summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/authdata.h134
-rw-r--r--source3/include/rpc_netlogon.h246
-rw-r--r--source3/rpc_client/init_netlogon.c11
-rw-r--r--source3/rpc_parse/parse_net.c664
4 files changed, 12 insertions, 1043 deletions
diff --git a/source3/include/authdata.h b/source3/include/authdata.h
index 8125f05639..59f07fb42d 100644
--- a/source3/include/authdata.h
+++ b/source3/include/authdata.h
@@ -19,7 +19,7 @@
*/
#ifndef _AUTHDATA_H
-#define _AUTHDATA_H
+#define _AUTHDATA_H
#include "rpc_misc.h"
#include "rpc_netlogon.h"
@@ -37,136 +37,4 @@
#define KRB5_AUTHDATA_IF_RELEVANT 1
#endif
-
-typedef struct pac_logon_name {
- NTTIME logon_time;
- uint16 len;
- uint8 *username; /* Actually always little-endian. might not be null terminated, so not UNISTR */
-} PAC_LOGON_NAME;
-
-typedef struct pac_signature_data {
- uint32 type;
- RPC_DATA_BLOB signature; /* this not the on-wire-format (!) */
-} PAC_SIGNATURE_DATA;
-
-typedef struct group_membership {
- uint32 rid;
- uint32 attrs;
-} GROUP_MEMBERSHIP;
-
-typedef struct group_membership_array {
- uint32 count;
- GROUP_MEMBERSHIP *group_membership;
-} GROUP_MEMBERSHIP_ARRAY;
-
-#if 0 /* Unused, replaced by NET_USER_INFO_3 - Guenther */
-
-typedef struct krb_sid_and_attrs {
- uint32 sid_ptr;
- uint32 attrs;
- DOM_SID2 *sid;
-} KRB_SID_AND_ATTRS;
-
-typedef struct krb_sid_and_attr_array {
- uint32 count;
- KRB_SID_AND_ATTRS *krb_sid_and_attrs;
-} KRB_SID_AND_ATTR_ARRAY;
-
-
-/* This is awfully similar to a samr_user_info_23, but not identical.
- Many of the field names have been swiped from there, because it is
- so similar that they are likely the same, but many have been verified.
- Some are in a different order, though... */
-typedef struct pac_logon_info {
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- UNIHDR hdr_user_name; /* user name unicode string header */
- UNIHDR hdr_full_name; /* user's full name unicode string header */
- UNIHDR hdr_logon_script; /* these last 4 appear to be in a different */
- UNIHDR hdr_profile_path; /* order than in the info23 */
- UNIHDR hdr_home_dir;
- UNIHDR hdr_dir_drive;
-
- uint16 logon_count; /* number of times user has logged onto domain */
- uint16 bad_password_count; /* samba4 idl */
-
- uint32 user_rid;
- uint32 group_rid;
- uint32 group_count;
- uint32 group_membership_ptr;
- uint32 user_flags;
-
- uint8 session_key[16]; /* samba4 idl */
- UNIHDR hdr_dom_controller;
- UNIHDR hdr_dom_name;
-
- uint32 ptr_dom_sid;
-
- uint8 lm_session_key[8]; /* samba4 idl */
- uint32 acct_flags; /* samba4 idl */
- uint32 unknown[7];
-
- uint32 sid_count;
- uint32 ptr_extra_sids;
-
- uint32 ptr_res_group_dom_sid;
- uint32 res_group_count;
- uint32 ptr_res_groups;
-
- UNISTR2 uni_user_name; /* user name unicode string header */
- UNISTR2 uni_full_name; /* user's full name unicode string header */
- UNISTR2 uni_logon_script; /* these last 4 appear to be in a different*/
- UNISTR2 uni_profile_path; /* order than in the info23 */
- UNISTR2 uni_home_dir;
- UNISTR2 uni_dir_drive;
- UNISTR2 uni_dom_controller;
- UNISTR2 uni_dom_name;
- DOM_SID2 dom_sid;
- GROUP_MEMBERSHIP_ARRAY groups;
- KRB_SID_AND_ATTR_ARRAY extra_sids;
- DOM_SID2 res_group_dom_sid;
- GROUP_MEMBERSHIP_ARRAY res_groups;
-
-} PAC_LOGON_INFO;
-#endif
-
-typedef struct pac_logon_info {
- NET_USER_INFO_3 info3;
- DOM_SID2 res_group_dom_sid;
- GROUP_MEMBERSHIP_ARRAY res_groups;
-
-} PAC_LOGON_INFO;
-
-typedef struct pac_info_ctr
-{
- union
- {
- PAC_LOGON_INFO *logon_info;
- PAC_SIGNATURE_DATA *srv_cksum;
- PAC_SIGNATURE_DATA *privsrv_cksum;
- PAC_LOGON_NAME *logon_name;
- } pac;
-} PAC_INFO_CTR;
-
-typedef struct pac_buffer {
- uint32 type;
- uint32 size;
- uint32 offset;
- uint32 offsethi;
- PAC_INFO_CTR *ctr;
- uint32 pad;
-} PAC_BUFFER;
-
-typedef struct pac_data {
- uint32 num_buffers;
- uint32 version;
- PAC_BUFFER *pac_buffer;
-} PAC_DATA;
-
-
#endif
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h
index c6d5651a9c..8058b71e80 100644
