summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-04-28 01:24:40 +0000
committerJeremy Allison <jra@samba.org>1998-04-28 01:24:40 +0000
commit22abe47e29bf25a52e39026d03e38b49bab25ac9 (patch)
tree7b0eae817e17fe6817a3ef4a52d52f64389d4423 /source3
parentb8fff2cc4e3d2903bc009bf2f46459855dad526e (diff)
downloadsamba-22abe47e29bf25a52e39026d03e38b49bab25ac9.tar.gz
samba-22abe47e29bf25a52e39026d03e38b49bab25ac9.tar.bz2
samba-22abe47e29bf25a52e39026d03e38b49bab25ac9.zip
First version that compiles. Much more to do.....
Jeremy. (This used to be commit 45393a19adb31820725fbdfaaf7ab64793fc9bc5)
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_client/cli_login.c132
-rw-r--r--source3/rpc_client/cli_netlogon.c238
-rw-r--r--source3/rpc_client/cli_pipe.c36
3 files changed, 178 insertions, 228 deletions
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index ad176ffe8f..fe00c39e4c 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -24,6 +24,8 @@
#include "nterr.h"
extern int DEBUGLEVEL;
+extern fstring global_myworkgroup;
+extern pstring global_myname;
/****************************************************************************
Initialize domain session credentials.
@@ -34,17 +36,8 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16])
DOM_CHAL clnt_chal;
DOM_CHAL srv_chal;
- DOM_CHAL auth2_srv_chal;
-
UTIME zerotime;
- RPC_IFACE abstract;
- RPC_IFACE transfer;
-
- /******************** initialise ********************************/
-
- zerotime.time = 0;
-
/******************* Request Challenge ********************/
generate_random_buffer( clnt_chal.data, 8, False);
@@ -52,26 +45,30 @@ BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16])
/* send a client challenge; receive a server challenge */
if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal))
{
- DEBUG(0,("do_nt_session_open: request challenge failed\n"));
+ DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
return False;
}
/**************** Long-term Session key **************/
/* calculate the session key */
- cred_session_key(&clnt_chal, &srv_chal, mach_pwd, sess_key);
- bzero(sess_key+8, 8);
+ cred_session_key(&clnt_chal, &srv_chal, mach_pwd, cli->sess_key);
+ bzero(cli->sess_key+8, 8);
/******************* Authenticate 2 ********************/
/* calculate auth-2 credentials */
- cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred->challenge));
+ zerotime.time = 0;
+ cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge));
+
+ /*
+ * Send client auth-2 challenge.
+ * Receive an auth-2 challenge response and check it.
+ */
- /* send client auth-2 challenge; receive an auth-2 challenge */
- if (!cli_net_auth2(cli, SEC_CHAN_WKSTA, 0x000001ff,
- &(cli->clnt_cred->challenge), &auth2_srv_chal))
+ if (!cli_net_auth2(cli, SEC_CHAN_WKSTA, 0x000001ff, &srv_chal))
{
- DEBUG(0,("do_nt_session_open: auth2 challenge failed\n"));
+ DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n"));
return False;
}
@@ -128,7 +125,7 @@ BOOL do_nt_srv_pwset(struct cli_state *cli,
void make_nt_login_interactive(NET_ID_INFO_CTR *ctr,
uchar sess_key[16],
- char *workgroup, char *myhostname,
+ char *domain, char *myhostname,
uint32 smb_userid, char *username)
{
/****************** SAM Info Preparation *******************/
@@ -154,103 +151,44 @@ void make_nt_login_interactive(NET_ID_INFO_CTR *ctr,
ctr->switch_value = 1;
/* this is used in both the SAM Logon and the SAM Logoff */
- make_id_info1(&ctr->auth.id1, workgroup, 0,
+ make_id_info1(&ctr->auth.id1, domain, 0,
smb_userid, 0, username, myhostname,
sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
}
#endif
/****************************************************************************
- make network sam login info
- ****************************************************************************/
-
-void make_nt_login_network(NET_ID_INFO_CTR *ctr, uint32 smb_userid, char *username,
- char lm_chal[8], char lm_chal_resp[24],
- char nt_chal_resp[24])
-{
- /* indicate a "network" login */
- ctr->switch_value = 2;
-
- /* this is used in both the SAM Logon and the SAM Logoff */
- make_id_info2(&ctr->auth.id2, myworkgroup, 0, smb_userid, 0,
- username, myhostname,
- lm_chal, lm_chal_resp, nt_chal_resp);
-}
-
-/****************************************************************************
NT login.
