diff options
author | Jeremy Allison <jra@samba.org> | 1998-04-28 01:24:40 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-04-28 01:24:40 +0000 |
commit | 22abe47e29bf25a52e39026d03e38b49bab25ac9 (patch) | |
tree | 7b0eae817e17fe6817a3ef4a52d52f64389d4423 /source3/rpc_client | |
parent | b8fff2cc4e3d2903bc009bf2f46459855dad526e (diff) | |
download | samba-22abe47e29bf25a52e39026d03e38b49bab25ac9.tar.gz samba-22abe47e29bf25a52e39026d03e38b49bab25ac9.tar.bz2 samba-22abe47e29bf25a52e39026d03e38b49bab25ac9.zip |
First version that compiles. Much more to do.....
Jeremy.
(This used to be commit 45393a19adb31820725fbdfaaf7ab64793fc9bc5)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_login.c | 132 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 238 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 36 |
3 files changed, 178 insertions, 228 deletions
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c index ad176ffe8f..fe00c39e4c 100644 --- a/source3/rpc_client/cli_login.c +++ b/source3/rpc_client/cli_login.c @@ -24,6 +24,8 @@ #include "nterr.h" extern int DEBUGLEVEL; +extern fstring global_myworkgroup; +extern pstring global_myname; /**************************************************************************** Initialize domain session credentials. @@ -34,17 +36,8 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) DOM_CHAL clnt_chal; DOM_CHAL srv_chal; - DOM_CHAL auth2_srv_chal; - UTIME zerotime; - RPC_IFACE abstract; - RPC_IFACE transfer; - - /******************** initialise ********************************/ - - zerotime.time = 0; - /******************* Request Challenge ********************/ generate_random_buffer( clnt_chal.data, 8, False); @@ -52,26 +45,30 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) /* send a client challenge; receive a server challenge */ if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal)) { - DEBUG(0,("do_nt_session_open: request challenge failed\n")); + DEBUG(0,("cli_nt_setup_creds: request challenge failed\n")); return False; } /**************** Long-term Session key **************/ /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, mach_pwd, sess_key); - bzero(sess_key+8, 8); + cred_session_key(&clnt_chal, &srv_chal, mach_pwd, cli->sess_key); + bzero(cli->sess_key+8, 8); /******************* Authenticate 2 ********************/ /* calculate auth-2 credentials */ - cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred->challenge)); + zerotime.time = 0; + cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge)); + + /* + * Send client auth-2 challenge. + * Receive an auth-2 challenge response and check it. + */ - /* send client auth-2 challenge; receive an auth-2 challenge */ - if (!cli_net_auth2(cli, SEC_CHAN_WKSTA, 0x000001ff, - &(cli->clnt_cred->challenge), &auth2_srv_chal)) + if (!cli_net_auth2(cli, SEC_CHAN_WKSTA, 0x000001ff, &srv_chal)) { - DEBUG(0,("do_nt_session_open: auth2 challenge failed\n")); + DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n")); return False; } @@ -128,7 +125,7 @@ BOOL do_nt_srv_pwset(struct cli_state *cli, void make_nt_login_interactive(NET_ID_INFO_CTR *ctr, uchar sess_key[16], - char *workgroup, char *myhostname, + char *domain, char *myhostname, uint32 smb_userid, char *username) { /****************** SAM Info Preparation *******************/ @@ -154,103 +151,44 @@ void make_nt_login_interactive(NET_ID_INFO_CTR *ctr, ctr->switch_value = 1; /* this is used in both the SAM Logon and the SAM Logoff */ - make_id_info1(&ctr->auth.id1, workgroup, 0, + make_id_info1(&ctr->auth.id1, domain, 0, smb_userid, 0, username, myhostname, sess_key, lm_owf_user_pwd, nt_owf_user_pwd); } #endif /**************************************************************************** - make network sam login info - ****************************************************************************/ - -void make_nt_login_network(NET_ID_INFO_CTR *ctr, uint32 smb_userid, char *username, - char lm_chal[8], char lm_chal_resp[24], - char nt_chal_resp[24]) -{ - /* indicate a "network" login */ - ctr->switch_value = 2; - - /* this is used in both the SAM Logon and the SAM Logoff */ - make_id_info2(&ctr->auth.id2, myworkgroup, 