summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_lsarpc.c118
-rw-r--r--source3/rpc_client/cli_netlogon.c678
-rw-r--r--source3/rpc_client/cli_svcctl.c211
-rw-r--r--source3/rpc_client/init_lsa.c29
-rw-r--r--source3/rpc_client/init_netlogon.c220
5 files changed, 608 insertions, 648 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index a4c5331008..1fb0205f29 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -128,13 +128,16 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
char **names,
enum lsa_SidType *types)
{
- prs_struct qbuf, rbuf;
- LSA_Q_LOOKUP_SIDS q;
- LSA_R_LOOKUP_SIDS r;
- DOM_R_REF ref;
NTSTATUS result = NT_STATUS_OK;
TALLOC_CTX *tmp_ctx = NULL;
int i;
+ struct lsa_SidArray sid_array;
+ struct lsa_RefDomainList *ref_domains = NULL;
+ struct lsa_TransNameArray lsa_names;
+ uint32_t count = 0;
+ uint16_t level = 1;
+
+ ZERO_STRUCT(lsa_names);
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
@@ -143,38 +146,42 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
goto done;
}
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1);
-
- ZERO_STRUCT(ref);
+ sid_array.num_sids = num_sids;
+ sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
+ if (!sid_array.sids) {
+ return NT_STATUS_NO_MEMORY;
+ }
- r.dom_ref = &ref;
+ for (i = 0; i<num_sids; i++) {
+ sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
+ if (!sid_array.sids[i].sid) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
- CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
- q, r,
- qbuf, rbuf,
- lsa_io_q_lookup_sids,
- lsa_io_r_lookup_sids,
- NT_STATUS_UNSUCCESSFUL );
+ result = rpccli_lsa_LookupSids(cli, mem_ctx,
+ pol,
+ &sid_array,
+ &ref_domains,
+ &lsa_names,
+ level,
+ &count);
DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n",
- nt_errstr(r.status), r.mapped_count));
+ nt_errstr(result), count));
- if (!NT_STATUS_IS_OK(r.status) &&
- !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) &&
- !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED))
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
+ !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
{
/* An actual error occured */
- result = r.status;
goto done;
}
/* Return output parameters */
- if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) ||
- (r.mapped_count == 0))
+ if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
+ (count == 0))
{
for (i = 0; i < num_sids; i++) {
(names)[i] = NULL;
@@ -186,21 +193,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
}
for (i = 0; i < num_sids; i++) {
- fstring name, dom_name;
- uint32 dom_idx = r.names.name[i].domain_idx;
+ const char *name, *dom_name;
+ uint32_t dom_idx = lsa_names.names[i].sid_index;
/* Translate optimised name through domain index array */
if (dom_idx != 0xffffffff) {
- rpcstr_pull_unistr2_fstring(
- dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
- rpcstr_pull_unistr2_fstring(
- name, &r.names.uni_name[i]);
+ dom_name = ref_domains->domains[dom_idx].name.string;
+ name = lsa_names.names[i].name.string;
(names)[i] = talloc_strdup(mem_ctx, name);
(domains)[i] = talloc_strdup(mem_ctx, dom_name);
- (types)[i] = r.names.name[i].sid_name_use;
+ (types)[i] = lsa_names.names[i].sid_type;
if (((names)[i] == NULL) || ((domains)[i] == NULL)) {
DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
@@ -348,29 +353,32 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
DOM_SID **sids,
enum lsa_SidType **types)
{
- prs_struct qbuf, rbuf;
- LSA_Q_LOOKUP_NAMES q;
- LSA_R_LOOKUP_NAMES r;
- DOM_R_REF ref;
NTSTATUS result;
int i;
+ struct lsa_String *lsa_names = NULL;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransSidArray sid_array;
+ uint32_t count = 0;
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- ZERO_STRUCT(ref);
- r.dom_ref = &ref;
+ ZERO_STRUCT(sid_array);
- init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level);
+ lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names);
+ if (!lsa_names) {
+ return NT_STATUS_NO_MEMORY;
+ }
- CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES,
- q, r,
- qbuf, rbuf,
- lsa_io_q_lookup_names,
- lsa_io_r_lookup_names,
- NT_STATUS_UNSUCCESSFUL);
+ for (i=0; i<num_names; i++) {
+ init_lsa_String(&lsa_names[i], names[i]);
+ }
- result = r.status;
+ result = rpccli_lsa_LookupNames(cli, mem_ctx,
+ pol,
+ num_names,
+ lsa_names,
+ &domains,
+ &sid_array,
+ level,
+ &count);
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
@@ -382,7 +390,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
/* Return output parameters */
- if (r.mapped_count == 0) {
+ if (count == 0) {
result = NT_STATUS_NONE_MAPPED;
goto done;
}
@@ -417,9 +425,8 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
}
for (i = 0; i < num_names; i++) {
- DOM_RID *t_rids = r.dom_rid;
- uint32 dom_idx = t_rids[i].rid_idx;
- uint32 dom_rid = t_rids[i].rid;
+ uint32_t dom_idx = sid_array.sids[i].sid_index;
+ uint32_t dom_rid = sid_array.sids[i].rid;
DOM_SID *sid = &(*sids)[i];
/* Translate optimised sid through domain index array */
@@ -431,20 +438,19 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
continue;
}
- sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
+ sid_copy(sid, domains->domains[dom_idx].sid);
if (dom_rid != 0xffffffff) {
sid_append_rid(sid, dom_rid);
}
- (*types)[i] = t_rids[i].type;
+ (*types)[i] = sid_array.sids[i].sid_type;
if (dom_names == NULL) {
continue;
}
- (*dom_names)[i] = rpcstr_pull_unistr2_talloc(
- *dom_names, &ref.ref_dom[dom_idx].uni_dom_name);
+ (*dom_names)[i] = domains->domains[dom_idx].name.string;
}
done:
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index f15340ffec..91e27c5d85 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
NT Domain Authentication SMB / MSRPC client
Copyright (C) Andrew Tridgell 1992-2000
@@ -9,12 +9,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -27,57 +27,19 @@
private data. Only call this via rpccli_netlogon_setup_creds(). JRA.
