diff options
Diffstat (limited to 'source3/auth/auth_util.c')
-rw-r--r-- | source3/auth/auth_util.c | 167 |
1 files changed, 84 insertions, 83 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index f62cc2fb9e..9df5873983 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -124,9 +124,10 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, const char *client_domain, const char *domain, const char *wksta_name, - DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, - DATA_BLOB plaintext, - uint32 auth_flags, BOOL encrypted) + DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd, + DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd, + DATA_BLOB *plaintext, + BOOL encrypted) { DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); @@ -183,12 +184,19 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, DEBUG(5,("making blobs for %s's user_info struct\n", internal_username)); - (*user_info)->lm_resp = data_blob(lm_pwd.data, lm_pwd.length); - (*user_info)->nt_resp = data_blob(nt_pwd.data, nt_pwd.length); - (*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length); + if (lm_pwd) + (*user_info)->lm_resp = data_blob(lm_pwd->data, lm_pwd->length); + if (nt_pwd) + (*user_info)->nt_resp = data_blob(nt_pwd->data, nt_pwd->length); + if (lm_interactive_pwd) + (*user_info)->lm_interactive_pwd = data_blob(lm_interactive_pwd->data, lm_interactive_pwd->length); + if (nt_interactive_pwd) + (*user_info)->nt_interactive_pwd = data_blob(nt_interactive_pwd->data, nt_interactive_pwd->length); + + if (plaintext) + (*user_info)->plaintext_password = data_blob(plaintext->data, plaintext->length); (*user_info)->encrypted = encrypted; - (*user_info)->auth_flags = auth_flags; DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name)); @@ -203,9 +211,10 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, - DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, - DATA_BLOB plaintext, - uint32 ntlmssp_flags, BOOL encrypted) + DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd, + DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd, + DATA_BLOB *plaintext, + BOOL encrypted) { const char *domain; fstring internal_username; @@ -233,8 +242,10 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, /* we know that it is a trusted domain (and we are allowing them) or it is our domain */ return make_user_info(user_info, smb_name, internal_username, - client_domain, domain, wksta_name, lm_pwd, nt_pwd, - plaintext, ntlmssp_flags, encrypted); + client_domain, domain, wksta_name, + lm_pwd, nt_pwd, + lm_interactive_pwd, nt_interactive_pwd, + plaintext, encrypted); } /**************************************************************************** @@ -253,23 +264,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, NTSTATUS nt_status; DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len); DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len); - DATA_BLOB plaintext_blob = data_blob(NULL, 0); - uint32 auth_flags = AUTH_FLAG_NONE; - - if (lm_pwd_len) - auth_flags |= AUTH_FLAG_LM_RESP; - if (nt_pwd_len == 24) { - auth_flags |= AUTH_FLAG_NTLM_RESP; - } else if (nt_pwd_len != 0) { - auth_flags |= AUTH_FLAG_NTLMv2_RESP; - } nt_status = make_user_info_map(user_info, - smb_name, client_domain, - wksta_name, - lm_blob, nt_blob, - plaintext_blob, - auth_flags, True); + smb_name, client_domain, + wksta_name, + lm_pwd_len ? &lm_blob : NULL, + nt_pwd_len ? &nt_blob : NULL, + NULL, NULL, NULL, + True); ret = NT_STATUS_IS_OK(nt_status) ? True : False; @@ -297,7 +299,6 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; unsigned char key[16]; - uint32 auth_flags = AUTH_FLAG_NONE; ZERO_STRUCT(key); memcpy(key, dc_sess_key, 8); @@ -316,8 +317,11 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif - SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); - SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); + if (lm_interactive_pwd) + SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); + + if (nt_interactive_pwd) + SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); #ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); @@ -327,37 +331,51 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif - SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response); - SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response); + if (lm_interactive_pwd) + SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response); + + if (nt_interactive_pwd) + SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response); /* Password info paranoia */ - ZERO_STRUCT(lm_pwd); - ZERO_STRUCT(nt_pwd); ZERO_STRUCT(key); { BOOL ret; NTSTATUS nt_status; - DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response)); - DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); - DATA_BLOB plaintext_blob = data_blob(NULL, 0); + DATA_BLOB local_lm_blob; + DATA_BLOB local_nt_blob; - if (lm_interactive_pwd) - auth_flags |= AUTH_FLAG_LM_RESP; - if (nt_interactive_pwd) - auth_flags |= AUTH_FLAG_NTLM_RESP; + DATA_BLOB lm_interactive_blob; + DATA_BLOB nt_interactive_blob; + + if (lm_interactive_pwd) { + local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response)); + lm_interactive_blob = data_blob(lm_pwd, sizeof(lm_pwd)); + ZERO_STRUCT(lm_pwd); + } + + if (nt_interactive_pwd) { + local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); + nt_interactive_blob = data_blob(nt_pwd, sizeof(nt_pwd)); + ZERO_STRUCT(nt_pwd); + } nt_status = make_user_info_map(user_info, smb_name, client_domain, wksta_name, - local_lm_blob, - local_nt_blob, - plaintext_blob, - auth_flags, True); - + lm_interactive_pwd ? &local_lm_blob : NULL, + nt_interactive_pwd ? &local_nt_blob : NULL, + lm_interactive_pwd ? &lm_interactive_blob : NULL, + nt_interactive_pwd ? &nt_interactive_blob : NULL, + NULL, + True); + ret = NT_STATUS_IS_OK(nt_status) ? True : False; data_blob_free(&local_lm_blob); data_blob_free(&local_nt_blob); + data_blob_free(&lm_interactive_blob); + data_blob_free(&nt_interactive_blob); return ret; } } @@ -377,7 +395,6 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, DATA_BLOB local_lm_blob; DATA_BLOB local_nt_blob; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - uint32 auth_flags = AUTH_FLAG_NONE; /* * Not encrypted - do so. @@ -400,7 +417,6 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, case insensitive */ local_nt_blob = data_blob(NULL, 0); - auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP); } else { local_lm_blob = data_blob(NULL, 0); local_nt_blob = data_blob(NULL, 0); @@ -409,10 +425,11 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, ret = make_user_info_map(user_info, smb_name, client_domain, get_remote_machine_name(), - local_lm_blob, - local_nt_blob, - plaintext_password, - auth_flags, False); + local_lm_blob.data ? &local_lm_blob : NULL, + local_nt_blob.data ? &local_nt_blob : NULL, + NULL, NULL, + plaintext_password.data ? &plaintext_password : NULL, + False); data_blob_free(&local_lm_blob); return NT_STATUS_IS_OK(ret) ? True : False; @@ -427,27 +444,13 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, const char *client_domain, DATA_BLOB lm_resp, DATA_BLOB nt_resp) { - uint32 auth_flags = AUTH_FLAG_NONE; - - DATA_BLOB no_plaintext_blob = data_blob(NULL, 0); - - if (lm_resp.length == 24) { - auth_flags |= AUTH_FLAG_LM_RESP; - } - if (nt_resp.length == 0) { - } else if (nt_resp.length == 24) { - auth_flags |= AUTH_FLAG_NTLM_RESP; - } else { - auth_flags |= AUTH_FLAG_NTLMv2_RESP; - } - return make_user_info_map(user_info, smb_name, - client_domain, - get_remote_machine_name(), - lm_resp, - nt_resp, - no_plaintext_blob, - auth_flags, True); + client_domain, + get_remote_machine_name(), + lm_resp.data ? &lm_resp : NULL, + nt_resp.data ? &nt_resp : NULL, + NULL, NULL, NULL, + True); } /**************************************************************************** @@ -456,19 +459,16 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, BOOL make_user_info_guest(auth_usersupplied_info **user_info) { - DATA_BLOB lm_blob = data_blob(NULL, 0); - DATA_BLOB nt_blob = data_blob(NULL, 0); - DATA_BLOB plaintext_blob = data_blob(NULL, 0); - uint32 auth_flags = AUTH_FLAG_NONE; NTSTATUS nt_status; nt_status = make_user_info(user_info, - "","", - "","", - "", - nt_blob, lm_blob, - plaintext_blob, - auth_flags, True); + "","", + "","", + "", + NULL, NULL, + NULL, NULL, + NULL, + True); return NT_STATUS_IS_OK(nt_status) ? True : False; } @@ -1307,7 +1307,8 @@ void free_user_info(auth_usersupplied_info **user_info) SAFE_FREE((*user_info)->wksta_name.str); data_blob_free(&(*user_info)->lm_resp); data_blob_free(&(*user_info)->nt_resp); - SAFE_FREE((*user_info)->interactive_password); + data_blob_clear_free(&(*user_info)->lm_interactive_pwd); + data_blob_clear_free(&(*user_info)->nt_interactive_pwd); data_blob_clear_free(&(*user_info)->plaintext_password); ZERO_STRUCT(**user_info); } |