diff options
-rw-r--r-- | source3/include/authdata.h | 134 | ||||
-rw-r--r-- | source3/include/rpc_netlogon.h | 246 | ||||
-rw-r--r-- | source3/rpc_client/init_netlogon.c | 11 | ||||
-rw-r--r-- | source3/rpc_parse/parse_net.c | 664 |
4 files changed, 12 insertions, 1043 deletions
diff --git a/source3/include/authdata.h b/source3/include/authdata.h index 8125f05639..59f07fb42d 100644 --- a/source3/include/authdata.h +++ b/source3/include/authdata.h @@ -19,7 +19,7 @@ */ #ifndef _AUTHDATA_H -#define _AUTHDATA_H +#define _AUTHDATA_H #include "rpc_misc.h" #include "rpc_netlogon.h" @@ -37,136 +37,4 @@ #define KRB5_AUTHDATA_IF_RELEVANT 1 #endif - -typedef struct pac_logon_name { - NTTIME logon_time; - uint16 len; - uint8 *username; /* Actually always little-endian. might not be null terminated, so not UNISTR */ -} PAC_LOGON_NAME; - -typedef struct pac_signature_data { - uint32 type; - RPC_DATA_BLOB signature; /* this not the on-wire-format (!) */ -} PAC_SIGNATURE_DATA; - -typedef struct group_membership { - uint32 rid; - uint32 attrs; -} GROUP_MEMBERSHIP; - -typedef struct group_membership_array { - uint32 count; - GROUP_MEMBERSHIP *group_membership; -} GROUP_MEMBERSHIP_ARRAY; - -#if 0 /* Unused, replaced by NET_USER_INFO_3 - Guenther */ - -typedef struct krb_sid_and_attrs { - uint32 sid_ptr; - uint32 attrs; - DOM_SID2 *sid; -} KRB_SID_AND_ATTRS; - -typedef struct krb_sid_and_attr_array { - uint32 count; - KRB_SID_AND_ATTRS *krb_sid_and_attrs; -} KRB_SID_AND_ATTR_ARRAY; - - -/* This is awfully similar to a samr_user_info_23, but not identical. - Many of the field names have been swiped from there, because it is - so similar that they are likely the same, but many have been verified. - Some are in a different order, though... */ -typedef struct pac_logon_info { - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - UNIHDR hdr_user_name; /* user name unicode string header */ - UNIHDR hdr_full_name; /* user's full name unicode string header */ - UNIHDR hdr_logon_script; /* these last 4 appear to be in a different */ - UNIHDR hdr_profile_path; /* order than in the info23 */ - UNIHDR hdr_home_dir; - UNIHDR hdr_dir_drive; - - uint16 logon_count; /* number of times user has logged onto domain */ - uint16 bad_password_count; /* samba4 idl */ - - uint32 user_rid; - uint32 group_rid; - uint32 group_count; - uint32 group_membership_ptr; - uint32 user_flags; - - uint8 session_key[16]; /* samba4 idl */ - UNIHDR hdr_dom_controller; - UNIHDR hdr_dom_name; - - uint32 ptr_dom_sid; - - uint8 lm_session_key[8]; /* samba4 idl */ - uint32 acct_flags; /* samba4 idl */ - uint32 unknown[7]; - - uint32 sid_count; - uint32 ptr_extra_sids; - - uint32 ptr_res_group_dom_sid; - uint32 res_group_count; - uint32 ptr_res_groups; - - UNISTR2 uni_user_name; /* user name unicode string header */ - UNISTR2 uni_full_name; /* user's full name unicode string header */ - UNISTR2 uni_logon_script; /* these last 4 appear to be in a different*/ - UNISTR2 uni_profile_path; /* order than in the info23 */ - UNISTR2 uni_home_dir; - UNISTR2 uni_dir_drive; - UNISTR2 uni_dom_controller; - UNISTR2 uni_dom_name; - DOM_SID2 dom_sid; - GROUP_MEMBERSHIP_ARRAY groups; - KRB_SID_AND_ATTR_ARRAY extra_sids; - DOM_SID2 res_group_dom_sid; - GROUP_MEMBERSHIP_ARRAY res_groups; - -} PAC_LOGON_INFO; -#endif - -typedef struct pac_logon_info { - NET_USER_INFO_3 info3; - DOM_SID2 res_group_dom_sid; - GROUP_MEMBERSHIP_ARRAY res_groups; - -} PAC_LOGON_INFO; - -typedef struct pac_info_ctr -{ - union - { - PAC_LOGON_INFO *logon_info; - PAC_SIGNATURE_DATA *srv_cksum; - PAC_SIGNATURE_DATA *privsrv_cksum; - PAC_LOGON_NAME *logon_name; - } pac; -} PAC_INFO_CTR; - -typedef struct pac_buffer { - uint32 type; - uint32 size; - uint32 offset; - uint32 offsethi; - PAC_INFO_CTR *ctr; - uint32 pad; -} PAC_BUFFER; - -typedef struct pac_data { - uint32 num_buffers; - uint32 version; - PAC_BUFFER *pac_buffer; -} PAC_DATA; - - #endif diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index c6d5651a9c..8058b71e80 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -81,183 +81,6 @@ #define MSV1_0_RETURN_PROFILE_PATH 0x00000200 #endif -#if 0 -/* I think this is correct - it's what gets