*/
-static NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- const char *server_name,
- const char *clnt_name,
- const DOM_CHAL *clnt_chal_in,
- DOM_CHAL *srv_chal_out)
-{
- prs_struct qbuf, rbuf;
- NET_Q_REQ_CHAL q;
- NET_R_REQ_CHAL r;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- /* create and send a MSRPC command with api NET_REQCHAL */
-
- DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n",
- clnt_name, server_name));
-
- /* store the parameters */
- init_q_req_chal(&q, server_name, clnt_name, clnt_chal_in);
-
- /* Marshall data and send request */
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_REQCHAL,
- q, r,
- qbuf, rbuf,
- net_io_q_req_chal,
- net_io_r_req_chal,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- /* Return result */
-
- if (NT_STATUS_IS_OK(result)) {
- /* Store the returned server challenge. */
- *srv_chal_out = r.srv_chal;
- }
-
- return result;
-}
+/* instead of rpccli_net_req_chal() we use rpccli_netr_ServerReqChallenge() now - gd */
#if 0
/****************************************************************************
LSA Authenticate 2
Send the client credential, receive back a server credential.
-Ensure that the server credential returned matches the session key
+Ensure that the server credential returned matches the session key
encrypt of the server challenge originally received. JRA.
****************************************************************************/
- NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
- uint16 sec_chan,
+ NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
+ uint16 sec_chan,
uint32 *neg_flags, DOM_CHAL *srv_chal)
{
prs_struct qbuf, rbuf;
@@ -90,7 +52,7 @@ encrypt of the server challenge originally received. JRA.
fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
else
fstrcpy( machine_acct, cli->mach_acct );
-
+
/* create and send a MSRPC command with api NET_AUTH2 */
DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
@@ -99,8 +61,8 @@ encrypt of the server challenge originally received. JRA.
/* store the parameters */
- init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
- sec_chan, global_myname(), &cli->clnt_cred.challenge,
+ init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
+ sec_chan, global_myname(), &cli->clnt_cred.challenge,
*neg_flags);
/* turn parameters into data stream */
@@ -116,7 +78,7 @@ encrypt of the server challenge originally received. JRA.
if (NT_STATUS_IS_OK(result)) {
UTIME zerotime;
-
+
/*
* Check the returned value using the initial
* server received challenge.
@@ -143,106 +105,12 @@ password ?).\n", cli->cli->desthost ));
LSA Authenticate 2
Send the client credential, receive back a server credential.
- The caller *must* ensure that the server credential returned matches the session key
+ The caller *must* ensure that the server credential returned matches the session key
encrypt of the server challenge originally received. JRA.
****************************************************************************/
-static NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- const char *server_name,
- const char *account_name,
- uint16 sec_chan_type,
- const char *computer_name,
- uint32 *neg_flags_inout,
- const DOM_CHAL *clnt_chal_in,
- DOM_CHAL *srv_chal_out)
-{
- prs_struct qbuf, rbuf;
- NET_Q_AUTH_2 q;
- NET_R_AUTH_2 r;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- /* create and send a MSRPC command with api NET_AUTH2 */
+/* instead of rpccli_net_auth2() we use rpccli_netr_ServerAuthenticate2() now - gd */
- DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
- server_name, account_name, sec_chan_type, computer_name,
- *neg_flags_inout));
-
- /* store the parameters */
-
- init_q_auth_2(&q, server_name, account_name, sec_chan_type,
- computer_name, clnt_chal_in, *neg_flags_inout);
-
- /* turn parameters into data stream */
-
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
- q, r,
- qbuf, rbuf,
- net_io_q_auth_2,
- net_io_r_auth_2,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (NT_STATUS_IS_OK(result)) {
- *srv_chal_out = r.srv_chal;
- *neg_flags_inout = r.srv_flgs.neg_flags;
- }
-
- return result;
-}
-
-#if 0 /* not currebntly used */
-/****************************************************************************
- LSA Authenticate 3
-
- Send the client credential, receive back a server credential.
