summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/smbd/pipes.c162
2 files changed, 97 insertions, 67 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 87fcb22cac..62351da187 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -282,7 +282,7 @@ typedef fstring string;
#define LSA_QUERYINFOPOLICY 0x07
#define LSA_ENUMTRUSTDOM 0x0d
#define LSA_REQCHAL 0x04
-#define LSA_SVRPWSET 0x06
+#define LSA_SRVPWSET 0x06
#define LSA_SAMLOGON 0x02
#define LSA_AUTH2 0x0f
#define LSA_CLOSE 0x00
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 24f15ba7fd..0a94be0aa0 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -747,11 +747,6 @@ static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base,
return q - start;
}
-static void make_lsa_chal(DOM_CHAL *cred, char resp_cred[8])
-{
- memcpy(cred->data, resp_cred, sizeof(cred->data));
-}
-
static void make_lsa_r_auth_2(LSA_R_AUTH_2 *r_a,
DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status)
{
@@ -777,22 +772,22 @@ static int lsa_reply_auth_2(LSA_Q_AUTH_2 *q_a, char *q, char *base,
return q - start;
}
-static void make_lsa_dom_chal(DOM_CRED *cred, char srv_chal[8], UTIME srv_time)
+static void make_lsa_dom_chal(DOM_CRED *cred, DOM_CHAL *srv_chal, UTIME srv_time)
{
- make_lsa_chal(&(cred->challenge), srv_chal);
+ memcpy(cred->challenge.data, srv_chal->data, sizeof(srv_chal->data));
cred->timestamp = srv_time;
}
static void make_lsa_r_srv_pwset(LSA_R_SRV_PWSET *r_a,
- char srv_chal[8], UTIME srv_time, int status)
+ DOM_CHAL *srv_chal, UTIME srv_time, int status)
{
make_lsa_dom_chal(&(r_a->srv_cred), srv_chal, srv_time);
r_a->status = status;
}
static int lsa_reply_srv_pwset(LSA_Q_SRV_PWSET *q_s, char *q, char *base,
- char srv_cred[8], UTIME srv_time,
+ DOM_CHAL *srv_cred, UTIME srv_time,
int status)
{
char *start = q;
@@ -922,7 +917,7 @@ static void make_lsa_user_info(LSA_USER_INFO *usr,
static int lsa_reply_sam_logon(LSA_Q_SAM_LOGON *q_s, char *q, char *base,
- char srv_cred[8], UTIME srv_time,
+ DOM_CHAL *srv_cred, UTIME srv_time,
LSA_USER_INFO *user_info)
{
char *start = q;
@@ -946,7 +941,7 @@ static int lsa_reply_sam_logon(LSA_Q_SAM_LOGON *q_s, char *q, char *base,
static int lsa_reply_sam_logoff(LSA_Q_SAM_LOGOFF *q_s, char *q, char *base,
- char srv_cred[8], UTIME srv_time,
+ DOM_CHAL *srv_cred, UTIME srv_time,
uint32 status)
{
char *start = q;
@@ -1276,9 +1271,9 @@ static void api_lsa_auth_2( user_struct *vuser,
&(vuser->dc.srv_cred), srv_time);
/* create server credentials for inclusion in the reply */
- cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &srv_chal);
+ cred_create(vuser->dc.sess_key, &(vuser->dc.clnt_cred), srv_time, &srv_chal);
- /* construct reply. return status is always 0x0 */
+ /* construct reply. */
reply_len = lsa_reply_auth_2(&q_a, *rdata + 0x18, *rdata + 0x18,
&srv_chal, 0x0);
@@ -1289,6 +1284,87 @@ static void api_lsa_auth_2( user_struct *vuser,
}
+static void api_lsa_srv_pwset( user_struct *vuser,
+ char *param, char *data,
+ char **rdata, int *rdata_len )
+{
+ int reply_len;
+ LSA_Q_SRV_PWSET q_a;
+
+ DOM_CHAL srv_chal;
+ UTIME srv_time;
+ UTIME new_clnt_time;
+
+ srv_time.time = 0;
+
+ /* grab the challenge... */
+ lsa_io_q_srv_pwset(True, &q_a, data + 0x18, data + 0x18, 4);
+
+ /* check that the client credentials are valid */
+ cred_assert(&(q_a.clnt_id.cred.challenge), vuser->dc.sess_key,
+ &(vuser->dc.srv_cred), srv_time);
+
+ new_clnt_time.time = q_a.clnt_id.cred.timestamp.time + 1;
+
+ /* create server credentials for inclusion in the reply */
+ cred_create(vuser->dc.sess_key, &(vuser->dc.clnt_cred), new_clnt_time, &srv_chal);
+