parsed on the wire. JRA. */ -/* NET_USER_INFO_2 */ -typedef struct net_user_info_2 { - uint32 ptr_user_info; - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - UNIHDR hdr_user_name; /* username unicode string header */ - UNIHDR hdr_full_name; /* user's full name unicode string header */ - UNIHDR hdr_logon_script; /* logon script unicode string header */ - UNIHDR hdr_profile_path; /* profile path unicode string header */ - UNIHDR hdr_home_dir; /* home directory unicode string header */ - UNIHDR hdr_dir_drive; /* home directory drive unicode string header */ - - uint16 logon_count; /* logon count */ - uint16 bad_pw_count; /* bad password count */ - - uint32 user_id; /* User ID */ - uint32 group_id; /* Group ID */ - uint32 num_groups; /* num groups */ - uint32 buffer_groups; /* undocumented buffer pointer to groups. */ - uint32 user_flgs; /* user flags */ - - uint8 user_sess_key[16]; /* unused user session key */ - - UNIHDR hdr_logon_srv; /* logon server unicode string header */ - UNIHDR hdr_logon_dom; /* logon domain unicode string header */ - - uint32 buffer_dom_id; /* undocumented logon domain id pointer */ - uint8 padding[40]; /* unused padding bytes. expansion room */ - - UNISTR2 uni_user_name; /* username unicode string */ - UNISTR2 uni_full_name; /* user's full name unicode string */ - UNISTR2 uni_logon_script; /* logon script unicode string */ - UNISTR2 uni_profile_path; /* profile path unicode string */ - UNISTR2 uni_home_dir; /* home directory unicode string */ - UNISTR2 uni_dir_drive; /* home directory drive unicode string */ - - uint32 num_groups2; /* num groups */ - DOM_GID *gids; /* group info */ - - UNISTR2 uni_logon_srv; /* logon server unicode string */ - UNISTR2 uni_logon_dom; /* logon domain unicode string */ - - DOM_SID2 dom_sid; /* domain SID */ - - uint32 num_other_groups; /* other groups */ - DOM_GID *other_gids; /* group info */ - DOM_SID2 *other_sids; /* undocumented - domain SIDs */ - -} NET_USER_INFO_2; -#endif - -/* NET_USER_INFO_2 */ -typedef struct net_user_info_2 { - uint32 ptr_user_info; - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - UNIHDR hdr_user_name; /* username unicode string header */ - UNIHDR hdr_full_name; /* user's full name unicode string header */ - UNIHDR hdr_logon_script; /* logon script unicode string header */ - UNIHDR hdr_profile_path; /* profile path unicode string header */ - UNIHDR hdr_home_dir; /* home directory unicode string header */ - UNIHDR hdr_dir_drive; /* home directory drive unicode string header */ - - uint16 logon_count; /* logon count */ - uint16 bad_pw_count; /* bad password count */ - - uint32 user_rid; /* User RID */ - uint32 group_rid; /* Group RID */ - - uint32 num_groups; /* num groups */ - uint32 buffer_groups; /* undocumented buffer pointer to groups. */ - uint32 user_flgs; /* user flags */ - - uint8 user_sess_key[16]; /* user session key */ - - UNIHDR hdr_logon_srv; /* logon server unicode string header */ - UNIHDR hdr_logon_dom; /* logon domain unicode string header */ - - uint32 buffer_dom_id; /* undocumented logon domain id pointer */ - uint8 lm_sess_key[8]; /* lm session key */ - uint32 acct_flags; /* account flags */ - uint32 unknown[7]; /* unknown */ - - UNISTR2 uni_user_name; /* username unicode string */ - UNISTR2 uni_full_name; /* user's full name unicode string */ - UNISTR2 uni_logon_script; /* logon script unicode string */ - UNISTR2 uni_profile_path; /* profile path unicode string */ - UNISTR2 uni_home_dir; /* home directory unicode string */ - UNISTR2 uni_dir_drive; /* home directory drive unicode string */ - - UNISTR2 uni_logon_srv; /* logon server unicode string */ - UNISTR2 uni_logon_dom; /* logon domain unicode string */ - - DOM_SID2 dom_sid; /* domain SID */ -} NET_USER_INFO_2; - -/* NET_USER_INFO_3 */ -typedef struct net_user_info_3 { - uint32 ptr_user_info; - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - UNIHDR hdr_user_name; /* username unicode string header */ - UNIHDR hdr_full_name; /* user's full name unicode string header */ - UNIHDR hdr_logon_script; /* logon script unicode string header */ - UNIHDR hdr_profile_path; /* profile path unicode string header */ - UNIHDR hdr_home_dir; /* home