1998-03-12 00:11:04 +03:00
/*
* Unix SMB / Netbios implementation .
* Version 1.9 .
* RPC Pipe client / server routines
* Copyright ( C ) Andrew Tridgell 1992 - 1997 ,
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1997 ,
* Copyright ( C ) Paul Ashton 1997.
1998-04-28 05:24:40 +04:00
* Copyright ( C ) Jeremy Allison 1998.
*
1998-03-12 00:11:04 +03:00
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# ifdef SYSLOG
# undef SYSLOG
# endif
# include "includes.h"
extern int DEBUGLEVEL ;
1998-04-29 04:02:57 +04:00
/****************************************************************************
Generate the next creds to use .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-29 22:46:57 +03:00
void gen_next_creds ( struct cli_state * cli , DOM_CRED * new_clnt_cred )
1998-04-29 04:02:57 +04:00
{
/*
* Create the new client credentials .
*/
cli - > clnt_cred . timestamp . time = time ( NULL ) ;
memcpy ( new_clnt_cred , & cli - > clnt_cred , sizeof ( * new_clnt_cred ) ) ;
/* Calculate the new credentials. */
cred_create ( cli - > sess_key , & ( cli - > clnt_cred . challenge ) ,
new_clnt_cred - > timestamp , & ( new_clnt_cred - > challenge ) ) ;
1998-04-29 23:22:01 +04:00
1998-04-29 04:02:57 +04:00
}
1998-03-12 00:11:04 +03:00
/****************************************************************************
do a LSA Logon Control2
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-29 22:46:57 +03:00
BOOL cli_net_logon_ctrl2 ( const char * srv_name , uint32 status_level )
1998-03-12 00:11:04 +03:00
{
1999-11-29 22:46:57 +03:00
prs_struct rbuf ;
prs_struct buf ;
NET_Q_LOGON_CTRL2 q_l ;
BOOL ok = False ;
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
struct cli_connection * con = NULL ;
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
if ( ! cli_connection_init ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
/* create and send a MSRPC command with api NET_LOGON_CTRL2 */
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
DEBUG ( 4 , ( " net_logon_ctrl2 status level:%x \n " , status_level ) ) ;
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
/* store the parameters */
make_q_logon_ctrl2 ( & q_l , srv_name , 0 , 0 , status_level ) ;
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
/* turn parameters into data stream */
net_io_q_logon_ctrl2 ( " " , & q_l , & buf , 0 ) ;
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
/* send the data on \PIPE\ */
if ( rpc_con_pipe_req ( con , NET_LOGON_CTRL2 , & buf , & rbuf ) )
{
NET_R_LOGON_CTRL2 r_l ;
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
net_io_r_logon_ctrl2 ( " " , & r_l , & rbuf , 0 ) ;
ok = ( rbuf . offset ! = 0 ) ;
if ( ok & & r_l . status ! = 0 )
{
/* report error code */
DEBUG ( 5 , ( " net_logon_ctrl2: Error %s \n " , get_nt_error_msg ( r_l . status ) ) ) ;
ok = False ;
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
cli_connection_unlink ( con ) ;
return ok ;
1998-03-12 00:11:04 +03:00
}
/****************************************************************************
1998-04-28 05:24:40 +04:00
LSA Authenticate 2
Send the client credential , receive back a server credential .
