diff options
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 118 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 678 | ||||
-rw-r--r-- | source3/rpc_client/cli_svcctl.c | 211 | ||||
-rw-r--r-- | source3/rpc_client/init_lsa.c | 29 | ||||
-rw-r--r-- | source3/rpc_client/init_netlogon.c | 220 |
5 files changed, 608 insertions, 648 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index a4c5331008..1fb0205f29 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -128,13 +128,16 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, char **names, enum lsa_SidType *types) { - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_SIDS q; - LSA_R_LOOKUP_SIDS r; - DOM_R_REF ref; NTSTATUS result = NT_STATUS_OK; TALLOC_CTX *tmp_ctx = NULL; int i; + struct lsa_SidArray sid_array; + struct lsa_RefDomainList *ref_domains = NULL; + struct lsa_TransNameArray lsa_names; + uint32_t count = 0; + uint16_t level = 1; + + ZERO_STRUCT(lsa_names); tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -143,38 +146,42 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, goto done; } - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1); - - ZERO_STRUCT(ref); + sid_array.num_sids = num_sids; + sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids); + if (!sid_array.sids) { + return NT_STATUS_NO_MEMORY; + } - r.dom_ref = &ref; + for (i = 0; i<num_sids; i++) { + sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]); + if (!sid_array.sids[i].sid) { + return NT_STATUS_NO_MEMORY; + } + } - CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_sids, - lsa_io_r_lookup_sids, - NT_STATUS_UNSUCCESSFUL ); + result = rpccli_lsa_LookupSids(cli, mem_ctx, + pol, + &sid_array, + &ref_domains, + &lsa_names, + level, + &count); DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n", - nt_errstr(r.status), r.mapped_count)); + nt_errstr(result), count)); - if (!NT_STATUS_IS_OK(r.status) && - !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) && - !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && + !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { /* An actual error occured */ - result = r.status; goto done; } /* Return output parameters */ - if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) || - (r.mapped_count == 0)) + if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || + (count == 0)) { for (i = 0; i < num_sids; i++) { (names)[i] = NULL; @@ -186,21 +193,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, } for (i = 0; i < num_sids; i++) { - fstring name, dom_name; - uint32 dom_idx = r.names.name[i].domain_idx; + const char *name, *dom_name; + uint32_t dom_idx = lsa_names.names[i].sid_index; /* Translate optimised name through domain index array */ if (dom_idx != 0xffffffff) { - rpcstr_pull_unistr2_fstring( - dom_name, &ref.ref_dom[dom_idx].uni_dom_name); - rpcstr_pull_unistr2_fstring( - name, &r.names.uni_name[i]); + dom_name = ref_domains->domains[dom_idx].name.string; + name = lsa_names.names[i].name.string; (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); - (types)[i] = r.names.name[i].sid_name_use; + (types)[i] = lsa_names.names[i].sid_type; if (((names)[i] == NULL) || ((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); @@ -348,29 +353,32 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, DOM_SID **sids, enum lsa_SidType **types) { - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_NAMES q; - LSA_R_LOOKUP_NAMES r; - DOM_R_REF ref; NTSTATUS result; int i; + struct lsa_String *lsa_names = NULL; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TransSidArray sid_array; + uint32_t count = 0; - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - ZERO_STRUCT(ref); - r.dom_ref = &ref; + ZERO_STRUCT(sid_array); - init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level); + lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names); + if (!lsa_names) { + return NT_STATUS_NO_MEMORY; + } - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_names, - lsa_io_r_lookup_names, - NT_STATUS_UNSUCCESSFUL); + for (i=0; i<num_names; i++) { + init_lsa_String(&lsa_names[i], names[i]); + } - result = r.status; + result = rpccli_lsa_LookupNames(cli, mem_ctx, + pol, + num_names, + lsa_names, + &domains, + &sid_array, + level, + &count); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { @@ -382,7 +390,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, /* Return output parameters */ - if (r.mapped_count == 0) { + if (count == 0) { result = NT_STATUS_NONE_MAPPED; goto done; } @@ -417,9 +425,8 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, } for (i = 0; i < num_names; i++) { - DOM_RID *t_rids = r.dom_rid; - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; + uint32_t