diff options
Diffstat (limited to 'source/rpc_client/cli_login.c')
-rw-r--r-- | source/rpc_client/cli_login.c | 161 |
1 files changed, 84 insertions, 77 deletions
diff --git a/source/rpc_client/cli_login.c b/source/rpc_client/cli_login.c index be186e40a14..e5abca941be 100644 --- a/source/rpc_client/cli_login.c +++ b/source/rpc_client/cli_login.c @@ -32,50 +32,48 @@ Initialize domain session credentials. NTSTATUS cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) { - NTSTATUS result; - DOM_CHAL clnt_chal; - DOM_CHAL srv_chal; + NTSTATUS result; + DOM_CHAL clnt_chal; + DOM_CHAL srv_chal; - UTIME zerotime; + UTIME zerotime; - /******************* Request Challenge ********************/ + /******************* Request Challenge ********************/ - generate_random_buffer( clnt_chal.data, 8, False); + generate_random_buffer( clnt_chal.data, 8, False); - /* send a client challenge; receive a server challenge */ - if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal)) - { - DEBUG(0,("cli_nt_setup_creds: request challenge failed\n")); - return NT_STATUS_UNSUCCESSFUL; - } + /* Send a client challenge; receive a server challenge */ + if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal)) { + DEBUG(0,("cli_nt_setup_creds: request challenge failed\n")); + return NT_STATUS_UNSUCCESSFUL; + } - /**************** Long-term Session key **************/ + /**************** Long-term Session key **************/ - /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, (uchar *)mach_pwd, cli->sess_key); - memset((char *)cli->sess_key+8, '\0', 8); + /* calculate the session key */ + cred_session_key(&clnt_chal, &srv_chal, (uchar *)mach_pwd, cli->sess_key); + memset((char *)cli->sess_key+8, '\0', 8); - /******************* Authenticate 2 ********************/ + /******************* Authenticate 2 ********************/ - /* calculate auth-2 credentials */ - zerotime.time = 0; - cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge)); + /* Calculate auth-2 credentials */ + zerotime.time = 0; + cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge)); - /* - * Send client auth-2 challenge. - * Receive an auth-2 challenge response and check it. - */ + /* + * Send client auth-2 challenge. + * Receive an auth-2 challenge response and check it. + */ - result = cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? - SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, &srv_chal); + result = cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, &srv_chal); - if (!NT_STATUS_IS_OK(result)) - { - DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n")); - return result; - } + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n")); + return result; + } - return NT_STATUS_OK; + return NT_STATUS_OK; } /**************************************************************************** @@ -84,19 +82,19 @@ NTSTATUS cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd) { - unsigned char processed_new_pwd[16]; + unsigned char processed_new_pwd[16]; - DEBUG(5,("cli_nt_srv_pwset: %d\n", __LINE__)); + DEBUG(5,("cli_nt_srv_pwset: %d\n", __LINE__)); #ifdef DEBUG_PASSWORD - dump_data(6, (char *)new_hashof_mach_pwd, 16); + dump_data(6, (char *)new_hashof_mach_pwd, 16); #endif - /* Process the new password. */ - cred_hash3( processed_new_pwd, new_hashof_mach_pwd, cli->sess_key, 1); + /* Process the new password. */ + cred_hash3( processed_new_pwd, new_hashof_mach_pwd, cli->sess_key, 1); - /* send client srv_pwset challenge */ - return cli_net_srv_pwset(cli, processed_new_pwd); + /* Send client srv_pwset challenge */ + return cli_net_srv_pwset(cli, processed_new_pwd); } /**************************************************************************** @@ -105,51 +103,59 @@ NT login - interactive. password equivalents, protected by the session key) is inherently insecure given the current design of the NT Domain system. JRA. ****************************************************************************/ -NTSTATUS cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) + +NTSTATUS cli_nt_login_interactive(struct cli_state *cli, char *unix_domain, char *unix_username, + uint32 smb_userid_low, char *unix_password, + NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) { - uchar lm_owf_user_pwd[16]; - uchar nt_owf_user_pwd[16]; - NTSTATUS ret; + fstring dos_password, dos_username, dos_domain; + uchar