From 66d5d73a5d75e88a77970f7b27687b8354ab2e80 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 25 Sep 1998 21:01:52 +0000 Subject: added rpcclient program (This used to be commit aa38f39d67fade4dfd7badb7a9b39c833a1dd1ca) --- source3/libsmb/pwd_cache.c | 236 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) create mode 100644 source3/libsmb/pwd_cache.c (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c new file mode 100644 index 0000000000..e799a5458c --- /dev/null +++ b/source3/libsmb/pwd_cache.c @@ -0,0 +1,236 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Password cacheing. obfuscation is planned + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + + +/**************************************************************************** +initialises a password structure +****************************************************************************/ +void pwd_init(struct pwd_info *pwd) +{ + bzero(pwd->password , sizeof(pwd->password )); + bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); + bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); + bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); + bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + + pwd->null_pwd = True; /* safest option... */ + pwd->cleartext = False; + pwd->crypted = False; +} + +/**************************************************************************** +de-obfuscates a password +****************************************************************************/ +static void pwd_deobfuscate(struct pwd_info *pwd) +{ +} + +/**************************************************************************** +obfuscates a password +****************************************************************************/ +static void pwd_obfuscate(struct pwd_info *pwd) +{ +} + +/**************************************************************************** +sets the obfuscation key info +****************************************************************************/ +void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key) +{ +} + +/**************************************************************************** +reads a password +****************************************************************************/ +void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) +{ + /* grab a password */ + char *user_pass; + + pwd_init(pwd); + + user_pass = (char*)getpass(passwd_report); + + if (user_pass == NULL || user_pass[0] == 0) + { + pwd_set_nullpwd(pwd); + } + else if (do_encrypt) + { + pwd_make_lm_nt_16(pwd, user_pass); + } + else + { + pwd_set_cleartext(pwd, user_pass); + } +} + +/**************************************************************************** + stores a cleartext password + ****************************************************************************/ +void pwd_set_nullpwd(struct pwd_info *pwd) +{ + pwd_init(pwd); + + pwd->cleartext = False; + pwd->null_pwd = True; + pwd->crypted = False; +} + +/**************************************************************************** + stores a cleartext password + ****************************************************************************/ +void pwd_set_cleartext(struct pwd_info *pwd, char *clr) +{ + pwd_init(pwd); + fstrcpy(pwd->password, clr); + pwd->cleartext = True; + pwd->null_pwd = False; + pwd->crypted = False; + + pwd_obfuscate(pwd); +} + +/**************************************************************************** + gets a cleartext password + ****************************************************************************/ +void pwd_get_cleartext(struct pwd_info *pwd, char *clr) +{ + pwd_deobfuscate(pwd); + if (pwd->cleartext) + { + fstrcpy(clr, pwd->password); + } + else + { + clr[0] = 0; + } + pwd_obfuscate(pwd); +} + +/**************************************************************************** + stores lm and nt hashed passwords + ****************************************************************************/ +void pwd_set_lm_nt_16(struct pwd_info *pwd, char lm_pwd[16], char nt_pwd[16]) +{ + pwd_init(pwd); + + if (lm_pwd) + { + memcpy(pwd->smb_lm_pwd, lm_pwd, 16); + } + else + { + bzero(pwd->smb_lm_pwd, 16); + } + + if (nt_pwd) + { + memcpy(pwd->smb_nt_pwd, nt_pwd, 16); + } + else + { + bzero(pwd->smb_nt_pwd, 16); + } + + pwd->null_pwd = False; + pwd->cleartext = False; + pwd->crypted = False; + + pwd_obfuscate(pwd); +} + +/**************************************************************************** + gets lm and nt hashed passwords + ****************************************************************************/ +void pwd_get_lm_nt_16(struct pwd_info *pwd, char lm_pwd[16], char nt_pwd[16]) +{ + pwd_deobfuscate(pwd); + memcpy(lm_pwd, pwd->smb_lm_pwd, 16); + memcpy(nt_pwd, pwd->smb_nt_pwd, 16); + pwd_obfuscate(pwd); +} + +/**************************************************************************** + makes lm and nt hashed passwords + ****************************************************************************/ +void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) +{ + pwd_init(pwd); + + nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; + pwd->cleartext = False; + pwd->crypted = False; + + pwd_obfuscate(pwd); +} + +/**************************************************************************** + makes lm and nt OWF crypts + ****************************************************************************/ +void pwd_make_lm_nt_owf(struct pwd_info *pwd, char cryptkey[8]) +{ + pwd_deobfuscate(pwd); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("client cryptkey: ")); + dump_data(100, cryptkey, 8); +#endif + + SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("nt_owf_passwd: ")); + dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + DEBUG(100,("nt_sess_pwd: ")); + dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); +#endif + + SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm_owf_passwd: ")); + dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + DEBUG(100,("lm_sess_pwd: ")); + dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); +#endif + + pwd->crypted = True; + + pwd_obfuscate(pwd); +} + +/**************************************************************************** + gets lm and nt crypts + ****************************************************************************/ +void pwd_get_lm_nt_owf(struct pwd_info *pwd, char lm_owf[24], char nt_owf[24]) +{ + pwd_deobfuscate(pwd); + memcpy(lm_owf, pwd->smb_lm_owf, 24); + memcpy(nt_owf, pwd->smb_nt_owf, 24); + pwd_obfuscate(pwd); +} + -- cgit From cf3a9741dc7427efb97eff09a3c197a906ce6767 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 28 Sep 1998 21:43:48 +0000 Subject: Changes to test in configure if capabilities are enabled on a system. Changes to get Samba to compile cleanly with the IRIX compiler with the options : -fullwarn -woff 1209,1174 (the -woff options are to turn off warnings about unused function parameters and controlling loop expressions being constants). Split prototype generation as we hit a limit in IRIX nawk. Removed "." code in smbd/filename.c (yet again :-). Jeremy. (This used to be commit e0567433bd72aec17bf5a54cc292701095d25f09) --- source3/libsmb/pwd_cache.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index e799a5458c..92eee015b3 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -133,7 +133,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) /**************************************************************************** stores lm and nt hashed passwords ****************************************************************************/ -void pwd_set_lm_nt_16(struct pwd_info *pwd, char lm_pwd[16], char nt_pwd[16]) +void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_init(pwd); @@ -165,7 +165,7 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, char lm_pwd[16], char nt_pwd[16]) /**************************************************************************** gets lm and nt hashed passwords ****************************************************************************/ -void pwd_get_lm_nt_16(struct pwd_info *pwd, char lm_pwd[16], char nt_pwd[16]) +void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_deobfuscate(pwd); memcpy(lm_pwd, pwd->smb_lm_pwd, 16); @@ -191,7 +191,7 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) /**************************************************************************** makes lm and nt OWF crypts ****************************************************************************/ -void pwd_make_lm_nt_owf(struct pwd_info *pwd, char cryptkey[8]) +void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) { pwd_deobfuscate(pwd); @@ -226,11 +226,10 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, char cryptkey[8]) /**************************************************************************** gets lm and nt crypts ****************************************************************************/ -void pwd_get_lm_nt_owf(struct pwd_info *pwd, char lm_owf[24], char nt_owf[24]) +void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { pwd_deobfuscate(pwd); memcpy(lm_owf, pwd->smb_lm_owf, 24); memcpy(nt_owf, pwd->smb_nt_owf, 24); pwd_obfuscate(pwd); } - -- cgit From 6909350ed9b87875ee40191b2e636c6049749195 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 8 Oct 1998 23:57:46 +0000 Subject: dce/rpc (This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a) --- source3/libsmb/pwd_cache.