--- a/source3/include/rpc_netlogon.h
+++ b/source3/include/rpc_netlogon.h
@@ -81,183 +81,6 @@
#define MSV1_0_RETURN_PROFILE_PATH 0x00000200
#endif
-#if 0
-/* I think this is correct - it's what gets parsed on the wire. JRA. */
-/* NET_USER_INFO_2 */
-typedef struct net_user_info_2 {
- uint32 ptr_user_info;
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- UNIHDR hdr_user_name; /* username unicode string header */
- UNIHDR hdr_full_name; /* user's full name unicode string header */
- UNIHDR hdr_logon_script; /* logon script unicode string header */
- UNIHDR hdr_profile_path; /* profile path unicode string header */
- UNIHDR hdr_home_dir; /* home directory unicode string header */
- UNIHDR hdr_dir_drive; /* home directory drive unicode string header */
-
- uint16 logon_count; /* logon count */
- uint16 bad_pw_count; /* bad password count */
-
- uint32 user_id; /* User ID */
- uint32 group_id; /* Group ID */
- uint32 num_groups; /* num groups */
- uint32 buffer_groups; /* undocumented buffer pointer to groups. */
- uint32 user_flgs; /* user flags */
-
- uint8 user_sess_key[16]; /* unused user session key */
-
- UNIHDR hdr_logon_srv; /* logon server unicode string header */
- UNIHDR hdr_logon_dom; /* logon domain unicode string header */
-
- uint32 buffer_dom_id; /* undocumented logon domain id pointer */
- uint8 padding[40]; /* unused padding bytes. expansion room */
-
- UNISTR2 uni_user_name; /* username unicode string */
- UNISTR2 uni_full_name; /* user's full name unicode string */
- UNISTR2 uni_logon_script; /* logon script unicode string */
- UNISTR2 uni_profile_path; /* profile path unicode string */
- UNISTR2 uni_home_dir; /* home directory unicode string */
- UNISTR2 uni_dir_drive; /* home directory drive unicode string */
-
- uint32 num_groups2; /* num groups */
- DOM_GID *gids; /* group info */
-
- UNISTR2 uni_logon_srv; /* logon server unicode string */
- UNISTR2 uni_logon_dom; /* logon domain unicode string */
-
- DOM_SID2 dom_sid; /* domain SID */
-
- uint32 num_other_groups; /* other groups */
- DOM_GID *other_gids; /* group info */
- DOM_SID2 *other_sids; /* undocumented - domain SIDs */
-
-} NET_USER_INFO_2;
-#endif
-
-/* NET_USER_INFO_2 */
-typedef struct net_user_info_2 {
- uint32 ptr_user_info;
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- UNIHDR hdr_user_name; /* username unicode string header */
- UNIHDR hdr_full_name; /* user's full name unicode string header */
- UNIHDR hdr_logon_script; /* logon script unicode string header */
- UNIHDR hdr_profile_path; /* profile path unicode string header */
- UNIHDR hdr_home_dir; /* home directory unicode string header */
- UNIHDR hdr_dir_drive; /* home directory drive unicode string header */
-
- uint16 logon_count; /* logon count */
- uint16 bad_pw_count; /* bad password count */
-
- uint32 user_rid; /* User RID */
- uint32 group_rid; /* Group RID */
-
- uint32 num_groups; /* num groups */
- uint32 buffer_groups; /* undocumented buffer pointer to groups. */
- uint32 user_flgs; /* user flags */
-
- uint8 user_sess_key[16]; /* user session key */
-
- UNIHDR hdr_logon_srv; /* logon server unicode string header */
- UNIHDR hdr_logon_dom; /* logon domain unicode string header */
-
- uint32 buffer_dom_id; /* undocumented logon domain id pointer */
- uint8 lm_sess_key[8]; /* lm session key */
- uint32 acct_flags; /* account flags */
- uint32 unknown[7]; /* unknown */
-
- UNISTR2 uni_user_name; /* username unicode string */
- UNISTR2 uni_full_name; /* user's full name unicode string */
- UNISTR2 uni_logon_script; /* logon script unicode string */
- UNISTR2 uni_profile_path; /* profile path unicode string */
- UNISTR2 uni_home_dir; /* home directory unicode string */
- UNISTR2 uni_dir_drive; /* home directory drive unicode string */
-
- UNISTR2 uni_logon_srv; /* logon server unicode string */
- UNISTR2 uni_logon_dom; /* logon domain unicode string */
-
- DOM_SID2 dom_sid; /* domain SID */
-} NET_USER_INFO_2;
-
-/* NET_USER_INFO_3 */
