diff options
-rw-r--r-- | source3/include/proto.h | 17 | ||||
-rw-r--r-- | source3/include/smb.h | 43 | ||||
-rw-r--r-- | source3/libsmb/credentials.c | 30 | ||||
-rw-r--r-- | source3/libsmb/smbdes.c | 4 | ||||
-rw-r--r-- | source3/smbd/password.c | 97 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 1063 | ||||
-rw-r--r-- | source3/smbd/server.c | 22 | ||||
-rw-r--r-- | source3/smbd/uid.c | 15 |
8 files changed, 1195 insertions, 96 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 009d83db5c..94937daade 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -60,6 +60,15 @@ int process_tar(char *inbuf, char *outbuf); int clipfind(char **aret, int ret, char *tok); int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); +/*The following definitions come from credentials.c */ + +void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, + char *session_key); +void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp, + DOM_CHAL *cred); +int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred, + UTIME timestamp); + /*The following definitions come from dir.c */ void init_dptrs(void); @@ -629,10 +638,11 @@ BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data, char **rdata,char **rparam, int *rdata_len,int *rparam_len); char *dom_sid_to_string(DOM_SID *sid); -BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data, +BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len); +void no_fn(uint uid); /*The following definitions come from predict.c */ @@ -755,7 +765,8 @@ BOOL request_oplock_break(min_share_mode_entry *share_entry, BOOL snum_used(int snum); BOOL reload_services(BOOL test); int setup_groups(char *user, int uid, int gid, int *p_ngroups, - int **p_igroups, gid_t **p_groups); + int **p_igroups, gid_t **p_groups, + int **p_attrs); int make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid); int find_free_file(void ); int reply_corep(char *outbuf); @@ -791,6 +802,8 @@ BOOL smb_shm_get_usage(int *bytes_free, /*The following definitions come from smbdes.c */ +void str_to_key(unsigned char *str,unsigned char *key); +void smbhash(unsigned char *out, unsigned char *in, unsigned char *key); void E_P16(unsigned char *p14,unsigned char *p16); void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); diff --git a/source3/include/smb.h b/source3/include/smb.h index 54ce9e88e8..87fcb22cac 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -877,7 +877,8 @@ Response: */ -struct smb_passwd { +struct smb_passwd +{ int smb_userid; char *smb_name; unsigned char *smb_passwd; /* Null if no password */ @@ -886,12 +887,14 @@ struct smb_passwd { }; -struct current_user { +struct current_user +{ int cnum, id; int uid, gid; int ngroups; gid_t *groups; int *igroups; + int *attrs; }; typedef struct @@ -988,35 +991,63 @@ typedef struct char *user; /* name of user who *opened* this connection */ int uid; /* uid of user who *opened* this connection */ int gid; /* gid of user who *opened* this connection */ + uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ + /* following groups stuff added by ih */ + /* This groups info is valid for the user that *opened* the connection */ int ngroups; gid_t *groups; int *igroups; /* an integer version - some OSes are broken :-( */ + int *attrs; + time_t lastused; BOOL used; int num_files_open; name_compare_entry *hide_list; /* Per-share list of files to return as hidden. */ name_compare_entry *veto_list; /* Per-share list of files to veto (never show). */ + } connection_struct; +/* Domain controller authentication protocol info */ +struct dcinfo +{ + DOM_CHAL clnt_chal; /* Initial challenge received from client */ + DOM_CHAL srv_chal; /* Initial server challenge */ + DOM_CHAL clnt_cred; /* Last client credential */ + DOM_CHAL srv_cred; /* Last server credential */ + + char sess_key[8]; /* Session key */ + uchar md4pw[16]; /* md4(machine password) */ +}; typedef struct { int uid; /* uid of a validated user */ int gid; /* gid of a validated user */ + fstring name; /* name of a validated user */ + fstring real_name; /* to store real name from password file - simeon */ BOOL guest; + /* following groups stuff added by ih */ /* This groups info is needed for when we become_user() for this uid */ - int user_ngroups; - gid_t *user_groups; - int *user_igroups; /* an integer version - some OSes are broken :-( */ + int n_groups; + gid_t *groups; + int *igroups; /* an integer version - some OSes are broken :-( */ + int *attrs; /* attributes associated with each gid */ + #if (defined(NETGROUP) && defined(AUTOMOUNT)) char *home_share; /* to store NIS home of a user - simeon */ #endif - char *real_name; /* to store real name from password file - simeon */ + + int n_sids; + int *sids; + + /* per-user authentication information on NT RPCs */ + struct dcinfo dc; + } user_struct; diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 4c81177fb2..eb1039ddb0 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -30,21 +30,21 @@ Input: 8 byte challenge block Output: 8 byte session key ****************************************************************************/ -void cred_session_key(char *challenge, char *srv_challenge, char *pass, +void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, char *session_key) { uint32 sum[2]; char sum2[8]; char buf[8]; - sum[0] = IVAL(challenge, 0) + IVAL(srv_challenge, 0); - sum[1] = IVAL(challenge, 4) + IVAL(srv_challenge, 4); + sum[0] = IVAL(clnt_chal->data, 0) + IVAL(srv_chal->data, 0); + sum[1] = IVAL(clnt_chal->data, 4) + IVAL(srv_chal->data, 4); SIVAL(sum2,0,sum[0]); SIVAL(sum2,4,sum[1]); - E1(pass,sum2,buf); - E1(pass+9,buf,session_key); + smbhash(pass, sum2, buf); + smbhash(pass+9,buf,session_key); } @@ -59,20 +59,20 @@ Input: Output: 8 byte credential ****************************************************************************/ -void cred_create(char *session_key, char *stored_cred, UTIME timestamp, - char *cred) +void cred_create(char *session_key, DOM_CHAL *stored_cred, UTIME timestamp, + DOM_CHAL *cred) { char key2[7]; char buf[8]; char timecred[8]; - memcpy(timecred, stored_cred, 8); + memcpy(timecred, stored_cred->data, 8); SIVAL(timecred, 0, IVAL(stored_cred, 0) + timestamp.time); - E1(session_key, timecred, buf); + smbhash(session_key, timecred, buf); memset(key2, 