mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
These don't compile yet - but they are the core code in what
will be DOMAIN_CLIENT called code. Jeremy.
This commit is contained in:
Jeremy Allison
parent
932b22cd49
commit
ad81735fa1
@ -20,126 +20,60 @@
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
|
||||
|
||||
#ifdef SYSLOG
|
||||
#undef SYSLOG
|
||||
#endif
|
||||
|
||||
#include "includes.h"
|
||||
#include "nterr.h"
|
||||
|
||||
extern int DEBUGLEVEL;
|
||||
|
||||
|
||||
#if 0
|
||||
if (!cli_initialise(cli, t_idx))
|
||||
{
|
||||
DEBUG(1,("do_nt_session_open: cli_initialise failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
DEBUG(1,("do_nt_session_open: server connect initialisation\n"));
|
||||
|
||||
if (!server_connect_init(cli, t_idx, myhostname, dest_ip, dest_host))
|
||||
{
|
||||
uint8 err_cls;
|
||||
uint32 err_num;
|
||||
cli_error(cli, t_idx, &err_cls, &err_num);
|
||||
DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(cli, t_idx)));
|
||||
|
||||
return False;
|
||||
}
|
||||
|
||||
DEBUG(1,("do_nt_session_open: server connect initialisation succeeded\n"));
|
||||
|
||||
if (!cli_session_setup(cli, t_idx, "", "", 1, NULL, 0, workgroup))
|
||||
{
|
||||
uint8 err_cls;
|
||||
uint32 err_num;
|
||||
cli_error(cli, t_idx, &err_cls, &err_num);
|
||||
DEBUG(1,("session setup failed (%s)\n", cli_errstr(cli, t_idx)));
|
||||
|
||||
return False;
|
||||
}
|
||||
|
||||
DEBUG(1,("do_nt_session_open: server session setup succeeded\n"));
|
||||
|
||||
if (!cli_send_tconX(cli, t_idx, "IPC$", "IPC", "", 1))
|
||||
{
|
||||
uint8 err_cls;
|
||||
uint32 err_num;
|
||||
cli_error(cli, t_idx, &err_cls, &err_num);
|
||||
DEBUG(1,("cli_send_tconX failed (%s)\n", cli_errstr(cli, t_idx)));
|
||||
|
||||
return False;
|
||||
}
|
||||
|
||||
DEBUG(1,("do_nt_session_open: server IPC$ connection succeeded\n"));
|
||||
#endif
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
experimental nt login.
|
||||
|
||||
Initialize domain session.
|
||||
****************************************************************************/
|
||||
BOOL do_nt_session_open(struct cli_state *cli, int t_idx, uint16 *fnum,
|
||||
char *dest_host, char *myhostname,
|
||||
char *mach_acct,
|
||||
char *username, char *workgroup,
|
||||
uchar sess_key[16], DOM_CRED *clnt_cred)
|
||||
|
||||
BOOL do_nt_session_open(struct cli_state *cli, uint16 fnum,
|
||||
char *dest_host, char *myhostname,
|
||||
char *mach_acct,
|
||||
uchar sess_key[16], DOM_CRED *clnt_cred)
|
||||
{
|
||||
DOM_CHAL clnt_chal;
|
||||
DOM_CHAL srv_chal;
|
||||
DOM_CHAL clnt_chal;
|
||||
DOM_CHAL srv_chal;
|
||||
|
||||
DOM_CHAL auth2_srv_chal;
|
||||
DOM_CHAL auth2_srv_chal;
|
||||
|
||||
UTIME zerotime;
|
||||
UTIME zerotime;
|
||||
|
||||
char nt_owf_mach_pwd[16];
|
||||
char nt_owf_prev_mpd[16];
|
||||
char nt_owf_mach_pwd[16];
|
||||
|
||||
RPC_IFACE abstract;
|
||||
RPC_IFACE transfer;
|
||||
RPC_IFACE abstract;
|
||||
RPC_IFACE transfer;
|
||||
|
||||
fstring mach_pwd;
|
||||
fstring prev_mpd;
|
||||
fstring dest_srv;
|
||||
fstring mach_pwd;
|
||||
fstring dest_srv;
|
||||
|
||||
/******************** initialise ********************************/
|
||||
/******************** initialise ********************************/
|
||||
|
||||
zerotime.time = 0;
|
||||
zerotime.time = 0;
|
||||
|
||||
DEBUG(1,("do_nt_session_open: %d\n", __LINE__));
|
||||
DEBUG(10,("do_nt_session_open: %d\n", __LINE__));
|
||||
|
||||
/******************* open the \PIPE\NETLOGON file *****************/
|
||||
/**************** Set Named Pipe State ***************/
|
||||
if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, fnum, 0x4300))
|
||||
{
|
||||
DEBUG(0,("do_nt_session_open: pipe hnd state failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
if (((*fnum) = cli_open(cli, t_idx, PIPE_NETLOGON, O_CREAT, DENY_NONE,
|
||||
NULL, NULL, NULL)) == 0xffff)
|
||||
{
|
||||
DEBUG(1,("do_nt_session_open: cli_open failed\n"));
|
||||
return False;
|
||||
}
|
||||
/******************* bind request on \PIPE\NETLOGON *****************/
|
||||
|
||||
/**************** Set Named Pipe State ***************/
|
||||
if (!rpc_pipe_set_hnd_state(cli, t_idx, PIPE_NETLOGON, *fnum, 0x4300))
|
||||
{
|
||||
DEBUG(1,("do_nt_session_open: pipe hnd state failed\n"));
|
||||
return False;
|
||||
}
|
||||
if (!rpc_pipe_bind(cli, PIPE_NETLOGON, fnum, &abstract, &transfer,
|
||||
False, NULL, NULL))
|
||||
{
|
||||
DEBUG(0,("do_nt_session_open: rpc bind failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/******************* bind request on \PIPE\NETLOGON *****************/
|
||||
|
||||
if (!rpc_pipe_bind(cli, t_idx, PIPE_NETLOGON, *fnum,
|
||||
&abstract, &transfer,
|
||||
False, NULL, NULL))
|
||||
{
|
||||
DEBUG(1,("do_nt_session_open: rpc bind failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/************ Check workstation trust account *******************/
|
||||
/************ Check workstation trust account *******************/
|
||||
|
||||
FIXME !!