-typedef struct net_user_info_3 {
- uint32 ptr_user_info;
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- UNIHDR hdr_user_name; /* username unicode string header */
- UNIHDR hdr_full_name; /* user's full name unicode string header */
- UNIHDR hdr_logon_script; /* logon script unicode string header */
- UNIHDR hdr_profile_path; /* profile path unicode string header */
- UNIHDR hdr_home_dir; /* home directory unicode string header */
- UNIHDR hdr_dir_drive; /* home directory drive unicode string header */
-
- uint16 logon_count; /* logon count */
- uint16 bad_pw_count; /* bad password count */
-
- uint32 user_rid; /* User RID */
- uint32 group_rid; /* Group RID */
-
- uint32 num_groups; /* num groups */
- uint32 buffer_groups; /* undocumented buffer pointer to groups. */
- uint32 user_flgs; /* user flags */
-
- uint8 user_sess_key[16]; /* user session key */
-
- UNIHDR hdr_logon_srv; /* logon server unicode string header */
- UNIHDR hdr_logon_dom; /* logon domain unicode string header */
-
- uint32 buffer_dom_id; /* undocumented logon domain id pointer */
- uint8 lm_sess_key[8]; /* lm session key */
- uint32 acct_flags; /* account flags */
- uint32 unknown[7]; /* unknown */
-
- uint32 num_other_sids; /* number of foreign/trusted domain sids */
- uint32 buffer_other_sids;
-
- /* The next three uint32 are not really part of user_info_3 but here
- * for parsing convenience. They are only valid in Kerberos PAC
- * parsing - Guenther */
- uint32 ptr_res_group_dom_sid;
- uint32 res_group_count;
- uint32 ptr_res_groups;
-
- UNISTR2 uni_user_name; /* username unicode string */
- UNISTR2 uni_full_name; /* user's full name unicode string */
- UNISTR2 uni_logon_script; /* logon script unicode string */
- UNISTR2 uni_profile_path; /* profile path unicode string */
- UNISTR2 uni_home_dir; /* home directory unicode string */
- UNISTR2 uni_dir_drive; /* home directory drive unicode string */
-
- uint32 num_groups2; /* num groups */
- DOM_GID *gids; /* group info */
-
- UNISTR2 uni_logon_srv; /* logon server unicode string */
- UNISTR2 uni_logon_dom; /* logon domain unicode string */
-
- DOM_SID2 dom_sid; /* domain SID */
-
- DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */
- uint32 *other_sids_attrib;
-} NET_USER_INFO_3;
-
/* NEG_FLAGS */
typedef struct neg_flags_info {
uint32 neg_flags; /* negotiated flags */
@@ -279,78 +102,9 @@ typedef struct net_r_auth3_info {
} NET_R_AUTH_3;
-/* NET_ID_INFO_2 */
-typedef struct net_network_info_2 {
- uint32 ptr_id_info2; /* pointer to id_info_2 */
- UNIHDR hdr_domain_name; /* domain name unicode header */
- uint32 param_ctrl; /* param control (0x2) */
- DOM_LOGON_ID logon_id; /* logon ID */
- UNIHDR hdr_user_name; /* user name unicode header */
- UNIHDR hdr_wksta_name; /* workstation name unicode header */
- uint8 lm_chal[8]; /* lan manager 8 byte challenge */
- STRHDR hdr_nt_chal_resp; /* nt challenge response */
- STRHDR hdr_lm_chal_resp; /* lm challenge response */
-
- UNISTR2 uni_domain_name; /* domain name unicode string */
- UNISTR2 uni_user_name; /* user name unicode string */
- UNISTR2 uni_wksta_name; /* workgroup name unicode string */
- STRING2 nt_chal_resp; /* nt challenge response */
- STRING2 lm_chal_resp; /* lm challenge response */
-} NET_ID_INFO_2;
-
-/* NET_ID_INFO_1 */
-typedef struct id_info_1 {
- uint32 ptr_id_info1; /* pointer to id_info_1 */
- UNIHDR hdr_domain_name; /* domain name unicode header */
- uint32 param_ctrl; /* param control */
- DOM_LOGON_ID logon_id; /* logon ID */
- UNIHDR hdr_user_name; /* user name unicode header */
- UNIHDR hdr_wksta_name; /* workstation name unicode header */
- OWF_INFO lm_owf; /* LM OWF Password */
- OWF_INFO nt_owf; /* NT OWF Password */
- UNISTR2 uni_domain_name; /* domain name unicode string */
- UNISTR2 uni_user_name; /* user name unicode string */
- UNISTR2 uni_wksta_name; /* workgroup name unicode string */
-} NET_ID_INFO_1;
-
#define INTERACTIVE_LOGON_TYPE 1
#define NET_LOGON_TYPE 2
-/* NET_ID_INFO_CTR */