****************************************************************************/
-BOOL cli_nt_login(struct cli_state *cli,
- DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
+BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
+ uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24],
+ char nt_chal_resp[24],
+ NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
{
- DOM_CRED sam_logon_rtn_cred;
- DOM_CRED cred;
- fstring dest_srv;
- fstring my_host_name;
+ DEBUG(5,("cli_nt_login_network: %d\n", __LINE__));
- DEBUG(5,("do_nt_login: %d\n", __LINE__));
-
- /*********************** SAM Logon **********************/
-
- cli->clnt_cred->timestamp.time = time(NULL);
-
- memcpy(&cred, cli->clnt_cred, sizeof(cred));
-
- /* calculate sam logon credentials */
- cred_create(sess_key, &(cli->clnt_cred->challenge),
- cred.timestamp, &(cred.challenge));
-
- strcpy(dest_srv, "\\\\");
- strcat(dest_srv, dest_host);
- strupper(dest_srv);
+ /* indicate a "network" login */
+ ctr->switch_value = NET_LOGON_TYPE;
- fstrcpy(my_host_name, myhostname);
- strupper(my_host_name);
+ /* Create the structure needed for SAM logon. */
+ make_id_info2(&ctr->auth.id2, domain, 0,
+ smb_userid_low, 0,
+ username, global_myname,
+ lm_chal, lm_chal_resp, nt_chal_resp);
- /* send client sam-logon challenge */
- return cli_net_sam_logon(cli, dest_srv, my_host_name,
- &cred, &sam_logon_rtn_cred,
- ctr->switch_value, ctr, 3, user_info3,
- rtn_cred);
+ /* Send client sam-logon request - update credentials on success. */
+ return cli_net_sam_logon(cli, ctr, user_info3);
}
/****************************************************************************
-nt sam logoff
+NT Logoff.
****************************************************************************/
-BOOL cli_nt_logoff(struct cli_state *cli, DOM_CRED *rtn_cred,
- NET_ID_INFO_CTR *ctr, char *dest_host, char *myhostname)
+BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
{
- DOM_CRED sam_logoff_rtn_cred;
- DOM_CRED cred;
- fstring dest_srv;
- fstring my_host_name;
-
- DEBUG(5,("do_nt_logoff: %d\n", __LINE__));
-
- /*********************** SAM Logoff *********************/
-
- clnt_cred->timestamp.time = time(NULL);
-
- memcpy(&cred, cli->clnt_cred, sizeof(cred));
-
- /* calculate sam logoff credentials */
- cred_create(sess_key, &(cli->clnt_cred->challenge),
- cred.timestamp, &(cred.challenge));
-
- strcpy(dest_srv, "\\\\");
- strcat(dest_srv, dest_host);
- strupper(dest_srv);
-
- fstrcpy(my_host_name, myhostname);
- strupper(my_host_name);
+ DEBUG(5,("cli_nt_logoff: %d\n", __LINE__));
- /* send client sam-logoff challenge; receive a sam-logoff challenge */
- return cli_net_sam_logoff(cli, fnum, sess_key, clnt_cred,
- dest_srv, my_host_name,
- &cred, &sam_logoff_rtn_cred,
- ctr->switch_value, ctr, 3,
- rtn_cred);
+ /* Send client sam-logoff request - update credentials on success. */
+ return cli_net_sam_logoff(cli, ctr);
}
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 654445b31d..91dbd27421 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -1,4 +1,3 @@
-
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
@@ -6,7 +5,8 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
- *
+ * Copyright (C) Jeremy Allison 1998.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -30,36 +30,30 @@
#include "includes.h"
extern int DEBUGLEVEL;
+extern pstring global_myname;
+extern fstring global_myworkgroup;
/****************************************************************************
do a LSA Logon Control2
****************************************************************************/
-BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum,
- char *host_name, uint32 status_level)
+BOOL do_net_logon_ctrl2(struct cli_state *cli, uint32 status_level)
{
prs_struct rbuf;
prs_struct buf;
NET_Q_LOGON_CTRL2 q_l;
- BOOL valid_ctrl2 = False;
- fstring acct_name;
-
- if (host_name == NULL)
- return False;
+ BOOL ok = False;
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
- strcpy(acct_name, "\\\\");
- strcat(acct_name, host_name);
-
/* create and send a MSRPC command with api NET_LOGON_CTRL2 */
