summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h377
-rw-r--r--source3/smbparse.c32
2 files changed, 403 insertions, 6 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index b999c13667..eb20a16cd3 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -257,10 +257,14 @@ typedef fstring string;
/* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */
-typedef uint32 UTIME;
+typedef struct time_info
+{
+ uint32 time;
+
+} UTIME;
/* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
-typedef struct nttime
+typedef struct nttime_info
{
uint32 low;
uint32 high;
@@ -348,10 +352,17 @@ typedef struct log_info
} DOM_LOG_INFO;
-/* DOM_CREDs - client or server credentials */
-typedef struct cred_info
+/* DOM_CHAL - challenge info */
+typedef struct chal_info
{
uint8 data[8]; /* credentials */
+
+} DOM_CHAL;
+
+/* DOM_CREDs - timestamped client or server credentials */
+typedef struct cred_info
+{
+ DOM_CHAL challenge; /* credentials */
UTIME timestamp; /* credential time-stamp */
} DOM_CRED;
@@ -437,6 +448,364 @@ typedef struct rpc_hdr_info
uint8 reserved; /* 0 - reserved */
} RPC_HDR;
+/* DOM_QUERY_5 - info class 5 LSA Query response */
+typedef struct dom_query_5_info
+{
+ uint16 uni_dom_max_len; /* domain name string length * 2 */
+ uint16 uni_dom_str_len; /* domain name string length * 2 */
+ uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
+ uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
+ UNISTR uni_domain_name; /* domain name (unicode string) */
+ DOM_SID dom_sid; /* domain SID */
+
+} DOM_QUERY_5;
+
+/* level 5 is same as level 3. we hope. */
+typedef DOM_QUERY_5 DOM_QUERY_3;
+
+/* LSA_POL_HND */
+typedef struct lsa_policy_info
+{
+ uint8 data[20]; /* policy handle */
+
+} LSA_POL_HND;
+
+
+/* LSA_Q_QUERY_INFO - LSA query info policy */
+typedef struct lsa_query_info
+{
+ uint16 info_class; /* info class (also a policy handle?) */
+
+} LSA_Q_QUERY_INFO;
+
+/* LSA_R_QUERY_INFO - response to LSA query info policy */
+typedef struct lsa_r_query_info
+{
+ uint32 undoc_buffer; /* undocumented buffer pointer */
+ uint16 info_class; /* info class (same as info class in request) */
+
+ union
+ {
+ DOM_QUERY_3 id3;
+ DOM_QUERY_5 id5;
+ } dom;
+
+} LSA_R_QUERY_INFO;
+
+#define MAX_REF_DOMAINS 10
+
+/* DOM_R_REF */
+typedef struct dom_ref_info
+{
+ uint32 undoc_buffer; /* undocumented buffer pointer. */
+ uint32 num_ref_doms_1; /* num referenced domains? */
+ uint32 buffer_dom_name; /* undocumented domain name buffer pointer. */
+ uint32 max_entries; /* 32 - max number of entries */
+ uint32 num_ref_doms_2; /* 4 - num referenced domains? */
+
+ UNIHDR2 hdr_dom_name; /* domain name unicode string header */
+ UNIHDR2 hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domain unicode string headers */
+
+ UNISTR uni_dom_name; /* domain name unicode string */
+ DOM_SID uni_dom_sid; /* domain SID */
+ DOM_SID uni_ref_dom[MAX_REF_DOMAINS]; /* referenced domain SIDs */
+
+} DOM_R_REF;
+
+#define MAX_LOOKUP_SIDS 10
+
+/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
+typedef struct lsa_q_lookup_sids
+{
+
+ LSA_POL_HND pol_hnd; /* policy handle */
+ uint32 num_entries;
+ uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
+ uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
+ uint32 buffer_lookup_sids[MAX_LOOKUP_SIDS]; /* undocumented domain SID pointers to be looked up. */
+ DOM_SID dom_sids[MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */
+ uint8 undoc[16]; /* completely undocumented 16 bytes */
+
+} LSA_Q_LOOKUP_SIDS;
+
+/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
+typedef struct lsa_r_lookup_sids
+{
+ DOM_R_REF dom_ref; /* domain reference info */
+
+ uint32 num_entries;
+ uint32 undoc_buffer2; /* undocumented buffer pointer */
+ uint32 num_entries2;
+
+ DOM_SID2 dom_sid[MAX_LOOKUP_SIDS]; /* domain SIDs being looked up */
+
+ uint32 num_entries3;
+
+} LSA_R_LOOKUP_SIDS;
+
+/* DOM_NAME - XXXX not sure about this structure */
+typedef struct dom_name_info
+{
+ uint32 uni_str_len;
+ uint16 buffer[MAX_UNISTRLEN];
+
+} DOM_NAME;
+
+
+#define UNKNOWN_LEN 1
+
+/* LSA_Q_LOOKUP_RIDS - LSA Lookup RIDs */
