summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-11-16 15:39:09 +0000
committerLuke Leighton <lkcl@samba.org>1999-11-16 15:39:09 +0000
commit774d2d73666b7deca79ae90dd10397e2e1f8e6d9 (patch)
treeff5e62b979d5f22d660656909d79b1df525325ae
parent8a84d000c96fe4487adba5df0f50fa6e8fb27c24 (diff)
downloadsamba-774d2d73666b7deca79ae90dd10397e2e1f8e6d9.tar.gz
samba-774d2d73666b7deca79ae90dd10397e2e1f8e6d9.tar.bz2
samba-774d2d73666b7deca79ae90dd10397e2e1f8e6d9.zip
Shirish Kalele <kalele@veritas.com> noticed that NT workstations are
sending anonymous NTLMSSP user credentials to set up \PIPE\samr. added anonymous NTLMSSP sessions. (This used to be commit df5ee2bd427ccd5fcf27fd3c366e06e037bc4f1e)
-rw-r--r--source3/rpc_server/srv_pipe.c69
1 files changed, 51 insertions, 18 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 1073ba2179..c6d9cf070e 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -207,14 +207,23 @@ BOOL create_rpc_reply(pipes_struct *p,
static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
{
+ uchar *pwd = NULL;
+ uchar null_pwd[16];
uchar lm_owf[24];
uchar nt_owf[128];
size_t lm_owf_len;
size_t nt_owf_len;
+ size_t usr_len;
+ size_t dom_len;
+ size_t wks_len;
+ BOOL anonymous = False;
+
struct smb_passwd *smb_pass = NULL;
user_struct *vuser = get_valid_user_struct(p->vuid);
+ memset(null_pwd, 0, sizeof(null_pwd));
+
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
if (vuser == NULL)
@@ -225,13 +234,23 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
lm_owf_len = p->ntlmssp_resp.hdr_lm_resp.str_str_len;
nt_owf_len = p->ntlmssp_resp.hdr_nt_resp.str_str_len;
+ usr_len = p->ntlmssp_resp.hdr_usr .str_str_len;
+ dom_len = p->ntlmssp_resp.hdr_domain .str_str_len;
+ wks_len = p->ntlmssp_resp.hdr_wks .str_str_len;
-
- if (lm_owf_len == 0) return False;
- if (nt_owf_len == 0) return False;
- if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
- if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
- if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False;
+ if (lm_owf_len == 0 && nt_owf_len == 0 &&
+ usr_len == 0 && dom_len == 0 && wks_len == 0)
+ {
+ anonymous = True;
+ }
+ else
+ {
+ if (lm_owf_len == 0) return False;
+ if (nt_owf_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False;
+ }
if (lm_owf_len > sizeof(lm_owf)) return False;
if (nt_owf_len > sizeof(nt_owf)) return False;
@@ -269,21 +288,36 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
fstrcpy(p->wks , p->ntlmssp_resp.wks );
}
- DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
- become_root(True);
- p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
- (uchar*)p->ntlmssp_chal.challenge,
- lm_owf, lm_owf_len,
- nt_owf, nt_owf_len,
- NULL, vuser->dc.user_sess_key);
- smb_pass = getsmbpwnam(p->user_name);
- unbecome_root(True);
+ if (anonymous)
+ {
+ DEBUG(5,("anonymous user session\n"));
+ mdfour(vuser->dc.user_sess_key, null_pwd, 16);
+ pwd = null_pwd;
+ p->ntlmssp_validated = True;
+ }
+ else
+ {
+ DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
+ become_root(True);
+ p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
+ (uchar*)p->ntlmssp_chal.challenge,
+ lm_owf, lm_owf_len,
+ nt_owf, nt_owf_len,
+ NULL, vuser->dc.user_sess_key);
+ smb_pass = getsmbpwnam(p->user_name);
+ unbecome_root(True);
+
+ if (smb_pass != NULL)
+ {
+ pwd = smb_pass->smb_passwd;
+ }
+ }
- if (p->ntlmssp_validated && smb_pass != NULL && smb_pass->smb_passwd)
+ if (p->ntlmssp_validated && pwd != NULL)
{
uchar p24[24];
- NTLMSSPOWFencrypt(smb_pass->smb_passwd, lm_owf, p24);
+ NTLMSSPOWFencrypt(pwd, lm_owf, p24);
{
unsigned char j = 0;
int ind;
@@ -314,7 +348,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
p->ntlmssp_hash[256] = 0;
p->ntlmssp_hash[257] = 0;
}
-/* NTLMSSPhash(p->ntlmssp_hash, p24); */
p->ntlmssp_seq_num = 0;
}
else