summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1997-10-09 15:48:40 +0000
committerLuke Leighton <lkcl@samba.org>1997-10-09 15:48:40 +0000
commit5a3ea52d4a567a341c8f2243783afdb392991ea2 (patch)
treeddff5b50f7a792ee357c20ff5065550275616fd5 /source3
parentad54a5671405374b6308929154c6922bc6a7d0d7 (diff)
downloadsamba-5a3ea52d4a567a341c8f2243783afdb392991ea2.tar.gz
samba-5a3ea52d4a567a341c8f2243783afdb392991ea2.tar.bz2
samba-5a3ea52d4a567a341c8f2243783afdb392991ea2.zip
pipes.c:
added api_ntlsarpcTNP() function. hooray! smb.h: added LSA #defines needed by above function. (This used to be commit 5437f666987918516032cf8a5dada107e5d14d25)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smb.h38
-rw-r--r--source3/smbd/pipes.c1175
2 files changed, 1131 insertions, 82 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 7d7677b3fc..d0baa66992 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -4,6 +4,8 @@
SMB parameters and setup
Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) John H Terpstra 1996-1997
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1997
+ Copyright (C) Paul Ashton 1997
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -256,6 +258,42 @@ typedef char fstring[128];
typedef fstring string;
+/* NETLOGON opcodes and data structures */
+
+#define NET_QUERYFORPDC 7 /* Query for PDC */
+#define NET_QUERYFORPDC_R 12 /* Response to Query for PDC */
+#define NET_SAMLOGON 18
+#define NET_SAMLOGON_R 19
+
+/* Allowable account control bits */
+#define ACB_DISABLED 1 /* 1 = User account disabled */
+#define ACB_HOMDIRREQ 2 /* 1 = Home directory required */
+#define ACB_PWNOTREQ 4 /* 1 = User password not required */
+#define ACB_TEMPDUP /* 1 = Temporary duplicate account */
+#define ACB_NORMAL /* 1 = Normal user account */
+#define ACB_MNS /* 1 = MNS logon user account */
+#define ACB_DOMTRUST /* 1 = Interdomain trust account */
+#define ACB_WSTRUST /* 1 = Workstation trust account */
+#define ACB_SVRTRUST /* 1 = Server trust account */
+#define ACB_PWNOEXP /* 1 = User password does not expire */
+#define ACB_AUTOLOCK /* 1 = Account auto locked */
+
+#define LSA_OPENPOLICY 0x2c
+#define LSA_QUERYINFOPOLICY 0x07
+#define LSA_ENUMTRUSTDOM 0x0d
+#define LSA_REQCHAL 0x04
+#define LSA_SVRPWSET 0x06
+#define LSA_SAMLOGON 0x02
+#define LSA_AUTH2 0x0f
+#define LSA_CLOSE 0x00
+
+/* unknown .... */
+#define LSA_OPENSECRET 0xFF
+#define LSA_LOOKUPSIDS 0xFE
+#define LSA_LOOKUPNAMES 0xFD
+#define LSA_SAMLOGOFF 0xFC
+
+
/* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */
typedef struct time_info
{
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 13cdff262d..4dd7aa3e30 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -3,8 +3,8 @@
Version 1.9.
Pipe SMB reply routines
Copyright (C) Andrew Tridgell 1992-1997,
- Paul Ashton 1997,
- Luke Kenneth Casson Leighton 1996-1997.
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
+ Copyright (C) Paul Ashton 1997.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -370,6 +370,36 @@ BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data,
fragment length. I've decided to do it based on operation number :-)
*/
+/* this function is due to be replaced */
+static void initrpcreply(char *inbuf, char *q)
+{
+ uint32 callid;
+
+ SCVAL(q, 0, 5); q++; /* RPC version 5 */
+ SCVAL(q, 0, 0); q++; /* minor version 0 */
+ SCVAL(q, 0, 2); q++; /* RPC response packet */
+ SCVAL(q, 0, 3); q++; /* first frag + last frag */
+ RSIVAL(q, 0, 0x10000000); q += 4; /* packed data representation */
+ RSSVAL(q, 0, 0); q += 2; /* fragment length, fill in later */
+ SSVAL(q, 0, 0); q += 2; /* authentication length */
+ callid = RIVAL(inbuf, 12);
+ RSIVAL(q, 0, callid); q += 4; /* call identifier - match incoming RPC */
+ SIVAL(q, 0, 0x18); q += 4; /* allocation hint (no idea) */
+ SSVAL(q, 0, 0); q += 2; /* presentation context identifier */
+ SCVAL(q, 0, 0); q++; /* cancel count */
+ SCVAL(q, 0, 0); q++; /* reserved */
+}
+
+/* this function is due to be replaced */
+static void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen)
+{
+ SSVAL(q, 8, datalen + 4);
+ SIVAL(q,0x10,datalen+4-0x18); /* allocation hint */
+ SIVAL(q, datalen, rtnval);
+ *rlen = datalen + 4;
+ { int fd; fd = open("/tmp/rpc", O_RDWR); write(fd, q, datalen + 4); }
+}
+
/* RID username mapping function. just for fun, it maps to the unix uid */
static uint32 name_to_rid(char *user_name)
{
@@ -1051,94 +1081,1079 @@ static void api_lsa_lookup_names( char *param, char *data,