0, 7); key2[0] = session_key[7]; - E1(key2, buf, cred); + smbhash(key2, buf, cred->data); } @@ -89,13 +89,13 @@ Output: returns 1 if computed credential matches received credential returns 0 otherwise ****************************************************************************/ -int cred_assert(char *cred, char *session_key, char *stored_cred, - NTTIME timestamp) +int cred_assert(DOM_CHAL *cred, char *session_key, DOM_CHAL *stored_cred, + UTIME timestamp) { - char cred2[8]; + DOM_CHAL cred2; - cred_create(session_key, stored_cred, timestamp, cred2); + cred_create(session_key, stored_cred, timestamp, &cred2); - return memcmp(cred, cred2, 8) == 0; + return memcmp(cred->data, cred2.data, 8) == 0; } diff --git a/source3/libsmb/smbdes.c b/source3/libsmb/smbdes.c index 1c38612b73..b62a160418 100644 --- a/source3/libsmb/smbdes.c +++ b/source3/libsmb/smbdes.c @@ -257,7 +257,7 @@ static void dohash(char *out, char *in, char *key) permute(out, rl, perm6, 64); } -static void str_to_key(unsigned char *str,unsigned char *key) +void str_to_key(unsigned char *str,unsigned char *key) { int i; @@ -275,7 +275,7 @@ static void str_to_key(unsigned char *str,unsigned char *key) } -static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key) +void smbhash(unsigned char *out, unsigned char *in, unsigned char *key) { int i; char outb[64]; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index f4d94791cf..af9be289c7 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -96,10 +96,10 @@ tell random client vuid's (normally zero) from valid vuids. ****************************************************************************/ user_struct *get_valid_user_struct(uint16 vuid) { - if(vuid == UID_FIELD_INVALID) + if (vuid == UID_FIELD_INVALID) return NULL; vuid -= VUID_OFFSET; - if((vuid >= (uint16)num_validated_users) || + if ((vuid >= (uint16)num_validated_users) || (validated_users[vuid].uid == -1) || (validated_users[vuid].gid == -1)) return NULL; return &validated_users[vuid]; @@ -111,19 +111,28 @@ invalidate a uid void invalidate_vuid(uint16 vuid) { user_struct *vuser = get_valid_user_struct(vuid); - if(vuser == 0) - return; + + if (vuser == NULL) return; vuser->uid = -1; vuser->gid = -1; - vuser->user_ngroups = 0; - if(vuser->user_groups && - (vuser->user_groups != (gid_t *)vuser->user_igroups)) - free(vuser->user_groups); - vuser->user_groups = NULL; - if(vuser->user_igroups) - free(vuser->user_igroups); - vuser->user_igroups = NULL; + + vuser->n_sids = 0; + + /* same number of igroups as groups as attrs */ + vuser->n_groups = 0; + + if (vuser->groups && (vuser->groups != (gid_t *)vuser->igroups)) + free(vuser->groups); + + if (vuser->igroups) free(vuser->igroups); + if (vuser->attrs ) free(vuser->attrs); + if (vuser->sids ) free(vuser->sids); + + vuser->attrs = NULL; + vuser->sids = NULL; + vuser->igroups = NULL; + vuser->groups = NULL; } @@ -133,7 +142,7 @@ return a validated username char *validated_username(uint16 vuid) { user_struct *vuser = get_valid_user_struct(vuid); - if(vuser == 0) + if (vuser == NULL) return 0; return(vuser->name); } @@ -156,12 +165,11 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) int home_server_len; #endif struct passwd *pwfile; /* for getting real name from passwd file */ - int real_name_len; #if 0 /* * After observing MS-Exchange services writing to a Samba share - * I belive this code is incorrect. Each service does it's own + * I belive this code is incorrect. Each service does its own * sessionsetup_and_X for the same user, and as each service shuts * down, it does a user_logoff_and_X. As we are consolidating multiple * sessionsetup_and_X's onto the same vuid here, when the first service @@ -174,7 +182,7 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) int i; for(i = 0; i < num_validated_users; i++) { vuser = &validated_users[i]; - if( vuser->uid == uid ) + if ( vuser->uid == uid ) return (uint16)(i + VUID_OFFSET); /* User already validated */ } #endif @@ -198,16 +206,21 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) vuser->guest = guest; strcpy(vuser->name,name); - vuser->user_ngroups = 0; - vuser->user_groups = NULL; - vuser->user_igroups = NULL; + vuser->n_sids = 0; + vuser->sids = NULL; + + vuser->n_groups = 0; + vuser->groups = NULL; + vuser->igroups = NULL; + vuser->attrs = NULL; /* Find all the groups this uid is in and store them. Used by become_user() */ setup_groups(name,uid,gid, - &vuser->user_ngroups, - &vuser->user_igroups, - &vuser->user_groups); + &vuser->n_groups, + &vuser->igroups, + &vuser->groups, + &vuser->attrs); DEBUG(3,("uid %d registered to name %s\n",uid,name)); @@ -215,14 +228,14 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) vuser->home_share = NULL; DEBUG(3, ("Setting default HOMESHR to: \\\\logon server\\HOMES\n")); vuser->home_share = Realloc(vuser->home_share, 32); - strcpy(vuser->home_share,"\\\\%L\\HOMES"); + strcpy(vuser->home_share,"\\\\%L\\%U"); - if (nis_error = yp_get_default_domain(&nis_domain)) + if ((nis_error = yp_get_default_domain(&nis_domain)) != 0) DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error))); DEBUG(3, ("NIS Domain: %s\n", nis_domain)); - if (nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name), - &nis_result, &nis_result_len)) + if ((nis_error = yp_match(nis_domain, nis_map, vuser->name, strlen(vuser->name), + &nis_result, &nis_result_len)) != 0) DEBUG(3, ("YP Error: %s\n", yperr_string(nis_error))); if (!nis_error && lp_nis_home_map()) { home_server_len = strcspn(nis_result,":"); @@ -237,19 +250,13 @@ uint16 register_vuid(int uid,int gid, char *name,BOOL guest) } #endif - vuser->real_name = NULL; DEBUG(3, ("Clearing default real name\n")); - vuser->real_name = Realloc(vuser->real_name, 15); - strcpy(vuser->real_name, "<Full Name>\0"); + fstrcpy(vuser->real_name, "<Full Name>\0"); if (lp_unix_realname()) { - if((pwfile=getpwnam(vuser->name))!= NULL) + if ((pwfile=getpwnam(vuser->name))!