summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source/utils/ntlm_auth.c164
1 files changed, 76 insertions, 88 deletions
diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c
index c926d076980..45a919c5841 100644
--- a/source/utils/ntlm_auth.c
+++ b/source/utils/ntlm_auth.c
@@ -89,7 +89,7 @@ static DATA_BLOB opt_challenge;
static DATA_BLOB opt_lm_response;
static DATA_BLOB opt_nt_response;
static int request_lm_key;
-static int request_nt_key;
+static int request_user_session_key;
static const char *require_membership_of;
static const char *require_membership_sid;
@@ -110,7 +110,7 @@ static char winbind_separator(void)
if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
NSS_STATUS_SUCCESS) {
d_printf("could not obtain winbind separator!\n");
- return '\\';
+ return *lp_winbind_separator();
}
sep = response.data.info.winbind_separator;
@@ -118,7 +118,7 @@ static char winbind_separator(void)
if (!sep) {
d_printf("winbind separator was NULL!\n");
- return '\\';
+ return *lp_winbind_separator();
}
return sep;
@@ -140,7 +140,7 @@ static const char *get_winbind_domain(void)
if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
NSS_STATUS_SUCCESS) {
DEBUG(0, ("could not obtain winbind domain name!\n"));
- exit(1);
+ return lp_workgroup();
}
fstrcpy(winbind_domain, response.data.domain_name);
@@ -166,7 +166,7 @@ static const char *get_winbind_netbios_name(void)
if (winbindd_request(WINBINDD_NETBIOS_NAME, NULL, &response) !=
NSS_STATUS_SUCCESS) {
DEBUG(0, ("could not obtain winbind netbios name!\n"));
- return NULL;
+ return global_myname();
}
fstrcpy(winbind_netbios_name, response.data.netbios_name);
@@ -295,7 +295,7 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
const DATA_BLOB *nt_response,
uint32 flags,
uint8 lm_key[8],
- uint8 nt_key[16],
+ uint8 user_session_key[16],
char **error_string,
char **unix_name)
{
@@ -304,8 +304,6 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
struct winbindd_request request;
struct winbindd_response response;
- static uint8 zeros[16];
-
if (!get_require_membership_sid()) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -371,16 +369,12 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
return nt_status;
}
- if ((flags & WBFLAG_PAM_LMKEY) && lm_key
- && (memcmp(zeros, response.data.auth.first_8_lm_hash,
- sizeof(response.data.auth.first_8_lm_hash)) != 0)) {
+ if ((flags & WBFLAG_PAM_LMKEY) && lm_key) {
memcpy(lm_key, response.data.auth.first_8_lm_hash,
- sizeof(response.data.auth.first_8_lm_hash));
+ sizeof(response.data.auth.first_8_lm_hash));
}
- if ((flags & WBFLAG_PAM_USER_SESSION_KEY) && nt_key
- && (memcmp(zeros, response.data.auth.user_session_key,
- sizeof(response.data.auth.user_session_key)) != 0)) {
- memcpy(nt_key, response.data.auth.user_session_key,
+ if ((flags & WBFLAG_PAM_USER_SESSION_KEY) && user_session_key) {
+ memcpy(user_session_key, response.data.auth.user_session_key,
sizeof(response.data.auth.user_session_key));
}
@@ -399,7 +393,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
NTSTATUS nt_status;
char *error_string;
uint8 lm_key[8];
- uint8 nt_key[16];
+ uint8 user_sess_key[16];
char *unix_name;
nt_status = contact_winbind_auth_crap(ntlmssp_state->user, ntlmssp_state->domain,
@@ -408,7 +402,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
WBFLAG_PAM_LMKEY | WBFLAG_PAM_USER_SESSION_KEY | WBFLAG_PAM_UNIX_NAME,
- lm_key, nt_key,
+ lm_key, user_sess_key,
&error_string, &unix_name);
if (NT_STATUS_IS_OK(nt_status)) {
@@ -418,8 +412,8 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
memset(lm_session_key->data+8, '\0', 8);
}
- if (memcmp(nt_key, zeros, 16) != 0) {