dom_idx = sid_array.sids[i].sid_index; + uint32_t dom_rid = sid_array.sids[i].rid; DOM_SID *sid = &(*sids)[i]; /* Translate optimised sid through domain index array */ @@ -431,20 +438,19 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, continue; } - sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + sid_copy(sid, domains->domains[dom_idx].sid); if (dom_rid != 0xffffffff) { sid_append_rid(sid, dom_rid); } - (*types)[i] = t_rids[i].type; + (*types)[i] = sid_array.sids[i].sid_type; if (dom_names == NULL) { continue; } - (*dom_names)[i] = rpcstr_pull_unistr2_talloc( - *dom_names, &ref.ref_dom[dom_idx].uni_dom_name); + (*dom_names)[i] = domains->domains[dom_idx].name.string; } done: diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index f15340ffec..91e27c5d85 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. NT Domain Authentication SMB / MSRPC client Copyright (C) Andrew Tridgell 1992-2000 @@ -9,12 +9,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -27,57 +27,19 @@ private data. Only call this via rpccli_netlogon_setup_creds(). JRA. */ -static NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *clnt_name, - const DOM_CHAL *clnt_chal_in, - DOM_CHAL *srv_chal_out) -{ - prs_struct qbuf, rbuf; - NET_Q_REQ_CHAL q; - NET_R_REQ_CHAL r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* create and send a MSRPC command with api NET_REQCHAL */ - - DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n", - clnt_name, server_name)); - - /* store the parameters */ - init_q_req_chal(&q, server_name, clnt_name, clnt_chal_in); - - /* Marshall data and send request */ - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_REQCHAL, - q, r, - qbuf, rbuf, - net_io_q_req_chal, - net_io_r_req_chal, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - /* Return result */ - - if (NT_STATUS_IS_OK(result)) { - /* Store the returned server challenge. */ - *srv_chal_out = r.srv_chal; - } - - return result; -} +/* instead of rpccli_net_req_chal() we use rpccli_netr_ServerReqChallenge() now - gd */ #if 0 /**************************************************************************** LSA Authenticate 2 Send the client credential, receive back a server credential. -Ensure that the server credential returned matches the session key +Ensure that the server credential returned matches the session key encrypt of the server challenge originally received. JRA. ****************************************************************************/ - NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, - uint16 sec_chan, + NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, + uint16 sec_chan, uint32 *neg_flags, DOM_CHAL *srv_chal) { prs_struct qbuf, rbuf; @@ -90,7 +52,7 @@ encrypt of the server challenge originally received. JRA. fstr_sprintf( machine_acct, "%s$", lp_workgroup() ); else fstrcpy( machine_acct, cli->mach_acct ); - + /* create and send a MSRPC command with api NET_AUTH2 */ DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", @@ -99,8 +61,8 @@ encrypt of the server challenge originally received. JRA. /* store the parameters */ - init_q_auth_2(&q, cli->srv_name_slash, machine_acct, - sec_chan, global_myname(), &cli->clnt_cred.challenge, + init_q_auth_2(&q, cli->srv_name_slash, machine_acct, + sec_chan, global_myname(), &cli->clnt_cred.challenge, *neg_flags); /* turn parameters into data stream */ @@ -116,7 +78,7 @@ encrypt of the server challenge originally received. JRA. if (NT_STATUS_IS_OK(result)) { UTIME zerotime; - + /* * Check the returned value using the initial * server received challenge. @@ -143,106 +105,12 @@ password ?).\n", cli->cli->desthost )); LSA Authenticate 2 Send the client credential, receive back a server credential. - The caller *must* ensure that the server credential returned matches the session key + The caller *must* ensure that the server credential returned matches the session key encrypt of the server challenge originally received. JRA. ****************************************************************************/ -static NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *account_name, - uint16 sec_chan_type, - const char *computer_name, - uint32 *neg_flags_inout, - const DOM_CHAL *clnt_chal_in, - DOM_CHAL *srv_chal_out) -{ - prs_struct qbuf, rbuf; - NET_Q_AUTH_2 q; - NET_R_AUTH_2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* create and send a MSRPC command with api NET_AUTH2 */ +/* instead of rpccli_net_auth2() we use rpccli_netr_ServerAuthenticate2() now - gd */ - DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", - server_name, account_name, sec_chan_type, computer_name, - *neg_flags_inout)); - - /* store