summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/ntdomain.h3
-rw-r--r--source3/rpc_client/cli_netlogon.c2
-rw-r--r--source3/rpc_client/cli_pipe.c31
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c4
-rw-r--r--source3/rpc_server/srv_util.c50
-rw-r--r--source3/rpcclient/cmd_lsarpc.c4
-rw-r--r--source3/rpcclient/cmd_netlogon.c2
-rw-r--r--source3/rpcclient/cmd_samr.c40
-rw-r--r--source3/rpcclient/cmd_srvsvc.c10
-rw-r--r--source3/rpcclient/cmd_wkssvc.c2
10 files changed, 101 insertions, 47 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index e540bd2ffc..5fb40c5bcc 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -86,6 +86,9 @@ typedef struct pipes_struct
BOOL ntlmssp_auth;
unsigned char ntlmssp_hash[258];
+ fstring user_name;
+ fstring domain;
+ fstring wks;
uint32 file_offset;
uint32 hdr_offsets;
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 9c81b73692..721e261359 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -556,7 +556,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
* Now start the NT Domain stuff :-).
*/
- if(cli_nt_session_open(&cli, PIPE_NETLOGON, False) == False) {
+ if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) {
DEBUG(0,("modify_trust_password: unable to open the domain client session to \
machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli)));
cli_nt_session_close(&cli);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 4ea38fa828..9a54e15dae 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -954,10 +954,20 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name,
}
/****************************************************************************
+ set ntlmssp negotiation flags
+ ****************************************************************************/
+
+BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
+{
+ cli->ntlmssp_cli_flgs = ntlmssp_flgs;
+}
+
+
+/****************************************************************************
open a session
****************************************************************************/
-BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
+BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name)
{
RPC_IFACE abstract;
RPC_IFACE transfer;
@@ -999,25 +1009,6 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted)
/******************* bind request on pipe *****************/
- if (encrypted)
- {
- cli->ntlmssp_cli_flgs = 0xb2b3;
-/* NTLMSSP_NEGOTIATE_UNICODE |
- NTLMSSP_NEGOTIATE_OEM |
-
- NTLMSSP_NEGOTIATE_SIGN |
- NTLMSSP_NEGOTIATE_SEAL |
- NTLMSSP_NEGOTIATE_LM_KEY |
- NTLMSSP_NEGOTIATE_NTLM |
- NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
-
- NTLMSSP_NEGOTIATE_00001000 |
- NTLMSSP_NEGOTIATE_00002000;
- */
- DEBUG(5,("cli_nt_session_open: neg_flags: %x\n",
- cli->ntlmssp_cli_flgs));
- }
-
if (!rpc_pipe_bind(cli, pipe_name,
&abstract, &transfer,
global_myname))
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index b1aede6166..27e156943c 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -159,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
SERIOUSLY ALPHA CODE!
****************************************************************************/
-int write_pipe(pipes_struct *p, char *data, int n)
+ssize_t write_pipe(pipes_struct *p, char *data, size_t n)
{
prs_struct pd;
struct mem_buf data_buf;
@@ -182,7 +182,7 @@ int write_pipe(pipes_struct *p, char *data, int n)
pd.io = True;
pd.offset = 0;
- return rpc_command(p, &pd) ? n : -1;
+ return rpc_command(p, &pd) ? ((ssize_t)n) : -1;
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f9532981e0..dc0918f1bf 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -208,6 +208,52 @@ BOOL create_rpc_reply(pipes_struct *p,
return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
}
+static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
+{
+ uchar lm_owf[24];
+ uchar nt_owf[24];
+
+ DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
+
+ if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False;
+
+ memset(p->user_name, 0, sizeof(p->user_name));
+ memset(p->domain , 0, sizeof(p->domain ));
+ memset(p->wks , 0, sizeof(p->wks ));
+
+ if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+ {
+ fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user , p->ntlmssp_resp.hdr_usr .str_str_len/2));
+ fstrcpy(p->domain , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2));
+ fstrcpy(p->wks , unistrn2((uint16*)p->ntlmssp_resp.wks , p->ntlmssp_resp.hdr_wks .str_str_len/2));
+ }
+ else
+ {
+ fstrcpy(p->user_name, p->ntlmssp_resp.user );
+ fstrcpy(p->domain , p->ntlmssp_resp.domain);
+ fstrcpy(p->wks , p->ntlmssp_resp.wks );
+ }
+
+ DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
+
+ memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
+ memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,"lm, nt owfs:\n"));
+ dump_data(100, lm_owf, sizeof(lm_owf));
+ dump_data(100, nt_owf, sizeof(nt_owf));
+#endif
+ return True;
+#if 0
+ return pass_check_smb(p->user_name, p->domain,
+ p->ntplssp_chal.challenge, lm_owf, nt_owf);
+#endif
+}
static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
{
@@ -222,6 +268,10 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
case NTLMSSP_AUTH:
{
smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
+ if (!api_pipe_ntlmssp_verify(p))
+ {
+ pd->offset = 0;
+ }
break;
}
default:
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index d1c2711aed..6dc50c5c22 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -62,7 +62,7 @@ void cmd_lsa_query_info(struct client_info *info)
DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
/* lookup domain controller; receive a policy handle */
res = res ? do_lsa_open_policy(smb_cli,
@@ -171,7 +171,7 @@ void cmd_lsa_lookup_sids(struct client_info *info)
sids[0] = &sid;
/* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False;
/* lookup domain controller; receive a policy handle */
res = res ? do_lsa_open_policy(smb_cli,
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 1be24fe130..d5ca2b2b1d 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -87,7 +87,7 @@ void cmd_netlogon_login_test(struct client_info *info)
info->mach_acct, new_mach_pwd) : False;
#endif
/* open NETLOGON session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON) : False;
res = res ? cli_nt_setup_creds(smb_cli, trust_passwd) : False;
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 3760b3f22d..5c69c4676c 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -48,14 +48,14 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
fstring sid;
char *new_passwd;
BOOL res = True;
- char nt_newpass[516];
- char nt_hshhash[16];
- char nt_newhash[16];
- char nt_oldhash[16];
- char lm_newpass[516];
- char lm_newhash[16];
- char lm_hshhash[16];
- char lm_oldhash[16];
+ uchar nt_newpass[516];
+ uchar nt_hshhash[16];
+ uchar nt_newhash[16];
+ uchar nt_oldhash[16];
+ uchar lm_newpass[516];
+ uchar lm_newhash[16];
+ uchar lm_hshhash[16];
+ uchar lm_oldhash[16];
fstrcpy(sid , info->dom.level5_sid);
fstrcpy(domain, info->dom.level5_dom);
@@ -79,8 +79,19 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash);
E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash);
+ cli_nt_set_ntlmssp_flgs(smb_cli,
+ NTLMSSP_NEGOTIATE_UNICODE |
+ NTLMSSP_NEGOTIATE_OEM |
+ NTLMSSP_NEGOTIATE_SIGN |
+ NTLMSSP_NEGOTIATE_SEAL |
+ NTLMSSP_NEGOTIATE_LM_KEY |
+ NTLMSSP_NEGOTIATE_NTLM |
+ NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+ NTLMSSP_NEGOTIATE_00001000 |
+ NTLMSSP_NEGOTIATE_00002000);
+
/* open SAMR session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@@ -90,7 +101,6 @@ void cmd_sam_ntchange_pwd(struct client_info *info)
srv_name, smb_cli->user_name,
nt_newpass, nt_hshhash,
lm_newpass, lm_hshhash) : False;
-
/* close the session */
cli_nt_session_close(smb_cli);
@@ -132,7 +142,7 @@ void cmd_sam_test(struct client_info *info)
fprintf(out_hnd, "SAM Encryption Test\n");
/* open SAMR session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_unknown_38(smb_cli, srv_name) : False;
@@ -231,7 +241,7 @@ void cmd_sam_enum_users(struct client_info *info)
#endif
/* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
@@ -373,7 +383,7 @@ void cmd_sam_query_user(struct client_info *info)
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
@@ -461,7 +471,7 @@ void cmd_sam_query_groups(struct client_info *info)
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
@@ -550,7 +560,7 @@ void cmd_sam_enum_aliases(struct client_info *info)
info->myhostname, srv_name, domain, sid);
/* open SAMR session. negotiate credentials */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False;
/* establish a connection. */
res = res ? do_samr_connect(smb_cli,
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 4d4fb791a9..65d49984bf 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -67,7 +67,7 @@ void cmd_srv_query_info(struct client_info *info)
DEBUG(5, ("cmd_srv_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
/* send info level: receive requested info. hopefully. */
res = res ? do_srv_net_srv_get_info(smb_cli,
@@ -125,7 +125,7 @@ void cmd_srv_enum_conn(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_conn: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 1;
hnd.handle = 0;
@@ -185,7 +185,7 @@ void cmd_srv_enum_shares(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_shares: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 0;
hnd.handle = 0;
@@ -245,7 +245,7 @@ void cmd_srv_enum_sess(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_sess: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 1;
hnd.handle = 0;
@@ -297,7 +297,7 @@ void cmd_srv_enum_files(struct client_info *info)
DEBUG(5, ("cmd_srv_enum_files: smb_cli->fd:%d\n", smb_cli->fd));
/* open srvsvc session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False;
hnd.ptr_hnd = 1;
hnd.handle = 0;
diff --git a/source3/rpcclient/cmd_wkssvc.c b/source3/rpcclient/cmd_wkssvc.c
index 350aa29657..0093fbf7c8 100644
--- a/source3/rpcclient/cmd_wkssvc.c
+++ b/source3/rpcclient/cmd_wkssvc.c
@@ -67,7 +67,7 @@ void cmd_wks_query_info(struct client_info *info)
DEBUG(5, ("cmd_wks_query_info: smb_cli->fd:%d\n", smb_cli->fd));
/* open LSARPC session. */
- res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC, False) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC) : False;
/* send info level: receive requested info. hopefully. */
res = res ? do_wks_query_info(smb_cli,