From 65b0abe8b7594ff6c662da86dc2e35bd83a2d13d Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 12 Mar 1999 05:47:06 +0000 Subject: [PATCH] new "domtrust" test command. r&d into inter-domain trust accounts. --- source/include/proto.h | 18 ++++++++----- source/passdb/smbpassfile.c | 12 ++++----- source/rpc_client/cli_login.c | 15 ++++++----- source/rpc_client/cli_netlogon.c | 10 +++++--- source/rpc_parse/parse_misc.c | 5 ++-- source/rpc_parse/parse_net.c | 3 ++- source/rpcclient/cmd_netlogon.c | 44 +++++++++++++++++++++++++++++++- source/rpcclient/rpcclient.c | 1 + 8 files changed, 82 insertions(+), 26 deletions(-) diff --git a/source/include/proto.h b/source/include/proto.h index 6d2264051fd..481d5c60eb3 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -451,7 +451,7 @@ char *align2(char *q, char *base); void out_ascii(FILE *f, unsigned char *buf,int len); void out_data(FILE *f,char *buf1,int len, int per_line); void print_asc(int level, unsigned char *buf,int len); -void dump_data(int level,char *buf1,int len); +void dump_data(int level,char *buf1, int len); char *tab_depth(int depth); int str_checksum(const char *s); void zero_free(void *p, size_t size); @@ -1579,8 +1579,11 @@ void load_printers(void); /*The following definitions come from rpc_client/cli_login.c */ -BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_pwd[16]); -BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_mach_pwd); +BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, + const char* trust_acct, + unsigned char trust_pwd[16], + uint16 sec_chan); +BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_trust_pwd); BOOL cli_nt_login_interactive(struct cli_state *cli, uint16 fnum, char *domain, char *username, uint32 luid_low, char *password, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3); @@ -1617,8 +1620,9 @@ BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd); /*The following definitions come from rpc_client/cli_netlogon.c */ BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint16 nt_pipe_fnum, uint32 status_level); -BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *srv_chal); +BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, + const char *trust_acct, uint16 sec_chan, + uint32 neg_flags, DOM_CHAL *srv_chal); BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal); BOOL cli_net_srv_pwset(struct cli_state *cli, uint16 nt_pipe_fnum, uint8 hashed_mach_pwd[16]); BOOL cli_net_sam_logon(struct cli_state *cli, uint16 nt_pipe_fnum, NET_ID_INFO_CTR *ctr, @@ -1982,7 +1986,8 @@ void make_q_req_chal(NET_Q_REQ_CHAL *q_c, void net_io_q_req_chal(char *desc, NET_Q_REQ_CHAL *q_c, prs_struct *ps, int depth); void net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int depth); void make_q_auth_2(NET_Q_AUTH_2 *q_a, - char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name, + const char *logon_srv, const char *acct_name, + uint16 sec_chan, const char *comp_name, DOM_CHAL *clnt_chal, uint32 clnt_flgs); void net_io_q_auth_2(char *desc, NET_Q_AUTH_2 *q_a, prs_struct *ps, int depth); void net_io_r_auth_2(char *desc, NET_R_AUTH_2 *r_a, prs_struct *ps, int depth); @@ -2738,6 +2743,7 @@ void cmd_lsa_lookup_sids(struct client_info *info); /*The following definitions come from rpcclient/cmd_netlogon.c */ void cmd_netlogon_login_test(struct client_info *info); +void cmd_netlogon_domain_test(struct client_info *info); /*The following definitions come from rpcclient/cmd_reg.c */ diff --git a/source/passdb/smbpassfile.c b/source/passdb/smbpassfile.c index 51eb799fc2c..b4f8e2b869a 100644 --- a/source/passdb/smbpassfile.c +++ b/source/passdb/smbpassfile.c @@ -238,17 +238,17 @@ BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *mynam time_t lct; /* - * Get the machine account password. + * Get the trust account password. */ if(!trust_password_lock( domain, myname, False)) { - DEBUG(0,("domain_client_validate: unable to open the machine account password file for \ -machine %s in domain %s.\n", myname, domain )); + DEBUG(0,("domain_client_validate: unable to open the trust account password file for \ +trust %s in domain %s.