directory unicode string header */ - UNIHDR hdr_dir_drive; /* home directory drive unicode string header */ - - uint16 logon_count; /* logon count */ - uint16 bad_pw_count; /* bad password count */ - - uint32 user_rid; /* User RID */ - uint32 group_rid; /* Group RID */ - - uint32 num_groups; /* num groups */ - uint32 buffer_groups; /* undocumented buffer pointer to groups. */ - uint32 user_flgs; /* user flags */ - - uint8 user_sess_key[16]; /* user session key */ - - UNIHDR hdr_logon_srv; /* logon server unicode string header */ - UNIHDR hdr_logon_dom; /* logon domain unicode string header */ - - uint32 buffer_dom_id; /* undocumented logon domain id pointer */ - uint8 lm_sess_key[8]; /* lm session key */ - uint32 acct_flags; /* account flags */ - uint32 unknown[7]; /* unknown */ - - uint32 num_other_sids; /* number of foreign/trusted domain sids */ - uint32 buffer_other_sids; - - /* The next three uint32 are not really part of user_info_3 but here - * for parsing convenience. They are only valid in Kerberos PAC - * parsing - Guenther */ - uint32 ptr_res_group_dom_sid; - uint32 res_group_count; - uint32 ptr_res_groups; - - UNISTR2 uni_user_name; /* username unicode string */ - UNISTR2 uni_full_name; /* user's full name unicode string */ - UNISTR2 uni_logon_script; /* logon script unicode string */ - UNISTR2 uni_profile_path; /* profile path unicode string */ - UNISTR2 uni_home_dir; /* home directory unicode string */ - UNISTR2 uni_dir_drive; /* home directory drive unicode string */ - - uint32 num_groups2; /* num groups */ - DOM_GID *gids; /* group info */ - - UNISTR2 uni_logon_srv; /* logon server unicode string */ - UNISTR2 uni_logon_dom; /* logon domain unicode string */ - - DOM_SID2 dom_sid; /* domain SID */ - - DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */ - uint32 *other_sids_attrib; -} NET_USER_INFO_3; - /* NEG_FLAGS */ typedef struct neg_flags_info { uint32 neg_flags; /* negotiated flags */ @@ -279,78 +102,9 @@ typedef struct net_r_auth3_info { } NET_R_AUTH_3; -/* NET_ID_INFO_2 */ -typedef struct net_network_info_2 { - uint32 ptr_id_info2; /* pointer to id_info_2 */ - UNIHDR hdr_domain_name; /* domain name unicode header */ - uint32 param_ctrl; /* param control (0x2) */ - DOM_LOGON_ID logon_id; /* logon ID */ - UNIHDR hdr_user_name; /* user name unicode header */ - UNIHDR hdr_wksta_name; /* workstation name unicode header */ - uint8 lm_chal[8]; /* lan manager 8 byte challenge */ - STRHDR hdr_nt_chal_resp; /* nt challenge response */ - STRHDR hdr_lm_chal_resp; /* lm challenge response */ - - UNISTR2 uni_domain_name; /* domain name unicode string */ - UNISTR2 uni_user_name; /* user name unicode string */ - UNISTR2 uni_wksta_name; /* workgroup name unicode string */ - STRING2 nt_chal_resp; /* nt challenge response */ - STRING2 lm_chal_resp; /* lm challenge response */ -} NET_ID_INFO_2; - -/* NET_ID_INFO_1 */ -typedef struct id_info_1 { - uint32 ptr_id_info1; /* pointer to id_info_1 */ - UNIHDR hdr_domain_name; /* domain name unicode header */ - uint32 param_ctrl; /* param control */ - DOM_LOGON_ID logon_id; /* logon ID */ - UNIHDR hdr_user_name; /* user name unicode header */ - UNIHDR hdr_wksta_name; /* workstation name unicode header */ - OWF_INFO lm_owf; /* LM OWF Password */ - OWF_INFO nt_owf; /* NT OWF Password */ - UNISTR2 uni_domain_name; /* domain name unicode string */ - UNISTR2 uni_user_name; /* user name unicode string */ - UNISTR2 uni_wksta_name; /* workgroup name unicode string */ -} NET_ID_INFO_1; - #define INTERACTIVE_LOGON_TYPE 1 #define NET_LOGON_TYPE 2 -/* NET_ID_INFO_CTR */ -typedef struct net_id_info_ctr_info { - uint16 switch_value; - - union { - NET_ID_INFO_1 id1; /* auth-level 1 - interactive user login */ - NET_ID_INFO_2 id2; /* auth-level 2 - workstation referred login */ - } auth; -} NET_ID_INFO_CTR; - -/* SAM_INFO - sam logon/off id structure - no creds */ -typedef struct sam_info_ex { - DOM_CLNT_SRV client; - uint16 logon_level; - NET_ID_INFO_CTR *ctr; -} DOM_SAM_INFO_EX; - -/* NET_Q_SAM_LOGON_EX */ -typedef struct net_q_sam_logon_info_ex { - DOM_SAM_INFO_EX sam_id; - uint16 validation_level; - uint32 flags; -} NET_Q_SAM_LOGON_EX; - -/* NET_R_SAM_LOGON_EX */ -typedef struct net_r_sam_logon_info_ex { - uint16 switch_value; /* 3 - indicates type of USER INFO */ - NET_USER_INFO_3 *user; - - uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */ - uint32 flags; - - NTSTATUS status; /* return code */ -} NET_R_SAM_LOGON_EX; - /* LOCKOUT_STRING */ typedef struct account_lockout_string { uint32 array_size; diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index f63c54999f..62f1fac626 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -158,6 +158,17 @@ void init_netr_IdentityInfo(struct netr_IdentityInfo *r, /******************************************************************* inits a structure. + This is a network logon packet. The log_id parameters + are what an NT server would generate for LUID once the + user is logged on. I don't think we care about them. + + Note that this has no access to the NT and LM hashed passwords, + so it forwards the challenge, and the NT and LM responses (24 + bytes each) over the secure channel to the Domain controller + for it to say yea or nay. This is the preferred method of + checking for a logon as it doesn't export the password + hashes to anyone who has compromised the secure channel. JRA. + ********************************************************************/ void init_netr_NetworkInfo(struct netr_NetworkInfo *r, diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 38ea7846b7..c8f4862fc7 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -115,667 +115,3 @@ bool net_io_r_auth_3(const char *desc, NET_R_AUTH_3 *r_a, prs_struct *ps, int de return True; } - -/******************************************************************* - Inits a NET_ID_INFO_1 structure. -********************************************************************/ - -void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name, - uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high, - const char *user_name, const char *wksta_name, - const char *sess_key, - unsigned char lm_cypher[16], unsigned char nt_cypher[16]) -{ - unsigned char lm_owf[16]; - unsigned char nt_owf[16]; - - DEBUG(5,("init_id_info1: %d\n", __LINE__)); - - id->ptr_id_info1 = 1; - - id->param_ctrl = param_ctrl; - init_logon_id(&id->logon_id, log_id_low, log_id_high); - - - if (lm_cypher && nt_cypher) { - unsigned char key[16]; -#ifdef DEBUG_PASSWORD - DEBUG(100,("lm cypher:")); - dump_data(100, lm_cypher, 16); - - DEBUG(100,("nt cypher:")); - dump_data(100, nt_cypher, 16); -#endif - - memset(key, 0, 16); - memcpy(key, sess_key, 8); - - memcpy(lm_owf, lm_cypher, 16); - SamOEMhash(lm_owf, key, 16); - memcpy(nt_owf, nt_cypher, 16); - SamOEMhash(nt_owf, key, 16); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("encrypt of lm owf password:")); - dump_data(100, lm_owf, 16); - - DEBUG(100,("encrypt of nt owf password:")); - dump_data(100, nt_owf, 16); -#endif - /* set up pointers to cypher blocks */ - lm_cypher = lm_owf; - nt_cypher = nt_owf; - } - - init_owf_info(&id->lm_owf, lm_cypher); - init_owf_info(&id->nt_owf, nt_cypher); - - init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE); - init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name); - init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE); - init_uni_hdr(&id->hdr_user_name, &id->uni_user_name); - init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE); - init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name); -} - -/******************************************************************* - Reads or writes an NET_ID_INFO_1 structure. -********************************************************************/ - -static bool net_io_id_info1(const char *desc, NET_ID_INFO_1 *id, prs_struct *ps, int depth) -{ - if (id == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_id_info1"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_id_info1", ps, depth, &id->ptr_id_info1)) - return False; - - if (id->ptr_id_info1 != 0) { - if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth)) - return False; - - if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl)) - return False; - if(!smb_io_logon_id("", &id->logon_id, ps, depth)) - return False; - - if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth)) - return False; - if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth)) - return False; - - if(!smb_io_owf_info("", &id->lm_owf, ps, depth)) - return False; - if(!smb_io_owf_info("", &id->nt_owf, ps, depth)) - return False; - - if(!smb_io_unistr2("unistr2", &id->uni_domain_name, - id->hdr_domain_name.