diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-06-14 12:06:53 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:40 -0500 |
commit | 7ae1735798250a7625dfd8d005c08cc8302f400f (patch) | |
tree | 2a9cbd64764453a8399b47c03fcb2f0c6d476e08 | |
parent | 19f3bfc0ac317cfd3320187d957972ab3fbd3cad (diff) | |
download | samba-7ae1735798250a7625dfd8d005c08cc8302f400f.tar.gz samba-7ae1735798250a7625dfd8d005c08cc8302f400f.tar.bz2 samba-7ae1735798250a7625dfd8d005c08cc8302f400f.zip |
r1141: - consolidated the netr_SamInfo structures using a netr_SamBaseInfo
structure (andrew, this is the type of structure consolidation I think
you were asking about. It's possible here in NDR as it isn't in the
top level fn code)
- added validation level 6 in sam logon
With these changes I can successfully authentication smbclient to a
winxp server, with the winxp server using a Samba4 ADS DC for account
auth
(This used to be commit 705205083a6e2430c420f44436a1d1ff8826bc73)
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 65 | ||||
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 86 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 44 |
3 files changed, 55 insertions, 140 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 844bc7ec83..6e87072a12 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -172,6 +172,10 @@ interface netlogon netr_LMSessionKey LMSessKey; uint32 AccountControl; uint32 unknown[7]; + } netr_SamBaseInfo; + + typedef struct { + netr_SamBaseInfo base; } netr_SamInfo2; typedef struct { @@ -180,69 +184,18 @@ interface netlogon } netr_SidAttr; typedef struct { - NTTIME last_logon; - NTTIME last_logoff; - NTTIME acct_expiry; - NTTIME last_password_change; - NTTIME allow_password_change; - NTTIME force_password_change; - netr_String account_name; - netr_String full_name; - netr_String logon_script; - netr_String profile_path; - netr_String home_directory; - netr_String home_drive; - uint16 logon_count; - uint16 bad_password_count; - uint32 rid; - uint32 primary_gid; - uint32 group_count; - [size_is(group_count)] netr_GroupMembership *groupids; - uint32 acct_flags; - netr_UserSessionKey key; - netr_String logon_server; - netr_String domain; - dom_sid2 *domain_sid; - netr_LMSessionKey LMSessKey; - uint32 AccountControl; - uint32 unknown[7]; + netr_SamBaseInfo base; uint32 sidcount; [size_is(sidcount)] netr_SidAttr *sids; } netr_SamInfo3; - typedef struct { - NTTIME last_logon; - NTTIME last_logoff; - NTTIME acct_expiry; - NTTIME last_password_change; - NTTIME allow_password_change; - NTTIME force_password_change; - netr_String account_name; - netr_String full_name; - netr_String logon_script; - netr_String profile_path; - netr_String home_directory; - netr_String home_drive; - uint16 logon_count; - uint16 bad_password_count; - uint32 rid; - uint32 primary_gid; - uint32 group_count; - [size_is(group_count)] netr_GroupMembership *groupids; - uint32 acct_flags; - netr_UserSessionKey key; - netr_String logon_server; - netr_String domain; - dom_sid2 *domain_sid; - netr_LMSessionKey LMSessKey; - uint32 AccountControl; - uint32 unknown1[9]; - netr_String forest; - netr_String principle; - uint32 unknown4[18]; + netr_SamBaseInfo base; uint32 sidcount; [size_is(sidcount)] netr_SidAttr *sids; + netr_String forest; + netr_String principle; + uint32 unknown4[20]; } netr_SamInfo6; typedef struct { diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index dc0b8582fe..603d90f440 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -495,8 +495,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, NTSTATUS nt_status; const uint8_t *chal; static const char zeros[16]; + struct netr_SamBaseInfo *sam; struct netr_SamInfo2 *sam2; - struct netr_SamInfo3 *sam; + struct netr_SamInfo3 *sam3; + struct netr_SamInfo6 *sam6; if (!pipe_state) { DEBUG(1, ("No challenge requested by client, cannot authenticate\n")); @@ -570,7 +572,9 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, } free_auth_context(&auth_context); - sam = talloc_p(mem_ctx, struct netr_SamInfo3); + sam = talloc_p(mem_ctx, struct netr_SamBaseInfo); + + ZERO_STRUCTP(sam); sam->last_logon = server_info->last_logon; sam->last_logoff = server_info->last_logoff; @@ -603,17 +607,6 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, sam->domain_sid->num_auths--; sam->AccountControl = 0; - - sam->unknown1 = 0; - sam->unknown2 = 0; - sam->unknown3 = 0; - sam->unknown4 = 0; - sam->unknown5 = 0; - sam->unknown6 = 0; - sam->unknown7 = 0; - - sam->sidcount = 0; - sam->sids = NULL; if (server_info->user_session_key.length == sizeof(sam->key.key)) { memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key)); @@ -646,60 +639,29 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, switch (r->in.validation_level) { case 2: - { sam2 = talloc_p(mem_ctx, struct netr_SamInfo2); + ZERO_STRUCTP(sam2); + sam2->base = *sam; r->out.validation.sam2 = sam2; - sam2->last_logon = sam->last_logon; - sam2->last_logoff = sam->last_logoff; - sam2->acct_expiry = sam->acct_expiry; - - sam2->last_password_change = sam->last_password_change; - sam2->allow_password_change = sam->allow_password_change; - sam2->force_password_change = sam->force_password_change; - - sam2->account_name = sam->account_name; - sam2->full_name = sam->full_name; - sam2->logon_script = sam->logon_script; - sam2->profile_path = sam->profile_path; - sam2->home_directory = sam->home_directory; - sam2->home_drive = sam->home_drive; - - sam2->logon_count = sam->logon_count; - sam2->bad_password_count = sam->bad_password_count; - sam2->rid = sam->rid; - sam2->primary_gid = sam->primary_gid; - sam2->group_count = sam->group_count; - sam2->groupids = sam->groupids; - - sam2->acct_flags = sam->acct_flags; - - sam2->key = sam->key; - - sam2->logon_server = sam->logon_server; - - sam2->domain = sam->domain; - - sam2->domain_sid = sam->domain_sid; - - sam2->LMSessKey = sam->LMSessKey; - - sam2->AccountControl = sam->AccountControl; - - sam2->unknown1 = sam->unknown1; - sam2->unknown2 = sam->unknown2; - sam2->unknown3 = sam->unknown3; - sam2->unknown4 = sam->unknown4; - sam2->unknown5 = sam->unknown5; - sam2->unknown6 = sam->unknown6; - sam2->unknown7 = sam->unknown7; - break; - } + case 3: - { - r->out.validation.sam3 = sam; + sam3 = talloc_p(mem_ctx, struct netr_SamInfo3); + ZERO_STRUCTP(sam3); + sam3->base = *sam; + r->out.validation.sam3 = sam3; break; - } + + case 6: + sam6 = talloc_p(mem_ctx, struct netr_SamInfo6); + ZERO_STRUCTP(sam6); + sam6->base = *sam; + sam6->forest.string = sam->domain.string; + sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", + sam->account_name.string, sam->domain.string); + r->out.validation.sam6 = sam6; + break; + default: break; } diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 55d60871b6..c334651d46 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -377,58 +377,58 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, if (r->in.validation_level == 2) { static const char zeros[16]; - if (memcmp(r->out.validation.sam2->key.key, zeros, - sizeof(r->out.validation.sam2->key.key)) != 0) { + if (memcmp(r->out.validation.sam2->base.key.key, zeros, + sizeof(r->out.validation.sam2->base.key.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam2->key.key, - sizeof(r->out.validation.sam2->key.key)); + r->out.validation.sam2->base.key.key, + sizeof(r->out.validation.sam2->base.key.key)); } if (user_session_key) { - memcpy(user_session_key, r->out.validation.sam2->key.key, 16); + memcpy(user_session_key, r->out.validation.sam2->base.key.key, 16); } - if (memcmp(r->out.validation.sam2->LMSessKey.key, zeros, - sizeof(r->out.validation.sam2->LMSessKey.key)) != 0) { + if (memcmp(r->out.validation.sam2->base.LMSessKey.key, zeros, + sizeof(r->out.validation.sam2->base.LMSessKey.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam2->LMSessKey.key, - sizeof(r->out.validation.sam2->LMSessKey.key)); + r->out.validation.sam2->base.LMSessKey.key, + sizeof(r->out.validation.sam2->base.LMSessKey.key)); } if (lm_key) { - memcpy(lm_key, r->out.validation.sam2->LMSessKey.key, 8); + memcpy(lm_key, r->out.validation.sam2->base.LMSessKey.key, 8); } } else if (r->in.validation_level == 3) { static const char zeros[16]; - if (memcmp(r->out.validation.sam3->key.key, zeros, - sizeof(r->out.validation.sam3->key.key)) != 0) { + if (memcmp(r->out.validation.sam3->base.key.key, zeros, + sizeof(r->out.validation.sam3->base.key.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam3->key.key, - sizeof(r->out.validation.sam3->key.key)); + r->out.validation.sam3->base.key.key, + sizeof(r->out.validation.sam3->base.key.key)); } if (user_session_key) { - memcpy(user_session_key, r->out.validation.sam3->key.key, 16); + memcpy(user_session_key, r->out.validation.sam3->base.key.key, 16); } - if (memcmp(r->out.validation.sam3->LMSessKey.key, zeros, - sizeof(r->out.validation.sam3->LMSessKey.key)) != 0) { + if (memcmp(r->out.validation.sam3->base.LMSessKey.key, zeros, + sizeof(r->out.validation.sam3->base.LMSessKey.key)) != 0) { creds_arcfour_crypt(&samlogon_state->creds, - r->out.validation.sam3->LMSessKey.key, - sizeof(r->out.validation.sam3->LMSessKey.key)); + r->out.validation.sam3->base.LMSessKey.key, + sizeof(r->out.validation.sam3->base.LMSessKey.key)); } if (lm_key) { - memcpy(lm_key, r->out.validation.sam3->LMSessKey.key, 8); + memcpy(lm_key, r->out.validation.sam3->base.LMSessKey.key, 8); } } else if (r->in.validation_level == 6) { /* they aren't encrypted! */ if (user_session_key) { - memcpy(user_session_key, r->out.validation.sam6->key.key, 16); + memcpy(user_session_key, r->out.validation.sam6->base.key.key, 16); } if (lm_key) { - memcpy(lm_key, r->out.validation.sam6->LMSessKey.key, 8); + memcpy(lm_key, r->out.validation.sam6->base.LMSessKey.key, 8); } } } |