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 92eee015b3..c4c578cde6 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -168,8 +168,14 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_deobfuscate(pwd); - memcpy(lm_pwd, pwd->smb_lm_pwd, 16); - memcpy(nt_pwd, pwd->smb_nt_pwd, 16); + if (lm_pwd != NULL) + { + memcpy(lm_pwd, pwd->smb_lm_pwd, 16); + } + if (nt_pwd != NULL) + { + memcpy(nt_pwd, pwd->smb_nt_pwd, 16); + } pwd_obfuscate(pwd); } @@ -229,7 +235,13 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { pwd_deobfuscate(pwd); - memcpy(lm_owf, pwd->smb_lm_owf, 24); - memcpy(nt_owf, pwd->smb_nt_owf, 24); + if (lm_owf != NULL) + { + memcpy(lm_owf, pwd->smb_lm_owf, 24); + } + if (nt_owf != NULL) + { + memcpy(nt_owf, pwd->smb_nt_owf, 24); + } pwd_obfuscate(pwd); } -- cgit From 935dc98f6670ba630bd2086ef9eddcc94a0562e2 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 14 Oct 1998 06:29:20 +0000 Subject: dce/rpc (This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6) --- source3/libsmb/pwd_cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index c4c578cde6..bbd5f63d4b 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -219,7 +219,7 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) #ifdef DEBUG_PASSWORD DEBUG(100,("lm_owf_passwd: ")); - dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); DEBUG(100,("lm_sess_pwd: ")); dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); #endif -- cgit From 73891ca8e4f6cca6aa8bb0ae043f660a64baa056 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 29 Jun 1999 18:47:06 +0000 Subject: improving authentication code (tidyup). (This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7) --- source3/libsmb/pwd_cache.c | 82 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 72 insertions(+), 10 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index bbd5f63d4b..655df5be8a 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -197,27 +197,83 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) /**************************************************************************** makes lm and nt OWF crypts ****************************************************************************/ -void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) +void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], + const char *user, const char *server, const char *domain) { + uchar kr[16]; + + DEBUG(10,("pwd_make_lm_nt_owf2: user %s, srv %s, dom %s\n", + user, server, domain)); + pwd_deobfuscate(pwd); + SMBgenclientchals(pwd->lm_cli_chal, + pwd->nt_cli_chal, + &pwd->nt_cli_chal_len, + server, domain); + + ntv2_owf_gen(pwd->smb_nt_pwd, user, domain, kr); + + /* lm # */ + SMBOWFencrypt_ntv2(kr, + srv_key, 8, + pwd->lm_cli_chal, 8, + pwd->smb_lm_owf); + memcpy(&pwd->smb_lm_owf[16], pwd->lm_cli_chal, 8); + + /* nt # */ + SMBOWFencrypt_ntv2(kr, + srv_key, 8, + pwd->nt_cli_chal, pwd->nt_cli_chal_len, + pwd->smb_nt_owf); + memcpy(&pwd->smb_nt_owf[16], pwd->nt_cli_chal, pwd->nt_cli_chal_len); + pwd->nt_owf_len = pwd->nt_cli_chal_len + 16; + #ifdef DEBUG_PASSWORD - DEBUG(100,("client cryptkey: ")); - dump_data(100, cryptkey, 8); -#endif + DEBUG(100,("server cryptkey: ")); + dump_data(100, srv_key, 8); - SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); + DEBUG(100,("client lmv2 cryptkey: ")); + dump_data(100, pwd->lm_cli_chal, 8); -#ifdef DEBUG_PASSWORD - DEBUG(100,("nt_owf_passwd: ")); - dump_data(100, pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + DEBUG(100,("client ntv2 cryptkey: ")); + dump_data(100, pwd->nt_cli_chal, pwd->nt_cli_chal_len); + + DEBUG(100,("ntv2_owf_passwd: ")); + dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len); DEBUG(100,("nt_sess_pwd: ")); dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); + + DEBUG(100,("lmv2_owf_passwd: ")); + dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); + DEBUG(100,("lm_sess_pwd: ")); + dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); #endif + pwd->crypted = True; + + pwd_obfuscate(pwd); +} + +/**************************************************************************** + makes lm and nt OWF crypts + ****************************************************************************/ +void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) +{ + pwd_deobfuscate(pwd); SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); + SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); + pwd->nt_owf_len = 24; #ifdef DEBUG_PASSWORD + DEBUG(100,("client cryptkey: ")); + dump_data(100, cryptkey, 8); + + DEBUG(100,("nt_owf_passwd: ")); + dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len); + DEBUG(100,("nt_sess_pwd: ")); + dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); + DEBUG(100,("lm_owf_passwd: ")); dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); DEBUG(100,("lm_sess_pwd: ")); @@ -232,7 +288,8 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) /**************************************************************************** gets lm and nt crypts ****************************************************************************/ -void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) +void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], + uchar *nt_owf, size_t *nt_owf_len) { pwd_deobfuscate(pwd); if (lm_owf != NULL) @@ -241,7 +298,12 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) } if (nt_owf != NULL) { - memcpy(nt_owf, pwd->smb_nt_owf, 24); + memcpy(nt_owf, pwd->smb_nt_owf, pwd->nt_owf_len); + } + if (nt_owf_len != NULL) + { + *nt_owf_len = pwd->nt_owf_len; } pwd_obfuscate(pwd); } + -- cgit From cba7662da1fd9ed8bd9f9969417adf1fe5f0d33b Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 7 Oct 1999 22:10:29 +0000 Subject: - added rudimentary CAP_UNICODE support because i thought it was part of a problem i was having. - added rudimentary CAP_STATUS32 support for same reason. - added hard-coded, copy-the-same-data-from-over-the-wire version of CAP_EXTENDED_SECURITY, which is a security-blob to encapsulate GSSAPI which encodes SPNEGO which is used to negotiate Kerberos or NTLMSSP. i have implemented NTLMSSP which negotiates NTLMv1 or NTLMv2 and 40-bit or 128-bit etc. i have implemented NTLMv1 / 40-bit. *whew*. (This used to be commit e5b80bd2f76fda70e41e4a9007eb035dab92ed8e) --- source3/libsmb/pwd_cache.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 655df5be8a..c8b0e6a442 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -34,6 +34,7 @@ void pwd_init(struct pwd_info *pwd) bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + pwd->nt_owf_len = 0; pwd->null_pwd = True; /* safest option... */ pwd->cleartext = False; @@ -259,6 +260,14 @@ void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], ****************************************************************************/ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) { + if (pwd->null_pwd) + { +#ifdef DEBUG_PASSWORD + DEBUG(100,("pwd_make_lm_nt_owf: NULL password\n")); +#endif + pwd->nt_owf_len = 0; + return; + } pwd_deobfuscate(pwd); SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); @@ -291,6 +300,18 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar *nt_owf, size_t *nt_owf_len) { + if (pwd->null_pwd) + { +#ifdef DEBUG_PASSWORD + DEBUG(100,("pwd_get_lm_nt_owf: NULL password\n")); +#endif + if (nt_owf_len != NULL) + { + *nt_owf_len = 0; + } + return; + } + pwd_deobfuscate(pwd); if (lm_owf != NULL) { -- cgit From dab1a1227873f1a88dc7a4b8f63edcccd60ada85 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 21 Nov 1999 19:24:01 +0000 Subject: you know what? this sort of thing makes me laugh. hmm, what functions have we got. and what data do we have. hmm.. i wonder what the NTLMv2 user session key can be... hmmm... weell.... there's some hidden data here, generated from the user password that doesn't go over-the-wire, so that's _got_ to be involved. and... that bit of data took a lot of computation to produce, so it's probably _also_ involved... and md4 no, md5? no, how about hmac_md5 yes let's try that one (the other's didn't work) oh goodie, it worked! i love it when this sort of thing happens. took all of fifteen minutes to guess it. tried concatenating client and server challenges. tried concatenating _random_ bits of client and server challenges. tried md5 of the above. tried hmac_md5 of the above. eventually, it boils down to this: kr = MD4(NT#,username,domainname) hmacntchal=hmac_md5(kr, nt server challenge) sess_key = hmac_md5(kr, hmacntchal); (This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e) --- source3/libsmb/pwd_cache.