summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/include/proto.h17
-rw-r--r--source3/include/smb.h43
-rw-r--r--source3/libsmb/credentials.c30
-rw-r--r--source3/libsmb/smbdes.c4
-rw-r--r--source3/smbd/password.c97
-rw-r--r--source3/smbd/pipes.c1063
-rw-r--r--source3/smbd/server.c22
-rw-r--r--source3/smbd/uid.c15
8 files changed, 1195 insertions, 96 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 009d83db5c..94937daade 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -60,6 +60,15 @@ int process_tar(char *inbuf, char *outbuf);
int clipfind(char **aret, int ret, char *tok);
int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind);
+/*The following definitions come from credentials.c */
+
+void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
+ char *session_key);
+void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
+ DOM_CHAL *cred);
+int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
+ UTIME timestamp);
+
/*The following definitions come from dir.c */
void init_dptrs(void);
@@ -629,10 +638,11 @@ BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len);
char *dom_sid_to_string(DOM_SID *sid);
-BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
+BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len);
+void no_fn(uint uid);
/*The following definitions come from predict.c */
@@ -755,7 +765,8 @@ BOOL request_oplock_break(min_share_mode_entry *share_entry,
BOOL snum_used(int snum);
BOOL reload_services(BOOL test);
int setup_groups(char *user, int uid, int gid, int *p_ngroups,
- int **p_igroups, gid_t **p_groups);
+ int **p_igroups, gid_t **p_groups,
+ int **p_attrs);
int make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid);
int find_free_file(void );
int reply_corep(char *outbuf);
@@ -791,6 +802,8 @@ BOOL smb_shm_get_usage(int *bytes_free,
/*The following definitions come from smbdes.c */
+void str_to_key(unsigned char *str,unsigned char *key);
+void smbhash(unsigned char *out, unsigned char *in, unsigned char *key);
void E_P16(unsigned char *p14,unsigned char *p16);
void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 54ce9e88e8..87fcb22cac 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -877,7 +877,8 @@ Response:
*/
-struct smb_passwd {
+struct smb_passwd
+{
int smb_userid;
char *smb_name;
unsigned char *smb_passwd; /* Null if no password */
@@ -886,12 +887,14 @@ struct smb_passwd {
};
-struct current_user {
+struct current_user
+{
int cnum, id;
int uid, gid;
int ngroups;
gid_t *groups;
int *igroups;
+ int *attrs;
};
typedef struct
@@ -988,35 +991,63 @@ typedef struct
char *user; /* name of user who *opened* this connection */
int uid; /* uid of user who *opened* this connection */
int gid; /* gid of user who *opened* this connection */
+
uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */
+
/* following groups stuff added by ih */
+
/* This groups info is valid for the user that *opened* the connection */
int ngroups;
gid_t *groups;
int *igroups; /* an integer version - some OSes are broken :-( */
+ int *attrs;
+
time_t lastused;
BOOL used;
int num_files_open;
name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */
name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */
+
} connection_struct;
+/* Domain controller authentication protocol info */
+struct dcinfo
+{
+ DOM_CHAL clnt_chal; /* Initial challenge received from client */
+ DOM_CHAL srv_chal; /* Initial server challenge */
+ DOM_CHAL clnt_cred; /* Last client credential */
+ DOM_CHAL srv_cred; /* Last server credential */
+
+ char sess_key[8]; /* Session key */
+ uchar md4pw[16]; /* md4(machine password) */
+};
typedef struct
{
int uid; /* uid of a validated user */
int gid; /* gid of a validated user */
+
fstring name; /* name of a validated user */
+ fstring real_name; /* to store real name from password file - simeon */
BOOL guest;
+
/* following groups stuff added by ih */
/* This groups info is needed for when we become_user() for this uid */
- int user_ngroups;
- gid_t *user_groups;
- int *user_igroups; /* an integer version - some OSes are broken :-( */
+ int n_groups;
+ gid_t *groups;
+ int *igroups; /* an integer version - some OSes are broken :-( */
+ int *attrs; /* attributes associated with each gid */
+
#if (defined(NETGROUP) && defined(AUTOMOUNT))
char *home_share; /* to store NIS home of a user - simeon */
#endif
- char *real_name; /* to store real name from password file - simeon */
+
+ int n_sids;
+ int *sids;
+
+ /* per-user authentication information on NT RPCs */
+ struct dcinfo dc;
+
} user_struct;
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 4c81177fb2..eb1039ddb0 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -30,21 +30,21 @@ Input: 8 byte challenge block
Output:
8 byte session key
****************************************************************************/
-void cred_session_key(char *challenge, char *srv_challenge, char *pass,
+void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass,
char *session_key)
{
uint32 sum[2];
char sum2[8];
char buf[8];
- sum[0] = IVAL(challenge, 0) + IVAL(srv_challenge, 0);
- sum[1] = IVAL(challenge, 4) + IVAL(srv_challenge, 4);
+ sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0);
+ sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4);
SIVAL(sum2,0,sum[0]);
SIVAL(sum2,4,sum[1]);
- E1(pass,sum2,buf);
- E1(pass+9,buf,session_key);
+ smbhash(pass, sum2, buf);
+ smbhash(pass+9,buf,session_key);
}
@@ -59,20 +59,20 @@ Input:
Output:
8 byte credential
****************************************************************************/
-void cred_create(char *session_key, char *stored_cred, UTIME timestamp,
- char *cred)
+void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp,
+ DOM_CHAL *cred)
{
char key2[7];
char buf[8];
char timecred[8];
- memcpy(timecred, stored_cred, 8);
+ memcpy(timecred, stored_cred->data, 8);
SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time);
- E1(session_key, timecred, buf);
+ smbhash(session_key, timecred, buf);
memset(key2, 0, 7);
key2[0] = session_key[7];
- E1(key2, buf, cred);
+ smbhash(key2, buf, cred->data);
}
@@ -89,13 +89,13 @@ Output:
returns 1 if computed credential matches received credential
returns 0 otherwise
****************************************************************************/
-int cred_assert(char *cred, char *session_key, char *stored_cred,
- NTTIME timestamp)
+int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred,
+ UTIME timestamp)
{
- char cred2[8];
+ DOM_CHAL cred2;
- cred_create(session_key, stored_cred, timestamp, cred2);
+ cred_create(session_key, stored_cred, timestamp, &cred2);
- return memcmp(cred, cred2, 8) == 0;
+ return memcmp(cred->data, cred2.data, 8) == 0;
}
diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c
index 1c38612b73..b62a160418 100644
--- a/source3/libsmb/smbdes.c
+++ b/source3/libsmb/smbdes.c
@@ -257,7 +257,7 @@ static void dohash(char *out, char *in, char *key)
permute(out, rl, perm6, 64);
}
-static void str_to_key(unsigned char *str,unsigned char *key)
+void str_to_key(unsigned char *str,unsigned char *key)
{
int i;
@@ -275,7 +275,7 @@ static void str_to_key(unsigned char *str,unsigned char *key)
}
-static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key)
+void smbhash(unsigned char *out, unsigned char *in, unsigned char *key)
{
int i;
char outb[64];
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index f4d94791cf..af9be289c7 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -96,10 +96,10 @@ tell random client vuid's (normally zero) from valid vuids.
