summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_netlogon.h19
-rw-r--r--source3/rpc_parse/parse_net.c60
-rw-r--r--source3/rpc_server/srv_netlog.c76
3 files changed, 151 insertions, 4 deletions
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h
index e8ea7a4dcb..08f4699636 100644
--- a/source3/include/rpc_netlogon.h
+++ b/source3/include/rpc_netlogon.h
@@ -30,6 +30,7 @@
#define NET_SRVPWSET 0x06
#define NET_SAMLOGON 0x02
#define NET_SAMLOGOFF 0x03
+#define NET_AUTH 0x05
#define NET_AUTH2 0x0f
#define NET_LOGON_CTRL2 0x0e
#define NET_TRUST_DOM_LIST 0x13
@@ -226,7 +227,23 @@ typedef struct net_r_req_chal_info
} NET_R_REQ_CHAL;
+/* NET_Q_AUTH */
+typedef struct net_q_auth_info
+{
+ DOM_LOG_INFO clnt_id; /* client identification info */
+ DOM_CHAL clnt_chal; /* client-calculated credentials */
+
+
+} NET_Q_AUTH;
+
+/* NET_R_AUTH */
+typedef struct net_r_auth_info
+{
+ DOM_CHAL srv_chal; /* server-calculated credentials */
+
+ uint32 status; /* return code */
+} NET_R_AUTH;
/* NET_Q_AUTH_2 */
typedef struct net_q_auth2_info
@@ -238,7 +255,6 @@ typedef struct net_q_auth2_info
} NET_Q_AUTH_2;
-
/* NET_R_AUTH_2 */
typedef struct net_r_auth2_info
{
@@ -249,7 +265,6 @@ typedef struct net_r_auth2_info
} NET_R_AUTH_2;
-
/* NET_Q_SRV_PWSET */
typedef struct net_q_srv_pwset_info
{
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index a1e699a096..4864308d70 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -436,6 +436,66 @@ BOOL net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int dep
return True;
}
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL make_q_auth(NET_Q_AUTH *q_a,
+ const char *logon_srv, const char *acct_name,
+ uint16 sec_chan, const char *comp_name,
+ DOM_CHAL *clnt_chal)
+{
+ if (q_a == NULL) return False;
+
+ DEBUG(5,("make_q_auth: %d\n", __LINE__));
+
+ make_log_info(&(q_a->clnt_id), logon_srv, acct_name, sec_chan, comp_name);
+ memcpy(q_a->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
+
+ DEBUG(5,("make_q_auth: %d\n", __LINE__));
+
+ return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL net_io_q_auth(char *desc, NET_Q_AUTH *q_a, prs_struct *ps, int depth)
+{
+ int old_align;
+ if (q_a == NULL) return False;
+
+ prs_debug(ps, depth, desc, "net_io_q_auth");
+ depth++;
+
+ prs_align(ps);
+
+ smb_io_log_info ("", &(q_a->clnt_id), ps, depth); /* client identification info */
+ /* client challenge is _not_ aligned */
+ old_align = ps->align;
+ ps->align = 0;
+ smb_io_chal ("", &(q_a->clnt_chal), ps, depth); /* client-calculated credentials */
+ ps->align = old_align;
+
+ return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+BOOL net_io_r_auth(char *desc, NET_R_AUTH *r_a, prs_struct *ps, int depth)
+{
+ if (r_a == NULL) return False;
+
+ prs_debug(ps, depth, desc, "net_io_r_auth");
+ depth++;
+
+ prs_align(ps);
+
+ smb_io_chal ("", &(r_a->srv_chal), ps, depth); /* server challenge */
+ prs_uint32("status", ps, depth, &(r_a->status));
+
+ return True;
+}
/*******************************************************************
reads or writes a structure.
