%s\n", pwd_old);
static void display_trust_dom_info(TALLOC_CTX *mem_ctx,
union lsa_TrustedDomainInfo *info,
enum lsa_TrustDomInfoEnum info_class,
- uint8_t nt_hash[16])
+ DATA_BLOB session_key)
{
switch (info_class) {
case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
- display_trust_dom_info_4(&info->password, nt_hash);
+ display_trust_dom_info_4(&info->password, session_key);
break;
default: {
const char *str = NULL;
uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
- uint8_t nt_hash[16];
+ DATA_BLOB session_key;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc > 3 || argc < 2) {
goto done;
}
- if (!rpccli_get_pwd_hash(cli, nt_hash)) {
- d_fprintf(stderr, "Could not get pwd hash\n");
+ status = cli_get_session_key(mem_ctx, cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status)));
goto done;
}
- display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
+ display_trust_dom_info(mem_ctx, info, info_class, session_key);
done:
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
union lsa_TrustedDomainInfo *info = NULL;
enum lsa_TrustDomInfoEnum info_class = 1;
struct lsa_String trusted_domain;
- uint8_t nt_hash[16];
struct dcerpc_binding_handle *b = cli->binding_handle;
+ DATA_BLOB session_key;
if (argc > 3 || argc < 2) {
printf("Usage: %s [name] [info_class]\n", argv[0]);
goto done;
}
- if (!rpccli_get_pwd_hash(cli, nt_hash)) {
- d_fprintf(stderr, "Could not get pwd hash\n");
+ status = cli_get_session_key(mem_ctx, cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status)));
goto done;
}
- display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
+ display_trust_dom_info(mem_ctx, info, info_class, session_key);
done:
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
union lsa_TrustedDomainInfo *info = NULL;
struct dom_sid dom_sid;
enum lsa_TrustDomInfoEnum info_class = 1;
- uint8_t nt_hash[16];
+ DATA_BLOB session_key;
struct dcerpc_binding_handle *b = cli->binding_handle;
if (argc > 3 || argc < 2) {
goto done;
}
- if (!rpccli_get_pwd_hash(cli, nt_hash)) {
- d_fprintf(stderr, "Could not get pwd hash\n");
+ status = cli_get_session_key(mem_ctx, cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(status)));
goto done;
}
- display_trust_dom_info(mem_ctx, info, info_class, nt_hash);
+ display_trust_dom_info(mem_ctx, info, info_class, session_key);
done:
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
NTSTATUS nt_status, result;
union lsa_TrustedDomainInfo *info = NULL;
char *cleartextpwd = NULL;
- uint8_t session_key[16];
- DATA_BLOB session_key_blob;
+ DATA_BLOB session_key;
DATA_BLOB data = data_blob_null;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
data = data_blob(info->password.password->data,
info->password.password->length);
- if (!rpccli_get_pwd_hash(pipe_hnd, session_key)) {
- DEBUG(0, ("Could not retrieve password hash\n"));
+ nt_status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(0, ("Could not retrieve session key: %s\n", nt_errstr(nt_status)));
goto done;
}
- session_key_blob = data_blob_const(session_key, sizeof(session_key));
- cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key_blob);
+ cleartextpwd = sess_decrypt_string(mem_ctx, &data, &session_key);
+ data_blob_free(&session_key);
if (cleartextpwd == NULL) {
DEBUG(0,("retrieved NULL password\n"));