sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
d99eca020a
samba-mirror/source/rpcclient/cmd_netlogon.c
Luke Leighton d99eca020a split matthew's sync command (only currently called from smbpasswd) 
into a separate module
0001-01-01 00:00:00 +00:00

201 lines
5.8 KiB
C
Raw Blame History

/*
Unix SMB/Netbios implementation.
Version 1.9.
NT Domain Authentication SMB / MSRPC client
Copyright (C) Andrew Tridgell 1994-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#ifdef SYSLOG
#undef SYSLOG
#endif
#include "includes.h"
#include "nterr.h"
extern int DEBUGLEVEL;
#define DEBUG_TESTING
extern struct cli_state *smb_cli;
extern FILE* out_hnd;
/****************************************************************************
experimental nt login.
****************************************************************************/
void cmd_netlogon_login_test(struct client_info *info)
{
uint16 nt_pipe_fnum;
extern BOOL global_machine_password_needs_changing;
fstring nt_user_name;
fstring password;
BOOL res = True;
char *nt_password;
unsigned char trust_passwd[16];
#if 0
/* machine account passwords */
pstring new_mach_pwd;
/* initialisation */
new_mach_pwd[0] = 0;
#endif
if (!next_token(NULL, nt_user_name, NULL, sizeof(nt_user_name)))
{
fstrcpy(nt_user_name, smb_cli->user_name);
if (nt_user_name[0] == 0)
{
report(out_hnd,"ntlogin: must specify username with anonymous connection\n");
return;
}
}
if (next_token(NULL, password, NULL, sizeof(password)))
{
nt_password = password;
}
else
{
nt_password = getpass("Enter NT Login password:");
}
DEBUG(5,("do_nt_login_test: username %s\n", nt_user_name));
res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, info->myhostname) : False;
#if 0
/* check whether the user wants to change their machine password */
res = res ? trust_account_check(info->dest_ip, info->dest_host,
info->myhostname, smb_cli->domain,
info->mach_acct, new_mach_pwd) : False;
#endif
/* open NETLOGON session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum,
smb_cli->mach_acct,
trust_passwd, SEC_CHAN_WKSTA) : False;
/* change the machine password? */
if (global_machine_password_needs_changing)
{
unsigned char new_trust_passwd[16];
generate_random_buffer(new_trust_passwd, 16, True);
res = res ? cli_nt_srv_pwset(smb_cli, nt_pipe_fnum, new_trust_passwd, SEC_CHAN_WKSTA) : False;
if (res)
{
global_machine_password_needs_changing = !set_trust_account_password(new_trust_passwd);
}
memset(new_trust_passwd, 0, 16);
}
memset(trust_passwd, 0, 16);
/* do an NT login */
res = res ? cli_nt_login_interactive(smb_cli, nt_pipe_fnum,
smb_cli->domain, nt_user_name,
getuid(), nt_password,
&info->dom.ctr, &info->dom.user_info3) : False;
/*** clear out the password ***/
memset(password, 0, sizeof(password));
/* ok! you're logged in! do anything you like, then... */
/* do an NT logout */
res = res ? cli_nt_logoff(smb_cli, nt_pipe_fnum, &info->dom.ctr) : False;
/* close the session */
cli_nt_session_close(smb_cli, nt_pipe_fnum);
report(out_hnd,"cmd_nt_login: login (%s) test succeeded: %s\n",
nt_user_name, BOOLSTR(res));
}
/****************************************************************************
experimental nt login.
****************************************************************************/
void cmd_netlogon_domain_test(struct client_info *info)
{
uint16 nt_pipe_fnum;
fstring nt_trust_dom;
BOOL res = True;
unsigned char trust_passwd[16];
fstring inter_dom_acct;
if (!next_token(NULL, nt_trust_dom, NULL, sizeof(nt_trust_dom)))
{
report(out_hnd,"domtest: must specify domain name\n");
return;
}
DEBUG(5,("do_nt_login_test: domain %s\n", nt_trust_dom));
fstrcpy(inter_dom_acct, nt_trust_dom);
fstrcat(inter_dom_acct, "$");
res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, nt_trust_dom) : False;
/* open NETLOGON session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, inter_dom_acct,
trust_passwd, SEC_CHAN_DOMAIN) : False;
memset(trust_passwd, 0, 16);
/* close the session */
cli_nt_session_close(smb_cli, nt_pipe_fnum);
report(out_hnd,"cmd_nt_login: credentials (%s) test succeeded: %s\n",
nt_trust_dom, BOOLSTR(res));
}
/****************************************************************************
experimental SAM synchronisation.
****************************************************************************/
void cmd_sam_sync(struct client_info *info)
{
SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS];
SAM_DELTA_CTR deltas[MAX_SAM_DELTAS];
uint32 num;
uchar trust_passwd[16];
extern pstring global_myname;
if (!trust_get_passwd(trust_passwd, smb_cli->domain, global_myname))
{
report(out_hnd, "cmd_sam_sync: no trust account password\n");
return;
}
if (do_sam_sync(smb_cli, trust_passwd, hdr_deltas, deltas, &num))
{
display_sam_sync(out_hnd, ACTION_HEADER , hdr_deltas, deltas, num);
display_sam_sync(out_hnd, ACTION_ENUMERATE, hdr_deltas, deltas, num);
display_sam_sync(out_hnd, ACTION_FOOTER , hdr_deltas, deltas, num);
}
}
View Git Blame Copy Permalink