****************************************************************************/
user_struct *get_valid_user_struct(uint16 vuid)
{
- if(vuid == UID_FIELD_INVALID)
+ if (vuid == UID_FIELD_INVALID)
return NULL;
vuid -= VUID_OFFSET;
- if((vuid >= (uint16)num_validated_users) ||
+ if ((vuid >= (uint16)num_validated_users) ||
(validated_users[vuid].uid == -1) || (validated_users[vuid].gid == -1))
return NULL;
return &validated_users[vuid];
@@ -111,19 +111,28 @@ invalidate a uid
void invalidate_vuid(uint16 vuid)
{
user_struct *vuser = get_valid_user_struct(vuid);
- if(vuser == 0)
- return;
+
+ if (vuser == NULL) return;
vuser->uid = -1;
vuser->gid = -1;
- vuser->user_ngroups = 0;
- if(vuser->user_groups &&
- (vuser->user_groups != (gid_t *)vuser->user_igroups))
- free(vuser->user_groups);
- vuser->user_groups = NULL;
- if(vuser->user_igroups)
- free(vuser->user_igroups);
- vuser->user_igroups = NULL;
+
+ vuser->n_sids = 0;
+
+ /* same number of igroups as groups as attrs */
+ vuser->n_groups = 0;
+
+ if (vuser->groups && (vuser->groups != (gid_t *)vuser->igroups))
+ free(vuser->groups);
+
+ if (vuser->igroups) free(vuser->igroups);
+ if (vuser->attrs ) free(vuser->attrs);
+ if (vuser->sids ) free(vuser->sids);
+
+ vuser->attrs = NULL;
+ vuser->sids = NULL;
+ vuser->igroups = NULL;
+ vuser->groups = NULL;
}
@@ -133,7 +142,7 @@ return a validated username
char *validated_username(uint16 vuid)
{
user_struct *vuser = get_valid_user_struct(vuid);
- if(vuser == 0)
+ if (vuser == NULL)
return 0;
return(vuser->name);
}
@@ -156,12 +165,11 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
int home_server_len;
#endif
struct passwd *pwfile; /* for getting real name from passwd file */
- int real_name_len;
#if 0
/*
* After observing MS-Exchange services writing to a Samba share
- * I belive this code is incorrect. Each service does it's own
+ * I belive this code is incorrect. Each service does its own
* sessionsetup_and_X for the same user, and as each service shuts
* down, it does a user_logoff_and_X. As we are consolidating multiple
* sessionsetup_and_X's onto the same vuid here, when the first service
@@ -174,7 +182,7 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
int i;
for(i = 0; i < num_validated_users; i++) {
vuser = &validated_users[i];
- if( vuser->uid == uid )
+ if ( vuser->uid == uid )
return (uint16)(i + VUID_OFFSET); /* User already validated */
}
#endif
@@ -198,16 +206,21 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
vuser->guest = guest;
strcpy(vuser->name,name);
- vuser->user_ngroups = 0;
- vuser->user_groups = NULL;
- vuser->user_igroups = NULL;
+ vuser->n_sids = 0;
+ vuser->sids = NULL;
+
+ vuser->n_groups = 0;
+ vuser->groups = NULL;
+ vuser->igroups = NULL;
+ vuser->attrs = NULL;
/* Find all the groups this uid is in and store them.
Used by become_user() */
setup_groups(name,uid,gid,
- &vuser->user_ngroups,
- &vuser->user_igroups,
- &vuser->user_groups);
+ &vuser->n_groups,
+ &vuser->igroups,
+ &vuser->groups,
+ &vuser->attrs);
DEBUG(3,("uid %d registered to name %s\n",uid,name));
@@ -215,14 +228,14 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
vuser->home_share = NULL;
DEBUG(3, ("Setting default HOMESHR to: \\\\logon server\\HOMES\n"));
vuser->home_share = Realloc(vuser->home_share, 32);
- strcpy(vuser->home_share,"\\\\%L\\HOMES");
+ strcpy(vuser->home_share,"\\\\%L\\%U");
- if (nis_error = yp_get_default_domain(&nis_domain))
+ if ((nis_error = yp_get_default_domain(&nis_domain)) != 0)
DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error)));
DEBUG(3, ("NIS Domain: %s\n", nis_domain));
- if (nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name),
- &nis_result, &nis_result_len))
+ if ((nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name),
+ &nis_result, &nis_result_len)) != 0)
DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error)));
if (!nis_error && lp_nis_home_map()) {
home_server_len = strcspn(nis_result,":");
@@ -237,19 +250,13 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
}
#endif
- vuser->real_name = NULL;
DEBUG(3, ("Clearing default real name\n"));
- vuser->real_name = Realloc(vuser->real_name, 15);
- strcpy(vuser->real_name, "<Full Name>\0");
+ fstrcpy(vuser->real_name, "<Full Name>\0");
if (lp_unix_realname()) {
- if((pwfile=getpwnam(vuser->name))!= NULL)
+ if ((pwfile=getpwnam(vuser->name))!= NULL)
{
DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->name,pwfile->pw_gecos));
- real_name_len = strcspn(pwfile->pw_gecos, ",");
- DEBUG(3, ("Real name length: %d\n", real_name_len));
- vuser->real_name = (char *)Realloc(vuser->real_name, real_name_len+1);
- strncpy(vuser->real_name, pwfile->pw_gecos, real_name_len);
- vuser->real_name[real_name_len]='\0';
+ fstrcpy(vuser->real_name, pwfile->pw_gecos);
}
}
@@ -702,7 +709,7 @@ static int linux_bigcrypt(char *password,char *salt1, char *crypted)
for ( i=strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) {
char * p = crypt(password,salt) + 2;
- if(strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
+ if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0)
return(0);
password += LINUX_PASSWORD_SEG_CHARS;
crypted += strlen(p);
@@ -826,10 +833,10 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha
unsigned char p21[21];
unsigned char p24[24];
- if(part_passwd == NULL)
+ if (part_passwd == NULL)
DEBUG(10,("No password set - allowing access\n"));
/* No password set - always true ! */
- if(part_passwd == NULL)
+ if (part_passwd == NULL)
