From 106fe88be01f7ac7d1369e97a6468dcd80c0a813 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Wed, 1 Dec 1999 16:39:51 +0000
Subject: 1) when no domain used in ntlogin test command, should use default
 one    from previous lsaquery command.  over-ridden from DOMAIN\username

2) initialisation of cli_state is a little more specific: sets use_ntlmv2
   to Auto.  this can always be over-ridden.

3) fixed reusage of ntlmssp_cli_flgs which was being a pain

4) added pwd_compare() function then fixed bug in cli_use where NULL
   domain name was making connections multiply unfruitfully

5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch
(This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
---
 source3/include/proto.h          |  1 +
 source3/libsmb/clientgen.c       | 36 ++++++++++++++---------
 source3/libsmb/pwd_cache.c       | 63 ++++++++++++++++++++++++++++++++++++----
 source3/rpc_client/cli_use.c     | 47 ++++++++++++++++++++----------
 source3/rpcclient/cmd_netlogon.c | 29 +++++++++++++++++-
 source3/rpcclient/cmd_samr.c     |  2 +-
 source3/rpcclient/rpcclient.c    |  2 +-
 7 files changed, 142 insertions(+), 38 deletions(-)

(limited to 'source3')

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 3d75d26ae8..f9250dc04e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -840,6 +840,7 @@ BOOL remote_password_change(const char *remote_machine, const char *user_name,
 
 void pwd_init(struct pwd_info *pwd);
 void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key);
+BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2);
 void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt);
 void pwd_set_nullpwd(struct pwd_info *pwd);
 void pwd_set_cleartext(struct pwd_info *pwd, char *clr);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index f3bd08895d..5a0363185f 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -2675,8 +2675,18 @@ initialise a client structure
 ****************************************************************************/
 void cli_init_creds(struct cli_state *cli, const struct user_credentials *usr)
 {
-	copy_user_creds(&cli->usr, usr);
-	cli->ntlmssp_cli_flgs = usr->ntlmssp_flags;
+	if (usr != NULL)
+	{
+		copy_user_creds(&cli->usr, usr);
+		cli->ntlmssp_cli_flgs = usr->ntlmssp_flags;
+	}
+	else
+	{
+		cli->usr.domain[0] = 0;
+		cli->usr.user_name[0] = 0;
+		pwd_set_nullpwd(&cli->usr.pwd);
+		cli->ntlmssp_cli_flgs = 0;
+	}
 }
 
 /****************************************************************************
@@ -2715,7 +2725,10 @@ struct cli_state *cli_initialise(struct cli_state *cli)
 	}
 
 	cli->initialised = 1;
-	cli->capabilities = CAP_DFS;
+	cli->capabilities = CAP_DFS | CAP_NT_SMBS | CAP_STATUS32;
+	cli->use_ntlmv2 = Auto;
+
+	cli_init_creds(cli, NULL);
 
 	return cli;
 }
@@ -2984,6 +2997,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
 	if (IS_BITS_SET_ALL(cli->capabilities, CAP_EXTENDED_SECURITY))
 	{
 		/* common to both session setups */
+		uint32 ntlmssp_flgs;
 		char pwd_buf[128];
 		int buf_len;
 		char *p;
@@ -3024,9 +3038,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
 		p = skip_string(p, 1);
 		CVAL(p, 0) = 0x1;
 		p += 4;
-		if (cli->ntlmssp_cli_flgs == 0)
-		{
-			cli->ntlmssp_cli_flgs =
+		ntlmssp_flgs = 
 				NTLMSSP_NEGOTIATE_UNICODE |
 				NTLMSSP_NEGOTIATE_OEM |
 				NTLMSSP_NEGOTIATE_SIGN |
@@ -3036,11 +3048,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
 				NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
 				NTLMSSP_NEGOTIATE_00001000 |
 				NTLMSSP_NEGOTIATE_00002000;
-#if 0
-			cli->ntlmssp_cli_flgs = 0x80008207;
-#endif
-		}
-		SIVAL(p, 0, cli->ntlmssp_cli_flgs);
+		SIVAL(p, 0, ntlmssp_flgs);
 		p += 4;
 		p += 16; /* skip some NULL space */
 		CVAL(p, 0) = 0; p++; /* alignment */
@@ -3072,12 +3080,12 @@ BOOL cli_establish_connection(struct cli_state *cli,
 		}
 	
 		p = smb_buf(cli->inbuf) + 0x2f;
-		cli->ntlmssp_cli_flgs = IVAL(p, 0); /* 0x80808a05; */
+		ntlmssp_flgs = IVAL(p, 0); /* 0x80808a05; */
 		p += 4;
 		memcpy(cli->cryptkey, p, 8);
 #ifdef DEBUG_PASSWORD
 		DEBUG(100,("cli_session_setup_x: ntlmssp %8x\n",
-			    cli->ntlmssp_cli_flgs));
+			    ntlmssp_flgs));
 			   