-typedef struct net_id_info_ctr_info {
- uint16 switch_value;
-
- union {
- NET_ID_INFO_1 id1; /* auth-level 1 - interactive user login */
- NET_ID_INFO_2 id2; /* auth-level 2 - workstation referred login */
- } auth;
-} NET_ID_INFO_CTR;
-
-/* SAM_INFO - sam logon/off id structure - no creds */
-typedef struct sam_info_ex {
- DOM_CLNT_SRV client;
- uint16 logon_level;
- NET_ID_INFO_CTR *ctr;
-} DOM_SAM_INFO_EX;
-
-/* NET_Q_SAM_LOGON_EX */
-typedef struct net_q_sam_logon_info_ex {
- DOM_SAM_INFO_EX sam_id;
- uint16 validation_level;
- uint32 flags;
-} NET_Q_SAM_LOGON_EX;
-
-/* NET_R_SAM_LOGON_EX */
-typedef struct net_r_sam_logon_info_ex {
- uint16 switch_value; /* 3 - indicates type of USER INFO */
- NET_USER_INFO_3 *user;
-
- uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
- uint32 flags;
-
- NTSTATUS status; /* return code */
-} NET_R_SAM_LOGON_EX;
-
/* LOCKOUT_STRING */
typedef struct account_lockout_string {
uint32 array_size;
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
index f63c54999f..62f1fac626 100644
--- a/source3/rpc_client/init_netlogon.c
+++ b/source3/rpc_client/init_netlogon.c
@@ -158,6 +158,17 @@ void init_netr_IdentityInfo(struct netr_IdentityInfo *r,
/*******************************************************************
inits a structure.
+ This is a network logon packet. The log_id parameters
+ are what an NT server would generate for LUID once the
+ user is logged on. I don't think we care about them.
+
+ Note that this has no access to the NT and LM hashed passwords,
+ so it forwards the challenge, and the NT and LM responses (24
+ bytes each) over the secure channel to the Domain controller
+ for it to say yea or nay. This is the preferred method of
+ checking for a logon as it doesn't export the password
+ hashes to anyone who has compromised the secure channel. JRA.
+
********************************************************************/
void init_netr_NetworkInfo(struct netr_NetworkInfo *r,
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 38ea7846b7..c8f4862fc7 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -115,667 +115,3 @@ bool net_io_r_auth_3(const char *desc, NET_R_AUTH_3 *r_a, prs_struct *ps, int de
return True;
}
-
-/*******************************************************************
- Inits a NET_ID_INFO_1 structure.
-********************************************************************/
-
-void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name,
- uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
- const char *user_name, const char *wksta_name,
- const char *sess_key,
- unsigned char lm_cypher[16], unsigned char nt_cypher[16])
-{
- unsigned char lm_owf[16];
- unsigned char nt_owf[16];
-
- DEBUG(5,("init_id_info1: %d\n", __LINE__));
-
- id->ptr_id_info1 = 1;
-
- id->param_ctrl = param_ctrl;
- init_logon_id(&id->logon_id, log_id_low, log_id_high);
-
-
- if (lm_cypher && nt_cypher) {
- unsigned char key[16];
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("lm cypher:"));
- dump_data(100, lm_cypher, 16);
-
- DEBUG(100,("nt cypher:"));
- dump_data(100, nt_cypher, 16);
-#endif
-
- memset(key, 0, 16);
- memcpy(key, sess_key, 8);
-
- memcpy(lm_owf, lm_cypher, 16);
- SamOEMhash(lm_owf, key, 16);
- memcpy(nt_owf, nt_cypher, 16);
- SamOEMhash(nt_owf, key, 16);
-
-#ifdef DEBUG_PASSWORD
- DEBUG(100,("encrypt of lm owf password:"));
- dump_data(100, lm_owf, 16);
-
- DEBUG(100,("encrypt of nt owf password:"));
- dump_data(100, nt_owf, 16);
-#endif
- /* set up pointers to cypher blocks */
- lm_cypher = lm_owf;
- nt_cypher = nt_owf;
- }
-
- init_owf_info(&id->lm_owf, lm_cypher);
- init_owf_info(&id->nt_owf, nt_cypher);
-
- init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name);
- init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_user_name, &id->uni_user_name);
- init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name);
-}
-
-/*******************************************************************
- Reads or writes an NET_ID_INFO_1 structure.