|
||||
/* default machine password is lower-case machine name (really secure) */
|
||||
fstrcpy(mach_pwd, myhostname);
|
||||
strlower(mach_pwd);
|
||||
@ -148,266 +82,242 @@ BOOL do_nt_session_open(struct cli_state *cli, int t_idx, uint16 *fnum,
|
||||
fstrcpy(prev_mpd, myhostname);
|
||||
strlower(prev_mpd);
|
||||
|
||||
/******************* Request Challenge ********************/
|
||||
/******************* Request Challenge ********************/
|
||||
|
||||
SIVAL(clnt_chal.data, 0, 0x11111111);
|
||||
SIVAL(clnt_chal.data, 4, 0x22222222);
|
||||
generate_random_buffer( clnt_chal.data, 8, False);
|
||||
|
||||
strcpy(dest_srv, "\\\\");
|
||||
strcat(dest_srv, dest_host);
|
||||
strupper(dest_srv);
|
||||
strcpy(dest_srv, "\\\\");
|
||||
strcat(dest_srv, dest_host);
|
||||
strupper(dest_srv);
|
||||
|
||||
/* send a client challenge; receive a server challenge */
|
||||
if (!do_net_req_chal(cli, t_idx, *fnum, dest_srv, myhostname, &clnt_chal, &srv_chal))
|
||||
{
|
||||
DEBUG(1,("do_nt_session_open: request challenge failed\n"));
|
||||
return False;
|
||||
}
|
||||
/* send a client challenge; receive a server challenge */
|
||||
if (!do_net_req_chal(cli, fnum, dest_srv, myhostname, &clnt_chal, &srv_chal))
|
||||
{
|
||||
DEBUG(0,("do_nt_session_open: request challenge failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/**************** Long-term Session key **************/
|
||||
/**************** Long-term Session key **************/
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
|
||||
DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
|
||||
#endif
|
||||
nt_owf_gen( mach_pwd, nt_owf_mach_pwd);
|
||||
nt_owf_gen( mach_pwd, nt_owf_mach_pwd);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
dump_data(6, nt_owf_mach_pwd, 16);
|
||||
dump_data(6, nt_owf_mach_pwd, 16);
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("generating nt owf from previous machine pwd: %s\n", prev_mpd));
|
||||
#endif
|
||||
nt_owf_gen( mach_pwd, nt_owf_prev_mpd);
|
||||
/* calculate the session key */
|
||||
cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
|
||||
bzero(sess_key+8, 8);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
dump_data(6, nt_owf_prev_mpd, 16);
|
||||
#endif
|
||||
/******************* Authenticate 2 ********************/
|
||||
|
||||
/* calculate the session key */
|
||||
cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
|
||||
#if 0
|
||||
cred_session_key(&clnt_chal, &srv_chal, nt_owf_prev_mpd, sess_key+8);
|
||||
#else
|
||||
bzero(sess_key+8, 8);
|
||||
#endif
|
||||
/* calculate auth-2 credentials */
|
||||
cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred->challenge));
|
||||
|
||||
/******************* Authenticate 2 ********************/
|
||||
/* send client auth-2 challenge; receive an auth-2 challenge */
|
||||
if (!do_net_auth2(cli, fnum, dest_srv, mach_acct,
|
||||
SEC_CHAN_WKSTA, myhostname,
|
||||
&(clnt_cred->challenge), 0x000001ff, &auth2_srv_chal))
|
||||
{
|
||||
DEBUG(0,("do_nt_session_open: request challenge failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
/* calculate auth-2 credentials */
|
||||
cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred->challenge));
|
||||
|
||||
/* send client auth-2 challenge; receive an auth-2 challenge */
|
||||
if (!do_net_auth2(cli, t_idx, *fnum,
|
||||
dest_srv, mach_acct,
|
||||
SEC_CHAN_WKSTA, myhostname,
|
||||
&(clnt_cred->challenge), 0x000001ff, &auth2_srv_chal))
|
||||
{
|
||||
DEBUG(1,("do_nt_session_open: request challenge failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
return True;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
server password set
|
||||
****************************************************************************/
|
||||
|
||||
BOOL do_nt_srv_pwset(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
char *new_mach_pwd,
|
||||
char *dest_host, char *mach_acct, char *myhostname)
|
||||
uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
char *new_mach_pwd,
|
||||
char *dest_host, char *mach_acct, char *myhostname)
|
||||
{
|
||||
/**************** Net Server Password Set **************/
|
||||
|
||||
DOM_CRED cred;
|
||||
char nt_cypher[16];
|
||||
uint8 mode = 1;
|
||||
char nt_owf_new_mach_pwd[16];
|
||||
DOM_CRED cred;
|
||||
char nt_cypher[16];
|
||||
uint8 mode = 1;
|
||||
char nt_owf_new_mach_pwd[16];
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd));
|
||||
DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd));
|
||||
#endif
|
||||
nt_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd);
|
||||
nt_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