 		DEBUG(100,("cli_session_setup_x: crypt key\n"));
 		dump_data(100, cli->cryptkey, 8);
@@ -3098,7 +3106,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
 
 		create_ntlmssp_resp(&cli->usr.pwd, cli->usr.domain,
 				     cli->usr.user_name, cli->calling.name,
-				     cli->ntlmssp_cli_flgs,
+				     ntlmssp_flgs,
 				     &auth_resp);
 		prs_link(NULL, &auth_resp, NULL);
 
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index 8f030a1a08..9680349a86 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -29,12 +29,12 @@ initialises a password structure
 ****************************************************************************/
 void pwd_init(struct pwd_info *pwd)
 {
-	bzero(pwd->password  , sizeof(pwd->password  ));
-	bzero(pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
-	bzero(pwd->smb_nt_pwd, sizeof(pwd->smb_nt_pwd));
-	bzero(pwd->smb_lm_owf, sizeof(pwd->smb_lm_owf));
-	bzero(pwd->smb_nt_owf, sizeof(pwd->smb_nt_owf));
-	bzero(pwd->sess_key  , sizeof(pwd->sess_key  ));
+	ZERO_STRUCT(pwd->password  );
+	ZERO_STRUCT(pwd->smb_lm_pwd);
+	ZERO_STRUCT(pwd->smb_nt_pwd);
+	ZERO_STRUCT(pwd->smb_lm_owf);
+	ZERO_STRUCT(pwd->smb_nt_owf);
+	ZERO_STRUCT(pwd->sess_key  );
 	pwd->nt_owf_len = 0;
 
 	pwd->null_pwd  = True; /* safest option... */
@@ -63,6 +63,57 @@ void pwd_obfuscate_key(struct pwd_info *pwd, uint32 int_key, char *str_key)
 {
 }
 
+/****************************************************************************
+compares two passwords.  hmm, not as trivial as expected.  hmm.
+****************************************************************************/
+BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2)
+{
+	pwd_deobfuscate(pwd1);
+	pwd_deobfuscate(pwd2);
+	if (pwd1->cleartext && pwd2->cleartext)
+	{
+		if (strequal(pwd1->password, pwd2->password))
+		{
+			pwd_obfuscate(pwd1);
+			pwd_obfuscate(pwd2);
+			return True;
+		}
+	}
+	if (pwd1->null_pwd && pwd2->null_pwd)
+	{
+		pwd_obfuscate(pwd1);
+		pwd_obfuscate(pwd2);
+		return True;
+	}
+	if (pwd1->crypted || pwd2->crypted)
+	{
+		DEBUG(5,("pwd_compare: cannot compare crypted passwords\n"));
+		pwd_obfuscate(pwd1);
+		pwd_obfuscate(pwd2);
+		return False;
+	}
+
+	if (!pwd1->crypted   && !pwd2->crypted &&
+	    !pwd1->null_pwd  && !pwd2->null_pwd &&
+	    !pwd1->cleartext && !pwd2->cleartext)
+	{
+		if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
+		{
+			pwd_obfuscate(pwd1);
+			pwd_obfuscate(pwd2);
+			return True;
+		}
+		if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
+		{
+			pwd_obfuscate(pwd1);
+			pwd_obfuscate(pwd2);
+			return True;
+		}
+	}
+	pwd_obfuscate(pwd1);
+	pwd_obfuscate(pwd2);
+	return False;
+}
 /****************************************************************************
 reads a password
 ****************************************************************************/
diff --git a/source3/rpc_client/cli_use.c b/source3/rpc_client/cli_use.c
index a2559fbaab..a953d332e1 100644
--- a/source3/rpc_client/cli_use.c
+++ b/source3/rpc_client/cli_use.c
@@ -113,29 +113,49 @@ static struct cli_use *cli_find(const char* srv_name,
 		sv_name = &sv_name[2];
 	}
 
+	DEBUG(10,("cli_find: %s %s %s\n",
+			srv_name,
+			usr_creds->user_name,
+			usr_creds->domain));
+
 	for (i = 0; i < num_clis; i++)
 	{
-		uchar ntpw[16], clintpw[16];
 		char *cli_name = NULL;
+		struct cli_use *c = clis[i];
 
-		if (clis[i] == NULL) continue;
+		if (c == NULL) continue;
 