*rdata_len = reply_len + 0x18;
}
-#if 0
- q = data + 0x18;
- policyhandle = q; q += 20;
- nentries = qIVAL;
- DEBUG(4,("lookupnames entries %d\n",nentries));
- q += 4; /* skip second count */
- q += 8 * nentries; /* skip pointers */
- for (nnames = 0; nnames < nentries; nnames++)
+BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
+{
+ uint16 opnum = SVAL(data,22);
+
+ int pkttype = CVAL(data, 2);
+ if (pkttype == 0x0b) /* RPC BIND */
+ {
+ DEBUG(4,("netlogon rpc bind %x\n",pkttype));
+ LsarpcTNP1(data,rdata,rdata_len);
+ return True;
+ }
+
+ DEBUG(4,("ntlsa TransactNamedPipe op %x\n",opnum));
+ switch (opnum)
+ {
+ case LSA_OPENPOLICY:
+ {
+ DEBUG(3,("LSA_OPENPOLICY\n"));
+ api_lsa_open_policy(param, data, rdata, rdata_len);
+ break;
+ }
+
+ case LSA_QUERYINFOPOLICY:
+ {
+ DEBUG(3,("LSA_QUERYINFOPOLICY\n"));
+
+ api_lsa_query_info(param, data, rdata, rdata_len);
+ break;
+ }
+
+ case LSA_ENUMTRUSTDOM:
+ {
+ char *q = *rdata + 0x18;
+
+ DEBUG(3,("LSA_ENUMTRUSTDOM\n"));
+
+ initrpcreply(data, *rdata);
+
+ SIVAL(q, 0, 0); /* enumeration context */
+ SIVAL(q, 0, 4); /* entries read */
+ SIVAL(q, 0, 8); /* trust information */
+
+ endrpcreply(data, *rdata, q-*rdata, 0x8000001a, rdata_len);
+
+ break;
+ }
+
+ case LSA_CLOSE:
+ {
+ char *q = *rdata + 0x18;
+
+ DEBUG(3,("LSA_CLOSE\n"));
+
+ initrpcreply(data, *rdata);
+
+ SIVAL(q, 0, 0);
+ SIVAL(q, 0, 4);
+ SIVAL(q, 0, 8);
+ SIVAL(q, 0, 12);
+ SIVAL(q, 0, 16);
+
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+
+ break;
+ }
+
+ case LSA_OPENSECRET:
+ {
+ char *q = *rdata + 0x18;
+ DEBUG(3,("LSA_OPENSECRET\n"));
+
+ initrpcreply(data, *rdata);
+
+ SIVAL(q, 0, 0);
+ SIVAL(q, 0, 4);
+ SIVAL(q, 0, 8);
+ SIVAL(q, 0, 12);
+ SIVAL(q, 0, 16);
+
+ endrpcreply(data, *rdata, q-*rdata, 0xc000034, rdata_len);
+
+ break;
+ }
+
+ case LSA_LOOKUPSIDS:
+ {
+ DEBUG(3,("LSA_OPENSECRET\n"));
+ api_lsa_lookup_sids(param, data, rdata, rdata_len);
+ break;
+ }
+
+ case LSA_LOOKUPNAMES:
+ {
+ DEBUG(3,("LSA_LOOKUPNAMES\n"));
+ api_lsa_lookup_names(param, data, rdata, rdata_len);
+ break;
+ }
+
+ default:
+ {
+ DEBUG(4, ("NTLSARPC, unknown code: %lx\n", opnum));
+ break;
+ }
+ }
+ return True;
+}
+
+
+#ifdef UNDEFINED_NTDOMAIN
+/*
+ PAXX: Someone fix above.
+ The above API is indexing RPC calls based on RPC flags and
+ fragment length. I've decided to do it based on operation number :-)
+*/
+
+ BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
+{
+ uint16 opnum;
+ char *q;
+ char *domainname;
+ int domlen;
+ pstring domsid;
+ char *p;
+ int numsubauths;
+ int subauths[MAXSUBAUTHS];
+ struct smb_passwd *smb_pass; /* To check if machine account exists */
+ pstring machacct;
+ pstring foo;
+ uint16 infoclass;
+ uint16 revision; /* Domain sid revision */
+ int identauth;
+ int i;
+ char *logonsrv;
+ char *unicomp;
+ char *accountname;
+ uint16 secchanneltype;
+ uint32 negflags;
+ char netcred[8];
+ uint32 rcvcred[8];
+ char rtncred[8];
+ uint32 clnttime;
+ uint32 rtntime;
+ char *newpass;
+ uint16 logonlevel;
+ uint16 switchval;
+ uint16 dommaxlen;
+ uint16 paramcontrol;
+ uint32 logonid[2];
+ uint16 usernamelen;
+ uint16 usernamemaxlen;
+ uint16 wslen;
+ uint16 wsmaxlen;
+ uchar *rc4lmowfpass;
+ uchar *rc4ntowfpass;
+ char *domain;
+ char *username;
+ char *ws;
+ struct uinfo *userinfo;
+ int pkttype;
+ uchar rc4key[16];
+ uchar ntowfpass[16];
+ uint32 nentries;
+ char *policyhandle;
+ #define MAXSIDS 64
+ uchar *sids[MAXSIDS]; /* for lookup SID */
+ int nsids;
+ #define MAXNAMES 64
+ uchar *names[MAXNAMES];
+
+ opnum = SVAL(data,22);
+
+ pkttype = CVAL(data, 2);
+ if (pkttype == 0x0b) /* RPC BIND */
{
- names[nnames] = q; /* set name string to unicode header */
- q += IVAL(q,0)*2; /* guessing here */
+ DEBUG(4,("netlogon rpc bind %x\n",pkttype));
+ LsarpcTNP1(data,rdata,rdata_len);
+ return True;
}
- /* There's a translated sids structure next but it looks fals */
-
- DEBUG(4,("lookupnames line %d\n",__LINE__));
- /* formulate reply */
- q = *rdata + 0x18;
- qSIVAL(2); /* bufptr */
- qSIVAL(4); /* number of referenced domains
- - need one per each identifier authority in call */
- qSIVAL(2); /* dom bufptr */
- qSIVAL(32); /* max entries */
- qSIVAL(4); /* number of reference domains? */
-
- qunihdr(lp_workgroup()); /* reference domain */
- qSIVAL(2); /* sid bufptr */
-
- qunihdr("S-1-1");
- qSIVAL(2); /* sid bufptr */
-
- qunihdr("S-1-5");
- qSIVAL(2); /* sid bufptr */
-
- qunihdr("S-1-3");
- qSIVAL(2); /* sid bufptr */
-
