char *ntpass, int ntpasslen);
BOOL domain_client_validate( char *user, char *domain, char *server_list,
char *acct_name, uint16 acct_type,
- char *smb_apasswd, int smb_apasslen,
- char *smb_ntpasswd, int smb_ntpasslen);
+ char *smb_apasswd, int smb_apasslen,
+ char *smb_ntpasswd, int smb_ntpasslen,
+ uchar user_sess_key[16]);
/*The following definitions come from smbd/pipes.c */
char nt_chal_resp[24],
NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
{
- DEBUG(5,("cli_nt_login_network: %d\n", __LINE__));
+ uchar key[16];
+ BOOL ret;
+ DEBUG(5,("cli_nt_login_network: %d\n", __LINE__));
- /* indicate a "network" login */
- ctr->switch_value = NET_LOGON_TYPE;
+ /* indicate a "network" login */
+ ctr->switch_value = NET_LOGON_TYPE;
- /* Create the structure needed for SAM logon. */
- make_id_info2(&ctr->auth.id2, domain, 0,
- luid_low, 0,
- username, cli->clnt_name_slash,
- (uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp);
+ /* Create the structure needed for SAM logon. */
+ make_id_info2(&ctr->auth.id2, domain, 0,
+ luid_low, 0,
+ username, cli->clnt_name_slash,
+ (uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp);
- /* Send client sam-logon request - update credentials on success. */
- return cli_net_sam_logon(cli, fnum, ctr, user_info3);
+ /* Send client sam-logon request - update credentials on success. */
+ ret = cli_net_sam_logon(cli, fnum, ctr, user_info3);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("cli sess key:"));
+ dump_data(100, cli->sess_key, 8);
+ DEBUG(100,("enc user sess key:"));
+ dump_data(100, user_info3->user_sess_key, 16);
+#endif
+
+ memset(key, 0, 16);
+ memcpy(key, (char*)cli->sess_key, 8);
+
+ SamOEMhash(user_info3->user_sess_key, key, False);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("dec user sess key:"));
+ dump_data(100, user_info3->user_sess_key, 16);
+#endif
+ return ret;
}
/****************************************************************************
BOOL domain_client_validate( char *user, char *domain, char *server_list,
char *acct_name, uint16 acct_type,
- char *smb_apasswd, int smb_apasslen,
- char *smb_ntpasswd, int smb_ntpasslen)
+ char *smb_apasswd, int smb_apasslen,
+ char *smb_ntpasswd, int smb_ntpasslen,
+ uchar user_sess_key[16])
{
uint16 nt_pipe_fnum;
unsigned char local_challenge[8];
****************************************************************************/
static BOOL check_domain_security(char *orig_user, char *domain,
- char *smb_apasswd, int smb_apasslen,
- char *smb_ntpasswd, int smb_ntpasslen)
+ char *smb_apasswd, int smb_apasslen,
+ char *smb_ntpasswd, int smb_ntpasslen,
+ uchar user_sess_key[16])
{
fstring acct_name;
uint16 acct_type = 0;
return domain_client_validate(orig_user, domain, server_list,
acct_name, acct_type,
smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen);
+ smb_ntpasswd, smb_ntpasslen,
+ user_sess_key);
}
/****************************************************************************
smb_ntpasswd, smb_ntpasslen) &&
!check_domain_security(orig_user, domain,
smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen) &&
+ smb_ntpasswd, smb_ntpasslen, user_sess_key) &&
!check_hosts_equiv(user)
)
{
projects / thirdparty / samba.git / commitdiff
