summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-12-01 16:39:51 +0000
committerLuke Leighton <lkcl@samba.org>1999-12-01 16:39:51 +0000
commit106fe88be01f7ac7d1369e97a6468dcd80c0a813 (patch)
tree6e6fc4c4da5fbc96d353cada70119a2a703acc9e
parent6ddfc68e0496dc41f8c9a022a0b04a2066b43c9d (diff)
downloadsamba-106fe88be01f7ac7d1369e97a6468dcd80c0a813.tar.gz
samba-106fe88be01f7ac7d1369e97a6468dcd80c0a813.tar.bz2
samba-106fe88be01f7ac7d1369e97a6468dcd80c0a813.zip
1) when no domain used in ntlogin test command, should use default one
from previous lsaquery command. over-ridden from DOMAIN\username 2) initialisation of cli_state is a little more specific: sets use_ntlmv2 to Auto. this can always be over-ridden. 3) fixed reusage of ntlmssp_cli_flgs which was being a pain 4) added pwd_compare() function then fixed bug in cli_use where NULL domain name was making connections multiply unfruitfully 5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch (This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/libsmb/clientgen.c36
-rw-r--r--source3/libsmb/pwd_cache.c63
-rw-r--r--source3/rpc_client/cli_use.c47
-rw-r--r--source3/rpcclient/cmd_netlogon.c29
-rw-r--r--source3/rpcclient/cmd_samr.c2
-rw-r--r--source3/rpcclient/rpcclient.c2
7 files changed, 142 insertions, 38 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 3d75d26ae8..f9250dc04e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -840,6 +840,7 @@ BOOL remote_password_change(const char *remote_machine, const char *user_name,
void pwd_init(struct pwd_info *pwd);
void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key);
+BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2);
void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt);
void pwd_set_nullpwd(struct pwd_info *pwd);
void pwd_set_cleartext(struct pwd_info *pwd, char *clr);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index f3bd08895d..5a0363185f 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -2675,8 +2675,18 @@ initialise a client structure
****************************************************************************/
void cli_init_creds(struct cli_state *cli, const struct user_credentials *usr)
{
- copy_user_creds(&cli->usr, usr);
- cli->ntlmssp_cli_flgs = usr->ntlmssp_flags;
+ if (usr != NULL)
+ {
+ copy_user_creds(&cli->usr, usr);
+ cli->ntlmssp_cli_flgs = usr->ntlmssp_flags;
+ }
+ else
+ {
+ cli->usr.domain[0] = 0;
+ cli->usr.user_name[0] = 0;
+ pwd_set_nullpwd(&cli->usr.pwd);
+ cli->ntlmssp_cli_flgs = 0;
+ }
}
/****************************************************************************
@@ -2715,7 +2725,10 @@ struct cli_state *cli_initialise(struct cli_state *cli)
}
cli->initialised = 1;
- cli->capabilities = CAP_DFS;
+ cli->capabilities = CAP_DFS | CAP_NT_SMBS | CAP_STATUS32;
+ cli->use_ntlmv2 = Auto;
+
+ cli_init_creds(cli, NULL);
return cli;
}
@@ -2984,6 +2997,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
if (IS_BITS_SET_ALL(cli->capabilities, CAP_EXTENDED_SECURITY))
{
/* common to both session setups */
+ uint32 ntlmssp_flgs;
char pwd_buf[128];
int buf_len;
char *p;
@@ -3024,9 +3038,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
p = skip_string(p, 1);
CVAL(p, 0) = 0x1;
p += 4;
- if (cli->ntlmssp_cli_flgs == 0)
- {
- cli->ntlmssp_cli_flgs =
+ ntlmssp_flgs =
NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
@@ -3036,11 +3048,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000;
-#if 0
- cli->ntlmssp_cli_flgs = 0x80008207;
-#endif
- }
- SIVAL(p, 0, cli->ntlmssp_cli_flgs);
+ SIVAL(p, 0, ntlmssp_flgs);