-********************************************************************/
-
-static bool net_io_id_info1(const char *desc, NET_ID_INFO_1 *id, prs_struct *ps, int depth)
-{
- if (id == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_id_info1");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!prs_uint32("ptr_id_info1", ps, depth, &id->ptr_id_info1))
- return False;
-
- if (id->ptr_id_info1 != 0) {
- if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
- return False;
-
- if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
- return False;
- if(!smb_io_logon_id("", &id->logon_id, ps, depth))
- return False;
-
- if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
- return False;
- if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
- return False;
-
- if(!smb_io_owf_info("", &id->lm_owf, ps, depth))
- return False;
- if(!smb_io_owf_info("", &id->nt_owf, ps, depth))
- return False;
-
- if(!smb_io_unistr2("unistr2", &id->uni_domain_name,
- id->hdr_domain_name.buffer, ps, depth))
- return False;
- if(!smb_io_unistr2("unistr2", &id->uni_user_name,
- id->hdr_user_name.buffer, ps, depth))
- return False;
- if(!smb_io_unistr2("unistr2", &id->uni_wksta_name,
- id->hdr_wksta_name.buffer, ps, depth))
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
-Inits a NET_ID_INFO_2 structure.
-
-This is a network logon packet. The log_id parameters
-are what an NT server would generate for LUID once the
-user is logged on. I don't think we care about them.
-
-Note that this has no access to the NT and LM hashed passwords,
-so it forwards the challenge, and the NT and LM responses (24
-bytes each) over the secure channel to the Domain controller
-for it to say yea or nay. This is the preferred method of
-checking for a logon as it doesn't export the password
-hashes to anyone who has compromised the secure channel. JRA.
-********************************************************************/
-
-void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
- uint32 param_ctrl,
- uint32 log_id_low, uint32 log_id_high,
- const char *user_name, const char *wksta_name,
- const uchar lm_challenge[8],
- const uchar * lm_chal_resp, size_t lm_chal_resp_len,
- const uchar * nt_chal_resp, size_t nt_chal_resp_len)
-{
-
- DEBUG(5,("init_id_info2: %d\n", __LINE__));
-
- id->ptr_id_info2 = 1;
-
- id->param_ctrl = param_ctrl;
- init_logon_id(&id->logon_id, log_id_low, log_id_high);
-
- memcpy(id->lm_chal, lm_challenge, sizeof(id->lm_chal));
- init_str_hdr(&id->hdr_nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0);
- init_str_hdr(&id->hdr_lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len, (lm_chal_resp != NULL) ? 1 : 0);
-
- init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name);
- init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_user_name, &id->uni_user_name);
- init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE);
- init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name);
-
- init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
- init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
-
-}
-
-/*******************************************************************
- Reads or writes an NET_ID_INFO_2 structure.
-********************************************************************/
-
-static bool net_io_id_info2(const char *desc, NET_ID_INFO_2 *id, prs_struct *ps, int depth)
-{
- if (id == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_id_info2");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!prs_uint32("ptr_id_info2", ps, depth, &id->ptr_id_info2))
- return False;
-
- if (id->ptr_id_info2 != 0) {
- if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
- return False;
-
- if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
- return False;
- if(!smb_io_logon_id("", &id->logon_id, ps, depth))
- return False;
-
- if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
- return False;
- if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
- return False;
-
- if(!prs_uint8s (False, "lm_chal", ps, depth, id->lm_chal, 8)) /* lm 8 byte challenge */
- return False;
-
- if(!smb_io_strhdr("hdr_nt_chal_resp", &id->hdr_nt_chal_resp, ps, depth))
- return False;
- if(!smb_io_strhdr("hdr_lm_chal_resp", &id->hdr_lm_chal_resp, ps, depth))
- return False;
-
- if(!smb_io_unistr2("uni_domain_name", &id->uni_domain_name,
- id->hdr_domain_name.buffer, ps, depth))
- return False;
- if(!smb_io_unistr2("uni_user_name ", &id->uni_user_name,
- id->hdr_user_name.buffer, ps, depth))
- return False;
- if(!smb_io_unistr2("uni_wksta_name ", &id->uni_wksta_name,
- id->hdr_wksta_name.buffer, ps, depth))
- return False;
- if(!smb_io_string2("nt_chal_resp", &id->nt_chal_resp,
- id->hdr_nt_chal_resp.buffer, ps, depth))
- return False;
- if(!smb_io_string2("lm_chal_resp", &id->lm_chal_resp,
- id->hdr_lm_chal_resp.buffer, ps, depth))
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- Inits a DOM_SAM_INFO structure.