Ensure that the server credential returned matches the session key
encrypt of the server challenge originally received . JRA .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
uint32 cli_net_auth2 ( const char * srv_name ,
1999-10-19 23:55:43 +04:00
const char * trust_acct ,
1999-12-01 22:25:51 +03:00
const char * acct_name ,
1999-11-29 22:46:57 +03:00
uint16 sec_chan ,
1999-03-12 08:47:06 +03:00
uint32 neg_flags , DOM_CHAL * srv_chal )
1998-03-12 00:11:04 +03:00
{
1999-10-19 23:55:43 +04:00
prs_struct rbuf ;
prs_struct buf ;
NET_Q_AUTH_2 q_a ;
uint32 status = 0x0 ;
1999-11-29 22:46:57 +03:00
uint8 sess_key [ 16 ] ;
DOM_CRED clnt_cred ;
struct cli_connection * con = NULL ;
if ( ! cli_connection_getsrv ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
if ( ! cli_get_con_sesskey ( con , sess_key ) )
{
return False ;
}
1998-03-12 00:11:04 +03:00
1999-10-19 23:55:43 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
1998-03-12 00:11:04 +03:00
1999-10-19 23:55:43 +04:00
/* create and send a MSRPC command with api NET_AUTH2 */
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
DEBUG ( 4 , ( " cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x \n " ,
1999-12-01 22:25:51 +03:00
srv_name , trust_acct , sec_chan , acct_name ,
1999-11-29 22:46:57 +03:00
neg_flags ) ) ;
cli_con_get_cli_cred ( con , & clnt_cred ) ;
1998-03-12 00:11:04 +03:00
1999-10-19 23:55:43 +04:00
/* store the parameters */
1999-12-01 22:25:51 +03:00
make_q_auth_2 ( & q_a , srv_name , trust_acct , sec_chan , acct_name ,
1999-11-29 22:46:57 +03:00
& clnt_cred . challenge , neg_flags ) ;
1998-03-12 00:11:04 +03:00
1999-10-19 23:55:43 +04:00
/* turn parameters into data stream */
net_io_q_auth_2 ( " " , & q_a , & buf , 0 ) ;
1998-03-12 00:11:04 +03:00
1999-10-19 23:55:43 +04:00
/* send the data on \PIPE\ */
1999-11-29 22:46:57 +03:00
if ( rpc_con_pipe_req ( con , NET_AUTH2 , & buf , & rbuf ) )
1999-10-19 23:55:43 +04:00
{
NET_R_AUTH_2 r_a ;
1998-04-24 02:45:53 +04:00
1999-10-19 23:55:43 +04:00
net_io_r_auth_2 ( " " , & r_a , & rbuf , 0 ) ;
status = ( rbuf . offset = = 0 ) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0 ;
1998-04-24 02:45:53 +04:00
1999-10-19 23:55:43 +04:00
if ( status = = 0x0 & & r_a . status ! = 0 )
{
/* report error code */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_auth2: Error %s \n " ,
1999-10-19 23:55:43 +04:00
get_nt_error_msg ( r_a . status ) ) ) ;
status = r_a . status ;
}
if ( status = = 0x0 )
{
/*
* Check the returned value using the initial
* server received challenge .
*/
UTIME zerotime ;
zerotime . time = 0 ;
1999-11-29 22:46:57 +03:00
if ( cred_assert ( & r_a . srv_chal , sess_key ,
srv_chal , zerotime ) = = 0 )
1999-10-19 23:55:43 +04:00
{
/*
* Server replied with bad credential . Fail .
*/
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " cli_net_auth2: server %s replied \
with bad credential ( bad trust account password ? ) . \ n " , srv_name)) ;
1999-10-19 23:55:43 +04:00
status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT | 0xC0000000 ;
}
}
1998-04-28 05:24:40 +04:00
1998-11-20 23:44:21 +03:00
#if 0
1999-10-19 23:55:43 +04:00
/*
* Try commenting this out to see if this makes the connect
* work for a NT 3.51 PDC . JRA .
