smb.h:

added more structures, this time for the use in the query and response
of the LSA_XXXX functions.  next target: the NTLOGON mailslots (10 minutes
work).


smbparse.c:

tidying.  adding some more sub-structure functions.
(This used to be commit 095edfca783a6f99eb7897d4c925ce8bc1ea0a3e)

2 files changed, 403 insertions, 6 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index b999c13667..eb20a16cd3 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -257,10 +257,14 @@ typedef fstring string;
 
 
 /* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */
-typedef uint32 UTIME;
+typedef struct time_info
+{
+  uint32 time;
+
+} UTIME;
 
 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
-typedef struct nttime
+typedef struct nttime_info
 {
   uint32 low;
   uint32 high;
@@ -348,10 +352,17 @@ typedef struct log_info
 
 } DOM_LOG_INFO;
 
-/* DOM_CREDs - client or server credentials */
-typedef struct cred_info
+/* DOM_CHAL - challenge info */
+typedef struct chal_info
 {
   uint8 data[8]; /* credentials */
+
+} DOM_CHAL;
+
+/* DOM_CREDs - timestamped client or server credentials */
+typedef struct cred_info
+{
+  DOM_CHAL challenge; /* credentials */
   UTIME timestamp;    /* credential time-stamp */
 
 } DOM_CRED;
@@ -437,6 +448,364 @@ typedef struct rpc_hdr_info
   uint8  reserved; /* 0 - reserved */
 } RPC_HDR;
 