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index d51ed58113..440ac87c86 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -106,6 +106,34 @@ static void net_reply_trust_dom_list(NET_Q_TRUST_DOM_LIST *q_t, prs_struct *rdat
}
+
+/*************************************************************************
+ make_net_r_auth:
+ *************************************************************************/
+static void make_net_r_auth(NET_R_AUTH *r_a,
+ DOM_CHAL *resp_cred, int status)
+{
+ memcpy( r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
+ r_a->status = status;
+}
+
+/*************************************************************************
+ net_reply_auth:
+ *************************************************************************/
+static void net_reply_auth(NET_Q_AUTH *q_a, prs_struct *rdata,
+ DOM_CHAL *resp_cred, int status)
+{
+ NET_R_AUTH r_a;
+
+ /* set up the LSA AUTH 2 response */
+
+ make_net_r_auth(&r_a, resp_cred, status);
+
+ /* store the response in the SMB stream */
+ net_io_r_auth("", &r_a, rdata, 0);
+
+}
+
/*************************************************************************
make_net_r_auth_2:
*************************************************************************/
@@ -371,6 +399,50 @@ static void api_net_req_chal( pipes_struct *p,
}
/*************************************************************************
+ api_net_auth:
+ *************************************************************************/
+static void api_net_auth( pipes_struct *p,
+ prs_struct *data,
+ prs_struct *rdata)
+{
+ NET_Q_AUTH q_a;
+ uint32 status = 0x0;
+
+ DOM_CHAL srv_cred;
+ UTIME srv_time;
+
+ user_struct *vuser;
+
+ if ((vuser = get_valid_user_struct(p->vuid)) == NULL)
+ return;
+
+ srv_time.time = 0;
+
+ /* grab the challenge... */
+ net_io_q_auth("", &q_a, data, 0);
+
+ /* check that the client credentials are valid */
+ if (cred_assert(&(q_a.clnt_chal), vuser->dc.sess_key,
+ &(vuser->dc.clnt_cred.challenge), srv_time))
+ {
+
+ /* create server challenge for inclusion in the reply */
+ cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred.challenge), srv_time, &srv_cred);
+
+ /* copy the received client credentials for use next time */
+ memcpy(vuser->dc.clnt_cred.challenge.data, q_a.clnt_chal.data, sizeof(q_a.clnt_chal.data));
+ memcpy(vuser->dc.srv_cred .challenge.data, q_a.clnt_chal.data, sizeof(q_a.clnt_chal.data));
+ }
+ else
+ {
+ status = NT_STATUS_ACCESS_DENIED | 0xC0000000;
+ }
+
+ /* construct reply. */
+ net_reply_auth(&q_a, rdata, &srv_cred, status);
+}
+
+/*************************************************************************
api_net_auth_2:
*************************************************************************/
static void api_net_auth_2( pipes_struct *p,
@@ -414,7 +486,6 @@ static void api_net_auth_2( pipes_struct *p,
net_reply_auth_2(&q_a, rdata, &srv_cred, status);
}
-
/*************************************************************************
api_net_srv_pwset:
*************************************************************************/
@@ -934,6 +1005,7 @@ static void api_net_logon_ctrl2( pipes_struct *p,
static struct api_struct api_net_cmds [] =
{
{ "NET_REQCHAL" , NET_REQCHAL , api_net_req_chal },
+ { "NET_AUTH" , NET_AUTH , api_net_auth },
{ "NET_AUTH2" , NET_AUTH2 , api_net_auth_2 },
{ "NET_SRVPWSET" , NET_SRVPWSET , api_net_srv_pwset },
{ "NET_SAMLOGON" , NET_SAMLOGON , api_net_sam_logon },
@@ -941,7 +1013,7 @@ static struct api_struct api_net_cmds [] =
{ "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 },
{ "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list },
{ "NET_SAM_SYNC" , NET_SAM_SYNC , api_net_sam_sync },
- { NULL , 0 , NULL }
+ { NULL , 0 , NULL }
};
/*******************************************************************