*/
1998-11-20 23:44:21 +03:00
1999-10-19 23:55:43 +04:00
if ( ok & & r_a . srv_flgs . neg_flags ! = q_a . clnt_flgs . neg_flags )
{
/* report different neg_flags */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_auth2: error neg_flags (q,r) differ - (%x,%x) \n " ,
1999-10-19 23:55:43 +04:00
q_a . clnt_flgs . neg_flags , r_a . srv_flgs . neg_flags ) ) ;
ok = False ;
}
1998-11-20 23:44:21 +03:00
# endif
1998-04-24 02:45:53 +04:00
1999-10-19 23:55:43 +04:00
}
else
{
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " rpc_con_pipe_req FAILED \n " ) ) ;
1999-10-19 23:55:43 +04:00
status = 0xC0000000 | NT_STATUS_ACCESS_DENIED ;
}
1998-04-24 02:45:53 +04:00
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_auth2 status: %x \n " , status ) ) ;
1999-10-19 23:55:43 +04:00
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
1998-04-24 02:45:53 +04:00
1999-10-19 23:55:43 +04:00
return status ;
1998-03-12 00:11:04 +03:00
}
/****************************************************************************
1998-04-28 05:24:40 +04:00
LSA Request Challenge . Sends our challenge to server , then gets
server response . These are used to generate the credentials .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
uint32 cli_net_req_chal ( const char * srv_name , const char * myhostname ,
1999-10-19 23:55:43 +04:00
DOM_CHAL * clnt_chal , DOM_CHAL * srv_chal )
1998-03-12 00:11:04 +03:00
{
1998-04-24 02:45:53 +04:00
prs_struct rbuf ;
prs_struct buf ;
NET_Q_REQ_CHAL q_c ;
1999-10-19 23:55:43 +04:00
uint32 status = 0x0 ;
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
struct cli_connection * con = NULL ;
if ( ! cli_connection_init ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
1998-04-24 02:45:53 +04:00
if ( srv_chal = = NULL | | clnt_chal = = NULL )
1999-10-19 23:55:43 +04:00
return 0xC0000000 | NT_STATUS_INVALID_PARAMETER ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* create and send a MSRPC command with api NET_REQCHAL */
1998-03-12 00:11:04 +03:00
1998-04-25 05:12:08 +04:00
DEBUG ( 4 , ( " cli_net_req_chal: LSA Request Challenge from %s to %s: %s \n " ,
1999-11-29 22:46:57 +03:00
srv_name , myhostname , credstr ( clnt_chal - > data ) ) ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* store the parameters */
1999-11-29 22:46:57 +03:00
make_q_req_chal ( & q_c , srv_name , myhostname , clnt_chal ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* turn parameters into data stream */
net_io_q_req_chal ( " " , & q_c , & buf , 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* send the data on \PIPE\ */
1999-11-29 22:46:57 +03:00
if ( rpc_con_pipe_req ( con , NET_REQCHAL , & buf , & rbuf ) )
1998-04-24 02:45:53 +04:00
{
NET_R_REQ_CHAL r_c ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
net_io_r_req_chal ( " " , & r_c , & rbuf , 0 ) ;
1999-10-19 23:55:43 +04:00
status = ( rbuf . offset = = 0 ) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0 ;
1998-03-12 00:11:04 +03:00
1999-10-19 23:55:43 +04:00
if ( status = = 0x0 & & r_c . status ! = 0 )
1998-04-24 02:45:53 +04:00
{
/* report error code */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_req_chal: Error %s \n " , get_nt_error_msg ( r_c . status ) ) ) ;
1999-10-19 23:55:43 +04:00
status = r_c . status ;
1998-04-24 02:45:53 +04:00
}
1999-10-19 23:55:43 +04:00
