diff options
| -rw-r--r-- | source3/include/rpc_netlogon.h | 51 | ||||
| -rw-r--r-- | source3/rpc_parse/parse_net.c | 14 | ||||
| -rw-r--r-- | source3/rpc_server/srv_netlog.c | 8 | ||||
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 14 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 5 |
5 files changed, 77 insertions, 15 deletions
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index 91f85601e3..63ab804acb 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -169,6 +169,57 @@ typedef struct net_user_info_2 { } NET_USER_INFO_2; #endif +/* NET_USER_INFO_2 */ +typedef struct net_user_info_2 { + uint32 ptr_user_info; + + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* username unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_logon_script; /* logon script unicode string header */ + UNIHDR hdr_profile_path; /* profile path unicode string header */ + UNIHDR hdr_home_dir; /* home directory unicode string header */ + UNIHDR hdr_dir_drive; /* home directory drive unicode string header */ + + uint16 logon_count; /* logon count */ + uint16 bad_pw_count; /* bad password count */ + + uint32 user_rid; /* User RID */ + uint32 group_rid; /* Group RID */ + + uint32 num_groups; /* num groups */ + uint32 buffer_groups; /* undocumented buffer pointer to groups. */ + uint32 user_flgs; /* user flags */ + + uint8 user_sess_key[16]; /* user session key */ + + UNIHDR hdr_logon_srv; /* logon server unicode string header */ + UNIHDR hdr_logon_dom; /* logon domain unicode string header */ + + uint32 buffer_dom_id; /* undocumented logon domain id pointer */ + uint8 lm_sess_key[8]; /* lm session key */ + uint32 acct_flags; /* account flags */ + uint32 unknown[7]; /* unknown */ + + UNISTR2 uni_user_name; /* username unicode string */ + UNISTR2 uni_full_name; /* user's full name unicode string */ + UNISTR2 uni_logon_script; /* logon script unicode string */ + UNISTR2 uni_profile_path; /* profile path unicode string */ + UNISTR2 uni_home_dir; /* home directory unicode string */ + UNISTR2 uni_dir_drive; /* home directory drive unicode string */ + + UNISTR2 uni_logon_srv; /* logon server unicode string */ + UNISTR2 uni_logon_dom; /* logon domain unicode string */ + + DOM_SID2 dom_sid; /* domain SID */ +} NET_USER_INFO_2; + /* NET_USER_INFO_3 */ typedef struct net_user_info_3 { uint32 ptr_user_info; diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index e7b1cdc767..fd2bc3cf38 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1295,7 +1295,7 @@ static BOOL net_io_id_info_ctr(const char *desc, NET_ID_INFO_CTR **pp_ctr, prs_s { NET_ID_INFO_CTR *ctr = *pp_ctr; - prs_debug(ps, depth, desc, "smb_io_sam_info"); + prs_debug(ps, depth, desc, "smb_io_sam_info_ctr"); depth++; if (UNMARSHALLING(ps)) { @@ -1323,7 +1323,7 @@ static BOOL net_io_id_info_ctr(const char *desc, NET_ID_INFO_CTR **pp_ctr, prs_s break; default: /* PANIC! */ - DEBUG(4,("smb_io_sam_info: unknown switch_value!\n")); + DEBUG(4,("smb_io_sam_info_ctr: unknown switch_value!\n")); break; } @@ -1350,8 +1350,10 @@ static BOOL smb_io_sam_info(const char *desc, DOM_SAM_INFO *sam, prs_struct *ps, if(!prs_uint32("ptr_rtn_cred ", ps, depth, &sam->ptr_rtn_cred)) return False; - if(!smb_io_cred("", &sam->rtn_cred, ps, depth)) - return False; + if (sam->ptr_rtn_cred) { + if(!smb_io_cred("", &sam->rtn_cred, ps, depth)) + return False; + } if(!prs_uint16("logon_level ", ps, depth, &sam->logon_level)) return False; @@ -1700,7 +1702,7 @@ BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */ return False; - if (usr->buffer_other_sids) { + if (validation_level == 3 && usr->buffer_other_sids) { uint32 num_other_sids = usr->num_other_sids; @@ -1776,7 +1778,7 @@ BOOL net_io_q_sam_logon(const char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, if(!prs_align_uint16(ps)) return False; - + if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level)) return False; diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index a45a7eebf6..567028eec4 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -197,10 +197,10 @@ static BOOL api_net_sam_logon(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!net_io_q_sam_logon("", &q_u, data, 0)) { - DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n")); - return False; - } + if(!net_io_q_sam_logon("", &q_u, data, 0)) { + DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n")); + return False; + } r_u.status = _net_sam_logon(p, &q_u, &r_u); diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index fd78f954cc..d6ec31a985 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -473,7 +473,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", p->dc->remote_machine, p->dc->mach_acct )); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_INVALID_PARAMETER; } DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); @@ -573,7 +573,7 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", p->dc->remote_machine, p->dc->mach_acct )); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_INVALID_PARAMETER; } r_u->status = NT_STATUS_OK; @@ -636,9 +636,13 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * /* store the user information, if there is any. */ r_u->user = usr_info; - r_u->switch_value = 0; /* indicates no info */ r_u->auth_resp = 1; /* authoritative response */ - r_u->switch_value = 3; /* indicates type of validation user info */ + if (q_u->validation_level != 2 && q_u->validation_level != 3) { + DEBUG(0,("_net_sam_logon: bad validation_level value %d.\n", (int)q_u->validation_level )); + return NT_STATUS_ACCESS_DENIED; + } + /* We handle the return of USER_INFO_2 instead of 3 in the parse return. Sucks, I know... */ + r_u->switch_value = q_u->validation_level; /* indicates type of validation user info */ r_u->buffer_creds = 1; /* Ensure we always return server creds. */ if (!get_valid_user_struct(p->vuid)) @@ -662,7 +666,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", p->dc->remote_machine, p->dc->mach_acct )); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_INVALID_PARAMETER; } /* find the username */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 52f922b924..bf0e2ba070 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2537,6 +2537,11 @@ NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CO was observed from a win98 client trying to enumerate users (when configured user level access control on shares) --jerry */ + if (des_access == MAXIMUM_ALLOWED_ACCESS) { + /* Map to max possible knowing we're filtered below. */ + des_access = GENERIC_ALL_ACCESS; + } + se_map_generic( &des_access, &sam_generic_mapping ); info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN); |