p += 4;
p += 16; /* skip some NULL space */
CVAL(p, 0) = 0; p++; /* alignment */
@@ -3072,12 +3080,12 @@ BOOL cli_establish_connection(struct cli_state *cli,
}
p = smb_buf(cli->inbuf) + 0x2f;
- cli->ntlmssp_cli_flgs = IVAL(p, 0); /* 0x80808a05; */
+ ntlmssp_flgs = IVAL(p, 0); /* 0x80808a05; */
p += 4;
memcpy(cli->cryptkey, p, 8);
#ifdef DEBUG_PASSWORD
DEBUG(100,("cli_session_setup_x: ntlmssp %8x\n",
- cli->ntlmssp_cli_flgs));
+ ntlmssp_flgs));
DEBUG(100,("cli_session_setup_x: crypt key\n"));
dump_data(100, cli->cryptkey, 8);
@@ -3098,7 +3106,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
create_ntlmssp_resp(&cli->usr.pwd, cli->usr.domain,
cli->usr.user_name, cli->calling.name,
- cli->ntlmssp_cli_flgs,
+ ntlmssp_flgs,
&auth_resp);
prs_link(NULL, &auth_resp, NULL);
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index 8f030a1a08..9680349a86 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -29,12 +29,12 @@ initialises a password structure
****************************************************************************/
void pwd_init(struct pwd_info *pwd)
{
- bzero(pwd->password , sizeof(pwd->password ));
- bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
- bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
- bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
- bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
- bzero(pwd->sess_key , sizeof(pwd->sess_key ));
+ ZERO_STRUCT(pwd->password );
+ ZERO_STRUCT(pwd->smb_lm_pwd);
+ ZERO_STRUCT(pwd->smb_nt_pwd);
+ ZERO_STRUCT(pwd->smb_lm_owf);
+ ZERO_STRUCT(pwd->smb_nt_owf);
+ ZERO_STRUCT(pwd->sess_key );
pwd->nt_owf_len = 0;
pwd->null_pwd = True; /* safest option... */
@@ -64,6 +64,57 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key)
}
/****************************************************************************
+compares two passwords. hmm, not as trivial as expected. hmm.
+****************************************************************************/
+BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2)
+{
+ pwd_deobfuscate(pwd1);
+ pwd_deobfuscate(pwd2);
+ if (pwd1->cleartext && pwd2->cleartext)
+ {
+ if (strequal(pwd1->password, pwd2->password))
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ }
+ if (pwd1->null_pwd && pwd2->null_pwd)
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ if (pwd1->crypted || pwd2->crypted)
+ {
+ DEBUG(5,("pwd_compare: cannot compare crypted passwords\n"));
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return False;
+ }
+
+ if (!pwd1->crypted && !pwd2->crypted &&
+ !pwd1->null_pwd && !pwd2->null_pwd &&
+ !pwd1->cleartext && !pwd2->cleartext)
+ {
+ if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ }
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return False;
+}
+/****************************************************************************
reads a password
****************************************************************************/
void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
diff --git a/source3/rpc_client/cli_use.c b/source3/rpc_client/cli_use.c
index a2559fbaab..a953d332e1 100644
--- a/source3/rpc_client/cli_use.c
+++ b/source3/rpc_client/cli_use.c
@@ -113,29 +113,49 @@ static struct cli_use *cli_find(const char* srv_name,
sv_name = &sv_name[2];
}
+ DEBUG(10,("cli_find: %s %s %s\n",
+ srv_name,
+ usr_creds->user_name,
+ usr_creds->domain));
+
for (i = 0; i < num_clis; i++)
{
- uchar ntpw[16], clintpw[16];
char *cli_name = NULL;
+ struct cli_use *c = clis[i];
- if (clis[i] == NULL) continue;
+ if (c == NULL) continue;