+ *(uint32*)(vuser->dc.srv_cred.data) = ( *(uint32*)(vuser->dc.clnt_cred.data) += new_clnt_time.time );
+
+ /* construct reply. always indicate failure. nt keeps going... */
+ reply_len = lsa_reply_srv_pwset(&q_a, *rdata + 0x18, *rdata + 0x18,
+ &srv_chal, srv_time,
+ NT_STATUS_WRONG_PASSWORD|0xC000000);
+
+ /* construct header, now that we know the reply length */
+ reply_len += make_rpc_reply(data, *rdata, reply_len);
+
+ *rdata_len = reply_len;
+}
+
+#if 0
+case LSASRVPWSET:
+ DEBUG(1,("LSASRVPWSET\n"));
+ q = data + 0x18;
+ dump_data(1,q,128);
+ logonsrv = q + 16;
+ q = skip_unicode_string(logonsrv,1)+12;
+ q = align4(q, data);
+ accountname = q;
+ q = skip_unicode_string(accountname,1);
+ secchanneltype = qSVAL;
+ q += 12;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1);
+ rcvcred[0] = qIVAL;
+ rcvcred[1] = qIVAL;
+ clnttime = qIVAL;
+
+ DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp)));
+
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ DEBUG(3,("PWSET %lx %lx %lx %lx\n", rcvcred[0], rcvcred[1], clnttime, negflags));
+ newpass = q;
+
+ DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s newpass=%s\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp), newpass));
+
+ /* PAXX: For the moment we'll reject these */
+ /* TODO Need to set newpass in smbpasswd file for accountname */
+ q = *rdata + 0x18;
+ makecred(cnum, clnttime+1, q);
+ q += 8;
+ qSIVAL(0); /* timestamp. Seems to be ignored */
+
+ dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1;
+
+ endrpcreply(data, *rdata, q-*rdata, 0xc000006a, rdata_len);
+ break;
+#endif
+
+
BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
@@ -1331,6 +1407,13 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
break;
}
+ case LSA_SRVPWSET:
+ {
+ DEBUG(3,("LSA_SRVPWSET\n"));
+ api_lsa_srv_pwset(vuser, param, data, rdata, rdata_len);
+ break;
+ }
+
default:
{
DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum));
@@ -1344,46 +1427,6 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
#if 0
-case LSASVRPWSET:
- DEBUG(1,("LSASVRPWSET\n"));
- q = data + 0x18;
- dump_data(1,q,128);
- logonsrv = q + 16;
- q = skip_unicode_string(logonsrv,1)+12;
- q = align4(q, data);
- accountname = q;
- q = skip_unicode_string(accountname,1);
- secchanneltype = qSVAL;
- q += 12;
- q = align4(q, data);
- unicomp = q;
- q = skip_unicode_string(unicomp,1);
- rcvcred[0] = qIVAL;
- rcvcred[1] = qIVAL;
- clnttime = qIVAL;
-
- DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s\n",
- unistr(logonsrv), unistr(accountname), unistr(unicomp)));
-
- checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
- DEBUG(3,("PWSET %lx %lx %lx %lx\n", rcvcred[0], rcvcred[1], clnttime, negflags));
- newpass = q;
-
- DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s newpass=%s\n",
- unistr(logonsrv), unistr(accountname), unistr(unicomp), newpass));
-
- /* PAXX: For the moment we'll reject these */
- /* TODO Need to set newpass in smbpasswd file for accountname */
- q = *rdata + 0x18;
- makecred(cnum, clnttime+1, q);
- q += 8;
- qSIVAL(0); /* timestamp. Seems to be ignored */
-
- dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1;
-
- endrpcreply(data, *rdata, q-*rdata, 0xc000006a, rdata_len);
- break;
-
case LSASAMLOGON:
DEBUG(1,("LSASAMLOGON\n"));
dump_data(1,data,128);
@@ -1631,17 +1674,4 @@ default:
#endif /* 0 */
-void no_fn(uint uid)
-{
-}
-
-#endif /* NTDOMAIN */
-
-#ifdef UNDEFINED_NTDOMAIN
-/*
- PAXX: Someone fix above.
- The above API is indexing RPC calls based on RPC flags and
- fragment length. I've decided to do it based on operation number :-)
-*/
-
#endif /* NTDOMAIN */