- qunistr(lp_workgroup());
- DEBUG(4,("lookupnames line %d\n",__LINE__));
-
- strcpy(domsid,lp_domainsid());
- p = strtok(domsid+2,"-");
- revision = atoi(p);
- identauth = atoi(strtok(0,"-"));
- numsubauths = 0;
- while (p = strtok(0, "-"))
- subauths[numsubauths++] = atoi(p);
- qSIVAL(numsubauths);
- qSCVAL(revision);
- qSCVAL(numsubauths);
- qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
- qRSIVAL(identauth); /* next 4 bytes */
- DEBUG(4,("lookupsid line %d\n",__LINE__));
- for (i = 0; i < numsubauths; i++)
+
+ DEBUG(4,("ntlsa TransactNamedPipe op %x\n",opnum));
+ initrpcreply(data, *rdata);
+ DEBUG(4,("netlogon LINE %d\n",__LINE__));
+ switch (opnum)
{
-qSIVAL(subauths[i]);
- }
- DEBUG(4,("lookupsid line %d\n",__LINE__));
+ case LSAOPENPOLICY:
+ DEBUG(1,("LSAOPENPOLICY\n"));
+ char *q = *rdata + 0x18;
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+ /* return a 20 byte policy handle */
+ /* here's a pretty handle:- */
+ qSIVAL(time(NULL));
+ qSIVAL(0x810a792f);
+ qSIVAL(0x11d107d5);
+ qSIVAL(time(NULL));
+ qSIVAL(0x6cbcf800);
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); /* size of data plus return code */
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+ break;
+
+ case LSAQUERYINFOPOLICY:
+ DEBUG(1,("LSAQUERYINFOPOLICY\n"));
+ dump_data(1,data,128);
+ infoclass = SVAL(data, 44); /* also a policy handle but who cares? */
+ q = *rdata + 0x18;
+ qRSIVAL(0x00000022); /* undocumented. Usually a buffer pointer whose
+ value is ignored */
+ qSSVAL(infoclass);
+ domainname = lp_workgroup();
+ domlen = strlen(domainname);
+ strcpy(domsid,lp_domainsid());
+ DEBUG(4,("netlogon LINE %d %lx %s\n",__LINE__, q, domsid));
+ /* assume, but should check, that domsid starts "S-" */
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ DEBUG(4,("netlogon LINE %d %lx %s rev %d\n",__LINE__, q, p, revision));
+ identauth = atoi(strtok(0,"-"));
+ DEBUG(4,("netlogon LINE %d %lx %s ia %d\n",__LINE__, q, p, identauth));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+
+ switch (infoclass)
+ {
+ case 5:
+ case 3:
+ default:
+ qSSVAL(0); /* 2 undocumented bytes */
+ qSSVAL(domlen*2);
+ qSSVAL(domlen*2); /* unicode domain len and maxlen */
+ qSIVAL(4); /* domain buffer pointer */
+ qSIVAL(2); /* domain sid pointer */
+ qunistr(domainname);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ }
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSAENUMTRUSTDOM:
+ DEBUG(1,("LSAENUMTRUSTDOM\n"));
+ q = *rdata + 0x18;
+ qSIVAL(0); /* enumeration context */
+ qSIVAL(0); /* entries read */
+ qSIVAL(0); /* trust information */
+ endrpcreply(data, *rdata, q-*rdata, 0x8000001a, rdata_len);
+ break;
+
+ case LSACLOSE:
+ DEBUG(1,("LSACLOSE\n"));
+ q = *rdata + 0x18;
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
- qunistr("S-1-1");
- qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */
- DEBUG(4,("lookupsid line %d\n",__LINE__));
+ case LSAOPENSECRET:
+ DEBUG(1,("LSAOPENSECRET\n"));
+ q = *rdata + 0x18;
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ endrpcreply(data, *rdata, q-*rdata, 0xc000034, rdata_len);
+ break;
+
+ case LSALOOKUPSIDS:
+ DEBUG(1,("LSAOPENSECRET\n"));
+ q = data + 0x18;
+ policyhandle = q; q += 20;
+ nentries = qIVAL;
+ DEBUG(4,("lookupsid entries %d\n",nentries));
+ q += (2+nentries) * 4; /* skip bufptrs */
+ /* now we have nentries sids of the form:
+ uint32 Subauthority count (SAC)
+ char Revision
+ char Subaurity count again
+ char[6] Identifier authority
+ [uint32 subauthority] * SAC
+ */
+ for (nsids = 0; nsids < nentries; nsids++)
+ {
+ DEBUG(4,("lookupsid q in %lx\n",q));
+ sids[nsids] = q;
+ DEBUG(4,("lookupsid numsubs %d\n",IVAL(q,0)));
+ q += 4+1+1+6+IVAL(q,0)*4;
+ DEBUG(4,("lookupsid q %lx\n",q));
+ }
+ /* There's 16 bytes of something after all of that, don't know
+ what it is though - incorrectly documented */
+
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ /* formulate reply */
+ q = *rdata + 0x18;
+ qSIVAL(2); /* bufptr */
+ qSIVAL(4); /* number of referenced domains
+ - need one per each identifier authority in call */
+ qSIVAL(2); /* dom bufptr */
+ qSIVAL(32); /* max entries */
+ qSIVAL(4); /* number of reference domains? */
+
+ qunihdr(lp_workgroup()); /* reference domain */
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-1");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-5");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-3");
+ qSIVAL(2); /* sid bufptr */
+
+ qunistr(lp_workgroup());