-********************************************************************/
-
-void init_sam_info_ex(DOM_SAM_INFO_EX *sam,
- const char *logon_srv, const char *comp_name,
- uint16 logon_level, NET_ID_INFO_CTR *ctr)
-{
- DEBUG(5,("init_sam_info_ex: %d\n", __LINE__));
-
- init_clnt_srv(&sam->client, logon_srv, comp_name);
- sam->logon_level = logon_level;
- sam->ctr = ctr;
-}
-
-/*******************************************************************
- Reads or writes a DOM_SAM_INFO structure.
-********************************************************************/
-
-static bool net_io_id_info_ctr(const char *desc, NET_ID_INFO_CTR **pp_ctr, prs_struct *ps, int depth)
-{
- NET_ID_INFO_CTR *ctr = *pp_ctr;
-
- prs_debug(ps, depth, desc, "smb_io_sam_info_ctr");
- depth++;
-
- if (UNMARSHALLING(ps)) {
- ctr = *pp_ctr = PRS_ALLOC_MEM(ps, NET_ID_INFO_CTR, 1);
- if (ctr == NULL)
- return False;
- }
-
- if (ctr == NULL)
- return False;
-
- /* don't 4-byte align here! */
-
- if(!prs_uint16("switch_value ", ps, depth, &ctr->switch_value))
- return False;
-
- switch (ctr->switch_value) {
- case 1:
- if(!net_io_id_info1("", &ctr->auth.id1, ps, depth))
- return False;
- break;
- case 2:
- if(!net_io_id_info2("", &ctr->auth.id2, ps, depth))
- return False;
- break;
- default:
- /* PANIC! */
- DEBUG(4,("smb_io_sam_info_ctr: unknown switch_value!\n"));
- break;
- }
-
- return True;
-}
-
-/*******************************************************************
- Reads or writes a DOM_SAM_INFO_EX structure.
- ********************************************************************/
-
-static bool smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam, prs_struct *ps, int depth)
-{
- if (sam == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "smb_io_sam_info_ex");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!smb_io_clnt_srv("", &sam->client, ps, depth))
- return False;
-
- if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level))
- return False;
-
- if (sam->logon_level != 0) {
- if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth))
- return False;
- }
-
- return True;
-}
-
-static void dump_acct_flags(uint32 acct_flags) {
-
- int lvl = 10;
- DEBUG(lvl,("dump_acct_flags\n"));
- if (acct_flags & ACB_NORMAL) {
- DEBUGADD(lvl,("\taccount has ACB_NORMAL\n"));
- }
- if (acct_flags & ACB_PWNOEXP) {
- DEBUGADD(lvl,("\taccount has ACB_PWNOEXP\n"));
- }
- if (acct_flags & ACB_ENC_TXT_PWD_ALLOWED) {
- DEBUGADD(lvl,("\taccount has ACB_ENC_TXT_PWD_ALLOWED\n"));
- }
- if (acct_flags & ACB_NOT_DELEGATED) {
- DEBUGADD(lvl,("\taccount has ACB_NOT_DELEGATED\n"));
- }
- if (acct_flags & ACB_USE_DES_KEY_ONLY) {
- DEBUGADD(lvl,("\taccount has ACB_USE_DES_KEY_ONLY set, sig verify wont work\n"));
- }
- if (acct_flags & ACB_NO_AUTH_DATA_REQD) {
- DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n"));
- }
- if (acct_flags & ACB_PW_EXPIRED) {
- DEBUGADD(lvl,("\taccount has ACB_PW_EXPIRED set\n"));
- }
-}
-
-static void dump_user_flgs(uint32 user_flags) {
-
- int lvl = 10;
- DEBUG(lvl,("dump_user_flgs\n"));
- if (user_flags & NETLOGON_EXTRA_SIDS) {
- DEBUGADD(lvl,("\taccount has NETLOGON_EXTRA_SIDS\n"));
- }
- if (user_flags & NETLOGON_RESOURCE_GROUPS) {
- DEBUGADD(lvl,("\taccount has NETLOGON_RESOURCE_GROUPS\n"));
- }
- if (user_flags & NETLOGON_NTLMV2_ENABLED) {
- DEBUGADD(lvl,("\taccount has NETLOGON_NTLMV2_ENABLED\n"));
- }
- if (user_flags & NETLOGON_CACHED_ACCOUNT) {
- DEBUGADD(lvl,("\taccount has NETLOGON_CACHED_ACCOUNT\n"));
- }
- if (user_flags & NETLOGON_PROFILE_PATH_RETURNED) {
- DEBUGADD(lvl,("\taccount has NETLOGON_PROFILE_PATH_RETURNED\n"));
- }
- if (user_flags & NETLOGON_SERVER_TRUST_ACCOUNT) {
- DEBUGADD(lvl,("\taccount has NETLOGON_SERVER_TRUST_ACCOUNT\n"));
- }
-
-
-}
-
-/*******************************************************************
- This code has been modified to cope with a NET_USER_INFO_2 - which is
- exactly the same as a NET_USER_INFO_3, minus the other sids parameters.
