sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

smb.h:

Browse Source 
added more structures, this time for the use in the query and response
of the LSA_XXXX functions.  next target: the NTLOGON mailslots (10 minutes
work).


smbparse.c:

tidying.  adding some more sub-structure functions.
This commit is contained in:
Luke Leighton -
parent b0ad811cda
commit 095edfca78
2 changed files with 403 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

377
source/include/smb.h
View File

@ -257,10 +257,14 @@ typedef fstring string;
/* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */
typedef uint32 UTIME;
typedef struct time_info
{
uint32 time;
} UTIME;
/* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
typedef struct nttime
typedef struct nttime_info
{
uint32 low;
uint32 high;
@ -348,10 +352,17 @@ typedef struct log_info
} DOM_LOG_INFO;
/* DOM_CREDs - client or server credentials */
typedef struct cred_info
/* DOM_CHAL - challenge info */
typedef struct chal_info
{
uint8 data[8]; /* credentials */
} DOM_CHAL;
/* DOM_CREDs - timestamped client or server credentials */
typedef struct cred_info
{
DOM_CHAL challenge; /* credentials */
UTIME timestamp; /* credential time-stamp */
} DOM_CRED;
@ -437,6 +448,364 @@ typedef struct rpc_hdr_info
uint8 reserved; /* 0 - reserved */
} RPC_HDR;
/* DOM_QUERY_5 - info class 5 LSA Query response */
typedef struct dom_query_5_info
{
uint16 uni_dom_max_len; /* domain name string length * 2 */
uint16 uni_dom_str_len; /* domain name string length * 2 */
uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
UNISTR uni_domain_name; /* domain name (unicode string) */
DOM_SID dom_sid; /* domain SID */
} DOM_QUERY_5;
/* level 5 is same as level 3. we hope. */
typedef DOM_QUERY_5 DOM_QUERY_3;
/* LSA_POL_HND */
typedef struct lsa_policy_info
{
uint8 data[20]; /* policy handle */
} LSA_POL_HND;
/* LSA_Q_QUERY_INFO - LSA query info policy */
typedef struct lsa_query_info
{
uint16 info_class; /* info class (also a policy handle?) */
} LSA_Q_QUERY_INFO;
/* LSA_R_QUERY_INFO - response to LSA query info policy */
typedef struct lsa_r_query_info
{
uint32 undoc_buffer; /* undocumented buffer pointer */
uint16 info_class; /* info class (same as info class in request) */
union
{
DOM_QUERY_3 id3;
DOM_QUERY_5 id5;
} dom;
} LSA_R_QUERY_INFO;
#define MAX_REF_DOMAINS 10
/* DOM_R_REF */
typedef struct dom_ref_info
{
uint32 undoc_buffer; /* undocumented buffer pointer. */
uint32 num_ref_doms_1; /* num referenced domains? */
uint32 buffer_dom_name; /* undocumented domain name buffer pointer. */
uint32 max_entries; /* 32 - max number of entries */
uint32 num_ref_doms_2; /* 4 - num referenced domains? */
UNIHDR2 hdr_dom_name; /* domain name unicode string header */
UNIHDR2 hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domain unicode string headers */
UNISTR uni_dom_name; /* domain name unicode string */
DOM_SID uni_dom_sid; /* domain SID */
DOM_SID uni_ref_dom[MAX_REF_DOMAINS]; /* referenced domain SIDs */
} DOM_R_REF;
#define MAX_LOOKUP_SIDS 10
/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
typedef struct lsa_q_lookup_sids
{
LSA_POL_HND pol_hnd; /* policy handle */
uint32 num_entries;
uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
uint32 buffer_lookup_sids[MAX_LOOKUP_SIDS]; /* undocumented domain SID pointers to be looked up. */
DOM_SID dom_sids[MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */
uint8 undoc[16]; /* completely undocumented 16 bytes */
} LSA_Q_LOOKUP_SIDS;
/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
typedef struct lsa_r_lookup_sids
{
DOM_R_REF dom_ref; /* domain reference info */
uint32 num_entries;
uint32 undoc_buffer2; /* undocumented buffer pointer */
uint32 num_entries2;
DOM_SID2 dom_sid[MAX_LOOKUP_SIDS]; /* domain SIDs being looked up */
uint32 num_entries3;
} LSA_R_LOOKUP_SIDS;
/* DOM_NAME - XXXX not sure about this structure */
typedef struct dom_name_info
{
uint32 uni_str_len;
uint16 buffer[MAX_UNISTRLEN];
} DOM_NAME;
#define UNKNOWN_LEN 1
/* LSA_Q_LOOKUP_RIDS - LSA Lookup RIDs */
typedef struct lsa_q_lookup_rids
{
LSA_POL_HND pol_hnd; /* policy handle */
uint32 num_entries;
uint32 num_entries2;
uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
DOM_NAME lookup_name[MAX_LOOKUP_SIDS]; /* names to be looked up */
uint8 undoc[UNKNOWN_LEN]; /* completely undocumented bytes of unknown length */
} LSA_Q_LOOKUP_RIDS;
/* LSA_R_LOOKUP_RIDS - response to LSA Lookup Names */
typedef struct lsa_r_lookup_rids
{
uint32 num_entries;
uint32 undoc_buffer2; /* undocumented buffer pointer */
uint32 num_entries2;
DOM_RID2 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
uint32 num_entries3;
} LSA_R_LOOKUP_RIDS;
/* NEG_FLAGS */
typedef struct lsa_neg_flags_info
{
uint32 neg_flags; /* negotiated flags */
} NEG_FLAGS;
/* LSA_Q_REQ_CHAL */
typedef struct lsa_q_req_chal_info
{
uint32 undoc_buffer; /* undocumented buffer pointer */
UNISTR2 uni_logon_srv; /* logon server unicode string */
