2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 extern int DEBUGLEVEL;
28 /****************************************************************************
29 Initialize domain session credentials.
30 ****************************************************************************/
32 BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16])
37 DOM_CHAL auth2_srv_chal;
44 /******************** initialise ********************************/
48 /******************* Request Challenge ********************/
50 generate_random_buffer( clnt_chal.data, 8, False);
52 /* send a client challenge; receive a server challenge */
53 if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal))
55 DEBUG(0,("do_nt_session_open: request challenge failed\n"));
59 /**************** Long-term Session key **************/
61 /* calculate the session key */
62 cred_session_key(&clnt_chal, &srv_chal, mach_pwd, sess_key);
65 /******************* Authenticate 2 ********************/
67 /* calculate auth-2 credentials */
68 cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred->challenge));
70 /* send client auth-2 challenge; receive an auth-2 challenge */
71 if (!cli_net_auth2(cli, SEC_CHAN_WKSTA, 0x000001ff,
72 &(cli->clnt_cred->challenge), &auth2_srv_chal))
74 DEBUG(0,("do_nt_session_open: auth2 challenge failed\n"));
82 /****************************************************************************
84 ****************************************************************************/
86 BOOL do_nt_srv_pwset(struct cli_state *cli,
87 uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
89 char *dest_host, char *mach_acct, char *myhostname)
94 char nt_owf_new_mach_pwd[16];
97 DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd));
99 nt_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd);
101 #ifdef DEBUG_PASSWORD
102 dump_data(6, nt_owf_new_mach_pwd, 16);
105 if (!obfuscate_pwd(nt_cypher, nt_owf_new_mach_pwd, mode))
107 DEBUG(5,("do_nt_srv_pwset: encrypt mach pwd failed\n"));
111 clnt_cred->timestamp.time = time(NULL);
113 memcpy(&cred, clnt_cred, sizeof(cred));
115 /* calculate credentials */
116 cred_create(sess_key, &(clnt_cred->challenge),
117 cred.timestamp, &(cred.challenge));
119 /* send client srv_pwset challenge */
120 return do_net_srv_pwset(cli, fnum, sess_key, clnt_cred,
121 dest_host, mach_acct, 2, myhostname,
122 &cred, rtn_cred, nt_cypher);
125 /****************************************************************************
126 make interactive sam login info
127 ****************************************************************************/
129 void make_nt_login_interactive(NET_ID_INFO_CTR *ctr,
131 char *workgroup, char *myhostname,
132 uint32 smb_userid, char *username)
134 /****************** SAM Info Preparation *******************/
136 char *smb_user_passwd = getpass("Enter NT Login Password:");
138 char lm_owf_user_pwd[16];
139 char nt_owf_user_pwd[16];
141 nt_lm_owf_gen(smb_user_passwd, nt_owf_user_pwd, lm_owf_user_pwd);
143 #ifdef DEBUG_PASSWORD
145 DEBUG(100,("nt owf of user password: "));
146 dump_data(100, lm_owf_user_pwd, 16);
148 DEBUG(100,("nt owf of user password: "));
149 dump_data(100, nt_owf_user_pwd, 16);
153 /* indicate an "interactive" login */
154 ctr->switch_value = 1;
156 /* this is used in both the SAM Logon and the SAM Logoff */
157 make_id_info1(&ctr->auth.id1, workgroup, 0,
158 smb_userid, 0, username, myhostname,
159 sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
163 /****************************************************************************
164 make network sam login info
165 ****************************************************************************/
167 void make_nt_login_network(NET_ID_INFO_CTR *ctr, uint32 smb_userid, char *username,
168 char lm_chal[8], char lm_chal_resp[24],
169 char nt_chal_resp[24])
171 /* indicate a "network" login */
172 ctr->switch_value = 2;
174 /* this is used in both the SAM Logon and the SAM Logoff */
175 make_id_info2(&ctr->auth.id2, myworkgroup, 0, smb_userid, 0,
176 username, myhostname,
177 lm_chal, lm_chal_resp, nt_chal_resp);
180 /****************************************************************************
182 ****************************************************************************/
184 BOOL cli_nt_login(struct cli_state *cli,
185 DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
186 NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
188 DOM_CRED sam_logon_rtn_cred;
191 fstring my_host_name;
193 DEBUG(5,("do_nt_login: %d\n", __LINE__));
195 /*********************** SAM Logon **********************/
197 cli->clnt_cred->timestamp.time = time(NULL);
199 memcpy(&cred, cli->clnt_cred, sizeof(cred));
201 /* calculate sam logon credentials */
202 cred_create(sess_key, &(cli->clnt_cred->challenge),
203 cred.timestamp, &(cred.challenge));
205 strcpy(dest_srv, "\\\\");
206 strcat(dest_srv, dest_host);
209 fstrcpy(my_host_name, myhostname);
210 strupper(my_host_name);
212 /* send client sam-logon challenge */
213 return cli_net_sam_logon(cli, dest_srv, my_host_name,
214 &cred, &sam_logon_rtn_cred,
215 ctr->switch_value, ctr, 3, user_info3,
219 /****************************************************************************
221 ****************************************************************************/
223 BOOL cli_nt_logoff(struct cli_state *cli, DOM_CRED *rtn_cred,
224 NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname)
226 DOM_CRED sam_logoff_rtn_cred;
229 fstring my_host_name;
231 DEBUG(5,("do_nt_logoff: %d\n", __LINE__));
233 /*********************** SAM Logoff *********************/
235 clnt_cred->timestamp.time = time(NULL);
237 memcpy(&cred, cli->clnt_cred, sizeof(cred));
239 /* calculate sam logoff credentials */
240 cred_create(sess_key, &(cli->clnt_cred->challenge),
241 cred.timestamp, &(cred.challenge));
243 strcpy(dest_srv, "\\\\");
244 strcat(dest_srv, dest_host);
247 fstrcpy(my_host_name, myhostname);
248 strupper(my_host_name);
250 /* send client sam-logoff challenge; receive a sam-logoff challenge */
251 return cli_net_sam_logoff(cli, fnum, sess_key, clnt_cred,
252 dest_srv, my_host_name,
253 &cred, &sam_logoff_rtn_cred,
254 ctr->switch_value, ctr, 3,