const POLICY_HND *pol_open_domain,
uint32 info_level,
uint32 alias_rid, ALIAS_INFO_CTR *ctr);
+BOOL msrpc_sam_create_dom_user(struct cli_state *cli, DOM_SID *sid1,
+ char *acct_name, uint16 acb_info,
+ uint32 *rid);
/*The following definitions come from rpc_parse/parse_at.c */
const char *user, const char *domain,
uchar *lm_pass, size_t lm_pwd_len,
uchar *nt_pass, size_t nt_pwd_len);
-BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal,
uchar *lm_pwd, size_t lm_pwd_len,
uchar *nt_pwd, size_t nt_pwd_len,
struct passwd *pwd, uchar user_sess_key[16]);
dump_data(100, nt_pwd, 16);
#endif
- SamOEMhash((uchar *)lm_pwd, key, False);
- SamOEMhash((uchar *)nt_pwd, key, False);
+ SamOEMhash((uchar *)lm_pwd, key, 0);
+ SamOEMhash((uchar *)nt_pwd, key, 0);
#ifdef DEBUG_PASSWORD
DEBUG(100,("decrypt of lm owf password:"));
net_login_network:
*************************************************************************/
static uint32 net_login_network(NET_ID_INFO_2 *id2,
- struct sam_passwd *smb_pass,
- user_struct *vuser)
+ struct sam_passwd *sam_pass,
+ user_struct *vuser,
+ char sess_key[16])
{
fstring user;
fstring domain;
DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n",
lm_pw_len, nt_pw_len, user, domain));
- if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal,
- user, domain,
+ if (pass_check_smb(pwdb_sam_to_smb(sam_pass),
+ domain,
+ id2->lm_chal,
(uchar *)id2->lm_chal_resp.buffer, lm_pw_len,
- (uchar *)id2->nt_chal_resp.buffer, nt_pw_len))
+ (uchar *)id2->nt_chal_resp.buffer, nt_pw_len,
+ NULL, sess_key))
{
+ unsigned char key[16];
+
+ memset(key, 0, 16);
+ memcpy(key, vuser->dc.sess_key, 8);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("key:"));
+ dump_data(100, key, 16);
+
+ DEBUG(100,("user sess key:"));
+ dump_data(100, sess_key, 16);
+#endif
+
+ SamOEMhash((uchar *)sess_key, key, 0);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("encrypt of user session key:"));
+ dump_data(100, sess_key, 16);
+#endif
+
return 0x0;
}
UNISTR2 *uni_samusr = NULL;
UNISTR2 *uni_domain = NULL;
fstring nt_username;
+ char *enc_user_sess_key = NULL;
+ char sess_key[16];
NTTIME logon_time ;
NTTIME logoff_time ;
case NET_LOGON_TYPE:
{
/* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l->sam_id.ctr->auth.id2, sam_pass, vuser);
+ status = net_login_network(&q_l->sam_id.ctr->auth.id2, sam_pass, vuser, sess_key);
+ enc_user_sess_key = sess_key;
break;
}
}
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
- NULL, /* char sess_key[16] */
+ enc_user_sess_key, /* char sess_key[16] */
global_myname , /* char *logon_srv */
global_sam_name, /* char *logon_dom */
{
DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
become_root(True);
- p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
+ smb_pass = getsmbpwnam(p->user_name);
+ p->ntlmssp_validated = pass_check_smb(smb_pass, p->domain,
(uchar*)p->ntlmssp_chal.challenge,
lm_owf, lm_owf_len,
nt_owf, nt_owf_len,
NULL, vuser->dc.user_sess_key);
- smb_pass = getsmbpwnam(p->user_name);
unbecome_root(True);
if (smb_pass != NULL)
return True if the password is correct, False otherwise
****************************************************************************/
-BOOL pass_check_smb(char *user, char *domain, uchar *chal,
+BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal,
uchar *lm_pwd, size_t lm_pwd_len,
uchar *nt_pwd, size_t nt_pwd_len,
struct passwd *pwd, uchar user_sess_key[16])
{
const struct passwd *pass;
struct passwd pw;
- struct smb_passwd *smb_pass;
+ char *user = NULL;
- if (!lm_pwd || !nt_pwd)
+ if (smb_pass == NULL)
+ {
+ DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
+ return False;
+ }
+
+ user = smb_pass->unix_name;
+
+ if (lm_pwd == NULL || nt_pwd == NULL)
{
return False;
}
pass = &pw;
}
- smb_pass = getsmbpwnam(user);
-
- if (smb_pass == NULL)
- {
- DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
- return False;
- }
-
/* Quit if the account was disabled. */
if (smb_pass->acct_ctrl & ACB_DISABLED) {
DEBUG(3,("account for user %s was disabled.\n", user));
return False;
}
- return pass_check_smb(user, global_myworkgroup,
+ return pass_check_smb(getsmbpwnam(user), global_myworkgroup,
challenge, (uchar *)password,
pwlen, (uchar *)password, pwlen,
pwd, user_sess_key);