From 4081147c31919a973ce1859394d0f5a49a0c2f39 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 21 Nov 1999 17:11:00 +0000 Subject: [PATCH] adding user session key into network netlogon response. (This used to be commit c73f6b0d02fa7700319ba696f54296006167e5d1) --- source3/include/proto.h | 5 +++- source3/rpc_server/srv_netlog.c | 44 ++++++++++++++++++++++++++------- source3/rpc_server/srv_pipe.c | 4 +-- source3/smbd/password.c | 24 +++++++++--------- 4 files changed, 53 insertions(+), 24 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index f83485d4558..9206c5e578a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2276,6 +2276,9 @@ BOOL get_samr_query_aliasinfo(struct cli_state *cli, uint16 fnum, const POLICY_HND *pol_open_domain, uint32 info_level, uint32 alias_rid, ALIAS_INFO_CTR *ctr); +BOOL msrpc_sam_create_dom_user(struct cli_state *cli, DOM_SID *sid1, + char *acct_name, uint16 acb_info, + uint32 *rid); /*The following definitions come from rpc_parse/parse_at.c */ @@ -4013,7 +4016,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8], const char *user, const char *domain, uchar *lm_pass, size_t lm_pwd_len, uchar *nt_pass, size_t nt_pwd_len); -BOOL pass_check_smb(char *user, char *domain, uchar *chal, +BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal, uchar *lm_pwd, size_t lm_pwd_len, uchar *nt_pwd, size_t nt_pwd_len, struct passwd *pwd, uchar user_sess_key[16]); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 5e9ae350942..f8d7fe5718b 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -666,8 +666,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, dump_data(100, nt_pwd, 16); #endif - SamOEMhash((uchar *)lm_pwd, key, False); - SamOEMhash((uchar *)nt_pwd, key, False); + SamOEMhash((uchar *)lm_pwd, key, 0); + SamOEMhash((uchar *)nt_pwd, key, 0); #ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); @@ -697,8 +697,9 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, net_login_network: *************************************************************************/ static uint32 net_login_network(NET_ID_INFO_2 *id2, - struct sam_passwd *smb_pass, - user_struct *vuser) + struct sam_passwd *sam_pass, + user_struct *vuser, + char sess_key[16]) { fstring user; fstring domain; @@ -712,11 +713,33 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, DEBUG(5,("net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n", lm_pw_len, nt_pw_len, user, domain)); - if (smb_password_ok(pwdb_sam_to_smb(smb_pass), id2->lm_chal, - user, domain, + if (pass_check_smb(pwdb_sam_to_smb(sam_pass), + domain, + id2->lm_chal, (uchar *)id2->lm_chal_resp.buffer, lm_pw_len, - (uchar *)id2->nt_chal_resp.buffer, nt_pw_len)) + (uchar *)id2->nt_chal_resp.buffer, nt_pw_len, + NULL, sess_key)) { + unsigned char key[16]; + + memset(key, 0, 16); + memcpy(key, vuser->dc.sess_key, 8); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("key:")); + dump_data(100, key, 16); + + DEBUG(100,("user sess key:")); + dump_data(100, sess_key, 16); +#endif + + SamOEMhash((uchar *)sess_key, key, 0); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("encrypt of user session key:")); + dump_data(100, sess_key, 16); +#endif + return 0x0; } @@ -733,6 +756,8 @@ static uint32 reply_net_sam_logon( NET_Q_SAM_LOGON *q_l, user_struct *vuser, UNISTR2 *uni_samusr = NULL; UNISTR2 *uni_domain = NULL; fstring nt_username; + char *enc_user_sess_key = NULL; + char sess_key[16]; NTTIME logon_time ; NTTIME logoff_time ; @@ -845,7 +870,8 @@ static uint32 reply_net_sam_logon( NET_Q_SAM_LOGON *q_l, user_struct *vuser, case NET_LOGON_TYPE: { /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l->sam_id.ctr->auth.id2, sam_pass, vuser); + status = net_login_network(&q_l->sam_id.ctr->auth.id2, sam_pass, vuser, sess_key); + enc_user_sess_key = sess_key; break; } } @@ -896,7 +922,7 @@ static uint32 reply_net_sam_logon( NET_Q_SAM_LOGON *q_l, user_struct *vuser, gids , /* DOM_GID *gids */ 0x20 , /* uint32 user_flgs (?) */ - NULL, /* char sess_key[16] */ + enc_user_sess_key, /* char sess_key[16] */ global_myname , /* char *logon_srv */ global_sam_name, /* char *logon_dom */ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 075c9b0d37f..c4664f7d7b0 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -300,12 +300,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) { DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); become_root(True); - p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain, + smb_pass = getsmbpwnam(p->user_name); + p->ntlmssp_validated = pass_check_smb(smb_pass, p->domain, (uchar*)p->ntlmssp_chal.challenge, lm_owf, lm_owf_len, nt_owf, nt_owf_len, NULL, vuser->dc.user_sess_key); - smb_pass = getsmbpwnam(p->user_name); unbecome_root(True); if (smb_pass != NULL) diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 2f0ab6e1378..690e2e5f5ce 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -467,16 +467,24 @@ SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -BOOL pass_check_smb(char *user, char *domain, uchar *chal, +BOOL pass_check_smb(struct smb_passwd *smb_pass, char *domain, uchar *chal, uchar *lm_pwd, size_t lm_pwd_len, uchar *nt_pwd, size_t nt_pwd_len, struct passwd *pwd, uchar user_sess_key[16]) { const struct passwd *pass; struct passwd pw; - struct smb_passwd *smb_pass; + char *user = NULL; - if (!lm_pwd || !nt_pwd) + if (smb_pass == NULL) + { + DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); + return False; + } + + user = smb_pass->unix_name; + + if (lm_pwd == NULL || nt_pwd == NULL) { return False; } @@ -498,14 +506,6 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal, pass = &pw; } - smb_pass = getsmbpwnam(user); - - if (smb_pass == NULL) - { - DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); - return False; - } - /* Quit if the account was disabled. */ if (smb_pass->acct_ctrl & ACB_DISABLED) { DEBUG(3,("account for user %s was disabled.\n", user)); @@ -563,7 +563,7 @@ BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd, return False; } - return pass_check_smb(user, global_myworkgroup, + return pass_check_smb(getsmbpwnam(user), global_myworkgroup, challenge, (uchar *)password, pwlen, (uchar *)password, pwlen, pwd, user_sess_key); -- 2.34.1