summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_netlogon.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-03-23 13:03:25 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-03-23 13:03:25 +0000
commit1f5e93e2e7dccb16da3b733fffd401867b2ea3b9 (patch)
tree9e5d52a4f60ee97e1d15613290a22a378e05aa1b /source3/rpc_client/cli_netlogon.c
parentb6520a4d48606589d3e2eedf954415f4c86dd04f (diff)
downloadsamba-1f5e93e2e7dccb16da3b733fffd401867b2ea3b9.tar.gz
samba-1f5e93e2e7dccb16da3b733fffd401867b2ea3b9.tar.bz2
samba-1f5e93e2e7dccb16da3b733fffd401867b2ea3b9.zip
NTLM Authentication:
- Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit dcdc75ebd89f504a0f6e3a3bc5b43298858d276b)
Diffstat (limited to 'source3/rpc_client/cli_netlogon.c')
-rw-r--r--source3/rpc_client/cli_netlogon.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index cbb09803af..f83571af03 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -597,7 +597,7 @@ NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
const char *username, const char *domain, const char *workstation,
- const uint8 chal[8],
+ const uint8 chal[8],
DATA_BLOB lm_response, DATA_BLOB nt_response,
NET_USER_INFO_3 *info3)
@@ -610,6 +610,8 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c
NET_ID_INFO_CTR ctr;
int validation_level = 3;
char *workstation_name_slash;
+ uint8 netlogon_sess_key[16];
+ static uint8 zeros[16];
ZERO_STRUCT(q);
ZERO_STRUCT(r);
@@ -662,6 +664,15 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c
goto done;
}
+ ZERO_STRUCT(netlogon_sess_key);
+ memcpy(netlogon_sess_key, cli->sess_key, 8);
+
+ if (memcmp(zeros, info3->user_sess_key, 16) != 0)
+ SamOEMhash(info3->user_sess_key, netlogon_sess_key, 16);
+
+ if (memcmp(zeros, info3->padding, 16) != 0)
+ SamOEMhash(info3->padding, netlogon_sess_key, 16);
+
/* Return results */
result = r.status;