summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-06-14 12:06:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:56:40 -0500
commit7ae1735798250a7625dfd8d005c08cc8302f400f (patch)
tree2a9cbd64764453a8399b47c03fcb2f0c6d476e08
parent19f3bfc0ac317cfd3320187d957972ab3fbd3cad (diff)
downloadsamba-7ae1735798250a7625dfd8d005c08cc8302f400f.tar.gz
samba-7ae1735798250a7625dfd8d005c08cc8302f400f.tar.bz2
samba-7ae1735798250a7625dfd8d005c08cc8302f400f.zip
r1141: - consolidated the netr_SamInfo structures using a netr_SamBaseInfo
structure (andrew, this is the type of structure consolidation I think you were asking about. It's possible here in NDR as it isn't in the top level fn code) - added validation level 6 in sam logon With these changes I can successfully authentication smbclient to a winxp server, with the winxp server using a Samba4 ADS DC for account auth (This used to be commit 705205083a6e2430c420f44436a1d1ff8826bc73)
-rw-r--r--source4/librpc/idl/netlogon.idl65
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c86
-rw-r--r--source4/torture/rpc/netlogon.c44
3 files changed, 55 insertions, 140 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 844bc7ec83..6e87072a12 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -172,6 +172,10 @@ interface netlogon
netr_LMSessionKey LMSessKey;
uint32 AccountControl;
uint32 unknown[7];
+ } netr_SamBaseInfo;
+
+ typedef struct {
+ netr_SamBaseInfo base;
} netr_SamInfo2;
typedef struct {
@@ -180,69 +184,18 @@ interface netlogon
} netr_SidAttr;
typedef struct {
- NTTIME last_logon;
- NTTIME last_logoff;
- NTTIME acct_expiry;
- NTTIME last_password_change;
- NTTIME allow_password_change;
- NTTIME force_password_change;
- netr_String account_name;
- netr_String full_name;
- netr_String logon_script;
- netr_String profile_path;
- netr_String home_directory;
- netr_String home_drive;
- uint16 logon_count;
- uint16 bad_password_count;
- uint32 rid;
- uint32 primary_gid;
- uint32 group_count;
- [size_is(group_count)] netr_GroupMembership *groupids;
- uint32 acct_flags;
- netr_UserSessionKey key;
- netr_String logon_server;
- netr_String domain;
- dom_sid2 *domain_sid;
- netr_LMSessionKey LMSessKey;
- uint32 AccountControl;
- uint32 unknown[7];
+ netr_SamBaseInfo base;
uint32 sidcount;
[size_is(sidcount)] netr_SidAttr *sids;
} netr_SamInfo3;
-
typedef struct {
- NTTIME last_logon;
- NTTIME last_logoff;
- NTTIME acct_expiry;
- NTTIME last_password_change;
- NTTIME allow_password_change;
- NTTIME force_password_change;
- netr_String account_name;
- netr_String full_name;
- netr_String logon_script;
- netr_String profile_path;
- netr_String home_directory;
- netr_String home_drive;
- uint16 logon_count;
- uint16 bad_password_count;
- uint32 rid;
- uint32 primary_gid;
- uint32 group_count;
- [size_is(group_count)] netr_GroupMembership *groupids;
- uint32 acct_flags;
- netr_UserSessionKey key;
- netr_String logon_server;
- netr_String domain;
- dom_sid2 *domain_sid;
- netr_LMSessionKey LMSessKey;
- uint32 AccountControl;
- uint32 unknown1[9];
- netr_String forest;
- netr_String principle;
- uint32 unknown4[18];
+ netr_SamBaseInfo base;
uint32 sidcount;
[size_is(sidcount)] netr_SidAttr *sids;
+ netr_String forest;
+ netr_String principle;
+ uint32 unknown4[20];
