dce/rpc

source/include/ntdomain.h

@@ -85,6 +85,7 @@ typedef struct pipes_struct
 	RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
 
 	BOOL ntlmssp_auth;
+	BOOL ntlmssp_validated;
 	unsigned char ntlmssp_hash[258];
 	fstring user_name;
 	fstring domain;

source/include/proto.h

@@ -1750,6 +1750,7 @@ void make_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
 				char nt_newpass[516], char nt_oldhash[16],
 				char lm_newpass[516], char lm_oldhash[16]);
 void samr_io_q_chgpasswd_user(char *desc, SAMR_Q_CHGPASSWD_USER *q_u, prs_struct *ps, int depth);
+void make_samr_r_chgpasswd_user(SAMR_R_CHGPASSWD_USER *r_u, uint32 status);
 void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct *ps, int depth);
 
 /*The following definitions come from  rpc_parse/parse_srv.c  */

source/include/smb.h

@@ -490,6 +490,7 @@ typedef struct connection_struct
 	name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */
 	name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */
 	name_compare_entry *veto_oplock_list; /* Per-share list of files to refuse oplocks on. */       
+
 } connection_struct;
 
 struct current_user
@@ -497,7 +498,7 @@ struct current_user
 	connection_struct *conn;
 	uint16 vuid;
 	uid_t uid;
-    gid_t gid;
+	gid_t gid;
 	int ngroups;
 	gid_t *groups;
 };

source/rpc_parse/parse_samr.c

@@ -2357,6 +2357,7 @@ void make_samr_q_connect(SAMR_Q_CONNECT *q_u,
 	DEBUG(5,("make_q_connect\n"));
 
 	/* make PDC server name \\server */
+	q_u->ptr_srv_name = len_srv_name > 0 ? 1 : 0; 
 	make_unistr2(&(q_u->uni_srv_name), srv_name, len_srv_name);  
 
 	/* example values: 0x0000 0002 */
@@ -2750,6 +2751,18 @@ void samr_io_q_chgpasswd_user(char *desc, SAMR_Q_CHGPASSWD_USER *q_u, prs_struct
 	samr_io_enc_hash  ("lm_oldhash", &(q_u->lm_oldhash), ps, depth); 
 }
 
+/*******************************************************************
+makes a SAMR_R_CHGPASSWD_USER structure.
+********************************************************************/
+void make_samr_r_chgpasswd_user(SAMR_R_CHGPASSWD_USER *r_u, uint32 status)
+{
+	if (r_u == NULL) return;
+
+	DEBUG(5,("make_r_chgpasswd_user\n"));
+
+	r_u->status = status;
+}
+
 /*******************************************************************
 reads or writes a structure.
 ********************************************************************/

source/rpc_server/srv_pipe_hnd.c

@@ -137,6 +137,9 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
 	p->frag_len_left   = 0;
 	p->next_frag_start = 0;
 	
+	p->ntlmssp_validated = False;
+	p->ntlmssp_auth      = False;
+	
 	fstrcpy(p->name, pipe_name);
 	
 	DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",

source/rpc_server/srv_samr.c

@@ -719,6 +719,80 @@ static void api_samr_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rd
 	samr_reply_lookup_names(&q_u, rdata);
 }
 
+/*******************************************************************
+ samr_reply_chgpasswd_user
+ ********************************************************************/
+static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u,
+				prs_struct *rdata)
+{
+	SAMR_R_CHGPASSWD_USER r_u;
+	uint32 status = 0x0;
+	fstring user_name;
+	fstring wks;
+
+	fstrcpy(user_name, unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len));
+	fstrcpy(wks      , unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len));
+
+	DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
+
+	/* oops! */
+	status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+
+	make_samr_r_chgpasswd_user(&r_u, status);
+
+	/* store the response in the SMB stream */
+	samr_io_r_chgpasswd_user("", &r_u, rdata, 0);
+
+	DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__));
+}
+
+/*******************************************************************
+ api_samr_chgpasswd_user
+ ********************************************************************/
+static void api_samr_chgpasswd_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+	SAMR_Q_CHGPASSWD_USER q_u;
+
+	/* unknown 38 command */
+	samr_io_q_chgpasswd_user("", &q_u, data, 0);
+
+	/* construct reply. */
+	samr_reply_chgpasswd_user(&q_u, rdata);
+}
+
+
+/*******************************************************************
+ samr_reply_unknown_38
+ ********************************************************************/
+static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u,
+				prs_struct *rdata)
+{
+	SAMR_R_UNKNOWN_38 r_u;
+
+	DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
+
+	make_samr_r_unknown_38(&r_u);
+
+	/* store the response in the SMB stream */
+	samr_io_r_unknown_38("", &r_u, rdata, 0);
+
+	DEBUG(5,("samr_unknown_38: %d\n", __LINE__));
+}
+
+/*******************************************************************
+ api_samr_unknown_38
+ ********************************************************************/
+static void api_samr_unknown_38( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+	SAMR_Q_UNKNOWN_38 q_u;
+
+	/* unknown 38 command */
+	samr_io_q_unknown_38("", &q_u, data, 0);
+
+	/* construct reply.  always indicate success */
+	samr_reply_unknown_38(&q_u, rdata);
+}
+
 