dump_data(6, nt_owf_new_mach_pwd, 16);
|
||||
dump_data(6, nt_owf_new_mach_pwd, 16);
|
||||
#endif
|
||||
|
||||
if (!obfuscate_pwd(nt_cypher, nt_owf_new_mach_pwd, mode))
|
||||
{
|
||||
DEBUG(5,("do_nt_srv_pwset: encrypt mach pwd failed\n"));
|
||||
return False;
|
||||
}
|
||||
if (!obfuscate_pwd(nt_cypher, nt_owf_new_mach_pwd, mode))
|
||||
{
|
||||
DEBUG(5,("do_nt_srv_pwset: encrypt mach pwd failed\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
clnt_cred->timestamp.time = time(NULL);
|
||||
clnt_cred->timestamp.time = time(NULL);
|
||||
|
||||
memcpy(&cred, clnt_cred, sizeof(cred));
|
||||
memcpy(&cred, clnt_cred, sizeof(cred));
|
||||
|
||||
/* calculate credentials */
|
||||
cred_create(sess_key, &(clnt_cred->challenge),
|
||||
cred.timestamp,
|
||||
&(cred.challenge));
|
||||
/* calculate credentials */
|
||||
cred_create(sess_key, &(clnt_cred->challenge),
|
||||
cred.timestamp, &(cred.challenge));
|
||||
|
||||
/* send client srv_pwset challenge */
|
||||
return do_net_srv_pwset(cli, t_idx, fnum, sess_key, clnt_cred,
|
||||
dest_host, mach_acct, 2, myhostname,
|
||||
&cred, rtn_cred,
|
||||
nt_cypher);
|
||||
/* send client srv_pwset challenge */
|
||||
return do_net_srv_pwset(cli, fnum, sess_key, clnt_cred,
|
||||
dest_host, mach_acct, 2, myhostname,
|
||||
&cred, rtn_cred, nt_cypher);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
make interactive sam login info
|
||||
****************************************************************************/
|
||||
|
||||
void make_nt_login_interactive(NET_ID_INFO_CTR *ctr,
|
||||
uchar sess_key[16],
|
||||
char *workgroup, char *myhostname,
|
||||
uint32 smb_userid, char *username)
|
||||
uchar sess_key[16],
|
||||
char *workgroup, char *myhostname,
|
||||
uint32 smb_userid, char *username)
|
||||
{
|
||||
/****************** SAM Info Preparation *******************/
|
||||
/****************** SAM Info Preparation *******************/
|
||||
|
||||
char *smb_user_passwd = getpass("Enter NT Login Password:");
|
||||
char *smb_user_passwd = getpass("Enter NT Login Password:");
|
||||
|
||||
char lm_owf_user_pwd[16];
|
||||
char nt_owf_user_pwd[16];
|
||||
char lm_owf_user_pwd[16];
|
||||
char nt_owf_user_pwd[16];
|
||||
|
||||
nt_lm_owf_gen(smb_user_passwd, nt_owf_user_pwd, lm_owf_user_pwd);
|
||||
nt_lm_owf_gen(smb_user_passwd, nt_owf_user_pwd, lm_owf_user_pwd);
|
||||
|
||||
#ifdef DEBUG_PASSWORD
|
||||
|
||||
DEBUG(100,("nt owf of user password: "));
|
||||
dump_data(100, lm_owf_user_pwd, 16);
|
||||
DEBUG(100,("nt owf of user password: "));
|
||||
dump_data(100, lm_owf_user_pwd, 16);
|
||||
|
||||
DEBUG(100,("nt owf of user password: "));
|
||||
dump_data(100, nt_owf_user_pwd, 16);
|
||||
DEBUG(100,("nt owf of user password: "));
|
||||
dump_data(100, nt_owf_user_pwd, 16);
|
||||
|
||||
#endif
|
||||
|
||||
/* indicate an "interactive" login */
|
||||
ctr->switch_value = 1;
|
||||
/* indicate an "interactive" login */
|
||||
ctr->switch_value = 1;
|
||||
|
||||
/* this is used in both the SAM Logon and the SAM Logoff */
|
||||
make_id_info1(&ctr->auth.id1, workgroup, 0,
|
||||
smb_userid, 0,
|
||||
username, myhostname,
|
||||
sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
|
||||
/* this is used in both the SAM Logon and the SAM Logoff */
|
||||
make_id_info1(&ctr->auth.id1, workgroup, 0,
|
||||
smb_userid, 0, username, myhostname,
|
||||
sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
make network sam login info
|
||||
****************************************************************************/
|
||||
void make_nt_login_network(NET_ID_INFO_CTR *ctr,
|
||||
char *workgroup, char *myhostname,
|
||||
uint32 smb_userid, char *username,
|
||||
char lm_chal[8], char lm_chal_resp[24], char nt_chal_resp[24])
|
||||
{
|
||||
/* indicate a "network" login */
|
||||
ctr->switch_value = 2;
|
||||
|
||||
/* this is used in both the SAM Logon and the SAM Logoff */
|
||||
make_id_info2(&ctr->auth.id2, workgroup, 0,
|
||||
smb_userid, 0,
|
||||
username, myhostname,
|
||||
lm_chal, lm_chal_resp, nt_chal_resp);
|
||||
void make_nt_login_network(NET_ID_INFO_CTR *ctr,
|
||||
char *workgroup, char *myhostname,
|
||||
uint32 smb_userid, char *username,
|
||||
char lm_chal[8], char lm_chal_resp[24],
|
||||
char nt_chal_resp[24])
|
||||
{
|
||||
/* indicate a "network" login */
|
||||
ctr->switch_value = 2;
|
||||
|
||||
/* this is used in both the SAM Logon and the SAM Logoff */
|
||||
make_id_info2(&ctr->auth.id2, workgroup, 0, smb_userid, 0,
|
||||
username, myhostname,
|
||||
lm_chal, lm_chal_resp, nt_chal_resp);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
experimental nt login.