- We use validation level to determine if we're marshalling a info 2 or
- INFO_3 - be we always return an INFO_3. Based on code donated by Marc
- Jacobsen at HP. JRA.
-********************************************************************/
-
-bool net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps,
- int depth, uint16 validation_level, bool kerb_validation_level)
-{
- unsigned int i;
-
- if (usr == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_user_info3");
- depth++;
-
- if (UNMARSHALLING(ps))
- ZERO_STRUCTP(usr);
-
- if(!prs_align(ps))
- return False;
-
- if(!prs_uint32("ptr_user_info ", ps, depth, &usr->ptr_user_info))
- return False;
-
- if (usr->ptr_user_info == 0)
- return True;
-
- if(!smb_io_time("logon time", &usr->logon_time, ps, depth)) /* logon time */
- return False;
- if(!smb_io_time("logoff time", &usr->logoff_time, ps, depth)) /* logoff time */
- return False;
- if(!smb_io_time("kickoff time", &usr->kickoff_time, ps, depth)) /* kickoff time */
- return False;
- if(!smb_io_time("last set time", &usr->pass_last_set_time, ps, depth)) /* password last set time */
- return False;
- if(!smb_io_time("can change time", &usr->pass_can_change_time , ps, depth)) /* password can change time */
- return False;
- if(!smb_io_time("must change time", &usr->pass_must_change_time, ps, depth)) /* password must change time */
- return False;
-
- if(!smb_io_unihdr("hdr_user_name", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
- return False;
- if(!smb_io_unihdr("hdr_full_name", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
- return False;
- if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
- return False;
- if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
- return False;
- if(!smb_io_unihdr("hdr_home_dir", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
- return False;
- if(!smb_io_unihdr("hdr_dir_drive", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
- return False;
-
- if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count)) /* logon count */
- return False;
- if(!prs_uint16("bad_pw_count ", ps, depth, &usr->bad_pw_count)) /* bad password count */
- return False;
-
- if(!prs_uint32("user_rid ", ps, depth, &usr->user_rid)) /* User RID */
- return False;
- if(!prs_uint32("group_rid ", ps, depth, &usr->group_rid)) /* Group RID */
- return False;
- if(!prs_uint32("num_groups ", ps, depth, &usr->num_groups)) /* num groups */
- return False;
- if(!prs_uint32("buffer_groups ", ps, depth, &usr->buffer_groups)) /* undocumented buffer pointer to groups. */
- return False;
- if(!prs_uint32("user_flgs ", ps, depth, &usr->user_flgs)) /* user flags */
- return False;
- dump_user_flgs(usr->user_flgs);
- if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* user session key */
- return False;
-
- if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
- return False;
- if(!smb_io_unihdr("hdr_logon_dom", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
- return False;
-
- if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */
- return False;
-
- if(!prs_uint8s(False, "lm_sess_key", ps, depth, usr->lm_sess_key, 8)) /* lm session key */
- return False;
-
- if(!prs_uint32("acct_flags ", ps, depth, &usr->acct_flags)) /* Account flags */
- return False;
- dump_acct_flags(usr->acct_flags);
- for (i = 0; i < 7; i++)
- {
- if (!prs_uint32("unkown", ps, depth, &usr->unknown[i])) /* unknown */
- return False;
- }
-
- if (validation_level == 3) {
- if(!prs_uint32("num_other_sids", ps, depth, &usr->num_other_sids)) /* 0 - num_sids */
- return False;
- if(!prs_uint32("buffer_other_sids", ps, depth, &usr->buffer_other_sids)) /* NULL - undocumented pointer to SIDs. */
- return False;
- } else {
- if (UNMARSHALLING(ps)) {
- usr->num_other_sids = 0;
- usr->buffer_other_sids = 0;
- }
- }
-
- /* get kerb validation info (not really part of user_info_3) - Guenther */
-
- if (kerb_validation_level) {
-
- if(!prs_uint32("ptr_res_group_dom_sid", ps, depth, &usr->ptr_res_group_dom_sid))
- return False;
- if(!prs_uint32("res_group_count", ps, depth, &usr->res_group_count))
- return False;
- if(!prs_uint32("ptr_res_groups", ps, depth, &usr->ptr_res_groups))
- return False;