 /*******************************************************************
  samr_reply_unknown_12
@@ -1356,6 +1430,8 @@ static struct api_struct api_samr_cmds [] =
 	{ "SAMR_QUERY_ALIASINFO"  , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
 	{ "SAMR_0x32"             , 0x32                  , api_samr_unknown_32       },
 	{ "SAMR_UNKNOWN_12"       , SAMR_UNKNOWN_12       , api_samr_unknown_12       },
+	{ "SAMR_UNKNOWN_38"       , SAMR_UNKNOWN_38       , api_samr_unknown_38       },
+	{ "SAMR_CHGPASSWD_USER"   , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },
 	{ "SAMR_OPEN_ALIAS"       , SAMR_OPEN_ALIAS       , api_samr_open_alias       },
 	{ "SAMR_OPEN_DOMAIN"      , SAMR_OPEN_DOMAIN      , api_samr_open_domain      },
 	{ "SAMR_UNKNOWN_3"        , SAMR_UNKNOWN_3        , api_samr_unknown_3        },

source/rpc_server/srv_util.c

@@ -248,11 +248,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	dump_data(100, lm_owf, sizeof(lm_owf));
 	dump_data(100, nt_owf, sizeof(nt_owf));
 #endif
-	return True;
+	become_root(True);
-#if 0
+	p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
-	return pass_check_smb(p->user_name, p->domain,
+	                      p->ntlmssp_chal.challenge, lm_owf, nt_owf, NULL);
-	                      p->ntplssp_chal.challenge, lm_owf, nt_owf);
+	unbecome_root(True);
-#endif
+
+	return p->ntlmssp_validated;
 }
 
 static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
@@ -486,10 +487,26 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
 	return True;
 }
 
+
+static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
+{
+	return True;
+}
+
 static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
 {
 	int i = 0;
 
+	if (p->ntlmssp_auth && p->ntlmssp_validated)
+	{
+		if (!api_pipe_auth_process(p)) return False;
+
+		DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n"));
+#if 0
+		become_user();
+#endif
+	}
+
 	for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
 	{
 		if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&

source/rpcclient/cmd_samr.c

@@ -141,6 +141,17 @@ void cmd_sam_test(struct client_info *info)
 
 	fprintf(out_hnd, "SAM Encryption Test\n");
 
+	cli_nt_set_ntlmssp_flgs(smb_cli,
+		                    NTLMSSP_NEGOTIATE_UNICODE |
+		                    NTLMSSP_NEGOTIATE_OEM |
+		                    NTLMSSP_NEGOTIATE_SIGN |
+		                    NTLMSSP_NEGOTIATE_SEAL |
+		                    NTLMSSP_NEGOTIATE_LM_KEY |
+		                    NTLMSSP_NEGOTIATE_NTLM |
+		                    NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+		                    NTLMSSP_NEGOTIATE_00001000 |
+		                    NTLMSSP_NEGOTIATE_00002000);
+
 	/* open SAMR session.  */
 	res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
 
@@ -527,9 +538,11 @@ void cmd_sam_enum_aliases(struct client_info *info)
 	fstring alias_names [3];
 	uint32  num_als_usrs[3];
 
-	fstrcpy(sid   , info->dom.level5_sid);
+	fstrcpy(sid   , info->dom.level3_sid);
-	fstrcpy(domain, info->dom.level5_dom);
+	fstrcpy(domain, info->dom.level3_dom);
-
+#if 0
+	fstrcpy(sid   , "S-1-5-20");
+#endif
 	if (strlen(sid) == 0)
 	{
 		fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n");