adding user session key into network netlogon response.

(This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1)
author: Luke Leighton <lkcl@samba.org> 1999-11-21 17:11:00 +0000
committer: Luke Leighton <lkcl@samba.org> 1999-11-21 17:11:00 +0000
commit: 4081147c31919a973ce1859394d0f5a49a0c2f39 (patch)
tree: fdfd220068f4997652cf469b4cc270e599708148 /source3
parent: 4629acd6f509acd0b3761d49f42173bd2ba676b2 (diff)
download: samba-4081147c31919a973ce1859394d0f5a49a0c2f39.tar.gz
samba-4081147c31919a973ce1859394d0f5a49a0c2f39.tar.bz2
samba-4081147c31919a973ce1859394d0f5a49a0c2f39.zip
4 files changed, 53 insertions, 24 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f83485d455..9206c5e578 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2276,6 +2276,9 @@ BOOL get_samr_query_aliasinfo(struct cli_state *cli, uint16 fnum,
 				const POLICY_HND *pol_open_domain,
 				uint32 info_level,
 				uint32 alias_rid, ALIAS_INFO_CTR *ctr);
+BOOL msrpc_sam_create_dom_user(struct cli_state *cli, DOM_SID *sid1,
+				char *acct_name, uint16 acb_info,
+				uint32 *rid);
 
 /*The following definitions come from  rpc_parse/parse_at.c  */
 
@@ -4013,7 +4016,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
 				const char *user, const char *domain,
 				uchar *lm_pass, size_t lm_pwd_len,
 				uchar *nt_pass, size_t nt_pwd_len);
-BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal,
 		uchar *lm_pwd, size_t lm_pwd_len,
 		uchar *nt_pwd, size_t nt_pwd_len,
 		struct passwd *pwd, uchar user_sess_key[16]);
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 5e9ae35094..f8d7fe5718 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -666,8 +666,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
 	dump_data(100, nt_pwd, 16);
 #endif
 
-	SamOEMhash((uchar *)lm_pwd, key, False);
-	SamOEMhash((uchar *)nt_pwd, key, False);
+	SamOEMhash((uchar *)lm_pwd, key, 0);
+	SamOEMhash((uchar *)nt_pwd, key, 0);
 
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("decrypt of lm owf password:"));
@@ -697,8 +697,9 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
  net_login_network:
  *************************************************************************/
 static uint32 net_login_network(NET_ID_INFO_2 *id2,
-				struct sam_passwd *smb_pass,
-				user_struct *vuser)
+				struct sam_passwd *sam_pass,
+				user_struct *vuser,
+				char sess_key[16])
 {
 	fstring user;
 	fstring domain;
@@ -712,11 +713,33 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
 	DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n",
 		lm_pw_len, nt_pw_len, user, domain));
 
-	if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal, 
-	                    user, domain,
+	if (pass_check_smb(pwdb_sam_to_smb(sam_pass),
+	                    domain,
+	                    id2->lm_chal, 
 	                    (uchar *)id2->lm_chal_resp.buffer, lm_pw_len, 
-	                    (uchar *)id2->nt_chal_resp.buffer, nt_pw_len)) 
+	                    (uchar *)id2->nt_chal_resp.buffer, nt_pw_len,
+	                    NULL, sess_key)) 
 	{
+		unsigned char key[16];
+
+		memset(key, 0, 16);
+		memcpy(key, vuser->dc.sess_key, 8);
+
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("key:"));
+		dump_data(100, key, 16);
+
+		DEBUG(100,("user sess key:"));
+		dump_data(100, sess_key, 16);
+#endif
+
+		SamOEMhash((uchar *)sess_key, key, 0);
+
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("encrypt of user session key:"));
+		dump_data(100, sess_key, 16);
+#endif
+
                   return 0x0;
 	}
 
@@ -733,6 +756,8 @@ static uint32 reply_net_sam_logon( NET_Q_SAM_LOGON *q_l, user_struct *vuser,
 	UNISTR2 *uni_samusr = NULL;
 	UNISTR2 *uni_domain = NULL;
 	fstring nt_username;
+	char *enc_user_sess_key = NULL;
+	char sess_key[16];
 