0, smb_userid, 0, - username, myhostname, - lm_chal, lm_chal_resp, nt_chal_resp); -} - -/**************************************************************************** NT login. ****************************************************************************/ -BOOL cli_nt_login(struct cli_state *cli, - DOM_CRED *clnt_cred, DOM_CRED *rtn_cred, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) +BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, + uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24], + char nt_chal_resp[24], + NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) { - DOM_CRED sam_logon_rtn_cred; - DOM_CRED cred; - fstring dest_srv; - fstring my_host_name; + DEBUG(5,("cli_nt_login_network: %d\n", __LINE__)); - DEBUG(5,("do_nt_login: %d\n", __LINE__)); - - /*********************** SAM Logon **********************/ - - cli->clnt_cred->timestamp.time = time(NULL); - - memcpy(&cred, cli->clnt_cred, sizeof(cred)); - - /* calculate sam logon credentials */ - cred_create(sess_key, &(cli->clnt_cred->challenge), - cred.timestamp, &(cred.challenge)); - - strcpy(dest_srv, "\\\\"); - strcat(dest_srv, dest_host); - strupper(dest_srv); + /* indicate a "network" login */ + ctr->switch_value = NET_LOGON_TYPE; - fstrcpy(my_host_name, myhostname); - strupper(my_host_name); + /* Create the structure needed for SAM logon. */ + make_id_info2(&ctr->auth.id2, domain, 0, + smb_userid_low, 0, + username, global_myname, + lm_chal, lm_chal_resp, nt_chal_resp); - /* send client sam-logon challenge */ - return cli_net_sam_logon(cli, dest_srv, my_host_name, - &cred, &sam_logon_rtn_cred, - ctr->switch_value, ctr, 3, user_info3, - rtn_cred); + /* Send client sam-logon request - update credentials on success. */ + return cli_net_sam_logon(cli, ctr, user_info3); } /**************************************************************************** -nt sam logoff +NT Logoff. ****************************************************************************/ -BOOL cli_nt_logoff(struct cli_state *cli, DOM_CRED *rtn_cred, - NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname) +BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) { - DOM_CRED sam_logoff_rtn_cred; - DOM_CRED cred; - fstring dest_srv; - fstring my_host_name; - - DEBUG(5,("do_nt_logoff: %d\n", __LINE__)); - - /*********************** SAM Logoff *********************/ - - clnt_cred->timestamp.time = time(NULL); - - memcpy(&cred, cli->clnt_cred, sizeof(cred)); - - /* calculate sam logoff credentials */ - cred_create(sess_key, &(cli->clnt_cred->challenge), - cred.timestamp, &(cred.challenge)); - - strcpy(dest_srv, "\\\\"); - strcat(dest_srv, dest_host); - strupper(dest_srv); - - fstrcpy(my_host_name, myhostname); - strupper(my_host_name); + DEBUG(5,("cli_nt_logoff: %d\n", __LINE__)); - /* send client sam-logoff challenge; receive a sam-logoff challenge */ - return cli_net_sam_logoff(cli, fnum, sess_key, clnt_cred, - dest_srv, my_host_name, - &cred, &sam_logoff_rtn_cred, - ctr->switch_value, ctr, 3, - rtn_cred); + /* Send client sam-logoff request - update credentials on success. */ + return cli_net_sam_logoff(cli, ctr); } diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 654445b31d..91dbd27421 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -6,7 +5,8 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * + * Copyright (C) Jeremy Allison 1998. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -30,36 +30,30 @@ #include "includes.h" extern int DEBUGLEVEL; +extern pstring global_myname; +extern fstring global_myworkgroup; /**************************************************************************** do a LSA Logon Control2 ****************************************************************************/ -BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum, - char *host_name, uint32 status_level) +BOOL do_net_logon_ctrl2(struct cli_state *cli, uint32 status_level) { prs_struct rbuf; prs_struct buf; NET_Q_LOGON_CTRL2 q_l; - BOOL valid_ctrl2 = False; - fstring acct_name; - - if (host_name == NULL) - return False; + BOOL ok = False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True ); - strcpy(acct_name, "\\\\"); - strcat(acct_name, host_name); - /* create and send a MSRPC command with api NET_LOGON_CTRL2 */ - DEBUG(4,("LSA Logon Control2 from %s status level:%x\n", - host_name, status_level)); + DEBUG(4,("do_net_logon_ctrl2 from %s status level:%x\n", + global_myname, status_level)); /* store the parameters */ - make_q_logon_ctrl2(&q_l, acct_name, status_level); + make_q_logon_ctrl2(&q_l, cli->srv_name_slash, status_level); /* turn parameters into data stream */ net_io_q_logon_ctrl2("", &q_l, &buf, 0); @@ -68,7 +62,6 @@ BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum, if (rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &buf, &rbuf)) { NET_R_LOGON_CTRL2 r_l; - BOOL ok; net_io_r_logon_ctrl2("", &r_l, &rbuf, 0); ok = (rbuf.offset != 0); @@ -76,47 +69,46 @@ BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum, if (ok && r_l.status != 0) { /* report error code */ - DEBUG(0,("NET_R_LOGON_CTRL: %s\n", get_nt_error_msg(r_l.status))); + DEBUG(0,("do_net_logon_ctrl2: Error %s\n", get_nt_error_msg(r_l.status))); cli->nt_error = r_l.status; ok = False; } - - if (ok) - { - valid_ctrl2 = True; - } } prs_mem_free(&rbuf); prs_mem_free(&buf ); - return valid_ctrl2; + return ok; } /**************************************************************************** -do a LSA Authenticate 2 +LSA Authenticate 2 + +Send the client credential, receive back a server credential. +Ensure that the server credential returned matches the session key +encrypt of the server challenge originally received. JRA. ****************************************************************************/ BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal) + uint32 neg_flags, DOM_CHAL *srv_chal) { prs_struct rbuf; prs_struct buf; NET_Q_AUTH_2 q_a; - BOOL valid_chal = False; + BOOL ok = False; prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True ); /* create and send a MSRPC command with api NET_AUTH2 */ - DEBUG(4,("LSA Authenticate 2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %lx\n", - cli->srv_name, cli->mach_acct, sec_chan, global_myname, - credstr(clnt_chal->data), neg_flags)); + DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %lx\n", + cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname, + credstr(cli->clnt_cred.challenge.data), neg_flags)); /* store the parameters */ - make_q_auth_2(&q_a, cli->srv_name, cli->mach_acct, sec_chan, global_myname, - clnt_chal, neg_flags); + make_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname, + &cli->clnt_cred.challenge, neg_flags); /* turn parameters into data stream */ net_io_q_auth_2("", &q_a, &buf, 0); @@ -125,7 +117,6 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan, if (rpc_api_pipe_req(cli, NET_AUTH2, &buf, &rbuf)) { NET_R_AUTH_2 r_a; - BOOL ok; net_io_r_auth_2("", &r_a, &rbuf, 0); ok = (rbuf.offset != 0); @@ -133,35 +124,49 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan, if (ok && r_a.status != 0) { /* report error code */ - DEBUG(0,("NET_AUTH2: %s\n", get_nt_error_msg(r_a.status))); + DEBUG(0,("cli_net_auth2: Error %s\n", get_nt_error_msg(r_a.status))); cli->nt_error = r_a.status; ok = False; } + if (ok) + { + /* + * Check the returned value using the initial + * server received challenge. + */ + UTIME zerotime; + + zerotime.time = 0; + if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \ +password ?).\n", cli->desthost )); + ok = False; + } + } + if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags) { /* report different neg_flags */ - DEBUG(0,("NET_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n", + DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%lx,%lx)\n", q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags)); ok = False; } - if (ok) - { - /* ok, at last: we're happy. return the challenge */ - memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data)); - valid_chal = True; - } } prs_mem_free(&rbuf); prs_mem_free(&buf ); - return valid_chal; + return ok; } /**************************************************************************** -do a LSA Request Challenge +LSA Request Challenge. Sends our challenge to server, then gets +server response. These are used to generate the