summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in2
-rw-r--r--source3/include/proto.h10
-rw-r--r--source3/libsmb/clientgen.c18
-rw-r--r--source3/passdb/smbpass.c4
-rw-r--r--source3/passdb/smbpassfile.c36
-rw-r--r--source3/rpc_client/cli_login.c6
-rw-r--r--source3/rpc_client/cli_lsarpc.c4
-rw-r--r--source3/rpc_client/cli_netlogon.c11
-rw-r--r--source3/rpc_parse/parse_net.c69
-rw-r--r--source3/rpcclient/cmd_netlogon.c75
-rw-r--r--source3/rpcclient/rpcclient.c16
-rw-r--r--source3/smbd/password.c25
-rw-r--r--source3/smbd/process.c2
13 files changed, 205 insertions, 73 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 3906b365b8..35e98e025b 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -192,9 +192,9 @@ RPCCLIENT_OBJ = rpcclient/rpcclient.o \
rpcclient/cmd_wkssvc.o \
rpcclient/cmd_samr.o \
rpcclient/cmd_srvsvc.o \
+ rpcclient/cmd_netlogon.o \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
-# rpcclient/cmd_netlogon.o
SMBWRAPPER_OBJ = smbwrapper/smbw.o smbwrapper/wrapped.o \
smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 411f923ba8..09fe5b0873 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1189,6 +1189,7 @@ BOOL trust_password_unlock(void);
BOOL trust_password_delete( char *domain, char *name );
BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
BOOL set_trust_account_password( unsigned char *md4_new_pwd);
+BOOL trust_get_passwd( unsigned char trust_passwd[16], char *myname, char *domain);
/*The following definitions come from printing/pcap.c */
@@ -1452,6 +1453,11 @@ void make_q_srv_pwset(NET_Q_SRV_PWSET *q_s, char *logon_srv, char *acct_name,
uint16 sec_chan, char *comp_name, DOM_CRED *cred, char nt_cypher[16]);
void net_io_q_srv_pwset(char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth);
void net_io_r_srv_pwset(char *desc, NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth);
+void make_id_info1(NET_ID_INFO_1 *id, char *domain_name,
+ uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
+ char *user_name, char *wksta_name,
+ char sess_key[16],
+ unsigned char lm_cypher[16], unsigned char nt_cypher[16]);
void make_id_info2(NET_ID_INFO_2 *id, char *domain_name,
uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
char *user_name, char *wksta_name,
@@ -1911,6 +1917,10 @@ BOOL api_wkssvc_rpc(pipes_struct *p, prs_struct *data);
void cmd_lsa_query_info(struct client_info *info);
void cmd_lsa_lookup_sids(struct client_info *info);
+/*The following definitions come from rpcclient/cmd_netlogon.c */
+
+void cmd_netlogon_login_test(struct client_info *info);
+
/*The following definitions come from rpcclient/cmd_samr.c */
void cmd_sam_ntchange_pwd(struct client_info *info);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 64e67c5522..a6ffb57834 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -2494,15 +2494,25 @@ BOOL cli_establish_connection(struct cli_state *cli,
if (cli->pwd.cleartext || cli->pwd.null_pwd)
{
- /* attempt clear-text session */
-
fstring passwd;
+ int pass_len;
- pwd_get_cleartext(&(cli->pwd), passwd);
+ if (cli->pwd.null_pwd)
+ {
+ /* attempt null session */
+ passwd[0] = 0;
+ pass_len = 1;
+ }
+ else
+ {
+ /* attempt clear-text session */
+ pwd_get_cleartext(&(cli->pwd), passwd);
+ pass_len = strlen(passwd);
+ }
/* attempt clear-text session */
if (!cli_session_setup(cli, cli->user_name,
- passwd, strlen(passwd),
+ passwd, pass_len,
NULL, 0,
cli->domain))
{
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index eefc30382b..bde696290d 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -330,8 +330,8 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
pwfile = getpwnam(pw_buf->smb_name);
if (pwfile == NULL)
{
- DEBUG(0,"getsmbfile21pwent: smbpasswd database is corrupt!\n"));
- DEBUG(0,"getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
+ DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
+ DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
return NULL;
}
diff --git a/source3/passdb/smbpassfile.c b/source3/passdb/smbpassfile.c
index 8542ad081d..13a1a9f508 100644
--- a/source3/passdb/smbpassfile.c
+++ b/source3/passdb/smbpassfile.c
@@ -24,6 +24,8 @@ extern int DEBUGLEVEL;
static int gotalarm;
int pw_file_lock_depth = 0;
+BOOL global_machine_password_needs_changing = False;
+
/***************************************************************
Signal function to tell us we timed out.