if ( status = = 0x0 )
1998-04-24 02:45:53 +04:00
{
/* ok, at last: we're happy. return the challenge */
memcpy ( srv_chal , r_c . srv_chal . data , sizeof ( srv_chal - > data ) ) ;
}
}
1999-10-19 23:55:43 +04:00
else
{
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " rpc_con_pipe_req FAILED \n " ) ) ;
1999-10-19 23:55:43 +04:00
status = 0xC0000000 | NT_STATUS_ACCESS_DENIED ;
}
1998-04-24 02:45:53 +04:00
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
1999-10-19 23:55:43 +04:00
return status ;
1998-03-12 00:11:04 +03:00
}
/***************************************************************************
1998-04-29 04:02:57 +04:00
LSA Server Password Set .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
BOOL cli_net_srv_pwset ( const char * srv_name ,
const char * myhostname ,
const char * trust_acct ,
uint8 hashed_trust_pwd [ 16 ] ,
uint16 sec_chan_type )
1998-03-12 00:11:04 +03:00
{
1998-04-24 02:45:53 +04:00
prs_struct rbuf ;
prs_struct buf ;
1998-04-29 04:02:57 +04:00
DOM_CRED new_clnt_cred ;
1998-04-24 02:45:53 +04:00
NET_Q_SRV_PWSET q_s ;
1998-04-29 04:02:57 +04:00
BOOL ok = False ;
1999-11-29 22:46:57 +03:00
unsigned char processed_new_pwd [ 16 ] ;
/* Process the new password. */
uint8 sess_key [ 16 ] ;
struct cli_connection * con = NULL ;
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
if ( ! cli_connection_getsrv ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
if ( ! cli_get_con_sesskey ( con , sess_key ) )
{
return False ;
}
cred_hash3 ( processed_new_pwd , hashed_trust_pwd , sess_key , 1 ) ;
cli_con_gen_next_creds ( con , & new_clnt_cred ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* create and send a MSRPC command with api NET_SRV_PWSET */
1998-03-12 00:11:04 +03:00
1998-08-14 21:38:29 +04:00
DEBUG ( 4 , ( " cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x \n " ,
1999-11-29 22:46:57 +03:00
srv_name , trust_acct , sec_chan_type , myhostname ,
1998-04-29 04:02:57 +04:00
credstr ( new_clnt_cred . challenge . data ) , new_clnt_cred . timestamp . time ) ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* store the parameters */
1999-11-29 22:46:57 +03:00
make_q_srv_pwset ( & q_s , srv_name , trust_acct , sec_chan_type ,
myhostname , & new_clnt_cred , ( char * ) processed_new_pwd ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* turn parameters into data stream */
net_io_q_srv_pwset ( " " , & q_s , & buf , 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* send the data on \PIPE\ */
1999-11-29 22:46:57 +03:00
if ( rpc_con_pipe_req ( con , NET_SRVPWSET , & buf , & rbuf ) )
1998-04-24 02:45:53 +04:00
{
NET_R_SRV_PWSET r_s ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
net_io_r_srv_pwset ( " " , & r_s , & rbuf , 0 ) ;
ok = ( rbuf . offset ! = 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
if ( ok & & r_s . status ! = 0 )
{
/* report error code */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_srv_pwset: %s \n " , get_nt_error_msg ( r_s . status ) ) ) ;
1998-04-24 02:45:53 +04:00
ok = False ;
}
1998-04-29 04:02:57 +04:00
/* Update the credentials. */
1999-11-29 22:46:57 +03:00
if ( ok & & ! cli_con_deal_with_creds ( con , & ( r_s . srv_cred ) ) )
1998-04-24 02:45:53 +04:00
{
1998-04-29 04:02:57 +04:00
/*
* Server replied with bad credential . Fail .
