summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_domain.c1
-rw-r--r--source3/auth/auth_netlogond.c7
-rw-r--r--source3/auth/auth_sam.c53
-rw-r--r--source3/auth/auth_util.c5
4 files changed, 52 insertions, 14 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index f11dbe60ee..6aca443fe7 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index c39dd8c752..3947873aaa 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -68,15 +69,13 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
* rpccli_netlogon_sam_network_logon_ex can decrypt the session keys.
*/
- p->dc = talloc(p, struct dcinfo);
+ p->dc = netlogon_creds_client_init_session_key(p, schannel_key);
if (p->dc == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(p);
return NT_STATUS_NO_MEMORY;
}
- memcpy(p->dc->sess_key, schannel_key, 16);
-
status = rpccli_netlogon_sam_network_logon_ex(
p, p,
user_info->logon_parameters,/* flags such as 'allow
@@ -256,7 +255,7 @@ static NTSTATUS check_netlogond_security(const struct auth_context *auth_context
goto done;
}
- memcpy(schannel_key, p->dc->sess_key, 16);
+ memcpy(schannel_key, p->dc->session_key, 16);
secrets_store_local_schannel_key(schannel_key);
TALLOC_FREE(p);
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index f5d61e9a9b..a2634feb6c 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -39,7 +40,12 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
{
uint32 acct_ctrl;
const uint8 *lm_pw, *nt_pw;
+ struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash;
const char *username = pdb_get_username(sampass);
+ bool got_lm = false, got_nt = false;
+
+ *user_sess_key = data_blob(NULL, 0);
+ *lm_sess_key = data_blob(NULL, 0);
acct_ctrl = pdb_get_acct_ctrl(sampass);
if (acct_ctrl & ACB_PWNOTREQ) {
@@ -54,14 +60,45 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
lm_pw = pdb_get_lanman_passwd(sampass);
nt_pw = pdb_get_nt_passwd(sampass);
-
- return ntlm_password_check(mem_ctx, &auth_context->challenge,
- &user_info->lm_resp, &user_info->nt_resp,
- &user_info->lm_interactive_pwd, &user_info->nt_interactive_pwd,
- username,
- user_info->smb_name,
- user_info->client_domain,
- lm_pw, nt_pw, user_sess_key, lm_sess_key);
+ if (lm_pw) {
+ memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash));
+ }
+ if (nt_pw) {
+ memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash));
+ }
+ if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
+ memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash));
+ got_lm = true;
+ }
+ if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
+ memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash));
+ got_nt = true;
+ }
+ if (got_lm || got_nt) {
+ *user_sess_key = data_blob(mem_ctx, 16);
+ if (!user_sess_key->data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
+ return hash_password_check(mem_ctx, lp_lanman_auth(),
+ got_lm ? &client_lm_hash : NULL,
+ got_nt ? &client_nt_hash : NULL,
+ username,
+ lm_pw ? &lm_hash: NULL,
+ nt_pw ? &nt_hash : NULL);
+ } else {
+ return ntlm_password_check(mem_ctx, lp_lanman_auth(),
+ lp_ntlm_auth(),
+ user_info->logon_parameters,
+ &auth_context->challenge,
+ &user_info->lm_resp, &user_info->nt_resp,
+ username,
+ user_info->smb_name,
+ user_info->client_domain,
+ lm_pw ? &lm_hash: NULL,
+ nt_pw ? &nt_hash : NULL,
+ user_sess_key, lm_sess_key);
+ }
}
/****************************************************************************
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index cf6588ad82..c55fb70ef2 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -22,6 +22,7 @@
*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -330,10 +331,10 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
#endif
if (lm_interactive_pwd)
- SamOEMhash(lm_pwd, key, sizeof(lm_pwd));
+ arcfour_crypt(lm_pwd, key, sizeof(lm_pwd));
if (nt_interactive_pwd)
- SamOEMhash(nt_pwd, key, sizeof(nt_pwd));
+ arcfour_crypt(nt_pwd, key, sizeof(nt_pwd));
#ifdef DEBUG_PASSWORD
DEBUG(100,("decrypt of lm owf password:"));
generated by cgit (git 2.34.1) at 2025-03-09 09:08:05 +0000