****************************************************************/
@@ -318,3 +320,37 @@ account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
fflush(mach_passwd_fp);
return True;
}
+
+BOOL trust_get_passwd( unsigned char trust_passwd[16], char *myname, char *domain)
+{
+ time_t lct;
+
+ /*
+ * Get the machine account password.
+ */
+ if(!trust_password_lock( myname, domain, False)) {
+ DEBUG(0,("domain_client_validate: unable to open the machine account password file for \
+machine %s in domain %s.\n", myname, domain ));
+ return False;
+ }
+
+ if(get_trust_account_password( trust_passwd, &lct) == False) {
+ DEBUG(0,("domain_client_validate: unable to read the machine account password for \
+machine %s in domain %s.\n", myname, domain ));
+ trust_password_unlock();
+ return False;
+ }
+
+ trust_password_unlock();
+
+ /*
+ * Here we check the last change time to see if the machine
+ * password needs changing. JRA.
+ */
+
+ if(time(NULL) > lct + lp_machine_password_timeout())
+ {
+ global_machine_password_needs_changing = True;
+ }
+ return True;
+}
diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index abe471379b..1b12828550 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -83,7 +83,7 @@ BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd)
{
unsigned char processed_new_pwd[16];
- DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__));
+ DEBUG(5,("cli_nt_srv_pwset: %d\n", __LINE__));
#ifdef DEBUG_PASSWORD
dump_data(6, new_hashof_mach_pwd, 16);
@@ -96,7 +96,6 @@ BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd)
return cli_net_srv_pwset(cli, processed_new_pwd);
}
-#if UNUSED_CODE
/****************************************************************************
NT login - interactive.
*NEVER* use this code. This method of doing a logon (sending the cleartext
@@ -149,7 +148,6 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
return ret;
}
-#endif
/****************************************************************************
NT login - network.
@@ -177,7 +175,6 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
return cli_net_sam_logon(cli, ctr, user_info3);
}
-#if UNUSED_CODE
/****************************************************************************
NT Logoff.
****************************************************************************/
@@ -188,4 +185,3 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
/* Send client sam-logoff request - update credentials on success. */
return cli_net_sam_logoff(cli, ctr);
}
-#endif
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index d010ae4e29..c280929417 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -58,11 +58,11 @@ BOOL do_lsa_open_policy(struct cli_state *cli,
if (sec_qos)
{
make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000);
- make_q_open_pol(&q_o, server_name, 0, 0, &qos);
+ make_q_open_pol(&q_o, 0x5c, 0, 0, &qos);
}
else
{
- make_q_open_pol(&q_o, server_name, 0, 0x1, NULL);
+ make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL);
}
/* turn parameters into data stream */
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 2671bac773..9c81b73692 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -391,7 +391,6 @@ password ?).\n", cli->desthost ));
return ok;
}
-#if UNUSED_CODE
/***************************************************************************
LSA SAM Logoff.
@@ -465,7 +464,6 @@ password ?).\n", cli->desthost ));
return ok;
}
-#endif
/*********************************************************
Change the domain password on the PDC.