+/* DOM_QUERY_5 - info class 5 LSA Query response */
+typedef struct dom_query_5_info
+{
+  uint16 uni_dom_max_len; /* domain name string length * 2 */
+  uint16 uni_dom_str_len; /* domain name string length * 2 */
+  uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
+  uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
+  UNISTR uni_domain_name; /* domain name (unicode string) */
+  DOM_SID dom_sid; /* domain SID */
+
+} DOM_QUERY_5;
+
+/* level 5 is same as level 3.  we hope. */
+typedef DOM_QUERY_5 DOM_QUERY_3;
+
+/* LSA_POL_HND */
+typedef struct lsa_policy_info
+{
+  uint8 data[20]; /* policy handle */
+
+} LSA_POL_HND;
+
+
+/* LSA_Q_QUERY_INFO - LSA query info policy */
+typedef struct lsa_query_info
+{
+    uint16 info_class; /* info class (also a policy handle?) */
+
+} LSA_Q_QUERY_INFO;
+
+/* LSA_R_QUERY_INFO - response to LSA query info policy */
+typedef struct lsa_r_query_info
+{
+    uint32 undoc_buffer; /* undocumented buffer pointer */
+    uint16 info_class; /* info class (same as info class in request) */
+    
+	union
+    {
+        DOM_QUERY_3 id3;
+		DOM_QUERY_5 id5;
+    } dom;
+
+} LSA_R_QUERY_INFO;
+
+#define MAX_REF_DOMAINS 10
+
+/* DOM_R_REF */
+typedef struct dom_ref_info
+{
+    uint32 undoc_buffer; /* undocumented buffer pointer. */
+    uint32 num_ref_doms_1; /* num referenced domains? */
+    uint32 buffer_dom_name; /* undocumented domain name buffer pointer. */
+    uint32 max_entries; /* 32 - max number of entries */
+    uint32 num_ref_doms_2; /* 4 - num referenced domains? */
+
+    UNIHDR2 hdr_dom_name; /* domain name unicode string header */
+    UNIHDR2 hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domain unicode string headers */
+
+    UNISTR uni_dom_name; /* domain name unicode string */
+    DOM_SID uni_dom_sid; /* domain SID */
+    DOM_SID uni_ref_dom[MAX_REF_DOMAINS]; /* referenced domain SIDs */
+
+} DOM_R_REF;
+
+#define MAX_LOOKUP_SIDS 10
+
+/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
+typedef struct lsa_q_lookup_sids
+{
+
+    LSA_POL_HND pol_hnd; /* policy handle */
+    uint32 num_entries;
+    uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
+    uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
+    uint32 buffer_lookup_sids[MAX_LOOKUP_SIDS]; /* undocumented domain SID pointers to be looked up. */
+    DOM_SID dom_sids[MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */
+    uint8 undoc[16]; /* completely undocumented 16 bytes */
+
+} LSA_Q_LOOKUP_SIDS;
+
+/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
+typedef struct lsa_r_lookup_sids
+{
+    DOM_R_REF dom_ref; /* domain reference info */
+
+    uint32 num_entries;
+    uint32 undoc_buffer2; /* undocumented buffer pointer */
+    uint32 num_entries2; 
+
+    DOM_SID2 dom_sid[MAX_LOOKUP_SIDS]; /* domain SIDs being looked up */
+
+    uint32 num_entries3; 
+
+} LSA_R_LOOKUP_SIDS;
+
+/* DOM_NAME - XXXX not sure about this structure */
+typedef struct dom_name_info
+{
+    uint32 uni_str_len;
+    uint16 buffer[MAX_UNISTRLEN];
+
+} DOM_NAME;
+
+
+#define UNKNOWN_LEN 1
+
+/* LSA_Q_LOOKUP_RIDS - LSA Lookup RIDs */
+typedef struct lsa_q_lookup_rids
+{
+
+    LSA_POL_HND pol_hnd; /* policy handle */
+    uint32 num_entries;
+    uint32 num_entries2;
+    uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
+    uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
+    DOM_NAME lookup_name[MAX_LOOKUP_SIDS]; /* names to be looked up */
+    uint8 undoc[UNKNOWN_LEN]; /* completely undocumented bytes of unknown length */
+
+} LSA_Q_LOOKUP_RIDS;
+
+/* LSA_R_LOOKUP_RIDS - response to LSA Lookup Names */
+typedef struct lsa_r_lookup_rids
+{
+
+    uint32 num_entries;
+    uint32 undoc_buffer2; /* undocumented buffer pointer */
+
+    uint32 num_entries2; 
+    DOM_RID2 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
+
+    uint32 num_entries3; 
+
+} LSA_R_LOOKUP_RIDS;
+
+
+
+/* NEG_FLAGS */
+typedef struct lsa_neg_flags_info
+{
+    uint32 neg_flags; /* negotiated flags */
+
+} NEG_FLAGS;
+
+
+/* LSA_Q_REQ_CHAL */
+typedef struct lsa_q_req_chal_info
+{
+    uint32  undoc_buffer; /* undocumented buffer pointer */
+    UNISTR2 uni_logon_srv; /* logon server unicode string */
+    UNISTR2 uni_logon_clnt; /* logon client unicode string */
+    DOM_CHAL clnt_chal; /* client challenge */
+
+} LSA_Q_REQ_CHAL;
+
+
+/* LSA_R_REQ_CHAL */
+typedef struct lsa_r_req_chal_info
+{
+    DOM_CHAL srv_chal; /* server challenge */
+
+} LSA_R_REQ_CHAL;
+
+
+
+/* LSA_Q_AUTH_2 */
+typedef struct lsa_q_auth2_info
+{
+    DOM_LOG_INFO clnt_id; /* client identification info */
+    DOM_CHAL clnt_chal;     /* client-calculated credentials */
+
+    NEG_FLAGS clnt_flgs; /* usually 0x0000 01ff */
+
+} LSA_Q_AUTH_2;
+
+
+/* LSA_R_AUTH_2 */
+typedef struct lsa_r_auth2_info
+{
+    DOM_CHAL srv_chal;     /* server-calculated credentials */
+    NEG_FLAGS srv_flgs; /* usually 0x0000 01ff */
+
+} LSA_R_AUTH_2;
+
+
+/* LSA_Q_SRV_PWSET */
+typedef struct lsa_q_srv_pwset_info
+{
+    DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
+    char pwd[16]; /* new password - undocumented. */
+
+} LSA_Q_SRV_PWSET;
+    
+/* LSA_R_SRV_PWSET */
+typedef struct lsa_r_srv_pwset_info
+{
+    DOM_CHAL srv_chal;     /* server-calculated credentials */
+
+} LSA_R_SRV_PWSET;
+
+#define LSA_MAX_GROUPS 32
+
+/* LSA_USER_INFO */
+typedef struct lsa_q_user_info
+{
+	uint32 undoc_buffer;
+
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* username unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home directory drive unicode string header */
+
+	uint16 logon_count;  /* logon count */
+	uint16 bad_pw_count; /* bad password count */
+
+	uint32 user_id;       /* User ID */
+	uint32 group_id;      /* Group ID */
+	uint32 num_groups;    /* num groups */
+	uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+	uint32 user_flgs;     /* user flags */
+
+	char sess_key[16]; /* unused user session key */
+
+	UNIHDR hdr_logon_srv; /* logon server unicode string header */
+	UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+	uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+	char padding[40];    /* unused padding bytes? */
+
+	uint32 num_sids; /* 0 - num_sids */
+	uint32 buffer_sids; /* NULL - undocumented pointer to SIDs. */
+	
+	UNISTR2 uni_user_name;    /* username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+
+	uint32 num_groups2;        /* num groups */
+	DOM_GID gids[LSA_MAX_GROUPS]; /* group info */
+
+	UNISTR2 uni_logon_srv; /* logon server unicode string */
+	UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+	DOM_SID undoc_dom_sids[2]; /* undocumented - domain SIDs */
+	DOM_SID dom_sid;           /* domain SID */
+
+} LSA_USER_INFO;
+
+
+/* LSA_Q_SAM_LOGON */
+typedef struct lsa_q_sam_logon_info
+{
+    DOM_SAM_INFO sam_id;
+
+} LSA_Q_SAM_LOGON;
+
+/* LSA_R_SAM_LOGON */
+typedef struct lsa_r_sam_logon_info
+{
+    uint32 buffer_creds; /* undocumented buffer pointer */
+    DOM_CRED srv_creds; /* server credentials.  server time stamp appears to be ignored. */
+    
+    uint32 buffer_user;
+    LSA_USER_INFO user;
+
+    uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
+
+} LSA_R_SAM_LOGON;
+
+
+/* LSA_Q_SAM_LOGOFF */
+typedef struct lsa_q_sam_logoff_info
+{
+    DOM_SAM_INFO sam_id;
+
+} LSA_Q_SAM_LOGOFF;
+
+/* LSA_R_SAM_LOGOFF */
+typedef struct lsa_r_sam_logoff_info
+{
+    uint32 buffer_creds; /* undocumented buffer pointer */
+    DOM_CRED srv_creds; /* server credentials.  server time stamp appears to be ignored. */
+    
+} LSA_R_SAM_LOGOFF;
+
+/*
+
+Yet to be turned into structures:
+
+6) \\MAILSLOT\NET\NTLOGON
+-------------------------
+
+6.1) Query for PDC
+------------------
+
+Request:
+
+    uint16         0x0007 - Query for PDC
+    STR            machine name
+    STR            response mailslot
+    uint8[]        padding to 2-byte align with start of mailslot.
+    UNISTR         machine name
+    uint32         NTversion
+    uint16         LMNTtoken
+    uint16         LM20token
+
+Response:
+
+    uint16         0x000A - Respose to Query for PDC
+    STR            machine name (in uppercase)
+    uint8[]        padding to 2-byte align with start of mailslot.
+    UNISTR         machine name
+    UNISTR         domain name
+    uint32         NTversion (same as received in request)
+    uint16         LMNTtoken (same as received in request)
+    uint16         LM20token (same as received in request)
+
+
+6.2) SAM Logon
+--------------
+
+Request:
+
+    uint16         0x0012 - SAM Logon
+    uint16         request count
+    UNISTR         machine name
+    UNISTR         user name
+    STR            response mailslot
+    uint32         alloweable account
+    uint32         domain SID size
+    char[sid_size] domain SID, of sid_size bytes.
+    uint8[]        ???? padding to 4? 2? -byte align with start of mailslot.
+    uint32         NTversion
+    uint16         LMNTtoken
+    uint16         LM20token
+    
+Response:
+
+    uint16         0x0013 - Response to SAM Logon
+    UNISTR         machine name
+    UNISTR         user name - workstation trust account
+    UNISTR         domain name 
+    uint32         NTversion
+    uint16         LMNTtoken
+    uint16         LM20token
+
+*/
+
 