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ strcpy(domsid,lp_domainsid());
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ identauth = atoi(strtok(0,"-"));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
- qunistr("S-1-5");
- qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */
+ qunistr("S-1-1");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
- qunistr("S-1-3");
- qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */
+ qunistr("S-1-5");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */
- qSIVAL(nentries);
- qSIVAL(2); /* bufptr */
- qSIVAL(nentries);
- DEBUG(4,("lookupnames line %d\n",__LINE__));
- for (i = 0; i < nentries; i++)
+ qunistr("S-1-3");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */
+
+ qSIVAL(nentries);
+ qSIVAL(2); /* bufptr */
+ qSIVAL(nentries);
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < nentries; i++)
+ {
+ qSSVAL(5); /* SID name use ?! */
+ qSSVAL(0); /* undocumented */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ qunihdr(sidtostring(sids[i]));
+ DEBUG(4,("lookupsid sidname %s\n",sidtostring(sids[i])));
+ qSIVAL(0); /* domain index out of above reference domains */
+ }
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < nentries; i++)
+ {
+ qunistr(sidtostring(sids[i]));
+ }
+ qSIVAL(nentries); /* mapped count */
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSALOOKUPNAMES:
+ DEBUG(1,("LSALOOKUPNAMES\n"));
+ q = data + 0x18;
+ policyhandle = q; q += 20;
+ nentries = qIVAL;
+ DEBUG(4,("lookupnames entries %d\n",nentries));
+ q += 4; /* skip second count */
+ q += 8 * nentries; /* skip pointers */
+ for (nnames = 0; nnames < nentries; nnames++)
+ {
+ names[nnames] = q; /* set name string to unicode header */
+ q += IVAL(q,0)*2; /* guessing here */
+ }
+ /* There's a translated sids structure next but it looks fals */
+
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+ /* formulate reply */
+ q = *rdata + 0x18;
+ qSIVAL(2); /* bufptr */
+ qSIVAL(4); /* number of referenced domains
+ - need one per each identifier authority in call */
+ qSIVAL(2); /* dom bufptr */
+ qSIVAL(32); /* max entries */
+ qSIVAL(4); /* number of reference domains? */
+
+ qunihdr(lp_workgroup()); /* reference domain */
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-1");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-5");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-3");
+ qSIVAL(2); /* sid bufptr */
+
+ qunistr(lp_workgroup());
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+
+ strcpy(domsid,lp_domainsid());
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ identauth = atoi(strtok(0,"-"));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ qunistr("S-1-1");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ qunistr("S-1-5");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */
+
+ qunistr("S-1-3");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */
+
+ qSIVAL(nentries);
+ qSIVAL(2); /* bufptr */
+ qSIVAL(nentries);
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+ for (i = 0; i < nentries; i++)
+ {
+ qSSVAL(5); /* SID name use 5 == well known sid, 1 == user sid see showacls */
+ qSSVAL(5); /* undocumented */
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+ qSIVAL(nametorid(names[i]));
+ DEBUG(4,("lookupnames nametorid %d\n",nametorid(names[i])));
+ qSIVAL(0); /* domain index out of above reference domains */
+ }
+ qSIVAL(nentries); /* mapped count */
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ default:
+ DEBUG(4, ("NTLSARPC, unknown code: %lx\n", opnum));
+ }
+ return(True);
+}
+
+ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
+{
+ uint16 opnum;
+ char *q;
+ char *domainname;
+ int domlen;
+ pstring domsid;
+ char *p;
+ int numsubauths;
+ int subauths[MAXSUBAUTHS];
+ struct smb_passwd *smb_pass; /* To check if machine account exists */
+ pstring machacct;
+ pstring foo;
+ uint16 infoclass;
+ uint16 revision; /* Domain sid revision */
+ int identauth;
+ int i;
+ char *logonsrv;
+ char *unicomp;
+ char *accountname;
+ uint16 secchanneltype;
+ uint32 negflags;
+ char netcred[8];
+ uint32 rcvcred[8];
+ char rtncred[8];
+ uint32 clnttime;
+ uint32 rtntime;
+ char *newpass;
+ uint16 logonlevel;
+ uint16 switchval;
+ uint16 dommaxlen;
+ uint16 paramcontrol;
+ uint32 logonid[2];
+ uint16 usernamelen;
+ uint16 usernamemaxlen;
+ uint16 wslen;
+ uint16 wsmaxlen;
+ uchar *rc4lmowfpass;
+ uchar *rc4ntowfpass;
+ char *domain;
+ char *username;
+ char *ws;