@@ -605,6 +603,7 @@ BOOL change_trust_account_password( char *domain, char *remote_machine_list)
unsigned char old_trust_passwd_hash[16];
unsigned char new_trust_passwd_hash[16];
time_t lct;
+ BOOL res;
if(!get_trust_account_password( old_trust_passwd_hash, &lct)) {
DEBUG(0,("change_trust_account_password: unable to read the machine \
@@ -629,10 +628,16 @@ domain %s.\n", timestring(), domain));
* Return the result of trying to write the new password
* back into the trust account file.
*/
- return set_trust_account_password(new_trust_passwd_hash);
+ res = set_trust_account_password(new_trust_passwd_hash);
+ memset(new_trust_passwd_hash, 0, 16);
+ memset(old_trust_passwd_hash, 0, 16);
+ return res;
}
}
+ memset(new_trust_passwd_hash, 0, 16);
+ memset(old_trust_passwd_hash, 0, 16);
+
DEBUG(0,("%s : change_trust_account_password: Failed to change password for \
domain %s.\n", timestring(), domain));
return False;
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index 12d6aca264..2fc0d12446 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -539,6 +539,75 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids)
}
/*******************************************************************
+makes a NET_ID_INFO_1 structure.
+********************************************************************/
+void make_id_info1(NET_ID_INFO_1 *id, char *domain_name,
+ uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
+ char *user_name, char *wksta_name,
+ char sess_key[16],
+ unsigned char lm_cypher[16], unsigned char nt_cypher[16])
+{
+ int len_domain_name = strlen(domain_name);
+ int len_user_name = strlen(user_name );
+ int len_wksta_name = strlen(wksta_name );
+
+ unsigned char lm_owf[16];
+ unsigned char nt_owf[16];
+
+ if (id == NULL) return;
+
+ DEBUG(5,("make_id_info1: %d\n", __LINE__));
+
+ id->ptr_id_info1 = 1;
+
+ make_uni_hdr(&(id->hdr_domain_name), len_domain_name, len_domain_name, 4);
+
+ id->param_ctrl = param_ctrl;
+ make_logon_id(&(id->logon_id), log_id_low, log_id_high);
+
+ make_uni_hdr(&(id->hdr_user_name ), len_user_name , len_user_name , 4);
+ make_uni_hdr(&(id->hdr_wksta_name ), len_wksta_name , len_wksta_name , 4);
+
+ if (lm_cypher && nt_cypher)
+ {
+ unsigned char key[16];
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm cypher:"));
+ dump_data(100, lm_cypher, 16);
+
+ DEBUG(100,("nt cypher:"));
+ dump_data(100, nt_cypher, 16);
+#endif
+
+ memset(key, 0, 16);
+ memcpy(key, sess_key, 16);
+
+ memcpy(lm_cypher, lm_owf, 16);
+ SamOEMhash(lm_owf, key, False);
+ memcpy(lm_cypher, lm_owf, 16);
+ SamOEMhash(nt_owf, key, False);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("encrypt of lm owf password:"));
+ dump_data(100, lm_owf, 16);
+
+ DEBUG(100,("encrypt of nt owf password:"));
+ dump_data(100, nt_owf, 16);
+#endif
+ /* set up pointers to cypher blocks */
+ lm_cypher = lm_owf;
+ nt_cypher = nt_owf;
+ }
+
+ make_owf_info(&(id->lm_owf), lm_cypher);
+ make_owf_info(&(id->nt_owf), nt_cypher);
+
+ make_unistr2(&(id->uni_domain_name), domain_name, len_domain_name);
+ make_unistr2(&(id->uni_user_name ), user_name , len_user_name );
+ make_unistr2(&(id->uni_wksta_name ), wksta_name , len_wksta_name );
+}
+
+/*******************************************************************
reads or writes an NET_ID_INFO_1 structure.
********************************************************************/
static void net_io_id_info1(char *desc, NET_ID_INFO_1 *id, prs_struct *ps, int depth)
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 40bb257072..88510c95e7 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -43,7 +43,13 @@ experimental nt login.