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index c8b0e6a442..c404ccb83f 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -34,6 +34,7 @@ void pwd_init(struct pwd_info *pwd) bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + bzero(pwd->sess_key , sizeof(pwd->sess_key )); pwd->nt_owf_len = 0; pwd->null_pwd = True; /* safest option... */ @@ -202,6 +203,8 @@ void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], const char *user, const char *server, const char *domain) { uchar kr[16]; + struct MD5Context ctx5; + HMACMD5Context ctx; DEBUG(10,("pwd_make_lm_nt_owf2: user %s, srv %s, dom %s\n", user, server, domain)); @@ -230,6 +233,18 @@ void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], memcpy(&pwd->smb_nt_owf[16], pwd->nt_cli_chal, pwd->nt_cli_chal_len); pwd->nt_owf_len = pwd->nt_cli_chal_len + 16; + hmac_md5_init_limK_to_64(kr, 16, &ctx); + hmac_md5_update(pwd->smb_nt_owf, 16, &ctx); + hmac_md5_final(pwd->sess_key, &ctx); +#if 0 + MD5Init(&ctx5); + MD5Update(&ctx5, pwd->smb_nt_owf, 16); + MD5Final(pwd->sess_key, &ctx5); +#endif + +#if DEBUG_PASSWORD +#endif + #ifdef DEBUG_PASSWORD DEBUG(100,("server cryptkey: ")); dump_data(100, srv_key, 8); @@ -249,6 +264,9 @@ void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); DEBUG(100,("lm_sess_pwd: ")); dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); + + DEBUG(100,("session key:\n")); + dump_data(100, pwd->sess_key, sizeof(pwd->sess_key)); #endif pwd->crypted = True; @@ -270,6 +288,11 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) } pwd_deobfuscate(pwd); + /* generate session key */ + mdfour(pwd->sess_key, pwd->smb_nt_pwd, 16); + + /* generate 24-byte hashes */ + SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); pwd->nt_owf_len = 24; @@ -287,6 +310,9 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); DEBUG(100,("lm_sess_pwd: ")); dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); + + DEBUG(100,("session key:\n")); + dump_data(100, pwd->sess_key, sizeof(pwd->sess_key)); #endif pwd->crypted = True; @@ -298,7 +324,8 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) gets lm and nt crypts ****************************************************************************/ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], - uchar *nt_owf, size_t *nt_owf_len) + uchar *nt_owf, size_t *nt_owf_len, + uchar *sess_key) { if (pwd->null_pwd) { @@ -321,6 +348,10 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], { memcpy(nt_owf, pwd->smb_nt_owf, pwd->nt_owf_len); } + if (sess_key != NULL) + { + memcpy(sess_key, pwd->sess_key, 16); + } if (nt_owf_len != NULL) { *nt_owf_len = pwd->nt_owf_len; -- cgit From 32b9508d066f002e778873edc19266a6d897f922 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 21 Nov 1999 19:59:56 +0000 Subject: implement server-side generation of NTLMv2 session key. YESSS :-) (This used to be commit 1092b4f6fbdf3770c0dab756b982a562def1738e) --- source3/libsmb/pwd_cache.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index c404ccb83f..b360dbd199 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -203,8 +203,6 @@ void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], const char *user, const char *server, const char *domain) { uchar kr[16]; - struct MD5Context ctx5; - HMACMD5Context ctx; DEBUG(10,("pwd_make_lm_nt_owf2: user %s, srv %s, dom %s\n", user, server, domain)); @@ -233,14 +231,7 @@ void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], memcpy(&pwd->smb_nt_owf[16], pwd->nt_cli_chal, pwd->nt_cli_chal_len); pwd->nt_owf_len = pwd->nt_cli_chal_len + 16; - hmac_md5_init_limK_to_64(kr, 16, &ctx); - hmac_md5_update(pwd->smb_nt_owf, 16, &ctx); - hmac_md5_final(pwd->sess_key, &ctx); -#if 0 - MD5Init(&ctx5); - MD5Update(&ctx5, pwd->smb_nt_owf, 16); - MD5Final(pwd->sess_key, &ctx5); -#endif + SMBsesskeygen_ntv2(kr, pwd->smb_nt_owf, pwd->sess_key); #if DEBUG_PASSWORD #endif @@ -288,15 +279,13 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) } pwd_deobfuscate(pwd); - /* generate session key */ - mdfour(pwd->sess_key, pwd->smb_nt_pwd, 16); - /* generate 24-byte hashes */ - SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); pwd->nt_owf_len = 24; + SMBsesskeygen_ntv1(pwd->smb_nt_pwd, pwd->smb_nt_owf, pwd->sess_key); + #ifdef DEBUG_PASSWORD DEBUG(100,("client cryptkey: ")); dump_data(100, cryptkey, 8); -- cgit From 8d0660607f2c2d95e1319e04d0d573d9115c4dc0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 29 Nov 1999 23:56:09 +0000 Subject: this is going to sound _really_ weird, ok, but i had to implement equivalents of NetUseAdd and NetUseDel! (This used to be commit 86f4b1d3cc3887c4bb7bd6433f5f932f7db1b88e) --- source3/libsmb/pwd_cache.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index b360dbd199..8f030a1a08 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -45,14 +45,14 @@ void pwd_init(struct pwd_info *pwd) /**************************************************************************** de-obfuscates a password ****************************************************************************/ -static void pwd_deobfuscate(struct pwd_info *pwd) +static void pwd_deobfuscate(const struct pwd_info *pwd) { } /**************************************************************************** obfuscates a password ****************************************************************************/ -static void pwd_obfuscate(struct pwd_info *pwd) +static void pwd_obfuscate(const struct pwd_info *pwd) { } @@ -167,7 +167,7 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) /**************************************************************************** gets lm and nt hashed passwords ****************************************************************************/ -void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) +void pwd_get_lm_nt_16(const struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_deobfuscate(pwd); if (lm_pwd != NULL) -- cgit From 106fe88be01f7ac7d1369e97a6468dcd80c0a813 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 1 Dec 1999 16:39:51 +0000 Subject: 1) when no domain used in ntlogin test command, should use default one from previous lsaquery command. over-ridden from DOMAIN\username 2) initialisation of cli_state is a little more specific: sets use_ntlmv2 to Auto. this can always be over-ridden. 3) fixed reusage of ntlmssp_cli_flgs which was being a pain 4) added pwd_compare() function then fixed bug in cli_use where NULL domain name was making connections multiply unfruitfully 5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch (This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a) --- source3/libsmb/pwd_cache.c | 63 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 6 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 8f030a1a08..9680349a86 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -29,12 +29,12 @@ initialises a password structure ****************************************************************************/ void pwd_init(struct pwd_info *pwd) { - bzero(pwd->password , sizeof(pwd->password )); - bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); - bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); - bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); - bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); - bzero(pwd->sess_key , sizeof(pwd->sess_key )); + ZERO_STRUCT(pwd->password ); + ZERO_STRUCT(pwd->smb_lm_pwd); + ZERO_STRUCT(pwd->smb_nt_pwd); + ZERO_STRUCT(pwd->smb_lm_owf); + ZERO_STRUCT(pwd->smb_nt_owf); + ZERO_STRUCT(pwd->sess_key ); pwd->nt_owf_len = 0; pwd->null_pwd = True; /* safest option... */ @@ -63,6 +63,57 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key) { } +/**************************************************************************** +compares two passwords. hmm, not as trivial as expected. hmm. +****************************************************************************/ +BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) +{ + pwd_deobfuscate(pwd1); + pwd_deobfuscate(pwd2); + if (pwd1->cleartext && pwd2->cleartext) + { + if (strequal(pwd1->password, pwd2->password)) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + } + if (pwd1->null_pwd && pwd2->null_pwd) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + if (pwd1->crypted || pwd2->crypted) + { + DEBUG(5,("pwd_compare: cannot compare crypted passwords\n")); + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return False; + } + + if (!pwd1->crypted && !pwd2->crypted && + !pwd1->null_pwd && !pwd2->null_pwd && + !pwd1->cleartext && !pwd2->cleartext) + { + if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + } + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return False; +} /**************************************************************************** reads a password ****************************************************************************/ -- cgit From bd4bea62ada937c58d38f6bf7af88c4cfb4115cc Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 2 Dec 1999 01:16:05 +0000 Subject: clearing up connection-related stuff. password credentials were messing up. added a complicated prompt which i don't like, but it tells you domain\user@hostname$ (This used to be commit 338d08f69b0eeefa0f3f2c0217ef17ea3e815e1f) --- source3/libsmb/pwd_cache.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 9680349a86..548777d434 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -85,16 +85,8 @@ BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) pwd_obfuscate(pwd2); return True; } - if (pwd1->crypted || pwd2->crypted) - { - DEBUG(5,("pwd_compare: cannot compare crypted passwords\n")); - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); - return False; - } - if (!pwd1->crypted && !pwd2->crypted && - !pwd1->null_pwd && !pwd2->null_pwd && + if (!pwd1->null_pwd && !pwd2->null_pwd && !pwd1->cleartext && !pwd2->cleartext) { if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) -- cgit From 7d01f964ff3c1a11bd72d987312f9826fee1c124 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 3 Dec 1999 18:16:08 +0000 Subject: cool! a unix socket smb redirector. code based on smbfilter and ideas from ssh-agent. the intent is to be able to share smb sessions using cli_net_use_add() across multiple processes, where one process knows the target server name, user name and domain, but not the smb password. (This used to be commit 294b653f2e9cdc1864ec638ae8b4300df25723cf) --- source3/libsmb/pwd_cache.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 548777d434..dd42114343 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -42,6 +42,14 @@ void pwd_init(struct pwd_info *pwd) pwd->crypted = False; } +/**************************************************************************** +returns NULL password flag +****************************************************************************/ +BOOL pwd_is_nullpwd(const struct pwd_info *pwd) +{ + return pwd->null_pwd; +} + /**************************************************************************** de-obfuscates a password ****************************************************************************/ -- cgit From 0ca1f87930a57dfd2510b98443423d8a67cfa70b Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 3 Dec 1999 23:36:53 +0000 Subject: argh! smb-agent redirection client reusage is a nightmare! moved smb-agent over to a single-process model instead of fork() in order to reuse client connections. except, of course, you can't do a select() on the same socket connections! argh! (This used to be commit e9e5a34de8e8f9a69e817aceb8c16284334d4642) --- source3/libsmb/pwd_cache.