} netr_SamInfo6;
typedef struct {
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index dc0b8582fe..603d90f440 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -495,8 +495,10 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
NTSTATUS nt_status;
const uint8_t *chal;
static const char zeros[16];
+ struct netr_SamBaseInfo *sam;
struct netr_SamInfo2 *sam2;
- struct netr_SamInfo3 *sam;
+ struct netr_SamInfo3 *sam3;
+ struct netr_SamInfo6 *sam6;
if (!pipe_state) {
DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
@@ -570,7 +572,9 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
}
free_auth_context(&auth_context);
- sam = talloc_p(mem_ctx, struct netr_SamInfo3);
+ sam = talloc_p(mem_ctx, struct netr_SamBaseInfo);
+
+ ZERO_STRUCTP(sam);
sam->last_logon = server_info->last_logon;
sam->last_logoff = server_info->last_logoff;
@@ -603,17 +607,6 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
sam->domain_sid->num_auths--;
sam->AccountControl = 0;
-
- sam->unknown1 = 0;
- sam->unknown2 = 0;
- sam->unknown3 = 0;
- sam->unknown4 = 0;
- sam->unknown5 = 0;
- sam->unknown6 = 0;
- sam->unknown7 = 0;
-
- sam->sidcount = 0;
- sam->sids = NULL;
if (server_info->user_session_key.length == sizeof(sam->key.key)) {
memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
@@ -646,60 +639,29 @@ static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call,
switch (r->in.validation_level) {
case 2:
- {
sam2 = talloc_p(mem_ctx, struct netr_SamInfo2);
+ ZERO_STRUCTP(sam2);
+ sam2->base = *sam;
r->out.validation.sam2 = sam2;
- sam2->last_logon = sam->last_logon;
- sam2->last_logoff = sam->last_logoff;
- sam2->acct_expiry = sam->acct_expiry;
-
- sam2->last_password_change = sam->last_password_change;
- sam2->allow_password_change = sam->allow_password_change;
- sam2->force_password_change = sam->force_password_change;
-
- sam2->account_name = sam->account_name;
- sam2->full_name = sam->full_name;
- sam2->logon_script = sam->logon_script;
- sam2->profile_path = sam->profile_path;
- sam2->home_directory = sam->home_directory;
- sam2->home_drive = sam->home_drive;
-
- sam2->logon_count = sam->logon_count;
- sam2->bad_password_count = sam->bad_password_count;
- sam2->rid = sam->rid;
- sam2->primary_gid = sam->primary_gid;
- sam2->group_count = sam->group_count;
- sam2->groupids = sam->groupids;
-
- sam2->acct_flags = sam->acct_flags;
-
- sam2->key = sam->key;
-
- sam2->logon_server = sam->logon_server;
-
- sam2->domain = sam->domain;
-
- sam2->domain_sid = sam->domain_sid;
-
- sam2->LMSessKey = sam->LMSessKey;
-
- sam2->AccountControl = sam->AccountControl;
-
- sam2->unknown1 = sam->unknown1;
- sam2->unknown2 = sam->unknown2;
- sam2->unknown3 = sam->unknown3;
- sam2->unknown4 = sam->unknown4;
- sam2->unknown5 = sam->unknown5;
- sam2->unknown6 = sam->unknown6;
- sam2->unknown7 = sam->unknown7;
-
break;
- }
+
case 3:
- {
- r->out.validation.sam3 = sam;
+ sam3 = talloc_p(mem_ctx, struct netr_SamInfo3);
+ ZERO_STRUCTP(sam3);
+ sam3->base = *sam;
+ r->out.validation.sam3 = sam3;
break;
- }
+
+ case 6:
+ sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
+ ZERO_STRUCTP(sam6);
+ sam6->base = *sam;
+ sam6->forest.string = sam->domain.string;
+ sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