= NULL) { DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->name,pwfile->pw_gecos)); - real_name_len = strcspn(pwfile->pw_gecos, ","); - DEBUG(3, ("Real name length: %d\n", real_name_len)); - vuser->real_name = (char *)Realloc(vuser->real_name, real_name_len+1); - strncpy(vuser->real_name, pwfile->pw_gecos, real_name_len); - vuser->real_name[real_name_len]='\0'; + fstrcpy(vuser->real_name, pwfile->pw_gecos); } } @@ -702,7 +709,7 @@ static int linux_bigcrypt(char *password,char *salt1, char *crypted) for ( i=strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) { char * p = crypt(password,salt) + 2; - if(strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0) + if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0) return(0); password += LINUX_PASSWORD_SEG_CHARS; crypted += strlen(p); @@ -826,10 +833,10 @@ BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned cha unsigned char p21[21]; unsigned char p24[24]; - if(part_passwd == NULL) + if (part_passwd == NULL) DEBUG(10,("No password set - allowing access\n")); /* No password set - always true ! */ - if(part_passwd == NULL) + if (part_passwd == NULL) return 1; memset(p21,'\0',21); @@ -905,7 +912,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) DEBUG(4,("SMB Password - pwlen = %d, challenge_done = %d\n", pwlen, challenge_done)); - if((pwlen == 24) && challenge_done) + if ((pwlen == 24) && challenge_done) { DEBUG(4,("Checking SMB password for user %s (l=24)\n",user)); @@ -916,28 +923,28 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) } smb_pass = get_smbpwnam(user); - if(!smb_pass) + if (!smb_pass) { DEBUG(3,("Couldn't find user %s in smb_passwd file.\n", user)); return(False); } /* Ensure the uid's match */ - if(smb_pass->smb_userid != pass->pw_uid) + if (smb_pass->smb_userid != pass->pw_uid) { DEBUG(3,("Error : UNIX and SMB uids in password files do not match !\n")); return(False); } - if(Protocol >= PROTOCOL_NT1) + if (Protocol >= PROTOCOL_NT1) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ - if(smb_pass->smb_nt_passwd != NULL) + if (smb_pass->smb_nt_passwd != NULL) { DEBUG(4,("Checking NT MD4 password\n")); - if(smb_password_check(password, + if (smb_password_check(password, smb_pass->smb_nt_passwd, (unsigned char *)challenge)) { @@ -1080,7 +1087,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) } /* give up? */ - if(level < 1) + if (level < 1) { update_protected_database(user,False); diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 6937412e29..5a6da643d9 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -492,13 +492,13 @@ static void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len) hdr->reserved = 0; /* reserved */ } -static void make_rpc_reply(char *inbuf, char *q, int data_len) +static int make_rpc_reply(char *inbuf, char *q, int data_len) { uint32 callid = RIVAL(inbuf, 12); RPC_HDR hdr; create_rpc_reply(&hdr, callid, data_len); - smb_io_rpc_hdr(False, &hdr, q, q, 4); + return smb_io_rpc_hdr(False, &hdr, q, q, 4) - q; } static int lsa_reply_open_policy(char *q, char *base) @@ -723,30 +723,22 @@ static int lsa_reply_lookup_rids(char *q, char *base, return q - start; } -static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c, char chal[8], int status) +static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c, + DOM_CHAL *srv_chal, int status) { - memcpy(r_c->srv_chal.data, chal, sizeof(r_c->srv_chal.data)); + memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(r_c->srv_chal.data)); r_c->status = status; } -#if 0 - char chal[8]; - /* PAXX: set these to random values */ - for (int i = 0; i < 8; i+++) - { - chal[i] = 0xA5; - } -#endif - static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base, - char chal[8]) + DOM_CHAL *srv_chal) { char *start = q; LSA_R_REQ_CHAL r_c; /* set up the LSA REQUEST CHALLENGE response */ - make_lsa_r_req_chal(&r_c, chal, 0); + make_lsa_r_req_chal(&r_c, srv_chal, 0); /* store the response in the SMB stream */ q = lsa_io_r_req_chal(False, &r_c, q, base, 4); @@ -1083,7 +1075,7 @@ static void api_lsa_lookup_names( char *param, char *data, *rdata_len = reply_len + 0x18; } -BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data, +BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, int mdrcnt,int mprcnt, char **rdata,char **rparam, int *rdata_len,int *rparam_len) @@ -1193,4 +1185,1043 @@ BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data, return True; } +static void api_lsa_req_chal( user_struct *vuser, + char *param, char *data, + char **rdata, int *rdata_len ) +{ + int reply_len; + + int i; + LSA_Q_REQ_CHAL q_r; + + fstring mach_acct; + struct smb_passwd *smb_pass; + + /* grab the challenge... */ + lsa_io_q_req_chal(True, &q_r, data + 0x18, data + 0x18, 4); + + fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer)); + + DEBUG(1,("logonsrv=%s unicomp=%s\n", + unistr2(q_r.uni_logon_srv .buffer), + mach_acct)); + + strcat(mach_acct, "$"); + + smb_pass = get_smbpwnam(mach_acct); + if (smb_pass != NULL) + { + memcpy(vuser->dc.md4pw, smb_pass->smb_nt_passwd, sizeof(vuser->dc.md4pw)); + } + else + { + /* No such machine account. Should error out here, but we'll + print and carry on */ + DEBUG(1,("No account in domain at REQCHAL for %s\n", mach_acct)); + } + + { + char foo[16]; + for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", vuser->dc.md4pw[i]); + DEBUG(1,("pass %s %s\n", mach_acct, foo)); + } + + /* from client / server challenges and md4 password, generate sess key */ + cred_session_key(&(vuser->dc.clnt_chal), &(vuser->dc.srv_chal), + vuser->dc.md4pw, vuser->dc.sess_key); + + /* copy the client credentials for later use */ + memcpy(vuser->dc.srv_chal.data, q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data)); + memcpy(vuser->dc.srv_cred.data, q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data)); + + /* create a server challenge for the client */ + /* PAXX: set these to random values. */ + /* lkcl: paul, you mentioned that it doesn't really matter much */ + for (i = 0; i < 8; i++) + { + vuser->dc.srv_chal.data[i] = 0xA5; + } + + /* construct reply. return status is always 0x0 */ + reply_len = lsa_reply_req_chal(&q_r, *rdata + 0x18, *rdata + 0x18, + &(vuser->dc.srv_chal)); + + /* construct header, now that we know the reply length */ + reply_len += make_rpc_reply(data, *rdata, reply_len); + + *rdata_len = reply_len; +} + +void no_fn(uint uid) +{ + user_struct *vuser = get_valid_user_struct(uid); + DEBUG(3,("Username of UID %d is %s\n", vuser->uid, vuser->name)); +#if defined(NETGROUP) && defined(AUTOMOUNT) + DEBUG(3,("HOMESHR for %s is %s\n", vuser->name, vuser->home_share)); +#endif +} + +#endif /* NTDOMAIN */ + +#ifdef UNDEFINED_NTDOMAIN +/* + PAXX: Someone fix above. + The above API is indexing RPC calls based on RPC flags and + fragment length. I've decided to do it based on operation number :-) +*/ + + BOOL api_ntlsarpcTNP(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + uint16 opnum; + char *q; + char *domainname; + int domlen; + pstring domsid; + char *p; + int numsubauths; + int subauths[MAXSUBAUTHS]; + struct smb_passwd *smb_pass; /* To check if machine account exists */ + pstring machacct; + pstring foo; + uint16 infoclass; + uint16 revision; /* Domain sid revision */ + int identauth; + int i; + char *logonsrv; + char *unicomp; + char *accountname; + uint16 secchanneltype; + uint32 negflags; + char netcred[8]; + uint32 rcvcred[8]; + char rtncred[8]; + uint32 clnttime; + uint32 rtntime; + char *newpass; + uint16 logonlevel; + uint16 switchval; + uint16 dommaxlen; + uint16 paramcontrol; + uint32 logonid[2]; + uint16 usernamelen; + uint16 usernamemaxlen; + uint16 wslen; + uint16 wsmaxlen; + uchar *rc4lmowfpass; + uchar *rc4ntowfpass; + char *domain; + char *username; + char *ws; + struct uinfo *userinfo; + int pkttype; + uchar rc4key[16]; + uchar ntowfpass[16]; + uint32 nentries; + char *policyhandle; + #define MAXSIDS 64 + uchar *sids[MAXSIDS]; /* for lookup SID */ + int nsids; + #define MAXNAMES 64 + uchar *names[MAXNAMES]; + + opnum = SVAL(data,22); + + pkttype = CVAL(data, 2); + if (pkttype == 0x0b) /* RPC BIND */ + { + DEBUG(4,("netlogon rpc bind %x\n",pkttype)); + LsarpcTNP1(data,rdata,rdata_len); + return True; + } + + DEBUG(4,("ntlsa TransactNamedPipe op %x\n",opnum)); + initrpcreply(data, *rdata); + DEBUG(4,("netlogon LINE %d\n",__LINE__)); + switch (opnum) + { + case LSAOPENPOLICY: + DEBUG(1,("LSAOPENPOLICY\n")); + char *q = *rdata + 0x18; + DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q)); + /* return a 20 byte policy handle */ + /* here's a pretty handle:- */ + qSIVAL(time(NULL)); + qSIVAL(0x810a792f); + qSIVAL(0x11d107d5); + qSIVAL(time(NULL)); + qSIVAL(0x6cbcf800); + DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q)); + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); /* size of data plus return code */ + DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q)); + break; + + case LSAQUERYINFOPOLICY: + DEBUG(1,("LSAQUERYINFOPOLICY\n")); + dump_data(1,data,128); + infoclass = SVAL(data, 44); /* also a policy handle but who cares? */ + q = *rdata + 0x18; + qRSIVAL(0x00000022); /* undocumented. Usually a buffer pointer whose + value is ignored */ + qSSVAL(infoclass); + domainname = lp_workgroup(); + domlen = strlen(domainname); + strcpy(domsid,lp_domainsid()); + DEBUG(4,("netlogon LINE %d %lx %s\n",__LINE__, q, domsid)); + /* assume, but should check, that domsid starts "S-" */ + p = strtok(domsid+2,"-"); + revision = atoi(p); + DEBUG(4,("netlogon LINE %d %lx %s rev %d\n",__LINE__, q, p, revision)); + identauth = atoi(strtok(0,"-")); + DEBUG(4,("netlogon LINE %d %lx %s ia %d\n",__LINE__, q, p, identauth)); + numsubauths = 0; + while (p = strtok(0, "-")) + subauths[numsubauths++] = atoi(p); + DEBUG(4,("netlogon LINE %d %lx\n",__LINE__, q)); + + switch (infoclass) + { + case 5: + case 3: + default: + qSSVAL(0); /* 2 undocumented bytes */ + qSSVAL(domlen*2); + qSSVAL(domlen*2); /* unicode domain len and maxlen */ + qSIVAL(4); /* domain buffer pointer */ + qSIVAL(2); /* domain sid pointer */ + qunistr(domainname); + qSIVAL(numsubauths); + qSCVAL(revision); + qSCVAL(numsubauths); + qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */ + qRSIVAL(identauth); /* next 4 bytes */ + for (i = 0; i < numsubauths; i++) + { + qSIVAL(subauths[i]); + } + } + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + case LSAENUMTRUSTDOM: + DEBUG(1,("LSAENUMTRUSTDOM\n")); + q = *rdata + 0x18; + qSIVAL(0); /* enumeration context */ + qSIVAL(0); /* entries read */ + qSIVAL(0); /* trust information */ + endrpcreply(data, *rdata, q-*rdata, 0x8000001a, rdata_len); + break; + + case LSACLOSE: + DEBUG(1,("LSACLOSE\n")); + q = *rdata + 0x18; + qSIVAL(0); + qSIVAL(0); + qSIVAL(0); + qSIVAL(0); + qSIVAL(0); + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + case LSAOPENSECRET: + DEBUG(1,("LSAOPENSECRET\n")); + q = *rdata + 0x18; + qSIVAL(0); + qSIVAL(0); + qSIVAL(0); + qSIVAL(0); + qSIVAL(0); + endrpcreply(data, *rdata, q-*rdata, 0xc000034, rdata_len); + break; + + case LSALOOKUPSIDS: + DEBUG(1,("LSAOPENSECRET\n")); + q = data + 0x18; + policyhandle = q; q += 20; + nentries = qIVAL; + DEBUG(4,("lookupsid entries %d\n",nentries)); + q += (2+nentries) * 4; /* skip bufptrs */ + /* now we have nentries sids of the form: + uint32 Subauthority count (SAC) + char Revision + char Subaurity count again + char[6] Identifier authority + [uint32 subauthority] * SAC + */ + for (nsids = 0; nsids < nentries; nsids++) + { + DEBUG(4,("lookupsid q in %lx\n",q)); + sids[nsids] = q; + DEBUG(4,("lookupsid numsubs %d\n",IVAL(q,0))); + q += 4+1+1+6+IVAL(q,0)*4; + DEBUG(4,("lookupsid q %lx\n",q)); + } + /* There's 16 bytes of something after all of that, don't know + what it is though - incorrectly documented */ + + DEBUG(4,("lookupsid line %d\n",__LINE__)); + /* formulate reply */ + q = *rdata + 0x18; + qSIVAL(2); /* bufptr */ + qSIVAL(4); /* number of referenced domains + - need one per each identifier authority in call */ + qSIVAL(2); /* dom bufptr */ + qSIVAL(32); /* max entries */ + qSIVAL(4); /* number of reference domains? */ + + qunihdr(lp_workgroup()); /* reference domain */ + qSIVAL(2); /* sid bufptr */ + + qunihdr("S-1-1"); + qSIVAL(2); /* sid bufptr */ + + qunihdr("S-1-5"); + qSIVAL(2); /* sid bufptr */ + + qunihdr("S-1-3"); + qSIVAL(2); /* sid bufptr */ + + qunistr(lp_workgroup()); + DEBUG(4,("lookupsid line %d\n",__LINE__)); + + strcpy(domsid,lp_domainsid()); + p = strtok(domsid+2,"-"); + revision = atoi(p); + identauth = atoi(strtok(0,"-")); + numsubauths = 0; + while (p = strtok(0, "-")) + subauths[numsubauths++] = atoi(p); + qSIVAL(numsubauths); + qSCVAL(revision); + qSCVAL(numsubauths); + qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */ + qRSIVAL(identauth); /* next 4 bytes */ + DEBUG(4,("lookupsid line %d\n",__LINE__)); + for (i = 0; i < numsubauths; i++) + { + qSIVAL(subauths[i]); + } + DEBUG(4,("lookupsid