return 1;
memset(p21,'\0',21);
@@ -905,7 +912,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done));
- if((pwlen == 24) && challenge_done)
+ if ((pwlen == 24) && challenge_done)
{
DEBUG(4,("Checking SMB password for user %s (l=24)\n",user));
@@ -916,28 +923,28 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
}
smb_pass = get_smbpwnam(user);
- if(!smb_pass)
+ if (!smb_pass)
{
DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user));
return(False);
}
/* Ensure the uid's match */
- if(smb_pass->smb_userid != pass->pw_uid)
+ if (smb_pass->smb_userid != pass->pw_uid)
{
DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n"));
return(False);
}
- if(Protocol >= PROTOCOL_NT1)
+ if (Protocol >= PROTOCOL_NT1)
{
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
- if(smb_pass->smb_nt_passwd != NULL)
+ if (smb_pass->smb_nt_passwd != NULL)
{
DEBUG(4,("Checking NT MD4 password\n"));
- if(smb_password_check(password,
+ if (smb_password_check(password,
smb_pass->smb_nt_passwd,
(unsigned char *)challenge))
{
@@ -1080,7 +1087,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
}
/* give up? */
- if(level < 1)
+ if (level < 1)
{
update_protected_database(user,False);
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 6937412e29..5a6da643d9 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -492,13 +492,13 @@ static void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len)
hdr->reserved = 0; /* reserved */
}
-static void make_rpc_reply(char *inbuf, char *q, int data_len)
+static int make_rpc_reply(char *inbuf, char *q, int data_len)
{
uint32 callid = RIVAL(inbuf, 12);
RPC_HDR hdr;
create_rpc_reply(&hdr, callid, data_len);
- smb_io_rpc_hdr(False, &hdr, q, q, 4);
+ return smb_io_rpc_hdr(False, &hdr, q, q, 4) - q;
}
static int lsa_reply_open_policy(char *q, char *base)
@@ -723,30 +723,22 @@ static int lsa_reply_lookup_rids(char *q, char *base,
return q - start;
}
-static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c, char chal[8], int status)
+static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c,
+ DOM_CHAL *srv_chal, int status)
{
- memcpy(r_c->srv_chal.data, chal, sizeof(r_c->srv_chal.data));
+ memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(r_c->srv_chal.data));
r_c->status = status;
}
-#if 0
- char chal[8];
- /* PAXX: set these to random values */
- for (int i = 0; i < 8; i+++)
- {
- chal[i] = 0xA5;
- }
-#endif
-
static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base,
- char chal[8])
+ DOM_CHAL *srv_chal)
{
char *start = q;
LSA_R_REQ_CHAL r_c;
/* set up the LSA REQUEST CHALLENGE response */
- make_lsa_r_req_chal(&r_c, chal, 0);
+ make_lsa_r_req_chal(&r_c, srv_chal, 0);
/* store the response in the SMB stream */
q = lsa_io_r_req_chal(False, &r_c, q, base, 4);
@@ -1083,7 +1075,7 @@ static void api_lsa_lookup_names( char *param, char *data,
*rdata_len = reply_len + 0x18;
}
-BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
+BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data,
int mdrcnt,int mprcnt,
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
@@ -1193,4 +1185,1043 @@ BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
return True;
}
+static void api_lsa_req_chal( user_struct *vuser,
+ char *param, char *data,
+ char **rdata, int *rdata_len )
+{
+ int reply_len;
+
+ int i;
+ LSA_Q_REQ_CHAL q_r;
+
+ fstring mach_acct;
+ struct smb_passwd *smb_pass;
+
+ /* grab the challenge... */
+ lsa_io_q_req_chal(True, &q_r, data + 0x18, data + 0x18, 4);
+
+ fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer));
+
+ DEBUG(1,("logonsrv=%s unicomp=%s\n",
+ unistr2(q_r.uni_logon_srv .buffer),
+ mach_acct));
+
+ strcat(mach_acct, "$");
+
+ smb_pass = get_smbpwnam(mach_acct);
+ if (smb_pass != NULL)
+ {
+ memcpy(vuser->dc.md4pw, smb_pass->smb_nt_passwd, sizeof(vuser->dc.md4pw));
+ }
+ else
+ {
+ /* No such machine account. Should error out here, but we'll
+ print and carry on */
+ DEBUG(1,("No account in domain at REQCHAL for %s\n", mach_acct));
+ }
+
+ {
+ char foo[16];
+ for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", vuser->dc.md4pw[i]);
+ DEBUG(1,("pass %s %s\n", mach_acct, foo));
+ }
+
+ /* from client / server challenges and md4 password, generate sess key */
+ cred_session_key(&(vuser->dc.clnt_chal), &(vuser->dc.srv_chal),
+ vuser->dc.md4pw, vuser->dc.sess_key);
+
+ /* copy the client credentials for later use */
+ memcpy(vuser->dc.srv_chal.data, q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data));
+ memcpy(vuser->dc.srv_cred.data, q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data));
+
+ /* create a server challenge for the client */
+ /* PAXX: set these to random values. */
+ /* lkcl: paul, you mentioned that it doesn't really matter much */
+ for (i = 0; i < 8; i++)
+ {
+ vuser->dc.srv_chal.data[i] = 0xA5;
+ }
+
+ /* construct reply. return status is always 0x0 */
+ reply_len = lsa_reply_req_chal(&q_r, *rdata + 0x18, *rdata + 0x18,
+ &(vuser->dc.srv_chal));
+
+ /* construct header, now that we know the reply length */
+ reply_len += make_rpc_reply(data, *rdata, reply_len);
+
+ *rdata_len = reply_len;
+}
+
+void no_fn(uint uid)
+{
+ user_struct *vuser = get_valid_user_struct(uid);
+ DEBUG(3,("Username of UID %d is %s\n", vuser->uid, vuser->name));
+#if defined(NETGROUP) && defined(AUTOMOUNT)
+ DEBUG(3,("HOMESHR for %s is %s\n", vuser->name, vuser->home_share));
+#endif
+}
+
+#endif /* NTDOMAIN */
+
+#ifdef UNDEFINED_NTDOMAIN
+/*
+ PAXX: Someone fix above.