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("unistr2", &id->uni_user_name, - id->hdr_user_name.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("unistr2", &id->uni_wksta_name, - id->hdr_wksta_name.buffer, ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* -Inits a NET_ID_INFO_2 structure. - -This is a network logon packet. The log_id parameters -are what an NT server would generate for LUID once the -user is logged on. I don't think we care about them. - -Note that this has no access to the NT and LM hashed passwords, -so it forwards the challenge, and the NT and LM responses (24 -bytes each) over the secure channel to the Domain controller -for it to say yea or nay. This is the preferred method of -checking for a logon as it doesn't export the password -hashes to anyone who has compromised the secure channel. JRA. -********************************************************************/ - -void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name, - uint32 param_ctrl, - uint32 log_id_low, uint32 log_id_high, - const char *user_name, const char *wksta_name, - const uchar lm_challenge[8], - const uchar * lm_chal_resp, size_t lm_chal_resp_len, - const uchar * nt_chal_resp, size_t nt_chal_resp_len) -{ - - DEBUG(5,("init_id_info2: %d\n", __LINE__)); - - id->ptr_id_info2 = 1; - - id->param_ctrl = param_ctrl; - init_logon_id(&id->logon_id, log_id_low, log_id_high); - - memcpy(id->lm_chal, lm_challenge, sizeof(id->lm_chal)); - init_str_hdr(&id->hdr_nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0); - init_str_hdr(&id->hdr_lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len, (lm_chal_resp != NULL) ? 1 : 0); - - init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE); - init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name); - init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE); - init_uni_hdr(&id->hdr_user_name, &id->uni_user_name); - init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE); - init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name); - - init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len); - init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len); - -} - -/******************************************************************* - Reads or writes an NET_ID_INFO_2 structure. -********************************************************************/ - -static bool net_io_id_info2(const char *desc, NET_ID_INFO_2 *id, prs_struct *ps, int depth) -{ - if (id == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_id_info2"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_id_info2", ps, depth, &id->ptr_id_info2)) - return False; - - if (id->ptr_id_info2 != 0) { - if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth)) - return False; - - if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl)) - return False; - if(!smb_io_logon_id("", &id->logon_id, ps, depth)) - return False; - - if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth)) - return False; - if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth)) - return False; - - if(!prs_uint8s (False, "lm_chal", ps, depth, id->lm_chal, 8)) /* lm 8 byte challenge */ - return False; - - if(!smb_io_strhdr("hdr_nt_chal_resp", &id->hdr_nt_chal_resp, ps, depth)) - return False; - if(!smb_io_strhdr("hdr_lm_chal_resp", &id->hdr_lm_chal_resp, ps, depth)) - return False; - - if(!smb_io_unistr2("uni_domain_name", &id->uni_domain_name, - id->hdr_domain_name.