 struct smb_passwd {
 	int smb_userid;
diff --git a/source3/smbparse.c b/source3/smbparse.c
index d39f18de5f..869aab21c1 100644
--- a/source3/smbparse.c
+++ b/source3/smbparse.c
@@ -25,6 +25,20 @@ extern int DEBUGLEVEL;
 
 
 /*******************************************************************
+reads or writes a UTIME type.
+********************************************************************/
+char* smb_io_utime(BOOL io, UTIME *t, char *q, char *base, int align)
+{
+	if (t == NULL) return NULL;
+
+	q = align_offset(q, base, align);
+	
+	RW_IVAL (io, q, t->time, 0); q += 4;
+
+	return q;
+}
+
+/*******************************************************************
 reads or writes an NTTIME structure.
 ********************************************************************/
 char* smb_io_time(BOOL io, NTTIME *nttime, char *q, char *base, int align)
@@ -223,6 +237,20 @@ char* smb_io_log_info(BOOL io, DOM_LOG_INFO *log, char *q, char *base, int align
 }
 
 /*******************************************************************
+reads or writes a DOM_CHAL structure.
+********************************************************************/
+char* smb_io_chal(BOOL io, DOM_CHAL *chal, char *q, char *base, int align)
+{
+	if (chal == NULL) return NULL;
+
+	q = align_offset(q, base, align);
+	
+	RW_PCVAL(io, q, chal->data, 8); q += 8;
+
+	return q;
+}
+
+/*******************************************************************
 reads or writes a DOM_CRED structure.
 ********************************************************************/
 char* smb_io_cred(BOOL io, DOM_CRED *cred, char *q, char *base, int align)
@@ -231,8 +259,8 @@ char* smb_io_cred(BOOL io, DOM_CRED *cred, char *q, char *base, int align)
 
 	q = align_offset(q, base, align);
 	
-	RW_PCVAL(io, q, cred->data, 8); q += 8;
-	RW_IVAL (io, q, cred->timestamp, 0); q += 4;
+	q = smb_io_chal (io, &(cred->challenge), q, base, align);
+	q = smb_io_utime(io, &(cred->timestamp), q, base, align);
 
 	return q;
 }