Rolled back tree state to 11:59pm 8th November 1997 EST to

remove problems.
Jeremy
(This used to be commit 4a36ac236c2ad634f05efcd0179875d09988614a)

2 files changed, 42 insertions, 174 deletions

diff --git a/source3/client/client.c b/source3/client/client.c
index 082118e0ba..52f4b837a6 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -3900,7 +3900,7 @@ static void usage(char *pname)
 		{
 			if (!cli_send_login(NULL,NULL,True,True)) return(1);
 
-			do_nt_login(dest_ip, desthost, myhostname, Client, cnum);
+			do_nt_login(desthost, myhostname, Client, cnum);
 
 			cli_send_logout();
 			close_sockets();
diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c
index 8d1ad0e8eb..7e360981c0 100644
--- a/source3/client/ntclient.c
+++ b/source3/client/ntclient.c
@@ -25,7 +25,6 @@
 #endif
 
 #include "includes.h"
-#include "nterr.h"
 
 extern int DEBUGLEVEL;
 extern pstring username;
@@ -36,109 +35,11 @@ extern pstring workgroup;
 
 #ifdef NTDOMAIN
 
-/************************************************************************
- check workstation trust account status
- ************************************************************************/
-BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
-				char *myhostname, char *domain,
-				fstring mach_pwd, fstring new_mach_pwd)
-{
-	pstring tmp;
-	struct cli_state wksta_trust;
-	fstring mach_acct;
-	uchar lm_owf_mach_pwd[16];
-	uchar nt_owf_mach_pwd[16];
-	uchar lm_sess_pwd[24];
-	uchar nt_sess_pwd[24];
-	BOOL right_error_code = False;
-
-	char *start_mach_pwd;
-	char *change_mach_pwd;
-
-	fstrcpy(mach_acct, myhostname);
-	strlower(mach_pwd);
-
-	fstrcpy(mach_pwd , myhostname);
-	strcat(mach_acct, "$");
-	strupper(mach_acct);
-
-	sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s].  Password: ",
-				mach_acct, mach_pwd);
-
-	start_mach_pwd = (char*)getpass(tmp);
-
-	if (start_mach_pwd[0] != 0)
-	{
-		fstrcpy(mach_pwd, start_mach_pwd);
-	}
-
-	sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.  Password: ",
-				mach_acct);
-
-	change_mach_pwd = (char*)getpass(tmp);
-
-	fstrcpy(new_mach_pwd, change_mach_pwd);
-
-	if (!cli_initialise(&wksta_trust))
-	{
-		DEBUG(1,("cli_initialise failed for wksta_trust\n"));
-		return False;
-	}
-
-	if (!server_connect_init(&wksta_trust, myhostname, dest_ip, dest_host))
-	{
-		uint8 err_cls;
-		uint32 err_num;
-		cli_error(&wksta_trust, &err_cls, &err_num);
-		DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&wksta_trust)));
-
-		cli_shutdown(&wksta_trust);
-		return False;
-	}
-
-	nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
-
-	DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
-	SMBOWFencrypt(nt_owf_mach_pwd, wksta_trust.cryptkey, nt_sess_pwd);
-	SMBOWFencrypt(lm_owf_mach_pwd, wksta_trust.cryptkey, lm_sess_pwd);
-
-	right_error_code = False;
-
-	if (!server_validate2(&wksta_trust, mach_acct, domain,
-			lm_sess_pwd, sizeof(lm_sess_pwd),
-			nt_sess_pwd, sizeof(nt_sess_pwd)))
-	{
-		uint8 err_cls;
-		uint32 err_num;
-		cli_error(&wksta_trust, &err_cls, &err_num);
-
-		if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT))
-		{
-			DEBUG(1,("server_validate: valid workstation trust account exists\n"));
-			right_error_code = True;
-		}
-
-		if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER))
-		{
-			DEBUG(1,("server_validate: workstation trust account does not exist\n"));
-			right_error_code = False;
-		}
-	}
-
-	if (!right_error_code)
-	{
-		DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&wksta_trust)));
-	}
-
-	cli_shutdown(&wksta_trust);
-	return right_error_code;
-}
 
 /****************************************************************************
 experimental nt login.
 ****************************************************************************/
-BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
-				char *myhostname,
+BOOL do_nt_login(char *desthost, char *myhostname,
 				int Client, int cnum)
 {
 	DOM_CHAL clnt_chal;
@@ -148,10 +49,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 
 	DOM_CHAL auth2_srv_chal;
 
-	DOM_CRED srv_pwset_clnt_cred;
-	DOM_CRED srv_pwset_rtn_cred;
-	DOM_CRED srv_pwset_srv_cred;
-
 	DOM_CRED sam_logon_clnt_cred;
 	DOM_CRED sam_logon_rtn_cred;
 	DOM_CRED sam_logon_srv_cred;
@@ -169,13 +66,9 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 
 	uchar sess_key[8];
 	char nt_owf_mach_pwd[16];
-	char nt_owf_new_mach_pwd[16];
-
-	fstring server_name;
 	fstring mach_acct;
-
 	fstring mach_pwd;
-	fstring new_mach_pwd;
+	fstring server_name;
 
 	RPC_IFACE abstract;
 	RPC_IFACE transfer;
@@ -195,8 +88,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 	uint32 call_id = 0;
 	char *inbuf,*outbuf; 
 
-	/******************** initialise ********************************/
-
 	zerotime.time = 0;
 
 	inbuf  = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
@@ -300,46 +191,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 	
 