+ struct uinfo *userinfo;
+ int pkttype;
+ ArcfourContext c;
+ uchar rc4key[16];
+ uchar ntowfpass[16];
+
+ opnum = SVAL(data,22);
+
+ pkttype = CVAL(data, 2);
+ if (pkttype == 0x0b) /* RPC BIND */
{
-qSSVAL(5); /* SID name use 5 == well known sid, 1 == user sid see showacls */
-qSSVAL(5); /* undocumented */
- DEBUG(4,("lookupnames line %d\n",__LINE__));
-qSIVAL(name_to_rid(names[i]));
- DEBUG(4,("lookupnames name_to_rid %d\n",name_to_rid(names[i])));
-qSIVAL(0); /* domain index out of above reference domains */
+ DEBUG(4,("netlogon rpc bind %x\n",pkttype));
+ LsarpcTNP1(data,rdata,rdata_len);
+ return True;
}
- qSIVAL(nentries); /* mapped count */
- endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
- break;
-#endif
+ DEBUG(4,("netlogon TransactNamedPipe op %x\n",opnum));
+ initrpcreply(data, *rdata);
+ DEBUG(4,("netlogon LINE %d\n",__LINE__));
+ switch (opnum)
+ {
+ case LSAREQCHAL:
+ DEBUG(1,("LSAREQCHAL\n"));
+ q = data + 0x18;
+ dump_data(1,q,128);
+ logonsrv = q + 16; /* first 16 bytes, buffer ptr, + unicode lenghts */
+ q = skip_unicode_string(logonsrv,1) + 12;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1);
+
+
+ DEBUG(1,("logonsrv=%s unicomp=%s\n",
+ unistr(logonsrv),
+ unistr(unicomp)));
+
+ dcauth[cnum].chal[0] = IVAL(q, 0);
+ dcauth[cnum].chal[1] = IVAL(q, 4);
+ dcauth[cnum].cred[0] = IVAL(q, 0); /* this looks weird (tridge) */
+ dcauth[cnum].cred[1] = IVAL(q, 4);
+
+DEBUG(1,("NL: client challenge %08x %08x\n", dcauth[cnum].chal[0],dcauth[cnum].chal[1]));
+
+ /* PAXX: set these to random values */
+ dcauth[cnum].svrchal[0] = 0x11111111;
+ dcauth[cnum].svrchal[1] = 0x22222222;
+ dcauth[cnum].svrcred[0] = 0x11111111;
+ dcauth[cnum].svrcred[1] = 0x22222222;
+ strcpy(machacct,unistr(unicomp));
+ strcat(machacct, "$");
+ smb_pass = get_smbpwnam(machacct);
+ if(smb_pass)
+ memcpy(dcauth[cnum].md4pw, smb_pass->smb_nt_passwd, 16);
+ else
+ {
+ /* No such machine account. Should error out here, but we'll
+ print and carry on */
+ DEBUG(1,("No account in domain at REQCHAL for %s\n", machacct));
+ }
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",dcauth[cnum].md4pw[i]);
+ DEBUG(1,("pass %s %s\n", machacct, foo));
+ setsesskey(cnum);
+ q = *rdata + 0x18;
+ qSIVAL(dcauth[cnum].svrchal[0]);
+ qSIVAL(dcauth[cnum].svrchal[1]);
+
+DEBUG(1,("NL: server challenge %08x %08x\n",
+ dcauth[cnum].svrchal[0],dcauth[cnum].svrchal[1]));
+
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSAAUTH2:
+ DEBUG(1,("LSAAUTH2\n"));
+ dump_data(1,q,128);
+ q = data + 0x18;
+ logonsrv = q + 16;
+ q = skip_unicode_string(logonsrv,1)+12;
+ q = align4(q, data);
+ accountname = q;
+
+ q = skip_unicode_string(accountname,1);
+ secchanneltype = qSVAL;
+ q += 12;
+ q = align4(q, data);
+ unicomp = q;
+ dump_data(1,unicomp,32);
+ q = skip_unicode_string(unicomp,1);
+ rcvcred[0] = qIVAL;
+ rcvcred[1] = qIVAL;
+ q = align4(q, data);
+ negflags = qIVAL;
+ DEBUG(3,("AUTH2 logonsrv=%s accountname=%s unicomp=%s %lx %lx %lx\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp),
+ rcvcred[0], rcvcred[1], negflags));
+
+DEBUG(1,("NL: recvcred %08x %08x negflags=%08x\n",
+ rcvcred[0], rcvcred[1], negflags));
+
+ checkcred(cnum, rcvcred[0], rcvcred[1], 0);
+ q = *rdata + 0x18;
+ makecred(cnum, 0, q);
+ q += 8;
+
+ qSIVAL(negflags);
+ /* update stored client credentials */
+ dcauth[cnum].cred[0] = dcauth[cnum].svrcred[0] = rcvcred[0];
+ dcauth[cnum].cred[1] = dcauth[cnum].svrcred[1] = rcvcred[1];
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSASVRPWSET:
+ DEBUG(1,("LSASVRPWSET\n"));
+ q = data + 0x18;
+ dump_data(1,q,128);
+ logonsrv = q + 16;
+ q = skip_unicode_string(logonsrv,1)+12;
+ q = align4(q, data);
+ accountname = q;
+ q = skip_unicode_string(accountname,1);
+ secchanneltype = qSVAL;
+ q += 12;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1);
+ rcvcred[0] = qIVAL;
+ rcvcred[1] = qIVAL;
+ clnttime = qIVAL;
+
+ DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp)));
+
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ DEBUG(3,("PWSET %lx %lx %lx %lx\n", rcvcred[0], rcvcred[1], clnttime, negflags));
+ newpass = q;
+
+ DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s newpass=%s\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp), newpass));
+
+ /* PAXX: For the moment we'll reject these */
+ /* TODO Need to set newpass in smbpasswd file for accountname */
+ q = *rdata + 0x18;
+ makecred(cnum, clnttime+1, q);
+ q += 8;
+ qSIVAL(0); /* timestamp. Seems to be ignored */