- }
-
- if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
- return False;
- if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
- return False;
- if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
- return False;
- if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
- return False;
- if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
- return False;
- if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
- return False;
-
- if(!prs_align(ps))
- return False;
-
- if(!prs_uint32("num_groups2 ", ps, depth, &usr->num_groups2)) /* num groups2 */
- return False;
-
- if (usr->num_groups != usr->num_groups2) {
- DEBUG(3,("net_io_user_info3: num_groups mismatch! (%d != %d)\n",
- usr->num_groups, usr->num_groups2));
- return False;
- }
-
- if (UNMARSHALLING(ps)) {
- if (usr->num_groups) {
- usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups);
- if (usr->gids == NULL)
- return False;
- } else {
- usr->gids = NULL;
- }
- }
-
- for (i = 0; i < usr->num_groups; i++) {
- if(!smb_io_gid("", &usr->gids[i], ps, depth)) /* group info */
- return False;
- }
-
- if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
- return False;
- if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_dom.buffer, ps, depth)) /* logon domain unicode string */
- return False;
-
- if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */
- return False;
-
- if (validation_level == 3 && usr->buffer_other_sids) {
-
- uint32 num_other_sids = usr->num_other_sids;
-
- if (!(usr->user_flgs & NETLOGON_EXTRA_SIDS)) {
- DEBUG(10,("net_io_user_info3: user_flgs attribute does not have NETLOGON_EXTRA_SIDS\n"));
- /* return False; */
- }
-
- if (!prs_uint32("num_other_sids", ps, depth,
- &num_other_sids))
- return False;
-
- if (num_other_sids != usr->num_other_sids)
- return False;
-
- if (UNMARSHALLING(ps)) {
- if (usr->num_other_sids) {
- usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids);
- usr->other_sids_attrib =
- PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids);
- } else {
- usr->other_sids = NULL;
- usr->other_sids_attrib = NULL;
- }
-
- if ((num_other_sids != 0) &&
- ((usr->other_sids == NULL) ||
- (usr->other_sids_attrib == NULL)))
- return False;
- }
-
- /* First the pointers to the SIDS and attributes */
-
- depth++;
-
- for (i=0; i<usr->num_other_sids; i++) {
- uint32 ptr = 1;
-
- if (!prs_uint32("sid_ptr", ps, depth, &ptr))
- return False;
-
- if (UNMARSHALLING(ps) && (ptr == 0))
- return False;
-
- if (!prs_uint32("attribute", ps, depth,
- &usr->other_sids_attrib[i]))
- return False;
- }
-
- for (i = 0; i < usr->num_other_sids; i++) {
- if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */
- return False;
- }
-
- depth--;
- }
-
- return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l, prs_struct *ps, int depth)
-{
- if (q_l == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_q_sam_logon_ex");
- depth++;
-
- if(!prs_align(ps))
- return False;
-
- if(!smb_io_sam_info_ex("", &q_l->sam_id, ps, depth))
- return False;
-
- if(!prs_align_uint16(ps))
- return False;
-
- if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level))
- return False;
-
- if (!prs_align(ps))
- return False;
-
- if(!prs_uint32("flags ", ps, depth, &q_l->flags))
- return False;
-
- return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l, prs_struct *ps, int depth)
-{
- if (r_l == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "net_io_r_sam_logon_ex");
- depth++;
-
- if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value))
- return False;
- if(!prs_align(ps))
- return False;
-
-#if 1 /* W2k always needs this - even for bad passwd. JRA */
- if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False))
- return False;
-#else
- if (r_l->switch_value != 0) {
- if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False))
- return False;
- }
-#endif
-
- if(!prs_uint32("auth_resp ", ps, depth, &r_l->auth_resp)) /* 1 - Authoritative response; 0 - Non-Auth? */
- return False;
-
- if(!prs_uint32("flags ", ps, depth, &r_l->flags))
- return False;
-
- if(!prs_ntstatus("status ", ps, depth, &r_l->status))
- return False;
-
- if(!prs_align(ps))
- return False;
-
- return True;
-}