mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
got the SAM logon request generated, and received a SAM logon response back.
YEAH!
need to add:
- client-side credential calculation
- client-side parsing of the SAM logon response.
(This used to be commit 349677de3f
)
This commit is contained in:
parent
027630f9ff
commit
5493293442
@ -26,6 +26,8 @@
|
||||
#include "includes.h"
|
||||
|
||||
extern int DEBUGLEVEL;
|
||||
extern pstring username;
|
||||
extern pstring workgroup;
|
||||
|
||||
#define CLIENT_TIMEOUT (30*1000)
|
||||
|
||||
@ -182,6 +184,122 @@ static BOOL do_lsa_req_chal(uint16 fnum,
|
||||
return valid_chal;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
do a LSA SAM Logon
|
||||
****************************************************************************/
|
||||
static BOOL do_lsa_sam_logon(uint16 fnum,
|
||||
char *logon_srv, char *comp_name,
|
||||
DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
uint16 logon_level, uint16 switch_value, DOM_ID_INFO_1 *id1,
|
||||
DOM_CRED *srv_cred)
|
||||
{
|
||||
char *rparam = NULL;
|
||||
char *rdata = NULL;
|
||||
char *p;
|
||||
int rdrcnt,rprcnt;
|
||||
pstring data; /* only 1024 bytes */
|
||||
uint16 setup[2]; /* only need 2 uint16 setup parameters */
|
||||
LSA_Q_SAM_LOGON q_s;
|
||||
int call_id = 0x1;
|
||||
BOOL valid_cred = False;
|
||||
|
||||
if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL) return False;
|
||||
|
||||
/* create and send a MSRPC command with api LSA_SAMLOGON */
|
||||
|
||||
DEBUG(4,("LSA SAM Logon: srv:%s mc:%s clnt %lx %lx %lx rtn: %lx %lx %lx ll: %d\n",
|
||||
logon_srv, comp_name,
|
||||
clnt_cred->challenge.data[0], clnt_cred->challenge.data[1], clnt_cred->timestamp.time,
|
||||
rtn_cred ->challenge.data[0], rtn_cred ->challenge.data[1], rtn_cred ->timestamp.time,
|
||||
logon_level));
|
||||
|
||||
/* store the parameters */
|
||||
make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
|
||||
clnt_cred, rtn_cred, logon_level, switch_value, id1);
|
||||
|
||||
/* turn parameters into data stream */
|
||||
p = lsa_io_q_sam_logon(False, &q_s, data + 0x18, data, 4, 0);
|
||||
|
||||
/* create the request RPC_HDR _after_ the main data: length is now known */
|
||||
create_rpc_request(call_id, LSA_SAMLOGON, data, PTR_DIFF(p, data));
|
||||
|
||||
/* create setup parameters. */
|
||||
SIVAL(setup, 0, 0x0026); /* 0x26 indicates "transact named pipe" */
|
||||
SIVAL(setup, 2, fnum); /* file handle, from the SMBcreateX pipe, earlier */
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
|
||||
BUFFER_SIZE,
|
||||
&rprcnt,&rdrcnt,
|
||||
NULL, data, setup,
|
||||
&rparam,&rdata))
|
||||
{
|
||||
#if 0
|
||||
LSA_R_AUTH_2 r_a;
|
||||
RPC_HDR hdr;
|
||||
int hdr_len;
|
||||
int pkt_len;
|
||||
|
||||
DEBUG(5, ("cli_call_api: return OK\n"));
|
||||
|
||||
p = rdata;
|
||||
|