+
+ dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1;
+
+ endrpcreply(data, *rdata, q-*rdata, 0xc000006a, rdata_len);
+ break;
+
+ case LSASAMLOGON:
+ DEBUG(1,("LSASAMLOGON\n"));
+ dump_data(1,data,128);
+ q = data + 0x18;
+ logonsrv = q + 16;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ q = skip_unicode_string(logonsrv,1)+16;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1)+4;
+ DEBUG(1,("SMLOG %d logonsrv=%s unicomp=%s\n",
+ __LINE__, unistr(logonsrv), unistr(unicomp)));
+ q = align4(q, data);
+ rcvcred[0] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rcvcred[1] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ clnttime = qIVAL;
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ q += 2;
+ rtncred[0] = qIVAL; /* all these are ignored */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rtncred[1] = qIVAL;
+ rtntime = qIVAL;
+ logonlevel = qSVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ switchval = qSVAL;
+ switch (switchval)
+ {
+ case 1:
+
+ q += 6;
+ domlen = qSVAL;
+ dommaxlen = qSVAL; q += 4;
+ paramcontrol = qIVAL;
+ logonid[0] = qIVAL; /* low part */
+ logonid[1] = qIVAL; /* high part */
+
+ usernamelen = qSVAL;
+
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ usernamemaxlen = qSVAL; q += 4;
+
+ DEBUG(1,("usernamelen=%d maxlen=%d dommaxlen=%d\n",
+ usernamelen, usernamemaxlen, dommaxlen));
+
+ dump_data(1,q,128);
+
+ wslen = qSVAL;
+ wsmaxlen = qSVAL; q += 4;
+ rc4lmowfpass = q; q += 16;
+ rc4ntowfpass = q; q += 16;
+
+ q += 12; domain = q; q += dommaxlen + 12;
+ q = align4(q, data);
+ username = q; q += usernamemaxlen + 12;
+ q = align4(q, data);
+ ws = q;
+ DEBUG(1,("domain=%s username=%s ws=%s\n",
+ unistr(domain), unistr(username),
+ unistr(ws)));
+ break;
+ default:
+ DEBUG(0,("unknown switch in SAMLOGON %d\n",
+ switchval));
+ }
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",username[i]);
+ DEBUG(1,("userNAME %s [%s]\n", foo, username));
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ q = *rdata + 0x18;
+ qSIVAL(0x16a4b4); /* magic buffer pointer ? */
+ makecred(cnum, clnttime+1, q);
+ dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1;
+ q += 8;
+ qSIVAL(0); /* timestamp. client doesn't care */
+ qSSVAL(3); /* switch value 3. May be others? */
+ qSSVAL(0); /* undocumented */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+
+ memset(rc4key, 0, sizeof rc4key);
+ SIVAL(rc4key, 0, dcauth[cnum].sesskey[0]);
+ SIVAL(rc4key, 4, dcauth[cnum].sesskey[1]);
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",rc4ntowfpass[i]);
+ DEBUG(1,("rc4ntowf %s\n", foo));
+ arcfour_init(&c, rc4key, sizeof rc4key);
+ arcfour_encrypt(&c, ntowfpass, rc4ntowfpass, sizeof ntowfpass);
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",ntowfpass[i]);
+ DEBUG(1,("ntowf %s\n", foo));
+
+ if(!(userinfo = getuserinfo(username, usernamelen, ntowfpass))) {
+ qSIVAL(0); /* no buffer */
+ qSCVAL(1); /* Authoratitive. Change if passthrough? */
+ qSCVAL(0); /* pad for above boolean */
+ qSSVAL(0); /* pad for above boolean */
+
+ endrpcreply(data, *rdata, q-*rdata, 0xc0000064, rdata_len);
+ break;
+ }
+
+ qSIVAL(2); /* another magic bufptr? */
+ DEBUG(1,("SMLOG %d %lx\n", __LINE__, userinfo));
+ qSIVAL(userinfo->logontime[0]); qSIVAL(userinfo->logontime[1]);
+ qSIVAL(userinfo->logofftime[0]); qSIVAL(userinfo->logofftime[1]);
+ DEBUG(1,("SMLOG %d %lx\n", __LINE__, userinfo->passlastsettime[1]));
+ qSIVAL(userinfo->kickofftime[0]); qSIVAL(userinfo->kickofftime[1]);
+ qSIVAL(userinfo->passlastsettime[0]); qSIVAL(userinfo->passlastsettime[1]);
+ qSIVAL(userinfo->passcanchgtime[0]); qSIVAL(userinfo->passcanchgtime[1]);
+ qSIVAL(userinfo->passmustchgtime[0]); qSIVAL(userinfo->passmustchgtime[1]);
+ DEBUG(1,("SMLOG %d %s\n", __LINE__, userinfo->effectivename));
+ qunihdr(userinfo->effectivename);
+ qunihdr(userinfo->fullname);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunihdr(userinfo->logonscript);
+ qunihdr(userinfo->profilepath);
+ qunihdr(userinfo->homedirectory);
+ qunihdr(userinfo->homedirectorydrive);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSSVAL(userinfo->logoncount);
+ qSSVAL(userinfo->badpwcount);
+ qSIVAL(userinfo->uid);
+ qSIVAL(userinfo->gid);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(userinfo->ngroups);
+ qSIVAL(8); /* ptr to groups */
+ qSIVAL(userinfo->userflags);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(0); qSIVAL(0); qSIVAL(0); qSIVAL(0); /* unused user session key */