+ The above API is indexing RPC calls based on RPC flags and
+ fragment length. I've decided to do it based on operation number :-)
+*/
+
+ BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
+{
+ uint16 opnum;
+ char *q;
+ char *domainname;
+ int domlen;
+ pstring domsid;
+ char *p;
+ int numsubauths;
+ int subauths[MAXSUBAUTHS];
+ struct smb_passwd *smb_pass; /* To check if machine account exists */
+ pstring machacct;
+ pstring foo;
+ uint16 infoclass;
+ uint16 revision; /* Domain sid revision */
+ int identauth;
+ int i;
+ char *logonsrv;
+ char *unicomp;
+ char *accountname;
+ uint16 secchanneltype;
+ uint32 negflags;
+ char netcred[8];
+ uint32 rcvcred[8];
+ char rtncred[8];
+ uint32 clnttime;
+ uint32 rtntime;
+ char *newpass;
+ uint16 logonlevel;
+ uint16 switchval;
+ uint16 dommaxlen;
+ uint16 paramcontrol;
+ uint32 logonid[2];
+ uint16 usernamelen;
+ uint16 usernamemaxlen;
+ uint16 wslen;
+ uint16 wsmaxlen;
+ uchar *rc4lmowfpass;
+ uchar *rc4ntowfpass;
+ char *domain;
+ char *username;
+ char *ws;
+ struct uinfo *userinfo;
+ int pkttype;
+ uchar rc4key[16];
+ uchar ntowfpass[16];
+ uint32 nentries;
+ char *policyhandle;
+ #define MAXSIDS 64
+ uchar *sids[MAXSIDS]; /* for lookup SID */
+ int nsids;
+ #define MAXNAMES 64
+ uchar *names[MAXNAMES];
+
+ opnum = SVAL(data,22);
+
+ pkttype = CVAL(data, 2);
+ if (pkttype == 0x0b) /* RPC BIND */
+ {
+ DEBUG(4,("netlogon rpc bind %x\n",pkttype));
+ LsarpcTNP1(data,rdata,rdata_len);
+ return True;
+ }
+
+ DEBUG(4,("ntlsa TransactNamedPipe op %x\n",opnum));
+ initrpcreply(data, *rdata);
+ DEBUG(4,("netlogon LINE %d\n",__LINE__));
+ switch (opnum)
+ {
+ case LSAOPENPOLICY:
+ DEBUG(1,("LSAOPENPOLICY\n"));
+ char *q = *rdata + 0x18;
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+ /* return a 20 byte policy handle */
+ /* here's a pretty handle:- */
+ qSIVAL(time(NULL));
+ qSIVAL(0x810a792f);
+ qSIVAL(0x11d107d5);
+ qSIVAL(time(NULL));
+ qSIVAL(0x6cbcf800);
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); /* size of data plus return code */
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+ break;
+
+ case LSAQUERYINFOPOLICY:
+ DEBUG(1,("LSAQUERYINFOPOLICY\n"));
+ dump_data(1,data,128);
+ infoclass = SVAL(data, 44); /* also a policy handle but who cares? */
+ q = *rdata + 0x18;
+ qRSIVAL(0x00000022); /* undocumented. Usually a buffer pointer whose
+ value is ignored */
+ qSSVAL(infoclass);
+ domainname = lp_workgroup();
+ domlen = strlen(domainname);
+ strcpy(domsid,lp_domainsid());
+ DEBUG(4,("netlogon LINE %d %lx %s\n",__LINE__, q, domsid));
+ /* assume, but should check, that domsid starts "S-" */
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ DEBUG(4,("netlogon LINE %d %lx %s rev %d\n",__LINE__, q, p, revision));
+ identauth = atoi(strtok(0,"-"));
+ DEBUG(4,("netlogon LINE %d %lx %s ia %d\n",__LINE__, q, p, identauth));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q));
+
+ switch (infoclass)
+ {
+ case 5:
+ case 3:
+ default:
+ qSSVAL(0); /* 2 undocumented bytes */
+ qSSVAL(domlen*2);
+ qSSVAL(domlen*2); /* unicode domain len and maxlen */
+ qSIVAL(4); /* domain buffer pointer */
+ qSIVAL(2); /* domain sid pointer */
+ qunistr(domainname);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ }
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSAENUMTRUSTDOM:
+ DEBUG(1,("LSAENUMTRUSTDOM\n"));
+ q = *rdata + 0x18;
+ qSIVAL(0); /* enumeration context */
+ qSIVAL(0); /* entries read */
+ qSIVAL(0); /* trust information */
+ endrpcreply(data, *rdata, q-*rdata, 0x8000001a, rdata_len);
+ break;
+
+ case LSACLOSE:
+ DEBUG(1,("LSACLOSE\n"));
+ q = *rdata + 0x18;
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSAOPENSECRET:
+ DEBUG(1,("LSAOPENSECRET\n"));
+ q = *rdata + 0x18;
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ qSIVAL(0);
+ endrpcreply(data, *rdata, q-*rdata, 0xc000034, rdata_len);
+ break;
+
+ case LSALOOKUPSIDS:
+ DEBUG(1,("LSAOPENSECRET\n"));
+ q = data + 0x18;
+ policyhandle = q; q += 20;
+ nentries = qIVAL;
+ DEBUG(4,("lookupsid entries %d\n",nentries));
+ q += (2+nentries) * 4; /* skip bufptrs */
+ /* now we have nentries sids of the form:
+ uint32 Subauthority count (SAC)
+ char Revision
+ char Subaurity count again
+ char[6] Identifier authority
+ [uint32 subauthority] * SAC
+ */
+ for (nsids = 0; nsids < nentries; nsids++)
+ {
+ DEBUG(4,("lookupsid q in %lx\n",q));
+ sids[nsids] = q;
+ DEBUG(4,("lookupsid numsubs %d\n",IVAL(q,0)));
+ q += 4+1+1+6+IVAL(q,0)*4;
+ DEBUG(4,("lookupsid q %lx\n",q));
+ }
+ /* There's 16 bytes of something after all of that, don't know
+ what it is though - incorrectly documented */
+
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ /* formulate reply */
+ q = *rdata + 0x18;
+ qSIVAL(2); /* bufptr */
+ qSIVAL(4); /* number of referenced domains
+ - need one per each identifier authority in call */
+ qSIVAL(2); /* dom bufptr */
+ qSIVAL(32); /* max entries */
+ qSIVAL(4); /* number of reference domains? */
+
+ qunihdr(lp_workgroup()); /* reference domain */
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-1");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-5");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-3");
+ qSIVAL(2); /* sid bufptr */
+
+ qunistr(lp_workgroup());
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ strcpy(domsid,lp_domainsid());
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ identauth = atoi(strtok(0,"-"));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ qunistr("S-1-1");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ qunistr("S-1-5");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */
+
+ qunistr("S-1-3");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */
+
+ qSIVAL(nentries);
+ qSIVAL(2); /* bufptr */
+ qSIVAL(nentries);
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < nentries; i++)
+ {
+ qSSVAL(5); /* SID name use ?! */
+ qSSVAL(0); /* undocumented */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ qunihdr(sidtostring(sids[i]));
+ DEBUG(4,("lookupsid sidname %s\n",sidtostring(sids[i])));