||||
if (p) p = smb_io_rpc_hdr (True, &hdr, p, rdata, 4, 0);
|
||||
if (p) p = align_offset(p, rdata, 4); /* oh, what a surprise */
|
||||
|
||||
hdr_len = PTR_DIFF(p, rdata);
|
||||
|
||||
if (p && hdr_len != hdr.frag_len - hdr.alloc_hint)
|
||||
{
|
||||
/* header length not same as calculated header length */
|
||||
DEBUG(2,("do_lsa_auth2: hdr_len %x != frag_len-alloc_hint\n",
|
||||
hdr_len, hdr.frag_len - hdr.alloc_hint));
|
||||
p = NULL;
|
||||
}
|
||||
|
||||
if (p) p = lsa_io_r_auth_2(True, &r_a, p, rdata, 4, 0);
|
||||
|
||||
pkt_len = PTR_DIFF(p, rdata);
|
||||
|
||||
if (p && pkt_len != hdr.frag_len)
|
||||
{
|
||||
/* packet data size not same as reported fragment length */
|
||||
DEBUG(2,("do_lsa_auth2: pkt_len %x != frag_len \n",
|
||||
pkt_len, hdr.frag_len));
|
||||
p = NULL;
|
||||
}
|
||||
|
||||
if (p && r_a.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("LSA_AUTH2: nt_status error %lx\n", r_a.status));
|
||||
p = NULL;
|
||||
}
|
||||
|
||||
if (p && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
|
||||
{
|
||||
/* report different neg_flags */
|
||||
DEBUG(0,("LSA_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n",
|
||||
q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
|
||||
p = NULL;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data));
|
||||
valid_chal = True;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (rparam) free(rparam);
|
||||
if (rdata) free(rdata);
|
||||
|
||||
return valid_cred;
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
do a LSA Authenticate 2
|
||||
****************************************************************************/
|
||||
@ -303,6 +421,12 @@ BOOL do_nt_login(char *desthost, char *myhostname,
|
||||
DOM_CHAL auth2_clnt_chal;
|
||||
DOM_CHAL auth2_srv_chal;
|
||||
|
||||
DOM_CRED sam_log_clnt_cred;
|
||||
DOM_CRED sam_log_rtn_cred;
|
||||
DOM_CRED sam_log_srv_cred;
|
||||
|
||||
DOM_ID_INFO_1 id1;
|
||||
|
||||
UTIME zerotime;
|
||||
|
||||
uint32 sess_key[2];
|
||||
@ -358,15 +482,20 @@ BOOL do_nt_login(char *desthost, char *myhostname,
|
||||
free(inbuf); free(outbuf);
|
||||
return False;
|
||||
}
|
||||
#endif
|
||||
|
||||
DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd));
|
||||
#else
|
||||
|
||||
{
|
||||
char lm_owf_mach_pwd[16];
|
||||
nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
|
||||
DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
|
||||
dump_data(6, nt_owf_mach_pwd, 16);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
dump_data(6, nt_owf_mach_pwd, 16);
|
||||
|
||||
/* calculate the session key */
|
||||
cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
|
||||
|
||||
@ -382,6 +511,22 @@ BOOL do_nt_login(char *desthost, char *myhostname,
|
||||
return False;
|
||||
}
|
||||
|
||||
make_id_info1(&id1, workgroup, 0,
|
||||
getuid(), 0,
|
||||
