summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-03-12 05:47:06 +0000
committerLuke Leighton <lkcl@samba.org>1999-03-12 05:47:06 +0000
commit6e88171bace32ea2f01367e86d87e1c70892084b (patch)
tree59f5c7672a929b0cabf11dc6572080a06a796a4f /source3
parent0aaf5a368c1b654a7560b19095481199a426530e (diff)
downloadsamba-6e88171bace32ea2f01367e86d87e1c70892084b.tar.gz
samba-6e88171bace32ea2f01367e86d87e1c70892084b.tar.bz2
samba-6e88171bace32ea2f01367e86d87e1c70892084b.zip
new "domtrust" test command. r&d into inter-domain trust accounts.
(This used to be commit 65b0abe8b7594ff6c662da86dc2e35bd83a2d13d)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h18
-rw-r--r--source3/passdb/smbpassfile.c12
-rw-r--r--source3/rpc_client/cli_login.c15
-rw-r--r--source3/rpc_client/cli_netlogon.c10
-rw-r--r--source3/rpc_parse/parse_misc.c5
-rw-r--r--source3/rpc_parse/parse_net.c3
-rw-r--r--source3/rpcclient/cmd_netlogon.c44
-rw-r--r--source3/rpcclient/rpcclient.c1
8 files changed, 82 insertions, 26 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6d2264051f..481d5c60eb 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -451,7 +451,7 @@ char *align2(char *q, char *base);
void out_ascii(FILE *f, unsigned char *buf,int len);
void out_data(FILE *f,char *buf1,int len, int per_line);
void print_asc(int level, unsigned char *buf,int len);
-void dump_data(int level,char *buf1,int len);
+void dump_data(int level,char *buf1, int len);
char *tab_depth(int depth);
int str_checksum(const char *s);
void zero_free(void *p, size_t size);
@@ -1579,8 +1579,11 @@ void load_printers(void);
/*The following definitions come from rpc_client/cli_login.c */
-BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_pwd[16]);
-BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_mach_pwd);
+BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
+ const char* trust_acct,
+ unsigned char trust_pwd[16],
+ uint16 sec_chan);
+BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_trust_pwd);
BOOL cli_nt_login_interactive(struct cli_state *cli, uint16 fnum, char *domain, char *username,
uint32 luid_low, char *password,
NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
@@ -1617,8 +1620,9 @@ BOOL lsa_close(struct cli_state *cli, uint16 fnum, POLICY_HND *hnd);
/*The following definitions come from rpc_client/cli_netlogon.c */
BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint16 nt_pipe_fnum, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal);
+BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum,
+ const char *trust_acct, uint16 sec_chan,
+ uint32 neg_flags, DOM_CHAL *srv_chal);
BOOL cli_net_req_chal(struct cli_state *cli, uint16 nt_pipe_fnum, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
BOOL cli_net_srv_pwset(struct cli_state *cli, uint16 nt_pipe_fnum, uint8 hashed_mach_pwd[16]);
BOOL cli_net_sam_logon(struct cli_state *cli, uint16 nt_pipe_fnum, NET_ID_INFO_CTR *ctr,
@@ -1982,7 +1986,8 @@ void make_q_req_chal(NET_Q_REQ_CHAL *q_c,
void net_io_q_req_chal(char *desc, NET_Q_REQ_CHAL *q_c, prs_struct *ps, int depth);
void net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int depth);
void make_q_auth_2(NET_Q_AUTH_2 *q_a,
- char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
+ const char *logon_srv, const char *acct_name,
+ uint16 sec_chan, const char *comp_name,
DOM_CHAL *clnt_chal, uint32 clnt_flgs);
void net_io_q_auth_2(char *desc, NET_Q_AUTH_2 *q_a, prs_struct *ps, int depth);
void net_io_r_auth_2(char *desc, NET_R_AUTH_2 *r_a, prs_struct *ps, int depth);
@@ -2738,6 +2743,7 @@ void cmd_lsa_lookup_sids(struct client_info *info);
/*The following definitions come from rpcclient/cmd_netlogon.c */
void cmd_netlogon_login_test(struct client_info *info);
+void cmd_netlogon_domain_test(struct client_info *info);
/*The following definitions come from rpcclient/cmd_reg.c */
diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
index 51eb799fc2..b4f8e2b869 100644
--- a/source3/passdb/smbpassfile.c
+++ b/source3/passdb/smbpassfile.c
@@ -238,17 +238,17 @@ BOOL trust_get_passwd( unsigned char trust_passwd[16], char *domain, char *mynam
time_t lct;
/*
- * Get the machine account password.