|
||||
NT login.
|
||||
****************************************************************************/
|
||||
BOOL do_nt_login(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname,
|
||||
NET_USER_INFO_3 *user_info3)
|
||||
|
||||
BOOL do_nt_login(struct cli_state *cli, uint16 fnum,
|
||||
uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname,
|
||||
NET_USER_INFO_3 *user_info3)
|
||||
{
|
||||
DOM_CRED sam_logon_rtn_cred;
|
||||
DOM_CRED cred;
|
||||
fstring dest_srv;
|
||||
fstring my_host_name;
|
||||
DOM_CRED sam_logon_rtn_cred;
|
||||
DOM_CRED cred;
|
||||
fstring dest_srv;
|
||||
fstring my_host_name;
|
||||
|
||||
DEBUG(5,("do_nt_login: %d\n", __LINE__));
|
||||
DEBUG(5,("do_nt_login: %d\n", __LINE__));
|
||||
|
||||
/*********************** SAM Logon **********************/
|
||||
/*********************** SAM Logon **********************/
|
||||
|
||||
clnt_cred->timestamp.time = time(NULL);
|
||||
clnt_cred->timestamp.time = time(NULL);
|
||||
|
||||
memcpy(&cred, clnt_cred, sizeof(cred));
|
||||
memcpy(&cred, clnt_cred, sizeof(cred));
|
||||
|
||||
/* calculate sam logon credentials */
|
||||
cred_create(sess_key, &(clnt_cred->challenge),
|
||||
cred.timestamp,
|
||||
&(cred.challenge));
|
||||
/* calculate sam logon credentials */
|
||||
cred_create(sess_key, &(clnt_cred->challenge),
|
||||
cred.timestamp, &(cred.challenge));
|
||||
|
||||
strcpy(dest_srv, "\\\\");
|
||||
strcat(dest_srv, dest_host);
|
||||
strupper(dest_srv);
|
||||
strcpy(dest_srv, "\\\\");
|
||||
strcat(dest_srv, dest_host);
|
||||
strupper(dest_srv);
|
||||
|
||||
fstrcpy(my_host_name, myhostname);
|
||||
strupper(my_host_name);
|
||||
fstrcpy(my_host_name, myhostname);
|
||||
strupper(my_host_name);
|
||||
|
||||
/* send client sam-logon challenge */
|
||||
return do_net_sam_logon(cli, t_idx, fnum, sess_key, clnt_cred,
|
||||
dest_srv, my_host_name,
|
||||
&cred, &sam_logon_rtn_cred,
|
||||
ctr->switch_value, ctr, 3, user_info3,
|
||||
rtn_cred);
|
||||
/* send client sam-logon challenge */
|
||||
return do_net_sam_logon(cli, fnum, sess_key, clnt_cred,
|
||||
dest_srv, my_host_name,
|
||||
&cred, &sam_logon_rtn_cred,
|
||||
ctr->switch_value, ctr, 3, user_info3,
|
||||
rtn_cred);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
nt sam logoff
|
||||
****************************************************************************/
|
||||
BOOL do_nt_logoff(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname)
|
||||
|
||||
BOOL do_nt_logoff(struct cli_state *cli, uint16 fnum,
|
||||
uint8 sess_key[16], DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname)
|
||||
{
|
||||
DOM_CRED sam_logoff_rtn_cred;
|
||||
DOM_CRED cred;
|
||||
fstring dest_srv;
|
||||
fstring my_host_name;
|
||||
DOM_CRED sam_logoff_rtn_cred;
|
||||
DOM_CRED cred;
|
||||
fstring dest_srv;
|
||||
fstring my_host_name;
|
||||
|
||||
DEBUG(5,("do_nt_logoff: %d\n", __LINE__));
|
||||
DEBUG(5,("do_nt_logoff: %d\n", __LINE__));
|
||||
|
||||
/*********************** SAM Logoff *********************/
|
||||
/*********************** SAM Logoff *********************/
|
||||
|
||||
clnt_cred->timestamp.time = time(NULL);
|
||||
clnt_cred->timestamp.time = time(NULL);
|
||||
|
||||
memcpy(&cred, clnt_cred, sizeof(cred));
|
||||
memcpy(&cred, clnt_cred, sizeof(cred));
|
||||
|
||||
/* calculate sam logoff credentials */
|
||||
cred_create(sess_key, &(clnt_cred->challenge),
|
||||
cred.timestamp,
|
||||
&(cred.challenge));
|
||||
/* calculate sam logoff credentials */
|
||||
cred_create(sess_key, &(clnt_cred->challenge),
|
||||
cred.timestamp, &(cred.challenge));
|
||||
|
||||
strcpy(dest_srv, "\\\\");
|
||||
strcat(dest_srv, dest_host);
|
||||
strupper(dest_srv);
|
||||
strcpy(dest_srv, "\\\\");
|
||||
strcat(dest_srv, dest_host);
|
||||
strupper(dest_srv);
|
||||
|
||||
fstrcpy(my_host_name, myhostname);
|
||||
strupper(my_host_name);
|
||||
fstrcpy(my_host_name, myhostname);
|
||||
strupper(my_host_name);
|
||||
|
||||
/* send client sam-logoff challenge; receive a sam-logoff challenge */
|
||||
return do_net_sam_logoff(cli, t_idx, fnum, sess_key, clnt_cred,
|
||||
dest_srv, my_host_name,
|
||||
&cred, &sam_logoff_rtn_cred,
|
||||
ctr->switch_value, ctr, 3,
|
||||
rtn_cred);
|
||||
/* send client sam-logoff challenge; receive a sam-logoff challenge */
|
||||
return do_net_sam_logoff(cli, fnum, sess_key, clnt_cred,
|
||||
dest_srv, my_host_name,
|
||||
&cred, &sam_logoff_rtn_cred,
|
||||
ctr->switch_value, ctr, 3,
|
||||
rtn_cred);
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* free memory used in all rpc transactions, above */
|
||||
cli_shutdown(cli, t_idx);
|
||||
#endif
|
||||
|
||||
/****************************************************************************
|
||||
experimental nt login.
