diff options
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_netlog.c | 45 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 38 |
2 files changed, 39 insertions, 44 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 7ee45ada16..9c260d5759 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -630,43 +630,26 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct sam_passwd *smb_pass, user_struct *vuser) { - DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", - id2->hdr_lm_chal_resp.str_str_len, - id2->hdr_nt_chal_resp.str_str_len)); + fstring user; + fstring domain; - /* JRA. Check the NT password first if it exists - this is a higher quality - password, if it exists and it doesn't match - fail. */ + int nt_pw_len = id2->hdr_nt_chal_resp.str_str_len >= 24; + int lm_pw_len = id2->hdr_lm_chal_resp.str_str_len >= 24; - if (id2->hdr_nt_chal_resp.str_str_len == 24 && - smb_pass->smb_nt_passwd != NULL) - { - if(smb_password_check((char *)id2->nt_chal_resp.buffer, - smb_pass->smb_nt_passwd, - id2->lm_chal)) - return 0x0; - else - return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; - } + unistr2_to_ascii(user , &id2->uni_user_name, sizeof(user)-1); + unistr2_to_ascii(domain, &id2->uni_domain_name, sizeof(domain)-1); + + DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n", + lm_pw_len, nt_pw_len, user, domain)); - /* lkclXXXX this is not a good place to put disabling of LM hashes in. - if that is to be done, first move this entire function into a - library routine that calls the two smb_password_check() functions. - if disabling LM hashes (which nt can do for security reasons) then - an attempt should be made to disable them everywhere (which nt does - not do, for various security-hole reasons). - */ - - if (id2->hdr_lm_chal_resp.str_str_len == 24 && - smb_password_check((char *)id2->lm_chal_resp.buffer, - smb_pass->smb_passwd, - id2->lm_chal)) + if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal, + user, domain, + (uchar *)id2->lm_chal_resp.buffer, lm_pw_len, + (uchar *)id2->nt_chal_resp.buffer, nt_pw_len)) { - return 0x0; + return 0x0; } - - /* oops! neither password check succeeded */ - return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index d98fecbc1f..3e5d986935 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -208,7 +208,9 @@ BOOL create_rpc_reply(pipes_struct *p, static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) { uchar lm_owf[24]; - uchar nt_owf[24]; + uchar nt_owf[128]; + size_t lm_owf_len; + size_t nt_owf_len; struct smb_passwd *smb_pass = NULL; user_struct *vuser = get_valid_user_struct(p->vuid); @@ -221,12 +223,29 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) return False; } - if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False; - if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False; + lm_owf_len = p->ntlmssp_resp.hdr_lm_resp.str_str_len; + nt_owf_len = p->ntlmssp_resp.hdr_nt_resp.str_str_len; + + + if (lm_owf_len == 0) return False; + if (nt_owf_len == 0) return False; if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False; if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False; if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False; + if (lm_owf_len > sizeof(lm_owf)) return False; + if (nt_owf_len > sizeof(nt_owf)) return False; + + memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf)); + memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm, nt owfs, chal\n")); + dump_data(100, lm_owf, sizeof(lm_owf)); + dump_data(100, nt_owf, sizeof(nt_owf)); + dump_data(100, p->ntlmssp_chal.challenge, 8); +#endif + memset(p->user_name, 0, sizeof(p->user_name)); memset(p->domain , 0, sizeof(p->domain )); memset(p->wks , 0, sizeof(p->wks )); @@ -252,19 +271,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); - memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf)); - memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("lm, nt owfs, chal\n")); - dump_data(100, lm_owf, sizeof(lm_owf)); - dump_data(100, nt_owf, sizeof(nt_owf)); - dump_data(100, p->ntlmssp_chal.challenge, 8); -#endif become_root(True); p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain, (uchar*)p->ntlmssp_chal.challenge, - lm_owf, nt_owf, NULL, vuser->dc.user_sess_key); + lm_owf, lm_owf_len, + nt_owf, nt_owf_len, + NULL, vuser->dc.user_sess_key); smb_pass = getsmbpwnam(p->user_name); unbecome_root(True); |