+ qSIVAL(0); /* domain index out of above reference domains */
+ }
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < nentries; i++)
+ {
+ qunistr(sidtostring(sids[i]));
+ }
+ qSIVAL(nentries); /* mapped count */
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSALOOKUPNAMES:
+ DEBUG(1,("LSALOOKUPNAMES\n"));
+ q = data + 0x18;
+ policyhandle = q; q += 20;
+ nentries = qIVAL;
+ DEBUG(4,("lookupnames entries %d\n",nentries));
+ q += 4; /* skip second count */
+ q += 8 * nentries; /* skip pointers */
+ for (nnames = 0; nnames < nentries; nnames++)
+ {
+ names[nnames] = q; /* set name string to unicode header */
+ q += IVAL(q,0)*2; /* guessing here */
+ }
+ /* There's a translated sids structure next but it looks fals */
+
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+ /* formulate reply */
+ q = *rdata + 0x18;
+ qSIVAL(2); /* bufptr */
+ qSIVAL(4); /* number of referenced domains
+ - need one per each identifier authority in call */
+ qSIVAL(2); /* dom bufptr */
+ qSIVAL(32); /* max entries */
+ qSIVAL(4); /* number of reference domains? */
+
+ qunihdr(lp_workgroup()); /* reference domain */
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-1");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-5");
+ qSIVAL(2); /* sid bufptr */
+
+ qunihdr("S-1-3");
+ qSIVAL(2); /* sid bufptr */
+
+ qunistr(lp_workgroup());
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+
+ strcpy(domsid,lp_domainsid());
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ identauth = atoi(strtok(0,"-"));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ qunistr("S-1-1");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */
+ DEBUG(4,("lookupsid line %d\n",__LINE__));
+
+ qunistr("S-1-5");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */
+
+ qunistr("S-1-3");
+ qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */
+
+ qSIVAL(nentries);
+ qSIVAL(2); /* bufptr */
+ qSIVAL(nentries);
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+ for (i = 0; i < nentries; i++)
+ {
+ qSSVAL(5); /* SID name use 5 == well known sid, 1 == user sid see showacls */
+ qSSVAL(5); /* undocumented */
+ DEBUG(4,("lookupnames line %d\n",__LINE__));
+ qSIVAL(nametorid(names[i]));
+ DEBUG(4,("lookupnames nametorid %d\n",nametorid(names[i])));
+ qSIVAL(0); /* domain index out of above reference domains */
+ }
+ qSIVAL(nentries); /* mapped count */
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ default:
+ DEBUG(4, ("NTLSARPC, unknown code: %lx\n", opnum));
+ }
+ return(True);
+}
+
+ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
+ int mdrcnt,int mprcnt,
+ char **rdata,char **rparam,
+ int *rdata_len,int *rparam_len)
+{
+ uint16 opnum;
+ char *q;
+ char *domainname;
+ int domlen;
+ pstring domsid;
+ char *p;
+ int numsubauths;
+ int subauths[MAXSUBAUTHS];
+ struct smb_passwd *smb_pass; /* To check if machine account exists */
+ pstring machacct;
+ pstring foo;
+ uint16 infoclass;
+ uint16 revision; /* Domain sid revision */
+ int identauth;
+ int i;
+ char *logonsrv;
+ char *unicomp;
+ char *accountname;
+ uint16 secchanneltype;
+ uint32 negflags;
+ char netcred[8];
+ uint32 rcvcred[8];
+ char rtncred[8];
+ uint32 clnttime;
+ uint32 rtntime;
+ char *newpass;
+ uint16 logonlevel;
+ uint16 switchval;
+ uint16 dommaxlen;
+ uint16 paramcontrol;
+ uint32 logonid[2];
+ uint16 usernamelen;
+ uint16 usernamemaxlen;
+ uint16 wslen;
+ uint16 wsmaxlen;
+ uchar *rc4lmowfpass;
+ uchar *rc4ntowfpass;
+ char *domain;
+ char *username;
+ char *ws;
+ struct uinfo *userinfo;
+ int pkttype;
+ ArcfourContext c;
+ uchar rc4key[16];
+ uchar ntowfpass[16];
+
+ opnum = SVAL(data,22);
+
+ pkttype = CVAL(data, 2);
+ if (pkttype == 0x0b) /* RPC BIND */
+ {
+ DEBUG(4,("netlogon rpc bind %x\n",pkttype));
+ LsarpcTNP1(data,rdata,rdata_len);
+ return True;
+ }
+
+ DEBUG(4,("netlogon TransactNamedPipe op %x\n",opnum));
+ initrpcreply(data, *rdata);
+ DEBUG(4,("netlogon LINE %d\n",__LINE__));
+ switch (opnum)
+ {
+ case LSAREQCHAL:
+ DEBUG(1,("LSAREQCHAL\n"));
+ q = data + 0x18;
+ dump_data(1,q,128);
+ logonsrv = q + 16; /* first 16 bytes, buffer ptr, + unicode lenghts */
+ q = skip_unicode_string(logonsrv,1) + 12;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1);
+
+
+ DEBUG(1,("logonsrv=%s unicomp=%s\n",
+ unistr(logonsrv),
+ unistr(unicomp)));
+
+ dcauth[cnum].chal[0] = IVAL(q, 0);
+ dcauth[cnum].chal[1] = IVAL(q, 4);
+ dcauth[cnum].cred[0] = IVAL(q, 0); /* this looks weird (tridge) */
+ dcauth[cnum].cred[1] = IVAL(q, 4);
+
+DEBUG(1,("NL: client challenge %08x %08x\n", dcauth[cnum].chal[0],dcauth[cnum].chal[1]));
+
+ /* PAXX: set these to random values */
+ dcauth[cnum].svrchal[0] = 0x11111111;
+ dcauth[cnum].svrchal[1] = 0x22222222;
+ dcauth[cnum].svrcred[0] = 0x11111111;
+ dcauth[cnum].svrcred[1] = 0x22222222;
+ strcpy(machacct,unistr(unicomp));
+ strcat(machacct, "$");
+ smb_pass = get_smbpwnam(machacct);
+ if(smb_pass)
+ memcpy(dcauth[cnum].md4pw, smb_pass->smb_nt_passwd, 16);
+ else
+ {
+ /* No such machine account. Should error out here, but we'll
+ print and carry on */
+ DEBUG(1,("No account in domain at REQCHAL for %s\n", machacct));
+ }
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",dcauth[cnum].md4pw[i]);
+ DEBUG(1,("pass %s %s\n", machacct, foo));
+ setsesskey(cnum);
+ q = *rdata + 0x18;
+ qSIVAL(dcauth[cnum].svrchal[0]);
+ qSIVAL(dcauth[cnum].svrchal[1]);
+
+DEBUG(1,("NL: server challenge %08x %08x\n",
+ dcauth[cnum].svrchal[0],dcauth[cnum].svrchal[1]));
+
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSAAUTH2:
+ DEBUG(1,("LSAAUTH2\n"));
+ dump_data(1,q,128);
+ q = data + 0x18;
+ logonsrv = q + 16;
+ q = skip_unicode_string(logonsrv,1)+12;
+ q = align4(q, data);
+ accountname = q;
+
+ q = skip_unicode_string(accountname,1);
+ secchanneltype = qSVAL;
+ q += 12;
+ q = align4(q, data);
+ unicomp = q;
+ dump_data(1,unicomp,32);
+ q = skip_unicode_string(unicomp,1);
+ rcvcred[0] = qIVAL;
+ rcvcred[1] = qIVAL;
+ q = align4(q, data);
+ negflags = qIVAL;