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index dd42114343..29cf77dd55 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -97,12 +97,22 @@ BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) if (!pwd1->null_pwd && !pwd2->null_pwd && !pwd1->cleartext && !pwd2->cleartext) { +#ifdef DEBUG_PASSWORD + DEBUG(100,("pwd compare: nt#\n")); + dump_data(100, pwd1->smb_nt_pwd, 16); + dump_data(100, pwd2->smb_nt_pwd, 16); +#endif if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) { pwd_obfuscate(pwd1); pwd_obfuscate(pwd2); return True; } +#ifdef DEBUG_PASSWORD + DEBUG(100,("pwd compare: lm#\n")); + dump_data(100, pwd1->smb_lm_pwd, 16); + dump_data(100, pwd2->smb_lm_pwd, 16); +#endif if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) { pwd_obfuscate(pwd1); -- cgit From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- source3/libsmb/pwd_cache.c | 217 +++++++-------------------------------------- 1 file changed, 30 insertions(+), 187 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 29cf77dd55..94b60d3ff0 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -29,38 +29,28 @@ initialises a password structure ****************************************************************************/ void pwd_init(struct pwd_info *pwd) { - ZERO_STRUCT(pwd->password ); - ZERO_STRUCT(pwd->smb_lm_pwd); - ZERO_STRUCT(pwd->smb_nt_pwd); - ZERO_STRUCT(pwd->smb_lm_owf); - ZERO_STRUCT(pwd->smb_nt_owf); - ZERO_STRUCT(pwd->sess_key ); - pwd->nt_owf_len = 0; + memset((char *)pwd->password , '\0', sizeof(pwd->password )); + memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd)); + memset((char *)pwd->smb_nt_pwd, '\0', sizeof(pwd->smb_nt_pwd)); + memset((char *)pwd->smb_lm_owf, '\0', sizeof(pwd->smb_lm_owf)); + memset((char *)pwd->smb_nt_owf, '\0', sizeof(pwd->smb_nt_owf)); pwd->null_pwd = True; /* safest option... */ pwd->cleartext = False; pwd->crypted = False; } -/**************************************************************************** -returns NULL password flag -****************************************************************************/ -BOOL pwd_is_nullpwd(const struct pwd_info *pwd) -{ - return pwd->null_pwd; -} - /**************************************************************************** de-obfuscates a password ****************************************************************************/ -static void pwd_deobfuscate(const struct pwd_info *pwd) +static void pwd_deobfuscate(struct pwd_info *pwd) { } /**************************************************************************** obfuscates a password ****************************************************************************/ -static void pwd_obfuscate(const struct pwd_info *pwd) +static void pwd_obfuscate(struct pwd_info *pwd) { } @@ -71,59 +61,6 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key) { } -/**************************************************************************** -compares two passwords. hmm, not as trivial as expected. hmm. -****************************************************************************/ -BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) -{ - pwd_deobfuscate(pwd1); - pwd_deobfuscate(pwd2); - if (pwd1->cleartext && pwd2->cleartext) - { - if (strequal(pwd1->password, pwd2->password)) - { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); - return True; - } - } - if (pwd1->null_pwd && pwd2->null_pwd) - { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); - return True; - } - - if (!pwd1->null_pwd && !pwd2->null_pwd && - !pwd1->cleartext && !pwd2->cleartext) - { -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: nt#\n")); - dump_data(100, pwd1->smb_nt_pwd, 16); - dump_data(100, pwd2->smb_nt_pwd, 16); -#endif - if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) - { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); - return True; - } -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: lm#\n")); - dump_data(100, pwd1->smb_lm_pwd, 16); - dump_data(100, pwd2->smb_lm_pwd, 16); -#endif - if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) - { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); - return True; - } - } - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); - return False; -} /**************************************************************************** reads a password ****************************************************************************/ @@ -169,6 +106,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) { pwd_init(pwd); fstrcpy(pwd->password, clr); + unix_to_dos(pwd->password,True); pwd->cleartext = True; pwd->null_pwd = False; pwd->crypted = False; @@ -185,6 +123,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) if (pwd->cleartext) { fstrcpy(clr, pwd->password); + dos_to_unix(clr, True); } else { @@ -206,7 +145,7 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) } else { - bzero(pwd->smb_lm_pwd, 16); + memset((char *)pwd->smb_lm_pwd, '\0', 16); } if (nt_pwd) @@ -215,7 +154,7 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) } else { - bzero(pwd->smb_nt_pwd, 16); + memset((char *)pwd->smb_nt_pwd, '\0', 16); } pwd->null_pwd = False; @@ -228,7 +167,7 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) /**************************************************************************** gets lm and nt hashed passwords ****************************************************************************/ -void pwd_get_lm_nt_16(const struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) +void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_deobfuscate(pwd); if (lm_pwd != NULL) @@ -247,9 +186,14 @@ void pwd_get_lm_nt_16(const struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd ****************************************************************************/ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) { + pstring dos_passwd; + pwd_init(pwd); - nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pstrcpy(dos_passwd, clr); + unix_to_dos(dos_passwd, True); + + nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); pwd->null_pwd = False; pwd->cleartext = False; pwd->crypted = False; @@ -260,109 +204,31 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) /**************************************************************************** makes lm and nt OWF crypts ****************************************************************************/ -void pwd_make_lm_nt_owf2(struct pwd_info *pwd, const uchar srv_key[8], - const char *user, const char *server, const char *domain) +void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) { - uchar kr[16]; - - DEBUG(10,("pwd_make_lm_nt_owf2: user %s, srv %s, dom %s\n", - user, server, domain)); - pwd_deobfuscate(pwd); - SMBgenclientchals(pwd->lm_cli_chal, - pwd->nt_cli_chal, - &pwd->nt_cli_chal_len, - server, domain); - - ntv2_owf_gen(pwd->smb_nt_pwd, user, domain, kr); - - /* lm # */ - SMBOWFencrypt_ntv2(kr, - srv_key, 8, - pwd->lm_cli_chal, 8, - pwd->smb_lm_owf); - memcpy(&pwd->smb_lm_owf[16], pwd->lm_cli_chal, 8); - - /* nt # */ - SMBOWFencrypt_ntv2(kr, - srv_key, 8, - pwd->nt_cli_chal, pwd->nt_cli_chal_len, - pwd->smb_nt_owf); - memcpy(&pwd->smb_nt_owf[16], pwd->nt_cli_chal, pwd->nt_cli_chal_len); - pwd->nt_owf_len = pwd->nt_cli_chal_len + 16; - - SMBsesskeygen_ntv2(kr, pwd->smb_nt_owf, pwd->sess_key); - -#if DEBUG_PASSWORD -#endif - #ifdef DEBUG_PASSWORD - DEBUG(100,("server cryptkey: ")); - dump_data(100, srv_key, 8); - - DEBUG(100,("client lmv2 cryptkey: ")); - dump_data(100, pwd->lm_cli_chal, 8); - - DEBUG(100,("client ntv2 cryptkey: ")); - dump_data(100, pwd->nt_cli_chal, pwd->nt_cli_chal_len); - - DEBUG(100,("ntv2_owf_passwd: ")); - dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len); - DEBUG(100,("nt_sess_pwd: ")); - dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); - - DEBUG(100,("lmv2_owf_passwd: ")); - dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); - DEBUG(100,("lm_sess_pwd: ")); - dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); - - DEBUG(100,("session key:\n")); - dump_data(100, pwd->sess_key, sizeof(pwd->sess_key)); + DEBUG(100,("client cryptkey: ")); + dump_data(100, (char *)cryptkey, 8); #endif - pwd->crypted = True; - pwd_obfuscate(pwd); -} + SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); -/**************************************************************************** - makes lm and nt OWF crypts - ****************************************************************************/ -void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) -{ - if (pwd->null_pwd) - { #ifdef DEBUG_PASSWORD - DEBUG(100,("pwd_make_lm_nt_owf: NULL password\n")); + DEBUG(100,("nt_owf_passwd: ")); + dump_data(100, (char *)pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); + DEBUG(100,("nt_sess_pwd: ")); + dump_data(100, (char *)pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); #endif - pwd->nt_owf_len = 0; - return; - } - pwd_deobfuscate(pwd); - /* generate 24-byte hashes */ SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); - SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); - pwd->nt_owf_len = 24; - - SMBsesskeygen_ntv1(pwd->smb_nt_pwd, pwd->smb_nt_owf, pwd->sess_key); #ifdef