sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code
samba-mirror/source3/client/ntclient.c
Jeremy Allison fdeea341ed "For I have laboured mightily on Luke's code, and hath broken 
all I saw" - the book of Jeremy, chapter 1 :-).

So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.

This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.

Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.

This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.

I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).

Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
1998-03-11 21:11:04 +00:00

351 lines
9.3 KiB
C
Raw Blame History

/*
Unix SMB/Netbios implementation.
Version 1.9.
NT Domain Authentication SMB / MSRPC client
Copyright (C) Andrew Tridgell 1994-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifdef SYSLOG
#undef SYSLOG
#endif
#include "includes.h"
extern int DEBUGLEVEL;
extern pstring username;
extern pstring smb_login_passwd;
extern pstring workgroup;
#define CLIENT_TIMEOUT (30*1000)
/****************************************************************************
experimental nt login.
****************************************************************************/
BOOL client_do_nt_login(char *desthost, char *myhostname,
int Client, int cnum)
{
DOM_CHAL clnt_chal;
DOM_CHAL srv_chal;
DOM_CRED clnt_cred;
DOM_CHAL auth2_srv_chal;
DOM_CRED sam_logon_clnt_cred;
DOM_CRED sam_logon_rtn_cred;
DOM_CRED sam_logon_srv_cred;
DOM_CRED sam_logoff_clnt_cred;
DOM_CRED sam_logoff_rtn_cred;
DOM_CRED sam_logoff_srv_cred;
DOM_ID_INFO_1 id1;
LSA_USER_INFO user_info1;
LSA_POL_HND pol;
int i;
UTIME zerotime;
uchar sess_key[8];
char nt_owf_mach_pwd[16];
fstring mach_acct;
fstring mach_pwd;
fstring server_name;
RPC_IFACE abstract;
RPC_IFACE transfer;
static char abs_data[16];
static char trn_data[16];
/* received from LSA Query Info Policy, level 5 */
fstring level5_domain_name;
pstring level5_domain_sid;
/* received from LSA Query Info Policy, level 3 */
fstring level3_domain_name;
pstring level3_domain_sid;
uint16 fnum;
uint32 call_id = 0;
char *inbuf,*outbuf;
zerotime.time = 0;
inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
if (!inbuf || !outbuf)
{
DEBUG(0,("out of memory\n"));
return False;
}
/******************* open the \PIPE\lsarpc file *****************/
if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_LSARPC, Client, cnum)) == 0xffff)
{
free(inbuf); free(outbuf);
return False;
}
/**************** Set Named Pipe State ***************/
if (!rpc_pipe_set_hnd_state(PIPE_LSARPC, fnum, 0x4300))
{
free(inbuf); free(outbuf);
return False;
}
/******************* bind request on \PIPE\lsarpc *****************/
/* create and send a MSRPC command with api LSA_OPENPOLICY */
DEBUG(4,("LSA RPC Bind[%x]\n", fnum));
for (i = 0; i < sizeof(trn_data); i++)
{
trn_data[i] = 2 * i;
}
for (i = 0; i < sizeof(abs_data); i++)
{
abs_data[i] = i;
}
/* create interface UUIDs. */
make_rpc_iface(&abstract, abs_data, 0x0);
make_rpc_iface(&transfer, trn_data, 0x2);
if (!rpc_pipe_bind(PIPE_LSARPC, fnum, ++call_id, &abstract, &transfer))
{
free(inbuf); free(outbuf);
return False;
}
/******************* Open Policy ********************/
fstrcpy(server_name, ("\\\\"));
fstrcpy(&server_name[2], myhostname);
/* send an open policy request; receive a policy handle */
if (!do_lsa_open_policy(fnum, ++call_id, server_name, &pol))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/**************** Query Info Policy, level 3 ********************/
/* send a query info policy at level 3; receive an info policy */
if (!do_lsa_query_info_pol(fnum, ++call_id, &pol, 0x3,
level3_domain_name, level3_domain_sid))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/**************** Query Info Policy, level 5 ********************/
/* send a query info policy at level 5; receive an info policy */
if (!do_lsa_query_info_pol(fnum, ++call_id, &pol, 0x5,
level5_domain_name, level5_domain_sid))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/******************* Open Policy ********************/
/* send a close policy request; receive a close pol response */