+ qunihdr(userinfo->logonserver);
+ qunihdr(userinfo->logondomain);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(2); /* logon domain id ptr */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ memset(q,0,40); q += 40; /* expansion room */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(userinfo->nsids);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(0); /* ptr to sids and values */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->effectivename);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->fullname);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->logonscript);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->profilepath);
+ qunistr(userinfo->homedirectory);
+ qunistr(userinfo->homedirectorydrive);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(userinfo->ngroups);
+ for (i = 0; i < userinfo->ngroups; i++)
+ {
+ qSIVAL(userinfo->groups[i].gid);
+ qSIVAL(userinfo->groups[i].attr);
+ }
+ qunistr(userinfo->logonserver);
+ qunistr(userinfo->logondomain);
+ for (i = 0; i < userinfo->nsids; i++)
+ {
+ /* put the extra sids: PAXX: TODO */
+ }
+ /* Assumption. This is the only domain, sending our SID */
+ /* PAXX: may want to do passthrough later */
+ strcpy(domsid,lp_domainsid());
+ DEBUG(4,("netlogon LINE %d %lx %s\n",__LINE__, q, domsid));
+ /* assume, but should check, that domsid starts "S-" */
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ DEBUG(4,("netlogon LINE %d %lx %s rev %d\n",__LINE__, q, p, revision));
+ identauth = atoi(strtok(0,"-"));
+ DEBUG(4,("netlogon LINE %d %lx %s ia %d\n",__LINE__, q, p, identauth));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX. first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ qSCVAL(1); /* Authoratitive. Change if passthrough? */
+ qSCVAL(0); /* pad for above boolean */
+ qSSVAL(0); /* pad for above boolean */
+
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSASAMLOGOFF:
+ DEBUG(1,("LSASAMLOGOFF\n"));
+ q = data + 0x18;
+ logonsrv = q + 16;
+ DEBUG(1,("SAMLOGOFF %d\n", __LINE__));
+ unicomp = skip_unicode_string(logonsrv,1)+16;
+ if (strlen(unistr(logonsrv)) % 2 == 0)
+ q += 2;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ q = skip_unicode_string(unicomp,1)+4;
+ if (strlen(unistr(unicomp)) % 2 == 0)
+ q += 2;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rcvcred[0] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rcvcred[1] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ clnttime = qIVAL;
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ q += 4;
+ rtncred[0] = qIVAL; /* all these are ignored */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rtncred[1] = qIVAL;
+ rtntime = qIVAL;
+ logonlevel = qSVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ switchval = qSVAL;
+ switch (switchval)
+ {
+ case 1:
+ q += 4;
+ domlen = qSVAL;
+ dommaxlen = qSVAL; q += 4;
+ paramcontrol = qIVAL;
+ logonid[0] = qIVAL; /* low part */
+ logonid[1] = qIVAL; /* high part */
+ usernamelen = qSVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ usernamemaxlen = qSVAL; q += 4;
+ wslen = qSVAL;
+ wsmaxlen = qSVAL; q += 4;
+ rc4lmowfpass = q; q += 16;
+ rc4ntowfpass = q; q += 16;
+ q += 12; domain = q; q += dommaxlen + 12;
+ if ((domlen/2) % 2 != 0) q += 2;
+ username = q; q += usernamemaxlen + 12; /* PAXX: HACK */
+ if ((usernamelen/2) % 2 != 0) q += 2;
+ ws = q;
+ break;
+ default: DEBUG(0, ("unknown switch in SAMLOGON %d\n",switchval));
+ }
+ DEBUG(1,("SAMLOGOFF %s\n", unistr(username)));
+ default:
+ DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum));
+ }
+ return(True);
+}
+
+static void checkcred(int cnum, uint32 cred0, uint32 cred1, uint32 time)
+{
+ uint32 sum[2];
+ char netdata[8];
+ char netsesskey[8];
+ char calccred[8];
+ char icv[8];
+ char key2[7];
+
+ SIVAL(netdata, 0, dcauth[cnum].cred[0]+time);
+ SIVAL(netdata, 4, dcauth[cnum].cred[1]);
+ SIVAL(netsesskey, 0, dcauth[cnum].sesskey[0]);
+ SIVAL(netsesskey, 4, dcauth[cnum].sesskey[1]);
+ E1(netsesskey,netdata,icv);
+ memset(key2, 0, sizeof key2);
+ key2[0] = netsesskey[7];
+ E1(key2, icv, calccred);
+ if (IVAL(calccred,0) != cred0 ||
+ IVAL(calccred,4) != cred1)
+ {
+ DEBUG(1,("Incorrect client credential received cred %lx %lx time %lx sk %lx %lx cred %lx %lx expcred %lx %lx\n",
+ cred0, cred1, time,
+ dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1],
+ dcauth[cnum].cred[0], dcauth[cnum].cred[1],
+ IVAL(calccred,0), IVAL(calccred,4)));