DEBUG_PASSWORD - DEBUG(100,("client cryptkey: ")); - dump_data(100, cryptkey, 8); - - DEBUG(100,("nt_owf_passwd: ")); - dump_data(100, pwd->smb_nt_owf, pwd->nt_owf_len); - DEBUG(100,("nt_sess_pwd: ")); - dump_data(100, pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); - DEBUG(100,("lm_owf_passwd: ")); - dump_data(100, pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); + dump_data(100, (char *)pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); DEBUG(100,("lm_sess_pwd: ")); - dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); - - DEBUG(100,("session key:\n")); - dump_data(100, pwd->sess_key, sizeof(pwd->sess_key)); + dump_data(100, (char *)pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); #endif pwd->crypted = True; @@ -373,22 +239,8 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) /**************************************************************************** gets lm and nt crypts ****************************************************************************/ -void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], - uchar *nt_owf, size_t *nt_owf_len, - uchar *sess_key) +void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { - if (pwd->null_pwd) - { -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd_get_lm_nt_owf: NULL password\n")); -#endif - if (nt_owf_len != NULL) - { - *nt_owf_len = 0; - } - return; - } - pwd_deobfuscate(pwd); if (lm_owf != NULL) { @@ -396,16 +248,7 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], } if (nt_owf != NULL) { - memcpy(nt_owf, pwd->smb_nt_owf, pwd->nt_owf_len); - } - if (sess_key != NULL) - { - memcpy(sess_key, pwd->sess_key, 16); - } - if (nt_owf_len != NULL) - { - *nt_owf_len = pwd->nt_owf_len; + memcpy(nt_owf, pwd->smb_nt_owf, 24); } pwd_obfuscate(pwd); } - -- cgit From fbd17c8dafeefac788f4bc1c41045726825f513f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 3 Jan 2000 19:19:48 +0000 Subject: simple mods to add msrpc pipe redirection. default behaviour: fall back to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8) --- source3/libsmb/pwd_cache.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 94b60d3ff0..4f02c42efb 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -61,6 +61,60 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key) { } +/**************************************************************************** +compares two passwords. hmm, not as trivial as expected. hmm. +****************************************************************************/ +BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) +{ + pwd_deobfuscate(pwd1); + pwd_deobfuscate(pwd2); + if (pwd1->cleartext && pwd2->cleartext) + { + if (strequal(pwd1->password, pwd2->password)) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + } + if (pwd1->null_pwd && pwd2->null_pwd) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + + if (!pwd1->null_pwd && !pwd2->null_pwd && + !pwd1->cleartext && !pwd2->cleartext) + { +#ifdef DEBUG_PASSWORD + DEBUG(100,("pwd compare: nt#\n")); + dump_data(100, pwd1->smb_nt_pwd, 16); + dump_data(100, pwd2->smb_nt_pwd, 16); +#endif + if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } +#ifdef DEBUG_PASSWORD + DEBUG(100,("pwd compare: lm#\n")); + dump_data(100, pwd1->smb_lm_pwd, 16); + dump_data(100, pwd2->smb_lm_pwd, 16); +#endif + if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + } + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return False; +} + /**************************************************************************** reads a password ****************************************************************************/ -- cgit From 612738a9e14b6fb6a2687993d6416bbe6c3ea94d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 10 May 2000 22:47:09 +0000 Subject: lib/util_unistr.c: libsmb/clilist.c: rpc_server/srv_spoolss_nt.c: smbd/trans2.c: Changed unistr_to_ascii to unistr_to_dos - do codepage conversion. msdfs/msdfs.c: Removed stub unistr_to_dos. libsmb/pwd_cache.c: Removed obfuscation functions as they don't do anything and don't add any security. Jeremy. (This used to be commit 1ed146467e764e6a81d8f78cd58fb5765ebf5d21) --- source3/libsmb/pwd_cache.c | 48 ---------------------------------------------- 1 file changed, 48 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 4f02c42efb..1c5f8b5176 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -40,47 +40,20 @@ void pwd_init(struct pwd_info *pwd) pwd->crypted = False; } -/**************************************************************************** -de-obfuscates a password -****************************************************************************/ -static void pwd_deobfuscate(struct pwd_info *pwd) -{ -} - -/**************************************************************************** -obfuscates a password -****************************************************************************/ -static void pwd_obfuscate(struct pwd_info *pwd) -{ -} - -/**************************************************************************** -sets the obfuscation key info -****************************************************************************/ -void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key) -{ -} - /**************************************************************************** compares two passwords. hmm, not as trivial as expected. hmm. ****************************************************************************/ BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) { - pwd_deobfuscate(pwd1); - pwd_deobfuscate(pwd2); if (pwd1->cleartext && pwd2->cleartext) { if (strequal(pwd1->password, pwd2->password)) { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); return True; } } if (pwd1->null_pwd && pwd2->null_pwd) { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); return True; } @@ -94,8 +67,6 @@ BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) #endif if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); return True; } #ifdef DEBUG_PASSWORD @@ -105,13 +76,9 @@ BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) #endif if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) { - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); return True; } } - pwd_obfuscate(pwd1); - pwd_obfuscate(pwd2); return False; } @@ -164,8 +131,6 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) pwd->cleartext = True; pwd->null_pwd = False; pwd->crypted = False; - - pwd_obfuscate(pwd); } /**************************************************************************** @@ -173,7 +138,6 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) ****************************************************************************/ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) { - pwd_deobfuscate(pwd); if (pwd->cleartext) { fstrcpy(clr, pwd->password); @@ -183,7 +147,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) { clr[0] = 0; } - pwd_obfuscate(pwd); } /**************************************************************************** @@ -214,8 +177,6 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) pwd->null_pwd = False; pwd->cleartext = False; pwd->crypted = False; - - pwd_obfuscate(pwd); } /**************************************************************************** @@ -223,7 +184,6 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) ****************************************************************************/ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { - pwd_deobfuscate(pwd); if (lm_pwd != NULL) { memcpy(lm_pwd, pwd->smb_lm_pwd, 16); @@ -232,7 +192,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { memcpy(nt_pwd, pwd->smb_nt_pwd, 16); } - pwd_obfuscate(pwd); } /**************************************************************************** @@ -251,8 +210,6 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) pwd->null_pwd = False; pwd->cleartext = False; pwd->crypted = False; - - pwd_obfuscate(pwd); } /**************************************************************************** @@ -260,7 +217,6 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) ****************************************************************************/ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) { - pwd_deobfuscate(pwd); #ifdef DEBUG_PASSWORD DEBUG(100,("client cryptkey: ")); @@ -286,8 +242,6 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) #endif pwd->crypted = True; - - pwd_obfuscate(pwd); } /**************************************************************************** @@ -295,7 +249,6 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) ****************************************************************************/ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { - pwd_deobfuscate(pwd); if (lm_owf != NULL) { memcpy(lm_owf, pwd->smb_lm_owf, 24); @@ -304,5 +257,4 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { memcpy(nt_owf, pwd->smb_nt_owf, 24); } - pwd_obfuscate(pwd); } -- cgit From 098b7b378c72632d8c3df0b795ac1e4c5dbfb04a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 3 Jul 2000 04:24:31 +0000 Subject: first pass at merging rpcclient from TNG to HEAD. You can get a semi-connection and a rpcclient prompt, but no functionality there yet. Will be a few more days on that. These files changed only with the addition of some support functions from TNG --jerry (This used to be commit a04ea15f723e559db3c60bed03318cc7be851f69) --- source3/libsmb/pwd_cache.