*/
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " cli_net_srv_pwset: server %s replied with bad credential \
( bad trust account password ? ) . \ n " , srv_name));
1998-04-29 04:02:57 +04:00
ok = False ;
1998-04-24 02:45:53 +04:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
1998-04-29 04:02:57 +04:00
return ok ;
1998-03-12 00:11:04 +03:00
}
/***************************************************************************
1998-04-29 04:02:57 +04:00
LSA SAM Logon - interactive or network .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
BOOL cli_net_sam_logon ( const char * srv_name , const char * myhostname ,
NET_ID_INFO_CTR * ctr ,
NET_USER_INFO_3 * user_info3 )
1998-03-12 00:11:04 +03:00
{
1998-04-28 05:24:40 +04:00
DOM_CRED new_clnt_cred ;
1998-04-29 23:22:01 +04:00
DOM_CRED dummy_rtn_creds ;
1998-04-24 02:45:53 +04:00
prs_struct rbuf ;
prs_struct buf ;
1998-04-28 05:24:40 +04:00
uint16 validation_level = 3 ;
1998-04-24 02:45:53 +04:00
NET_Q_SAM_LOGON q_s ;
1998-04-28 05:24:40 +04:00
BOOL ok = False ;
1998-04-24 02:45:53 +04:00
1999-11-29 22:46:57 +03:00
struct cli_connection * con = NULL ;
if ( ! cli_connection_getsrv ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
cli_con_gen_next_creds ( con , & new_clnt_cred ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* create and send a MSRPC command with api NET_SAMLOGON */
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
DEBUG ( 4 , ( " cli_net_sam_logon: srv:%s mc:%s ll: %d \n " ,
srv_name , myhostname ,
1998-04-28 05:24:40 +04:00
ctr - > switch_value ) ) ;
1998-03-12 00:11:04 +03:00
1998-04-29 23:22:01 +04:00
memset ( & dummy_rtn_creds , ' \0 ' , sizeof ( dummy_rtn_creds ) ) ;
1998-10-27 18:03:47 +03:00
dummy_rtn_creds . timestamp . time = time ( NULL ) ;
1998-04-29 23:22:01 +04:00
1998-04-24 02:45:53 +04:00
/* store the parameters */
1999-11-29 22:46:57 +03:00
make_sam_info ( & ( q_s . sam_id ) , srv_name , myhostname ,
1999-12-01 23:18:21 +03:00
& new_clnt_cred , & dummy_rtn_creds , ctr - > switch_value , ctr ) ;
q_s . validation_level = validation_level ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* turn parameters into data stream */
net_io_q_sam_logon ( " " , & q_s , & buf , 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* send the data on \PIPE\ */
1999-11-29 22:46:57 +03:00
if ( rpc_con_pipe_req ( con , NET_SAMLOGON , & buf , & rbuf ) )
1998-04-24 02:45:53 +04:00
{
NET_R_SAM_LOGON r_s ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
r_s . user = user_info3 ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
net_io_r_sam_logon ( " " , & r_s , & rbuf , 0 ) ;
ok = ( rbuf . offset ! = 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
if ( ok & & r_s . status ! = 0 )
{
/* report error code */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_sam_logon: %s \n " , get_nt_error_msg ( r_s . status ) ) ) ;
1998-04-24 02:45:53 +04:00
ok = False ;
}
1998-04-28 05:24:40 +04:00
/* Update the credentials. */
1999-11-29 22:46:57 +03:00
if ( ok & & ! cli_con_deal_with_creds ( con , & ( r_s . srv_creds ) ) )
1998-04-28 05:24:40 +04:00
{
/*
* Server replied with bad credential . Fail .
*/
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " cli_net_sam_logon: server %s replied with bad credential \
( bad trust account password ? ) . \ n " , srv_name));
1998-04-28 05:24:40 +04:00
ok = False ;
}
1998-04-24 02:45:53 +04:00
if ( ok & & r_s . switch_value ! = 3 )
{
/* report different switch_value */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_sam_logon: switch_value of 3 expected %x \n " ,
1998-04-24 02:45:53 +04:00
r_s . switch_value ) ) ;
ok = False ;
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
1998-04-28 05:24:40 +04:00
return ok ;
1998-03-12 00:11:04 +03:00
}
/***************************************************************************
1998-04-28 05:24:40 +04:00
LSA SAM Logoff .
1998-04-29 23:22:01 +04:00
This currently doesnt work correctly as the domain controller
returns NT_STATUS_INVALID_INFO_CLASS - we obviously need to
send a different info level . Right now though , I ' m not sure
what that needs to be ( I need to see one on the wire before
I can be sure ) . JRA .