+ /* PAXX: do something about it! */
+ } else
+ DEBUG(4,("Correct client credential received chal %lx %lx time %lx sk %lx %lx cred %lx %lx expcred %lx %lx\n",
+ cred0, cred1, time,
+ dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1],
+ dcauth[cnum].cred[0], dcauth[cnum].cred[1],
+ IVAL(calccred,0), IVAL(calccred,4)));
+}
+
+static void makecred(int cnum, uint32 time, char *calccred)
+{
+ uint32 sum[2];
+ char netdata[8];
+ char netsesskey[8];
+ char icv[8];
+ char key2[7];
+
+ SIVAL(netdata, 0, dcauth[cnum].svrcred[0]+time);
+ SIVAL(netdata, 4, dcauth[cnum].svrcred[1]);
+ SIVAL(netsesskey, 0, dcauth[cnum].sesskey[0]);
+ SIVAL(netsesskey, 4, dcauth[cnum].sesskey[1]);
+ E1(netsesskey,netdata,icv);
+ memset(key2, 0, sizeof key2);
+ key2[0] = netsesskey[7];
+ E1(key2, icv, calccred);
+ DEBUG(4,("Server credential: chal %lx %lx sk %lx %lx cred %lx %lx calc %lx %lx\n",
+ dcauth[cnum].svrchal[0], dcauth[cnum].svrchal[1],
+ dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1],
+ dcauth[cnum].svrcred[0], dcauth[cnum].svrcred[1],
+ IVAL(calccred, 0), IVAL(calccred, 4)));
+}
+
+static void setsesskey(int cnum)
+{
+ uint32 sum[2];
+ char netsum[8];
+ char netsesskey[8];
+ char icv[8];
+
+ sum[0] = dcauth[cnum].chal[0] + dcauth[cnum].svrchal[0];
+ sum[1] = dcauth[cnum].chal[1] + dcauth[cnum].svrchal[1];
+ SIVAL(netsum,0,sum[0]);
+ SIVAL(netsum,4,sum[1]);
+ E1(dcauth[cnum].md4pw,netsum,icv);
+ E1(dcauth[cnum].md4pw+9,icv,netsesskey);
+ dcauth[cnum].sesskey[0] = IVAL(netsesskey,0);
+ dcauth[cnum].sesskey[1] = IVAL(netsesskey,4);
+
+DEBUG(1,("NL: session key %08x %08x\n",
+ dcauth[cnum].sesskey[0],
+ dcauth[cnum].sesskey[1]));
+}
+
+static struct uinfo *getuserinfo(char *user, int len, char *ntowfpass)
+{
+ static struct uinfo u;
+ static pstring fullnm;
+ static pstring ascuser;
+ extern pstring myname;
+ static pstring stme;
+ static pstring stdom;
+ struct smb_passwd *smb_pass;
+
+ strcpy(ascuser,unistr(user));
+ ascuser[len/2] = 0; /* PAXX: FIXMEFIXMEFIXME */
+ DEBUG(1,("GETUSER username :%s: len=%d\n",ascuser, len));
+
+ smb_pass = get_smbpwnam(ascuser);
+ if(!smb_pass)
+ return 0;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ if (memcmp(ntowfpass, smb_pass->smb_nt_passwd, 16)) {
+ DEBUG(1,("pass mismatch:\n"));
+ dump_data(1,ntowfpass,16);
+ dump_data(1,smb_pass->smb_nt_passwd,16);
+ return 0;
+ }
+
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.logontime[0] = 0xffffffff; u.logontime[1] = 0x7fffffff;
+ u.logofftime[0] = 0xffffffff; u.logofftime[1] = 0x7fffffff;
+ u.kickofftime[0] = 0xffffffff; u.kickofftime[1] = 0x7fffffff;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.passlastsettime[0] = 0xffffffff; u.passlastsettime[1] = 0x7fffffff;
+ u.passcanchgtime[0] = 0xffffffff; u.passcanchgtime[1] = 0x7fffffff;
+ u.passmustchgtime[0] = 0xffffffff; u.passmustchgtime[1] = 0x7fffffff;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.effectivename = ascuser;
+ strcpy(fullnm, "Full name of ");
+ strcat(fullnm, ascuser);
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.fullname = fullnm;
+ u.logonscript = "foologin.cmd";
+ u.profilepath = "prof";
+ u.homedirectory = "foohomes";
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.homedirectorydrive = "a:";
+ u.logoncount = 7;
+ u.badpwcount = 8;
+ u.uid = 778;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.gid = 998;
+ u.ngroups = 2;
+ u.groups = (struct groupinfo *)(malloc(sizeof (struct groupinfo) * 2));
+ u.groups[0].gid = 776;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.groups[0].attr = 0x7;
+ u.groups[1].gid = 776;
+ u.groups[1].attr = 0x7;
+ u.userflags = 0x20;
+ u.logonserver = stme;
+ get_myname(myname,NULL);
+ strcpy(stme, myname);
+ strupper(stme);
+ DEBUG(1,("LS %s\n", u.logonserver));
+ u.logondomain = stdom;
+ strcpy(stdom, lp_workgroup());
+ strupper(stdom);
+ DEBUG(1,("DOM %s\n", u.logondomain));
+ u.nsids = 0;
+ u.sids = 0;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ return &u;
+};
+#endif /* NTDOMAIN */
/* space in front of this function so that make proto doesn't pick it up */
void _dummy_function(void)
{
@@ -1156,8 +2171,4 @@ qSIVAL(0); /* domain index out of above reference domains */
NULL, NULL);
lsa_reply_sam_logon(NULL,NULL,NULL,NULL,t, NULL);
lsa_reply_sam_logoff(NULL,NULL,NULL,NULL,t,0);
- api_lsa_open_policy(NULL,NULL,NULL,NULL);
- api_lsa_query_info(NULL,NULL,NULL,NULL);
- api_lsa_lookup_sids (NULL,NULL,NULL,NULL);
- api_lsa_lookup_names(NULL,NULL,NULL,NULL);
}