+ DEBUG(3,("AUTH2 logonsrv=%s accountname=%s unicomp=%s %lx %lx %lx\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp),
+ rcvcred[0], rcvcred[1], negflags));
+
+DEBUG(1,("NL: recvcred %08x %08x negflags=%08x\n",
+ rcvcred[0], rcvcred[1], negflags));
+
+ checkcred(cnum, rcvcred[0], rcvcred[1], 0);
+ q = *rdata + 0x18;
+ makecred(cnum, 0, q);
+ q += 8;
+
+ qSIVAL(negflags);
+ /* update stored client credentials */
+ dcauth[cnum].cred[0] = dcauth[cnum].svrcred[0] = rcvcred[0];
+ dcauth[cnum].cred[1] = dcauth[cnum].svrcred[1] = rcvcred[1];
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSASVRPWSET:
+ DEBUG(1,("LSASVRPWSET\n"));
+ q = data + 0x18;
+ dump_data(1,q,128);
+ logonsrv = q + 16;
+ q = skip_unicode_string(logonsrv,1)+12;
+ q = align4(q, data);
+ accountname = q;
+ q = skip_unicode_string(accountname,1);
+ secchanneltype = qSVAL;
+ q += 12;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1);
+ rcvcred[0] = qIVAL;
+ rcvcred[1] = qIVAL;
+ clnttime = qIVAL;
+
+ DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp)));
+
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ DEBUG(3,("PWSET %lx %lx %lx %lx\n", rcvcred[0], rcvcred[1], clnttime, negflags));
+ newpass = q;
+
+ DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s newpass=%s\n",
+ unistr(logonsrv), unistr(accountname), unistr(unicomp), newpass));
+
+ /* PAXX: For the moment we'll reject these */
+ /* TODO Need to set newpass in smbpasswd file for accountname */
+ q = *rdata + 0x18;
+ makecred(cnum, clnttime+1, q);
+ q += 8;
+ qSIVAL(0); /* timestamp. Seems to be ignored */
+
+ dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1;
+
+ endrpcreply(data, *rdata, q-*rdata, 0xc000006a, rdata_len);
+ break;
+
+ case LSASAMLOGON:
+ DEBUG(1,("LSASAMLOGON\n"));
+ dump_data(1,data,128);
+ q = data + 0x18;
+ logonsrv = q + 16;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ q = skip_unicode_string(logonsrv,1)+16;
+ q = align4(q, data);
+ unicomp = q;
+ q = skip_unicode_string(unicomp,1)+4;
+ DEBUG(1,("SMLOG %d logonsrv=%s unicomp=%s\n",
+ __LINE__, unistr(logonsrv), unistr(unicomp)));
+ q = align4(q, data);
+ rcvcred[0] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rcvcred[1] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ clnttime = qIVAL;
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ q += 2;
+ rtncred[0] = qIVAL; /* all these are ignored */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rtncred[1] = qIVAL;
+ rtntime = qIVAL;
+ logonlevel = qSVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ switchval = qSVAL;
+ switch (switchval)
+ {
+ case 1:
+
+ q += 6;
+ domlen = qSVAL;
+ dommaxlen = qSVAL; q += 4;
+ paramcontrol = qIVAL;
+ logonid[0] = qIVAL; /* low part */
+ logonid[1] = qIVAL; /* high part */
+
+ usernamelen = qSVAL;
+
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ usernamemaxlen = qSVAL; q += 4;
+
+ DEBUG(1,("usernamelen=%d maxlen=%d dommaxlen=%d\n",
+ usernamelen, usernamemaxlen, dommaxlen));
+
+ dump_data(1,q,128);
+
+ wslen = qSVAL;
+ wsmaxlen = qSVAL; q += 4;
+ rc4lmowfpass = q; q += 16;
+ rc4ntowfpass = q; q += 16;
+
+ q += 12; domain = q; q += dommaxlen + 12;
+ q = align4(q, data);
+ username = q; q += usernamemaxlen + 12;
+ q = align4(q, data);
+ ws = q;
+ DEBUG(1,("domain=%s username=%s ws=%s\n",
+ unistr(domain), unistr(username),
+ unistr(ws)));
+ break;
+ default:
+ DEBUG(0,("unknown switch in SAMLOGON %d\n",
+ switchval));
+ }
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",username[i]);
+ DEBUG(1,("userNAME %s [%s]\n", foo, username));
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ q = *rdata + 0x18;
+ qSIVAL(0x16a4b4); /* magic buffer pointer ? */
+ makecred(cnum, clnttime+1, q);
+ dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1;
+ q += 8;
+ qSIVAL(0); /* timestamp. client doesn't care */
+ qSSVAL(3); /* switch value 3. May be others? */
+ qSSVAL(0); /* undocumented */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+
+ memset(rc4key, 0, sizeof rc4key);
+ SIVAL(rc4key, 0, dcauth[cnum].sesskey[0]);
+ SIVAL(rc4key, 4, dcauth[cnum].sesskey[1]);
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",rc4ntowfpass[i]);
+ DEBUG(1,("rc4ntowf %s\n", foo));
+ arcfour_init(&c, rc4key, sizeof rc4key);
+ arcfour_encrypt(&c, ntowfpass, rc4ntowfpass, sizeof ntowfpass);
+ for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",ntowfpass[i]);
+ DEBUG(1,("ntowf %s\n", foo));
+
+ if(!(userinfo = getuserinfo(username, usernamelen, ntowfpass))) {
+ qSIVAL(0); /* no buffer */
+ qSCVAL(1); /* Authoratitive. Change if passthrough? */
+ qSCVAL(0); /* pad for above boolean */
+ qSSVAL(0); /* pad for above boolean */
+
+ endrpcreply(data, *rdata, q-*rdata, 0xc0000064, rdata_len);
+ break;
+ }
+
+ qSIVAL(2); /* another magic bufptr? */
+ DEBUG(1,("SMLOG %d %lx\n", __LINE__, userinfo));
+ qSIVAL(userinfo->logontime[0]); qSIVAL(userinfo->logontime[1]);
+ qSIVAL(userinfo->logofftime[0]); qSIVAL(userinfo->logofftime[1]);
+ DEBUG(1,("SMLOG %d %lx\n", __LINE__, userinfo->passlastsettime[1]));
+ qSIVAL(userinfo->kickofftime[0]); qSIVAL(userinfo->kickofftime[1]);
+ qSIVAL(userinfo->passlastsettime[0]); qSIVAL(userinfo->passlastsettime[1]);
+ qSIVAL(userinfo->passcanchgtime[0]); qSIVAL(userinfo->passcanchgtime[1]);
+ qSIVAL(userinfo->passmustchgtime[0]); qSIVAL(userinfo->passmustchgtime[1]);
+ DEBUG(1,("SMLOG %d %s\n", __LINE__, userinfo->effectivename));
+ qunihdr(userinfo->effectivename);
+ qunihdr(userinfo->fullname);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunihdr(userinfo->logonscript);
+ qunihdr(userinfo->profilepath);
+ qunihdr(userinfo->homedirectory);
+ qunihdr(userinfo->homedirectorydrive);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSSVAL(userinfo->logoncount);
+ qSSVAL(userinfo->badpwcount);
+ qSIVAL(userinfo->uid);
+ qSIVAL(userinfo->gid);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(userinfo->ngroups);
+ qSIVAL(8); /* ptr to groups */
+ qSIVAL(userinfo->userflags);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(0); qSIVAL(0); qSIVAL(0); qSIVAL(0); /* unused user session key */