|
||||
Close the NT pipe.
|
||||
****************************************************************************/
|
||||
void do_nt_session_close(struct cli_state *cli, int t_idx, uint16 fnum)
|
||||
|
||||
void do_nt_session_close(struct cli_state *cli, uint16 fnum)
|
||||
{
|
||||
/******************** close the \PIPE\NETLOGON file **************/
|
||||
if (fnum != 0xffff)
|
||||
{
|
||||
cli_close(cli, t_idx, fnum, 0);
|
||||
}
|
||||
|
||||
/******************** close the \PIPE\NETLOGON file **************/
|
||||
if (fnum != 0xffff)
|
||||
{
|
||||
cli_close(cli, fnum);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -30,432 +30,432 @@
|
||||
#include "includes.h"
|
||||
|
||||
extern int DEBUGLEVEL;
|
||||
extern pstring username;
|
||||
extern pstring workgroup;
|
||||
|
||||
#define CLIENT_TIMEOUT (30*1000)
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
do a LSA Logon Control2
|
||||
****************************************************************************/
|
||||
BOOL do_net_logon_ctrl2(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
char *host_name, uint32 status_level)
|
||||
|
||||
BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum,
|
||||
char *host_name, uint32 status_level)
|
||||
{
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_LOGON_CTRL2 q_l;
|
||||
BOOL valid_ctrl2 = False;
|
||||
fstring acct_name;
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_LOGON_CTRL2 q_l;
|
||||
BOOL valid_ctrl2 = False;
|
||||
fstring acct_name;
|
||||
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
if (host_name == NULL)
|
||||
return False;
|
||||
|
||||
if (host_name == NULL) return False;
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
|
||||
strcpy(acct_name, "\\\\");
|
||||
strcat(acct_name, host_name);
|
||||
strcpy(acct_name, "\\\\");
|
||||
strcat(acct_name, host_name);
|
||||
|
||||
/* create and send a MSRPC command with api NET_LOGON_CTRL2 */
|
||||
/* create and send a MSRPC command with api NET_LOGON_CTRL2 */
|
||||
|
||||
DEBUG(4,("LSA Logon Control2 from %s status level:%x\n",
|
||||
host_name, status_level));
|
||||
DEBUG(4,("LSA Logon Control2 from %s status level:%x\n",
|
||||
host_name, status_level));
|
||||
|
||||
/* store the parameters */
|
||||
make_q_logon_ctrl2(&q_l, acct_name, status_level);
|
||||
/* store the parameters */
|
||||
make_q_logon_ctrl2(&q_l, acct_name, status_level);
|
||||
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_logon_ctrl2("", &q_l, &buf, 0);
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_logon_ctrl2("", &q_l, &buf, 0);
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, t_idx, fnum, NET_LOGON_CTRL2, &buf, &rbuf))
|
||||
{
|
||||
NET_R_LOGON_CTRL2 r_l;
|
||||
BOOL p;
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, fnum, NET_LOGON_CTRL2, &buf, &rbuf))
|
||||
{
|
||||
NET_R_LOGON_CTRL2 r_l;
|
||||
BOOL ok;
|
||||
|
||||
net_io_r_logon_ctrl2("", &r_l, &rbuf, 0);
|
||||
p = rbuf.offset != 0;
|
||||
net_io_r_logon_ctrl2("", &r_l, &rbuf, 0);
|
||||
ok = (rbuf.offset != 0);
|
||||
|
||||
if (p && r_l.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_R_LOGON_CTRL: %s\n", get_nt_error_msg(r_l.status)));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_l.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_R_LOGON_CTRL: %s\n", get_nt_error_msg(r_l.status)));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
valid_ctrl2 = True;
|
||||
}
|
||||
}
|
||||
if (ok)
|
||||
{
|
||||
valid_ctrl2 = True;
|
||||
}
|
||||
}
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
return valid_ctrl2;
|
||||
return valid_ctrl2;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
do a LSA Authenticate 2
|
||||
****************************************************************************/
|
||||
BOOL do_net_auth2(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
|
||||
DOM_CHAL *clnt_chal, uint32 neg_flags, DOM_CHAL *srv_chal)
|
||||
|
||||
BOOL do_net_auth2(struct cli_state *cli, uint16 fnum,
|
||||
char *logon_srv, char *acct_name, uint16 sec_chan,
|
||||
char *comp_name, DOM_CHAL *clnt_chal, uint32 neg_flags,
|
||||
DOM_CHAL *srv_chal)
|
||||
{
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_AUTH_2 q_a;
|
||||
BOOL valid_chal = False;
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_AUTH_2 q_a;
|
||||
BOOL valid_chal = False;
|
||||
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
if (srv_chal == NULL || clnt_chal == NULL)
|
||||
return False;
|
||||
|
||||
if (srv_chal == NULL || clnt_chal == NULL) return False;
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
|
||||
/* create and send a MSRPC command with api NET_AUTH2 */
|
||||
|
||||
DEBUG(4,("LSA Authenticate 2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %lx\n",
|
||||
logon_srv, acct_name, sec_chan, comp_name,
|
||||
credstr(clnt_chal->data), neg_flags));
|
||||
/* create and send a MSRPC command with api NET_AUTH2 */
|
||||
|
||||
/* store the parameters */
|
||||
make_q_auth_2(&q_a, logon_srv, acct_name, sec_chan, comp_name,
|
||||
clnt_chal, neg_flags);
|
||||
DEBUG(4,("LSA Authenticate 2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %lx\n",
|
||||
logon_srv, acct_name, sec_chan, comp_name,
|
||||
credstr(clnt_chal->data), neg_flags));
|
||||
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_auth_2("", &q_a, &buf, 0);
|
||||
/* store the parameters */
|
||||
make_q_auth_2(&q_a, logon_srv, acct_name, sec_chan, comp_name,
|
||||
clnt_chal, neg_flags);
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, t_idx, fnum, NET_AUTH2, &buf, &rbuf))
|
||||
{
|
||||
NET_R_AUTH_2 r_a;
|
||||
BOOL p;