username, myhostname,
|
||||
NULL, NULL);
|
||||
|
||||
/* send client sam-logon challenge; receive a sam-logon challenge */
|
||||
if (!do_lsa_sam_logon(fnum, desthost, mach_acct,
|
||||
&sam_log_clnt_cred, &sam_log_rtn_cred,
|
||||
1, 1, &id1,
|
||||
&sam_log_srv_cred))
|
||||
{
|
||||
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
|
||||
free(inbuf); free(outbuf);
|
||||
return False;
|
||||
}
|
||||
|
||||
#if 0
|
||||
cli_lsa_sam_logon();
|
||||
cli_lsa_sam_logoff();
|
||||
|
@ -502,12 +502,12 @@ typedef struct id_info_1
|
||||
uint32 param_ctrl; /* param control */
|
||||
DOM_LOGON_ID logon_id; /* logon ID */
|
||||
UNIHDR hdr_user_name; /* user name unicode header */
|
||||
UNIHDR hdr_workgroup_name; /* workgroup name unicode header */
|
||||
UNIHDR hdr_wksta_name; /* workgroup name unicode header */
|
||||
ARC4_OWF arc4_lm_owf; /* arc4 LM OWF Password */
|
||||
ARC4_OWF arc4_nt_owf; /* arc4 NT OWF Password */
|
||||
UNISTR2 uni_domain_name; /* domain name unicode string */
|
||||
UNISTR2 uni_user_name; /* user name unicode string */
|
||||
UNISTR2 uni_workgroup_name; /* workgroup name unicode string */
|
||||
UNISTR2 uni_wksta_name; /* workgroup name unicode string */
|
||||
|
||||
} DOM_ID_INFO_1;
|
||||
|
||||
@ -522,7 +522,7 @@ typedef struct sam_info
|
||||
|
||||
union
|
||||
{
|
||||
DOM_ID_INFO_1 id1; /* auth-level 1 */
|
||||
DOM_ID_INFO_1 *id1; /* auth-level 1 */
|
||||
|
||||
} auth;
|
||||
|
||||
|
@ -436,10 +436,16 @@ static void api_lsa_sam_logon( user_struct *vuser,
|
||||
char **rdata, int *rdata_len )
|
||||
{
|
||||
LSA_Q_SAM_LOGON q_l;
|
||||
DOM_ID_INFO_1 id1;
|
||||
|
||||
LSA_USER_INFO usr_info;
|
||||
|
||||
DOM_CRED srv_creds;
|
||||
|
||||
/* the DOM_ID_INFO_1 structure is a bit big. plus we might want to
|
||||
dynamically allocate it inside lsa_io_q_sam_logon, at some point */
|
||||
q_l.sam_id.auth.id1 = &id1;
|
||||
|
||||
lsa_io_q_sam_logon(True, &q_l, data + 0x18, data, 4, 0);
|
||||
|
||||
/* checks and updates credentials. creates reply credentials */
|
||||
@ -465,7 +471,7 @@ static void api_lsa_sam_logon( user_struct *vuser,
|
||||
extern pstring myname;
|
||||
uint32 r_uid;
|
||||
uint32 r_gid;
|
||||
UNISTR2 *uni_samlogon_user = &(q_l.sam_id.auth.id1.uni_user_name);
|
||||
UNISTR2 *uni_samlogon_user = &(q_l.sam_id.auth.id1->uni_user_name);
|
||||
|
||||
dummy_time.low = 0xffffffff;
|
||||
dummy_time.high = 0x7fffffff;
|
||||
|
@ -597,7 +597,14 @@ void make_arc4_owf(ARC4_OWF *hash, char data[16])
|
||||
|
||||
DEBUG(5,("make_arc4_owf: %d\n", __LINE__));
|
||||
|
||||
if (data != NULL)
|
||||
{
|
||||
memcpy(hash->data, data, sizeof(hash->data));
|
||||
}
|
||||
else
|
||||
{
|
||||
bzero(hash->data, sizeof(hash->data));
|
||||
}
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -622,12 +629,12 @@ makes a DOM_ID_INFO_1 structure.
