diff options
Diffstat (limited to 'source/rpc_client/cli_login.c')
| -rw-r--r-- | source/rpc_client/cli_login.c | 89 |
1 files changed, 53 insertions, 36 deletions
diff --git a/source/rpc_client/cli_login.c b/source/rpc_client/cli_login.c index ae6aff300e3..9316e61f0fa 100644 --- a/source/rpc_client/cli_login.c +++ b/source/rpc_client/cli_login.c @@ -38,7 +38,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, { DOM_CHAL clnt_chal; DOM_CHAL srv_chal; - uint32 ret; + uint32 status; UTIME zerotime; uint8 sess_key[16]; DOM_CRED clnt_cred; @@ -49,11 +49,11 @@ uint32 cli_nt_setup_creds(const char *srv_name, generate_random_buffer(clnt_chal.data, 8, False); /* send a client challenge; receive a server challenge */ - ret = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); - if (ret != 0) + status = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); + if (status != 0) { DEBUG(1, ("cli_nt_setup_creds: request challenge failed\n")); - return ret; + return status; } /**************** Long-term Session key **************/ @@ -77,17 +77,17 @@ uint32 cli_nt_setup_creds(const char *srv_name, * Send client auth-2 challenge. * Receive an auth-2 challenge response and check it. */ - ret = cli_net_auth2(srv_name, trust_acct, myhostname, + status = cli_net_auth2(srv_name, trust_acct, myhostname, sec_chan, &neg_flags, &srv_chal); - if (ret != 0x0) + if (status != 0x0) { DEBUG(1, ("cli_nt_setup_creds: auth2 challenge failed. status: %x\n", - ret)); + status)); } /* check the client secure channel status */ - if (ret == 0x0 && + if (status == 0x0 && lp_client_schannel() == True && IS_BITS_CLR_ALL(neg_flags, 0x40000000)) { @@ -95,7 +95,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, return NT_STATUS_ACCESS_DENIED | 0xC0000000; } - if (ret == 0x0 && IS_BITS_SET_ALL(neg_flags, 0x40000000)) + if (status == 0x0 && IS_BITS_SET_ALL(neg_flags, 0x40000000)) { extern cli_auth_fns cli_netsec_fns; struct cli_connection *con = NULL; @@ -118,7 +118,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, return NT_STATUS_ACCESS_DENIED | 0xC0000000; } } - return ret; + return status; } /**************************************************************************** @@ -153,6 +153,9 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) { uint8 sess_key[16]; + NET_USER_INFO_CTR user_ctr; + uint32 status; + user_ctr.switch_value = 2; DEBUG(5, ("cli_nt_login_general: %d\n", __LINE__)); @@ -165,7 +168,7 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, if (!cli_get_sesskey_srv(srv_name, sess_key)) { DEBUG(1, ("could not obtain session key for %s\n", srv_name)); - return False; + return NT_STATUS_ACCESS_DENIED; } /* indicate an "general" login */ @@ -176,7 +179,13 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, luid_low, 0, username, myhostname, general); /* Send client sam-logon request - update credentials on success. */ - return cli_net_sam_logon(srv_name, myhostname, ctr, user_info3); + status = cli_net_sam_logon(srv_name, myhostname, ctr, &user_ctr); + if (!net_user_info_3_copy_from_ctr(user_info3, &user_ctr)) + { + status = NT_STATUS_INVALID_PARAMETER; + } + free_net_user_info_ctr(&user_ctr); + return status; } /**************************************************************************** @@ -185,7 +194,7 @@ NT login - interactive. password equivalents, protected by the session key) is inherently insecure given the current design of the NT Domain system. JRA. ****************************************************************************/ -BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const uchar * lm_owf_user_pwd, @@ -193,8 +202,10 @@ BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) { - BOOL ret; + uint32 status; uint8 sess_key[16]; + NET_USER_INFO_CTR user_ctr; + user_ctr.switch_value = 2; DEBUG(5, ("cli_nt_login_interactive: %d\n", __LINE__)); @@ -204,7 +215,7 @@ BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, if (!cli_get_sesskey_srv(srv_name, sess_key)) { DEBUG(1, ("could not obtain session key for %s\n", srv_name)); - return False; + return NT_STATUS_ACCESS_DENIED; } /* indicate an "interactive" login */ @@ -217,14 +228,19 @@ BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, (char *)sess_key, lm_owf_user_pwd, nt_owf_user_pwd); /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(srv_name, myhostname, ctr, user_info3); + status = cli_net_sam_logon(srv_name, myhostname, ctr, &user_ctr); + if (!net_user_info_3_copy_from_ctr(user_info3, &user_ctr)) + { + status = NT_STATUS_INVALID_PARAMETER; + } + free_net_user_info_ctr(&user_ctr); memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(ctr->auth.id1.lm_owf.data)); memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(ctr->auth.id1.nt_owf.data)); - return ret; + return status; } /**************************************************************************** @@ -233,7 +249,7 @@ NT login - network. password equivalents over the network. JRA. ****************************************************************************/ -BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char lm_chal[8], const char *lm_chal_resp, @@ -243,13 +259,16 @@ BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) { uint8 sess_key[16]; - BOOL ret; + uint32 status; + NET_USER_INFO_CTR user_ctr; + user_ctr.switch_value = 2; + DEBUG(5, ("cli_nt_login_network: %d\n", __LINE__)); if (!cli_get_sesskey_srv(srv_name, sess_key)) { DEBUG(1, ("could not obtain session key for %s\n", srv_name)); - return False; + return NT_STATUS_ACCESS_DENIED; } /* indicate a "network" login */ @@ -263,27 +282,25 @@ BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, lm_chal_resp, lm_chal_len, nt_chal_resp, nt_chal_len); /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(srv_name, myhostname, ctr, user_info3); + status = cli_net_sam_logon(srv_name, myhostname, ctr, &user_ctr); -#ifdef DEBUG_PASSWORD - DEBUG(100, ("cli sess key:")); - dump_data(100, sess_key, 8); - DEBUG(100, ("enc padding:")); - dump_data(100, user_info3->padding, 8); - DEBUG(100, ("enc user sess key:")); - dump_data(100, user_info3->user_sess_key, 16); -#endif + if (!net_user_info_3_copy_from_ctr(user_info3, &user_ctr)) + { + status = NT_STATUS_INVALID_PARAMETER; + } + free_net_user_info_ctr(&user_ctr); + + dump_data_pw("cli sess key:", sess_key, 8); + dump_data_pw("enc padding:", user_info3->padding, 8); + dump_data_pw("enc user sess key:", user_info3->user_sess_key, 16); SamOEMhash(user_info3->user_sess_key, sess_key, 0); SamOEMhash(user_info3->padding, sess_key, 3); -#ifdef DEBUG_PASSWORD - DEBUG(100, ("dec paddin:")); - dump_data(100, user_info3->padding, 8); - DEBUG(100, ("dec user sess key:")); - dump_data(100, user_info3->user_sess_key, 16); -#endif - return ret; + dump_data_pw("dec padding:", user_info3->padding, 8); + dump_data_pw("dec user sess key:", user_info3->user_sess_key, 16); + + return status; } /**************************************************************************** |