credentials. ****************************************************************************/ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal) @@ -183,7 +188,7 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_ cli->desthost, global_myname, credstr(clnt_chal->data))); /* store the parameters */ - make_q_req_chal(&q_c, desthost, global_myname, clnt_chal); + make_q_req_chal(&q_c, cli->srv_name_slash, global_myname, clnt_chal); /* turn parameters into data stream */ net_io_q_req_chal("", &q_c, &buf, 0); @@ -200,8 +205,8 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_ if (ok && r_c.status != 0) { /* report error code */ - DEBUG(0,("NET_REQ_CHAL: %s\n", get_nt_error_msg(r_c.status))); - cli->nt_error = r_a.status; + DEBUG(0,("cli_net_req_chal: Error %s\n", get_nt_error_msg(r_c.status))); + cli->nt_error = r_c.status; ok = False; } @@ -219,6 +224,7 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_ return valid_chal; } +#if 0 /*************************************************************************** do a LSA Server Password Set ****************************************************************************/ @@ -244,7 +250,7 @@ BOOL do_net_srv_pwset(struct cli_state *cli, uint16 fnum, /* create and send a MSRPC command with api NET_SRV_PWSET */ DEBUG(4,("LSA Server Password Set: srv:%s acct:%s sc: %d mc: %s clnt %s %lx\n", - logon_srv, mach_acct, sec_chan_type, comp_name, + cli->srv_name_slash, mach_acct, sec_chan_type, comp_name, credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time)); /* store the parameters */ @@ -292,40 +298,47 @@ BOOL do_net_srv_pwset(struct cli_state *cli, uint16 fnum, return valid_cred; } +#endif /*************************************************************************** -do a LSA SAM Logon +LSA SAM Logon. ****************************************************************************/ -BOOL cli_net_sam_logon(struct cli_state *cli, DOM_CRED *sto_clnt_cred, - char *logon_srv, char *comp_name, - DOM_CRED *clnt_cred, DOM_CRED *rtn_cred, - uint16 logon_level, NET_ID_INFO_CTR *ctr, - uint16 validation_level, NET_USER_INFO_3 *user_info3, - DOM_CRED *srv_cred) +BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, + NET_USER_INFO_3 *user_info3) { + DOM_CRED new_clnt_cred; prs_struct rbuf; prs_struct buf; + uint16 validation_level = 3; NET_Q_SAM_LOGON q_s; - BOOL valid_cred = False; + BOOL ok = False; - if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL || user_info3 == NULL) - return False; + /* + * Create the new client credentials. + */ + + cli->clnt_cred.timestamp.time = time(NULL); + + memcpy(&new_clnt_cred, &cli->clnt_cred, sizeof(new_clnt_cred)); + + /* Calculate the new credentials. */ + cred_create(cli->sess_key, &(cli->clnt_cred.challenge), + new_clnt_cred.timestamp, &(new_clnt_cred.challenge)); prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True ); /* create and send a MSRPC command with api NET_SAMLOGON */ - DEBUG(4,("LSA SAM Logon: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n", - cli->srv_name, global_myname, - credstr(cli->clnt_cred->challenge.data), cli->clnt_cred->timestamp.time, - credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time, - logon_level)); + DEBUG(4,("cli_net_sam_logon: srv:%s mc:%s clnt %s %lx ll: %d\n", + cli->srv_name_slash, global_myname, + credstr(new_clnt_cred.challenge.data), cli->clnt_cred.timestamp.time, + ctr->switch_value)); /* store the parameters */ - make_sam_info(&(q_s.sam_id), cli->srv_name, global_myname, - cli->clnt_cred, rtn_cred, logon_level, ctr, validation_level); + make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname, + &new_clnt_cred, NULL, ctr->switch_value, ctr, validation_level); /* turn parameters into data stream */ net_io_q_sam_logon("", &q_s, &buf, 0); @@ -334,7 +347,6 @@ BOOL cli_net_sam_logon(struct cli_state *cli, DOM_CRED *sto_clnt_cred, if (rpc_api_pipe_req(cli, NET_SAMLOGON, &buf, &rbuf)) { NET_R_SAM_LOGON r_s; - BOOL ok; r_s.user = user_info3; @@ -344,74 +356,75 @@ BOOL cli_net_sam_logon(struct cli_state *cli, DOM_CRED *sto_clnt_cred, if (ok && r_s.status != 0) { /* report error code */ - DEBUG(0,("NET_SAMLOGON: %s\n", get_nt_error_msg(r_s.status))); + DEBUG(0,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status))); cli->nt_error = r_s.status; ok = False; } + /* Update the credentials. */ + if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)) == 0) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(0,("cli_net_sam_logon: server %s replied with bad credential (bad machine \ +password ?).