summaryrefslogtreecommitdiff
path: root/source3/client
diff options
context:
space:
mode:
Diffstat (limited to 'source3/client')
-rw-r--r--source3/client/client.c2
-rw-r--r--source3/client/ntclient.c214
2 files changed, 42 insertions, 174 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index 082118e0ba..52f4b837a6 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -3900,7 +3900,7 @@ static void usage(char *pname)
{
if (!cli_send_login(NULL,NULL,True,True)) return(1);
- do_nt_login(dest_ip, desthost, myhostname, Client, cnum);
+ do_nt_login(desthost, myhostname, Client, cnum);
cli_send_logout();
close_sockets();
diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c
index 8d1ad0e8eb..7e360981c0 100644
--- a/source3/client/ntclient.c
+++ b/source3/client/ntclient.c
@@ -25,7 +25,6 @@
#endif
#include "includes.h"
-#include "nterr.h"
extern int DEBUGLEVEL;
extern pstring username;
@@ -36,109 +35,11 @@ extern pstring workgroup;
#ifdef NTDOMAIN
-/************************************************************************
- check workstation trust account status
- ************************************************************************/
-BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
- char *myhostname, char *domain,
- fstring mach_pwd, fstring new_mach_pwd)
-{
- pstring tmp;
- struct cli_state wksta_trust;
- fstring mach_acct;
- uchar lm_owf_mach_pwd[16];
- uchar nt_owf_mach_pwd[16];
- uchar lm_sess_pwd[24];
- uchar nt_sess_pwd[24];
- BOOL right_error_code = False;
-
- char *start_mach_pwd;
- char *change_mach_pwd;
-
- fstrcpy(mach_acct, myhostname);
- strlower(mach_pwd);
-
- fstrcpy(mach_pwd , myhostname);
- strcat(mach_acct, "$");
- strupper(mach_acct);
-
- sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s]. Password: ",
- mach_acct, mach_pwd);
-
- start_mach_pwd = (char*)getpass(tmp);
-
- if (start_mach_pwd[0] != 0)
- {
- fstrcpy(mach_pwd, start_mach_pwd);
- }
-
- sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value. Password: ",
- mach_acct);
-
- change_mach_pwd = (char*)getpass(tmp);
-
- fstrcpy(new_mach_pwd, change_mach_pwd);
-
- if (!cli_initialise(&wksta_trust))
- {
- DEBUG(1,("cli_initialise failed for wksta_trust\n"));
- return False;
- }
-
- if (!server_connect_init(&wksta_trust, myhostname, dest_ip, dest_host))
- {
- uint8 err_cls;
- uint32 err_num;
- cli_error(&wksta_trust, &err_cls, &err_num);
- DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&wksta_trust)));
-
- cli_shutdown(&wksta_trust);
- return False;
- }
-
- nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
-
- DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
- SMBOWFencrypt(nt_owf_mach_pwd, wksta_trust.cryptkey, nt_sess_pwd);
- SMBOWFencrypt(lm_owf_mach_pwd, wksta_trust.cryptkey, lm_sess_pwd);
-
- right_error_code = False;
-
- if (!server_validate2(&wksta_trust, mach_acct, domain,
- lm_sess_pwd, sizeof(lm_sess_pwd),
- nt_sess_pwd, sizeof(nt_sess_pwd)))
- {
- uint8 err_cls;
- uint32 err_num;
- cli_error(&wksta_trust, &err_cls, &err_num);
-
- if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT))
- {
- DEBUG(1,("server_validate: valid workstation trust account exists\n"));
- right_error_code = True;
- }
-
- if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER))
- {
- DEBUG(1,("server_validate: workstation trust account does not exist\n"));
- right_error_code = False;
- }
- }
-
- if (!right_error_code)
- {
- DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&wksta_trust)));
- }
-
- cli_shutdown(&wksta_trust);
- return right_error_code;
-}
/****************************************************************************
experimental nt login.