1998-03-12 00:11:04 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-29 22:46:57 +03:00
BOOL cli_net_sam_logoff ( const char * srv_name , const char * myhostname ,
NET_ID_INFO_CTR * ctr )
1998-03-12 00:11:04 +03:00
{
1998-04-28 05:24:40 +04:00
DOM_CRED new_clnt_cred ;
1998-04-29 23:22:01 +04:00
DOM_CRED dummy_rtn_creds ;
1998-04-24 02:45:53 +04:00
prs_struct rbuf ;
prs_struct buf ;
NET_Q_SAM_LOGOFF q_s ;
1998-04-28 05:24:40 +04:00
BOOL ok = False ;
1998-03-12 00:11:04 +03:00
1999-11-29 22:46:57 +03:00
struct cli_connection * con = NULL ;
if ( ! cli_connection_getsrv ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
cli_con_gen_next_creds ( con , & new_clnt_cred ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
1998-03-12 00:11:04 +03:00
1998-04-28 05:24:40 +04:00
/* create and send a MSRPC command with api NET_SAMLOGOFF */
1998-03-12 00:11:04 +03:00
1998-08-14 21:38:29 +04:00
DEBUG ( 4 , ( " cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d \n " ,
1999-11-29 22:46:57 +03:00
srv_name , myhostname ,
1998-04-28 05:24:40 +04:00
credstr ( new_clnt_cred . challenge . data ) , new_clnt_cred . timestamp . time ,
ctr - > switch_value ) ) ;
1998-03-12 00:11:04 +03:00
1998-04-29 23:22:01 +04:00
memset ( & dummy_rtn_creds , ' \0 ' , sizeof ( dummy_rtn_creds ) ) ;
1998-04-24 02:45:53 +04:00
/* store the parameters */
1999-11-29 22:46:57 +03:00
make_sam_info ( & ( q_s . sam_id ) , srv_name , myhostname ,
1999-12-01 23:18:21 +03:00
& new_clnt_cred , & dummy_rtn_creds , ctr - > switch_value , ctr ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* turn parameters into data stream */
net_io_q_sam_logoff ( " " , & q_s , & buf , 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
/* send the data on \PIPE\ */
1999-11-29 22:46:57 +03:00
if ( rpc_con_pipe_req ( con , NET_SAMLOGOFF , & buf , & rbuf ) )
1998-04-24 02:45:53 +04:00
{
NET_R_SAM_LOGOFF r_s ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
net_io_r_sam_logoff ( " " , & r_s , & rbuf , 0 ) ;
ok = ( rbuf . offset ! = 0 ) ;
1998-03-12 00:11:04 +03:00
1998-04-24 02:45:53 +04:00
if ( ok & & r_s . status ! = 0 )
{
/* report error code */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_sam_logoff: %s \n " , get_nt_error_msg ( r_s . status ) ) ) ;
1998-04-24 02:45:53 +04:00
ok = False ;
}
1998-04-28 05:24:40 +04:00
/* Update the credentials. */
1999-11-29 22:46:57 +03:00
if ( ok & & ! cli_con_deal_with_creds ( con , & ( r_s . srv_creds ) ) )
1998-04-24 02:45:53 +04:00
{
1998-04-28 05:24:40 +04:00
/*
* Server replied with bad credential . Fail .