****************************************************************************/
void cmd_netlogon_login_test(struct client_info *info)
{
+ extern BOOL global_machine_password_needs_changing;
+
+ fstring nt_user_name;
+ fstring password;
BOOL res = True;
+ char *nt_password;
+ unsigned char trust_passwd[16];
/* machine account passwords */
pstring new_mach_pwd;
@@ -51,7 +57,28 @@ void cmd_netlogon_login_test(struct client_info *info)
/* initialisation */
new_mach_pwd[0] = 0;
- DEBUG(5,("do_nt_login_test: %d\n", __LINE__));
+ if (!next_token(NULL, nt_user_name, NULL, sizeof(nt_user_name)))
+ {
+ fstrcpy(nt_user_name, smb_cli->user_name);
+ if (nt_user_name[0] == 0)
+ {
+ fprintf(out_hnd,"ntlogin: must specify username with anonymous connection\n");
+ return;
+ }
+ }
+
+ if (next_token(NULL, password, NULL, sizeof(password)))
+ {
+ nt_password = password;
+ }
+ else
+ {
+ nt_password = getpass("Enter NT Login password:");
+ }
+
+ DEBUG(5,("do_nt_login_test: username %s\n", nt_user_name));
+
+ res = res ? trust_get_passwd(trust_passwd, info->myhostname, smb_cli->domain) : False;
#if 0
/* check whether the user wants to change their machine password */
@@ -60,38 +87,40 @@ void cmd_netlogon_login_test(struct client_info *info)
info->mach_acct, new_mach_pwd) : False;
#endif
/* open NETLOGON session. negotiate credentials */
- res = res ? do_nt_session_open(smb_cli,
- info->dest_host, info->myhostname,
- info->mach_acct,
- smb_cli->user_name, smb_cli->domain,
- info->dom.sess_key, &info->dom.clnt_cred) : False;
+ res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, False) : False;
+
+ res = res ? cli_nt_setup_creds(smb_cli, trust_passwd) : False;
/* change the machine password? */
- if (new_mach_pwd != NULL && new_mach_pwd[0] != 0)
+ if (global_machine_password_needs_changing)
{
- res = res ? do_nt_srv_pwset(smb_cli, info->dom.lsarpc_fnum,
- info->dom.sess_key, &info->dom.clnt_cred, &info->dom.rtn_cred,
- new_mach_pwd,
- info->dest_host, info->mach_acct, info->myhostname) : False;
+ unsigned char new_trust_passwd[16];
+ generate_random_buffer(new_trust_passwd, 16, True);
+ res = res ? cli_nt_srv_pwset(smb_cli, new_trust_passwd) : False;
+
+ if (res)
+ {
+ global_machine_password_needs_changing = !set_trust_account_password(new_trust_passwd);
+ }
+
+ memset(new_trust_passwd, 0, 16);
}
- /* create the user-identification info */
- make_nt_login_interactive(&info->dom.ctr,
- info->dom.sess_key,
- smb_cli->domain, info->myhostname,
- getuid(), smb_cli->user_name);
+ memset(trust_passwd, 0, 16);
/* do an NT login */
- res = res ? do_nt_login(smb_cli, info->dom.lsarpc_fnum,
- info->dom.sess_key, &info->dom.clnt_cred, &info->dom.rtn_cred,
- &info->dom.ctr, info->dest_host, info->myhostname, &info->dom.user_info3) : False;
+ res = res ? cli_nt_login_interactive(smb_cli,
+ smb_cli->domain, nt_user_name,
+ getuid(), nt_password,
+ &info->dom.ctr, &info->dom.user_info3) : False;
+
+ /*** clear out the password ***/
+ memset(password, 0, sizeof(password));
/* ok! you're logged in! do anything you like, then... */
-
+
/* do an NT logout */
- res = res ? do_nt_logoff(smb_cli, info->dom.lsarpc_fnum,
- info->dom.sess_key, &info->dom.clnt_cred, &info->dom.rtn_cred,
- &info->dom.ctr, info->dest_host, info->myhostname) : False;
+ res = res ? cli_nt_logoff(smb_cli, &info->dom.ctr) : False;
/* close the session */
cli_nt_session_close(smb_cli);