the parameters */ - - init_q_auth_2(&q, server_name, account_name, sec_chan_type, - computer_name, clnt_chal_in, *neg_flags_inout); - - /* turn parameters into data stream */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2, - q, r, - qbuf, rbuf, - net_io_q_auth_2, - net_io_r_auth_2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *srv_chal_out = r.srv_chal; - *neg_flags_inout = r.srv_flgs.neg_flags; - } - - return result; -} - -#if 0 /* not currebntly used */ -/**************************************************************************** - LSA Authenticate 3 - - Send the client credential, receive back a server credential. - The caller *must* ensure that the server credential returned matches the session key - encrypt of the server challenge originally received. JRA. -****************************************************************************/ - -static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *account_name, - uint16 sec_chan_type, - const char *computer_name, - uint32 *neg_flags_inout, - const DOM_CHAL *clnt_chal_in, - DOM_CHAL *srv_chal_out) -{ - prs_struct qbuf, rbuf; - NET_Q_AUTH_3 q; - NET_R_AUTH_3 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* create and send a MSRPC command with api NET_AUTH2 */ - - DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", - server_name, account_name, sec_chan_type, computer_name, - credstr(clnt_chal_in->data), *neg_flags_inout)); - - /* store the parameters */ - init_q_auth_3(&q, server_name, account_name, sec_chan_type, - computer_name, clnt_chal_in, *neg_flags_inout); - - /* turn parameters into data stream */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH3, - q, r, - qbuf, rbuf, - net_io_q_auth_3, - net_io_r_auth_3, - NT_STATUS_UNSUCCESSFUL); - - if (NT_STATUS_IS_OK(result)) { - *srv_chal_out = r.srv_chal; - *neg_flags_inout = r.srv_flgs.neg_flags; - } - - return result; -} -#endif /* not currebntly used */ /**************************************************************************** Wrapper function that uses the auth and auth2 calls to set up a NETLOGON @@ -251,17 +119,17 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, ****************************************************************************/ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, - const char *server_name, - const char *domain, - const char *clnt_name, - const char *machine_account, - const unsigned char machine_pwd[16], - uint32 sec_chan_type, - uint32 *neg_flags_inout) + const char *server_name, + const char *domain, + const char *clnt_name, + const char *machine_account, + const unsigned char machine_pwd[16], + enum netr_SchannelType sec_chan_type, + uint32_t *neg_flags_inout) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CHAL clnt_chal_send; - DOM_CHAL srv_chal_recv; + struct netr_Credential clnt_chal_send; + struct netr_Credential srv_chal_recv; struct dcinfo *dc; SMB_ASSERT(cli->pipe_idx == PI_NETLOGON); @@ -288,13 +156,11 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, generate_random_buffer(clnt_chal_send.data, 8); /* Get the server challenge. */ - result = rpccli_net_req_chal(cli, - cli->mem_ctx, - dc->remote_machine, - clnt_name, - &clnt_chal_send, - &srv_chal_recv); - + result = rpccli_netr_ServerReqChallenge(cli, cli->mem_ctx, + dc->remote_machine, + clnt_name, + &clnt_chal_send, + &srv_chal_recv); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -307,20 +173,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, machine_pwd, &clnt_chal_send); - /* - * Send client auth-2 challenge and receive server repy. - */ - - result = rpccli_net_auth2(cli, - cli->mem_ctx, - dc->remote_machine, - dc->mach_acct, - sec_chan_type, - clnt_name, - neg_flags_inout, - &clnt_chal_send, /* input. */ - &srv_chal_recv); /* output */ + /* + * Send client auth-2 challenge and receive server repy. + */ + result = rpccli_netr_ServerAuthenticate2(cli, cli->mem_ctx, + dc->remote_machine, + dc->mach_acct, + sec_chan_type, + clnt_name, + &clnt_chal_send, /* input. */ + &srv_chal_recv, /* output. */ + neg_flags_inout); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -330,7 +194,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, * server received challenge. */ - if (!creds_client_check(dc, &srv_chal_recv)) { + if (!netlogon_creds_client_check(dc, &srv_chal_recv)) { /* * Server replied with bad credential. Fail. */ @@ -358,20 +222,23 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, const char *workstation, int logon_type) { - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON q; - NET_R_SAM_LOGON r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - DOM_CRED ret_creds; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 