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 1c5f8b5176..26b1d192f0 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -40,6 +40,15 @@ void pwd_init(struct pwd_info *pwd) pwd->crypted = False; } +/**************************************************************************** +returns NULL password flag +****************************************************************************/ +BOOL pwd_is_nullpwd(const struct pwd_info *pwd) +{ + return pwd->null_pwd; +} + + /**************************************************************************** compares two passwords. hmm, not as trivial as expected. hmm. ****************************************************************************/ -- cgit From fb3d8452e5250973eae682dd4a13bf530ccfc56a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 14 Mar 2001 20:22:57 +0000 Subject: set of changes in the beginning of bringing rpcclient changes back to working order. The main change is that the cli_*() RPC functions from libsmb/*.c now should accept a struct cli_state*. The reason for this is that rpcclient should establish the connection to the server at startup so that it is not necessary to keep the clear test or password hash in memory for each command. enumports and enumprinters now works as well. lsa* functions have been tested. SAMR calls may or may not work (one of the core dumps I know), but it compiles :-) jerry (This used to be commit d98ac8852ae6b39b6fcff92c346ba56d9e63c518) --- source3/libsmb/pwd_cache.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 26b1d192f0..420b49ed2e 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -103,11 +103,21 @@ void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) user_pass = (char*)getpass(passwd_report); + /* + * Do not assume that an empty string is a NULL password. + * If you do this will break the session key generation for + * and account with an emtpy password. If you wish to use + * a NULL password, use the -N option to smbclient and rpcclient + * --jerry + */ +#if 0 if (user_pass == NULL || user_pass[0] == 0) { pwd_set_nullpwd(pwd); } else if (do_encrypt) +#endif + if (do_encrypt) { pwd_make_lm_nt_16(pwd, user_pass); } -- cgit From 87fbb7092b8f8b2f0db0f361c3d625e19de57cd9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:15:53 +0000 Subject: The big character set handling changeover! This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a) --- source3/libsmb/pwd_cache.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 420b49ed2e..37a07a0001 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -145,8 +145,7 @@ void pwd_set_nullpwd(struct pwd_info *pwd) void pwd_set_cleartext(struct pwd_info *pwd, char *clr) { pwd_init(pwd); - fstrcpy(pwd->password, clr); - unix_to_dos(pwd->password,True); + push_ascii_fstring(pwd->password, clr); pwd->cleartext = True; pwd->null_pwd = False; pwd->crypted = False; @@ -157,13 +156,9 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) ****************************************************************************/ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) { - if (pwd->cleartext) - { + if (pwd->cleartext) { fstrcpy(clr, pwd->password); - dos_to_unix(clr, True); - } - else - { + } else { clr[0] = 0; } } @@ -222,8 +217,7 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) pwd_init(pwd); - pstrcpy(dos_passwd, clr); - unix_to_dos(dos_passwd, True); + push_ascii_pstring(dos_passwd, clr); nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); pwd->null_pwd = False; -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/libsmb/pwd_cache.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 37a07a0001..64e23e0feb 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -21,9 +21,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - - /**************************************************************************** initialises a password structure ****************************************************************************/ -- cgit From f8e2baf39eb864481dd48f61404136b325cd73c2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Nov 2001 23:34:24 +0000 Subject: Added NT_USER_TOKEN into server_info to fix extra groups problem. Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808) --- source3/libsmb/pwd_cache.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 64e23e0feb..4a2c5f1604 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -49,41 +49,31 @@ BOOL pwd_is_nullpwd(const struct pwd_info *pwd) /**************************************************************************** compares two passwords. hmm, not as trivial as expected. hmm. ****************************************************************************/ -BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) +BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) { - if (pwd1->cleartext && pwd2->cleartext) - { + if (pwd1->cleartext && pwd2->cleartext) { if (strequal(pwd1->password, pwd2->password)) - { return True; - } } if (pwd1->null_pwd && pwd2->null_pwd) - { return True; - } if (!pwd1->null_pwd && !pwd2->null_pwd && - !pwd1->cleartext && !pwd2->cleartext) - { + !pwd1->cleartext && !pwd2->cleartext) { #ifdef DEBUG_PASSWORD DEBUG(100,("pwd compare: nt#\n")); dump_data(100, pwd1->smb_nt_pwd, 16); dump_data(100, pwd2->smb_nt_pwd, 16); #endif if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) - { return True; - } #ifdef DEBUG_PASSWORD DEBUG(100,("pwd compare: lm#\n")); dump_data(100, pwd1->smb_lm_pwd, 16); dump_data(100, pwd2->smb_lm_pwd, 16); #endif if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) - { return True; - } } return False; } -- cgit From 8220662c13b70930ee2650a3608f0cef0d0fe6ef Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 15 Nov 2001 19:40:00 +0000 Subject: Tidyup formatting a bit (spaces->tabs) whilst reading new code to understand connection caching. Getting ready for back-merge to 2.2.3. Jeremy. (This used to be commit 5e8df83ba9924adf9df6827c06ed1a2adbe36edf) --- source3/libsmb/pwd_cache.c | 80 ++++++++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 46 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 4a2c5f1604..3c3d5cb741 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -22,8 +22,9 @@ #include "includes.h" /**************************************************************************** -initialises a password structure + Initialises a password structure. ****************************************************************************/ + void pwd_init(struct pwd_info *pwd) { memset((char *)pwd->password , '\0', sizeof(pwd->password )); @@ -38,17 +39,18 @@ void pwd_init(struct pwd_info *pwd) } /**************************************************************************** -returns NULL password flag + Returns NULL password flag. ****************************************************************************/ + BOOL pwd_is_nullpwd(const struct pwd_info *pwd) { return pwd->null_pwd; } - /**************************************************************************** -compares two passwords. hmm, not as trivial as expected. hmm. + Compares two passwords. hmm, not as trivial as expected. hmm. ****************************************************************************/ + BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) { if (pwd1->cleartext && pwd2->cleartext) { @@ -79,8 +81,9 @@ BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) } /**************************************************************************** -reads a password + Reads a password. ****************************************************************************/ + void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) { /* grab a password */ @@ -99,24 +102,19 @@ void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) */ #if 0 if (user_pass == NULL || user_pass[0] == 0) - { pwd_set_nullpwd(pwd); - } else if (do_encrypt) #endif if (do_encrypt) - { pwd_make_lm_nt_16(pwd, user_pass); - } else - { pwd_set_cleartext(pwd, user_pass); - } } /**************************************************************************** - stores a cleartext password - ****************************************************************************/ + Stores a cleartext password. +****************************************************************************/ + void pwd_set_nullpwd(struct pwd_info *pwd) { pwd_init(pwd); @@ -127,8 +125,9 @@ void pwd_set_nullpwd(struct pwd_info *pwd) } /**************************************************************************** - stores a cleartext password - ****************************************************************************/ + Stores a cleartext password. +****************************************************************************/ + void pwd_set_cleartext(struct pwd_info *pwd, char *clr) { pwd_init(pwd); @@ -139,41 +138,34 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) } /**************************************************************************** - gets a cleartext password - ****************************************************************************/ + Gets a cleartext password. +****************************************************************************/ + void pwd_get_cleartext(struct pwd_info *pwd, char *clr) { - if (pwd->cleartext) { + if (pwd->cleartext) fstrcpy(clr, pwd->password); - } else { + else clr[0] = 0; - } } /**************************************************************************** - stores lm and nt hashed passwords - ****************************************************************************/ + Stores lm and nt hashed passwords. +****************************************************************************/ + void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { pwd_init(pwd); if (lm_pwd) - { memcpy(pwd->smb_lm_pwd, lm_pwd, 16); - } else - { memset((char *)pwd->smb_lm_pwd, '\0', 16); - } if (nt_pwd) - { memcpy(pwd->smb_nt_pwd, nt_pwd, 16); - } else - { memset((char *)pwd->smb_nt_pwd, '\0', 16); - } pwd->null_pwd = False; pwd->cleartext = False; @@ -181,23 +173,21 @@ void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) } /**************************************************************************** - gets lm and nt hashed passwords - ****************************************************************************/ + Gets lm and nt hashed passwords. +****************************************************************************/ + void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) { if (lm_pwd != NULL) - { memcpy(lm_pwd, pwd->smb_lm_pwd, 16); - } if (nt_pwd != NULL) - { memcpy(nt_pwd, pwd->smb_nt_pwd, 16); - } } /**************************************************************************** - makes lm and nt hashed passwords - ****************************************************************************/ + Makes lm and nt hashed passwords. +****************************************************************************/ + void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) { pstring dos_passwd; @@ -213,8 +203,9 @@ void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) } /**************************************************************************** - makes lm and nt OWF crypts - ****************************************************************************/ + Makes lm and nt OWF crypts. +****************************************************************************/ + void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) { @@ -245,16 +236,13 @@ void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) } /**************************************************************************** - gets lm and nt crypts - ****************************************************************************/ + Gets lm and nt crypts. +****************************************************************************/ + void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) { if (lm_owf != NULL) - { memcpy(lm_owf, pwd->smb_lm_owf, 24); - } if (nt_owf != NULL) - { memcpy(nt_owf, pwd->smb_nt_owf, 24); - } } -- cgit From 3bc87626ae7894269535333aadb45ec786f3908d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 Dec 2001 05:03:03 +0000 Subject: Add 'net rpc join' to match the ADS equiv. This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett (This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029) --- source3/libsmb/pwd_cache.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 3c3d5cb741..9404588223 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -135,6 +135,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) pwd->cleartext = True; pwd->null_pwd = False; pwd->crypted = False; + pwd_make_lm_nt_16(pwd, clr); } /**************************************************************************** @@ -147,6 +148,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) fstrcpy(clr, pwd->password); else clr[0] = 0; + } /**************************************************************************** -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/libsmb/pwd_cache.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 9404588223..7d1185d9a7 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. Password cacheing. obfuscation is planned Copyright (C) Luke Kenneth Casson Leighton 1996-1998 -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/libsmb/pwd_cache.c | 137 +++++++-------------------------------------- 1 file changed, 19 insertions(+), 118 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 7d1185d9a7..fc0602507a 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -24,7 +24,7 @@ Initialises a password structure. ****************************************************************************/ -void pwd_init(struct pwd_info *pwd) +static void pwd_init(struct pwd_info *pwd) { memset((char *)pwd->password , '\0', sizeof(pwd->password )); memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd)); @@ -38,89 +38,21 @@ void pwd_init(struct pwd_info *pwd) } /**************************************************************************** - Returns NULL password flag. -****************************************************************************/ - -BOOL pwd_is_nullpwd(const struct pwd_info *pwd) -{ - return pwd->null_pwd; -} - -/**************************************************************************** - Compares two passwords. hmm, not as trivial as expected. hmm. -****************************************************************************/ - -BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2) -{ - if (pwd1->cleartext && pwd2->cleartext) { - if (strequal(pwd1->password, pwd2->password)) - return True; - } - if (pwd1->null_pwd && pwd2->null_pwd) - return True; - - if (!pwd1->null_pwd && !pwd2->null_pwd && - !pwd1->cleartext && !pwd2->cleartext) { -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: nt#\n")); - dump_data(100, pwd1->smb_nt_pwd, 16); - dump_data(100, pwd2->smb_nt_pwd, 16); -#endif - if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) - return True; -#ifdef DEBUG_PASSWORD - DEBUG(100,("pwd compare: lm#\n")); - dump_data(100, pwd1->smb_lm_pwd, 16); - dump_data(100, pwd2->smb_lm_pwd, 16); -#endif - if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) - return True; - } - return False; -} - -/**************************************************************************** - Reads a password. + Makes lm and nt hashed passwords. ****************************************************************************/ -void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt) +static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) { - /* grab a password */ - char *user_pass; + pstring dos_passwd; pwd_init(pwd); - user_pass = (char*)getpass(passwd_report); - - /* - * Do not assume that an empty string is a NULL password. - * If you do this will break the session key generation for - * and account with an emtpy password. If you wish to use - * a NULL password, use the -N option to smbclient and rpcclient - * --jerry - */ -#if 0 - if (user_pass == NULL || user_pass[0] == 0) - pwd_set_nullpwd(pwd); - else if (do_encrypt) -#endif - if (do_encrypt) - pwd_make_lm_nt_16(pwd, user_pass); - else - pwd_set_cleartext(pwd, user_pass); -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ - -void pwd_set_nullpwd(struct pwd_info *pwd) -{ - pwd_init(pwd); + push_ascii_pstring(dos_passwd, clr); + nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; pwd->cleartext = False; - pwd->null_pwd = True; - pwd->crypted = False; + pwd->crypted = False; } /**************************************************************************** @@ -141,7 +73,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) Gets a cleartext password. ****************************************************************************/ -void pwd_get_cleartext(struct pwd_info *pwd, char *clr) +void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) { if (pwd->cleartext) fstrcpy(clr, pwd->password); @@ -150,29 +82,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, char *clr) } -/**************************************************************************** - Stores lm and nt hashed passwords. -****************************************************************************/ - -void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) -{ - pwd_init(pwd); - - if (lm_pwd) - memcpy(pwd->smb_lm_pwd, lm_pwd, 16); - else - memset((char *)pwd->smb_lm_pwd, '\0', 16); - - if (nt_pwd) - memcpy(pwd->smb_nt_pwd, nt_pwd, 16); - else - memset((char *)pwd->smb_nt_pwd, '\0', 16); - - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - /**************************************************************************** Gets lm and nt hashed passwords. ****************************************************************************/ @@ -185,24 +94,6 @@ void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) memcpy(nt_pwd, pwd->smb_nt_pwd, 16); } -/**************************************************************************** - Makes lm and nt hashed passwords. -****************************************************************************/ - -void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) -{ - pstring dos_passwd; - - pwd_init(pwd); - - push_ascii_pstring(dos_passwd, clr); - - nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; - pwd->cleartext = False; - pwd->crypted = False; -} - /**************************************************************************** Makes lm and nt OWF crypts. ****************************************************************************/ @@ -247,3 +138,13 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) if (nt_owf != NULL) memcpy(nt_owf, pwd->smb_nt_owf, 24); } + + + + + + + + + + -- cgit From 2f194322d419350f35a48dff750066894d68eccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Nov 2002 23:20:50 +0000 Subject: Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89) --- source3/libsmb/pwd_cache.