Various post AuthRewrite cleanups, fixups and tidyups.

Zero out some of the plaintext passwords for paranoia

Fix up some of the other passdb backends with the change to *uid_t rather than
uid_t.

Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.

Use sizeof() rather than magic numbers, it makes things easier to read.

Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.

Andrew Bartlett
(This used to be commit 514c91b16baca639bb04638042bf9894d881172a)

2 files changed, 31 insertions, 22 deletions

diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index d456da1fdf..8c4a520350 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -98,13 +98,15 @@ NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serve
 				update_smbpassword_file : NULL,
 				True);
 	
+	unbecome_root();
+
 	if NT_STATUS_IS_OK(nt_status) {
 		if (pass) {
 			make_server_info_pw(server_info, pass);
+		} else {
+			nt_status = NT_STATUS_NO_SUCH_USER;
 		}
 	}
 
-	unbecome_root();
-
 	return nt_status;
 }
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 85f01605ab..9de8142578 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -282,9 +282,12 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
 
 	if (lm_pwd_len)
 		ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM;
-	if (nt_pwd_len)
+	if (nt_pwd_len == 24) {
 		ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; 
-	
+	} else if (nt_pwd_len != 0) {
+		ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM2; 
+	}
+
 	ret = make_user_info_map(user_info, 
 				 smb_name, client_domain, 
 				 wksta_name, sec_blob, 
@@ -303,15 +306,15 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
 ****************************************************************************/
 
 BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, 
-				char *smb_name, 
-				char *client_domain, 
-				char *wksta_name, 
-				uchar *lm_interactive_pwd, int lm_pwd_len,
-				uchar *nt_interactive_pwd, int nt_pwd_len,
-				uchar *dc_sess_key)
+					 char *smb_name, 
+					 char *client_domain, 
+					 char *wksta_name, 
+					 uchar lm_interactive_pwd[16], 
+					 uchar nt_interactive_pwd[16], 
+					 uchar *dc_sess_key)
 {
-	char nt_pwd[16];
 	char lm_pwd[16];
+	char nt_pwd[16];
 	unsigned char local_lm_response[24];
 	unsigned char local_nt_response[24];
 	unsigned char key[16];
@@ -320,32 +323,32 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
 	
 	generate_random_buffer(chal, 8, False);
 
-	memset(key, 0, 16);
+	ZERO_STRUCT(key);
 	memcpy(key, dc_sess_key, 8);
 	
-	memcpy(lm_pwd, lm_interactive_pwd, 16);
-	memcpy(nt_pwd, nt_interactive_pwd, 16);
+	if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd));
+	if (nt_interactive_pwd) memcpy(nt_pwd, nt_interactive_pwd, sizeof(nt_pwd));
 	
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("key:"));
-	dump_data(100, (char *)key, 16);
+	dump_data(100, (char *)key, sizeof(key));
 	
 	DEBUG(100,("lm owf password:"));
-	dump_data(100, lm_pwd, 16);
+	dump_data(100, lm_pwd, sizeof(lm_pwd));
 	
 	DEBUG(100,("nt owf password:"));
-	dump_data(100, nt_pwd, 16);
+	dump_data(100, nt_pwd, sizeof(nt_pwd));
 #endif
 	
-	SamOEMhash((uchar *)lm_pwd, key, 16);
-	SamOEMhash((uchar *)nt_pwd, key, 16);
+	SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd));
+	SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd));
 	
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("decrypt of lm owf password:"));
-	dump_data(100, lm_pwd, 16);
+	dump_data(100, lm_pwd, sizeof(lm_pwd));
 	
 	DEBUG(100,("decrypt of nt owf password:"));
-	dump_data(100, nt_pwd, 16);
+	dump_data(100, nt_pwd, sizeof(nt_pwd));
 #endif
 	
 	generate_random_buffer(chal, 8, False);
@@ -364,7 +367,11 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
 		DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
 		DATA_BLOB plaintext_blob = data_blob(NULL, 0);
 
-		ntlmssp_flags = NTLMSSP_NEGOTIATE_OEM | NTLMSSP_NEGOTIATE_NTLM;		
+		if (lm_interactive_pwd)
+			ntlmssp_flags |= NTLMSSP_NEGOTIATE_OEM;
+		if (nt_interactive_pwd)
+			ntlmssp_flags |= NTLMSSP_NEGOTIATE_NTLM; 
+
 		ret = make_user_info_map(user_info, 
 					 smb_name, client_domain, 
 					 wksta_name, sec_blob,