*/
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " cli_net_sam_logoff: server %s replied with bad credential \
( bad trust account password ? ) . \ n " , srv_name ));
1998-04-29 04:02:57 +04:00
ok = False ;
1998-04-24 02:45:53 +04:00
}
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
1998-04-28 05:24:40 +04:00
return ok ;
1998-03-12 00:11:04 +03:00
}
1998-05-27 04:30:52 +04:00
1999-04-08 09:36:15 +04:00
/***************************************************************************
Synchronise SAM Database ( requires SEC_CHAN_BDC ) .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1999-11-29 22:46:57 +03:00
BOOL cli_net_sam_sync ( const char * srv_name , const char * myhostname ,
1999-10-26 20:46:45 +04:00
uint32 database_id ,
uint32 * num_deltas ,
SAM_DELTA_HDR * hdr_deltas ,
SAM_DELTA_CTR * deltas )
1999-04-08 09:36:15 +04:00
{
NET_Q_SAM_SYNC q_s ;
prs_struct rbuf ;
prs_struct buf ;
DOM_CRED new_clnt_cred ;
BOOL ok = False ;
1999-11-29 22:46:57 +03:00
uint8 sess_key [ 16 ] ;
1999-04-08 09:36:15 +04:00
1999-11-29 22:46:57 +03:00
struct cli_connection * con = NULL ;
if ( ! cli_connection_getsrv ( srv_name , PIPE_NETLOGON , & con ) )
{
return False ;
}
if ( ! cli_get_con_sesskey ( con , sess_key ) )
{
return False ;
}
cli_con_gen_next_creds ( con , & new_clnt_cred ) ;
1999-04-08 09:36:15 +04:00
prs_init ( & buf , 1024 , 4 , SAFETY_MARGIN , False ) ;
prs_init ( & rbuf , 0 , 4 , SAFETY_MARGIN , True ) ;
/* create and send a MSRPC command with api NET_SAM_SYNC */
1999-11-29 22:46:57 +03:00
make_q_sam_sync ( & q_s , srv_name , myhostname ,
1999-04-08 09:36:15 +04:00
& new_clnt_cred , database_id ) ;
/* turn parameters into data stream */
net_io_q_sam_sync ( " " , & q_s , & buf , 0 ) ;
/* send the data on \PIPE\ */
1999-11-29 22:46:57 +03:00
if ( rpc_con_pipe_req ( con , NET_SAM_SYNC , & buf , & rbuf ) )
1999-04-08 09:36:15 +04:00
{
NET_R_SAM_SYNC r_s ;
1999-06-02 07:19:20 +04:00
r_s . hdr_deltas = hdr_deltas ;
r_s . deltas = deltas ;
1999-11-29 22:46:57 +03:00
net_io_r_sam_sync ( " " , sess_key , & r_s , & rbuf , 0 ) ;
1999-04-08 09:36:15 +04:00
ok = ( rbuf . offset ! = 0 ) ;
1999-06-02 07:19:20 +04:00
1999-10-25 20:22:08 +04:00
if ( ok & & r_s . status ! = 0 & & r_s . status ! = STATUS_MORE_ENTRIES )
1999-04-08 09:36:15 +04:00
{
/* report error code */
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " cli_net_sam_sync: %s \n " , get_nt_error_msg ( r_s . status ) ) ) ;
1999-04-08 09:36:15 +04:00
ok = False ;
}
/* Update the credentials. */
1999-11-29 22:46:57 +03:00
if ( ok & & ! cli_con_deal_with_creds ( con , & ( r_s . srv_creds ) ) )
1999-04-08 09:36:15 +04:00
{
1999-11-29 22:46:57 +03:00
DEBUG ( 5 , ( " cli_net_sam_sync: server %s replied with bad \
credential ( bad trust account password ? ) . \ n " , srv_name));
1999-04-08 09:36:15 +04:00
ok = False ;
}
1999-06-02 07:19:20 +04:00
if ( ok )
{
* num_deltas = r_s . num_deltas2 ;
1999-10-25 20:22:08 +04:00
if ( r_s . status = = STATUS_MORE_ENTRIES )
1999-06-02 07:19:20 +04:00
{
1999-10-21 20:53:50 +04:00
DEBUG ( 5 , ( " (More entries) \n " ) ) ;
1999-06-02 07:19:20 +04:00
}
}
1999-04-08 09:36:15 +04:00
}
prs_mem_free ( & rbuf ) ;
prs_mem_free ( & buf ) ;
return ok ;
}