****************************************************************************/
-BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
- char *myhostname,
+BOOL do_nt_login(char *desthost, char *myhostname,
int Client, int cnum)
{
DOM_CHAL clnt_chal;
@@ -148,10 +49,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
DOM_CHAL auth2_srv_chal;
- DOM_CRED srv_pwset_clnt_cred;
- DOM_CRED srv_pwset_rtn_cred;
- DOM_CRED srv_pwset_srv_cred;
-
DOM_CRED sam_logon_clnt_cred;
DOM_CRED sam_logon_rtn_cred;
DOM_CRED sam_logon_srv_cred;
@@ -169,13 +66,9 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
uchar sess_key[8];
char nt_owf_mach_pwd[16];
- char nt_owf_new_mach_pwd[16];
-
- fstring server_name;
fstring mach_acct;
-
fstring mach_pwd;
- fstring new_mach_pwd;
+ fstring server_name;
RPC_IFACE abstract;
RPC_IFACE transfer;
@@ -195,8 +88,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
uint32 call_id = 0;
char *inbuf,*outbuf;
- /******************** initialise ********************************/
-
zerotime.time = 0;
inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
@@ -300,46 +191,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
- /************ Check workstation trust account *******************/
-
- /* default machine password is lower-case machine name (really secure) */
- fstrcpy(mach_pwd, myhostname);
- strlower(mach_pwd);
-
- wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup, mach_pwd, new_mach_pwd);
-
- /************ Long-term Session key (default) **********/
-
- {
- char lm_owf_mach_pwd[16];
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
-#endif
- nt_lm_owf_gen( mach_pwd, nt_owf_mach_pwd , lm_owf_mach_pwd );
- }
-
-#ifdef DEBUG_PASSWORD
- dump_data(6, nt_owf_mach_pwd, 16);
-#endif
-
- /* calculate the session key */
- cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
-
- /*********** next new trust account password ************/
- {
- char lm_owf_new_mach_pwd[16];
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd));
-#endif
- nt_lm_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd, lm_owf_new_mach_pwd);
- }
-
-#ifdef DEBUG_PASSWORD
- dump_data(6, nt_owf_new_mach_pwd, 16);
-#endif
-
-
-
/******************* open the \PIPE\NETLOGON file *****************/
if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_NETLOGON, Client, cnum)) == 0xffff)
@@ -365,51 +216,68 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
/******************* Request Challenge ********************/
+ fstrcpy(mach_acct, myhostname);
+ strlower(mach_pwd);
+
+ fstrcpy(mach_pwd , myhostname);
+ strcat(mach_acct, "$");
+
SIVAL(clnt_chal.data, 0, 0x11111111);
SIVAL(clnt_chal.data, 4, 0x22222222);
/* send a client challenge; receive a server challenge */
- if (!do_lsa_req_chal(fnum, ++call_id, dest_host, myhostname, &clnt_chal, &srv_chal))
+ if (!do_lsa_req_chal(fnum, ++call_id, desthost, myhostname, &clnt_chal, &srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
- /******************* Authenticate 2 ********************/
-
- /* calculate auth-2 credentials */
- cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
+ /************ Long-term Session key (default) **********/
- /* send client auth-2 challenge; receive an auth-2 challenge */
- if (!do_lsa_auth2(fnum, ++call_id, dest_host, mach_acct, 2, myhostname,
- &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
+#if 0
+ /* DAMN! can't get the machine password - need become_root() to do it! */
+ /* get the machine password */
+ if (!get_md4pw(mach_acct, nt_owf_mach_pwd))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
- /**************** Net Server Password Set **************/
+ DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd));
+#else
- clnt_cred.timestamp.time = srv_pwset_clnt_cred.timestamp.time = time(NULL);
+ {
+ char lm_owf_mach_pwd[16];
+ nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
+ DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
+ }
- /* calculate sam logon credentials, using the auth2 client challenge */
- cred_create(sess_key, &(clnt_cred.challenge), srv_pwset_clnt_cred.timestamp,
- &(srv_pwset_clnt_cred.challenge));
-
- /* send client srv_pwset challenge; receive a srv_pwset challenge */
- if (!do_lsa_srv_pwset(fnum, ++call_id, sess_key,
- dest_host, mach_acct, 2, myhostname,
- &srv_pwset_clnt_cred, &srv_pwset_srv_cred,
- nt_owf_new_mach_pwd))
+#endif
+
+ dump_data(6, nt_owf_mach_pwd, 16);
+
+ /* calculate the session key */
+ cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
+
+
+ /******************* Authenticate 2 ********************/
+
+ /* calculate auth-2 credentials */
+ cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
+
+ /* send client auth-2 challenge; receive an auth-2 challenge */
+ if (!do_lsa_auth2(fnum, ++call_id, desthost, mach_acct, 2, myhostname,
+ &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
- /****************** SAM Info Preparation *******************/
+
+ /*********************** SAM Info ***********************/
{
char lm_owf_user_pwd[16];
@@ -443,7 +311,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
/* send client sam-logon challenge; receive a sam-logon challenge */
if (!do_lsa_sam_logon(fnum, ++call_id, sess_key, &clnt_cred,
- dest_host, mach_acct,
+ desthost, mach_acct,
&sam_logon_clnt_cred, &sam_logon_rtn_cred,
1, 1, &id1, &user_info1,
&sam_logon_srv_cred))
@@ -464,7 +332,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
/* send client sam-logoff challenge; receive a sam-logoff challenge */
if (!do_lsa_sam_logoff(fnum, ++call_id, sess_key, &clnt_cred,
- dest_host, mach_acct,
+ desthost, mach_acct,
&sam_logoff_clnt_cred, &sam_logoff_rtn_cred,
1, 1, &id1,
&sam_logoff_srv_cred))