lm_owf_user_pwd[16]; + uchar nt_owf_user_pwd[16]; + NTSTATUS ret; + + DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); + fstrcpy(dos_password, unix_password); + unix_to_dos(dos_password); + fstrcpy(dos_username, unix_username); + unix_to_dos(dos_username); + fstrcpy(dos_domain, unix_domain); + unix_to_dos(dos_domain); - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); + nt_lm_owf_gen(dos_password, nt_owf_user_pwd, lm_owf_user_pwd); #ifdef DEBUG_PASSWORD - DEBUG(100,("nt owf of user password: ")); - dump_data(100, (char *)lm_owf_user_pwd, 16); + DEBUG(100,("nt owf of user password: ")); + dump_data(100, (char *)lm_owf_user_pwd, 16); - DEBUG(100,("nt owf of user password: ")); - dump_data(100, (char *)nt_owf_user_pwd, 16); + DEBUG(100,("nt owf of user password: ")); + dump_data(100, (char *)nt_owf_user_pwd, 16); #endif - DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); + DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - /* indicate an "interactive" login */ - ctr->switch_value = INTERACTIVE_LOGON_TYPE; + /* indicate an "interactive" login */ + ctr->switch_value = INTERACTIVE_LOGON_TYPE; - /* Create the structure needed for SAM logon. */ - init_id_info1(&ctr->auth.id1, domain, 0, - smb_userid_low, 0, - username, cli->clnt_name_slash, - (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); + /* Create the structure needed for SAM logon. */ + init_id_info1(&ctr->auth.id1, dos_domain, 0, + smb_userid_low, 0, + dos_username, cli->clnt_name_slash, + (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); - /* Ensure we overwrite all the plaintext password - equivalents. */ - memset(lm_owf_user_pwd, '\0', sizeof(lm_owf_user_pwd)); - memset(nt_owf_user_pwd, '\0', sizeof(nt_owf_user_pwd)); + /* Ensure we overwrite all the plaintext password equivalents. */ + memset(lm_owf_user_pwd, '\0', sizeof(lm_owf_user_pwd)); + memset(nt_owf_user_pwd, '\0', sizeof(nt_owf_user_pwd)); - /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(cli, ctr, user_info3); + /* Send client sam-logon request - update credentials on success. */ + ret = cli_net_sam_logon(cli, ctr, user_info3); - memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(lm_owf_user_pwd)); - memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(nt_owf_user_pwd)); + memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(lm_owf_user_pwd)); + memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(nt_owf_user_pwd)); - return ret; + return ret; } /**************************************************************************** @@ -158,10 +164,10 @@ NT login - network. password equivalents over the network. JRA. ****************************************************************************/ -NTSTATUS cli_nt_login_network(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, const char lm_chal[8], - const char *lm_chal_resp, const char *nt_chal_resp, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) +NTSTATUS cli_nt_login_network(struct cli_state *cli, char *unix_domain, char *unix_username, + uint32 smb_userid_low, const char lm_chal[8], + const char *lm_chal_resp, const char *nt_chal_resp, + NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) { fstring dos_wksta_name, dos_username, dos_domain; DEBUG(5,("cli_nt_login_network: %d\n", __LINE__)); @@ -171,10 +177,10 @@ NTSTATUS cli_nt_login_network(struct cli_state *cli, char *domain, char *usernam fstrcpy(dos_wksta_name, cli->clnt_name_slash); unix_to_dos(dos_wksta_name); - fstrcpy(dos_username, username); + fstrcpy(dos_username, unix_username); unix_to_dos(dos_username); - fstrcpy(dos_domain, domain); + fstrcpy(dos_domain, unix_domain); unix_to_dos(dos_domain); /* Create the structure needed for SAM logon. */ @@ -190,10 +196,11 @@ NTSTATUS cli_nt_login_network(struct cli_state *cli, char *domain, char *usernam /**************************************************************************** NT Logoff. ****************************************************************************/ + BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) { - DEBUG(5,("cli_nt_logoff: %d\n", __LINE__)); + DEBUG(5,("cli_nt_logoff: %d\n", __LINE__)); - /* Send client sam-logoff request - update credentials on success. */ - return cli_net_sam_logoff(cli, ctr); + /* Send client sam-logoff request - update credentials on success. */ + return cli_net_sam_logoff(cli, ctr); } |