summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c23
-rw-r--r--source3/rpc_server/srv_pipe.c12
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c2
-rw-r--r--source3/rpc_server/srv_samr_nt.c18
4 files changed, 42 insertions, 13 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 5ba3dac669..65ebef8809 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -683,7 +683,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
pstring my_name;
fstring user_sid_string;
fstring group_sid_string;
- uchar user_sess_key[16];
+ uchar nt_session_key[16];
+ uchar lm_session_key[16];
uchar netlogon_sess_key[16];
sampw = server_info->sam_account;
@@ -718,10 +719,18 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
ZERO_STRUCT(netlogon_sess_key);
memcpy(netlogon_sess_key, p->dc.sess_key, 8);
- memcpy(user_sess_key, server_info->session_key, sizeof(user_sess_key));
- SamOEMhash(user_sess_key, netlogon_sess_key, 16);
+ if (server_info->nt_session_key.length) {
+ memcpy(nt_session_key, server_info->nt_session_key.data,
+ MIN(sizeof(nt_session_key), server_info->nt_session_key.length));
+ SamOEMhash(nt_session_key, netlogon_sess_key, 16);
+ }
+ if (server_info->lm_session_key.length) {
+ memcpy(lm_session_key, server_info->lm_session_key.data,
+ MIN(sizeof(lm_session_key), server_info->lm_session_key.length));
+ SamOEMhash(lm_session_key, netlogon_sess_key, 16);
+ }
ZERO_STRUCT(netlogon_sess_key);
-
+
init_net_user_info3(p->mem_ctx, usr_info,
user_rid,
group_rid,
@@ -743,14 +752,16 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
- user_sess_key,
+ server_info->nt_session_key.length ? nt_session_key : NULL,
+ server_info->lm_session_key.length ? lm_session_key : NULL,
my_name , /* char *logon_srv */
pdb_get_domain(sampw),
&domain_sid, /* DOM_SID *dom_sid */
/* Should be users domain sid, not servers - for trusted domains */
NULL); /* char *other_sids */
- ZERO_STRUCT(user_sess_key);
+ ZERO_STRUCT(nt_session_key);
+ ZERO_STRUCT(lm_session_key);
}
free_server_info(&server_info);
return status;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 7bbe726f5a..90c20a97fa 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -420,9 +420,15 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
* Set up the sign/seal data.
*/
- {
+ if (server_info->lm_session_key.length != 16) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
+succeeded authentication on named pipe %s, but session key was of incorrect length [%u].\n",
+ domain, user_name, wks, p->name, server_info->lm_session_key.length));
+ free_server_info(&server_info);
+ return False;
+ } else {
uchar p24[24];
- NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24);
+ NTLMSSPOWFencrypt(server_info->lm_session_key.data, lm_owf, p24);
{
unsigned char j = 0;
int ind;
@@ -468,7 +474,7 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
- memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
+ p->session_key = data_blob(server_info->lm_session_key.data, server_info->lm_session_key.length);
p->pipe_user.uid = server_info->uid;
p->pipe_user.gid = server_info->gid;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 57e45d477f..a9fd9ec652 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -342,7 +342,7 @@ static void *make_internal_rpc_pipe_p(char *pipe_name,
/* Store the session key and NT_TOKEN */
if (vuser) {
- memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
+ p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length);
p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token);
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 1cfa8b2853..1debf90d23 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2953,7 +2953,13 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
break;
case 24:
- SamOEMhash(ctr->info.id24->pass, p->session_key, 516);
+ if (p->session_key.length != 16) {
+ /* we may have no session key at all,
+ and we don't know how to do the SamOEMhash
+ for length != 16 */
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+ SamOEMhash(ctr->info.id24->pass, p->session_key.data, 516);
dump_data(100, (char *)ctr->info.id24->pass, 516);
@@ -2971,7 +2977,10 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
* info level and W2K SP2 drops down to level 23... JRA.
*/
- SamOEMhash(ctr->info.id25->pass, p->session_key, 532);
+ if (p->session_key.length != 16) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+ SamOEMhash(ctr->info.id25->pass, p->session_key.data, 532);
dump_data(100, (char *)ctr->info.id25->pass, 532);
@@ -2982,7 +2991,10 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
return NT_STATUS_INVALID_INFO_CLASS;
case 23:
- SamOEMhash(ctr->info.id23->pass, p->session_key, 516);
+ if (p->session_key.length != 16) {
+ return NT_STATUS_NO_USER_SESSION_KEY;
+ }
+ SamOEMhash(ctr->info.id23->pass, p->session_key.data, 516);
dump_data(100, (char *)ctr->info.id23->pass, 516);