From 106fe88be01f7ac7d1369e97a6468dcd80c0a813 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 1 Dec 1999 16:39:51 +0000 Subject: 1) when no domain used in ntlogin test command, should use default one from previous lsaquery command. over-ridden from DOMAIN\username 2) initialisation of cli_state is a little more specific: sets use_ntlmv2 to Auto. this can always be over-ridden. 3) fixed reusage of ntlmssp_cli_flgs which was being a pain 4) added pwd_compare() function then fixed bug in cli_use where NULL domain name was making connections multiply unfruitfully 5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch (This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a) --- source3/libsmb/clientgen.c | 36 +++++++++++++++----------- source3/libsmb/pwd_cache.c | 63 +++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 79 insertions(+), 20 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index f3bd08895d..5a0363185f 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -2675,8 +2675,18 @@ initialise a client structure ****************************************************************************/ void cli_init_creds(struct cli_state *cli, const struct user_credentials *usr) { - copy_user_creds(&cli->usr, usr); - cli->ntlmssp_cli_flgs = usr->ntlmssp_flags; + if (usr != NULL) + { + copy_user_creds(&cli->usr, usr); + cli->ntlmssp_cli_flgs = usr->ntlmssp_flags; + } + else + { + cli->usr.domain[0] = 0; + cli->usr.user_name[0] = 0; + pwd_set_nullpwd(&cli->usr.pwd); + cli->ntlmssp_cli_flgs = 0; + } } /**************************************************************************** @@ -2715,7 +2725,10 @@ struct cli_state *cli_initialise(struct cli_state *cli) } cli->initialised = 1; - cli->capabilities = CAP_DFS; + cli->capabilities = CAP_DFS | CAP_NT_SMBS | CAP_STATUS32; + cli->use_ntlmv2 = Auto; + + cli_init_creds(cli, NULL); return cli; } @@ -2984,6 +2997,7 @@ BOOL cli_establish_connection(struct cli_state *cli, if (IS_BITS_SET_ALL(cli->capabilities, CAP_EXTENDED_SECURITY)) { /* common to both session setups */ + uint32 ntlmssp_flgs; char pwd_buf[128]; int buf_len; char *p; @@ -3024,9 +3038,7 @@ BOOL cli_establish_connection(struct cli_state *cli, p = skip_string(p, 1); CVAL(p, 0) = 0x1; p += 4; - if (cli->ntlmssp_cli_flgs == 0) - { - cli->ntlmssp_cli_flgs = + ntlmssp_flgs = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM | NTLMSSP_NEGOTIATE_SIGN | @@ -3036,11 +3048,7 @@ BOOL cli_establish_connection(struct cli_state *cli, NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_00001000 | NTLMSSP_NEGOTIATE_00002000; -#if 0 - cli->ntlmssp_cli_flgs = 0x80008207; -#endif - } - SIVAL(p, 0, cli->ntlmssp_cli_flgs); + SIVAL(p, 0, ntlmssp_flgs); p += 4; p += 16; /* skip some NULL space */ CVAL(p, 0) = 0; p++; /* alignment */ @@ -3072,12 +3080,12 @@ BOOL cli_establish_connection(struct cli_state *cli, } p = smb_buf(cli->inbuf) + 0x2f; - cli->ntlmssp_cli_flgs = IVAL(p, 0); /* 0x80808a05; */ + ntlmssp_flgs = IVAL(p, 0); /* 0x80808a05; */ p += 4; memcpy(cli->cryptkey, p, 8); #ifdef DEBUG_PASSWORD DEBUG(100,("cli_session_setup_x: ntlmssp %8x\n", - cli->ntlmssp_cli_flgs)); + ntlmssp_flgs)); DEBUG(100,("cli_session_setup_x: crypt key\n")); dump_data(100, cli->cryptkey, 8); @@ -3098,7 +3106,7 @@ BOOL cli_establish_connection(struct cli_state *cli, create_ntlmssp_resp(&cli->usr.pwd, cli->usr.domain, cli->usr.user_name, cli->calling.name, - cli->ntlmssp_cli_flgs, + ntlmssp_flgs, &auth_resp); prs_link(NULL, &auth_resp, NULL); diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 8f030a1a08..9680349a86 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -29,12 +29,12 @@ initialises a password structure ****************************************************************************/ void pwd_init(struct pwd_info *pwd) { - bzero(pwd->password , sizeof(pwd->password )); - bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd)); - bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd)); - bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf)); - bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf)); - bzero(pwd->sess_key , sizeof(pwd->sess_key )); + ZERO_STRUCT(pwd->password ); + ZERO_STRUCT(pwd->smb_lm_pwd); + ZERO_STRUCT(pwd->smb_nt_pwd); + ZERO_STRUCT(pwd->smb_lm_owf); + ZERO_STRUCT(pwd->smb_nt_owf); + ZERO_STRUCT(pwd->sess_key ); pwd->nt_owf_len = 0; pwd->null_pwd = True; /* safest option... */ @@ -63,6 +63,57 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key) { } +/**************************************************************************** +compares two passwords. hmm, not as trivial as expected. hmm. +****************************************************************************/ +BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2) +{ + pwd_deobfuscate(pwd1); + pwd_deobfuscate(pwd2); + if (pwd1->cleartext && pwd2->cleartext) + { + if (strequal(pwd1->password, pwd2->password)) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + } + if (pwd1->null_pwd && pwd2->null_pwd) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + if (pwd1->crypted || pwd2->crypted) + { + DEBUG(5,("pwd_compare: cannot compare crypted passwords\n")); + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return False; + } + + if (!pwd1->crypted && !pwd2->crypted && + !pwd1->null_pwd && !pwd2->null_pwd && + !pwd1->cleartext && !pwd2->cleartext) + { + if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0) + { + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return True; + } + } + pwd_obfuscate(pwd1); + pwd_obfuscate(pwd2); + return False; +} /**************************************************************************** reads a password ****************************************************************************/ -- cgit