+ qunihdr(userinfo->logonserver);
+ qunihdr(userinfo->logondomain);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(2); /* logon domain id ptr */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ memset(q,0,40); q += 40; /* expansion room */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(userinfo->nsids);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(0); /* ptr to sids and values */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->effectivename);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->fullname);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->logonscript);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qunistr(userinfo->profilepath);
+ qunistr(userinfo->homedirectory);
+ qunistr(userinfo->homedirectorydrive);
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ qSIVAL(userinfo->ngroups);
+ for (i = 0; i < userinfo->ngroups; i++)
+ {
+ qSIVAL(userinfo->groups[i].gid);
+ qSIVAL(userinfo->groups[i].attr);
+ }
+ qunistr(userinfo->logonserver);
+ qunistr(userinfo->logondomain);
+ for (i = 0; i < userinfo->nsids; i++)
+ {
+ /* put the extra sids: PAXX: TODO */
+ }
+ /* Assumption. This is the only domain, sending our SID */
+ /* PAXX: may want to do passthrough later */
+ strcpy(domsid,lp_domainsid());
+ DEBUG(4,("netlogon LINE %d %lx %s\n",__LINE__, q, domsid));
+ /* assume, but should check, that domsid starts "S-" */
+ p = strtok(domsid+2,"-");
+ revision = atoi(p);
+ DEBUG(4,("netlogon LINE %d %lx %s rev %d\n",__LINE__, q, p, revision));
+ identauth = atoi(strtok(0,"-"));
+ DEBUG(4,("netlogon LINE %d %lx %s ia %d\n",__LINE__, q, p, identauth));
+ numsubauths = 0;
+ while (p = strtok(0, "-"))
+ subauths[numsubauths++] = atoi(p);
+ qSIVAL(numsubauths);
+ qSCVAL(revision);
+ qSCVAL(numsubauths);
+ qRSSVAL(0); /* PAXX: FIX. first 2 bytes identifier authority */
+ qRSIVAL(identauth); /* next 4 bytes */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ for (i = 0; i < numsubauths; i++)
+ {
+ qSIVAL(subauths[i]);
+ }
+ qSCVAL(1); /* Authoratitive. Change if passthrough? */
+ qSCVAL(0); /* pad for above boolean */
+ qSSVAL(0); /* pad for above boolean */
+
+ endrpcreply(data, *rdata, q-*rdata, 0, rdata_len);
+ break;
+
+ case LSASAMLOGOFF:
+ DEBUG(1,("LSASAMLOGOFF\n"));
+ q = data + 0x18;
+ logonsrv = q + 16;
+ DEBUG(1,("SAMLOGOFF %d\n", __LINE__));
+ unicomp = skip_unicode_string(logonsrv,1)+16;
+ if (strlen(unistr(logonsrv)) % 2 == 0)
+ q += 2;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ q = skip_unicode_string(unicomp,1)+4;
+ if (strlen(unistr(unicomp)) % 2 == 0)
+ q += 2;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rcvcred[0] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rcvcred[1] = qIVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ clnttime = qIVAL;
+ checkcred(cnum, rcvcred[0], rcvcred[1], clnttime);
+ q += 4;
+ rtncred[0] = qIVAL; /* all these are ignored */
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ rtncred[1] = qIVAL;
+ rtntime = qIVAL;
+ logonlevel = qSVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ switchval = qSVAL;
+ switch (switchval)
+ {
+ case 1:
+ q += 4;
+ domlen = qSVAL;
+ dommaxlen = qSVAL; q += 4;
+ paramcontrol = qIVAL;
+ logonid[0] = qIVAL; /* low part */
+ logonid[1] = qIVAL; /* high part */
+ usernamelen = qSVAL;
+ DEBUG(1,("SMLOG %d\n", __LINE__));
+ usernamemaxlen = qSVAL; q += 4;
+ wslen = qSVAL;
+ wsmaxlen = qSVAL; q += 4;
+ rc4lmowfpass = q; q += 16;
+ rc4ntowfpass = q; q += 16;
+ q += 12; domain = q; q += dommaxlen + 12;
+ if ((domlen/2) % 2 != 0) q += 2;
+ username = q; q += usernamemaxlen + 12; /* PAXX: HACK */
+ if ((usernamelen/2) % 2 != 0) q += 2;
+ ws = q;
+ break;
+ default: DEBUG(0, ("unknown switch in SAMLOGON %d\n",switchval));
+ }
+ DEBUG(1,("SAMLOGOFF %s\n", unistr(username)));
+ default:
+ DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum));
+ }
+ return(True);
+}
+
+static void checkcred(int cnum, uint32 cred0, uint32 cred1, uint32 time)
+{
+ uint32 sum[2];
+ char netdata[8];
+ char netsesskey[8];
+ char calccred[8];
+ char icv[8];
+ char key2[7];
+
+ SIVAL(netdata, 0, dcauth[cnum].cred[0]+time);
+ SIVAL(netdata, 4, dcauth[cnum].cred[1]);
+ SIVAL(netsesskey, 0, dcauth[cnum].sesskey[0]);
+ SIVAL(netsesskey, 4, dcauth[cnum].sesskey[1]);
+ E1(netsesskey,netdata,icv);
+ memset(key2, 0, sizeof key2);
+ key2[0] = netsesskey[7];
+ E1(key2, icv, calccred);
+ if (IVAL(calccred,0) != cred0 ||
+ IVAL(calccred,4) != cred1)
+ {
+ DEBUG(1,("Incorrect client credential received cred %lx %lx time %lx sk %lx %lx cred %lx %lx expcred %lx %lx\n",
+ cred0, cred1, time,
+ dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1],
+ dcauth[cnum].cred[0], dcauth[cnum].cred[1],
+ IVAL(calccred,0), IVAL(calccred,4)));
+ /* PAXX: do something about it! */
+ } else
+ DEBUG(4,("Correct client credential received chal %lx %lx time %lx sk %lx %lx cred %lx %lx expcred %lx %lx\n",
+ cred0, cred1, time,
+ dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1],
+ dcauth[cnum].cred[0], dcauth[cnum].cred[1],
+ IVAL(calccred,0), IVAL(calccred,4)));
+}
+
+static void makecred(int cnum, uint32 time, char *calccred)
+{
+ uint32 sum[2];
+ char netdata[8];
+ char netsesskey[8];
+ char icv[8];
+ char key2[7];
+
+ SIVAL(netdata, 0, dcauth[cnum].svrcred[0]+time);
+ SIVAL(netdata, 4, dcauth[cnum].svrcred[1]);
+ SIVAL(netsesskey, 0, dcauth[cnum].sesskey[0]);
+ SIVAL(netsesskey, 4, dcauth[cnum].sesskey[1]);
+ E1(netsesskey,netdata,icv);
+ memset(key2, 0, sizeof key2);
+ key2[0] = netsesskey[7];
+ E1(key2, icv, calccred);
+ DEBUG(4,("Server credential: chal %lx %lx sk %lx %lx cred %lx %lx calc %lx %lx\n",
+ dcauth[cnum].svrchal[0], dcauth[cnum].svrchal[1],
+ dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1],
+ dcauth[cnum].svrcred[0], dcauth[cnum].svrcred[1],
+ IVAL(calccred, 0), IVAL(calccred, 4)));
+}
+
+static void setsesskey(int cnum)
+{
+ uint32 sum[2];
+ char netsum[8];
+ char netsesskey[8];
+ char icv[8];
+
+ sum[0] = dcauth[cnum].chal[0] + dcauth[cnum].svrchal[0];