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_user_name ", &id->uni_user_name, - id->hdr_user_name.buffer, ps, depth)) - return False; - if(!smb_io_unistr2("uni_wksta_name ", &id->uni_wksta_name, - id->hdr_wksta_name.buffer, ps, depth)) - return False; - if(!smb_io_string2("nt_chal_resp", &id->nt_chal_resp, - id->hdr_nt_chal_resp.buffer, ps, depth)) - return False; - if(!smb_io_string2("lm_chal_resp", &id->lm_chal_resp, - id->hdr_lm_chal_resp.buffer, ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Inits a DOM_SAM_INFO structure. -********************************************************************/ - -void init_sam_info_ex(DOM_SAM_INFO_EX *sam, - const char *logon_srv, const char *comp_name, - uint16 logon_level, NET_ID_INFO_CTR *ctr) -{ - DEBUG(5,("init_sam_info_ex: %d\n", __LINE__)); - - init_clnt_srv(&sam->client, logon_srv, comp_name); - sam->logon_level = logon_level; - sam->ctr = ctr; -} - -/******************************************************************* - Reads or writes a DOM_SAM_INFO structure. -********************************************************************/ - -static bool net_io_id_info_ctr(const char *desc, NET_ID_INFO_CTR **pp_ctr, prs_struct *ps, int depth) -{ - NET_ID_INFO_CTR *ctr = *pp_ctr; - - prs_debug(ps, depth, desc, "smb_io_sam_info_ctr"); - depth++; - - if (UNMARSHALLING(ps)) { - ctr = *pp_ctr = PRS_ALLOC_MEM(ps, NET_ID_INFO_CTR, 1); - if (ctr == NULL) - return False; - } - - if (ctr == NULL) - return False; - - /* don't 4-byte align here! */ - - if(!prs_uint16("switch_value ", ps, depth, &ctr->switch_value)) - return False; - - switch (ctr->switch_value) { - case 1: - if(!net_io_id_info1("", &ctr->auth.id1, ps, depth)) - return False; - break; - case 2: - if(!net_io_id_info2("", &ctr->auth.id2, ps, depth)) - return False; - break; - default: - /* PANIC! */ - DEBUG(4,("smb_io_sam_info_ctr: unknown switch_value!\n")); - break; - } - - return True; -} - -/******************************************************************* - Reads or writes a DOM_SAM_INFO_EX structure. - ********************************************************************/ - -static bool smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam, prs_struct *ps, int depth) -{ - if (sam == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_sam_info_ex"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_clnt_srv("", &sam->client, ps, depth)) - return False; - - if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level)) - return False; - - if (sam->logon_level != 0) { - if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth)) - return False; - } - - return True; -} - -static void dump_acct_flags(uint32 acct_flags) { - - int lvl = 10; - DEBUG(lvl,("dump_acct_flags\n")); - if (acct_flags & ACB_NORMAL) { - DEBUGADD(lvl,("\taccount has ACB_NORMAL\n")); - } - if (acct_flags & ACB_PWNOEXP) { - DEBUGADD(lvl,("\taccount has ACB_PWNOEXP\n")); - } - if (acct_flags & ACB_ENC_TXT_PWD_ALLOWED) { - DEBUGADD(lvl,("\taccount has ACB_ENC_TXT_PWD_ALLOWED\n")); - } - if (acct_flags & ACB_NOT_DELEGATED) { - DEBUGADD(lvl,("\taccount has ACB_NOT_DELEGATED\n")); - } - if (acct_flags & ACB_USE_DES_KEY_ONLY) { - DEBUGADD(lvl,("\taccount has ACB_USE_DES_KEY_ONLY set, sig verify wont work\n")); - } - if (acct_flags & ACB_NO_AUTH_DATA_REQD) { - DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n")); - } - if (acct_flags & ACB_PW_EXPIRED) { - DEBUGADD(lvl,("\taccount has ACB_PW_EXPIRED set\n")); - } -} - -static void dump_user_flgs(uint32 user_flags) { - - int lvl = 10; - DEBUG(lvl,("dump_user_flgs\n")); - if (user_flags & NETLOGON_EXTRA_SIDS) { - DEBUGADD(lvl,("\taccount has NETLOGON_EXTRA_SIDS\n")); - } - if (user_flags & NETLOGON_RESOURCE_GROUPS) { - DEBUGADD(lvl,("\taccount has NETLOGON_RESOURCE_GROUPS\n")); - } - if (user_flags & NETLOGON_NTLMV2_ENABLED) { - DEBUGADD(lvl,("\taccount has NETLOGON_NTLMV2_ENABLED\n")); - } - if (user_flags & NETLOGON_CACHED_ACCOUNT) { - DEBUGADD(lvl,("\taccount has NETLOGON_CACHED_ACCOUNT\n")); - } - if (user_flags & NETLOGON_PROFILE_PATH_RETURNED) { - DEBUGADD(lvl,("\taccount has NETLOGON_PROFILE_PATH_RETURNED\n")); - } - if (user_flags & NETLOGON_SERVER_TRUST_ACCOUNT) { - DEBUGADD(lvl,("\taccount has NETLOGON_SERVER_TRUST_ACCOUNT\n")); - } - - -} - -/******************************************************************* - This code has been modified to cope with a NET_USER_INFO_2 - which is - exactly the same as a NET_USER_INFO_3, minus the other sids parameters. - We use validation level to determine if we're marshalling a info 2 or - INFO_3 - be we always return an