sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-17 04:23:50 +03:00
Code Activity

rpc client mods (ntlmssp flags)

Browse Source
This commit is contained in:
Luke Leighton
-
parent 91d224735d
commit 16256f86bf
10 changed files with 101 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/include/ntdomain.h
View File

@@ -86,6 +86,9 @@ typedef struct pipes_struct
BOOL ntlmssp_auth;
unsigned char ntlmssp_hash[258];
fstring user_name;
fstring domain;
fstring wks;
uint32 file_offset;
uint32 hdr_offsets;

2
source/rpc_client/cli_netlogon.c
View File

@@ -556,7 +556,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
* Now start the NT Domain stuff :-).
*/
if(cli_nt_session_open(&cli, PIPE_NETLOGON, False) == False) {
if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) {
DEBUG(0,("modify_trust_password: unable to open the domain client session to \
machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
cli_nt_session_close(&cli);

31
source/rpc_client/cli_pipe.c
View File

@@ -953,11 +953,21 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
return valid_ack;
}
/****************************************************************************
set ntlmssp negotiation flags
****************************************************************************/
BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
{
cli->ntlmssp_cli_flgs = ntlmssp_flgs;
}
/****************************************************************************
open a session
****************************************************************************/
BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name)
{
RPC_IFACE abstract;
RPC_IFACE transfer;
@@ -999,25 +1009,6 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
/******************* bind request on pipe *****************/
if (encrypted)
{
cli->ntlmssp_cli_flgs = 0xb2b3;
/* NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000;
*/
DEBUG(5,("cli_nt_session_open: neg_flags: %x\n",
cli->ntlmssp_cli_flgs));
}
if (!rpc_pipe_bind(cli, pipe_name,
&abstract, &transfer,
global_myname))

4
source/rpc_server/srv_pipe_hnd.c
View File

@@ -159,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
SERIOUSLY ALPHA CODE!
****************************************************************************/
int write_pipe(pipes_struct *p, char *data, int n)
ssize_t write_pipe(pipes_struct *p, char *data, size_t n)
{
prs_struct pd;
struct mem_buf data_buf;
@@ -182,7 +182,7 @@ int write_pipe(pipes_struct *p, char *data, int n)
pd.io = True;
pd.offset = 0;
return rpc_command(p, &pd) ? n : -1;
return rpc_command(p, &pd) ? ((ssize_t)n) : -1;
}

50
source/rpc_server/srv_util.c
View File

@@ -208,6 +208,52 @@ BOOL create_rpc_reply(pipes_struct *p,
return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
}
static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
{
uchar lm_owf[24];
uchar nt_owf[24];
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False;
memset(p->user_name, 0, sizeof(p->user_name));
memset(p->domain , 0, sizeof(p->domain ));
memset(p->wks , 0, sizeof(p->wks ));
if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
{
fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user , p->ntlmssp_resp.hdr_usr .str_str_len/2));
fstrcpy(p->domain , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2));
fstrcpy(p->wks , unistrn2((uint16*)p->ntlmssp_resp.wks , p->ntlmssp_resp.hdr_wks .str_str_len/2));
}
else
{
fstrcpy(p->user_name, p->ntlmssp_resp.user );
fstrcpy(p->domain , p->ntlmssp_resp.domain);
fstrcpy(p->wks , p->ntlmssp_resp.wks );
}
DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
#ifdef DEBUG_PASSWORD
DEBUG(100,"lm, nt owfs:\n"));
dump_data(100, lm_owf, sizeof(lm_owf));
dump_data(100, nt_owf, sizeof(nt_owf));
#endif
return True;
#if 0
return pass_check_smb(p->user_name, p->domain,
p->ntplssp_chal.challenge, lm_owf, nt_owf);
#endif
}
static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
{
@@ -222,6 +268,10 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
case NTLMSSP_AUTH:
{
smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
if (!api_pipe_ntlmssp_verify(p))
{
pd->offset = 0;
}
break;
}
default:

4
source/rpcclient/cmd_lsarpc.c
View File

@@ -62,7 +62,7 @@ void cmd_lsa_query_info(struct client_info *info)
DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
/* lookup domain controller; receive a policy handle */
res = res ? do_lsa_open_policy(smb_cli,
@@ -171,7 +171,7 @@ void cmd_lsa_lookup_sids(struct client_info *info)
sids[0] = &sid;
/* open LSARPC session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
/* lookup domain controller; receive a policy handle */
res = res ? do_lsa_open_policy(smb_cli,

2
source/rpcclient/cmd_netlogon.c
View File

@@ -87,7 +87,7 @@ void cmd_netlogon_login_test(struct client_info *info)
info->mach_acct, new_mach_pwd) : False;
#endif
/* open NETLOGON session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON) : False;
res = res ? cli_nt_setup_creds(smb_cli, trust_passwd) : False;

40
source/rpcclient/cmd_samr.c
View File

@@ -48,14 +48,14 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
fstring sid;
char *new_passwd;
BOOL res = True;
char nt_newpass[516];
char nt_hshhash[16];
char nt_newhash[16];
char nt_oldhash[16];
char lm_newpass[516];
char lm_newhash[16];
char lm_hshhash[16];
char lm_oldhash[16];
uchar nt_newpass[516];
uchar nt_hshhash[16];
uchar nt_newhash[16];
uchar nt_oldhash[16];
uchar lm_newpass[516];
uchar lm_newhash[16];
uchar lm_hshhash[16];
uchar lm_oldhash[16];
fstrcpy(sid , info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
@@ -79,8 +79,19 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
cli_nt_set_ntlmssp_flgs(smb_cli,
NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_OEM |
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_LM_KEY |
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
NTLMSSP_NEGOTIATE_00001000 |
NTLMSSP_NEGOTIATE_00002000);
/* open SAMR session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@@ -90,7 +101,6 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
srv_name, smb_cli->user_name,
nt_newpass, nt_hshhash,
lm_newpass, lm_hshhash) : False;
/* close the session */
cli_nt_session_close(smb_cli);
@@ -132,7 +142,7 @@ void cmd_sam_test(struct client_info *info)
fprintf(out_hnd, "SAM Encryption Test\n");
/* open SAMR session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@@ -231,7 +241,7 @@ void cmd_sam_enum_users(struct client_info *info)
#endif
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
@@ -373,7 +383,7 @@ void cmd_sam_query_user(struct client_info *info)
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
@@ -461,7 +471,7 @@ void cmd_sam_query_groups(struct client_info *info)
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
@@ -550,7 +560,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,

10
source/rpcclient/cmd_srvsvc.c
View File

@@ -67,7 +67,7 @@ void cmd_srv_query_info(struct client_info *info)
DEBUG(5, ("cmd_srv_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
/* send info level: receive requested info. hopefully. */
res = res ? do_srv_net_srv_get_info(smb_cli,
@@ -125,7 +125,7 @@ void cmd_srv_enum_conn(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_conn: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 1;
hnd.handle = 0;
@@ -185,7 +185,7 @@ void cmd_srv_enum_shares(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_shares: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 0;
hnd.handle = 0;
@@ -245,7 +245,7 @@ void cmd_srv_enum_sess(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_sess: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 1;
hnd.handle = 0;
@@ -297,7 +297,7 @@ void cmd_srv_enum_files(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_files: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 1;
hnd.handle = 0;

2
source/rpcclient/cmd_wkssvc.c
View File

@@ -67,7 +67,7 @@ void cmd_wks_query_info(struct client_info *info)
DEBUG(5, ("cmd_wks_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC, False) : False;
res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC) : False;
/* send info level: receive requested info. hopefully. */
res = res ? do_wks_query_info(smb_cli,