+ sum[1] = dcauth[cnum].chal[1] + dcauth[cnum].svrchal[1];
+ SIVAL(netsum,0,sum[0]);
+ SIVAL(netsum,4,sum[1]);
+ E1(dcauth[cnum].md4pw,netsum,icv);
+ E1(dcauth[cnum].md4pw+9,icv,netsesskey);
+ dcauth[cnum].sesskey[0] = IVAL(netsesskey,0);
+ dcauth[cnum].sesskey[1] = IVAL(netsesskey,4);
+
+DEBUG(1,("NL: session key %08x %08x\n",
+ dcauth[cnum].sesskey[0],
+ dcauth[cnum].sesskey[1]));
+}
+
+static struct uinfo *getuserinfo(char *user, int len, char *ntowfpass)
+{
+ static struct uinfo u;
+ static pstring fullnm;
+ static pstring ascuser;
+ extern pstring myname;
+ static pstring stme;
+ static pstring stdom;
+ struct smb_passwd *smb_pass;
+
+ strcpy(ascuser,unistr(user));
+ ascuser[len/2] = 0; /* PAXX: FIXMEFIXMEFIXME */
+ DEBUG(1,("GETUSER username :%s: len=%d\n",ascuser, len));
+
+ smb_pass = get_smbpwnam(ascuser);
+ if(!smb_pass)
+ return 0;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ if (memcmp(ntowfpass, smb_pass->smb_nt_passwd, 16)) {
+ DEBUG(1,("pass mismatch:\n"));
+ dump_data(1,ntowfpass,16);
+ dump_data(1,smb_pass->smb_nt_passwd,16);
+ return 0;
+ }
+
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.logontime[0] = 0xffffffff; u.logontime[1] = 0x7fffffff;
+ u.logofftime[0] = 0xffffffff; u.logofftime[1] = 0x7fffffff;
+ u.kickofftime[0] = 0xffffffff; u.kickofftime[1] = 0x7fffffff;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.passlastsettime[0] = 0xffffffff; u.passlastsettime[1] = 0x7fffffff;
+ u.passcanchgtime[0] = 0xffffffff; u.passcanchgtime[1] = 0x7fffffff;
+ u.passmustchgtime[0] = 0xffffffff; u.passmustchgtime[1] = 0x7fffffff;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.effectivename = ascuser;
+ strcpy(fullnm, "Full name of ");
+ strcat(fullnm, ascuser);
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.fullname = fullnm;
+ u.logonscript = "foologin.cmd";
+ u.profilepath = "prof";
+ u.homedirectory = "foohomes";
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.homedirectorydrive = "a:";
+ u.logoncount = 7;
+ u.badpwcount = 8;
+ u.uid = 778;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.gid = 998;
+ u.ngroups = 2;
+ u.groups = (struct groupinfo *)(malloc(sizeof (struct groupinfo) * 2));
+ u.groups[0].gid = 776;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ u.groups[0].attr = 0x7;
+ u.groups[1].gid = 776;
+ u.groups[1].attr = 0x7;
+ u.userflags = 0x20;
+ u.logonserver = stme;
+ get_myname(myname,NULL);
+ strcpy(stme, myname);
+ strupper(stme);
+ DEBUG(1,("LS %s\n", u.logonserver));
+ u.logondomain = stdom;
+ strcpy(stdom, lp_workgroup());
+ strupper(stdom);
+ DEBUG(1,("DOM %s\n", u.logondomain));
+ u.nsids = 0;
+ u.sids = 0;
+ DEBUG(1,("GETU %d\n", __LINE__));
+ return &u;
+};
+
+
#endif /* NTDOMAIN */
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index d387b7375b..1c31f69389 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -3003,7 +3003,8 @@ static int sig_hup()
Setup the groups a user belongs to.
****************************************************************************/
int setup_groups(char *user, int uid, int gid, int *p_ngroups,
- int **p_igroups, gid_t **p_groups)
+ int **p_igroups, gid_t **p_groups,
+ int **p_attrs)
{
if (-1 == initgroups(user,gid))
{
@@ -3018,19 +3019,25 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups,
{
int i,ngroups;
int *igroups;
+ int *attrs;
gid_t grp = 0;
ngroups = getgroups(0,&grp);
if (ngroups <= 0)
ngroups = 32;
igroups = (int *)malloc(sizeof(int)*ngroups);
+ attrs = (int *)malloc(sizeof(int)*ngroups);
for (i=0;i<ngroups;i++)
+ {
+ attrs [i] = 0x7; /* XXXX don't know what NT user attributes are yet! */
igroups[i] = 0x42424242;
+ }
ngroups = getgroups(ngroups,(gid_t *)igroups);
if (igroups[0] == 0x42424242)
ngroups = 0;
*p_ngroups = ngroups;
+ *p_attrs = attrs;
/* The following bit of code is very strange. It is due to the
fact that some OSes use int* and some use gid_t* for
@@ -3052,16 +3059,18 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups,
groups_use_ints = False;
if (groups_use_ints)
- {
+ {
*p_igroups = igroups;
*p_groups = (gid_t *)igroups;
- }
+ }
else
- {
+ {
gid_t *groups = (gid_t *)igroups;
igroups = (int *)malloc(sizeof(int)*ngroups);
for (i=0;i<ngroups;i++)
+ {
igroups[i] = groups[i];
+ }
*p_igroups = igroups;
*p_groups = (gid_t *)groups;
}
@@ -3270,12 +3279,15 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de
/* groups stuff added by ih */
pcon->ngroups = 0;
+ pcon->igroups = NULL;
pcon->groups = NULL;
+ pcon->attrs = NULL;
if (!IS_IPC(cnum))
{
/* Find all the groups this uid is in and store them. Used by become_user() */
- setup_groups(pcon->user,pcon->uid,pcon->gid,&pcon->ngroups,&pcon->igroups,&pcon->groups);
+ setup_groups(pcon->user,pcon->uid,pcon->gid,
+ &pcon->ngroups,&pcon->igroups,&pcon->groups,&pcon->attrs);
/* check number of connections */
if (!claim_connection(cnum,
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index cdc4e474c6..78614a5b5c 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -227,13 +227,17 @@ BOOL become_user(int cnum, uint16 vuid)
if (Connections[cnum].force_user ||
lp_security() == SEC_SHARE ||
!(vuser) || (vuser->guest) ||
- !check_user_ok(cnum,vuser,snum)) {
+ !check_user_ok(cnum,vuser,snum))
+ {
uid = Connections[cnum].uid;
gid = Connections[cnum].gid;
current_user.groups = Connections[cnum].groups;
current_user.igroups = Connections[cnum].igroups;
current_user.ngroups = Connections[cnum].ngroups;
- } else {
+ current_user.attrs = vuser->attrs;
+ }
+ else
+ {
if (!vuser) {
DEBUG(2,("Invalid vuid used %d\n",vuid));
return(False);
@@ -243,9 +247,10 @@ BOOL become_user(int cnum, uint16 vuid)
gid = vuser->gid;
else
gid = Connections[cnum].gid;
- current_user.groups = vuser->user_groups;
- current_user.igroups = vuser->user_igroups;
- current_user.ngroups = vuser->user_ngroups;
+ current_user.ngroups = vuser->n_groups;
+ current_user.groups = vuser->groups;
+ current_user.igroups = vuser->igroups;
+ current_user.attrs = vuser->attrs;
}
if (initial_uid == 0)
generated by cgit (git 2.34.1) at 2024-07-10 10:01:51 +0000