UNISTR2 uni_logon_clnt; /* logon client unicode string */
DOM_CHAL clnt_chal; /* client challenge */
} LSA_Q_REQ_CHAL;
/* LSA_R_REQ_CHAL */
typedef struct lsa_r_req_chal_info
{
DOM_CHAL srv_chal; /* server challenge */
} LSA_R_REQ_CHAL;
/* LSA_Q_AUTH_2 */
typedef struct lsa_q_auth2_info
{
DOM_LOG_INFO clnt_id; /* client identification info */
DOM_CHAL clnt_chal; /* client-calculated credentials */
NEG_FLAGS clnt_flgs; /* usually 0x0000 01ff */
} LSA_Q_AUTH_2;
/* LSA_R_AUTH_2 */
typedef struct lsa_r_auth2_info
{
DOM_CHAL srv_chal; /* server-calculated credentials */
NEG_FLAGS srv_flgs; /* usually 0x0000 01ff */
} LSA_R_AUTH_2;
/* LSA_Q_SRV_PWSET */
typedef struct lsa_q_srv_pwset_info
{
DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
char pwd[16]; /* new password - undocumented. */
} LSA_Q_SRV_PWSET;
/* LSA_R_SRV_PWSET */
typedef struct lsa_r_srv_pwset_info
{
DOM_CHAL srv_chal; /* server-calculated credentials */
} LSA_R_SRV_PWSET;
#define LSA_MAX_GROUPS 32
/* LSA_USER_INFO */
typedef struct lsa_q_user_info
{
uint32 undoc_buffer;
NTTIME logon_time; /* logon time */
NTTIME logoff_time; /* logoff time */
NTTIME kickoff_time; /* kickoff time */
NTTIME pass_last_set_time; /* password last set time */
NTTIME pass_can_change_time; /* password can change time */
NTTIME pass_must_change_time; /* password must change time */
UNIHDR hdr_user_name; /* username unicode string header */
UNIHDR hdr_full_name; /* user's full name unicode string header */
UNIHDR hdr_logon_script; /* logon script unicode string header */
UNIHDR hdr_profile_path; /* profile path unicode string header */
UNIHDR hdr_home_dir; /* home directory unicode string header */
UNIHDR hdr_dir_drive; /* home directory drive unicode string header */
uint16 logon_count; /* logon count */
uint16 bad_pw_count; /* bad password count */
uint32 user_id; /* User ID */
uint32 group_id; /* Group ID */
uint32 num_groups; /* num groups */
uint32 buffer_groups; /* undocumented buffer pointer to groups. */
uint32 user_flgs; /* user flags */
char sess_key[16]; /* unused user session key */
UNIHDR hdr_logon_srv; /* logon server unicode string header */
UNIHDR hdr_logon_dom; /* logon domain unicode string header */
uint32 buffer_dom_id; /* undocumented logon domain id pointer */
char padding[40]; /* unused padding bytes? */
uint32 num_sids; /* 0 - num_sids */
uint32 buffer_sids; /* NULL - undocumented pointer to SIDs. */
UNISTR2 uni_user_name; /* username unicode string */
UNISTR2 uni_full_name; /* user's full name unicode string */
UNISTR2 uni_logon_script; /* logon script unicode string */
UNISTR2 uni_profile_path; /* profile path unicode string */
UNISTR2 uni_home_dir; /* home directory unicode string */
UNISTR2 uni_dir_drive; /* home directory drive unicode string */
uint32 num_groups2; /* num groups */
DOM_GID gids[LSA_MAX_GROUPS]; /* group info */
UNISTR2 uni_logon_srv; /* logon server unicode string */
UNISTR2 uni_logon_dom; /* logon domain unicode string */
DOM_SID undoc_dom_sids[2]; /* undocumented - domain SIDs */
DOM_SID dom_sid; /* domain SID */
} LSA_USER_INFO;
/* LSA_Q_SAM_LOGON */
typedef struct lsa_q_sam_logon_info
{
DOM_SAM_INFO sam_id;
} LSA_Q_SAM_LOGON;
/* LSA_R_SAM_LOGON */
typedef struct lsa_r_sam_logon_info
{
uint32 buffer_creds; /* undocumented buffer pointer */
DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */
uint32 buffer_user;
LSA_USER_INFO user;
uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
} LSA_R_SAM_LOGON;
/* LSA_Q_SAM_LOGOFF */
typedef struct lsa_q_sam_logoff_info
{
DOM_SAM_INFO sam_id;
} LSA_Q_SAM_LOGOFF;
/* LSA_R_SAM_LOGOFF */
typedef struct lsa_r_sam_logoff_info
{
uint32 buffer_creds; /* undocumented buffer pointer */
DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */
} LSA_R_SAM_LOGOFF;
/*
Yet to be turned into structures:
6) \\MAILSLOT\NET\NTLOGON
-------------------------
6.1) Query for PDC
------------------
Request:
uint16 0x0007 - Query for PDC
STR machine name
STR response mailslot
uint8[] padding to 2-byte align with start of mailslot.
UNISTR machine name
uint32 NTversion
uint16 LMNTtoken
uint16 LM20token
Response:
uint16 0x000A - Respose to Query for PDC
STR machine name (in uppercase)
uint8[] padding to 2-byte align with start of mailslot.
UNISTR machine name
UNISTR domain name
uint32 NTversion (same as received in request)
uint16 LMNTtoken (same as received in request)
uint16 LM20token (same as received in request)
6.2) SAM Logon
--------------
Request:
uint16 0x0012 - SAM Logon
uint16 request count
UNISTR machine name
UNISTR user name
STR response mailslot
uint32 alloweable account
uint32 domain SID size
char[sid_size] domain SID, of sid_size bytes.
uint8[] ???? padding to 4? 2? -byte align with start of mailslot.
uint32 NTversion
uint16 LMNTtoken
uint16 LM20token
Response:
uint16 0x0013 - Response to SAM Logon
UNISTR machine name
UNISTR user name - workstation trust account
UNISTR domain name
uint32 NTversion
uint16 LMNTtoken
uint16 LM20token
*/
struct smb_passwd {
int smb_userid;

