summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-06-29 18:47:06 +0000
committerLuke Leighton <lkcl@samba.org>1999-06-29 18:47:06 +0000
commit73891ca8e4f6cca6aa8bb0ae043f660a64baa056 (patch)
tree9ed22c56d9f3eeac6608f25971e7b29f8006ae79 /source3/rpc_server
parent1dc6c6c7ca54578d9e6040a9d4d5e509f1ad3af3 (diff)
downloadsamba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.tar.gz
samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.tar.bz2
samba-73891ca8e4f6cca6aa8bb0ae043f660a64baa056.zip
improving authentication code (tidyup).
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog.c45
-rw-r--r--source3/rpc_server/srv_pipe.c38
2 files changed, 39 insertions, 44 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 7ee45ada16..9c260d5759 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -630,43 +630,26 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
struct sam_passwd *smb_pass,
user_struct *vuser)
{
- DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
- id2->hdr_lm_chal_resp.str_str_len,
- id2->hdr_nt_chal_resp.str_str_len));
+ fstring user;
+ fstring domain;
- /* JRA. Check the NT password first if it exists - this is a higher quality
- password, if it exists and it doesn't match - fail. */
+ int nt_pw_len = id2->hdr_nt_chal_resp.str_str_len >= 24;
+ int lm_pw_len = id2->hdr_lm_chal_resp.str_str_len >= 24;
- if (id2->hdr_nt_chal_resp.str_str_len == 24 &&
- smb_pass->smb_nt_passwd != NULL)
- {
- if(smb_password_check((char *)id2->nt_chal_resp.buffer,
- smb_pass->smb_nt_passwd,
- id2->lm_chal))
- return 0x0;
- else
- return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
- }
+ unistr2_to_ascii(user , &id2->uni_user_name, sizeof(user)-1);
+ unistr2_to_ascii(domain, &id2->uni_domain_name, sizeof(domain)-1);
+
+ DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n",
+ lm_pw_len, nt_pw_len, user, domain));
- /* lkclXXXX this is not a good place to put disabling of LM hashes in.
- if that is to be done, first move this entire function into a
- library routine that calls the two smb_password_check() functions.
- if disabling LM hashes (which nt can do for security reasons) then
- an attempt should be made to disable them everywhere (which nt does
- not do, for various security-hole reasons).
- */
-
- if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
- smb_password_check((char *)id2->lm_chal_resp.buffer,
- smb_pass->smb_passwd,
- id2->lm_chal))
+ if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal,
+ user, domain,
+ (uchar *)id2->lm_chal_resp.buffer, lm_pw_len,
+ (uchar *)id2->nt_chal_resp.buffer, nt_pw_len))
{
- return 0x0;
+ return 0x0;
}
-
- /* oops! neither password check succeeded */
-
return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index d98fecbc1f..3e5d986935 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -208,7 +208,9 @@ BOOL create_rpc_reply(pipes_struct *p,
static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
{
uchar lm_owf[24];
- uchar nt_owf[24];
+ uchar nt_owf[128];
+ size_t lm_owf_len;
+ size_t nt_owf_len;
struct smb_passwd *smb_pass = NULL;
user_struct *vuser = get_valid_user_struct(p->vuid);
@@ -221,12 +223,29 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
return False;
}
- if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
- if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
+ lm_owf_len = p->ntlmssp_resp.hdr_lm_resp.str_str_len;
+ nt_owf_len = p->ntlmssp_resp.hdr_nt_resp.str_str_len;
+
+
+ if (lm_owf_len == 0) return False;
+ if (nt_owf_len == 0) return False;
if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False;
+ if (lm_owf_len > sizeof(lm_owf)) return False;
+ if (nt_owf_len > sizeof(nt_owf)) return False;
+
+ memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
+ memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm, nt owfs, chal\n"));
+ dump_data(100, lm_owf, sizeof(lm_owf));
+ dump_data(100, nt_owf, sizeof(nt_owf));
+ dump_data(100, p->ntlmssp_chal.challenge, 8);
+#endif
+
memset(p->user_name, 0, sizeof(p->user_name));
memset(p->domain , 0, sizeof(p->domain ));
memset(p->wks , 0, sizeof(p->wks ));
@@ -252,19 +271,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
- memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
- memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
-
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("lm, nt owfs, chal\n"));
- dump_data(100, lm_owf, sizeof(lm_owf));
- dump_data(100, nt_owf, sizeof(nt_owf));
- dump_data(100, p->ntlmssp_chal.challenge, 8);
-#endif
become_root(True);
p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
(uchar*)p->ntlmssp_chal.challenge,
- lm_owf, nt_owf, NULL, vuser->dc.user_sess_key);
+ lm_owf, lm_owf_len,
+ nt_owf, nt_owf_len,
+ NULL, vuser->dc.user_sess_key);
smb_pass = getsmbpwnam(p->user_name);
unbecome_root(True);