user; - int validation_level = 3; + struct netr_Authenticator clnt_creds; + struct netr_Authenticator ret_creds; + union netr_LogonLevel *logon; + union netr_Validation validation; + uint8_t authoritative; + int validation_level = 3; fstring clnt_name_slash; + uint8 zeros[16]; - ZERO_STRUCT(q); - ZERO_STRUCT(r); ZERO_STRUCT(ret_creds); + ZERO_STRUCT(zeros); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } if (workstation) { fstr_sprintf( clnt_name_slash, "\\\\%s", workstation ); @@ -379,85 +246,143 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() ); } - /* Initialise input parameters */ + /* Initialise input parameters */ - creds_client_step(cli->dc, &clnt_creds); + netlogon_creds_client_step(cli->dc, &clnt_creds); - q.validation_level = validation_level; + switch (logon_type) { + case INTERACTIVE_LOGON_TYPE: { - ctr.switch_value = logon_type; + struct netr_PasswordInfo *password_info; - switch (logon_type) { - case INTERACTIVE_LOGON_TYPE: { - unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16]; + struct samr_Password lmpassword; + struct samr_Password ntpassword; - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); + unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16]; - init_id_info1(&ctr.auth.id1, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, clnt_name_slash, - (const char *)cli->dc->sess_key, lm_owf_user_pwd, - nt_owf_user_pwd); + unsigned char lm_owf[16]; + unsigned char nt_owf[16]; + unsigned char key[16]; - break; - } - case NET_LOGON_TYPE: { - uint8 chal[8]; - unsigned char local_lm_response[24]; - unsigned char local_nt_response[24]; - - generate_random_buffer(chal, 8); - - SMBencrypt(password, chal, local_lm_response); - SMBNTencrypt(password, chal, local_nt_response); - - init_id_info2(&ctr.auth.id2, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, clnt_name_slash, chal, - local_lm_response, 24, local_nt_response, 24); - break; - } - default: - DEBUG(0, ("switch value %d not supported\n", - ctr.switch_value)); - return NT_STATUS_INVALID_INFO_CLASS; - } + password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo); + if (!password_info) { + return NT_STATUS_NO_MEMORY; + } - r.user = &user; + nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); - init_sam_info(&q.sam_id, cli->dc->remote_machine, global_myname(), - &clnt_creds, &ret_creds, logon_type, - &ctr); +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm cypher:")); + dump_data(100, lm_owf_user_pwd, 16); - /* Marshall data and send request */ + DEBUG(100,("nt cypher:")); + dump_data(100, nt_owf_user_pwd, 16); +#endif + memset(key, 0, 16); + memcpy(key, cli->dc->sess_key, 8); - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON, - q, r, - qbuf, rbuf, - net_io_q_sam_logon, - net_io_r_sam_logon, - NT_STATUS_UNSUCCESSFUL); + memcpy(lm_owf, lm_owf_user_pwd, 16); + SamOEMhash(lm_owf, key, 16); + memcpy(nt_owf, nt_owf_user_pwd, 16); + SamOEMhash(nt_owf, key, 16); - /* Return results */ +#ifdef DEBUG_PASSWORD + DEBUG(100,("encrypt of lm owf password:")); + dump_data(100, lm_owf, 16); - result = r.status; + DEBUG(100,("encrypt of nt owf password:")); + dump_data(100, nt_owf, 16); +#endif + memcpy(lmpassword.hash, lm_owf, 16); + memcpy(ntpassword.hash, nt_owf, 16); + + init_netr_PasswordInfo(password_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + clnt_name_slash, + lmpassword, + ntpassword); + + logon->password = password_info; + + break; + } + case NET_LOGON_TYPE: { + struct netr_NetworkInfo *network_info; + uint8 chal[8]; + unsigned char local_lm_response[24]; + unsigned char local_nt_response[24]; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } + + generate_random_buffer(chal, 8); + + SMBencrypt(password, chal, local_lm_response); + SMBNTencrypt(password, chal, local_nt_response); - if (r.buffer_creds) { + lm.length = 24; + lm.data = local_lm_response; + + nt.length = 24; + nt.data = local_nt_response; + + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + clnt_name_slash, + chal, + nt, + lm); + + logon->network = network_info; + + break; + } + default: + DEBUG(0, ("switch value %d not supported\n", + logon_type)); + return NT_STATUS_INVALID_INFO_CLASS; + } + + result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + cli->dc->remote_machine, + global_myname(), + &clnt_creds, + &ret_creds, + logon_type, + logon, + validation_level, + &validation, + &authoritative); + + if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) { /* Check returned credentials if present. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { + if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; } } - return result; + return result; } -/** - * Logon domain user with an 'network' SAM logon +/** + * Logon domain user with an 'network' SAM logon * * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller. **/ @@ -468,31 +393,47 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, const char *server, const char *username, const char *domain, - const char *workstation, - const uint8 chal[8], + const char *workstation, + const uint8 chal[8], DATA_BLOB lm_response, DATA_BLOB nt_response, - NET_USER_INFO_3 *info3) + struct netr_SamInfo3 **info3) { - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON q; - NET_R_SAM_LOGON r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - NET_ID_INFO_CTR ctr; int validation_level = 3; const char *workstation_name_slash; const char *server_name_slash; uint8 zeros[16]; - DOM_CRED clnt_creds; - DOM_CRED ret_creds; - int i; + struct netr_Authenticator clnt_creds; + struct netr_Authenticator ret_creds; + union netr_LogonLevel *logon = NULL; + struct netr_NetworkInfo *network_info; + uint8_t authoritative; + union netr_Validation validation; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lmsesskey; + + *info3 = NULL; ZERO_STRUCT(zeros); - ZERO_STRUCT(q); - ZERO_STRUCT(r); ZERO_STRUCT(ret_creds); - creds_client_step(cli->dc, &clnt_creds); + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } + + netlogon_creds_client_step(cli->dc, &clnt_creds); if (server[0] != '\\' && server[1] != '\\') { server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server); @@ -513,60 +454,62 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, /* Initialise input parameters */ - q.validation_level = validation_level; - - ctr.switch_value = NET_LOGON_TYPE; + lm.data = lm_response.data; + lm.length = lm_response.length; + nt.data = nt_response.data; + nt.length = nt_response.length; - init_id_info2(&ctr.auth.id2, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, workstation_name_slash, (const uchar*)chal, - lm_response.data, lm_response.length, nt_response.data, nt_response.length); - - init_sam_info(&q.sam_id, server_name_slash, global_myname(), - &clnt_creds, &ret_creds, NET_LOGON_TYPE, - &ctr); + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + workstation_name_slash, + (uint8_t *) chal, + nt, + lm); - r.user = info3; + logon->network = network_info; - /* Marshall data and send request */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON, - q, r, - qbuf, rbuf, - net_io_q_sam_logon, - net_io_r_sam_logon, - NT_STATUS_UNSUCCESSFUL); + /* Marshall data and send request */ - if (memcmp(zeros, info3->user_sess_key, 16) != 0) { - SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16); - } else { - memset(info3->user_sess_key, '\0', 16); + result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + server_name_slash, + global_myname(), + &clnt_creds, + &ret_creds, + NET_LOGON_TYPE, + logon, + validation_level, + &validation, + &authoritative); + if (!NT_STATUS_IS_OK(result)) { + return result; } - if (memcmp(zeros, info3->lm_sess_key, 8) != 0) { - SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8); - } else { - memset(info3->lm_sess_key, '\0', 8); - } + user_session_key = validation.sam3->base.key; + lmsesskey = validation.sam3->base.LMSessKey; - for (i=0; i < 7; i++) { - memset(&info3->unknown[i], '\0', 4); + if (memcmp(zeros, user_session_key.key, 16) != 0) { + SamOEMhash(user_session_key.key, cli->dc->sess_key, 16); } - /* Return results */ - - result = r.status; + if (memcmp(zeros, lmsesskey.key, 8) != 0) { + SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8); + } - if (r.buffer_creds) { + if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) { /* Check returned credentials if present. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { + if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; } } - return result; + *info3 = validation.sam3; + + return result; } NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, @@ -575,26 +518,43 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, const char *server, const char *username, const char *domain, - const char *workstation, - const uint8 chal[8], + const char *workstation, + const uint8 chal[8], DATA_BLOB lm_response, DATA_BLOB nt_response, - NET_USER_INFO_3 *info3) + struct netr_SamInfo3 **info3) { - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON_EX q; - NET_R_SAM_LOGON_EX r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - NET_ID_INFO_CTR ctr; int validation_level = 3; const char *workstation_name_slash; const char *server_name_slash; uint8 zeros[16]; - int i; + union netr_LogonLevel *logon = NULL; + struct netr_NetworkInfo *network_info; + uint8_t authoritative; + union