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_auth_2("", &q_a, &buf, 0);
|
||||
|
||||
net_io_r_auth_2("", &r_a, &rbuf, 0);
|
||||
p = rbuf.offset != 0;
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, fnum, NET_AUTH2, &buf, &rbuf))
|
||||
{
|
||||
NET_R_AUTH_2 r_a;
|
||||
BOOL ok;
|
||||
|
||||
net_io_r_auth_2("", &r_a, &rbuf, 0);
|
||||
ok = (rbuf.offset != 0);
|
||||
|
||||
if (p && r_a.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_AUTH2: %s\n", get_nt_error_msg(r_a.status)));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_a.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_AUTH2: %s\n", get_nt_error_msg(r_a.status)));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
|
||||
{
|
||||
/* report different neg_flags */
|
||||
DEBUG(0,("NET_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n",
|
||||
q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
|
||||
{
|
||||
/* report different neg_flags */
|
||||
DEBUG(0,("NET_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n",
|
||||
q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data));
|
||||
valid_chal = True;
|
||||
}
|
||||
}
|
||||
if (ok)
|
||||
{
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data));
|
||||
valid_chal = True;
|
||||
}
|
||||
}
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
return valid_chal;
|
||||
return valid_chal;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
do a LSA Request Challenge
|
||||
****************************************************************************/
|
||||
BOOL do_net_req_chal(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
char *desthost, char *myhostname,
|
||||
DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
|
||||
|
||||
BOOL do_net_req_chal(struct cli_state *cli, uint16 fnum,
|
||||
char *desthost, char *myhostname,
|
||||
DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
|
||||
{
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_REQ_CHAL q_c;
|
||||
BOOL valid_chal = False;
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_REQ_CHAL q_c;
|
||||
BOOL valid_chal = False;
|
||||
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
if (srv_chal == NULL || clnt_chal == NULL)
|
||||
return False;
|
||||
|
||||
if (srv_chal == NULL || clnt_chal == NULL) return False;
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
|
||||
/* create and send a MSRPC command with api NET_REQCHAL */
|
||||
|
||||
DEBUG(4,("LSA Request Challenge from %s to %s: %s\n",
|
||||
desthost, myhostname, credstr(clnt_chal->data)));
|
||||
/* create and send a MSRPC command with api NET_REQCHAL */
|
||||
|
||||
/* store the parameters */
|
||||
make_q_req_chal(&q_c, desthost, myhostname, clnt_chal);
|
||||
DEBUG(4,("LSA Request Challenge from %s to %s: %s\n",
|
||||
desthost, myhostname, credstr(clnt_chal->data)));
|
||||
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_req_chal("", &q_c, &buf, 0);
|
||||
/* store the parameters */
|
||||
make_q_req_chal(&q_c, desthost, myhostname, clnt_chal);
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, t_idx, fnum, NET_REQCHAL, &buf, &rbuf))
|
||||
{
|
||||
NET_R_REQ_CHAL r_c;
|
||||
BOOL p;
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_req_chal("", &q_c, &buf, 0);
|
||||
|
||||
net_io_r_req_chal("", &r_c, &rbuf, 0);
|
||||
p = rbuf.offset != 0;
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, fnum, NET_REQCHAL, &buf, &rbuf))
|
||||
{
|
||||
NET_R_REQ_CHAL r_c;
|
||||
BOOL ok;
|
||||
|
||||
net_io_r_req_chal("", &r_c, &rbuf, 0);
|
||||
ok = (rbuf.offset != 0);
|
||||
|
||||
if (p && r_c.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_REQ_CHAL: %s\n", get_nt_error_msg(r_c.status)));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_c.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_REQ_CHAL: %s\n", get_nt_error_msg(r_c.status)));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data));
|
||||
valid_chal = True;
|
||||
}
|
||||
}
|
||||
if (ok)
|
||||
{
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data));
|
||||
valid_chal = True;
|
||||
}
|
||||
}
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
return valid_chal;
|
||||
return valid_chal;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
do a LSA Server Password Set
|
||||
****************************************************************************/
|
||||
BOOL do_net_srv_pwset(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
uchar sess_key[16], DOM_CRED *sto_clnt_cred,
|
||||
char *logon_srv, char *mach_acct, uint16 sec_chan_type, char *comp_name,
|
||||
DOM_CRED *clnt_cred, DOM_CRED *srv_cred,
|
||||
uint8 nt_owf_new_mach_pwd[16])
|
||||
|
||||
BOOL do_net_srv_pwset(struct cli_state *cli, uint16 fnum,
|
||||
uchar sess_key[16], DOM_CRED *sto_clnt_cred,
|
||||
char *logon_srv, char *mach_acct, uint16 sec_chan_type,
|
||||
char *comp_name, DOM_CRED *clnt_cred, DOM_CRED *srv_cred,
|
||||
uint8 nt_owf_new_mach_pwd[16])
|
||||
{
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_SRV_PWSET q_s;
|
||||
BOOL valid_cred = False;
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_SRV_PWSET q_s;
|
||||
BOOL valid_cred = False;
|
||||
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
if (srv_cred == NULL || clnt_cred == NULL)
|
||||
return False;
|
||||
|
||||
if (srv_cred == NULL || clnt_cred == NULL) return False;
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
|
||||
/* create and send a MSRPC command with api NET_SRV_PWSET */
|
||||
|
||||
DEBUG(4,("LSA Server Password Set: srv:%s acct:%s sc: %d mc: %s clnt %s %lx\n",
|
||||
logon_srv, mach_acct, sec_chan_type, comp_name,
|
||||
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time));
|
||||