-		cli_name = clis[i]->cli->desthost;
+		cli_name = c->cli->desthost;
+
+		DEBUG(10,("cli_find[%d]: %s %s %s\n",
+				i, cli_name,
+		                c->cli->usr.user_name,
+				c->cli->usr.domain));
+				
 		if (strnequal("\\\\", cli_name, 2))
 		{
 			cli_name = &cli_name[2];
 		}
 
-		if (!strequal(cli_name, sv_name)) continue;
-
-		pwd_get_lm_nt_16(&usr_creds->pwd, NULL, ntpw);
-		pwd_get_lm_nt_16(&clis[i]->cli->usr.pwd, NULL, clintpw);
-
-		if (strequal(usr_creds->user_name, clis[i]->cli->usr.user_name) &&
-		    strequal(usr_creds->domain, clis[i]->cli->usr.domain) &&
-		    memcmp(ntpw, clintpw, 16) == 0)
+		if (!strequal(cli_name, sv_name))
 		{
-			return clis[i];
+			continue;
+		}
+		if (!strequal(usr_creds->user_name, c->cli->usr.user_name))
+		{
+			continue;
+		}
+		if (!pwd_compare(&usr_creds->pwd, &c->cli->usr.pwd))
+		{
+			continue;
+		}
+		if (usr_creds->domain[0] == 0)
+		{
+			return c;
+		}
+		if (strequal(usr_creds->domain, c->cli->usr.domain))
+		{
+			return c;
 		}
 	}
 
@@ -164,11 +184,8 @@ static struct cli_use *cli_use_get(const char* srv_name,
 		return NULL;
 	}
 
-	cli->cli->capabilities |= CAP_NT_SMBS | CAP_STATUS32;
 	cli_init_creds(cli->cli, usr_creds);
 
-	cli->cli->use_ntlmv2 = lp_client_ntlmv2();
-
 	return cli;
 }
 
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 0b0292e632..89e52ed779 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -53,12 +53,20 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
 	char *nt_password;
 	unsigned char trust_passwd[16];
 	fstring trust_acct;
+	fstring domain;
+	char *p;
 
 	fstring srv_name;
 	fstrcpy(srv_name, "\\\\");
 	fstrcat(srv_name, info->dest_host);
 	strupper(srv_name);
 
+	fstrcpy(domain, usr_creds->domain);
+
+	if (domain[0] == 0)
+	{
+		fstrcpy(domain, info->dom.level3_dom);
+	}
 #if 0
 	/* machine account passwords */
 	pstring new_mach_pwd;
@@ -76,6 +84,7 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
 		if (nt_user_name[0] == 0)
 		{
 			report(out_hnd,"ntlogin: must specify username with anonymous connection\n");
+			report(out_hnd,"ntlogin [[DOMAIN\\]user] [password]\n");
 			return;
 		}
 	}
@@ -84,6 +93,24 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
 		fstrcpy(nt_user_name, argv[0]);
 	}
 
+	p = strchr(nt_user_name, '\\');
+	if (p != NULL)
+	{
+		fstrcpy(domain, nt_user_name);
+		p = strchr(domain, '\\');
+		if (p != NULL)
+		{
+			*p = 0;
+			fstrcpy(nt_user_name, p+1);
+		}
+		
+	}
+
+	if (domain[0] == 0)
+	{
+		report(out_hnd,"no domain specified.\n");
+	}
+
 	argc--;
 	argv++;
 
@@ -102,7 +129,7 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[])
 	fstrcpy(trust_acct, info->myhostname);
 	fstrcat(trust_acct, "$");
 
-	res = res ? trust_get_passwd(trust_passwd, usr_creds->domain, info->myhostname) : False;
+	res = res ? trust_get_passwd(trust_passwd, domain, info->myhostname) : False;
 
 #if 0
 	/* check whether the user wants to change their machine password */
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index c4cb613ee2..f38587ceb6 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1717,7 +1717,7 @@ void cmd_sam_set_userinfo2(struct client_info *info, int argc, char *argv[])
 
 		if (True)
 		{
-			SAM_USER_INFO_16 *p = malloc(sizeof(SAM_USER_INFO_16));
+			SAM_USER_INFO_16 *p = (SAM_USER_INFO_16 *)malloc(sizeof(SAM_USER_INFO_16));
 			p->acb_info = usr16.acb_info;
 
 			usr = (void*)p;
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index a8546b7733..4dc919fd97 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -318,7 +318,7 @@ struct command_set commands[] =
 	{
 		"ntlogin",
 		cmd_netlogon_login_test,
-		"[username] [password] NT Domain login test",
+		"[[DOMAIN\\]username] [password] NT Domain login test",
 		{COMPL_NONE, COMPL_NONE}
 	},
 	{
-- 
cgit