cli_login.c :

	start to create the calls needed for client-side of "network" logins,
	which will be used for domain version of pass-through authentication.
	unfortunately, none of this code is called in the main branch, because
	smbclient BRANCH_NTDOM code isn't in use, yet!

srv_netlog.c :

	fixed a problem with static net_login_network() which was being
	stubborn: the if() statement looked horrendous, so i split it into
	two if() statements, one to deal with the lm password; the other to
	deal with the nt password.

	the smb_password_check() functions should _not_ be called here, in
	case we decide to disable lm hashes for security reasons, just like
	nt does.

	so, we now get a response to the SAM_LOGON "network" call, but the
	connection is still dropped.  a trace is needed from an nt server,
	which is why i started on the client-side code.  see above, which
	is why i'm calling it a day :-)
(This used to be commit 2c29a7d9cf2d8b35e4b6e37e5d24caa91af3a9be)

2 files changed, 59 insertions, 18 deletions

diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 2033ea437e..049dcf19e6 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -294,6 +294,24 @@ void make_nt_login_interactive(NET_ID_INFO_CTR *ctr,
 }
 
 /****************************************************************************
+ make network sam login info
+ ****************************************************************************/
+void make_nt_login_network(NET_ID_INFO_CTR *ctr,
+				char *workgroup, char *myhostname,
+				uint32 smb_userid, char *username,
+				char lm_chal[8], char lm_chal_resp[24], char nt_chal_resp[24])
+{
+	/* indicate a "network" login */
+	ctr->switch_value = 2;
+
+	/* this is used in both the SAM Logon and the SAM Logoff */
+	make_id_info2(&ctr->auth.id2, workgroup, 0,
+			  smb_userid, 0,
+			  username, myhostname,
+			  lm_chal, lm_chal_resp, nt_chal_resp);
+}
+
+/****************************************************************************
 experimental nt login.
 ****************************************************************************/
 BOOL do_nt_login(struct cli_state *cli, int t_idx, uint16 fnum,
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index d7a1b9e421..1b66b8061f 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -488,11 +488,13 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
 	char nt_pwd[16];
 	char lm_pwd[16];
 	unsigned char key[16];
+
 	memset(key, 0, 16);
 	memcpy(key, vuser->dc.sess_key, 8);
 
-        memcpy(lm_pwd, id1->lm_owf.data, 16);
-        memcpy(nt_pwd, id1->nt_owf.data, 16);
+	memcpy(lm_pwd, id1->lm_owf.data, 16);
+	memcpy(nt_pwd, id1->nt_owf.data, 16);
+
 	SamOEMhash(lm_pwd, key, False);
 	SamOEMhash(nt_pwd, key, False);
 
@@ -520,17 +522,40 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2,
 				struct smb_passwd *smb_pass,
 				user_struct *vuser)
 {
-	if ((id2->lm_chal_resp.str_str_len == 24 ||
-	     id2->lm_chal_resp.str_str_len == 0) &&
-	    id2->nt_chal_resp.str_str_len == 24 && 
-            (((smb_pass->smb_nt_passwd != NULL) &&
-               smb_password_check(id2->nt_chal_resp.buffer, smb_pass->smb_nt_passwd,
-                                 id2->lm_chal)) ||
-               smb_password_check(id2->lm_chal_resp.buffer, smb_pass->smb_passwd,
-                                 id2->lm_chal)))
+	DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
+		id2->lm_chal_resp.str_str_len, 
+		id2->nt_chal_resp.str_str_len));
+
+	/* check the lm password, first. */
+	/* lkclXXXX this is not a good place to put disabling of LM hashes in.
+	   if that is to be done, first move this entire function into a
+	   library routine that calls the two smb_password_check() functions.
+	   if disabling LM hashes (which nt can do for security reasons) then
+	   an attempt should be made to disable them everywhere (which nt does
+	   not do, for various security-hole reasons).
+	 */
+
+	if (id2->lm_chal_resp.str_str_len == 24 &&
+		smb_password_check(id2->lm_chal_resp.buffer,
+		                   smb_pass->smb_passwd,
+		                   id2->lm_chal))
+	{
+		return 0x0;
+	}
+
+	/* now check the nt password, if it exists */
+
+	if (id2->nt_chal_resp.str_str_len == 24 && 
+		smb_pass->smb_nt_passwd != NULL &&
+		smb_password_check(id2->nt_chal_resp.buffer,
+		                   smb_pass->smb_nt_passwd,
+                           id2->lm_chal)) 
 	{
 		return 0x0;
 	}
+
+	/* oops! neither password check succeeded */
+
 	return 0xC0000000 | NT_STATUS_WRONG_PASSWORD;
 }
 
@@ -577,21 +602,17 @@ static void api_net_sam_logon( int uid,
 			case 1:
 			{
 				uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
-				pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
-		                                uni_samlogon_user->uni_str_len));
 
-				DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  User:[%s]\n",
-				          lp_workgroup(), samlogon_user));
+				DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ",
+				          lp_workgroup()));
 				break;
 			}
 			case 2:
 			{
 				uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
-				pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
-		                                uni_samlogon_user->uni_str_len));
 
-				DEBUG(3,("SAM Logon (Network). Domain:[%s].  User:[%s]\n",
-				          lp_workgroup(), samlogon_user));
+				DEBUG(3,("SAM Logon (Network). Domain:[%s].  ",
+				          lp_workgroup()));
 				break;
 			}
 			default:
@@ -610,6 +631,8 @@ static void api_net_sam_logon( int uid,
 		pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
 		                                uni_samlogon_user->uni_str_len));
 
+		DEBUG(3,("User:[%s]\n", samlogon_user));
+
 		become_root(True);
 		smb_pass = get_smbpwd_entry(samlogon_user, 0);
 		unbecome_root(True);