- *user_session_key = data_blob(nt_key, 16);
+ if (memcmp(user_sess_key, zeros, 16) != 0) {
+ *user_session_key = data_blob(user_sess_key, 16);
}
ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name);
SAFE_FREE(unix_name);
@@ -436,10 +430,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
{
- static const char zeros[16];
NTSTATUS nt_status;
- uint8 lm_key[8];
- uint8 nt_key[16];
uint8 lm_pw[16], nt_pw[16];
nt_lm_owf_gen (opt_password, nt_pw, lm_pw);
@@ -455,15 +446,6 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u
lm_pw, nt_pw, user_session_key, lm_session_key);
if (NT_STATUS_IS_OK(nt_status)) {
- if (memcmp(lm_key, zeros, 8) != 0) {
- *lm_session_key = data_blob(NULL, 16);
- memcpy(lm_session_key->data, lm_key, 8);
- memset(lm_session_key->data+8, '\0', 8);
- }
-
- if (memcmp(nt_key, zeros, 16) != 0) {
- *user_session_key = data_blob(nt_key, 16);
- }
ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx,
"%s%c%s", ntlmssp_state->domain,
*lp_winbind_separator(),
@@ -1452,9 +1434,9 @@ static BOOL check_auth_crap(void)
NTSTATUS nt_status;
uint32 flags = 0;
char lm_key[8];
- char nt_key[16];
+ char user_session_key[16];
char *hex_lm_key;
- char *hex_nt_key;
+ char *hex_user_session_key;
char *error_string;
static uint8 zeros[16];
@@ -1463,7 +1445,7 @@ static BOOL check_auth_crap(void)
if (request_lm_key)
flags |= WBFLAG_PAM_LMKEY;
- if (request_nt_key)
+ if (request_user_session_key)
flags |= WBFLAG_PAM_USER_SESSION_KEY;
flags |= WBFLAG_PAM_NT_STATUS_SQUASH;
@@ -1475,7 +1457,7 @@ static BOOL check_auth_crap(void)
&opt_nt_response,
flags,
(unsigned char *)lm_key,
- (unsigned char *)nt_key,
+ (unsigned char *)user_session_key,
&error_string, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1495,14 +1477,14 @@ static BOOL check_auth_crap(void)
x_fprintf(x_stdout, "LM_KEY: %s\n", hex_lm_key);
SAFE_FREE(hex_lm_key);
}
- if (request_nt_key
- && (memcmp(zeros, nt_key,
- sizeof(nt_key)) != 0)) {
- hex_encode((const unsigned char *)nt_key,
- sizeof(nt_key),
- &hex_nt_key);
- x_fprintf(x_stdout, "NT_KEY: %s\n", hex_nt_key);
- SAFE_FREE(hex_nt_key);
+ if (request_user_session_key
+ && (memcmp(zeros, user_session_key,
+ sizeof(user_session_key)) != 0)) {
+ hex_encode((const unsigned char *)user_session_key,
+ sizeof(user_session_key),
+ &hex_user_session_key);
+ x_fprintf(x_stdout, "NT_KEY: %s\n", hex_user_session_key);
+ SAFE_FREE(hex_user_session_key);
}
return True;
@@ -1539,14 +1521,14 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which)
DATA_BLOB session_key = data_blob(NULL, 16);
uchar lm_key[8];
- uchar nt_key[16];
+ uchar user_session_key[16];
uchar lm_hash[16];
uchar nt_hash[16];
DATA_BLOB chall = get_challenge();
char *error_string;
ZERO_STRUCT(lm_key);
- ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
@@ -1583,7 +1565,7 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which)
&nt_response,
flags,
lm_key,
- nt_key,
+ user_session_key,
&error_string, NULL);
data_blob_free(&lm_response);
@@ -1607,21 +1589,21 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which)
}
if (break_which == NO_NT) {
- if (memcmp(lm_hash, nt_key,
+ if (memcmp(lm_hash, user_session_key,
8) != 0) {
DEBUG(1, ("NT Session Key does not match expectations (should be LM hash)!\n"));
- DEBUG(1, ("nt_key:\n"));
- dump_data(1, (const char *)nt_key, sizeof(nt_key));
+ DEBUG(1, ("user_session_key:\n"));
+ dump_data(1, (const char *)user_session_key, sizeof(user_session_key));
DEBUG(1, ("expected:\n"));
dump_data(1, (const char *)lm_hash, sizeof(lm_hash));
pass = False;
}
} else {
- if (memcmp(session_key.data, nt_key,
- sizeof(nt_key)) != 0) {