\n", cli->desthost )); + ok = False; + } + if (ok && r_s.switch_value != 3) { /* report different switch_value */ - DEBUG(0,("NET_SAMLOGON: switch_value of 3 expected %x\n", + DEBUG(0,("cli_net_sam_logon: switch_value of 3 expected %x\n", r_s.switch_value)); ok = False; } - - if (ok) - { - if (clnt_deal_with_creds(cli->sess_key, sto_clnt_cred, &(r_s.srv_creds))) - { - DEBUG(5, ("do_net_sam_logon: server credential check OK\n")); - /* ok, at last: we're happy. return the challenge */ - memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds)); - valid_cred = True; - } - else - { - DEBUG(5, ("do_net_sam_logon: server credential check failed\n")); - } - } } prs_mem_free(&rbuf); prs_mem_free(&buf ); - return valid_cred; + return ok; } /*************************************************************************** -do a LSA SAM Logoff +LSA SAM Logoff. ****************************************************************************/ -BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum, - uchar sess_key[8], DOM_CRED *sto_clnt_cred, - char *logon_srv, char *comp_name, - DOM_CRED *clnt_cred, DOM_CRED *rtn_cred, - uint16 logon_level, NET_ID_INFO_CTR *ctr, - uint16 validation_level, DOM_CRED *srv_cred) +BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) { + DOM_CRED new_clnt_cred; prs_struct rbuf; prs_struct buf; NET_Q_SAM_LOGOFF q_s; - BOOL valid_cred = False; + uint16 validation_level = 3; + BOOL ok = False; - if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL) - return False; + /* + * Create the new client credentials. + */ + + cli->clnt_cred.timestamp.time = time(NULL); + + memcpy(&new_clnt_cred, &cli->clnt_cred, sizeof(new_clnt_cred)); + + /* Calculate the new credentials. */ + cred_create(cli->sess_key, &(cli->clnt_cred.challenge), + new_clnt_cred.timestamp, &(new_clnt_cred.challenge)); prs_init(&buf , 1024, 4, SAFETY_MARGIN, False); prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True ); - /* create and send a MSRPC command with api NET_SAMLOGON */ + /* create and send a MSRPC command with api NET_SAMLOGOFF */ - DEBUG(4,("LSA SAM Logoff: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n", - logon_srv, comp_name, - credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time, - credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time, - logon_level)); + DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %lx ll: %d\n", + cli->srv_name_slash, global_myname, + credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time, + ctr->switch_value)); /* store the parameters */ - make_sam_info(&(q_s.sam_id), logon_srv, comp_name, - clnt_cred, rtn_cred, logon_level, ctr, validation_level); + make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname, + &new_clnt_cred, NULL, ctr->switch_value, ctr, validation_level); /* turn parameters into data stream */ net_io_q_sam_logoff("", &q_s, &buf, 0); @@ -420,7 +433,6 @@ BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum, if (rpc_api_pipe_req(cli, NET_SAMLOGOFF, &buf, &rbuf)) { NET_R_SAM_LOGOFF r_s; - BOOL ok; net_io_r_sam_logoff("", &r_s, &rbuf, 0); ok = (rbuf.offset != 0); @@ -428,29 +440,25 @@ BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum, if (ok && r_s.status != 0) { /* report error code */ - DEBUG(0,("NET_SAMLOGOFF: %s\n", get_nt_error_msg(r_s.status))); + DEBUG(0,("cli_net_sam_logoff: %s\n", get_nt_error_msg(r_s.status))); cli->nt_error = r_s.status; ok = False; } - if (ok) + /* Update the credentials. */ + if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)) == 0) { - if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds))) - { - DEBUG(5, ("do_net_sam_logoff: server credential check OK\n")); - /* ok, at last: we're happy. return the challenge */ - memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds)); - valid_cred = True; - } - else - { - DEBUG(5, ("do_net_sam_logoff: server credential check failed\n")); - } + /* + * Server replied with bad credential. Fail. + */ + DEBUG(0,("cli_net_sam_logoff: server %s replied with bad credential (bad machine \ +password ?).