+ * Get the trust account password.
*/
if(!trust_password_lock( domain, myname, False)) {
- DEBUG(0,("domain_client_validate: unable to open the machine account password file for \
-machine %s in domain %s.\n", myname, domain ));
+ DEBUG(0,("domain_client_validate: unable to open the trust account password file for \
+trust %s in domain %s.\n", myname, domain ));
return False;
}
if(get_trust_account_password( trust_passwd, &lct) == False) {
- DEBUG(0,("domain_client_validate: unable to read the machine account password for \
-machine %s in domain %s.\n", myname, domain ));
+ DEBUG(0,("domain_client_validate: unable to read the trust account password for \
+trust %s in domain %s.\n", myname, domain ));
trust_password_unlock();
return False;
}
@@ -256,7 +256,7 @@ machine %s in domain %s.\n", myname, domain ));
trust_password_unlock();
/*
- * Here we check the last change time to see if the machine
+ * Here we check the last change time to see if the trust
* password needs changing. JRA.
*/
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 4520607898..3769f44e18 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -29,7 +29,10 @@ extern int DEBUGLEVEL;
Initialize domain session credentials.
****************************************************************************/
-BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_pwd[16])
+BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum,
+ const char* trust_acct,
+ unsigned char trust_pwd[16],
+ uint16 sec_chan)
{
DOM_CHAL clnt_chal;
DOM_CHAL srv_chal;
@@ -50,7 +53,7 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_p
/**************** Long-term Session key **************/
/* calculate the session key */
- cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key);
+ cred_session_key(&clnt_chal, &srv_chal, (char *)trust_pwd, cli->sess_key);
bzero(cli->sess_key+8, 8);
/******************* Authenticate 2 ********************/
@@ -64,7 +67,7 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_p
* Receive an auth-2 challenge response and check it.
*/
- if (!cli_net_auth2(cli, fnum, SEC_CHAN_WKSTA, 0x000001ff, &srv_chal))
+ if (!cli_net_auth2(cli, fnum, trust_acct, sec_chan, 0x000001ff, &srv_chal))
{
DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n"));
return False;
@@ -77,18 +80,18 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, uint16 fnum, unsigned char mach_p
Set machine password.
****************************************************************************/
-BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_mach_pwd)
+BOOL cli_nt_srv_pwset(struct cli_state *cli, uint16 fnum, unsigned char *new_hashof_trust_pwd)
{
unsigned char processed_new_pwd[16];
DEBUG(5,("cli_nt_srv_pwset: %d\n", __LINE__));
#ifdef DEBUG_PASSWORD
- dump_data(6, new_hashof_mach_pwd, 16);
+ dump_data(6, new_hashof_trust_pwd, 16);
#endif
/* Process the new password. */
- cred_hash3( processed_new_pwd, new_hashof_mach_pwd, cli->sess_key, 1);
+ cred_hash3( processed_new_pwd, new_hashof_trust_pwd, cli->sess_key, 1);
/* send client srv_pwset challenge */
return cli_net_srv_pwset(cli, fnum, processed_new_pwd);
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 750265483c..ff9fc3c5ed 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -110,8 +110,9 @@ Ensure that the server credential returned matches the session key
encrypt of the server challenge originally received. JRA.