|
||||
********************************************************************/
|
||||
void make_id_info1(DOM_ID_INFO_1 *id, char *domain_name,
|
||||
uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
|
||||
char *user_name, char *workgroup_name,
|
||||
char *user_name, char *wksta_name,
|
||||
char arc4_lm_owf[16], char arc4_nt_owf[16])
|
||||
{
|
||||
int len_domain_name = strlen(domain_name );
|
||||
int len_domain_name = strlen(domain_name);
|
||||
int len_user_name = strlen(user_name );
|
||||
int len_workgroup_name = strlen(workgroup_name);
|
||||
int len_wksta_name = strlen(wksta_name );
|
||||
|
||||
if (id == NULL) return;
|
||||
|
||||
@ -635,20 +642,20 @@ void make_id_info1(DOM_ID_INFO_1 *id, char *domain_name,
|
||||
|
||||
id->ptr_id_info1 = 1;
|
||||
|
||||
make_uni_hdr(&(id->hdr_domain_name ), len_domain_name , len_domain_name , 4);
|
||||
make_uni_hdr(&(id->hdr_domain_name), len_domain_name, len_domain_name, 4);
|
||||
|
||||
id->param_ctrl = param_ctrl;
|
||||
make_logon_id(&(id->logon_id), log_id_low, log_id_high);
|
||||
|
||||
make_uni_hdr(&(id->hdr_user_name ), len_user_name , len_user_name , 4);
|
||||
make_uni_hdr(&(id->hdr_workgroup_name), len_workgroup_name, len_workgroup_name, 4);
|
||||
make_uni_hdr(&(id->hdr_wksta_name ), len_wksta_name , len_wksta_name , 4);
|
||||
|
||||
make_arc4_owf(&(id->arc4_lm_owf), arc4_lm_owf);
|
||||
make_arc4_owf(&(id->arc4_nt_owf), arc4_nt_owf);
|
||||
|
||||
make_unistr2(&(id->uni_domain_name ), domain_name , len_domain_name );
|
||||
make_unistr2(&(id->uni_domain_name), domain_name, len_domain_name);
|
||||
make_unistr2(&(id->uni_user_name ), user_name , len_user_name );
|
||||
make_unistr2(&(id->uni_workgroup_name), workgroup_name, len_workgroup_name);
|
||||
make_unistr2(&(id->uni_wksta_name ), wksta_name , len_wksta_name );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -667,20 +674,20 @@ char* smb_io_id_info1(BOOL io, DOM_ID_INFO_1 *id, char *q, char *base, int align
|
||||
|
||||
if (id->ptr_id_info1 != 0)
|
||||
{
|
||||
q = smb_io_unihdr(io, &(id->hdr_domain_name ), q, base, align, depth);
|
||||
q = smb_io_unihdr(io, &(id->hdr_domain_name), q, base, align, depth);
|
||||
|
||||
DBG_RW_IVAL("param_ctrl", depth, base, io, q, id->param_ctrl); q += 4;
|
||||
q = smb_io_logon_id(io, &(id->logon_id), q, base, align, depth);
|
||||
|
||||
q = smb_io_unihdr(io, &(id->hdr_user_name ), q, base, align, depth);
|
||||
q = smb_io_unihdr(io, &(id->hdr_workgroup_name), q, base, align, depth);
|
||||
q = smb_io_unihdr(io, &(id->hdr_wksta_name ), q, base, align, depth);
|
||||
|
||||
q = smb_io_arc4_owf(io, &(id->arc4_lm_owf), q, base, align, depth);
|
||||
q = smb_io_arc4_owf(io, &(id->arc4_nt_owf), q, base, align, depth);
|
||||
|
||||
q = smb_io_unistr2(io, &(id->uni_domain_name ), q, base, align, depth);
|
||||
q = smb_io_unistr2(io, &(id->uni_domain_name), q, base, align, depth);
|
||||
q = smb_io_unistr2(io, &(id->uni_user_name ), q, base, align, depth);
|
||||
q = smb_io_unistr2(io, &(id->uni_workgroup_name), q, base, align, depth);
|
||||
q = smb_io_unistr2(io, &(id->uni_wksta_name ), q, base, align, depth);
|
||||
}
|
||||
|
||||
return q;
|
||||
@ -691,7 +698,7 @@ makes a DOM_SAM_INFO structure.
|
||||
********************************************************************/
|
||||
void make_sam_info(DOM_SAM_INFO *sam,
|
||||
char *logon_srv, char *comp_name, DOM_CRED *clnt_cred,
|
||||
DOM_CRED *rtn_cred, uint16 switch_value, uint16 logon_level,
|
||||
DOM_CRED *rtn_cred, uint16 logon_level, uint16 switch_value,
|
||||
DOM_ID_INFO_1 *id1)
|
||||
{
|
||||
if (sam == NULL) return;
|
||||
|
Loading…
Reference in New Issue
Block a user