summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/rpc_server/srv_netlog_nt.c165
1 files changed, 81 insertions, 84 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 07f414e8fc..df636fd679 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -228,45 +228,25 @@ static BOOL get_md4pw(char *md4pw, char *mach_acct)
NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
{
NTSTATUS status = NT_STATUS_OK;
- fstring mach_acct;
-
- if (!get_valid_user_struct(p->vuid))
- return NT_STATUS_NO_SUCH_USER;
-
- rpcstr_pull(mach_acct,q_u->uni_logon_clnt.buffer,sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
-
- strlower(mach_acct);
- fstrcat(mach_acct, "$");
-
- if (get_md4pw((char *)p->dc.md4pw, mach_acct)) {
- /* copy the client credentials */
- memcpy(p->dc.clnt_chal.data , q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
- memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
-
- /* create a server challenge for the client */
- /* Set these to random values. */
- generate_random_buffer(p->dc.srv_chal.data, 8, False);
-
- memcpy(p->dc.srv_cred.challenge.data, p->dc.srv_chal.data, 8);
- memset((char *)p->dc.sess_key, '\0', sizeof(p->dc.sess_key));
+ rpcstr_pull(p->dc.remote_machine,q_u->uni_logon_clnt.buffer,sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
- /* from client / server challenges and md4 password, generate sess key */
- cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal,
- (char *)p->dc.md4pw, p->dc.sess_key);
+ /* create a server challenge for the client */
+ /* Set these to random values. */
+ generate_random_buffer(p->dc.srv_chal.data, 8, False);
+
+ memcpy(p->dc.srv_cred.challenge.data, p->dc.srv_chal.data, 8);
- /* Save the machine account name. */
- fstrcpy(p->dc.mach_acct, mach_acct);
+ memcpy(p->dc.clnt_chal.data , q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+ memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
- } else {
- /* lkclXXXX take a guess at a good error message to return :-) */
- status = NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
- }
+ memset((char *)p->dc.sess_key, '\0', sizeof(p->dc.sess_key));
+ p->dc.challange_sent = True;
/* set up the LSA REQUEST CHALLENGE response */
init_net_r_req_chal(r_u, &p->dc.srv_chal, status);
-
- return r_u->status;
+
+ return status;
}
/*************************************************************************
@@ -288,26 +268,37 @@ NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
NTSTATUS status = NT_STATUS_OK;
DOM_CHAL srv_cred;
UTIME srv_time;
-
- if (!get_valid_user_struct(p->vuid))
- return NT_STATUS_NO_SUCH_USER;
+ fstring mach_acct;
srv_time.time = 0;
- /* check that the client credentials are valid */
- if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+ rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
+ if (p->dc.challange_sent && get_md4pw((char *)p->dc.md4pw, mach_acct)) {
+ /* copy the client credentials */
+
/* create server challenge for inclusion in the reply */
cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred);
-
- /* copy the received client credentials for use next time */
- memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
- memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+
+ /* check that the client credentials are valid */
+ if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+
+ /* copy the received client credentials for use next time */
+ memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+ memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+
+ /* Save the machine account name. */
+ fstrcpy(p->dc.mach_acct, mach_acct);
+
+ p->dc.authenticated = True;
+ } else {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
} else {
status = NT_STATUS_ACCESS_DENIED;
}
-
- /* set up the LSA AUTH 2 response */
+
+ /* set up the LSA AUTH response */
init_net_r_auth(r_u, &srv_cred, status);
return r_u->status;
@@ -335,25 +326,44 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
DOM_CHAL srv_cred;
UTIME srv_time;
NEG_FLAGS srv_flgs;
-
- if (!get_valid_user_struct(p->vuid))
- return NT_STATUS_NO_SUCH_USER;
+ fstring mach_acct;
srv_time.time = 0;
- /* check that the client credentials are valid */
- if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+ rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
+ if (p->dc.challange_sent && get_md4pw((char *)p->dc.md4pw, mach_acct)) {
+ /* copy the client credentials */
+
+ /* from client / server challenges and md4 password, generate sess key */
+ cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal,
+ (char *)p->dc.md4pw, p->dc.sess_key);
+
/* create server challenge for inclusion in the reply */
cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred);
+
+ /* check that the client credentials are valid */
+ if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+
+ /* create server challenge for inclusion in the reply */
+ cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred);
+
+ /* copy the received client credentials for use next time */
+ memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+ memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+
+ /* Save the machine account name. */
+ fstrcpy(p->dc.mach_acct, mach_acct);
+
+ p->dc.authenticated = True;
- /* copy the received client credentials for use next time */
- memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
- memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+ } else {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
} else {
status = NT_STATUS_ACCESS_DENIED;
}
-
+
srv_flgs.neg_flags = 0x000001ff;
/* set up the LSA AUTH 2 response */
@@ -370,47 +380,40 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
{
NTSTATUS status = NT_STATUS_WRONG_PASSWORD;
DOM_CRED srv_cred;
- pstring mach_acct;
+ pstring workstation;
SAM_ACCOUNT *sampass=NULL;
BOOL ret = False;
unsigned char pwd[16];
int i;
-
- if (!get_valid_user_struct(p->vuid))
- return NT_STATUS_NO_SUCH_USER;
+ uint32 acct_ctrl;
/* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))
+ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
- rpcstr_pull(mach_acct,q_u->clnt_id.login.uni_acct_name.buffer,
- sizeof(mach_acct),q_u->clnt_id.login.uni_acct_name.uni_str_len*2,0);
+ rpcstr_pull(workstation,q_u->clnt_id.login.uni_acct_name.buffer,
+ sizeof(workstation),q_u->clnt_id.login.uni_acct_name.uni_str_len*2,0);
- DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
+ DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct));
- /*
- * Check the machine account name we're changing is the same
- * as the one we've authenticated from. This prevents arbitrary
- * machines changing other machine account passwords.
- */
-
- if (!strequal(mach_acct, p->dc.mach_acct)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
pdb_init_sam(&sampass);
become_root();
- ret=pdb_getsampwnam(sampass, mach_acct);
+ ret=pdb_getsampwnam(sampass, p->dc.mach_acct);
unbecome_root();
/* Ensure the account exists and is a machine account. */
+
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
- if (ret==False || !(pdb_get_acct_ctrl(sampass) & ACB_WSTRUST)) {
+ if (!(ret
+ && (acct_ctrl & ACB_WSTRUST ||
+ acct_ctrl & ACB_SVRTRUST ||
+ acct_ctrl & ACB_DOMTRUST))) {
pdb_free_sam(&sampass);
return NT_STATUS_NO_SUCH_USER;
}
@@ -438,16 +441,10 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_acct_ctrl (sampass, ACB_WSTRUST)) {
- pdb_free_sam(&sampass);
- /* Not quite sure what this one qualifies as, but this will do */
- return NT_STATUS_NO_MEMORY;
- }
-
if (!pdb_set_pass_changed_now (sampass)) {
pdb_free_sam(&sampass);
/* Not quite sure what this one qualifies as, but this will do */
- return NT_STATUS_NO_MEMORY;
+ return NT_STATUS_UNSUCCESSFUL;
}
become_root();
@@ -477,8 +474,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
return NT_STATUS_NO_SUCH_USER;
/* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred,
- &q_u->sam_id.client.cred, &srv_cred))
+ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred,
+ &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
@@ -522,10 +519,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return NT_STATUS_NO_SUCH_USER;
/* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))
+ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
- else
- memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
+ memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
r_u->buffer_creds = 1; /* yes, we have valid server credentials */
memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
generated by cgit (git 2.34.1) at 2024-12-04 03:14:27 +0000