- cli_name = clis[i]->cli->desthost;
+ cli_name = c->cli->desthost;
+
+ DEBUG(10,("cli_find[%d]: %s %s %s\n",
+ i, cli_name,
+ c->cli->usr.user_name,
+ c->cli->usr.domain));
+
if (strnequal("\\\\", cli_name, 2))
{
cli_name = &cli_name[2];
}
- if (!strequal(cli_name, sv_name)) continue;
-
- pwd_get_lm_nt_16(&usr_creds->pwd, NULL, ntpw);
- pwd_get_lm_nt_16(&clis[i]->cli->usr.pwd, NULL, clintpw);
-
- if (strequal(usr_creds->user_name, clis[i]->cli->usr.user_name) &&
- strequal(usr_creds->domain, clis[i]->cli->usr.domain) &&
- memcmp(ntpw, clintpw, 16) == 0)
+ if (!strequal(cli_name, sv_name))
{
- return clis[i];
+ continue;
+ }
+ if (!strequal(usr_creds->user_name, c->cli->usr.user_name))
+ {
+ continue;
+ }
+ if (!pwd_compare(&usr_creds->pwd, &c->cli->usr.pwd))
+ {
+ continue;
+ }
+ if (usr_creds->domain[0] == 0)
+ {
+ return c;
+ }
+ if (strequal(usr_creds->domain, c->cli->usr.domain))
+ {
+ return c;
}
}
@@ -164,11 +184,8 @@ static struct cli_use *cli_use_get(const char* srv_name,
return NULL;
}
- cli->cli->capabilities |= CAP_NT_SMBS | CAP_STATUS32;
cli_init_creds(cli->cli, usr_creds);
- cli->cli->use_ntlmv2 = lp_client_ntlmv2();
-
return cli;
}
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 0b0292e632..89e52ed779 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -53,12 +53,20 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
char *nt_password;
unsigned char trust_passwd[16];
fstring trust_acct;
+ fstring domain;
+ char *p;
fstring srv_name;
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
strupper(srv_name);
+ fstrcpy(domain, usr_creds->domain);
+
+ if (domain[0] == 0)
+ {
+ fstrcpy(domain, info->dom.level3_dom);
+ }
#if 0
/* machine account passwords */
pstring new_mach_pwd;
@@ -76,6 +84,7 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
if (nt_user_name[0] == 0)
{
report(out_hnd,"ntlogin: must specify username with anonymous connection\n");
+ report(out_hnd,"ntlogin [[DOMAIN\\]user] [password]\n");
return;
}
}
@@ -84,6 +93,24 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
fstrcpy(nt_user_name, argv[0]);
}
+ p = strchr(nt_user_name, '\\');
+ if (p != NULL)
+ {
+ fstrcpy(domain, nt_user_name);
+ p = strchr(domain, '\\');
+ if (p != NULL)
+ {
+ *p = 0;
+ fstrcpy(nt_user_name, p+1);
+ }
+
+ }
+
+ if (domain[0] == 0)
+ {
+ report(out_hnd,"no domain specified.\n");
+ }
+
argc--;
argv++;
@@ -102,7 +129,7 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
fstrcpy(trust_acct, info->myhostname);
fstrcat(trust_acct, "$");
- res = res ? trust_get_passwd(trust_passwd, usr_creds->domain, info->myhostname) : False;
+ res = res ? trust_get_passwd(trust_passwd, domain, info->myhostname) : False;
#if 0
/* check whether the user wants to change their machine password */
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index c4cb613ee2..f38587ceb6 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1717,7 +1717,7 @@ void cmd_sam_set_userinfo2(struct client_info *info, int argc, char *argv[])
if (True)
{
- SAM_USER_INFO_16 *p = malloc(sizeof(SAM_USER_INFO_16));
+ SAM_USER_INFO_16 *p = (SAM_USER_INFO_16 *)malloc(sizeof(SAM_USER_INFO_16));
p->acb_info = usr16.acb_info;
usr = (void*)p;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index a8546b7733..4dc919fd97 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -318,7 +318,7 @@ struct command_set commands[] =
{
"ntlogin",
cmd_netlogon_login_test,
- "[username] [password] NT Domain login test",
+ "[[DOMAIN\\]username] [password] NT Domain login test",
{COMPL_NONE, COMPL_NONE}
},
{