 
-	/************ Check workstation trust account *******************/
-
-	/* default machine password is lower-case machine name (really secure) */
-	fstrcpy(mach_pwd, myhostname);
-	strlower(mach_pwd);
-
-	wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup, mach_pwd, new_mach_pwd);
-
-	/************ Long-term Session key (default) **********/
-
-	{
-		char lm_owf_mach_pwd[16];
-#ifdef DEBUG_PASSWORD
-		DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
-#endif
-		nt_lm_owf_gen(    mach_pwd, nt_owf_mach_pwd    , lm_owf_mach_pwd     );
-	}
-
-#ifdef DEBUG_PASSWORD
-	dump_data(6, nt_owf_mach_pwd, 16);
-#endif
-
-	/* calculate the session key */
-	cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
-
-	/*********** next new trust account password ************/
-	{
-		char lm_owf_new_mach_pwd[16];
-#ifdef DEBUG_PASSWORD
-		DEBUG(100,("generating nt owf from new     machine pwd: %s\n", new_mach_pwd));
-#endif
-		nt_lm_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd, lm_owf_new_mach_pwd);
-	}
-
-#ifdef DEBUG_PASSWORD
-	dump_data(6, nt_owf_new_mach_pwd, 16);
-#endif
-
-
-
 	/******************* open the \PIPE\NETLOGON file *****************/
 
 	if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_NETLOGON, Client, cnum)) == 0xffff)
@@ -365,51 +216,68 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 
 	/******************* Request Challenge ********************/
 
+	fstrcpy(mach_acct, myhostname);
+	strlower(mach_pwd);
+
+	fstrcpy(mach_pwd , myhostname);
+	strcat(mach_acct, "$");
+
 	SIVAL(clnt_chal.data, 0, 0x11111111);
 	SIVAL(clnt_chal.data, 4, 0x22222222);
 	
 	/* send a client challenge; receive a server challenge */
-	if (!do_lsa_req_chal(fnum, ++call_id, dest_host, myhostname, &clnt_chal, &srv_chal))
+	if (!do_lsa_req_chal(fnum, ++call_id, desthost, myhostname, &clnt_chal, &srv_chal))
 	{
 		cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
 		free(inbuf); free(outbuf);
 		return False;
 	}
 
-	/******************* Authenticate 2 ********************/
-
-	/* calculate auth-2 credentials */
-	cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
+	/************ Long-term Session key (default) **********/
 
-	/* send client auth-2 challenge; receive an auth-2 challenge */
-	if (!do_lsa_auth2(fnum, ++call_id, dest_host, mach_acct, 2, myhostname,
-	                  &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
+#if 0
+	/* DAMN!  can't get the machine password - need become_root() to do it! */
+	/* get the machine password */
+	if (!get_md4pw(mach_acct, nt_owf_mach_pwd))
 	{
 		cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
 		free(inbuf); free(outbuf);
 		return False;
 	}
 
-	/**************** Net Server Password Set **************/
+	DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd));
+#else
 
-	clnt_cred.timestamp.time = srv_pwset_clnt_cred.timestamp.time = time(NULL);
+	{
+		char lm_owf_mach_pwd[16];
+		nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
+		DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
+	}
 
-	/* calculate sam logon credentials, using the auth2 client challenge */
-	cred_create(sess_key, &(clnt_cred.challenge), srv_pwset_clnt_cred.timestamp,
-	                                  &(srv_pwset_clnt_cred.challenge));
-
-	/* send client srv_pwset challenge; receive a srv_pwset challenge */
-	if (!do_lsa_srv_pwset(fnum, ++call_id, sess_key, 
-	                  dest_host, mach_acct, 2, myhostname,
-	                  &srv_pwset_clnt_cred, &srv_pwset_srv_cred,
-	                  nt_owf_new_mach_pwd))
+#endif
+
+	dump_data(6, nt_owf_mach_pwd, 16);
+
+	/* calculate the session key */
+	cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
+
+
+	/******************* Authenticate 2 ********************/
+
+	/* calculate auth-2 credentials */
+	cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
+
+	/* send client auth-2 challenge; receive an auth-2 challenge */
+	if (!do_lsa_auth2(fnum, ++call_id, desthost, mach_acct, 2, myhostname,
+	                  &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
 	{
 		cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
 		free(inbuf); free(outbuf);
 		return False;
 	}
 
-	/****************** SAM Info Preparation *******************/
+
+	/*********************** SAM Info ***********************/
 
 	{
 		char lm_owf_user_pwd[16];
@@ -443,7 +311,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 
 	/* send client sam-logon challenge; receive a sam-logon challenge */
 	if (!do_lsa_sam_logon(fnum, ++call_id, sess_key, &clnt_cred, 
-	                  dest_host, mach_acct, 
+	                  desthost, mach_acct, 
 	                  &sam_logon_clnt_cred, &sam_logon_rtn_cred,
 	                  1, 1, &id1, &user_info1,
 	                  &sam_logon_srv_cred))
@@ -464,7 +332,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
 
 	/* send client sam-logoff challenge; receive a sam-logoff challenge */
 	if (!do_lsa_sam_logoff(fnum, ++call_id, sess_key, &clnt_cred,
-	                  dest_host, mach_acct, 
+	                  desthost, mach_acct, 
 	                  &sam_logoff_clnt_cred, &sam_logoff_rtn_cred,
 	                  1, 1, &id1,
 	                  &sam_logoff_srv_cred))