netr_Validation validation; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lmsesskey; + uint32_t flags = 0; + + *info3 = NULL; ZERO_STRUCT(zeros); - ZERO_STRUCT(q); - ZERO_STRUCT(r); + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } if (server[0] != '\\' && server[1] != '\\') { server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server); @@ -615,97 +575,53 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, /* Initialise input parameters */ - q.validation_level = validation_level; - - ctr.switch_value = NET_LOGON_TYPE; + lm.data = lm_response.data; + lm.length = lm_response.length; + nt.data = nt_response.data; + nt.length = nt_response.length; - init_id_info2(&ctr.auth.id2, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, workstation_name_slash, (const uchar*)chal, - lm_response.data, lm_response.length, nt_response.data, - nt_response.length); - - init_sam_info_ex(&q.sam_id, server_name_slash, global_myname(), - NET_LOGON_TYPE, &ctr); + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + workstation_name_slash, + (uint8_t *) chal, + nt, + lm); - r.user = info3; + logon->network = network_info; /* Marshall data and send request */ - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON_EX, - q, r, qbuf, rbuf, - net_io_q_sam_logon_ex, - net_io_r_sam_logon_ex, - NT_STATUS_UNSUCCESSFUL); - - if (memcmp(zeros, info3->user_sess_key, 16) != 0) { - SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16); - } else { - memset(info3->user_sess_key, '\0', 16); + result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx, + server_name_slash, + global_myname(), + NET_LOGON_TYPE, + logon, + validation_level, + &validation, + &authoritative, + &flags); + if (!NT_STATUS_IS_OK(result)) { + return result; } - if (memcmp(zeros, info3->lm_sess_key, 8) != 0) { - SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8); - } else { - memset(info3->lm_sess_key, '\0', 8); - } + user_session_key = validation.sam3->base.key; + lmsesskey = validation.sam3->base.LMSessKey; - for (i=0; i < 7; i++) { - memset(&info3->unknown[i], '\0', 4); + if (memcmp(zeros, user_session_key.key, 16) != 0) { + SamOEMhash(user_session_key.key, cli->dc->sess_key, 16); } - /* Return results */ - - result = r.status; - - return result; -} - -/*************************************************************************** -LSA Server Password Set. -****************************************************************************/ - -NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - const char *machine_name, const uint8 hashed_mach_pwd[16]) -{ - prs_struct rbuf; - prs_struct qbuf; - DOM_CRED clnt_creds; - NET_Q_SRV_PWSET q; - NET_R_SRV_PWSET r; - uint16 sec_chan_type = 2; - NTSTATUS result; - - creds_client_step(cli->dc, &clnt_creds); - - DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n", - cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name)); - - /* store the parameters */ - init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key, - cli->dc->mach_acct, sec_chan_type, machine_name, - &clnt_creds, hashed_mach_pwd); - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET, - q, r, - qbuf, rbuf, - net_io_q_srv_pwset, - net_io_r_srv_pwset, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - /* report error code */ - DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result))); + if (memcmp(zeros, lmsesskey.key, 8) != 0) { + SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8); } - /* Always check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) { - DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } + *info3 = validation.sam3; return result; + + return result; } diff --git a/source3/rpc_client/cli_svcctl.c b/source3/rpc_client/cli_svcctl.c index 95673c1565..b21909fd03 100644 --- a/source3/rpc_client/cli_svcctl.c +++ b/source3/rpc_client/cli_svcctl.c @@ -57,81 +57,6 @@ const char* svc_status_string( uint32 state ) return talloc_strdup(talloc_tos(), msg); } -/******************************************************************** -********************************************************************/ - -WERROR rpccli_svcctl_open_scm(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hSCM, uint32 access_desired ) -{ - SVCCTL_Q_OPEN_SCMANAGER in; - SVCCTL_R_OPEN_SCMANAGER out; - prs_struct qbuf, rbuf; - fstring server; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - /* leave the database name NULL to get the default service db */ - - in.database = NULL; - - /* set the server name */ - - if ( !