- DEBUG(4,("LSA Logon Control2 from %s status level:%x\n",
- host_name, status_level));
+ DEBUG(4,("do_net_logon_ctrl2 from %s status level:%x\n",
+ global_myname, status_level));
/* store the parameters */
- make_q_logon_ctrl2(&q_l, acct_name, status_level);
+ make_q_logon_ctrl2(&q_l, cli->srv_name_slash, status_level);
/* turn parameters into data stream */
net_io_q_logon_ctrl2("", &q_l, &buf, 0);
@@ -68,7 +62,6 @@ BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum,
if (rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &buf, &rbuf))
{
NET_R_LOGON_CTRL2 r_l;
- BOOL ok;
net_io_r_logon_ctrl2("", &r_l, &rbuf, 0);
ok = (rbuf.offset != 0);
@@ -76,47 +69,46 @@ BOOL do_net_logon_ctrl2(struct cli_state *cli, uint16 fnum,
if (ok && r_l.status != 0)
{
/* report error code */
- DEBUG(0,("NET_R_LOGON_CTRL: %s\n", get_nt_error_msg(r_l.status)));
+ DEBUG(0,("do_net_logon_ctrl2: Error %s\n", get_nt_error_msg(r_l.status)));
cli->nt_error = r_l.status;
ok = False;
}
-
- if (ok)
- {
- valid_ctrl2 = True;
- }
}
prs_mem_free(&rbuf);
prs_mem_free(&buf );
- return valid_ctrl2;
+ return ok;
}
/****************************************************************************
-do a LSA Authenticate 2
+LSA Authenticate 2
+
+Send the client credential, receive back a server credential.
+Ensure that the server credential returned matches the session key
+encrypt of the server challenge originally received. JRA.
****************************************************************************/
BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
+ uint32 neg_flags, DOM_CHAL *srv_chal)
{
prs_struct rbuf;
prs_struct buf;
NET_Q_AUTH_2 q_a;
- BOOL valid_chal = False;
+ BOOL ok = False;
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
/* create and send a MSRPC command with api NET_AUTH2 */
- DEBUG(4,("LSA Authenticate 2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %lx\n",
- cli->srv_name, cli->mach_acct, sec_chan, global_myname,
- credstr(clnt_chal->data), neg_flags));
+ DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %lx\n",
+ cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
+ credstr(cli->clnt_cred.challenge.data), neg_flags));
/* store the parameters */
- make_q_auth_2(&q_a, cli->srv_name, cli->mach_acct, sec_chan, global_myname,
- clnt_chal, neg_flags);
+ make_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
+ &cli->clnt_cred.challenge, neg_flags);
/* turn parameters into data stream */
net_io_q_auth_2("", &q_a, &buf, 0);
@@ -125,7 +117,6 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
if (rpc_api_pipe_req(cli, NET_AUTH2, &buf, &rbuf))
{
NET_R_AUTH_2 r_a;
- BOOL ok;
net_io_r_auth_2("", &r_a, &rbuf, 0);
ok = (rbuf.offset != 0);
@@ -133,35 +124,49 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
if (ok && r_a.status != 0)
{
/* report error code */
- DEBUG(0,("NET_AUTH2: %s\n", get_nt_error_msg(r_a.status)));
+ DEBUG(0,("cli_net_auth2: Error %s\n", get_nt_error_msg(r_a.status)));
cli->nt_error = r_a.status;
ok = False;
}
+ if (ok)
+ {
+ /*
+ * Check the returned value using the initial
+ * server received challenge.
+ */
+ UTIME zerotime;
+
+ zerotime.time = 0;
+ if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
+ /*
+ * Server replied with bad credential. Fail.
+ */
+ DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+ ok = False;
+ }
+ }
+
if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
{
/* report different neg_flags */
- DEBUG(0,("NET_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n",
+ DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%lx,%lx)\n",
q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
ok = False;
}
- if (ok)
- {
- /* ok, at last: we're happy. return the challenge */
- memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data));
- valid_chal = True;
- }
}
prs_mem_free(&rbuf);
prs_mem_free(&buf );
- return valid_chal;
+ return ok;
}
/****************************************************************************
-do a LSA Request Challenge
+LSA Request Challenge. Sends our challenge to server, then gets
+server response. These are used to generate the credentials.