32
source/smbparse.c
View File

@ -24,6 +24,20 @@
extern int DEBUGLEVEL;
/*******************************************************************
reads or writes a UTIME type.
********************************************************************/
char* smb_io_utime(BOOL io, UTIME *t, char *q, char *base, int align)
{
if (t == NULL) return NULL;
q = align_offset(q, base, align);
RW_IVAL (io, q, t->time, 0); q += 4;
return q;
}
/*******************************************************************
reads or writes an NTTIME structure.
********************************************************************/
@ -222,6 +236,20 @@ char* smb_io_log_info(BOOL io, DOM_LOG_INFO *log, char *q, char *base, int align
return q;
}
/*******************************************************************
reads or writes a DOM_CHAL structure.
********************************************************************/
char* smb_io_chal(BOOL io, DOM_CHAL *chal, char *q, char *base, int align)
{
if (chal == NULL) return NULL;
q = align_offset(q, base, align);
RW_PCVAL(io, q, chal->data, 8); q += 8;
return q;
}
/*******************************************************************
reads or writes a DOM_CRED structure.
********************************************************************/
@ -231,8 +259,8 @@ char* smb_io_cred(BOOL io, DOM_CRED *cred, char *q, char *base, int align)
q = align_offset(q, base, align);
RW_PCVAL(io, q, cred->data, 8); q += 8;
RW_IVAL (io, q, cred->timestamp, 0); q += 4;
q = smb_io_chal (io, &(cred->challenge), q, base, align);
q = smb_io_utime(io, &(cred->timestamp), q, base, align);
return q;
}