 	NTTIME logon_time           ;
 	NTTIME logoff_time          ;
@@ -845,7 +870,8 @@ static uint32 reply_net_sam_logon( NET_Q_SAM_LOGON *q_l, user_struct *vuser,
 			case NET_LOGON_TYPE:
 			{
 				/* network login.  lm challenge and 24 byte responses */
-				status = net_login_network(&q_l->sam_id.ctr->auth.id2, sam_pass, vuser);
+				status = net_login_network(&q_l->sam_id.ctr->auth.id2, sam_pass, vuser, sess_key);
+				enc_user_sess_key = sess_key;
 				break;
 			}
 		}
@@ -896,7 +922,7 @@ static uint32 reply_net_sam_logon( NET_Q_SAM_LOGON *q_l, user_struct *vuser,
 		gids    , /* DOM_GID *gids */
 		0x20    , /* uint32 user_flgs (?) */
 
-		NULL, /* char sess_key[16] */
+		enc_user_sess_key, /* char sess_key[16] */
 
 		global_myname  , /* char *logon_srv */
 		global_sam_name, /* char *logon_dom */
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 075c9b0d37..c4664f7d7b 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -300,12 +300,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	{
 		DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
 		become_root(True);
-		p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
+		smb_pass = getsmbpwnam(p->user_name);
+		p->ntlmssp_validated = pass_check_smb(smb_pass, p->domain,
 				      (uchar*)p->ntlmssp_chal.challenge,
 				      lm_owf, lm_owf_len,
 				      nt_owf, nt_owf_len,
 				      NULL, vuser->dc.user_sess_key);
-		smb_pass = getsmbpwnam(p->user_name);
 		unbecome_root(True);
 
 		if (smb_pass != NULL)
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 2f0ab6e137..690e2e5f5c 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -467,16 +467,24 @@ SMB hash
 return True if the password is correct, False otherwise
 ****************************************************************************/
 
-BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal,
 		uchar *lm_pwd, size_t lm_pwd_len,
 		uchar *nt_pwd, size_t nt_pwd_len,
 		struct passwd *pwd, uchar user_sess_key[16])
 {
 	const struct passwd *pass;
 	struct passwd pw;
-	struct smb_passwd *smb_pass;
+	char *user = NULL;
 
-	if (!lm_pwd || !nt_pwd)
+	if (smb_pass == NULL)
+	{
+		DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
+		return False;
+	}
+
+	user = smb_pass->unix_name;
+
+	if (lm_pwd == NULL || nt_pwd == NULL)
 	{
 		return False;
 	}
@@ -498,14 +506,6 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
 		pass = &pw;
 	}
 
-	smb_pass = getsmbpwnam(user);
-
-	if (smb_pass == NULL)
-	{
-		DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
-		return False;
-	}
-
 	/* Quit if the account was disabled. */
 	if (smb_pass->acct_ctrl & ACB_DISABLED) {
 		DEBUG(3,("account for user %s was disabled.\n", user));
@@ -563,7 +563,7 @@ BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd,
 			return False;
 		}
 
-		return pass_check_smb(user, global_myworkgroup,
+		return pass_check_smb(getsmbpwnam(user), global_myworkgroup,
 		                      challenge, (uchar *)password,
 					pwlen, (uchar *)password, pwlen,
 					pwd, user_sess_key);
author	Luke Leighton <lkcl@samba.org>	1999-11-21 17:11:00 +0000
committer	Luke Leighton <lkcl@samba.org>	1999-11-21 17:11:00 +0000
commit	4081147c31919a973ce1859394d0f5a49a0c2f39 (patch)
tree	fdfd220068f4997652cf469b4cc270e599708148 /source3
parent	4629acd6f509acd0b3761d49f42173bd2ba676b2 (diff)
download	samba-4081147c31919a973ce1859394d0f5a49a0c2f39.tar.gz samba-4081147c31919a973ce1859394d0f5a49a0c2f39.tar.bz2 samba-4081147c31919a973ce1859394d0f5a49a0c2f39.zip