diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-05-22 20:44:40 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2017-07-13 20:01:28 +0200 |
| commit | 29fa1791a35bc0988a22f2b06149bdb6c9c27132 (patch) | |
| tree | fee27f1c1078da32a52a3e5e299b58b569e13197 /source3/libsmb | |
| parent | d41f361e86c61929cf02e9465a7b81c56c4d4215 (diff) | |
| download | samba-29fa1791a35bc0988a22f2b06149bdb6c9c27132.tar.gz | |
libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*()
This way the caller can pass more than 2 hashes and can only
know which hash was used for a successful connection.
We allow up to 4 hashes (next, current, old, older).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ddd7ac68ccae8b4df6c6a65b3dad20e21924f538)
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/trusts_util.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 47b79b73369..128beb73cc1 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -115,7 +115,9 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, struct trust_pw_change_state *state; struct cli_credentials *creds = NULL; const struct samr_Password *current_nt_hash = NULL; - const struct samr_Password *previous_nt_hash = NULL; + uint8_t num_nt_hashes = 0; + const struct samr_Password *nt_hashes[1] = { NULL, }; + uint8_t idx_nt_hashes = 0; enum netr_SchannelType sec_channel_type = SEC_CHAN_NULL; time_t pass_last_set_time; uint32_t old_version = 0; @@ -245,6 +247,9 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, return NT_STATUS_NO_MEMORY; } + nt_hashes[0] = current_nt_hash; + num_nt_hashes = 1; + /* * We could use cli_credentials_get_old_nt_hash(creds, frame) to * set previous_nt_hash. @@ -259,8 +264,9 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, * local secrets before doing the change. */ status = netlogon_creds_cli_auth(context, b, - *current_nt_hash, - previous_nt_hash); + num_nt_hashes, + nt_hashes, + &idx_nt_hashes); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("netlogon_creds_cli_auth(%s) failed for old password - %s!\n", context_name, nt_errstr(status))); @@ -349,9 +355,12 @@ NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context, /* * Now we verify the new password. */ + nt_hashes[0] = current_nt_hash; + num_nt_hashes = 1; status = netlogon_creds_cli_auth(context, b, - *current_nt_hash, - NULL); /* previous_nt_hash */ + num_nt_hashes, + nt_hashes, + &idx_nt_hashes); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("netlogon_creds_cli_auth(%s) failed for new password - %s!\n", context_name, nt_errstr(status))); |