****************************************************************************/
-BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal)
+BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum,
+ const char *trust_acct, uint16 sec_chan,
+ uint32 neg_flags, DOM_CHAL *srv_chal)
{
prs_struct rbuf;
prs_struct buf;
@@ -128,7 +129,7 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 nt_pipe_fnum, uint16 sec_chan,
credstr(cli->clnt_cred.challenge.data), neg_flags));
/* store the parameters */
- make_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
+ make_q_auth_2(&q_a, cli->srv_name_slash, trust_acct, sec_chan, global_myname,
&cli->clnt_cred.challenge, neg_flags);
/* turn parameters into data stream */
@@ -573,7 +574,8 @@ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
return False;
}
- if(cli_nt_setup_creds(&cli, nt_pipe_fnum, orig_trust_passwd_hash) == False) {
+ if(cli_nt_setup_creds(&cli, nt_pipe_fnum,
+ cli.mach_acct, orig_trust_passwd_hash, SEC_CHAN_WKSTA) == False) {
DEBUG(0,("modify_trust_password: unable to setup the PDC credentials to machine \
%s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
cli_nt_session_close(&cli, nt_pipe_fnum);
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 3cffde0249..1656c39139 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -743,8 +743,9 @@ static void smb_io_clnt_srv(char *desc, DOM_CLNT_SRV *log, prs_struct *ps, int
/*******************************************************************
makes a DOM_LOG_INFO structure.
********************************************************************/
-void make_log_info(DOM_LOG_INFO *log, char *logon_srv, char *acct_name,
- uint16 sec_chan, char *comp_name)
+void make_log_info(DOM_LOG_INFO *log,
+ const char *logon_srv, const char *acct_name,
+ uint16 sec_chan, const char *comp_name)
{
if (log == NULL) return;
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index ce573c7bf2..6c8b304a64 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -409,7 +409,8 @@ void net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int dep
reads or writes a structure.
********************************************************************/
void make_q_auth_2(NET_Q_AUTH_2 *q_a,
- char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
+ const char *logon_srv, const char *acct_name,
+ uint16 sec_chan, const char *comp_name,
DOM_CHAL *clnt_chal, uint32 clnt_flgs)
{
if (q_a == NULL) return;
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 6001327862..1ad71b7f4f 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -92,7 +92,9 @@ void cmd_netlogon_login_test(struct client_info *info)
/* open NETLOGON session. negotiate credentials */
res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
- res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, trust_passwd) : False;
+ res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum,
+ smb_cli->mach_acct,
+ trust_passwd, SEC_CHAN_WKSTA) : False;
/* change the machine password? */
if (global_machine_password_needs_changing)
@@ -132,3 +134,43 @@ void cmd_netlogon_login_test(struct client_info *info)
nt_user_name, BOOLSTR(res));
}
+/****************************************************************************
+experimental nt login.
+****************************************************************************/
+void cmd_netlogon_domain_test(struct client_info *info)
+{
+ uint16 nt_pipe_fnum;
+
+ fstring nt_trust_dom;
+ BOOL res = True;
+ unsigned char trust_passwd[16];
+ fstring inter_dom_acct;
+
+ if (!next_token(NULL, nt_trust_dom, NULL, sizeof(nt_trust_dom)))
+ {
+ fprintf(out_hnd,"domtest: must specify domain name\n");
+ return;
+ }
+
+ DEBUG(5,("do_nt_login_test: domain %s\n", nt_trust_dom));
+
+ fstrcpy(inter_dom_acct, nt_trust_dom);
+ fstrcat(inter_dom_acct, "$");
+
+ res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, nt_trust_dom) : False;
+
+ /* open NETLOGON session. negotiate credentials */
+ res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False;
+
+ res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, inter_dom_acct,
+ trust_passwd, SEC_CHAN_DOMAIN) : False;
+
+ memset(trust_passwd, 0, 16);
+
+ /* close the session */
+ cli_nt_session_close(smb_cli, nt_pipe_fnum);
+
+ fprintf(out_hnd,"cmd_nt_login: credentials (%s) test succeeded: %s\n",
+ nt_trust_dom, BOOLSTR(res));
+}
+
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 6001812616..a9719b143b 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -116,6 +116,7 @@ struct
{"reggetsec", cmd_reg_get_key_sec, "<keyname> Registry Key Security"},
{"regtestsec", cmd_reg_test_key_sec, "<keyname> Test Registry Key Security"},
{"ntlogin", cmd_netlogon_login_test, "[username] [password] NT Domain login test"},
+ {"domtrust", cmd_netlogon_domain_test, "<domain> NT Inter-Domain test"},
{"wksinfo", cmd_wks_query_info, "Workstation Query Info"},
{"srvinfo", cmd_srv_query_info, "Server Query Info"},
{"srvsessions",cmd_srv_enum_sess, "List sessions on a server"},