diff options
-rw-r--r-- | source3/include/ntdomain.h | 1 | ||||
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/include/smb.h | 3 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 13 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 3 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 76 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 27 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 19 |
8 files changed, 134 insertions, 9 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 5fb40c5bcc..07d32519bf 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -85,6 +85,7 @@ typedef struct pipes_struct RPC_AUTH_NTLMSSP_RESP ntlmssp_resp; BOOL ntlmssp_auth; + BOOL ntlmssp_validated; unsigned char ntlmssp_hash[258]; fstring user_name; fstring domain; diff --git a/source3/include/proto.h b/source3/include/proto.h index 63f4d624dc..a5d6d828f7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1750,6 +1750,7 @@ void make_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u, char nt_newpass[516], char nt_oldhash[16], char lm_newpass[516], char lm_oldhash[16]); void samr_io_q_chgpasswd_user(char *desc, SAMR_Q_CHGPASSWD_USER *q_u, prs_struct *ps, int depth); +void make_samr_r_chgpasswd_user(SAMR_R_CHGPASSWD_USER *r_u, uint32 status); void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct *ps, int depth); /*The following definitions come from rpc_parse/parse_srv.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 05ea1bf7c7..4cc5599f44 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -490,6 +490,7 @@ typedef struct connection_struct name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */ name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */ name_compare_entry *veto_oplock_list; /* Per-share list of files to refuse oplocks on. */ + } connection_struct; struct current_user @@ -497,7 +498,7 @@ struct current_user connection_struct *conn; uint16 vuid; uid_t uid; - gid_t gid; + gid_t gid; int ngroups; gid_t *groups; }; diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index eb882a7564..a443191a7a 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -2357,6 +2357,7 @@ void make_samr_q_connect(SAMR_Q_CONNECT *q_u, DEBUG(5,("make_q_connect\n")); /* make PDC server name \\server */ + q_u->ptr_srv_name = len_srv_name > 0 ? 1 : 0; make_unistr2(&(q_u->uni_srv_name), srv_name, len_srv_name); /* example values: 0x0000 0002 */ @@ -2751,6 +2752,18 @@ void samr_io_q_chgpasswd_user(char *desc, SAMR_Q_CHGPASSWD_USER *q_u, prs_struct } /******************************************************************* +makes a SAMR_R_CHGPASSWD_USER structure. +********************************************************************/ +void make_samr_r_chgpasswd_user(SAMR_R_CHGPASSWD_USER *r_u, uint32 status) +{ + if (r_u == NULL) return; + + DEBUG(5,("make_r_chgpasswd_user\n")); + + r_u->status = status; +} + +/******************************************************************* reads or writes a structure. ********************************************************************/ void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct *ps, int depth) diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 27e156943c..d5c99b89c4 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -137,6 +137,9 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->frag_len_left = 0; p->next_frag_start = 0; + p->ntlmssp_validated = False; + p->ntlmssp_auth = False; + fstrcpy(p->name, pipe_name); DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 11574be9b3..a3d758489c 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -719,6 +719,80 @@ static void api_samr_lookup_names( uint16 vuid, prs_struct *data, prs_struct *rd samr_reply_lookup_names(&q_u, rdata); } +/******************************************************************* + samr_reply_chgpasswd_user + ********************************************************************/ +static void samr_reply_chgpasswd_user(SAMR_Q_CHGPASSWD_USER *q_u, + prs_struct *rdata) +{ + SAMR_R_CHGPASSWD_USER r_u; + uint32 status = 0x0; + fstring user_name; + fstring wks; + + fstrcpy(user_name, unistrn2(q_u->uni_user_name.buffer, q_u->uni_user_name.uni_str_len)); + fstrcpy(wks , unistrn2(q_u->uni_dest_host.buffer, q_u->uni_dest_host.uni_str_len)); + + DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks)); + + /* oops! */ + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + + make_samr_r_chgpasswd_user(&r_u, status); + + /* store the response in the SMB stream */ + samr_io_r_chgpasswd_user("", &r_u, rdata, 0); + + DEBUG(5,("samr_chgpasswd_user: %d\n", __LINE__)); +} + +/******************************************************************* + api_samr_chgpasswd_user + ********************************************************************/ +static void api_samr_chgpasswd_user( uint16 vuid, prs_struct *data, prs_struct *rdata) +{ + SAMR_Q_CHGPASSWD_USER q_u; + + /* unknown 38 command */ + samr_io_q_chgpasswd_user("", &q_u, data, 0); + + /* construct reply. */ + samr_reply_chgpasswd_user(&q_u, rdata); +} + + +/******************************************************************* + samr_reply_unknown_38 + ********************************************************************/ +static void samr_reply_unknown_38(SAMR_Q_UNKNOWN_38 *q_u, + prs_struct *rdata) +{ + SAMR_R_UNKNOWN_38 r_u; + + DEBUG(5,("samr_unknown_38: %d\n", __LINE__)); + + make_samr_r_unknown_38(&r_u); + + /* store the response in the SMB stream */ + samr_io_r_unknown_38("", &r_u, rdata, 0); + + DEBUG(5,("samr_unknown_38: %d\n", __LINE__)); +} + +/******************************************************************* + api_samr_unknown_38 + ********************************************************************/ +static void api_samr_unknown_38( uint16 vuid, prs_struct *data, prs_struct *rdata) +{ + SAMR_Q_UNKNOWN_38 q_u; + + /* unknown 38 command */ + samr_io_q_unknown_38("", &q_u, data, 0); + + /* construct reply. always indicate success */ + samr_reply_unknown_38(&q_u, rdata); +} + /******************************************************************* samr_reply_unknown_12 @@ -1356,6 +1430,8 @@ static struct api_struct api_samr_cmds [] = { "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo }, { "SAMR_0x32" , 0x32 , api_samr_unknown_32 }, { "SAMR_UNKNOWN_12" , SAMR_UNKNOWN_12 , api_samr_unknown_12 }, + { "SAMR_UNKNOWN_38" , SAMR_UNKNOWN_38 , api_samr_unknown_38 }, + { "SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user }, { "SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias }, { "SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain }, { "SAMR_UNKNOWN_3" , SAMR_UNKNOWN_3 , api_samr_unknown_3 }, diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 76f113374d..93640f3445 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -248,11 +248,12 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) dump_data(100, lm_owf, sizeof(lm_owf)); dump_data(100, nt_owf, sizeof(nt_owf)); #endif - return True; -#if 0 - return pass_check_smb(p->user_name, p->domain, - p->ntplssp_chal.challenge, lm_owf, nt_owf); -#endif + become_root(True); + p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain, + p->ntlmssp_chal.challenge, lm_owf, nt_owf, NULL); + unbecome_root(True); + + return p->ntlmssp_validated; } static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) @@ -486,10 +487,26 @@ static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd) return True; } + +static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd) +{ + return True; +} + static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd) { int i = 0; + if (p->ntlmssp_auth && p->ntlmssp_validated) + { + if (!api_pipe_auth_process(p)) return False; + + DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n")); +#if 0 + become_user(); +#endif + } + for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) { if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) && diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 877abce66e..a3fd579095 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -141,6 +141,17 @@ void cmd_sam_test(struct client_info *info) fprintf(out_hnd, "SAM Encryption Test\n"); + cli_nt_set_ntlmssp_flgs(smb_cli, + NTLMSSP_NEGOTIATE_UNICODE | + NTLMSSP_NEGOTIATE_OEM | + NTLMSSP_NEGOTIATE_SIGN | + NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_LM_KEY | + NTLMSSP_NEGOTIATE_NTLM | + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | + NTLMSSP_NEGOTIATE_00001000 | + NTLMSSP_NEGOTIATE_00002000); + /* open SAMR session. */ res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; @@ -527,9 +538,11 @@ void cmd_sam_enum_aliases(struct client_info *info) fstring alias_names [3]; uint32 num_als_usrs[3]; - fstrcpy(sid , info->dom.level5_sid); - fstrcpy(domain, info->dom.level5_dom); - + fstrcpy(sid , info->dom.level3_sid); + fstrcpy(domain, info->dom.level3_dom); +#if 0 + fstrcpy(sid , "S-1-5-20"); +#endif if (strlen(sid) == 0) { fprintf(out_hnd, "please use 'lsaquery' first, to ascertain the SID\n"); |