****************************************************************************/
BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
@@ -183,7 +188,7 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_
cli->desthost, global_myname, credstr(clnt_chal->data)));
/* store the parameters */
- make_q_req_chal(&q_c, desthost, global_myname, clnt_chal);
+ make_q_req_chal(&q_c, cli->srv_name_slash, global_myname, clnt_chal);
/* turn parameters into data stream */
net_io_q_req_chal("", &q_c, &buf, 0);
@@ -200,8 +205,8 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_
if (ok && r_c.status != 0)
{
/* report error code */
- DEBUG(0,("NET_REQ_CHAL: %s\n", get_nt_error_msg(r_c.status)));
- cli->nt_error = r_a.status;
+ DEBUG(0,("cli_net_req_chal: Error %s\n", get_nt_error_msg(r_c.status)));
+ cli->nt_error = r_c.status;
ok = False;
}
@@ -219,6 +224,7 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_
return valid_chal;
}
+#if 0
/***************************************************************************
do a LSA Server Password Set
****************************************************************************/
@@ -244,7 +250,7 @@ BOOL do_net_srv_pwset(struct cli_state *cli, uint16 fnum,
/* create and send a MSRPC command with api NET_SRV_PWSET */
DEBUG(4,("LSA Server Password Set: srv:%s acct:%s sc: %d mc: %s clnt %s %lx\n",
- logon_srv, mach_acct, sec_chan_type, comp_name,
+ cli->srv_name_slash, mach_acct, sec_chan_type, comp_name,
credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time));
/* store the parameters */
@@ -292,40 +298,47 @@ BOOL do_net_srv_pwset(struct cli_state *cli, uint16 fnum,
return valid_cred;
}
+#endif
/***************************************************************************
-do a LSA SAM Logon
+LSA SAM Logon.
****************************************************************************/
-BOOL cli_net_sam_logon(struct cli_state *cli, DOM_CRED *sto_clnt_cred,
- char *logon_srv, char *comp_name,
- DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
- uint16 logon_level, NET_ID_INFO_CTR *ctr,
- uint16 validation_level, NET_USER_INFO_3 *user_info3,
- DOM_CRED *srv_cred)
+BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr,
+ NET_USER_INFO_3 *user_info3)
{
+ DOM_CRED new_clnt_cred;
prs_struct rbuf;
prs_struct buf;
+ uint16 validation_level = 3;
NET_Q_SAM_LOGON q_s;
- BOOL valid_cred = False;
+ BOOL ok = False;
- if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL || user_info3 == NULL)
- return False;
+ /*
+ * Create the new client credentials.
+ */
+
+ cli->clnt_cred.timestamp.time = time(NULL);
+
+ memcpy(&new_clnt_cred, &cli->clnt_cred, sizeof(new_clnt_cred));
+
+ /* Calculate the new credentials. */
+ cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
+ new_clnt_cred.timestamp, &(new_clnt_cred.challenge));
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
/* create and send a MSRPC command with api NET_SAMLOGON */
- DEBUG(4,("LSA SAM Logon: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n",
- cli->srv_name, global_myname,
- credstr(cli->clnt_cred->challenge.data), cli->clnt_cred->timestamp.time,
- credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time,
- logon_level));
+ DEBUG(4,("cli_net_sam_logon: srv:%s mc:%s clnt %s %lx ll: %d\n",
+ cli->srv_name_slash, global_myname,
+ credstr(new_clnt_cred.challenge.data), cli->clnt_cred.timestamp.time,
+ ctr->switch_value));
/* store the parameters */
- make_sam_info(&(q_s.sam_id), cli->srv_name, global_myname,
- cli->clnt_cred, rtn_cred, logon_level, ctr, validation_level);
+ make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname,
+ &new_clnt_cred, NULL, ctr->switch_value, ctr, validation_level);
/* turn parameters into data stream */
net_io_q_sam_logon("", &q_s, &buf, 0);
@@ -334,7 +347,6 @@ BOOL cli_net_sam_logon(struct cli_state *cli, DOM_CRED *sto_clnt_cred,
if (rpc_api_pipe_req(cli, NET_SAMLOGON, &buf, &rbuf))
{
NET_R_SAM_LOGON r_s;
- BOOL ok;
r_s.user = user_info3;
@@ -344,74 +356,75 @@ BOOL cli_net_sam_logon(struct cli_state *cli, DOM_CRED *sto_clnt_cred,
if (ok && r_s.status != 0)
{
/* report error code */
- DEBUG(0,("NET_SAMLOGON: %s\n", get_nt_error_msg(r_s.status)));
+ DEBUG(0,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status)));
cli->nt_error = r_s.status;
ok = False;
}
+ /* Update the credentials. */
+ if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)) == 0)
+ {
+ /*
+ * Server replied with bad credential. Fail.
+ */
+ DEBUG(0,("cli_net_sam_logon: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+ ok = False;
+ }
+
if (ok && r_s.switch_value != 3)
{
/* report different switch_value */
- DEBUG(0,("NET_SAMLOGON: switch_value of 3 expected %x\n",
+ DEBUG(0,("cli_net_sam_logon: switch_value of 3 expected %x\n",
r_s.switch_value));
ok = False;
}
-
- if (ok)
- {
- if (clnt_deal_with_creds(cli->sess_key, sto_clnt_cred, &(r_s.srv_creds)))
- {
- DEBUG(5, ("do_net_sam_logon: server credential check OK\n"));
- /* ok, at last: we're happy. return the challenge */
- memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
- valid_cred = True;
- }
- else
- {
- DEBUG(5, ("do_net_sam_logon: server credential check failed\n"));
- }
- }
}
prs_mem_free(&rbuf);
prs_mem_free(&buf );
- return valid_cred;
+ return ok;
}
/***************************************************************************
-do a LSA SAM Logoff
+LSA SAM Logoff.
****************************************************************************/
-BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum,
- uchar sess_key[8], DOM_CRED *sto_clnt_cred,
- char *logon_srv, char *comp_name,
- DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
- uint16 logon_level, NET_ID_INFO_CTR *ctr,
- uint16 validation_level, DOM_CRED *srv_cred)
+BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
{
+ DOM_CRED new_clnt_cred;
prs_struct rbuf;
prs_struct buf;
NET_Q_SAM_LOGOFF q_s;
- BOOL valid_cred = False;
+ uint16 validation_level = 3;
+ BOOL ok = False;
- if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL)
- return False;
+ /*
+ * Create the new client credentials.
+ */
+
+ cli->clnt_cred.timestamp.time = time(NULL);
+
+ memcpy(&new_clnt_cred, &cli->clnt_cred, sizeof(new_clnt_cred));
+
+ /* Calculate the new credentials. */
+ cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
+ new_clnt_cred.timestamp, &(new_clnt_cred.challenge));
prs_init(&buf , 1024, 4, SAFETY_MARGIN, False);
prs_init(&rbuf, 0, 4, SAFETY_MARGIN, True );
- /* create and send a MSRPC command with api NET_SAMLOGON */
+ /* create and send a MSRPC command with api NET_SAMLOGOFF */
- DEBUG(4,("LSA SAM Logoff: srv:%s mc:%s clnt %s %lx rtn: %s %lx ll: %d\n",
- logon_srv, comp_name,
- credstr(clnt_cred->challenge.data), clnt_cred->timestamp.time,
- credstr(rtn_cred->challenge.data), rtn_cred ->timestamp.time,
- logon_level));
+ DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %lx ll: %d\n",
+ cli->srv_name_slash, global_myname,
+ credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time,
+ ctr->switch_value));
/* store the parameters */
- make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
- clnt_cred, rtn_cred, logon_level, ctr, validation_level);
+ make_sam_info(&(q_s.sam_id), cli->srv_name_slash, global_myname,
+ &new_clnt_cred, NULL, ctr->switch_value, ctr, validation_level);
/* turn parameters into data stream */
net_io_q_sam_logoff("", &q_s, &buf, 0);
@@ -420,7 +433,6 @@ BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum,
if (rpc_api_pipe_req(cli, NET_SAMLOGOFF, &buf, &rbuf))
{
NET_R_SAM_LOGOFF r_s;
- BOOL ok;
net_io_r_sam_logoff("", &r_s, &rbuf, 0);
ok = (rbuf.offset != 0);
@@ -428,29 +440,25 @@ BOOL do_net_sam_logoff(struct cli_state *cli, uint16 fnum,
if (ok && r_s.status != 0)
{
/* report error code */
- DEBUG(0,("NET_SAMLOGOFF: %s\n", get_nt_error_msg(r_s.status)));
+ DEBUG(0,("cli_net_sam_logoff: %s\n", get_nt_error_msg(r_s.status)));
cli->nt_error = r_s.status;
ok = False;
}
- if (ok)
+ /* Update the credentials. */
+ if (clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds)) == 0)
{
- if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
- {
- DEBUG(5, ("do_net_sam_logoff: server credential check OK\n"));
- /* ok, at last: we're happy. return the challenge */
- memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
- valid_cred = True;
- }
- else
- {
- DEBUG(5, ("do_net_sam_logoff: server credential check failed\n"));
- }
+ /*
+ * Server replied with bad credential. Fail.