/* create and send a MSRPC command with api NET_SRV_PWSET */
|
||||
|
||||
/* store the parameters */
|
||||
make_q_srv_pwset(&q_s,
|
||||
sess_key,
|
||||
logon_srv, mach_acct, sec_chan_type, comp_name,
|
||||
clnt_cred,
|
||||
nt_owf_new_mach_pwd);
|
||||
DEBUG(4,("LSA Server Password Set: srv:%s acct:%s sc: %d mc: %s clnt %s %lx\n",
|
||||
logon_srv, mach_acct, sec_chan_type, comp_name,
|
||||
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time));
|
||||
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_srv_pwset("", &q_s, &buf, 0);
|
||||
/* store the parameters */
|
||||
make_q_srv_pwset(&q_s, sess_key, logon_srv, mach_acct, sec_chan_type,
|
||||
comp_name, clnt_cred, nt_owf_new_mach_pwd);
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, t_idx, fnum, NET_SRVPWSET, &buf, &rbuf))
|
||||
{
|
||||
NET_R_SRV_PWSET r_s;
|
||||
BOOL p;
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_srv_pwset("", &q_s, &buf, 0);
|
||||
|
||||
net_io_r_srv_pwset("", &r_s, &rbuf, 0);
|
||||
p = rbuf.offset != 0;
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, fnum, NET_SRVPWSET, &buf, &rbuf))
|
||||
{
|
||||
NET_R_SRV_PWSET r_s;
|
||||
BOOL ok;
|
||||
|
||||
net_io_r_srv_pwset("", &r_s, &rbuf, 0);
|
||||
ok = (rbuf.offset != 0);
|
||||
|
||||
if (p && r_s.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_R_SRV_PWSET: %s\n", get_nt_error_msg(r_s.status)));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_s.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_R_SRV_PWSET: %s\n", get_nt_error_msg(r_s.status)));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_cred)))
|
||||
{
|
||||
DEBUG(5, ("do_net_srv_pwset: server credential check OK\n"));
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_cred, &(r_s.srv_cred), sizeof(r_s.srv_cred));
|
||||
valid_cred = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(5, ("do_net_srv_pwset: server credential check failed\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ok)
|
||||
{
|
||||
if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_cred)))
|
||||
{
|
||||
DEBUG(5, ("do_net_srv_pwset: server credential check OK\n"));
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_cred, &(r_s.srv_cred), sizeof(r_s.srv_cred));
|
||||
valid_cred = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(5, ("do_net_srv_pwset: server credential check failed\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
return valid_cred;
|
||||
return valid_cred;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
do a LSA SAM Logon
|
||||
****************************************************************************/
|
||||
BOOL do_net_sam_logon(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
uchar sess_key[8], DOM_CRED *sto_clnt_cred,
|
||||
char *logon_srv, char *comp_name,
|
||||
DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
uint16 logon_level, NET_ID_INFO_CTR *ctr, uint16 validation_level,
|
||||
NET_USER_INFO_3 *user_info3,
|
||||
DOM_CRED *srv_cred)
|
||||
|
||||
BOOL do_net_sam_logon(struct cli_state *cli, uint16 fnum,
|
||||
uchar sess_key[8], DOM_CRED *sto_clnt_cred,
|
||||
char *logon_srv, char *comp_name,
|
||||
DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
uint16 logon_level, NET_ID_INFO_CTR *ctr,
|
||||
uint16 validation_level, NET_USER_INFO_3 *user_info3,
|
||||
DOM_CRED *srv_cred)
|
||||
{
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_SAM_LOGON q_s;
|
||||
BOOL valid_cred = False;
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_SAM_LOGON q_s;
|
||||
BOOL valid_cred = False;
|
||||
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL || user_info3 == NULL)
|
||||
return False;
|
||||
|
||||
if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL || user_info3 == NULL) return False;
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
|
||||
/* create and send a MSRPC command with api NET_SAMLOGON */
|
||||
|
||||
DEBUG(4,("LSA SAM Logon: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n",
|
||||
logon_srv, comp_name,
|
||||
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time,
|
||||
credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time,
|
||||
logon_level));
|
||||
/* create and send a MSRPC command with api NET_SAMLOGON */
|
||||
|
||||
/* store the parameters */
|
||||
make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
|
||||
clnt_cred, rtn_cred,
|
||||
logon_level, ctr, validation_level);
|
||||
DEBUG(4,("LSA SAM Logon: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n",
|
||||
logon_srv, comp_name,
|
||||
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time,
|
||||
credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time,
|
||||
logon_level));
|
||||
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_sam_logon("", &q_s, &buf, 0);
|
||||
/* store the parameters */
|
||||
make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
|
||||
clnt_cred, rtn_cred, logon_level, ctr, validation_level);
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, t_idx, fnum, NET_SAMLOGON, &buf, &rbuf))
|
||||
{
|
||||
NET_R_SAM_LOGON r_s;
|
||||
BOOL p;
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_sam_logon("", &q_s, &buf, 0);
|
||||
|
||||
r_s.user = user_info3;
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, fnum, NET_SAMLOGON, &buf, &rbuf))
|
||||
{
|
||||
NET_R_SAM_LOGON r_s;
|
||||
BOOL ok;
|
||||
|
||||
net_io_r_sam_logon("", &r_s, &rbuf, 0);
|
||||
p = rbuf.offset != 0;
|
||||
r_s.user = user_info3;
|
||||
|
||||
net_io_r_sam_logon("", &r_s, &rbuf, 0);
|
||||
ok = (rbuf.offset != 0);
|
||||
|
||||
