From 2597c97d3a274bdb96e9958a79aa70d84381a12a Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Mon, 18 Aug 2008 09:55:11 -0700 Subject: Fix length error in wrapping spnego blob (This used to be commit 16ee95494ba495c5f5ff8779206f380db1067b2d) --- source3/libsmb/clikrb5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 5bb33b11d7..fa21ad3467 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -1910,7 +1910,7 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context, } /* We now have a service ticket, now turn it into an AP-REQ. */ - authenticator->length = ntohs(fwdData.length + GSSAPI_CHECKSUM_SIZE); + authenticator->length = fwdData.length + GSSAPI_CHECKSUM_SIZE; /* Caller should call free() when they're done with this. */ authenticator->data = (char *)pChksum; -- cgit From b67adb49ecbb7eff4446321962f3a00984e88d01 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 21 Aug 2008 15:05:35 +0200 Subject: Fix Bug #5710 and make machine account password changing work again. When we negotiated NETLOGON_NEG_PASSWORD_SET2 we need to use NetrServerPasswordSet2 to change the machine password. Tested with NT4, W2k, W2k3 and W2k8. Guenther (This used to be commit 5820360451e4db0fad0472f814cae667b2ea51fd) --- source3/libsmb/trusts_util.c | 75 ++++++++++++++++++++++++++++++-------------- 1 file changed, 52 insertions(+), 23 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index f4fdf9eb6f..08a49930b4 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -31,34 +31,60 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const unsigned char orig_trust_passwd_hash[16], + const char *new_trust_pwd_cleartext, const unsigned char new_trust_passwd_hash[16], uint32 sec_channel_type) { NTSTATUS result; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - /* Check if the netlogon pipe is open using schannel. If so we - already have valid creds. If not we must set them up. */ - - if (cli->auth->auth_type != PIPE_AUTH_TYPE_SCHANNEL) { - uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - - result = rpccli_netlogon_setup_creds(cli, - cli->desthost, /* server name */ - lp_workgroup(), /* domain */ - global_myname(), /* client name */ - global_myname(), /* machine account name */ - orig_trust_passwd_hash, - sec_channel_type, - &neg_flags); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", - nt_errstr(result))); - return result; - } + result = rpccli_netlogon_setup_creds(cli, + cli->desthost, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ + orig_trust_passwd_hash, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3,("just_change_the_password: unable to setup creds (%s)!\n", + nt_errstr(result))); + return result; } - { + if (neg_flags & NETLOGON_NEG_PASSWORD_SET2) { + + struct netr_Authenticator clnt_creds, srv_cred; + struct netr_CryptPassword new_password; + struct samr_CryptPassword password_buf; + + netlogon_creds_client_step(cli->dc, &clnt_creds); + + encode_pw_buffer(password_buf.data, new_trust_pwd_cleartext, STR_UNICODE); + + SamOEMhash(password_buf.data, cli->dc->sess_key, 516); + memcpy(new_password.data, password_buf.data, 512); + new_password.length = IVAL(password_buf.data, 512); + + result = rpccli_netr_ServerPasswordSet2(cli, mem_ctx, + cli->dc->remote_machine, + cli->dc->mach_acct, + sec_channel_type, + global_myname(), + &clnt_creds, + &srv_cred, + &new_password); + + /* Always check returned credentials. */ + if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { + DEBUG(0,("rpccli_netr_ServerPasswordSet2: " + "credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + } else { + struct netr_Authenticator clnt_creds, srv_cred; struct samr_Password new_password; @@ -118,8 +144,11 @@ NTSTATUS trust_pw_change_and_store_it(struct rpc_pipe_client *cli, TALLOC_CTX *m E_md4hash(new_trust_passwd, new_trust_passwd_hash); - nt_status = just_change_the_password(cli, mem_ctx, orig_trust_passwd_hash, - new_trust_passwd_hash, sec_channel_type); + nt_status = just_change_the_password(cli, mem_ctx, + orig_trust_passwd_hash, + new_trust_passwd, + new_trust_passwd_hash, + sec_channel_type); if (NT_STATUS_IS_OK(nt_status)) { DEBUG(3,("%s : trust_pw_change_and_store_it: Changed password.\n", -- cgit From 56cd17dfe145c2df2b39ad295136c4922bee8e43 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 13 Aug 2008 19:57:19 +0200 Subject: Protect against short read&x replies (This used to be commit 4ed73cbbbeff4b554cc8d28252b756241396b3a1) --- source3/libsmb/clireadwrite.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libsmb') diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index a57f1e0785..4d3027694f 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -138,6 +138,10 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, return status; } + if (wct < 12) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + /* size is the number of bytes the server returned. * Might be zero. */ size = SVAL(cli_req->inbuf, smb_vwv5); -- cgit From 1924e7931cf83124529edb79620a8494ddcad0e9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 23 Aug 2008 15:40:43 +0200 Subject: Revert "Protect against short read&x replies" This reverts commit 4ed73cbbbeff4b554cc8d28252b756241396b3a1. ... how did this end up here?? Volker (This used to be commit 7dd9fd0956bd1c46105d1072c4774972933ab9ec) --- source3/libsmb/clireadwrite.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index 4d3027694f..a57f1e0785 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -138,10 +138,6 @@ NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received, return status; } - if (wct < 12) { - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - /* size is the number of bytes the server returned. * Might be zero. */ size = SVAL(cli_req->inbuf, smb_vwv5); -- cgit