+ */
+ DEBUG(0,("cli_net_sam_logoff: server %s replied with bad credential (bad machine \
+password ?).\n", cli->desthost ));
+ ok = False;
}
}
prs_mem_free(&rbuf);
prs_mem_free(&buf );
- return valid_cred;
+ return ok;
}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index d57009a47a..4058538f21 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -31,6 +31,8 @@
extern int DEBUGLEVEL;
extern struct pipe_id_info pipe_names[];
+extern fstring global_myworkgroup;
+extern pstring global_myname;
/********************************************************************
rpc pipe call id
@@ -55,6 +57,7 @@ static BOOL rpc_read(struct cli_state *cli,
int num_read;
char *data = rdata->data->data;
uint32 err;
+ uint32 errclass;
uint32 new_data_size = rdata->data->data_used + data_to_read;
data += rdata_offset;
@@ -92,7 +95,8 @@ static BOOL rpc_read(struct cli_state *cli,
file_offset += num_read;
data += num_read;
- if (cli_error(cli, NULL, &err))
+ cli_error(cli, &errclass, &err);
+ if (errclass != 0)
return False;
} while (num_read > 0 && data_to_read > 0);
@@ -161,6 +165,7 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
uint16 setup[2]; /* only need 2 uint16 setup parameters */
uint32 err;
+ uint32 errclass;
uint8 pkt_type = 0xff;
BOOL first = True;
BOOL last = True;
@@ -168,10 +173,10 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
/*
* Setup the pointers from the incoming.
*/
- char *pparams = param ? param->data->data;
- int params_len = param ? param->data->data_used;
- char *pdata = data ? data->data->data;
- int data_len = data ? data->data->data_used;
+ char *pparams = param ? param->data->data : NULL;
+ int params_len = param ? param->data->data_used : 0;
+ char *pdata = data ? data->data->data : NULL;
+ int data_len = data ? data->data->data_used : 0;
/*
* Setup the pointers to the outgoing.
@@ -198,9 +203,6 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
return False;
}
- if (cli_error(cli, NULL, &err))
- return False;
-
if (rdata->data->data == NULL)
return False;
@@ -262,7 +264,8 @@ BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd,
prs_mem_free(&hps);
- if (cli_error(cli, NULL, &err))
+ cli_error(cli, &errclass, &err);
+ if (errclass != 0)
return False;
first = IS_BITS_SET_ALL(rhdr.flags, RPC_FLG_FIRST);
@@ -461,8 +464,8 @@ BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, char *pipe_name, uint16 devic
setup, 2, 0, /* setup, length, max */
param, 2, 0, /* param, length, max */
NULL, 0, 1024, /* data, length, max */
- &rparam, rparam_len, /* return param, length */
- &rdata, rdata_len)) /* return data, length */
+ &rparam, &rparam_len, /* return param, length */
+ &rdata, &rdata_len)) /* return data, length */
{
DEBUG(5, ("Set Handle state: return OK\n"));
state_set = True;
@@ -602,7 +605,7 @@ BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
prs_init(&rparam, 0 , 4, SAFETY_MARGIN, True );
create_rpc_bind_req(&hdr, &hdr_rb, ntlmssp_auth ? &auth_req : NULL,
- abstract, transfer, myname, myworkgroup);
+ abstract, transfer, global_myname, global_myworkgroup);
/* this is a hack due to limitations in rpc_api_pipe */
prs_init(&data, mem_buf_len(hdr.data), 4, 0x0, False);
@@ -645,7 +648,7 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
if ((fnum = cli_open(cli, pipe_name, O_CREAT|O_RDWR, DENY_NONE)) == -1)
{
DEBUG(1,("do_session_open: cli_open failed on pipe %s to machine %s. \
-Error was %s.\n", pipe_name, cli->desthost, cli_errstr(&cli)));
+Error was %s.\n", pipe_name, cli->desthost, cli_errstr(cli)));
return False;
}
@@ -669,10 +672,11 @@ Error was %s.\n", pipe_name, cli->desthost, cli_errstr(&cli)));
* Setup the remote server name prefixed by \ and the machine account name.
*/
- sprintf(cli->srv_name, "\\\\%s", cli->desthost);
- strupper(cli->srv_name);
+ sprintf(cli->srv_name_slash, "\\\\%s", cli->desthost);
+ strupper(cli->srv_name_slash);
- sprintf(cli->mach_acct, "%s$", myname);
+ sprintf(cli->mach_acct, "%s$", global_myname);
+ strupper(cli->mach_acct);
return True;
}