summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-12-01 16:39:51 +0000
committerLuke Leighton <lkcl@samba.org>1999-12-01 16:39:51 +0000
commit106fe88be01f7ac7d1369e97a6468dcd80c0a813 (patch)
tree6e6fc4c4da5fbc96d353cada70119a2a703acc9e /source3/libsmb
parent6ddfc68e0496dc41f8c9a022a0b04a2066b43c9d (diff)
downloadsamba-106fe88be01f7ac7d1369e97a6468dcd80c0a813.tar.gz
samba-106fe88be01f7ac7d1369e97a6468dcd80c0a813.tar.bz2
samba-106fe88be01f7ac7d1369e97a6468dcd80c0a813.zip
1) when no domain used in ntlogin test command, should use default one
from previous lsaquery command. over-ridden from DOMAIN\username 2) initialisation of cli_state is a little more specific: sets use_ntlmv2 to Auto. this can always be over-ridden. 3) fixed reusage of ntlmssp_cli_flgs which was being a pain 4) added pwd_compare() function then fixed bug in cli_use where NULL domain name was making connections multiply unfruitfully 5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch (This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/clientgen.c36
-rw-r--r--source3/libsmb/pwd_cache.c63
2 files changed, 79 insertions, 20 deletions
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index f3bd08895d..5a0363185f 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -2675,8 +2675,18 @@ initialise a client structure
****************************************************************************/
void cli_init_creds(struct cli_state *cli, const struct user_credentials *usr)
{
- copy_user_creds(&cli->usr, usr);
- cli->ntlmssp_cli_flgs = usr->ntlmssp_flags;
+ if (usr != NULL)
+ {
+ copy_user_creds(&cli->usr, usr);
+ cli->ntlmssp_cli_flgs = usr->ntlmssp_flags;
+ }
+ else
+ {
+ cli->usr.domain[0] = 0;
+ cli->usr.user_name[0] = 0;
+ pwd_set_nullpwd(&cli->usr.pwd);
+ cli->ntlmssp_cli_flgs = 0;
+ }
}
/****************************************************************************
@@ -2715,7 +2725,10 @@ struct cli_state *cli_initialise(struct cli_state *cli)
}
cli->initialised = 1;
- cli->capabilities = CAP_DFS;
+ cli->capabilities = CAP_DFS | CAP_NT_SMBS | CAP_STATUS32;
+ cli->use_ntlmv2 = Auto;
+
+ cli_init_creds(cli, NULL);
return cli;
}
@@ -2984,6 +2997,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
if (IS_BITS_SET_ALL(cli->capabilities, CAP_EXTENDED_SECURITY))
{
/* common to both session setups */
+ uint32 ntlmssp_flgs;
char pwd_buf[128];
int buf_len;
char *p;
@@ -3024,9 +3038,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
p = skip_string(p, 1);
CVAL(p, 0) = 0x1;
p += 4;
- if (cli->ntlmssp_cli_flgs == 0)
- {
- cli->ntlmssp_cli_flgs =
+ ntlmssp_flgs =
NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
@@ -3036,11 +3048,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000;
-#if 0
- cli->ntlmssp_cli_flgs = 0x80008207;
-#endif
- }
- SIVAL(p, 0, cli->ntlmssp_cli_flgs);
+ SIVAL(p, 0, ntlmssp_flgs);
p += 4;
p += 16; /* skip some NULL space */
CVAL(p, 0) = 0; p++; /* alignment */
@@ -3072,12 +3080,12 @@ BOOL cli_establish_connection(struct cli_state *cli,
}
p = smb_buf(cli->inbuf) + 0x2f;
- cli->ntlmssp_cli_flgs = IVAL(p, 0); /* 0x80808a05; */
+ ntlmssp_flgs = IVAL(p, 0); /* 0x80808a05; */
p += 4;
memcpy(cli->cryptkey, p, 8);
#ifdef DEBUG_PASSWORD
DEBUG(100,("cli_session_setup_x: ntlmssp %8x\n",
- cli->ntlmssp_cli_flgs));
+ ntlmssp_flgs));
DEBUG(100,("cli_session_setup_x: crypt key\n"));
dump_data(100, cli->cryptkey, 8);
@@ -3098,7 +3106,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
create_ntlmssp_resp(&cli->usr.pwd, cli->usr.domain,
cli->usr.user_name, cli->calling.name,
- cli->ntlmssp_cli_flgs,
+ ntlmssp_flgs,
&auth_resp);
prs_link(NULL, &auth_resp, NULL);
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index 8f030a1a08..9680349a86 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -29,12 +29,12 @@ initialises a password structure
****************************************************************************/
void pwd_init(struct pwd_info *pwd)
{
- bzero(pwd->password , sizeof(pwd->password ));
- bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
- bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
- bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
- bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
- bzero(pwd->sess_key , sizeof(pwd->sess_key ));
+ ZERO_STRUCT(pwd->password );
+ ZERO_STRUCT(pwd->smb_lm_pwd);
+ ZERO_STRUCT(pwd->smb_nt_pwd);
+ ZERO_STRUCT(pwd->smb_lm_owf);
+ ZERO_STRUCT(pwd->smb_nt_owf);
+ ZERO_STRUCT(pwd->sess_key );
pwd->nt_owf_len = 0;
pwd->null_pwd = True; /* safest option... */
@@ -64,6 +64,57 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key)
}
/****************************************************************************
+compares two passwords. hmm, not as trivial as expected. hmm.
+****************************************************************************/
+BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2)
+{
+ pwd_deobfuscate(pwd1);
+ pwd_deobfuscate(pwd2);
+ if (pwd1->cleartext && pwd2->cleartext)
+ {
+ if (strequal(pwd1->password, pwd2->password))
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ }
+ if (pwd1->null_pwd && pwd2->null_pwd)
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ if (pwd1->crypted || pwd2->crypted)
+ {
+ DEBUG(5,("pwd_compare: cannot compare crypted passwords\n"));
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return False;
+ }
+
+ if (!pwd1->crypted && !pwd2->crypted &&
+ !pwd1->null_pwd && !pwd2->null_pwd &&
+ !pwd1->cleartext && !pwd2->cleartext)
+ {
+ if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
+ {
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return True;
+ }
+ }
+ pwd_obfuscate(pwd1);
+ pwd_obfuscate(pwd2);
+ return False;
+}
+/****************************************************************************
reads a password
****************************************************************************/
void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)