summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/libcli/auth/ntlm_check.c23
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c21
2 files changed, 27 insertions, 17 deletions
diff --git a/source4/libcli/auth/ntlm_check.c b/source4/libcli/auth/ntlm_check.c
index eab150ad4d..f101b230d4 100644
--- a/source4/libcli/auth/ntlm_check.c
+++ b/source4/libcli/auth/ntlm_check.c
@@ -326,10 +326,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
so use it only if we otherwise allow LM authentication */
if (lp_lanman_auth() && lm_pw) {
- uint8_t first_8_lm_hash[16];
- memcpy(first_8_lm_hash, lm_pw, 8);
- memset(first_8_lm_hash + 8, '\0', 8);
- *lm_sess_key = data_blob(first_8_lm_hash, 16);
+ *lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
} else {
@@ -367,11 +364,17 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
if (smb_pwd_check_ntlmv1(lm_response,
lm_pw, challenge,
NULL)) {
- uint8_t first_8_lm_hash[16];
- memcpy(first_8_lm_hash, lm_pw, 8);
- memset(first_8_lm_hash + 8, '\0', 8);
- *user_sess_key = data_blob(first_8_lm_hash, 16);
- *lm_sess_key = data_blob(first_8_lm_hash, 16);
+ /* The session key for this response is still very odd.
+ It not very secure, so use it only if we otherwise
+ allow LM authentication */
+
+ if (lp_lanman_auth() && lm_pw) {
+ uint8_t first_8_lm_hash[16];
+ memcpy(first_8_lm_hash, lm_pw, 8);
+ memset(first_8_lm_hash + 8, '\0', 8);
+ *user_sess_key = data_blob(first_8_lm_hash, 16);
+ *lm_sess_key = data_blob(lm_pw, 8);
+ }
return NT_STATUS_OK;
}
}
@@ -431,7 +434,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
memcpy(first_8_lm_hash, lm_pw, 8);
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob(first_8_lm_hash, 16);
- *lm_sess_key = data_blob(first_8_lm_hash, 16);
+ *lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
}
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 933f28d84a..301f2ed041 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -543,6 +543,16 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
sam->domain_sid->num_auths--;
+ sam->AccountControl = 0;
+
+ sam->unknown1 = 0;
+ sam->unknown2 = 0;
+ sam->unknown3 = 0;
+ sam->unknown4 = 0;
+ sam->unknown5 = 0;
+ sam->unknown6 = 0;
+ sam->unknown7 = 0;
+
sam->sidcount = 0;
sam->sids = NULL;
@@ -552,9 +562,9 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(sam->key.key);
}
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(sam->key.key, zeros,
sizeof(sam->key.key)) != 0) {
- /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
creds_arcfour_crypt(pipe_state->creds,
sam->key.key,
sizeof(sam->key.key));
@@ -567,6 +577,7 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(sam->LMSessKey.key);
}
+ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(sam->LMSessKey.key, zeros,
sizeof(sam->LMSessKey.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
@@ -584,11 +595,9 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam2->acct_expiry = sam->acct_expiry;
sam2->last_password_change = sam->last_password_change;
- sam2->allow_password_change = sam->allow_password_change;
-
- sam2->force_password_change = sam->force_password_change;
+ sam2->allow_password_change = sam->allow_password_change;
+ sam2->force_password_change = sam->force_password_change;
-
sam2->account_name = sam->account_name;
sam2->full_name = sam->full_name;
sam2->logon_script = sam->logon_script;
@@ -617,8 +626,6 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam2->AccountControl = sam->AccountControl;
- /* can we implicit memcpy an array? */
-
sam2->unknown1 = sam->unknown1;
sam2->unknown2 = sam->unknown2;
sam2->unknown3 = sam->unknown3;