summaryrefslogtreecommitdiff
path: root/source3/client
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1997-11-09 17:30:10 +0000
committerLuke Leighton <lkcl@samba.org>1997-11-09 17:30:10 +0000
commite357d9106895b165bfa3f8331b9f186004c9a6cd (patch)
tree52e18b1e8f0770f89d157c6766745ed201df11a6 /source3/client
parenta81dd62af0321e0c78f81ea79605dade3e563f7a (diff)
downloadsamba-e357d9106895b165bfa3f8331b9f186004c9a6cd.tar.gz
samba-e357d9106895b165bfa3f8331b9f186004c9a6cd.tar.bz2
samba-e357d9106895b165bfa3f8331b9f186004c9a6cd.zip
attempting to mark up 32 bit error codes, needed for NT domains.
separated out smb server-mode password validation into a separate file. added called and calling netbios names to client gen state: referenced section in rfc1002.txt. created workstation trust account checking code in ntclient.c there might be a bug in reply_session_setup_andX. i indented and added { } around single-line if statements: the lm password checking code now doesn't look right (around the GUEST_SESSSETUP bits). *no code semantics have been changed by the indentation process*. (This used to be commit f27966957fa7f16d337a4a58719239d036deab4c)
Diffstat (limited to 'source3/client')
-rw-r--r--source3/client/client.c2
-rw-r--r--source3/client/ntclient.c127
2 files changed, 116 insertions, 13 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index 52f4b837a6..082118e0ba 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -3900,7 +3900,7 @@ static void usage(char *pname)
{
if (!cli_send_login(NULL,NULL,True,True)) return(1);
- do_nt_login(desthost, myhostname, Client, cnum);
+ do_nt_login(dest_ip, desthost, myhostname, Client, cnum);
cli_send_logout();
close_sockets();
diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c
index 7e360981c0..a32f6e690d 100644
--- a/source3/client/ntclient.c
+++ b/source3/client/ntclient.c
@@ -25,6 +25,7 @@
#endif
#include "includes.h"
+#include "nterr.h"
extern int DEBUGLEVEL;
extern pstring username;
@@ -35,11 +36,110 @@ extern pstring workgroup;
#ifdef NTDOMAIN
+/************************************************************************
+ check workstation trust account status
+ ************************************************************************/
+BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
+ char *myhostname, char *domain)
+{
+ pstring tmp;
+ struct cli_state wksta_trust;
+ fstring mach_acct;
+ fstring mach_pwd;
+ fstring new_mach_pwd;
+ uchar lm_owf_mach_pwd[16];
+ uchar nt_owf_mach_pwd[16];
+ uchar lm_sess_pwd[24];
+ uchar nt_sess_pwd[24];
+ BOOL right_error_code = False;
+
+ char *start_mach_pwd;
+ char *change_mach_pwd;
+
+ fstrcpy(mach_acct, myhostname);
+ strlower(mach_pwd);
+
+ fstrcpy(mach_pwd , myhostname);
+ strcat(mach_acct, "$");
+ strupper(mach_acct);
+
+ sprintf(tmp, "Enter Workstation Trust Account password for [%s].\nDefault is [%s]. Password: ",
+ mach_acct, mach_pwd);
+
+ start_mach_pwd = (char*)getpass(tmp);
+
+ if (start_mach_pwd[0] != 0)
+ {
+ fstrcpy(mach_pwd, start_mach_pwd);
+ }
+
+ sprintf(tmp, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value. Password: ",
+ mach_acct);
+
+ change_mach_pwd = (char*)getpass(tmp);
+
+ fstrcpy(new_mach_pwd, change_mach_pwd);
+
+ if (!cli_initialise(&wksta_trust))
+ {
+ DEBUG(1,("cli_initialise failed for wksta_trust\n"));
+ return False;
+ }
+
+ if (!server_connect_init(&wksta_trust, myhostname, dest_ip, dest_host))
+ {
+ int err_cls;
+ int err_num;
+ cli_error(&wksta_trust, &err_cls, &err_num);
+ DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&wksta_trust)));
+
+ cli_shutdown(&wksta_trust);
+ return False;
+ }
+
+ nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
+
+ DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
+ SMBOWFencrypt(nt_owf_mach_pwd, wksta_trust.cryptkey, nt_sess_pwd);
+ SMBOWFencrypt(lm_owf_mach_pwd, wksta_trust.cryptkey, lm_sess_pwd);
+
+ right_error_code = False;
+
+ if (!server_validate2(&wksta_trust, mach_acct, domain,
+ lm_sess_pwd, sizeof(lm_sess_pwd),
+ nt_sess_pwd, sizeof(nt_sess_pwd)))
+ {
+ int err_cls;
+ int err_num;
+ cli_error(&wksta_trust, &err_cls, &err_num);
+
+ if (err_cls == 0xC000 && err_num == NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)
+ {
+ DEBUG(1,("server_validate: valid workstation trust account exists\n"));
+ right_error_code = True;
+ }
+
+ if (err_cls == 0xC000 && err_num == NT_STATUS_NO_SUCH_USER)
+ {
+ DEBUG(1,("server_validate: workstation trust account does not exist\n"));
+ right_error_code = False;
+ }
+ }
+
+ if (!right_error_code)
+ {
+ DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&wksta_trust)));
+ }
+
+ cli_shutdown(&wksta_trust);
+ return right_error_code;
+}
/****************************************************************************
experimental nt login.