(in.servername = TALLOC_P( mem_ctx, UNISTR2 )) ) - return WERR_NOMEM; - fstr_sprintf( server, "\\\\%s", cli->cli->desthost ); - init_unistr2( in.servername, server, UNI_STR_TERMINATE ); - - in.access = access_desired; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SCMANAGER_W, - in, out, - qbuf, rbuf, - svcctl_io_q_open_scmanager, - svcctl_io_r_open_scmanager, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( hSCM, &out.handle, sizeof(POLICY_HND) ); - - return out.status; -} - -/******************************************************************** -********************************************************************/ - -WERROR rpccli_svcctl_open_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hSCM, POLICY_HND *hService, - const char *servicename, uint32 access_desired ) -{ - SVCCTL_Q_OPEN_SERVICE in; - SVCCTL_R_OPEN_SERVICE out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hSCM, sizeof(POLICY_HND) ); - init_unistr2( &in.servicename, servicename, UNI_STR_TERMINATE ); - in.access = access_desired; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SERVICE_W, - in, out, - qbuf, rbuf, - svcctl_io_q_open_service, - svcctl_io_r_open_service, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( hService, &out.handle, sizeof(POLICY_HND) ); - - return out.status; -} - /******************************************************************* *******************************************************************/ @@ -204,36 +129,6 @@ WERROR rpccli_svcctl_enumerate_services( struct rpc_pipe_client *cli, TALLOC_CTX /******************************************************************* *******************************************************************/ -WERROR rpccli_svcctl_query_status( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, SERVICE_STATUS *status ) -{ - SVCCTL_Q_QUERY_STATUS in; - SVCCTL_R_QUERY_STATUS out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_QUERY_STATUS, - in, out, - qbuf, rbuf, - svcctl_io_q_query_status, - svcctl_io_r_query_status, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) ); - - return out.status; -} - -/******************************************************************* -*******************************************************************/ - WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *hService, SERVICE_CONFIG *config ) { @@ -304,109 +199,3 @@ WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c return out.status; } - -/******************************************************************* -*******************************************************************/ - -WERROR rpccli_svcctl_start_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, - const char **parm_array, uint32 parmcount ) -{ - SVCCTL_Q_START_SERVICE in; - SVCCTL_R_START_SERVICE out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - - in.parmcount = 0; - in.parameters = NULL; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_START_SERVICE_W, - in, out, - qbuf, rbuf, - svcctl_io_q_start_service, - svcctl_io_r_start_service, - WERR_GENERAL_FAILURE ); - - return out.status; -} - -/******************************************************************* -*******************************************************************/ - -WERROR rpccli_svcctl_control_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, uint32 control, - SERVICE_STATUS *status ) -{ - SVCCTL_Q_CONTROL_SERVICE in; - SVCCTL_R_CONTROL_SERVICE out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - in.control = control; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_CONTROL_SERVICE, - in, out, - qbuf, rbuf, - svcctl_io_q_control_service, - svcctl_io_r_control_service, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) ); - - return out.status; -} - - -/******************************************************************* -*******************************************************************/ - -WERROR rpccli_svcctl_get_dispname( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, fstring displayname ) -{ - SVCCTL_Q_GET_DISPLAY_NAME in; - SVCCTL_R_GET_DISPLAY_NAME out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - in.display_name_len = 0; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME, - in, out, - qbuf, rbuf, - svcctl_io_q_get_display_name, - svcctl_io_r_get_display_name, - WERR_GENERAL_FAILURE ); - - /* second time with correct buffer size...should be ok */ - - if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { - in.display_name_len = out.display_name_len; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME, - in, out, - qbuf, rbuf, - svcctl_io_q_get_display_name, - svcctl_io_r_get_display_name, - WERR_GENERAL_FAILURE ); - } - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - rpcstr_pull( displayname, out.displayname.buffer, sizeof(displayname), -1, STR_TERMINATE ); - - return out.status; -} diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c