\n", myname, domain )); return False; } if(get_trust_account_password( trust_passwd, &lct) == False) { - DEBUG(0,("domain_client_validate: unable to read the machine account password for \ -machine %s in domain %s.\n", myname, domain )); + DEBUG(0,("domain_client_validate: unable to read the trust account password for \ +trust %s in domain %s.\n", myname, domain )); trust_password_unlock(); return False; } @@ -256,7 +256,7 @@ machine %s in domain %s.\n", myname, domain )); trust_password_unlock(); /* - * Here we check the last change time to see if the machine + * Here we check the last change time to see if the trust * password needs changing. JRA. */ diff --git a/source/rpc_client/cli_login.c b/source/rpc_client/cli_login.c index 45206078980..3769f44e180 100644 --- a/source/rpc_client/cli_login.c +++ b/source/rpc_client/cli_login.c @@ -29,7 +29,10 @@ extern int DEBUGLEVEL; Initialize domain session credentials. ****************************************************************************/ -BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_pwd[16]) +BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, + const char* trust_acct, + unsigned char trust_pwd[16], + uint16 sec_chan) { DOM_CHAL clnt_chal; DOM_CHAL srv_chal; @@ -50,7 +53,7 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_p /**************** Long-term Session key **************/ /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key); + cred_session_key(&clnt_chal, &srv_chal, (char *)trust_pwd, cli->sess_key); bzero(cli->sess_key+8, 8); /******************* Authenticate 2 ********************/ @@ -64,7 +67,7 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_p * Receive an auth-2 challenge response and check it. */ - if (!cli_net_auth2(cli, fnum, SEC_CHAN_WKSTA, 0x000001ff, &srv_chal)) + if (!cli_net_auth2(cli, fnum, trust_acct, sec_chan, 0x000001ff, &srv_chal)) { DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n")); return False; @@ -77,18 +80,18 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_p Set machine password. ****************************************************************************/ -BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_mach_pwd) +BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_trust_pwd) { unsigned char processed_new_pwd[16]; DEBUG(5,("cli_nt_srv_pwset: %d\n", __LINE__)); #ifdef DEBUG_PASSWORD - dump_data(6, new_hashof_mach_pwd, 16); + dump_data(6, new_hashof_trust_pwd, 16); #endif /* Process the new password. */ - cred_hash3( processed_new_pwd, new_hashof_mach_pwd, cli->sess_key, 1); + cred_hash3( processed_new_pwd, new_hashof_trust_pwd, cli->sess_key, 1); /* send client srv_pwset challenge */ return cli_net_srv_pwset(cli, fnum, processed_new_pwd); diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c index 750265483c8..ff9fc3c5edf 100644 --- a/source/rpc_client/cli_netlogon.c +++ b/source/rpc_client/cli_netlogon.c @@ -110,8 +110,9 @@ Ensure that the server credential returned matches the session key encrypt of the server challenge originally received. JRA. ****************************************************************************/ -BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *srv_chal) +BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, + const char *trust_acct, uint16 sec_chan, + uint32 neg_flags, DOM_CHAL *srv_chal) { prs_struct rbuf; prs_struct buf; @@ -128,7 +129,7 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 sec_chan, credstr(cli->clnt_cred.challenge.data), neg_flags)); /* store the parameters */ - make_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname, + make_q_auth_2(&q_a, cli->srv_name_slash, trust_acct, sec_chan, global_myname, &cli->clnt_cred.challenge, neg_flags); /* turn parameters into data stream */ @@ -573,7 +574,8 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); return False; } - if(cli_nt_setup_creds(&cli, nt_pipe_fnum, orig_trust_passwd_hash) == False) { + if(cli_nt_setup_creds(&cli, nt_pipe_fnum, + cli.mach_acct, orig_trust_passwd_hash, SEC_CHAN_WKSTA) == False) { DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \ %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); cli_nt_session_close(&cli, nt_pipe_fnum); diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 3cffde02498..1656c39139d 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -743,8 +743,9 @@ static void smb_io_clnt_srv(char *desc, DOM_CLNT_SRV *log, prs_struct *ps, int /******************************************************************* makes a DOM_LOG_INFO structure. ********************************************************************/ -void make_log_info(DOM_LOG_INFO *log, char *logon_srv, char *acct_name, - uint16 sec_chan, char *comp_name) +void make_log_info(DOM_LOG_INFO *log, + const char *logon_srv, const char *acct_name, + uint16 sec_chan, const char *comp_name) { if (log == NULL) return; diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index ce573c7bf2d..6c8b304a645 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -409,7 +409,8 @@ void net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int dep reads or writes a structure. ********************************************************************/ void make_q_auth_2(NET_Q_AUTH_2 *q_a, - char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name, + const char *logon_srv, const char *acct_name, + uint16 sec_chan, const char *comp_name, DOM_CHAL *clnt_chal, uint32 clnt_flgs) { if (q_a == NULL) return; diff --git a/source/rpcclient/cmd_netlogon.c b/source/rpcclient/cmd_netlogon.c index 60013278623..1ad71b7f4fb 100644 --- a/source/rpcclient/cmd_netlogon.c +++ b/source/rpcclient/cmd_netlogon.c @@ -92,7 +92,9 @@ void cmd_netlogon_login_test(struct client_info *info) /* open NETLOGON session. negotiate credentials */ res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False; - res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, trust_passwd) : False; + res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, + smb_cli->mach_acct, + trust_passwd, SEC_CHAN_WKSTA) : False; /* change the machine password? */ if (global_machine_password_needs_changing) @@ -132,3 +134,43 @@ void cmd_netlogon_login_test(struct client_info *info) nt_user_name, BOOLSTR(res)); } +/**************************************************************************** +experimental nt login. +****************************************************************************/ +void cmd_netlogon_domain_test(struct client_info *info) +{ + uint16 nt_pipe_fnum; + + fstring nt_trust_dom; + BOOL res = True; + unsigned char trust_passwd[16]; + fstring inter_dom_acct; + + if (!next_token(NULL, nt_trust_dom, NULL, sizeof(nt_trust_dom))) + { + fprintf(out_hnd,"domtest: must specify domain name\n"); + return; + } + + DEBUG(5,("do_nt_login_test: domain %s\n", nt_trust_dom)); + + fstrcpy(inter_dom_acct, nt_trust_dom); + fstrcat(inter_dom_acct, "$"); + + res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, nt_trust_dom) : False; + + /* open NETLOGON session. negotiate credentials */ + res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False; + + res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, inter_dom_acct, + trust_passwd, SEC_CHAN_DOMAIN) : False; + + memset(trust_passwd, 0, 16); + + /* close the session */ + cli_nt_session_close(smb_cli, nt_pipe_fnum); + + fprintf(out_hnd,"cmd_nt_login: credentials (%s) test succeeded: %s\n", + nt_trust_dom, BOOLSTR(res)); +} + diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 6001812616b..a9719b143bd 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -116,6 +116,7 @@ struct {"reggetsec", cmd_reg_get_key_sec, " Registry Key Security"}, {"regtestsec", cmd_reg_test_key_sec, " Test Registry Key Security"}, {"ntlogin", cmd_netlogon_login_test, "[username] [password] NT Domain login test"}, + {"domtrust", cmd_netlogon_domain_test, " NT Inter-Domain test"}, {"wksinfo", cmd_wks_query_info, "Workstation Query Info"}, {"srvinfo", cmd_srv_query_info, "Server Query Info"}, {"srvsessions",cmd_srv_enum_sess, "List sessions on a server"},