sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code

r1080: Make sure to initialise all the returned elements in the SamLogon

Browse Source 
reply also initialise the LM session key, when we have it (was failing
because the auth code was setting it's length wrong).

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2004-06-07 22:17:51 +00:00 committed by Gerald (Jerry) Carter
parent ad3dd1789e
commit de97d9df22
2 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
source/libcli/auth/ntlm_check.c
View File

@ -326,10 +326,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
so use it only if we otherwise allow LM authentication */
if (lp_lanman_auth() && lm_pw) {
uint8_t first_8_lm_hash[16];
memcpy(first_8_lm_hash, lm_pw, 8);
memset(first_8_lm_hash + 8, '\0', 8);
*lm_sess_key = data_blob(first_8_lm_hash, 16);
*lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
} else {
@ -367,11 +364,17 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
if (smb_pwd_check_ntlmv1(lm_response,
lm_pw, challenge,
NULL)) {
uint8_t first_8_lm_hash[16];
memcpy(first_8_lm_hash, lm_pw, 8);
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob(first_8_lm_hash, 16);
*lm_sess_key = data_blob(first_8_lm_hash, 16);
/* The session key for this response is still very odd.
It not very secure, so use it only if we otherwise
allow LM authentication */
if (lp_lanman_auth() && lm_pw) {
uint8_t first_8_lm_hash[16];
memcpy(first_8_lm_hash, lm_pw, 8);
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob(first_8_lm_hash, 16);
*lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
}
}
@ -431,7 +434,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
memcpy(first_8_lm_hash, lm_pw, 8);
memset(first_8_lm_hash + 8, '\0', 8);
*user_sess_key = data_blob(first_8_lm_hash, 16);
*lm_sess_key = data_blob(first_8_lm_hash, 16);
*lm_sess_key = data_blob(lm_pw, 8);
}
return NT_STATUS_OK;
}

21
source/rpc_server/netlogon/dcerpc_netlogon.c
View File

@ -543,6 +543,16 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
sam->domain_sid->num_auths--;
sam->AccountControl = 0;
sam->unknown1 = 0;
sam->unknown2 = 0;
sam->unknown3 = 0;
sam->unknown4 = 0;
sam->unknown5 = 0;
sam->unknown6 = 0;
sam->unknown7 = 0;
sam->sidcount = 0;
sam->sids = NULL;
@ -552,9 +562,9 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(sam->key.key);
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(sam->key.key, zeros,
sizeof(sam->key.key)) != 0) {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
creds_arcfour_crypt(pipe_state->creds,
sam->key.key,
sizeof(sam->key.key));
@ -567,6 +577,7 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
ZERO_STRUCT(sam->LMSessKey.key);
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(sam->LMSessKey.key, zeros,
sizeof(sam->LMSessKey.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
@ -584,11 +595,9 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam2->acct_expiry = sam->acct_expiry;
sam2->last_password_change = sam->last_password_change;
sam2->allow_password_change = sam->allow_password_change;
sam2->allow_password_change = sam->allow_password_change;
sam2->force_password_change = sam->force_password_change;
sam2->force_password_change = sam->force_password_change;
sam2->account_name = sam->account_name;
sam2->full_name = sam->full_name;
sam2->logon_script = sam->logon_script;
@ -617,8 +626,6 @@ static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CT
sam2->AccountControl = sam->AccountControl;
/* can we implicit memcpy an array? */
sam2->unknown1 = sam->unknown1;
sam2->unknown2 = sam->unknown2;
sam2->unknown3 = sam->unknown3;