+ sam->account_name.string, sam->domain.string);
+ r->out.validation.sam6 = sam6;
+ break;
+
default:
break;
}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 55d60871b6..c334651d46 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -377,58 +377,58 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
if (r->in.validation_level == 2) {
static const char zeros[16];
- if (memcmp(r->out.validation.sam2->key.key, zeros,
- sizeof(r->out.validation.sam2->key.key)) != 0) {
+ if (memcmp(r->out.validation.sam2->base.key.key, zeros,
+ sizeof(r->out.validation.sam2->base.key.key)) != 0) {
creds_arcfour_crypt(&samlogon_state->creds,
- r->out.validation.sam2->key.key,
- sizeof(r->out.validation.sam2->key.key));
+ r->out.validation.sam2->base.key.key,
+ sizeof(r->out.validation.sam2->base.key.key));
}
if (user_session_key) {
- memcpy(user_session_key, r->out.validation.sam2->key.key, 16);
+ memcpy(user_session_key, r->out.validation.sam2->base.key.key, 16);
}
- if (memcmp(r->out.validation.sam2->LMSessKey.key, zeros,
- sizeof(r->out.validation.sam2->LMSessKey.key)) != 0) {
+ if (memcmp(r->out.validation.sam2->base.LMSessKey.key, zeros,
+ sizeof(r->out.validation.sam2->base.LMSessKey.key)) != 0) {
creds_arcfour_crypt(&samlogon_state->creds,
- r->out.validation.sam2->LMSessKey.key,
- sizeof(r->out.validation.sam2->LMSessKey.key));
+ r->out.validation.sam2->base.LMSessKey.key,
+ sizeof(r->out.validation.sam2->base.LMSessKey.key));
}
if (lm_key) {
- memcpy(lm_key, r->out.validation.sam2->LMSessKey.key, 8);
+ memcpy(lm_key, r->out.validation.sam2->base.LMSessKey.key, 8);
}
} else if (r->in.validation_level == 3) {
static const char zeros[16];
- if (memcmp(r->out.validation.sam3->key.key, zeros,
- sizeof(r->out.validation.sam3->key.key)) != 0) {
+ if (memcmp(r->out.validation.sam3->base.key.key, zeros,
+ sizeof(r->out.validation.sam3->base.key.key)) != 0) {
creds_arcfour_crypt(&samlogon_state->creds,
- r->out.validation.sam3->key.key,
- sizeof(r->out.validation.sam3->key.key));
+ r->out.validation.sam3->base.key.key,
+ sizeof(r->out.validation.sam3->base.key.key));
}
if (user_session_key) {
- memcpy(user_session_key, r->out.validation.sam3->key.key, 16);
+ memcpy(user_session_key, r->out.validation.sam3->base.key.key, 16);
}
- if (memcmp(r->out.validation.sam3->LMSessKey.key, zeros,
- sizeof(r->out.validation.sam3->LMSessKey.key)) != 0) {
+ if (memcmp(r->out.validation.sam3->base.LMSessKey.key, zeros,
+ sizeof(r->out.validation.sam3->base.LMSessKey.key)) != 0) {
creds_arcfour_crypt(&samlogon_state->creds,
- r->out.validation.sam3->LMSessKey.key,
- sizeof(r->out.validation.sam3->LMSessKey.key));
+ r->out.validation.sam3->base.LMSessKey.key,
+ sizeof(r->out.validation.sam3->base.LMSessKey.key));
}
if (lm_key) {
- memcpy(lm_key, r->out.validation.sam3->LMSessKey.key, 8);
+ memcpy(lm_key, r->out.validation.sam3->base.LMSessKey.key, 8);
}
} else if (r->in.validation_level == 6) {
/* they aren't encrypted! */
if (user_session_key) {
- memcpy(user_session_key, r->out.validation.sam6->key.key, 16);
+ memcpy(user_session_key, r->out.validation.sam6->base.key.key, 16);
}
if (lm_key) {
- memcpy(lm_key, r->out.validation.sam6->LMSessKey.key, 8);
+ memcpy(lm_key, r->out.validation.sam6->base.LMSessKey.key, 8);
}
}
}