if (p && r_s.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_SAMLOGON: %s\n", get_nt_error_msg(r_s.status)));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_s.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_SAMLOGON: %s\n", get_nt_error_msg(r_s.status)));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p && r_s.switch_value != 3)
|
||||
{
|
||||
/* report different switch_value */
|
||||
DEBUG(0,("NET_SAMLOGON: switch_value of 3 expected %x\n",
|
||||
r_s.switch_value));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_s.switch_value != 3)
|
||||
{
|
||||
/* report different switch_value */
|
||||
DEBUG(0,("NET_SAMLOGON: switch_value of 3 expected %x\n",
|
||||
r_s.switch_value));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logon: server credential check OK\n"));
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
|
||||
valid_cred = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logon: server credential check failed\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ok)
|
||||
{
|
||||
if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logon: server credential check OK\n"));
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
|
||||
valid_cred = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logon: server credential check failed\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
return valid_cred;
|
||||
return valid_cred;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
do a LSA SAM Logoff
|
||||
****************************************************************************/
|
||||
BOOL do_net_sam_logoff(struct cli_state *cli, int t_idx, uint16 fnum,
|
||||
uchar sess_key[8], DOM_CRED *sto_clnt_cred,
|
||||
char *logon_srv, char *comp_name,
|
||||
DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
uint16 logon_level, NET_ID_INFO_CTR *ctr, uint16 validation_level,
|
||||
DOM_CRED *srv_cred)
|
||||
|
||||
BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum,
|
||||
uchar sess_key[8], DOM_CRED *sto_clnt_cred,
|
||||
char *logon_srv, char *comp_name,
|
||||
DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
|
||||
uint16 logon_level, NET_ID_INFO_CTR *ctr,
|
||||
uint16 validation_level, DOM_CRED *srv_cred)
|
||||
{
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_SAM_LOGOFF q_s;
|
||||
BOOL valid_cred = False;
|
||||
prs_struct rbuf;
|
||||
prs_struct buf;
|
||||
NET_Q_SAM_LOGOFF q_s;
|
||||
BOOL valid_cred = False;
|
||||
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL)
|
||||
return False;
|
||||
|
||||
if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL) return False;
|
||||
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
|
||||
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
|
||||
|
||||
/* create and send a MSRPC command with api NET_SAMLOGON */
|
||||
/* create and send a MSRPC command with api NET_SAMLOGON */
|
||||
|
||||
DEBUG(4,("LSA SAM Logoff: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n",
|
||||
logon_srv, comp_name,
|
||||
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time,
|
||||
credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time,
|
||||
logon_level));
|
||||
DEBUG(4,("LSA SAM Logoff: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n",
|
||||
logon_srv, comp_name,
|
||||
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time,
|
||||
credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time,
|
||||
logon_level));
|
||||
|
||||
/* store the parameters */
|
||||
make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
|
||||
clnt_cred, rtn_cred,
|
||||
logon_level, ctr, validation_level);
|
||||
/* store the parameters */
|
||||
make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
|
||||
clnt_cred, rtn_cred, logon_level, ctr, validation_level);
|
||||
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_sam_logoff("", &q_s, &buf, 0);
|
||||
/* turn parameters into data stream */
|
||||
net_io_q_sam_logoff("", &q_s, &buf, 0);
|
||||
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, t_idx, fnum, NET_SAMLOGOFF, &buf, &rbuf))
|
||||
{
|
||||
NET_R_SAM_LOGOFF r_s;
|
||||
BOOL p;
|
||||
/* send the data on \PIPE\ */
|
||||
if (rpc_api_pipe_req(cli, fnum, NET_SAMLOGOFF, &buf, &rbuf))
|
||||
{
|
||||
NET_R_SAM_LOGOFF r_s;
|
||||
BOOL ok;
|
||||
|
||||
net_io_r_sam_logoff("", &r_s, &rbuf, 0);
|
||||
p = rbuf.offset != 0;
|
||||
net_io_r_sam_logoff("", &r_s, &rbuf, 0);
|
||||
ok = (rbuf.offset != 0);
|
||||
|
||||
if (p && r_s.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_SAMLOGOFF: %s\n", get_nt_error_msg(r_s.status)));
|
||||
p = False;
|
||||
}
|
||||
if (ok && r_s.status != 0)
|
||||
{
|
||||
/* report error code */
|
||||
DEBUG(0,("NET_SAMLOGOFF: %s\n", get_nt_error_msg(r_s.status)));
|
||||
ok = False;
|
||||
}
|
||||
|
||||
if (p)
|
||||
{
|
||||
if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logoff: server credential check OK\n"));
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
|
||||
valid_cred = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logoff: server credential check failed\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ok)
|
||||
{
|
||||
if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logoff: server credential check OK\n"));
|
||||
/* ok, at last: we're happy. return the challenge */
|
||||
memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
|
||||
valid_cred = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
DEBUG(5, ("do_net_sam_logoff: server credential check failed\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
prs_mem_free(&rbuf);
|
||||
prs_mem_free(&buf );
|
||||
|
||||
return valid_cred;
|
||||
return valid_cred;
|
||||
}
|
||||
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user