****************************************************************************/
-BOOL do_nt_login(char *desthost, char *myhostname,
+BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
+ char *myhostname,
int Client, int cnum)
{
DOM_CHAL clnt_chal;
@@ -66,9 +166,12 @@ BOOL do_nt_login(char *desthost, char *myhostname,
uchar sess_key[8];
char nt_owf_mach_pwd[16];
+
+ fstring server_name;
fstring mach_acct;
+
fstring mach_pwd;
- fstring server_name;
+ fstring new_mach_pwd;
RPC_IFACE abstract;
RPC_IFACE transfer;
@@ -88,6 +191,8 @@ BOOL do_nt_login(char *desthost, char *myhostname,
uint32 call_id = 0;
char *inbuf,*outbuf;
+ /******************** initialise ********************************/
+
zerotime.time = 0;
inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
@@ -99,6 +204,10 @@ BOOL do_nt_login(char *desthost, char *myhostname,
return False;
}
+ /************ check workstation trust account *******************/
+
+ wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup);
+
/******************* open the \PIPE\lsarpc file *****************/
if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_LSARPC, Client, cnum)) == 0xffff)
@@ -216,17 +325,11 @@ BOOL do_nt_login(char *desthost, char *myhostname,
/******************* Request Challenge ********************/
- fstrcpy(mach_acct, myhostname);
- strlower(mach_pwd);
-
- fstrcpy(mach_pwd , myhostname);
- strcat(mach_acct, "$");
-
SIVAL(clnt_chal.data, 0, 0x11111111);
SIVAL(clnt_chal.data, 4, 0x22222222);
/* send a client challenge; receive a server challenge */
- if (!do_lsa_req_chal(fnum, ++call_id, desthost, myhostname, &clnt_chal, &srv_chal))
+ if (!do_lsa_req_chal(fnum, ++call_id, dest_host, myhostname, &clnt_chal, &srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
@@ -268,7 +371,7 @@ BOOL do_nt_login(char *desthost, char *myhostname,
cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
/* send client auth-2 challenge; receive an auth-2 challenge */
- if (!do_lsa_auth2(fnum, ++call_id, desthost, mach_acct, 2, myhostname,
+ if (!do_lsa_auth2(fnum, ++call_id, dest_host, mach_acct, 2, myhostname,
&(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
@@ -311,7 +414,7 @@ BOOL do_nt_login(char *desthost, char *myhostname,
/* send client sam-logon challenge; receive a sam-logon challenge */
if (!do_lsa_sam_logon(fnum, ++call_id, sess_key, &clnt_cred,
- desthost, mach_acct,
+ dest_host, mach_acct,
&sam_logon_clnt_cred, &sam_logon_rtn_cred,
1, 1, &id1, &user_info1,
&sam_logon_srv_cred))
@@ -332,7 +435,7 @@ BOOL do_nt_login(char *desthost, char *myhostname,
/* send client sam-logoff challenge; receive a sam-logoff challenge */
if (!do_lsa_sam_logoff(fnum, ++call_id, sess_key, &clnt_cred,
- desthost, mach_acct,
+ dest_host, mach_acct,
&sam_logoff_clnt_cred, &sam_logoff_rtn_cred,
1, 1, &id1,
&sam_logoff_srv_cred))