\n", cli->desthost )); + ok = False; } } prs_mem_free(&rbuf); prs_mem_free(&buf ); - return valid_cred; + return ok; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index d57009a47a..4058538f21 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -31,6 +31,8 @@ extern int DEBUGLEVEL; extern struct pipe_id_info pipe_names[]; +extern fstring global_myworkgroup; +extern pstring global_myname; /******************************************************************** rpc pipe call id @@ -55,6 +57,7 @@ static BOOL rpc_read(struct cli_state *cli, int num_read; char *data = rdata->data->data; uint32 err; + uint32 errclass; uint32 new_data_size = rdata->data->data_used + data_to_read; data += rdata_offset; @@ -92,7 +95,8 @@ static BOOL rpc_read(struct cli_state *cli, file_offset += num_read; data += num_read; - if (cli_error(cli, NULL, &err)) + cli_error(cli, &errclass, &err); + if (errclass != 0) return False; } while (num_read > 0 && data_to_read > 0); @@ -161,6 +165,7 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, uint16 setup[2]; /* only need 2 uint16 setup parameters */ uint32 err; + uint32 errclass; uint8 pkt_type = 0xff; BOOL first = True; BOOL last = True; @@ -168,10 +173,10 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, /* * Setup the pointers from the incoming. */ - char *pparams = param ? param->data->data; - int params_len = param ? param->data->data_used; - char *pdata = data ? data->data->data; - int data_len = data ? data->data->data_used; + char *pparams = param ? param->data->data : NULL; + int params_len = param ? param->data->data_used : 0; + char *pdata = data ? data->data->data : NULL; + int data_len = data ? data->data->data_used : 0; /* * Setup the pointers to the outgoing. @@ -198,9 +203,6 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, return False; } - if (cli_error(cli, NULL, &err)) - return False; - if (rdata->data->data == NULL) return False; @@ -262,7 +264,8 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_mem_free(&hps); - if (cli_error(cli, NULL, &err)) + cli_error(cli, &errclass, &err); + if (errclass != 0) return False; first = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST); @@ -461,8 +464,8 @@ BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, char *pipe_name, uint16 devic setup, 2, 0, /* setup, length, max */ param, 2, 0, /* param, length, max */ NULL, 0, 1024, /* data, length, max */ - &rparam, rparam_len, /* return param, length */ - &rdata, rdata_len)) /* return data, length */ + &rparam, &rparam_len, /* return param, length */ + &rdata, &rdata_len)) /* return data, length */ { DEBUG(5, ("Set Handle state: return OK\n")); state_set = True; @@ -602,7 +605,7 @@ BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, prs_init(&rparam, 0 , 4, SAFETY_MARGIN, True ); create_rpc_bind_req(&hdr, &hdr_rb, ntlmssp_auth ? &auth_req : NULL, - abstract, transfer, myname, myworkgroup); + abstract, transfer, global_myname, global_myworkgroup); /* this is a hack due to limitations in rpc_api_pipe */ prs_init(&data, mem_buf_len(hdr.data), 4, 0x0, False); @@ -645,7 +648,7 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted) if ((fnum = cli_open(cli, pipe_name, O_CREAT|O_RDWR, DENY_NONE)) == -1) { DEBUG(1,("do_session_open: cli_open failed on pipe %s to machine %s. \ -Error was %s.\n", pipe_name, cli->desthost, cli_errstr(&cli))); +Error was %s.\n", pipe_name, cli->desthost, cli_errstr(cli))); return False; } @@ -669,10 +672,11 @@ Error was %s.\n", pipe_name, cli->desthost, cli_errstr(&cli))); * Setup the remote server name prefixed by \ and the machine account name. */ - sprintf(cli->srv_name, "\\\\%s", cli->desthost); - strupper(cli->srv_name); + sprintf(cli->srv_name_slash, "\\\\%s", cli->desthost); + strupper(cli->srv_name_slash); - sprintf(cli->mach_acct, "%s$", myname); + sprintf(cli->mach_acct, "%s$", global_myname); + strupper(cli->mach_acct); return True; } |