line %d\n",__LINE__)); + + qunistr("S-1-1"); + qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */ + DEBUG(4,("lookupsid line %d\n",__LINE__)); + + qunistr("S-1-5"); + qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */ + + qunistr("S-1-3"); + qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */ + + qSIVAL(nentries); + qSIVAL(2); /* bufptr */ + qSIVAL(nentries); + DEBUG(4,("lookupsid line %d\n",__LINE__)); + for (i = 0; i < nentries; i++) + { + qSSVAL(5); /* SID name use ?! */ + qSSVAL(0); /* undocumented */ + DEBUG(4,("lookupsid line %d\n",__LINE__)); + qunihdr(sidtostring(sids[i])); + DEBUG(4,("lookupsid sidname %s\n",sidtostring(sids[i]))); + qSIVAL(0); /* domain index out of above reference domains */ + } + DEBUG(4,("lookupsid line %d\n",__LINE__)); + for (i = 0; i < nentries; i++) + { + qunistr(sidtostring(sids[i])); + } + qSIVAL(nentries); /* mapped count */ + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + case LSALOOKUPNAMES: + DEBUG(1,("LSALOOKUPNAMES\n")); + q = data + 0x18; + policyhandle = q; q += 20; + nentries = qIVAL; + DEBUG(4,("lookupnames entries %d\n",nentries)); + q += 4; /* skip second count */ + q += 8 * nentries; /* skip pointers */ + for (nnames = 0; nnames < nentries; nnames++) + { + names[nnames] = q; /* set name string to unicode header */ + q += IVAL(q,0)*2; /* guessing here */ + } + /* There's a translated sids structure next but it looks fals */ + + DEBUG(4,("lookupnames line %d\n",__LINE__)); + /* formulate reply */ + q = *rdata + 0x18; + qSIVAL(2); /* bufptr */ + qSIVAL(4); /* number of referenced domains + - need one per each identifier authority in call */ + qSIVAL(2); /* dom bufptr */ + qSIVAL(32); /* max entries */ + qSIVAL(4); /* number of reference domains? */ + + qunihdr(lp_workgroup()); /* reference domain */ + qSIVAL(2); /* sid bufptr */ + + qunihdr("S-1-1"); + qSIVAL(2); /* sid bufptr */ + + qunihdr("S-1-5"); + qSIVAL(2); /* sid bufptr */ + + qunihdr("S-1-3"); + qSIVAL(2); /* sid bufptr */ + + qunistr(lp_workgroup()); + DEBUG(4,("lookupnames line %d\n",__LINE__)); + + strcpy(domsid,lp_domainsid()); + p = strtok(domsid+2,"-"); + revision = atoi(p); + identauth = atoi(strtok(0,"-")); + numsubauths = 0; + while (p = strtok(0, "-")) + subauths[numsubauths++] = atoi(p); + qSIVAL(numsubauths); + qSCVAL(revision); + qSCVAL(numsubauths); + qRSSVAL(0); /* PAXX: FIX! first 2 bytes identifier authority */ + qRSIVAL(identauth); /* next 4 bytes */ + DEBUG(4,("lookupsid line %d\n",__LINE__)); + for (i = 0; i < numsubauths; i++) + { + qSIVAL(subauths[i]); + } + DEBUG(4,("lookupsid line %d\n",__LINE__)); + + qunistr("S-1-1"); + qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(1); /* S-1-1 */ + DEBUG(4,("lookupsid line %d\n",__LINE__)); + + qunistr("S-1-5"); + qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(5); /* S-1-5 */ + + qunistr("S-1-3"); + qSIVAL(0); qSCVAL(1); qSCVAL(0); qRSSVAL(0); qRSIVAL(3); /* S-1-3 */ + + qSIVAL(nentries); + qSIVAL(2); /* bufptr */ + qSIVAL(nentries); + DEBUG(4,("lookupnames line %d\n",__LINE__)); + for (i = 0; i < nentries; i++) + { + qSSVAL(5); /* SID name use 5 == well known sid, 1 == user sid see showacls */ + qSSVAL(5); /* undocumented */ + DEBUG(4,("lookupnames line %d\n",__LINE__)); + qSIVAL(nametorid(names[i])); + DEBUG(4,("lookupnames nametorid %d\n",nametorid(names[i]))); + qSIVAL(0); /* domain index out of above reference domains */ + } + qSIVAL(nentries); /* mapped count */ + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + default: + DEBUG(4, ("NTLSARPC, unknown code: %lx\n", opnum)); + } + return(True); +} + + BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + uint16 opnum; + char *q; + char *domainname; + int domlen; + pstring domsid; + char *p; + int numsubauths; + int subauths[MAXSUBAUTHS]; + struct smb_passwd *smb_pass; /* To check if machine account exists */ + pstring machacct; + pstring foo; + uint16 infoclass; + uint16 revision; /* Domain sid revision */ + int identauth; + int i; + char *logonsrv; + char *unicomp; + char *accountname; + uint16 secchanneltype; + uint32 negflags; + char netcred[8]; + uint32 rcvcred[8]; + char rtncred[8]; + uint32 clnttime; + uint32 rtntime; + char *newpass; + uint16 logonlevel; + uint16 switchval; + uint16 dommaxlen; + uint16 paramcontrol; + uint32 logonid[2]; + uint16 usernamelen; + uint16 usernamemaxlen; + uint16 wslen; + uint16 wsmaxlen; + uchar *rc4lmowfpass; + uchar *rc4ntowfpass; + char *domain; + char *username; + char *ws; + struct uinfo *userinfo; + int pkttype; + ArcfourContext c; + uchar rc4key[16]; + uchar ntowfpass[16]; + + opnum = SVAL(data,22); + + pkttype = CVAL(data, 2); + if (pkttype == 0x0b) /* RPC BIND */ + { + DEBUG(4,("netlogon rpc bind %x\n",pkttype)); + LsarpcTNP1(data,rdata,rdata_len); + return True; + } + + DEBUG(4,("netlogon TransactNamedPipe op %x\n",opnum)); + initrpcreply(data, *rdata); + DEBUG(4,("netlogon LINE %d\n",__LINE__)); + switch (opnum) + { + case LSAREQCHAL: + DEBUG(1,("LSAREQCHAL\n")); + q = data + 0x18; + dump_data(1,q,128); + logonsrv = q + 16; /* first 16 bytes, buffer ptr, + unicode lenghts */ + q = skip_unicode_string(logonsrv,1) + 12; + q = align4(q, data); + unicomp = q; + q = skip_unicode_string(unicomp,1); + + + DEBUG(1,("logonsrv=%s unicomp=%s\n", + unistr(logonsrv), + unistr(unicomp))); + + dcauth[cnum].chal[0] = IVAL(q, 0); + dcauth[cnum].chal[1] = IVAL(q, 4); + dcauth[cnum].cred[0] = IVAL(q, 0); /* this looks weird (tridge) */ + dcauth[cnum].cred[1] = IVAL(q, 4); + +DEBUG(1,("NL: client challenge %08x %08x\n", dcauth[cnum].chal[0],dcauth[cnum].chal[1])); + + /* PAXX: set these to random values */ + dcauth[cnum].svrchal[0] = 0x11111111; + dcauth[cnum].svrchal[1] = 0x22222222; + dcauth[cnum].svrcred[0] = 0x11111111; + dcauth[cnum].svrcred[1] = 0x22222222; + strcpy(machacct,unistr(unicomp)); + strcat(machacct, "$"); + smb_pass = get_smbpwnam(machacct); + if(smb_pass) + memcpy(dcauth[cnum].md4pw, smb_pass->smb_nt_passwd, 16); + else + { + /* No such machine account. Should error out here, but we'll + print and carry on */ + DEBUG(1,("No account in domain at REQCHAL for %s\n", machacct)); + } + for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",dcauth[cnum].md4pw[i]); + DEBUG(1,("pass %s %s\n", machacct, foo)); + setsesskey(cnum); + q = *rdata + 0x18; + qSIVAL(dcauth[cnum].svrchal[0]); + qSIVAL(dcauth[cnum].svrchal[1]); + +DEBUG(1,("NL: server challenge %08x %08x\n", + dcauth[cnum].svrchal[0],dcauth[cnum].svrchal[1])); + + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + case LSAAUTH2: + DEBUG(1,("LSAAUTH2\n")); + dump_data(1,q,128); + q = data + 0x18; + logonsrv = q + 16; + q = skip_unicode_string(logonsrv,1)+12; + q = align4(q, data); + accountname = q; + + q = skip_unicode_string(accountname,1); + secchanneltype = qSVAL; + q += 12; + q = align4(q, data); + unicomp = q; + dump_data(1,unicomp,32); + q = skip_unicode_string(unicomp,1); + rcvcred[0] = qIVAL; + rcvcred[1] = qIVAL; + q = align4(q, data); + negflags = qIVAL; + DEBUG(3,("AUTH2 logonsrv=%s accountname=%s unicomp=%s %lx %lx %lx\n", + unistr(logonsrv), unistr(accountname), unistr(unicomp), + rcvcred[0], rcvcred[1], negflags)); + +DEBUG(1,("NL: recvcred %08x %08x negflags=%08x\n", + rcvcred[0], rcvcred[1], negflags)); + + checkcred(cnum, rcvcred[0], rcvcred[1], 0); + q = *rdata + 0x18; + makecred(cnum, 0, q); + q += 8; + + qSIVAL(negflags); + /* update stored client credentials */ + dcauth[cnum].cred[0] = dcauth[cnum].svrcred[0] = rcvcred[0]; + dcauth[cnum].cred[1] = dcauth[cnum].svrcred[1] = rcvcred[1]; + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + case LSASVRPWSET: + DEBUG(1,("LSASVRPWSET\n")); + q = data + 0x18; + dump_data(1,q,128); + logonsrv = q + 16; + q = skip_unicode_string(logonsrv,1)+12; + q = align4(q, data); + accountname = q; + q = skip_unicode_string(accountname,1); + secchanneltype = qSVAL; + q += 12; + q = align4(q, data); + unicomp = q; + q = skip_unicode_string(unicomp,1); + rcvcred[0] = qIVAL; + rcvcred[1] = qIVAL; + clnttime = qIVAL; + + DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s\n", + unistr(logonsrv), unistr(accountname), unistr(unicomp))); + + checkcred(cnum, rcvcred[0], rcvcred[1], clnttime); + DEBUG(3,("PWSET %lx %lx %lx %lx\n", rcvcred[0], rcvcred[1], clnttime, negflags)); + newpass = q; + + DEBUG(1,("PWSET logonsrv=%s accountname=%s unicomp=%s newpass=%s\n", + unistr(logonsrv), unistr(accountname), unistr(unicomp), newpass)); + + /* PAXX: For the moment we'll reject these */ + /* TODO Need to set newpass in smbpasswd file for accountname */ + q = *rdata + 0x18; + makecred(cnum, clnttime+1, q); + q += 8; + qSIVAL(0); /* timestamp. Seems to be ignored */ + + dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1; + + endrpcreply(data, *rdata, q-*rdata, 0xc000006a, rdata_len); + break; + + case LSASAMLOGON: + DEBUG(1,("LSASAMLOGON\n")); + dump_data(1,data,128); + q = data + 0x18; + logonsrv = q + 16; + DEBUG(1,("SMLOG %d\n", __LINE__)); + q = skip_unicode_string(logonsrv,1)+16; + q = align4(q, data); + unicomp = q; + q = skip_unicode_string(unicomp,1)+4; + DEBUG(1,("SMLOG %d logonsrv=%s unicomp=%s\n", + __LINE__, unistr(logonsrv), unistr(unicomp))); + q = align4(q, data); + rcvcred[0] = qIVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + rcvcred[1] = qIVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + clnttime = qIVAL; + checkcred(cnum, rcvcred[0], rcvcred[1], clnttime); + q += 2; + rtncred[0] = qIVAL; /* all these are ignored */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + rtncred[1] = qIVAL; + rtntime = qIVAL; + logonlevel = qSVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + switchval = qSVAL; + switch (switchval) + { + case 1: + + q += 6; + domlen = qSVAL; + dommaxlen = qSVAL; q += 4; + paramcontrol = qIVAL; + logonid[0] = qIVAL; /* low part */ + logonid[1] = qIVAL; /* high part */ + + usernamelen = qSVAL; + + DEBUG(1,("SMLOG %d\n", __LINE__)); + usernamemaxlen = qSVAL; q += 4; + + DEBUG(1,("usernamelen=%d maxlen=%d dommaxlen=%d\n", + usernamelen, usernamemaxlen, dommaxlen)); + + dump_data(1,q,128); + + wslen = qSVAL; + wsmaxlen = qSVAL; q += 4; + rc4lmowfpass = q; q += 16; + rc4ntowfpass = q; q += 16; + + q += 12; domain = q; q += dommaxlen + 12; + q = align4(q, data); + username = q; q += usernamemaxlen + 12; + q = align4(q, data); + ws = q; + DEBUG(1,("domain=%s username=%s ws=%s\n", + unistr(domain), unistr(username), + unistr(ws))); + break; + default: + DEBUG(0,("unknown switch in SAMLOGON %d\n", + switchval)); + } + for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",username[i]); + DEBUG(1,("userNAME %s [%s]\n", foo, username)); + DEBUG(1,("SMLOG %d\n", __LINE__)); + q = *rdata + 0x18; + qSIVAL(0x16a4b4); /* magic buffer pointer ? */ + makecred(cnum, clnttime+1, q); + dcauth[cnum].svrcred[0] = dcauth[cnum].cred[0] = dcauth[cnum].cred[0] + clnttime + 1; + q += 8; + qSIVAL(0); /* timestamp. client doesn't care */ + qSSVAL(3); /* switch value 3. May be others? */ + qSSVAL(0); /* undocumented */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + + memset(rc4key, 0, sizeof rc4key); + SIVAL(rc4key, 0, dcauth[cnum].sesskey[0]); + SIVAL(rc4key, 4, dcauth[cnum].sesskey[1]); + for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",rc4ntowfpass[i]); + DEBUG(1,("rc4ntowf %s\n", foo)); + arcfour_init(&c, rc4key, sizeof rc4key); + arcfour_encrypt(&c, ntowfpass, rc4ntowfpass, sizeof ntowfpass); + for(i=0;i<16;i++) sprintf(foo+i*2,"%02x",ntowfpass[i]); + DEBUG(1,("ntowf %s\n", foo)); + + if(!(userinfo = getuserinfo(username, usernamelen, ntowfpass))) { + qSIVAL(0); /* no buffer */ + qSCVAL(1); /* Authoratitive. Change if passthrough? */ + qSCVAL(0); /* pad for above boolean */ + qSSVAL(0); /* pad for above boolean */ + + endrpcreply(data, *rdata, q-*rdata, 0xc0000064, rdata_len); + break; + } + + qSIVAL(2); /* another magic bufptr? */ + DEBUG(1,("SMLOG %d %lx\n", __LINE__, userinfo)); + qSIVAL(userinfo->logontime[0]); qSIVAL(userinfo->logontime[1]); + qSIVAL(userinfo->logofftime[0]); qSIVAL(userinfo->logofftime[1]); + DEBUG(1,("SMLOG %d %lx\n", __LINE__, userinfo->passlastsettime[1])); + qSIVAL(userinfo->kickofftime[0]); qSIVAL(userinfo->kickofftime[1]); + qSIVAL(userinfo->passlastsettime[0]); qSIVAL(userinfo->passlastsettime[1]); + qSIVAL(userinfo->passcanchgtime[0]); qSIVAL(userinfo->passcanchgtime[1]); + qSIVAL(userinfo->passmustchgtime[0]); qSIVAL(userinfo->passmustchgtime[1]); + DEBUG(1,("SMLOG %d %s\n", __LINE__, userinfo->effectivename)); + qunihdr(userinfo->effectivename); + qunihdr(userinfo->fullname); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qunihdr(userinfo->logonscript); + qunihdr(userinfo->profilepath); + qunihdr(userinfo->homedirectory); + qunihdr(userinfo->homedirectorydrive); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSSVAL(userinfo->logoncount); + qSSVAL(userinfo->badpwcount); + qSIVAL(userinfo->uid); + qSIVAL(userinfo->gid); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSIVAL(userinfo->ngroups); + qSIVAL(8); /* ptr to groups */ + qSIVAL(userinfo->userflags); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSIVAL(0); qSIVAL(0); qSIVAL(0); qSIVAL(0); /* unused user session key */ + qunihdr(userinfo->logonserver); + qunihdr(userinfo->logondomain); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSIVAL(2); /* logon domain id ptr */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + memset(q,0,40); q += 40; /* expansion room */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSIVAL(userinfo->nsids); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSIVAL(0); /* ptr to sids and values */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + qunistr(userinfo->effectivename); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qunistr(userinfo->fullname); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qunistr(userinfo->logonscript); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qunistr(userinfo->profilepath); + qunistr(userinfo->homedirectory); + qunistr(userinfo->homedirectorydrive); + DEBUG(1,("SMLOG %d\n", __LINE__)); + qSIVAL(userinfo->ngroups); + for (i = 0; i < userinfo->ngroups; i++) + { + qSIVAL(userinfo->groups[i].gid); + qSIVAL(userinfo->groups[i].attr); + } + qunistr(userinfo->logonserver); + qunistr(userinfo->logondomain); + for (i = 0; i < userinfo->nsids; i++) + { + /* put the extra sids: PAXX: TODO */ + } + /* Assumption. This is the only domain, sending our SID */ + /* PAXX: may want to do passthrough later */ + strcpy(domsid,lp_domainsid()); + DEBUG(4,("netlogon LINE %d %lx %s\n",__LINE__, q, domsid)); + /* assume, but should check, that domsid starts "S-" */ + p = strtok(domsid+2,"-"); + revision = atoi(p); + DEBUG(4,("netlogon LINE %d %lx %s rev %d\n",__LINE__, q, p, revision)); + identauth = atoi(strtok(0,"-")); + DEBUG(4,("netlogon LINE %d %lx %s ia %d\n",__LINE__, q, p, identauth)); + numsubauths = 0; + while (p = strtok(0, "-")) + subauths[numsubauths++] = atoi(p); + qSIVAL(numsubauths); + qSCVAL(revision); + qSCVAL(numsubauths); + qRSSVAL(0); /* PAXX: FIX. first 2 bytes identifier authority */ + qRSIVAL(identauth); /* next 4 bytes */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + for (i = 0; i < numsubauths; i++) + { + qSIVAL(subauths[i]); + } + qSCVAL(1); /* Authoratitive. Change if passthrough? */ + qSCVAL(0); /* pad for above boolean */ + qSSVAL(0); /* pad for above boolean */ + + endrpcreply(data, *rdata, q-*rdata, 0, rdata_len); + break; + + case LSASAMLOGOFF: + DEBUG(1,("LSASAMLOGOFF\n")); + q = data + 0x18; + logonsrv = q + 16; + DEBUG(1,("SAMLOGOFF %d\n", __LINE__)); + unicomp = skip_unicode_string(logonsrv,1)+16; + if (strlen(unistr(logonsrv)) % 2 == 0) + q += 2; + DEBUG(1,("SMLOG %d\n", __LINE__)); + q = skip_unicode_string(unicomp,1)+4; + if (strlen(unistr(unicomp)) % 2 == 0) + q += 2; + DEBUG(1,("SMLOG %d\n", __LINE__)); + rcvcred[0] = qIVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + rcvcred[1] = qIVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + clnttime = qIVAL; + checkcred(cnum, rcvcred[0], rcvcred[1], clnttime); + q += 4; + rtncred[0] = qIVAL; /* all these are ignored */ + DEBUG(1,("SMLOG %d\n", __LINE__)); + rtncred[1] = qIVAL; + rtntime = qIVAL; + logonlevel = qSVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + switchval = qSVAL; + switch (switchval) + { + case 1: + q += 4; + domlen = qSVAL; + dommaxlen = qSVAL; q += 4; + paramcontrol = qIVAL; + logonid[0] = qIVAL; /* low part */ + logonid[1] = qIVAL; /* high part */ + usernamelen = qSVAL; + DEBUG(1,("SMLOG %d\n", __LINE__)); + usernamemaxlen = qSVAL; q += 4; + wslen = qSVAL; + wsmaxlen = qSVAL; q += 4; + rc4lmowfpass = q; q += 16; + rc4ntowfpass = q; q += 16; + q += 12; domain = q; q += dommaxlen + 12; + if ((domlen/2) % 2 != 0) q += 2; + username = q; q += usernamemaxlen + 12; /* PAXX: HACK */ + if ((usernamelen/2) % 2 != 0) q += 2; + ws = q; + break; + default: DEBUG(0, ("unknown switch in SAMLOGON %d\n",switchval)); + } + DEBUG(1,("SAMLOGOFF %s\n", unistr(username))); + default: + DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum)); + } + return(True); +} + +static void checkcred(int cnum, uint32 cred0, uint32 cred1, uint32 time) +{ + uint32 sum[2]; + char netdata[8]; + char netsesskey[8]; + char calccred[8]; + char icv[8]; + char key2[7]; + + SIVAL(netdata, 0, dcauth[cnum].cred[0]+time); + SIVAL(netdata, 4, dcauth[cnum].cred[1]); + SIVAL(netsesskey, 0, dcauth[cnum].sesskey[0]); + SIVAL(netsesskey, 4, dcauth[cnum].sesskey[1]); + E1(netsesskey,netdata,icv); + memset(key2, 0, sizeof key2); + key2[0] = netsesskey[7]; + E1(key2, icv, calccred); + if (IVAL(calccred,0) != cred0 || + IVAL(calccred,4) != cred1) + { + DEBUG(1,("Incorrect client credential received cred %lx %lx time %lx sk %lx %lx cred %lx %lx expcred %lx %lx\n", + cred0, cred1, time, + dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1], + dcauth[cnum].cred[0], dcauth[cnum].cred[1], + IVAL(calccred,0), IVAL(calccred,4))); + /* PAXX: do something about it! */ + } else + DEBUG(4,("Correct client credential received chal %lx %lx time %lx sk %lx %lx cred %lx %lx expcred %lx %lx\n", + cred0, cred1, time, + dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1], + dcauth[cnum].cred[0], dcauth[cnum].cred[1], + IVAL(calccred,0), IVAL(calccred,4))); +} + +static void makecred(int cnum, uint32 time, char *calccred) +{ + uint32 sum[2]; + char netdata[8]; + char netsesskey[8]; + char icv[8]; + char key2[7]; + + SIVAL(netdata, 0, dcauth[cnum].svrcred[0]+time); + SIVAL(netdata, 4, dcauth[cnum].svrcred[1]); + SIVAL(netsesskey, 0, dcauth[cnum].sesskey[0]); + SIVAL(netsesskey, 4, dcauth[cnum].sesskey[1]); + E1(netsesskey,netdata,icv); + memset(key2, 0, sizeof key2); + key2[0] = netsesskey[7]; + E1(key2, icv, calccred); + DEBUG(4,("Server credential: chal %lx %lx sk %lx %lx