+ if (memcmp(session_key.data, user_session_key,
+ sizeof(user_session_key)) != 0) {
DEBUG(1, ("NT Session Key does not match expectations!\n"));
- DEBUG(1, ("nt_key:\n"));
- dump_data(1, (const char *)nt_key, 16);
+ DEBUG(1, ("user_session_key:\n"));
+ dump_data(1, (const char *)user_session_key, 16);
DEBUG(1, ("expected:\n"));
dump_data(1, (const char *)session_key.data, session_key.length);
pass = False;
@@ -1662,11 +1644,11 @@ static BOOL test_ntlm_in_lm(void)
uchar lm_key[8];
uchar lm_hash[16];
- uchar nt_key[16];
+ uchar user_session_key[16];
DATA_BLOB chall = get_challenge();
char *error_string;
- ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
@@ -1682,7 +1664,7 @@ static BOOL test_ntlm_in_lm(void)
NULL,
flags,
lm_key,
- nt_key,
+ user_session_key,
&error_string, NULL);
data_blob_free(&nt_response);
@@ -1704,10 +1686,10 @@ static BOOL test_ntlm_in_lm(void)
dump_data(1, (const char *)lm_hash, 8);
pass = False;
}
- if (memcmp(lm_hash, nt_key, 8) != 0) {
+ if (memcmp(lm_hash, user_session_key, 8) != 0) {
DEBUG(1, ("Session Key (first 8 lm hash) does not match expectations!\n"));
- DEBUG(1, ("nt_key:\n"));
- dump_data(1, (const char *)nt_key, 16);
+ DEBUG(1, ("user_session_key:\n"));
+ dump_data(1, (const char *)user_session_key, 16);
DEBUG(1, ("expected:\n"));
dump_data(1, (const char *)lm_hash, 8);
pass = False;
@@ -1729,13 +1711,13 @@ static BOOL test_ntlm_in_both(void)
char lm_key[8];
char lm_hash[16];
- char nt_key[16];
+ char user_session_key[16];
char nt_hash[16];
DATA_BLOB chall = get_challenge();
char *error_string;
ZERO_STRUCT(lm_key);
- ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
@@ -1753,7 +1735,7 @@ static BOOL test_ntlm_in_both(void)
&nt_response,
flags,
(unsigned char *)lm_key,
- (unsigned char *)nt_key,
+ (unsigned char *)user_session_key,
&error_string, NULL);
data_blob_free(&nt_response);
@@ -1775,11 +1757,11 @@ static BOOL test_ntlm_in_both(void)
dump_data(1, lm_hash, 8);
pass = False;
}
- if (memcmp(session_key.data, nt_key,
- sizeof(nt_key)) != 0) {
+ if (memcmp(session_key.data, user_session_key,
+ sizeof(user_session_key)) != 0) {
DEBUG(1, ("NT Session Key does not match expectations!\n"));
- DEBUG(1, ("nt_key:\n"));
- dump_data(1, nt_key, 16);
+ DEBUG(1, ("user_session_key:\n"));
+ dump_data(1, user_session_key, 16);
DEBUG(1, ("expected:\n"));
dump_data(1, (const char *)session_key.data, session_key.length);
pass = False;
@@ -1800,21 +1782,21 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
uint32 flags = 0;
DATA_BLOB ntlmv2_response = data_blob(NULL, 0);
DATA_BLOB lmv2_response = data_blob(NULL, 0);
- DATA_BLOB user_session_key = data_blob(NULL, 0);
+ DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0);
DATA_BLOB names_blob = NTLMv2_generate_names_blob(get_winbind_netbios_name(), get_winbind_domain());
- uchar nt_key[16];
+ uchar user_session_key[16];
DATA_BLOB chall = get_challenge();
char *error_string;
- ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_USER_SESSION_KEY;
if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall,
&names_blob,
&lmv2_response, &ntlmv2_response,
- &user_session_key)) {
+ &ntlmv2_session_key)) {
data_blob_free(&names_blob);
return False;
}
@@ -1844,7 +1826,7 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
&ntlmv2_response,
flags,
NULL,
- nt_key,
+ user_session_key,
&error_string, NULL);
data_blob_free(&lmv2_response);
@@ -1858,13 +1840,13 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
return break_which == BREAK_NT;
}
- if (break_which != NO_NT && break_which != BREAK_NT && memcmp(user_session_key.data, nt_key,
- sizeof(nt_key)) != 0) {