if (!do_lsa_close(fnum, ++call_id, &pol))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/******************* close the \PIPE\lsarpc file *******************/
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
/******************* open the \PIPE\NETLOGON file *****************/
if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_NETLOGON, Client, cnum)) == 0xffff)
{
free(inbuf); free(outbuf);
return False;
}
/**************** Set Named Pipe State ***************/
if (!rpc_pipe_set_hnd_state(PIPE_NETLOGON, fnum, 0x4300))
{
free(inbuf); free(outbuf);
return False;
}
/******************* bind request on \PIPE\NETLOGON *****************/
if (!rpc_pipe_bind(PIPE_NETLOGON, fnum, ++call_id, &abstract, &transfer))
{
free(inbuf); free(outbuf);
return False;
}
/******************* Request Challenge ********************/
fstrcpy(mach_acct, myhostname);
strlower(mach_pwd);
fstrcpy(mach_pwd , myhostname);
strcat(mach_acct, "$");
SIVAL(clnt_chal.data, 0, 0x11111111);
SIVAL(clnt_chal.data, 4, 0x22222222);
/* send a client challenge; receive a server challenge */
if (!do_lsa_req_chal(fnum, ++call_id, desthost, myhostname, &clnt_chal, &srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/************ Long-term Session key (default) **********/
#if 0
/* DAMN! can't get the machine password - need become_root() to do it! */
/* get the machine password */
if (!get_md4pw(mach_acct, nt_owf_mach_pwd))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd));
#else
{
char lm_owf_mach_pwd[16];
nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
}
#endif
dump_data(6, nt_owf_mach_pwd, 16);
/* calculate the session key */
cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
/******************* Authenticate 2 ********************/
/* calculate auth-2 credentials */
cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
/* send client auth-2 challenge; receive an auth-2 challenge */
if (!do_lsa_auth2(fnum, ++call_id, desthost, mach_acct, 2, myhostname,
&(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/*********************** SAM Info ***********************/
{
char lm_owf_user_pwd[16];
char nt_owf_user_pwd[16];
nt_lm_owf_gen(smb_login_passwd, nt_owf_user_pwd, lm_owf_user_pwd);
#ifdef DEBUG_PASSWORD
DEBUG(100,("nt owf of user password: "));
dump_data(100, lm_owf_user_pwd, 16);
DEBUG(100,("nt owf of user password: "));
dump_data(100, nt_owf_user_pwd, 16);
#endif
/* this is used in both the SAM Logon and the SAM Logoff */
make_id_info1(&id1, workgroup, 0,
getuid(), 0,
username, myhostname,
sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
}
/*********************** SAM Logon **********************/
clnt_cred.timestamp.time = sam_logon_clnt_cred.timestamp.time = time(NULL);
/* calculate sam logon credentials, using the auth2 client challenge */
cred_create(sess_key, &(clnt_cred.challenge), sam_logon_clnt_cred.timestamp,
&(sam_logon_clnt_cred.challenge));
/* send client sam-logon challenge; receive a sam-logon challenge */
if (!do_lsa_sam_logon(fnum, ++call_id, sess_key, &clnt_cred,
desthost, mach_acct,
&sam_logon_clnt_cred, &sam_logon_rtn_cred,
1, 1, &id1, &user_info1,
&sam_logon_srv_cred))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/*********************** SAM Logoff *********************/
clnt_cred.timestamp.time = sam_logoff_clnt_cred.timestamp.time = time(NULL);
/* calculate sam logoff credentials, using the sam logon return challenge */
cred_create(sess_key, &(clnt_cred.challenge),
sam_logoff_clnt_cred.timestamp,
&(sam_logoff_clnt_cred.challenge));
/* send client sam-logoff challenge; receive a sam-logoff challenge */
if (!do_lsa_sam_logoff(fnum, ++call_id, sess_key, &clnt_cred,
desthost, mach_acct,
&sam_logoff_clnt_cred, &sam_logoff_rtn_cred,
1, 1, &id1,
&sam_logoff_srv_cred))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
/******************** close the \PIPE\NETLOGON file **************/
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
/* free memory used in all rpc transactions, above */
free(inbuf); free(outbuf);
return True;
}
View Git Blame Copy Permalink