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index fc0602507a..7ddcf853c4 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -41,7 +41,7 @@ static void pwd_init(struct pwd_info *pwd) Makes lm and nt hashed passwords. ****************************************************************************/ -static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) +static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr) { pstring dos_passwd; @@ -59,7 +59,7 @@ static void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr) Stores a cleartext password. ****************************************************************************/ -void pwd_set_cleartext(struct pwd_info *pwd, char *clr) +void pwd_set_cleartext(struct pwd_info *pwd, const char *clr) { pwd_init(pwd); push_ascii_fstring(pwd->password, clr); @@ -138,13 +138,3 @@ void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) if (nt_owf != NULL) memcpy(nt_owf, pwd->smb_nt_owf, 24); } - - - - - - - - - - -- cgit From 456f51bcbe04ccbb37a27b6e115a851cc134adcd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 14 Jul 2003 08:46:32 +0000 Subject: Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request the schannel code, but I've included that anyway. :-) This patch revives the client-side NTLMSSP support for RPC named pipes in Samba, and cleans up the client and server schannel code. The use of the new code is enabled by the 'sign', 'seal' and 'schannel' commands in rpcclient. The aim was to prove that our separate NTLMSSP client library actually implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation, in the hope that knowing this will assist us in correctly implementing NTLMSSP signing for SMB packets. (Still not yet functional) This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with calls to libsmb/ntlmssp.c. In the process, we have gained the ability to use the more secure NT password, and the ability to sign-only, instead of having to seal the pipe connection. (Previously we were limited to sealing, and could only use the LM-password derived key). Our new client-side NTLMSSP code also needed alteration to cope with our comparatively simple server-side implementation. A future step is to replace it with calls to the same NTLMSSP library. Also included in this patch is the schannel 'sign only' patch I submitted to the team earlier. While not enabled (and not functional, at this stage) the work in this patch makes the code paths *much* easier to follow. I have also included similar hooks in rpccleint to allow the use of schannel on *any* pipe. rpcclient now defaults to not using schannel (or any other extra per-pipe authenticiation) for any connection. The 'schannel' command enables schannel for all pipes until disabled. This code is also much more secure than the previous code, as changes to our cli_pipe routines ensure that the authentication footer cannot be removed by an attacker, and more error states are correctly handled. (The same needs to be done to our server) Andrew Bartlett (This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19) --- source3/libsmb/pwd_cache.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 7ddcf853c4..f45832d7d7 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -43,15 +43,10 @@ static void pwd_init(struct pwd_info *pwd) static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr) { - pstring dos_passwd; - pwd_init(pwd); - push_ascii_pstring(dos_passwd, clr); - - nt_lm_owf_gen(dos_passwd, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); pwd->null_pwd = False; - pwd->cleartext = False; pwd->crypted = False; } @@ -61,12 +56,9 @@ static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr) void pwd_set_cleartext(struct pwd_info *pwd, const char *clr) { - pwd_init(pwd); - push_ascii_fstring(pwd->password, clr); - pwd->cleartext = True; - pwd->null_pwd = False; - pwd->crypted = False; pwd_make_lm_nt_16(pwd, clr); + fstrcpy(pwd->password, clr); + pwd->cleartext = True; } /**************************************************************************** -- cgit From 425699fce728a3d302a3e5288d0c59ec7b16aee2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 Jan 2004 04:12:40 +0000 Subject: Correctly handle per-pipe NTLMSSP inside a NULL session. Previously we would attempt to supply a password to the 'inside' NTLMSSP, which the remote side naturally rejected. Andrew Bartlett (This used to be commit da408e0d5aa29ca1505c2fd96b32deae9ed940c4) --- source3/libsmb/pwd_cache.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index f45832d7d7..7ba6cfc96f 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -45,8 +45,14 @@ static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr) { pwd_init(pwd); - nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; + if (!clr) { + ZERO_STRUCT(pwd->smb_nt_pwd); + ZERO_STRUCT(pwd->smb_lm_pwd); + pwd->null_pwd = True; + } else { + nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); + pwd->null_pwd = False; + } pwd->crypted = False; } -- cgit From fac5f989d3e7ca34ceac692a1d2a5de9e4ac4f23 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Feb 2004 02:49:30 +0000 Subject: Remove more unused functions - this time parts of the 'password cache'. Andrew Bartlett (This used to be commit 66569546e8cbb06b6de7e1ac5b2ebf662ea026de) --- source3/libsmb/pwd_cache.c | 45 --------------------------------------------- 1 file changed, 45 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 7ba6cfc96f..27ca4ddf57 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -80,51 +80,6 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) } -/**************************************************************************** - Gets lm and nt hashed passwords. -****************************************************************************/ - -void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]) -{ - if (lm_pwd != NULL) - memcpy(lm_pwd, pwd->smb_lm_pwd, 16); - if (nt_pwd != NULL) - memcpy(nt_pwd, pwd->smb_nt_pwd, 16); -} - -/**************************************************************************** - Makes lm and nt OWF crypts. -****************************************************************************/ - -void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]) -{ - -#ifdef DEBUG_PASSWORD - DEBUG(100,("client cryptkey: ")); - dump_data(100, (char *)cryptkey, 8); -#endif - - SMBOWFencrypt(pwd->smb_nt_pwd, cryptkey, pwd->smb_nt_owf); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("nt_owf_passwd: ")); - dump_data(100, (char *)pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); - DEBUG(100,("nt_sess_pwd: ")); - dump_data(100, (char *)pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); -#endif - - SMBOWFencrypt(pwd->smb_lm_pwd, cryptkey, pwd->smb_lm_owf); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("lm_owf_passwd: ")); - dump_data(100, (char *)pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); - DEBUG(100,("lm_sess_pwd: ")); - dump_data(100, (char *)pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); -#endif - - pwd->crypted = True; -} - /**************************************************************************** Gets lm and nt crypts. ****************************************************************************/ -- cgit From a69cb9c9639dc06a0be16958cbc29867b71f584e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Feb 2004 05:31:01 +0000 Subject: Remove more unused portions of the 'password cache'. Andrew Bartlett (This used to be commit 318e11748a86d92bfc6ebf0e58f3c8360cbf4b69) --- source3/libsmb/pwd_cache.c | 42 ++++++------------------------------------ 1 file changed, 6 insertions(+), 36 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 27ca4ddf57..e010f226a0 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -27,43 +27,24 @@ static void pwd_init(struct pwd_info *pwd) { memset((char *)pwd->password , '\0', sizeof(pwd->password )); - memset((char *)pwd->smb_lm_pwd, '\0', sizeof(pwd->smb_lm_pwd)); - memset((char *)pwd->smb_nt_pwd, '\0', sizeof(pwd->smb_nt_pwd)); - memset((char *)pwd->smb_lm_owf, '\0', sizeof(pwd->smb_lm_owf)); - memset((char *)pwd->smb_nt_owf, '\0', sizeof(pwd->smb_nt_owf)); pwd->null_pwd = True; /* safest option... */ - pwd->cleartext = False; - pwd->crypted = False; } /**************************************************************************** - Makes lm and nt hashed passwords. + Stores a cleartext password. ****************************************************************************/ -static void pwd_make_lm_nt_16(struct pwd_info *pwd, const char *clr) +void pwd_set_cleartext(struct pwd_info *pwd, const char *clr) { pwd_init(pwd); - - if (!clr) { - ZERO_STRUCT(pwd->smb_nt_pwd); - ZERO_STRUCT(pwd->smb_lm_pwd); - pwd->null_pwd = True; + if (clr) { + fstrcpy(pwd->password, clr); + pwd->null_pwd = False; } else { - nt_lm_owf_gen(clr, pwd->smb_nt_pwd, pwd->smb_lm_pwd); - pwd->null_pwd = False; + pwd->null_pwd = True; } - pwd->crypted = False; -} - -/**************************************************************************** - Stores a cleartext password. -****************************************************************************/ -void pwd_set_cleartext(struct pwd_info *pwd, const char *clr) -{ - pwd_make_lm_nt_16(pwd, clr); - fstrcpy(pwd->password, clr); pwd->cleartext = True; } @@ -80,14 +61,3 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) } -/**************************************************************************** - Gets lm and nt crypts. -****************************************************************************/ - -void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]) -{ - if (lm_owf != NULL) - memcpy(lm_owf, pwd->smb_lm_owf, 24); - if (nt_owf != NULL) - memcpy(nt_owf, pwd->smb_nt_owf, 24); -} -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/libsmb/pwd_cache.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index e010f226a0..a0f3383e29 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -60,4 +60,3 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) clr[0] = 0; } - -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libsmb/pwd_cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index a0f3383e29..72e2f707d2 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libsmb/pwd_cache.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libsmb/pwd_cache.c') diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 72e2f707d2..071e729e8c 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit