diff options
| -rw-r--r-- | source3/include/smb.h | 4 | ||||
| -rw-r--r-- | source3/libsmb/credentials.c | 11 | ||||
| -rw-r--r-- | source3/lsaparse.c | 116 | ||||
| -rw-r--r-- | source3/pipenetlog.c | 30 |
4 files changed, 90 insertions, 71 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 80b2f28f4a..11ec6940a6 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -741,7 +741,7 @@ typedef struct lsa_r_srv_pwset_info /* LSA_USER_INFO */ typedef struct lsa_q_user_info { - uint32 undoc_buffer; + uint32 ptr_user_info; NTTIME logon_time; /* logon time */ NTTIME logoff_time; /* logoff time */ @@ -809,7 +809,7 @@ typedef struct lsa_r_sam_logon_info uint32 buffer_creds; /* undocumented buffer pointer */ DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */ - uint32 buffer_user; + uint16 switch_value; /* 3 - indicates type of USER INFO */ LSA_USER_INFO *user; uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */ diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index d56598e98a..8881704a7a 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -130,6 +130,15 @@ int cred_assert(DOM_CHAL *cred, uint32 session_key[2], DOM_CHAL *stored_cred, DEBUG(5,(" challenge : %lx %lx\n", cred->data[0], cred->data[1])); DEBUG(5,(" calculated: %lx %lx\n", cred2.data[0], cred2.data[1])); - return memcmp(cred->data, cred2.data, 8) == 0; + if (memcmp(cred->data, cred2.data, 8) == 0) + { + DEBUG(5, ("credentials check ok\n")); + return True; + } + else + { + DEBUG(5, ("credentials check wrong\n")); + return False; + } } diff --git a/source3/lsaparse.c b/source3/lsaparse.c index aed110f1b4..ae3d06faac 100644 --- a/source3/lsaparse.c +++ b/source3/lsaparse.c @@ -368,63 +368,66 @@ char* lsa_io_user_info(BOOL io, LSA_USER_INFO *usr, char *q, char *base, int ali q = align_offset(q, base, align); - DBG_RW_IVAL("undoc_buffer ", depth, base, io, q, usr->undoc_buffer); q += 4; + DBG_RW_IVAL("ptr_user_info ", depth, base, io, q, usr->ptr_user_info); q += 4; - q = smb_io_time(io, &(usr->logon_time) , q, base, align, depth); /* logon time */ - q = smb_io_time(io, &(usr->logoff_time) , q, base, align, depth); /* logoff time */ - q = smb_io_time(io, &(usr->kickoff_time) , q, base, align, depth); /* kickoff time */ - q = smb_io_time(io, &(usr->pass_last_set_time) , q, base, align, depth); /* password last set time */ - q = smb_io_time(io, &(usr->pass_can_change_time) , q, base, align, depth); /* password can change time */ - q = smb_io_time(io, &(usr->pass_must_change_time), q, base, align, depth); /* password must change time */ - - q = smb_io_unihdr(io, &(usr->hdr_user_name) , q, base, align, depth); /* username unicode string header */ - q = smb_io_unihdr(io, &(usr->hdr_full_name) , q, base, align, depth); /* user's full name unicode string header */ - q = smb_io_unihdr(io, &(usr->hdr_logon_script), q, base, align, depth); /* logon script unicode string header */ - q = smb_io_unihdr(io, &(usr->hdr_profile_path), q, base, align, depth); /* profile path unicode string header */ - q = smb_io_unihdr(io, &(usr->hdr_home_dir) , q, base, align, depth); /* home directory unicode string header */ - q = smb_io_unihdr(io, &(usr->hdr_dir_drive) , q, base, align, depth); /* home directory drive unicode string header */ - - DBG_RW_SVAL("logon_count. ", depth, base, io, q, usr->logon_count ); q += 2; /* logon count */ - DBG_RW_SVAL("bad_pw_count ", depth, base, io, q, usr->bad_pw_count); q += 2; /* bad password count */ - - DBG_RW_IVAL("user_id ", depth, base, io, q, usr->user_id ); q += 4; /* User ID */ - DBG_RW_IVAL("group_id ", depth, base, io, q, usr->group_id ); q += 4; /* Group ID */ - DBG_RW_IVAL("num_groups ", depth, base, io, q, usr->num_groups ); q += 4; /* num groups */ - DBG_RW_IVAL("buffer_groups ", depth, base, io, q, usr->buffer_groups); q += 4; /* undocumented buffer pointer to groups. */ - DBG_RW_IVAL("user_flgs ", depth, base, io, q, usr->user_flgs ); q += 4; /* user flags */ - - DBG_RW_PCVAL("sess_key ", depth, base, io, q, usr->sess_key, 16); q += 16; /* unused user session key */ - - q = smb_io_unihdr(io, &(usr->hdr_logon_srv), q, base, align, depth); /* logon server unicode string header */ - q = smb_io_unihdr(io, &(usr->hdr_logon_dom), q, base, align, depth); /* logon domain unicode string header */ - - DBG_RW_IVAL("buffer_dom_id ", depth, base, io, q, usr->buffer_dom_id); q += 4; /* undocumented logon domain id pointer */ - DBG_RW_PCVAL("padding ", depth, base, io, q, usr->padding, 40); q += 40; /* unused padding bytes? */ - - DBG_RW_IVAL("num_other_sids", depth, base, io, q, usr->num_other_sids); q += 4; /* 0 - num_sids */ - DBG_RW_IVAL("buffer_other_sids", depth, base, io, q, usr->buffer_other_sids); q += 4; /* NULL - undocumented pointer to SIDs. */ - - q = smb_io_unistr2(io, &(usr->uni_user_name) , q, base, align, depth); /* username unicode string */ - q = smb_io_unistr2(io, &(usr->uni_full_name) , q, base, align, depth); /* user's full name unicode string */ - q = smb_io_unistr2(io, &(usr->uni_logon_script), q, base, align, depth); /* logon script unicode string */ - q = smb_io_unistr2(io, &(usr->uni_profile_path), q, base, align, depth); /* profile path unicode string */ - q = smb_io_unistr2(io, &(usr->uni_home_dir) , q, base, align, depth); /* home directory unicode string */ - q = smb_io_unistr2(io, &(usr->uni_dir_drive) , q, base, align, depth); /* home directory drive unicode string */ - - DBG_RW_IVAL("num_groups2 ", depth, base, io, q, usr->num_groups2); q += 4; /* num groups */ - for (i = 0; i < usr->num_groups2; i++) + if (usr->ptr_user_info != 0) { - q = smb_io_gid(io, &(usr->gids[i]), q, base, align, depth); /* group info */ - } + q = smb_io_time(io, &(usr->logon_time) , q, base, align, depth); /* logon time */ + q = smb_io_time(io, &(usr->logoff_time) , q, base, align, depth); /* logoff time */ + q = smb_io_time(io, &(usr->kickoff_time) , q, base, align, depth); /* kickoff time */ + q = smb_io_time(io, &(usr->pass_last_set_time) , q, base, align, depth); /* password last set time */ + q = smb_io_time(io, &(usr->pass_can_change_time) , q, base, align, depth); /* password can change time */ + q = smb_io_time(io, &(usr->pass_must_change_time), q, base, align, depth); /* password must change time */ + + q = smb_io_unihdr(io, &(usr->hdr_user_name) , q, base, align, depth); /* username unicode string header */ + q = smb_io_unihdr(io, &(usr->hdr_full_name) , q, base, align, depth); /* user's full name unicode string header */ + q = smb_io_unihdr(io, &(usr->hdr_logon_script), q, base, align, depth); /* logon script unicode string header */ + q = smb_io_unihdr(io, &(usr->hdr_profile_path), q, base, align, depth); /* profile path unicode string header */ + q = smb_io_unihdr(io, &(usr->hdr_home_dir) , q, base, align, depth); /* home directory unicode string header */ + q = smb_io_unihdr(io, &(usr->hdr_dir_drive) , q, base, align, depth); /* home directory drive unicode string header */ + + DBG_RW_SVAL("logon_count ", depth, base, io, q, usr->logon_count ); q += 2; /* logon count */ + DBG_RW_SVAL("bad_pw_count ", depth, base, io, q, usr->bad_pw_count); q += 2; /* bad password count */ + + DBG_RW_IVAL("user_id ", depth, base, io, q, usr->user_id ); q += 4; /* User ID */ + DBG_RW_IVAL("group_id ", depth, base, io, q, usr->group_id ); q += 4; /* Group ID */ + DBG_RW_IVAL("num_groups ", depth, base, io, q, usr->num_groups ); q += 4; /* num groups */ + DBG_RW_IVAL("buffer_groups ", depth, base, io, q, usr->buffer_groups); q += 4; /* undocumented buffer pointer to groups. */ + DBG_RW_IVAL("user_flgs ", depth, base, io, q, usr->user_flgs ); q += 4; /* user flags */ + + DBG_RW_PCVAL("sess_key ", depth, base, io, q, usr->sess_key, 16); q += 16; /* unused user session key */ + + q = smb_io_unihdr(io, &(usr->hdr_logon_srv), q, base, align, depth); /* logon server unicode string header */ + q = smb_io_unihdr(io, &(usr->hdr_logon_dom), q, base, align, depth); /* logon domain unicode string header */ + + DBG_RW_IVAL("buffer_dom_id ", depth, base, io, q, usr->buffer_dom_id); q += 4; /* undocumented logon domain id pointer */ + DBG_RW_PCVAL("padding ", depth, base, io, q, usr->padding, 40); q += 40; /* unused padding bytes? */ + + DBG_RW_IVAL("num_other_sids", depth, base, io, q, usr->num_other_sids); q += 4; /* 0 - num_sids */ + DBG_RW_IVAL("buffer_other_sids", depth, base, io, q, usr->buffer_other_sids); q += 4; /* NULL - undocumented pointer to SIDs. */ + + q = smb_io_unistr2(io, &(usr->uni_user_name) , q, base, align, depth); /* username unicode string */ + q = smb_io_unistr2(io, &(usr->uni_full_name) , q, base, align, depth); /* user's full name unicode string */ + q = smb_io_unistr2(io, &(usr->uni_logon_script), q, base, align, depth); /* logon script unicode string */ + q = smb_io_unistr2(io, &(usr->uni_profile_path), q, base, align, depth); /* profile path unicode string */ + q = smb_io_unistr2(io, &(usr->uni_home_dir) , q, base, align, depth); /* home directory unicode string */ + q = smb_io_unistr2(io, &(usr->uni_dir_drive) , q, base, align, depth); /* home directory drive unicode string */ + + DBG_RW_IVAL("num_groups2 ", depth, base, io, q, usr->num_groups2); q += 4; /* num groups */ + for (i = 0; i < usr->num_groups2; i++) + { + q = smb_io_gid(io, &(usr->gids[i]), q, base, align, depth); /* group info */ + } - q = smb_io_unistr2(io, &( usr->uni_logon_srv), q, base, align, depth); /* logon server unicode string */ - q = smb_io_unistr2(io, &( usr->uni_logon_dom), q, base, align, depth); /* logon domain unicode string */ + q = smb_io_unistr2(io, &( usr->uni_logon_srv), q, base, align, depth); /* logon server unicode string */ + q = smb_io_unistr2(io, &( usr->uni_logon_dom), q, base, align, depth); /* logon domain unicode string */ - q = smb_io_dom_sid(io, &(usr->dom_sid), q, base, align, depth); /* domain SID */ + q = smb_io_dom_sid(io, &(usr->dom_sid), q, base, align, depth); /* domain SID */ - for (i = 0; i < usr->num_other_sids; i++) - { - q = smb_io_dom_sid(io, &(usr->other_sids[i]), q, base, align, depth); /* other domain SIDs */ + for (i = 0; i < usr->num_other_sids; i++) + { + q = smb_io_dom_sid(io, &(usr->other_sids[i]), q, base, align, depth); /* other domain SIDs */ + } } return q; @@ -462,12 +465,9 @@ char* lsa_io_r_sam_logon(BOOL io, LSA_R_SAM_LOGON *r_l, char *q, char *base, int DBG_RW_IVAL("buffer_creds", depth, base, io, q, r_l->buffer_creds); q += 4; /* undocumented buffer pointer */ q = smb_io_cred(io, &(r_l->srv_creds), q, base, align, depth); /* server credentials. server time stamp appears to be ignored. */ - DBG_RW_IVAL("buffer_user ", depth, base, io, q, r_l->buffer_user); q += 4; - if (r_l->buffer_user != 0) - { - q = lsa_io_user_info(io, r_l->user, q, base, align, depth); - } - + DBG_RW_SVAL("switch_value", depth, base, io, q, r_l->switch_value); q += 2; /* 1 - Authoritative response; 0 - Non-Auth? */ + q = align_offset(q, base, align); + q = lsa_io_user_info(io, r_l->user, q, base, align, depth); DBG_RW_IVAL("auth_resp ", depth, base, io, q, r_l->auth_resp); q += 4; /* 1 - Authoritative response; 0 - Non-Auth? */ DBG_RW_IVAL("status ", depth, base, io, q, r_l->status); q += 4; diff --git a/source3/pipenetlog.c b/source3/pipenetlog.c index 14b2063951..f291620796 100644 --- a/source3/pipenetlog.c +++ b/source3/pipenetlog.c @@ -164,7 +164,7 @@ static void make_lsa_user_info(LSA_USER_INFO *usr, int len_logon_srv = strlen(logon_srv); int len_logon_dom = strlen(logon_dom); - usr->undoc_buffer = 1; /* yes, we're bothering to put USER_INFO data here */ + usr->ptr_user_info = 1; /* yes, we're bothering to put USER_INFO data here */ usr->logon_time = *logon_time; usr->logoff_time = *logoff_time; @@ -186,7 +186,7 @@ static void make_lsa_user_info(LSA_USER_INFO *usr, usr->user_id = user_id; usr->group_id = group_id; usr->num_groups = num_groups; - usr->buffer_groups = num_groups ? 1 : 0; /* yes, we're bothering to put group info in */ + usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */ usr->user_flgs = user_flgs; if (sess_key != NULL) @@ -240,8 +240,17 @@ static int lsa_reply_sam_logon(LSA_Q_SAM_LOGON *q_s, char *q, char *base, /* store the user information, if there is any. */ r_s.user = user_info; - r_s.buffer_user = user_info != NULL ? 1 : 0; - r_s.status = user_info != NULL ? 0 : (0xC000000|NT_STATUS_NO_SUCH_USER); + if (user_info != NULL && user_info->ptr_user_info != 0) + { + r_s.switch_value = 3; /* indicates type of validation user info */ + r_s.status = 0; + } + else + { + r_s.switch_value = 0; /* don't know what this value is supposed to be */ + r_s.status = 0xC000000|NT_STATUS_NO_SUCH_USER; + } + r_s.auth_resp = 1; /* authoritative response */ /* store the response in the SMB stream */ @@ -406,7 +415,7 @@ static BOOL deal_with_credentials(user_struct *vuser, srv_cred->timestamp.time = 0; /* check that the client credentials are valid */ - if (cred_assert(&(clnt_cred->challenge), vuser->dc.sess_key, + if (!cred_assert(&(clnt_cred->challenge), vuser->dc.sess_key, &(vuser->dc.clnt_cred), clnt_cred->timestamp)) { return False; @@ -478,7 +487,6 @@ static void api_lsa_sam_logon( user_struct *vuser, { LSA_Q_SAM_LOGON q_l; LSA_USER_INFO usr_info; - LSA_USER_INFO *p_usr_info = NULL; DOM_CRED srv_creds; @@ -523,9 +531,7 @@ static void api_lsa_sam_logon( user_struct *vuser, standard_sub_basic(home_dir); #endif - p_usr_info = &usr_info; - - make_lsa_user_info(p_usr_info, + make_lsa_user_info(&usr_info, &dummy_time, /* logon_time */ &dummy_time, /* logoff_time */ @@ -558,9 +564,13 @@ static void api_lsa_sam_logon( user_struct *vuser, dom_sid, /* char *dom_sid */ NULL); /* char *other_sids */ } + else + { + usr_info.ptr_user_info = 0; + } *rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata, - &srv_creds, p_usr_info); + &srv_creds, &usr_info); } |