INFO_3. Based on code donated by Marc - Jacobsen at HP. JRA. -********************************************************************/ - -bool net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, - int depth, uint16 validation_level, bool kerb_validation_level) -{ - unsigned int i; - - if (usr == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_user_info3"); - depth++; - - if (UNMARSHALLING(ps)) - ZERO_STRUCTP(usr); - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_user_info ", ps, depth, &usr->ptr_user_info)) - return False; - - if (usr->ptr_user_info == 0) - return True; - - if(!smb_io_time("logon time", &usr->logon_time, ps, depth)) /* logon time */ - return False; - if(!smb_io_time("logoff time", &usr->logoff_time, ps, depth)) /* logoff time */ - return False; - if(!smb_io_time("kickoff time", &usr->kickoff_time, ps, depth)) /* kickoff time */ - return False; - if(!smb_io_time("last set time", &usr->pass_last_set_time, ps, depth)) /* password last set time */ - return False; - if(!smb_io_time("can change time", &usr->pass_can_change_time , ps, depth)) /* password can change time */ - return False; - if(!smb_io_time("must change time", &usr->pass_must_change_time, ps, depth)) /* password must change time */ - return False; - - if(!smb_io_unihdr("hdr_user_name", &usr->hdr_user_name, ps, depth)) /* username unicode string header */ - return False; - if(!smb_io_unihdr("hdr_full_name", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */ - return False; - if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */ - return False; - if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */ - return False; - if(!smb_io_unihdr("hdr_home_dir", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */ - return False; - if(!smb_io_unihdr("hdr_dir_drive", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */ - return False; - - if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count)) /* logon count */ - return False; - if(!prs_uint16("bad_pw_count ", ps, depth, &usr->bad_pw_count)) /* bad password count */ - return False; - - if(!prs_uint32("user_rid ", ps, depth, &usr->user_rid)) /* User RID */ - return False; - if(!prs_uint32("group_rid ", ps, depth, &usr->group_rid)) /* Group RID */ - return False; - if(!prs_uint32("num_groups ", ps, depth, &usr->num_groups)) /* num groups */ - return False; - if(!prs_uint32("buffer_groups ", ps, depth, &usr->buffer_groups)) /* undocumented buffer pointer to groups. */ - return False; - if(!prs_uint32("user_flgs ", ps, depth, &usr->user_flgs)) /* user flags */ - return False; - dump_user_flgs(usr->user_flgs); - if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* user session key */ - return False; - - if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */ - return False; - if(!smb_io_unihdr("hdr_logon_dom", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */ - return False; - - if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */ - return False; - - if(!prs_uint8s(False, "lm_sess_key", ps, depth, usr->lm_sess_key, 8)) /* lm session key */ - return False; - - if(!prs_uint32("acct_flags ", ps, depth, &usr->acct_flags)) /* Account flags */ - return False; - dump_acct_flags(usr->acct_flags); - for (i = 0; i < 7; i++) - { - if (!prs_uint32("unkown", ps, depth, &usr->unknown[i])) /* unknown */ - return False; - } - - if (validation_level == 3) { - if(!prs_uint32("num_other_sids", ps, depth, &usr->num_other_sids)) /* 0 - num_sids */ - return False; - if(!prs_uint32("buffer_other_sids", ps, depth, &usr->buffer_other_sids)) /* NULL - undocumented pointer to SIDs. */ - return False; - } else { - if (UNMARSHALLING(ps)) { - usr->num_other_sids = 0; - usr->buffer_other_sids = 0; - } - } - - /* get kerb validation info (not really part of user_info_3) - Guenther */ - - if (kerb_validation_level) { - - if(!prs_uint32("ptr_res_group_dom_sid", ps, depth, &usr->ptr_res_group_dom_sid)) - return False; - if(!prs_uint32("res_group_count", ps, depth, &usr->res_group_count)) - return False; - if(!prs_uint32("ptr_res_groups", ps, depth, &usr->ptr_res_groups)) - return False; - } - - if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */ - return False; - if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */ - return False; - if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */ - return False; - if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */ - return False; - if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */ - return False; - if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */ - return False; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("num_groups2 ", ps, depth, &usr->num_groups2)) /* num groups2 */ - return False; - - if (usr->num_groups != usr->num_groups2) { - DEBUG(3,("net_io_user_info3: num_groups mismatch! (%d != %d)\n", - usr->num_groups, usr->num_groups2)); - return False; - } - - if (UNMARSHALLING(ps)) { - if (usr->num_groups) { - usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups); - if (usr->gids == NULL) - return False; - } else { - usr->gids = NULL; - } - } - - for (i = 0; i < usr->num_groups; i++) { - if(!smb_io_gid("", &usr->gids[i], ps, depth)) /* group info */ - return False; - } - - if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */ - return False; - if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_dom.buffer, ps, depth)) /* logon domain unicode string */ - return False; - - if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */ - return False; - - if (validation_level == 3 && usr->buffer_other_sids) { - - uint32 num_other_sids = usr->num_other_sids; - - if (!(usr->user_flgs & NETLOGON_EXTRA_SIDS)) { - DEBUG(10,("net_io_user_info3: user_flgs attribute does not have NETLOGON_EXTRA_SIDS\n")); - /* return False; */ - } - - if (!prs_uint32("num_other_sids", ps, depth, - &num_other_sids)) - return False; - - if (num_other_sids != usr->num_other_sids) - return False; - - if (UNMARSHALLING(ps)) { - if (usr->num_other_sids) { - usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids); - usr->other_sids_attrib = - PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids); - } else { - usr->other_sids = NULL; - usr->other_sids_attrib = NULL; - } - - if ((num_other_sids != 0) && - ((usr->other_sids == NULL) || - (usr->other_sids_attrib == NULL))) - return False; - } - - /* First the pointers to the SIDS and attributes */ - - depth++; - - for (i=0; i<usr->num_other_sids; i++) { - uint32 ptr = 1; - - if (!prs_uint32("sid_ptr", ps, depth, &ptr)) - return False; - - if (UNMARSHALLING(ps) && (ptr == 0)) - return False; - - if (!prs_uint32("attribute", ps, depth, - &usr->other_sids_attrib[i])) - return False; - } - - for (i = 0; i < usr->num_other_sids; i++) { - if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */ - return False; - } - - depth--; - } - - return True; -} - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -bool net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l, prs_struct *ps, int depth) -{ - if (q_l == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_q_sam_logon_ex"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_sam_info_ex("", &q_l->sam_id, ps, depth)) - return False; - - if(!prs_align_uint16(ps)) - return False; - - if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level)) - return False; - - if (!prs_align(ps)) - return False; - - if(!prs_uint32("flags ", ps, depth, &q_l->flags)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -bool net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l, prs_struct *ps, int depth) -{ - if (r_l == NULL) - return False; - - prs_debug(ps, depth, desc, "net_io_r_sam_logon_ex"); - depth++; - - if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value)) - return False; - if(!prs_align(ps)) - return False; - -#if 1 /* W2k always needs this - even for bad passwd. JRA */ - if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False)) - return False; -#else - if (r_l->switch_value != 0) { - if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False)) - return False; - } -#endif - - if(!prs_uint32("auth_resp ", ps, depth, &r_l->auth_resp)) /* 1 - Authoritative response; 0 - Non-Auth? */ - return False; - - if(!prs_uint32("flags ", ps, depth, &r_l->flags)) - return False; - - if(!prs_ntstatus("status ", ps, depth, &r_l->status)) - return False; - - if(!prs_align(ps)) - return False; - - return True; -} |