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 7d1df61bb7..ba7f7d0180 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -105,15 +105,13 @@ struct
char *description;
} commands[] =
{
-#if 0
- {"ntlogin", cmd_netlogon_login_test, "<username> NT Domain login test"},
-#endif
- {"wksinfo", cmd_wks_query_info, "DCE/RPC - Workstation Query Info"},
- {"srvinfo", cmd_srv_query_info, "DCE/RPC - Server Query Info"},
- {"srvsessions",cmd_srv_enum_sess, "DCE/RPC - List sessions on a server"},
- {"srvshares", cmd_srv_enum_shares, "DCE/RPC - List shares on a server"},
- {"srvconnections",cmd_srv_enum_conn, "DCE/RPC - List connections on a server"},
- {"srvfiles", cmd_srv_enum_files, "DCE/RPC - List files on a server"},
+ {"ntlogin", cmd_netlogon_login_test, "[username] [password] NT Domain login test"},
+ {"wksinfo", cmd_wks_query_info, "Workstation Query Info"},
+ {"srvinfo", cmd_srv_query_info, "Server Query Info"},
+ {"srvsessions",cmd_srv_enum_sess, "List sessions on a server"},
+ {"srvshares", cmd_srv_enum_shares, "List shares on a server"},
+ {"srvconnections",cmd_srv_enum_conn, "List connections on a server"},
+ {"srvfiles", cmd_srv_enum_files, "List files on a server"},
{"lsaquery", cmd_lsa_query_info, "Query Info Policy (domain member or server)"},
{"lookupsids", cmd_lsa_lookup_sids, "Resolve names from SIDs"},
{"enumusers", cmd_sam_enum_users, "SAM User Database Query (experimental!)"},
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 761313b688..45d4d72863 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -24,8 +24,6 @@
extern int DEBUGLEVEL;
extern int Protocol;
-BOOL global_machine_pasword_needs_changing;
-
/* users from session setup */
static pstring session_users="";
@@ -1136,7 +1134,6 @@ BOOL domain_client_validate( char *user, char *domain,
unsigned char local_lm_response[24];
unsigned char local_nt_reponse[24];
unsigned char trust_passwd[16];
- time_t lct;
fstring remote_machine;
char *p;
struct in_addr dest_ip;
@@ -1193,29 +1190,11 @@ BOOL domain_client_validate( char *user, char *domain,
/*
* Get the machine account password.
*/
- if(!trust_password_lock( global_myworkgroup, global_myname, False)) {
- DEBUG(0,("domain_client_validate: unable to open the machine account password file for \
-machine %s in domain %s.\n", global_myname, global_myworkgroup ));
- return False;
- }
-
- if(get_trust_account_password( trust_passwd, &lct) == False) {
- DEBUG(0,("domain_client_validate: unable to read the machine account password for \
-machine %s in domain %s.\n", global_myname, global_myworkgroup ));
- trust_password_unlock();
+ if (!trust_get_passwd( trust_passwd, global_myworkgroup, global_myname))
+ {
return False;
}
- trust_password_unlock();
-
- /*
- * Here we check the last change time to see if the machine
- * password needs changing. JRA.
- */
-
- if(time(NULL) > lct + lp_machine_password_timeout())
- global_machine_pasword_needs_changing = True;
-
/*
* At this point, smb_apasswd points to the lanman response to
* the challenge in local_challenge, and smb_ntpasswd points to
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 6e1bdc941a..9c00d6fc00 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -49,7 +49,7 @@ extern char *InBuffer;
extern char *OutBuffer;
extern int smb_read_error;
extern BOOL reload_after_sighup;
-extern BOOL global_machine_pasword_needs_changing;
+extern BOOL global_machine_password_needs_changing;
extern fstring global_myworkgroup;
extern pstring global_myname;
extern int max_send;