+typedef struct lsa_q_lookup_rids
+{
+
+ LSA_POL_HND pol_hnd; /* policy handle */
+ uint32 num_entries;
+ uint32 num_entries2;
+ uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */
+ uint32 buffer_dom_name; /* undocumented domain name buffer pointer */
+ DOM_NAME lookup_name[MAX_LOOKUP_SIDS]; /* names to be looked up */
+ uint8 undoc[UNKNOWN_LEN]; /* completely undocumented bytes of unknown length */
+
+} LSA_Q_LOOKUP_RIDS;
+
+/* LSA_R_LOOKUP_RIDS - response to LSA Lookup Names */
+typedef struct lsa_r_lookup_rids
+{
+
+ uint32 num_entries;
+ uint32 undoc_buffer2; /* undocumented buffer pointer */
+
+ uint32 num_entries2;
+ DOM_RID2 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */
+
+ uint32 num_entries3;
+
+} LSA_R_LOOKUP_RIDS;
+
+
+
+/* NEG_FLAGS */
+typedef struct lsa_neg_flags_info
+{
+ uint32 neg_flags; /* negotiated flags */
+
+} NEG_FLAGS;
+
+
+/* LSA_Q_REQ_CHAL */
+typedef struct lsa_q_req_chal_info
+{
+ uint32 undoc_buffer; /* undocumented buffer pointer */
+ UNISTR2 uni_logon_srv; /* logon server unicode string */
+ UNISTR2 uni_logon_clnt; /* logon client unicode string */
+ DOM_CHAL clnt_chal; /* client challenge */
+
+} LSA_Q_REQ_CHAL;
+
+
+/* LSA_R_REQ_CHAL */
+typedef struct lsa_r_req_chal_info
+{
+ DOM_CHAL srv_chal; /* server challenge */
+
+} LSA_R_REQ_CHAL;
+
+
+
+/* LSA_Q_AUTH_2 */
+typedef struct lsa_q_auth2_info
+{
+ DOM_LOG_INFO clnt_id; /* client identification info */
+ DOM_CHAL clnt_chal; /* client-calculated credentials */
+
+ NEG_FLAGS clnt_flgs; /* usually 0x0000 01ff */
+
+} LSA_Q_AUTH_2;
+
+
+/* LSA_R_AUTH_2 */
+typedef struct lsa_r_auth2_info
+{
+ DOM_CHAL srv_chal; /* server-calculated credentials */
+ NEG_FLAGS srv_flgs; /* usually 0x0000 01ff */
+
+} LSA_R_AUTH_2;
+
+
+/* LSA_Q_SRV_PWSET */
+typedef struct lsa_q_srv_pwset_info
+{
+ DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
+ char pwd[16]; /* new password - undocumented. */
+
+} LSA_Q_SRV_PWSET;
+
+/* LSA_R_SRV_PWSET */
+typedef struct lsa_r_srv_pwset_info
+{
+ DOM_CHAL srv_chal; /* server-calculated credentials */
+
+} LSA_R_SRV_PWSET;
+
+#define LSA_MAX_GROUPS 32
+
+/* LSA_USER_INFO */
+typedef struct lsa_q_user_info
+{
+ uint32 undoc_buffer;
+
+ NTTIME logon_time; /* logon time */
+ NTTIME logoff_time; /* logoff time */
+ NTTIME kickoff_time; /* kickoff time */
+ NTTIME pass_last_set_time; /* password last set time */
+ NTTIME pass_can_change_time; /* password can change time */
+ NTTIME pass_must_change_time; /* password must change time */
+
+ UNIHDR hdr_user_name; /* username unicode string header */
+ UNIHDR hdr_full_name; /* user's full name unicode string header */
+ UNIHDR hdr_logon_script; /* logon script unicode string header */
+ UNIHDR hdr_profile_path; /* profile path unicode string header */
+ UNIHDR hdr_home_dir; /* home directory unicode string header */
+ UNIHDR hdr_dir_drive; /* home directory drive unicode string header */
+
+ uint16 logon_count; /* logon count */
+ uint16 bad_pw_count; /* bad password count */
+
+ uint32 user_id; /* User ID */
+ uint32 group_id; /* Group ID */
+ uint32 num_groups; /* num groups */
+ uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+ uint32 user_flgs; /* user flags */
+
+ char sess_key[16]; /* unused user session key */
+
+ UNIHDR hdr_logon_srv; /* logon server unicode string header */
+ UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+ uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+ char padding[40]; /* unused padding bytes? */
+
+ uint32 num_sids; /* 0 - num_sids */
+ uint32 buffer_sids; /* NULL - undocumented pointer to SIDs. */
+
+ UNISTR2 uni_user_name; /* username unicode string */
+ UNISTR2 uni_full_name; /* user's full name unicode string */
+ UNISTR2 uni_logon_script; /* logon script unicode string */
+ UNISTR2 uni_profile_path; /* profile path unicode string */
+ UNISTR2 uni_home_dir; /* home directory unicode string */
+ UNISTR2 uni_dir_drive; /* home directory drive unicode string */
+
+ uint32 num_groups2; /* num groups */
+ DOM_GID gids[LSA_MAX_GROUPS]; /* group info */
+
+ UNISTR2 uni_logon_srv; /* logon server unicode string */
+ UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+ DOM_SID undoc_dom_sids[2]; /* undocumented - domain SIDs */
+ DOM_SID dom_sid; /* domain SID */
+
+} LSA_USER_INFO;
+
+
+/* LSA_Q_SAM_LOGON */
+typedef struct lsa_q_sam_logon_info
+{
+ DOM_SAM_INFO sam_id;
+
+} LSA_Q_SAM_LOGON;
+
+/* LSA_R_SAM_LOGON */
+typedef struct lsa_r_sam_logon_info
+{
+ uint32 buffer_creds; /* undocumented buffer pointer */
+ DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */
+
+ uint32 buffer_user;
+ LSA_USER_INFO user;
+
+ uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
+
+} LSA_R_SAM_LOGON;
+
+
+/* LSA_Q_SAM_LOGOFF */
+typedef struct lsa_q_sam_logoff_info
+{
+ DOM_SAM_INFO sam_id;
+
+} LSA_Q_SAM_LOGOFF;
+
+/* LSA_R_SAM_LOGOFF */
+typedef struct lsa_r_sam_logoff_info
+{
+ uint32 buffer_creds; /* undocumented buffer pointer */
+ DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */
+
+} LSA_R_SAM_LOGOFF;
+
+/*
+
+Yet to be turned into structures:
+
+6) \\MAILSLOT\NET\NTLOGON
+-------------------------
+
+6.1) Query for PDC
+------------------
+
+Request:
+
+ uint16 0x0007 - Query for PDC
+ STR machine name
+ STR response mailslot
+ uint8[] padding to 2-byte align with start of mailslot.
+ UNISTR machine name
+ uint32 NTversion
+ uint16 LMNTtoken
+ uint16 LM20token
+
+Response:
+
+ uint16 0x000A - Respose to Query for PDC
+ STR machine name (in uppercase)
+ uint8[] padding to 2-byte align with start of mailslot.
+ UNISTR machine name
+ UNISTR domain name
+ uint32 NTversion (same as received in request)
+ uint16 LMNTtoken (same as received in request)
+ uint16 LM20token (same as received in request)
+
+
+6.2) SAM Logon
+--------------
+
+Request:
+
+ uint16 0x0012 - SAM Logon
+ uint16 request count
+ UNISTR machine name
+ UNISTR user name
+ STR response mailslot
+ uint32 alloweable account
+ uint32 domain SID size
+ char[sid_size] domain SID, of sid_size bytes.
+ uint8[] ???? padding to 4? 2? -byte align with start of mailslot.
+ uint32 NTversion
+ uint16 LMNTtoken
+ uint16 LM20token
+
+Response:
+
+ uint16 0x0013 - Response to SAM Logon
+ UNISTR machine name
+ UNISTR user name - workstation trust account
+ UNISTR domain name
+ uint32 NTversion
+ uint16 LMNTtoken
+ uint16 LM20token
+
+*/
+
struct smb_passwd {
int smb_userid;
diff --git a/source3/smbparse.c b/source3/smbparse.c
index d39f18de5f..869aab21c1 100644
--- a/source3/smbparse.c
+++ b/source3/smbparse.c
@@ -25,6 +25,20 @@ extern int DEBUGLEVEL;
/*******************************************************************
+reads or writes a UTIME type.
+********************************************************************/
+char* smb_io_utime(BOOL io, UTIME *t, char *q, char *base, int align)
+{
+ if (t == NULL) return NULL;
+
+ q = align_offset(q, base, align);
+
+ RW_IVAL (io, q, t->time, 0); q += 4;
+
+ return q;
+}
+
+/*******************************************************************
reads or writes an NTTIME structure.
********************************************************************/
char* smb_io_time(BOOL io, NTTIME *nttime, char *q, char *base, int align)
@@ -223,6 +237,20 @@ char* smb_io_log_info(BOOL io, DOM_LOG_INFO *log, char *q, char *base, int align
}
/*******************************************************************
+reads or writes a DOM_CHAL structure.
+********************************************************************/
+char* smb_io_chal(BOOL io, DOM_CHAL *chal, char *q, char *base, int align)
+{
+ if (chal == NULL) return NULL;
+
+ q = align_offset(q, base, align);
+
+ RW_PCVAL(io, q, chal->data, 8); q += 8;
+
+ return q;
+}
+
+/*******************************************************************
reads or writes a DOM_CRED structure.
********************************************************************/
char* smb_io_cred(BOOL io, DOM_CRED *cred, char *q, char *base, int align)
@@ -231,8 +259,8 @@ char* smb_io_cred(BOOL io, DOM_CRED *cred, char *q, char *base, int align)
q = align_offset(q, base, align);
- RW_PCVAL(io, q, cred->data, 8); q += 8;
- RW_IVAL (io, q, cred->timestamp, 0); q += 4;
+ q = smb_io_chal (io, &(cred->challenge), q, base, align);
+ q = smb_io_utime(io, &(cred->timestamp), q, base, align);
return q;
}