index 114e435945..fce382ed1b 100644 --- a/source3/rpc_client/init_lsa.c +++ b/source3/rpc_client/init_lsa.c @@ -86,3 +86,32 @@ void init_lsa_obj_attr(struct lsa_ObjectAttribute *r, r->sec_qos = sec_qos; } +/******************************************************************* + Inits a lsa_TranslatedSid structure. +********************************************************************/ + +void init_lsa_translated_sid(struct lsa_TranslatedSid *r, + enum lsa_SidType sid_type, + uint32_t rid, + uint32_t sid_index) +{ + r->sid_type = sid_type; + r->rid = rid; + r->sid_index = sid_index; +} + +/******************************************************************* + Inits a lsa_TranslatedName2 structure. +********************************************************************/ + +void init_lsa_translated_name2(struct lsa_TranslatedName2 *r, + enum lsa_SidType sid_type, + const char *name, + uint32_t sid_index, + uint32_t unknown) +{ + r->sid_type = sid_type; + init_lsa_String(&r->name, name); + r->sid_index = sid_index; + r->unknown = unknown; +} diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c new file mode 100644 index 0000000000..62f1fac626 --- /dev/null +++ b/source3/rpc_client/init_netlogon.c @@ -0,0 +1,220 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_SamBaseInfo(struct netr_SamBaseInfo *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags) +{ + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->acct_expiry = acct_expiry; + r->last_password_change = last_password_change; + r->allow_password_change = allow_password_change; + r->force_password_change = force_password_change; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + r->logon_count = logon_count; + r->bad_password_count = bad_password_count; + r->rid = rid; + r->primary_gid = primary_gid; + r->groups = groups; + r->user_flags = user_flags; + r->key = key; + init_lsa_StringLarge(&r->logon_server, logon_server); + init_lsa_StringLarge(&r->domain, domain); + r->domain_sid = domain_sid; + r->LMSessKey = LMSessKey; + r->acct_flags = acct_flags; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_SamInfo3(struct netr_SamInfo3 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags, + uint32_t sidcount, + struct netr_SidAttr *sids) +{ + init_netr_SamBaseInfo(&r->base, + last_logon, + last_logoff, + acct_expiry, + last_password_change, + allow_password_change, + force_password_change, + account_name, + full_name, + logon_script, + profile_path, + home_directory, + home_drive, + logon_count, + bad_password_count, + rid, + primary_gid, + groups, + user_flags, + key, + logon_server, + domain, + domain_sid, + LMSessKey, + acct_flags); + r->sidcount = sidcount; + r->sids = sids; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_IdentityInfo(struct netr_IdentityInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation) +{ + init_lsa_String(&r->domain_name, domain_name); + r->parameter_control = parameter_control; + r->logon_id_low = logon_id_low; + r->logon_id_high = logon_id_high; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->workstation, workstation); +} + +/******************************************************************* + inits a structure. + This is a network logon packet. The log_id parameters + are what an NT server would generate for LUID once the + user is logged on. I don't think we care about them. + + Note that this has no access to the NT and LM hashed passwords, + so it forwards the challenge, and the NT and LM responses (24 + bytes each) over the secure channel to the Domain controller + for it to say yea or nay. This is the preferred method of + checking for a logon as it doesn't export the password + hashes to anyone who has compromised the secure channel. JRA. + +********************************************************************/ + +void init_netr_NetworkInfo(struct netr_NetworkInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation, + uint8_t challenge[8], + struct netr_ChallengeResponse nt, + struct netr_ChallengeResponse lm) +{ + init_netr_IdentityInfo(&r->identity_info, + domain_name, + parameter_control, + logon_id_low, + logon_id_high, + account_name, + workstation); + memcpy(r->challenge, challenge, 8); + r->nt = nt; + r->lm = lm; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_PasswordInfo(struct netr_PasswordInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation, + struct samr_Password lmpassword, + struct samr_Password ntpassword) +{ + init_netr_IdentityInfo(&r->identity_info, + domain_name, + parameter_control, + logon_id_low, + logon_id_high, + account_name, + workstation); + r->lmpassword = lmpassword; + r->ntpassword = ntpassword; +} |