From 92e2ecc3b56cdf07739773b5173a361bc78e5b50 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 1 Apr 1998 21:31:06 +0000 Subject: cli_login.c : start to create the calls needed for client-side of "network" logins, which will be used for domain version of pass-through authentication. unfortunately, none of this code is called in the main branch, because smbclient BRANCH_NTDOM code isn't in use, yet! srv_netlog.c : fixed a problem with static net_login_network() which was being stubborn: the if() statement looked horrendous, so i split it into two if() statements, one to deal with the lm password; the other to deal with the nt password. the smb_password_check() functions should _not_ be called here, in case we decide to disable lm hashes for security reasons, just like nt does. so, we now get a response to the SAM_LOGON "network" call, but the connection is still dropped. a trace is needed from an nt server, which is why i started on the client-side code. see above, which is why i'm calling it a day :-) (This used to be commit 2c29a7d9cf2d8b35e4b6e37e5d24caa91af3a9be) --- source3/rpc_client/cli_login.c | 18 +++++++++++++ source3/rpc_server/srv_netlog.c | 59 ++++++++++++++++++++++++++++------------- 2 files changed, 59 insertions(+), 18 deletions(-) (limited to 'source3') diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index 2033ea437e..049dcf19e6 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -293,6 +293,24 @@ void make_nt_login_interactive(NET_ID_INFO_CTR *ctr, sess_key, lm_owf_user_pwd, nt_owf_user_pwd); } +/**************************************************************************** + make network sam login info + ****************************************************************************/ +void make_nt_login_network(NET_ID_INFO_CTR *ctr, + char *workgroup, char *myhostname, + uint32 smb_userid, char *username, + char lm_chal[8], char lm_chal_resp[24], char nt_chal_resp[24]) +{ + /* indicate a "network" login */ + ctr->switch_value = 2; + + /* this is used in both the SAM Logon and the SAM Logoff */ + make_id_info2(&ctr->auth.id2, workgroup, 0, + smb_userid, 0, + username, myhostname, + lm_chal, lm_chal_resp, nt_chal_resp); +} + /**************************************************************************** experimental nt login. ****************************************************************************/ diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index d7a1b9e421..1b66b8061f 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -488,11 +488,13 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, char nt_pwd[16]; char lm_pwd[16]; unsigned char key[16]; + memset(key, 0, 16); memcpy(key, vuser->dc.sess_key, 8); - memcpy(lm_pwd, id1->lm_owf.data, 16); - memcpy(nt_pwd, id1->nt_owf.data, 16); + memcpy(lm_pwd, id1->lm_owf.data, 16); + memcpy(nt_pwd, id1->nt_owf.data, 16); + SamOEMhash(lm_pwd, key, False); SamOEMhash(nt_pwd, key, False); @@ -520,17 +522,40 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass, user_struct *vuser) { - if ((id2->lm_chal_resp.str_str_len == 24 || - id2->lm_chal_resp.str_str_len == 0) && - id2->nt_chal_resp.str_str_len == 24 && - (((smb_pass->smb_nt_passwd != NULL) && - smb_password_check(id2->nt_chal_resp.buffer, smb_pass->smb_nt_passwd, - id2->lm_chal)) || - smb_password_check(id2->lm_chal_resp.buffer, smb_pass->smb_passwd, - id2->lm_chal))) + DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", + id2->lm_chal_resp.str_str_len, + id2->nt_chal_resp.str_str_len)); + + /* check the lm password, first. */ + /* lkclXXXX this is not a good place to put disabling of LM hashes in. + if that is to be done, first move this entire function into a + library routine that calls the two smb_password_check() functions. + if disabling LM hashes (which nt can do for security reasons) then + an attempt should be made to disable them everywhere (which nt does + not do, for various security-hole reasons). + */ + + if (id2->lm_chal_resp.str_str_len == 24 && + smb_password_check(id2->lm_chal_resp.buffer, + smb_pass->smb_passwd, + id2->lm_chal)) + { + return 0x0; + } + + /* now check the nt password, if it exists */ + + if (id2->nt_chal_resp.str_str_len == 24 && + smb_pass->smb_nt_passwd != NULL && + smb_password_check(id2->nt_chal_resp.buffer, + smb_pass->smb_nt_passwd, + id2->lm_chal)) { return 0x0; } + + /* oops! neither password check succeeded */ + return 0xC0000000 | NT_STATUS_WRONG_PASSWORD; } @@ -577,21 +602,17 @@ static void api_net_sam_logon( int uid, case 1: { uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. User:[%s]\n", - lp_workgroup(), samlogon_user)); + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", + lp_workgroup())); break; } case 2: { uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - DEBUG(3,("SAM Logon (Network). Domain:[%s]. User:[%s]\n", - lp_workgroup(), samlogon_user)); + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", + lp_workgroup())); break; } default: @@ -610,6 +631,8 @@ static void api_net_sam_logon( int uid, pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, uni_samlogon_user->uni_str_len)); + DEBUG(3,("User:[%s]\n", samlogon_user)); + become_root(True); smb_pass = get_smbpwd_entry(samlogon_user, 0); unbecome_root(True); -- cgit