summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-06-07 22:17:51 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:37 -0500
commitf3826432fb14b1e10516afe9f6525aab7c1b720f (patch)
tree63e27b1fb30d80143c1530f0f6295a78fc8dcd5a
parentb717b40235b2433b26b20ced36142c250f9c411e (diff)
downloadsamba-f3826432fb14b1e10516afe9f6525aab7c1b720f.tar.gz
samba-f3826432fb14b1e10516afe9f6525aab7c1b720f.tar.bz2
samba-f3826432fb14b1e10516afe9f6525aab7c1b720f.zip
r1080: Make sure to initialise all the returned elements in the SamLogon
reply also initialise the LM session key, when we have it (was failing because the auth code was setting it's length wrong). Andrew Bartlett (This used to be commit de97d9df224f769953e850a276515923a830839c)
-rw-r--r--source4/libcli/auth/ntlm_check.c23
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c21
2 files changed, 27 insertions, 17 deletions
diff --git a/source4/libcli/auth/ntlm_check.c b/source4/libcli/auth/ntlm_check.c
index eab150ad4d..f101b230d4 100644
--- a/source4/libcli/auth/ntlm_check.c
+++ b/source4/libcli/auth/ntlm_check.c
@@ -326,10 +326,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
so use it only if we otherwise allow LM authentication */
if (lp_lanman_auth() && lm_pw) {
- uint8_t first_8_lm_hash[16];
- memcpy(first_8_lm_hash, lm_pw, 8);
- memset(first_8_lm_hash + 8, '\0', 8);
- *lm_sess_key = data_blob(first_8_lm_hash, 16);
+ *lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
} else {
@@ -367,11 +364,17 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
if (smb_pwd_check_ntlmv1(lm_response,
lm_pw, challenge,
NULL)) {
- uint8_t first_8_lm_hash[16];
- memcpy(first_8_lm_hash, lm_pw, 8);
- memset(first_8_lm_hash + 8, '\0', 8);
- *user_sess_key = data_blob(first_8_lm_hash, 16);
- *lm_sess_key = data_blob(first_8_lm_hash, 16);
+ /* The session key for this response is still very odd.
+ It not very secure, so use it only if we otherwise
+ allow LM authentication */
+
+ if (lp_lanman_auth() && lm_pw) {
+ uint8_t first_8_lm_hash[16];
+ memcpy(first_8_lm_hash, lm_pw, 8);
+ memset(first_8_lm_hash + 8, '\0', 8);
+ *user_sess_key = data_blob(first_8_lm_hash, 16);
+ *lm_sess_key = data_blob(lm_pw, 8);
+ }
return NT_STATUS_OK;
}
}
@@ -431,7 +434,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
memcpy(first_8_lm_hash, lm_pw, 8);
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob(first_8_lm_hash, 16);
- *lm_sess_key = data_blob(first_8_lm_hash, 16);
+ *lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 933f28d84a..301f2ed041 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -543,6 +543,16 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
sam->domain_sid->num_auths--;
+ sam->AccountControl = 0;
+
+ sam->unknown1 = 0;
+ sam->unknown2 = 0;
+ sam->unknown3 = 0;
+ sam->unknown4 = 0;
+ sam->unknown5 = 0;
+ sam->unknown6 = 0;
+ sam->unknown7 = 0;
+
sam->sidcount = 0;
sam->sids = NULL;
@@ -552,9 +562,9 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(sam->key.key);
}
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(sam->key.key, zeros,
sizeof(sam->key.key)) != 0) {
- /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
creds_arcfour_crypt(pipe_state->creds,
sam->key.key,
sizeof(sam->key.key));
@@ -567,6 +577,7 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(sam->LMSessKey.key);
}
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(sam->LMSessKey.key, zeros,
sizeof(sam->LMSessKey.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
@@ -584,11 +595,9 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam2->acct_expiry = sam->acct_expiry;
sam2->last_password_change = sam->last_password_change;
- sam2->allow_password_change = sam->allow_password_change;
-
- sam2->force_password_change = sam->force_password_change;
+ sam2->allow_password_change = sam->allow_password_change;
+ sam2->force_password_change = sam->force_password_change;
-
sam2->account_name = sam->account_name;
sam2->full_name = sam->full_name;
sam2->logon_script = sam->logon_script;
@@ -617,8 +626,6 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam2->AccountControl = sam->AccountControl;
- /* can we implicit memcpy an array? */
-
sam2->unknown1 = sam->unknown1;
sam2->unknown2 = sam->unknown2;
sam2->unknown3 = sam->unknown3;