cred %lx %lx calc %lx %lx\n", + dcauth[cnum].svrchal[0], dcauth[cnum].svrchal[1], + dcauth[cnum].sesskey[0], dcauth[cnum].sesskey[1], + dcauth[cnum].svrcred[0], dcauth[cnum].svrcred[1], + IVAL(calccred, 0), IVAL(calccred, 4))); +} + +static void setsesskey(int cnum) +{ + uint32 sum[2]; + char netsum[8]; + char netsesskey[8]; + char icv[8]; + + sum[0] = dcauth[cnum].chal[0] + dcauth[cnum].svrchal[0]; + sum[1] = dcauth[cnum].chal[1] + dcauth[cnum].svrchal[1]; + SIVAL(netsum,0,sum[0]); + SIVAL(netsum,4,sum[1]); + E1(dcauth[cnum].md4pw,netsum,icv); + E1(dcauth[cnum].md4pw+9,icv,netsesskey); + dcauth[cnum].sesskey[0] = IVAL(netsesskey,0); + dcauth[cnum].sesskey[1] = IVAL(netsesskey,4); + +DEBUG(1,("NL: session key %08x %08x\n", + dcauth[cnum].sesskey[0], + dcauth[cnum].sesskey[1])); +} + +static struct uinfo *getuserinfo(char *user, int len, char *ntowfpass) +{ + static struct uinfo u; + static pstring fullnm; + static pstring ascuser; + extern pstring myname; + static pstring stme; + static pstring stdom; + struct smb_passwd *smb_pass; + + strcpy(ascuser,unistr(user)); + ascuser[len/2] = 0; /* PAXX: FIXMEFIXMEFIXME */ + DEBUG(1,("GETUSER username :%s: len=%d\n",ascuser, len)); + + smb_pass = get_smbpwnam(ascuser); + if(!smb_pass) + return 0; + DEBUG(1,("GETU %d\n", __LINE__)); + if (memcmp(ntowfpass, smb_pass->smb_nt_passwd, 16)) { + DEBUG(1,("pass mismatch:\n")); + dump_data(1,ntowfpass,16); + dump_data(1,smb_pass->smb_nt_passwd,16); + return 0; + } + + DEBUG(1,("GETU %d\n", __LINE__)); + u.logontime[0] = 0xffffffff; u.logontime[1] = 0x7fffffff; + u.logofftime[0] = 0xffffffff; u.logofftime[1] = 0x7fffffff; + u.kickofftime[0] = 0xffffffff; u.kickofftime[1] = 0x7fffffff; + DEBUG(1,("GETU %d\n", __LINE__)); + u.passlastsettime[0] = 0xffffffff; u.passlastsettime[1] = 0x7fffffff; + u.passcanchgtime[0] = 0xffffffff; u.passcanchgtime[1] = 0x7fffffff; + u.passmustchgtime[0] = 0xffffffff; u.passmustchgtime[1] = 0x7fffffff; + DEBUG(1,("GETU %d\n", __LINE__)); + u.effectivename = ascuser; + strcpy(fullnm, "Full name of "); + strcat(fullnm, ascuser); + DEBUG(1,("GETU %d\n", __LINE__)); + u.fullname = fullnm; + u.logonscript = "foologin.cmd"; + u.profilepath = "prof"; + u.homedirectory = "foohomes"; + DEBUG(1,("GETU %d\n", __LINE__)); + u.homedirectorydrive = "a:"; + u.logoncount = 7; + u.badpwcount = 8; + u.uid = 778; + DEBUG(1,("GETU %d\n", __LINE__)); + u.gid = 998; + u.ngroups = 2; + u.groups = (struct groupinfo *)(malloc(sizeof (struct groupinfo) * 2)); + u.groups[0].gid = 776; + DEBUG(1,("GETU %d\n", __LINE__)); + u.groups[0].attr = 0x7; + u.groups[1].gid = 776; + u.groups[1].attr = 0x7; + u.userflags = 0x20; + u.logonserver = stme; + get_myname(myname,NULL); + strcpy(stme, myname); + strupper(stme); + DEBUG(1,("LS %s\n", u.logonserver)); + u.logondomain = stdom; + strcpy(stdom, lp_workgroup()); + strupper(stdom); + DEBUG(1,("DOM %s\n", u.logondomain)); + u.nsids = 0; + u.sids = 0; + DEBUG(1,("GETU %d\n", __LINE__)); + return &u; +}; + + #endif /* NTDOMAIN */ diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d387b7375b..1c31f69389 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -3003,7 +3003,8 @@ static int sig_hup() Setup the groups a user belongs to. ****************************************************************************/ int setup_groups(char *user, int uid, int gid, int *p_ngroups, - int **p_igroups, gid_t **p_groups) + int **p_igroups, gid_t **p_groups, + int **p_attrs) { if (-1 == initgroups(user,gid)) { @@ -3018,19 +3019,25 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups, { int i,ngroups; int *igroups; + int *attrs; gid_t grp = 0; ngroups = getgroups(0,&grp); if (ngroups <= 0) ngroups = 32; igroups = (int *)malloc(sizeof(int)*ngroups); + attrs = (int *)malloc(sizeof(int)*ngroups); for (i=0;i<ngroups;i++) + { + attrs [i] = 0x7; /* XXXX don't know what NT user attributes are yet! */ igroups[i] = 0x42424242; + } ngroups = getgroups(ngroups,(gid_t *)igroups); if (igroups[0] == 0x42424242) ngroups = 0; *p_ngroups = ngroups; + *p_attrs = attrs; /* The following bit of code is very strange. It is due to the fact that some OSes use int* and some use gid_t* for @@ -3052,16 +3059,18 @@ int setup_groups(char *user, int uid, int gid, int *p_ngroups, groups_use_ints = False; if (groups_use_ints) - { + { *p_igroups = igroups; *p_groups = (gid_t *)igroups; - } + } else - { + { gid_t *groups = (gid_t *)igroups; igroups = (int *)malloc(sizeof(int)*ngroups); for (i=0;i<ngroups;i++) + { igroups[i] = groups[i]; + } *p_igroups = igroups; *p_groups = (gid_t *)groups; } @@ -3270,12 +3279,15 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de /* groups stuff added by ih */ pcon->ngroups = 0; + pcon->igroups = NULL; pcon->groups = NULL; + pcon->attrs = NULL; if (!IS_IPC(cnum)) { /* Find all the groups this uid is in and store them. Used by become_user() */ - setup_groups(pcon->user,pcon->uid,pcon->gid,&pcon->ngroups,&pcon->igroups,&pcon->groups); + setup_groups(pcon->user,pcon->uid,pcon->gid, + &pcon->ngroups,&pcon->igroups,&pcon->groups,&pcon->attrs); /* check number of connections */ if (!claim_connection(cnum, diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index cdc4e474c6..78614a5b5c 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -227,13 +227,17 @@ BOOL become_user(int cnum, uint16 vuid) if (Connections[cnum].force_user || lp_security() == SEC_SHARE || !(vuser) || (vuser->guest) || - !check_user_ok(cnum,vuser,snum)) { + !check_user_ok(cnum,vuser,snum)) + { uid = Connections[cnum].uid; gid = Connections[cnum].gid; current_user.groups = Connections[cnum].groups; current_user.igroups = Connections[cnum].igroups; current_user.ngroups = Connections[cnum].ngroups; - } else { + current_user.attrs = vuser->attrs; + } + else + { if (!vuser) { DEBUG(2,("Invalid vuid used %d\n",vuid)); return(False); @@ -243,9 +247,10 @@ BOOL become_user(int cnum, uint16 vuid) gid = vuser->gid; else gid = Connections[cnum].gid; - current_user.groups = vuser->user_groups; - current_user.igroups = vuser->user_igroups; - current_user.ngroups = vuser->user_ngroups; + current_user.ngroups = vuser->n_groups; + current_user.groups = vuser->groups; + current_user.igroups = vuser->igroups; + current_user.attrs = vuser->attrs; } if (initial_uid == 0) |