diff options
-rw-r--r-- | source3/libsmb/cli_netlogon.c | 72 | ||||
-rw-r--r-- | source3/rpcclient/cmd_netlogon.c | 58 |
2 files changed, 130 insertions, 0 deletions
diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c index 98f448c6a7..21a97466a0 100644 --- a/source3/libsmb/cli_netlogon.c +++ b/source3/libsmb/cli_netlogon.c @@ -392,3 +392,75 @@ NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } + +/* Logon domain user */ + +NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, + char *username, char *password, + int validation_level) +{ + prs_struct qbuf, rbuf; + NET_Q_SAM_LOGON q; + NET_R_SAM_LOGON r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + DOM_CRED clnt_creds, dummy_rtn_creds; + extern pstring global_myname; + NET_ID_INFO_CTR ctr; + uint8 chal[8]; + unsigned char local_lm_response[24]; + unsigned char local_nt_response[24]; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Initialise input parameters */ + + gen_next_creds(cli, &clnt_creds); + + q.validation_level = validation_level; + + memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); + dummy_rtn_creds.timestamp.time = time(NULL); + + generate_random_buffer(chal, 8, False); + + SMBencrypt(password, chal, local_lm_response); + SMBNTencrypt(password, chal, local_nt_response); + + ctr.switch_value = NET_LOGON_TYPE; + init_id_info2(&ctr.auth.id2, lp_workgroup(), 0, + 0xdead, 0xbeef, /* LUID? */ + username, global_myname, chal, + local_lm_response, 24, local_nt_response, 24); + + init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname, + &clnt_creds, &dummy_rtn_creds, ctr.switch_value, + &ctr); + + /* Marshall data and send request */ + + if (!net_io_q_sam_logon("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!net_io_r_sam_logon("", &r, &rbuf, 0)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Return results */ + + result = r.status; + + done: + return result; +} diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index a935900faa..180d0cc771 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -258,6 +258,63 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, return result; } +/* Log on a domain user */ + +static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, + TALLOC_CTX *mem_ctx, int argc, + char **argv) +{ + unsigned char trust_passwd[16]; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + int validation_level = 3; + char *username, *password; + + /* Check arguments */ + + if (argc < 3 || argc > 4) { + fprintf(stderr, "Usage: samlogon <username> <password> " + "[validation level]\n"); + return NT_STATUS_OK; + } + + username = argv[1]; + password = argv[2]; + + if (argc == 4) + sscanf(argv[3], "%i", &validation_level); + + /* Authenticate ourselves with the domain controller */ + + if (!secrets_init()) { + fprintf(stderr, "Unable to initialise secrets database\n"); + return result; + } + + if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, + NULL)) { + fprintf(stderr, "could not fetch trust account password\n"); + goto done; + } + + result = cli_nt_setup_creds(cli, trust_passwd); + + if (!NT_STATUS_IS_OK(result)) { + fprintf(stderr, "Error initialising session creds\n"); + goto done; + } + + /* Perform the sam logon */ + + result = cli_netlogon_sam_logon(cli, mem_ctx, username, password, + validation_level); + + if (!NT_STATUS_IS_OK(result)) + goto done; + + done: + return result; +} + /* List of commands exported by this module */ struct cmd_set netlogon_commands[] = { @@ -268,6 +325,7 @@ struct cmd_set netlogon_commands[] = { { "logonctrl", cmd_netlogon_logon_ctrl, PIPE_NETLOGON, "Logon Control", "" }, { "samsync", cmd_netlogon_sam_sync, PIPE_NETLOGON, "Sam Synchronisation", "" }, { "samdeltas", cmd_netlogon_sam_deltas, PIPE_NETLOGON, "Query Sam Deltas", "" }, + { "samlogon", cmd_netlogon_sam_logon, PIPE_NETLOGON, "Sam Logon", "" }, { NULL } }; |