- DEBUG(1, ("USER (NT) Session Key does not match expectations!\n"));
- DEBUG(1, ("nt_key:\n"));
- dump_data(1, (const char *)nt_key, 16);
+ if (break_which != NO_NT && break_which != BREAK_NT && memcmp(ntlmv2_session_key.data, user_session_key,
+ sizeof(user_session_key)) != 0) {
+ DEBUG(1, ("USER (NTLMv2) Session Key does not match expectations!\n"));
+ DEBUG(1, ("user_session_key:\n"));
+ dump_data(1, (const char *)user_session_key, 16);
DEBUG(1, ("expected:\n"));
- dump_data(1, (const char *)user_session_key.data, user_session_key.length);
+ dump_data(1, (const char *)ntlmv2_session_key.data, ntlmv2_session_key.length);
pass = False;
}
return pass;
@@ -1930,13 +1912,13 @@ static BOOL test_plaintext(enum ntlm_break break_which)
DATA_BLOB lm_response = data_blob(NULL, 0);
char *password;
- uchar nt_key[16];
+ uchar user_session_key[16];
uchar lm_key[16];
static const uchar zeros[8];
DATA_BLOB chall = data_blob(zeros, sizeof(zeros));
char *error_string;
- ZERO_STRUCT(nt_key);
+ ZERO_STRUCT(user_session_key);
flags |= WBFLAG_PAM_LMKEY;
flags |= WBFLAG_PAM_USER_SESSION_KEY;
@@ -1988,7 +1970,7 @@ static BOOL test_plaintext(enum ntlm_break break_which)
&nt_response,
flags,
lm_key,
- nt_key,
+ user_session_key,
&error_string, NULL);
SAFE_FREE(nt_response.data);
@@ -2094,7 +2076,7 @@ enum {
OPT_NT,
OPT_PASSWORD,
OPT_LM_KEY,
- OPT_NT_KEY,
+ OPT_USER_SESSION_KEY,
OPT_DIAGNOSTICS,
OPT_REQUIRE_MEMBERSHIP
};
@@ -2130,7 +2112,7 @@ enum {
{ "nt-response", 0, POPT_ARG_STRING, &hex_nt_response, OPT_NT, "NT or NTLMv2 Response to the challenge (HEX encoded)"},
{ "password", 0, POPT_ARG_STRING, &opt_password, OPT_PASSWORD, "User's plaintext password"},
{ "request-lm-key", 0, POPT_ARG_NONE, &request_lm_key, OPT_LM_KEY, "Retreive LM session key"},
- { "request-nt-key", 0, POPT_ARG_NONE, &request_nt_key, OPT_NT_KEY, "Retreive NT session key"},
+ { "request-nt-key", 0, POPT_ARG_NONE, &request_user_session_key, OPT_USER_SESSION_KEY, "Retreive User (NT) session key"},
{ "diagnostics", 0, POPT_ARG_NONE, &diagnostics, OPT_DIAGNOSTICS, "Perform diagnostics on the authentictaion chain"},
{ "require-membership-of", 0, POPT_ARG_STRING, &require_membership_of, OPT_REQUIRE_MEMBERSHIP, "Require that a user be a member of this group (either name or SID) for authentication to succeed" },
POPT_COMMON_SAMBA
@@ -2168,14 +2150,18 @@ enum {
case OPT_CHALLENGE:
opt_challenge = strhex_to_data_blob(hex_challenge);
if (opt_challenge.length != 8) {
- x_fprintf(x_stderr, "hex decode of %s failed!\n", hex_challenge);
+ x_fprintf(x_stderr, "hex decode of %s failed! (only got %d bytes)\n",
+ hex_challenge,
+ (int)opt_challenge.length);
exit(1);
}
break;
case OPT_LM:
opt_lm_response = strhex_to_data_blob(hex_lm_response);
if (opt_lm_response.length != 24) {
- x_fprintf(x_stderr, "hex decode of %s failed!\n", hex_lm_response);
+ x_fprintf(x_stderr, "hex decode of %s failed! (only got %d bytes)\n",
+ hex_lm_response,
+ (int)opt_lm_response.length);
exit(1);
}
break;
@@ -2183,7 +2169,9 @@ enum {
case OPT_NT:
opt_nt_response = strhex_to_data_blob(hex_nt_response);
if (opt_nt_response.length < 24) {
- x_fprintf(x_stderr, "hex decode of %s failed!\n", hex_nt_response);
+ x_fprintf(x_stderr, "hex decode of %s failed! (only got %d bytes)\n",
+ hex_nt_response,
+ (int)opt_nt_response.length);
exit(1);
}
break;
@@ -2240,14 +2228,14 @@ enum {
if (diagnostics) {
if (!diagnose_ntlm_auth()) {
- exit(1);
+ return 1;
}
} else {
fstring user;
fstr_sprintf(user, "%s%c%s", opt_domain, winbind_separator(), opt_username);
if (!check_plaintext_auth(user, opt_password, True)) {
- exit(1);
+ return 1;
}
}