- The caller *must* ensure that the server credential returned matches the session key
- encrypt of the server challenge originally received. JRA.
-****************************************************************************/
-
-static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- const char *server_name,
- const char *account_name,
- uint16 sec_chan_type,
- const char *computer_name,
- uint32 *neg_flags_inout,
- const DOM_CHAL *clnt_chal_in,
- DOM_CHAL *srv_chal_out)
-{
- prs_struct qbuf, rbuf;
- NET_Q_AUTH_3 q;
- NET_R_AUTH_3 r;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
- /* create and send a MSRPC command with api NET_AUTH2 */
-
- DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
- server_name, account_name, sec_chan_type, computer_name,
- credstr(clnt_chal_in->data), *neg_flags_inout));
-
- /* store the parameters */
- init_q_auth_3(&q, server_name, account_name, sec_chan_type,
- computer_name, clnt_chal_in, *neg_flags_inout);
-
- /* turn parameters into data stream */
-
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH3,
- q, r,
- qbuf, rbuf,
- net_io_q_auth_3,
- net_io_r_auth_3,
- NT_STATUS_UNSUCCESSFUL);
-
- if (NT_STATUS_IS_OK(result)) {
- *srv_chal_out = r.srv_chal;
- *neg_flags_inout = r.srv_flgs.neg_flags;
- }
-
- return result;
-}
-#endif /* not currebntly used */
/****************************************************************************
Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
@@ -251,17 +119,17 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
****************************************************************************/
NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
- const char *server_name,
- const char *domain,
- const char *clnt_name,
- const char *machine_account,
- const unsigned char machine_pwd[16],
- uint32 sec_chan_type,
- uint32 *neg_flags_inout)
+ const char *server_name,
+ const char *domain,
+ const char *clnt_name,
+ const char *machine_account,
+ const unsigned char machine_pwd[16],
+ enum netr_SchannelType sec_chan_type,
+ uint32_t *neg_flags_inout)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- DOM_CHAL clnt_chal_send;
- DOM_CHAL srv_chal_recv;
+ struct netr_Credential clnt_chal_send;
+ struct netr_Credential srv_chal_recv;
struct dcinfo *dc;
SMB_ASSERT(cli->pipe_idx == PI_NETLOGON);
@@ -288,13 +156,11 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
generate_random_buffer(clnt_chal_send.data, 8);
/* Get the server challenge. */
- result = rpccli_net_req_chal(cli,
- cli->mem_ctx,
- dc->remote_machine,
- clnt_name,
- &clnt_chal_send,
- &srv_chal_recv);
-
+ result = rpccli_netr_ServerReqChallenge(cli, cli->mem_ctx,
+ dc->remote_machine,
+ clnt_name,
+ &clnt_chal_send,
+ &srv_chal_recv);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -307,20 +173,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
machine_pwd,
&clnt_chal_send);
- /*
- * Send client auth-2 challenge and receive server repy.
- */
-
- result = rpccli_net_auth2(cli,
- cli->mem_ctx,
- dc->remote_machine,
- dc->mach_acct,
- sec_chan_type,
- clnt_name,
- neg_flags_inout,
- &clnt_chal_send, /* input. */
- &srv_chal_recv); /* output */
+ /*
+ * Send client auth-2 challenge and receive server repy.
+ */
+ result = rpccli_netr_ServerAuthenticate2(cli, cli->mem_ctx,
+ dc->remote_machine,
+ dc->mach_acct,
+ sec_chan_type,
+ clnt_name,
+ &clnt_chal_send, /* input. */
+ &srv_chal_recv, /* output. */
+ neg_flags_inout);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -330,7 +194,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
* server received challenge.
*/
- if (!creds_client_check(dc, &srv_chal_recv)) {
+ if (!netlogon_creds_client_check(dc, &srv_chal_recv)) {
/*
* Server replied with bad credential. Fail.
*/
@@ -358,20 +222,23 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
const char *workstation,
int logon_type)
{
- prs_struct qbuf, rbuf;
- NET_Q_SAM_LOGON q;
- NET_R_SAM_LOGON r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- DOM_CRED clnt_creds;
- DOM_CRED ret_creds;
- NET_ID_INFO_CTR ctr;
- NET_USER_INFO_3 user;
- int validation_level = 3;
+ struct netr_Authenticator clnt_creds;
+ struct netr_Authenticator ret_creds;
+ union netr_LogonLevel *logon;
+ union netr_Validation validation;
+ uint8_t authoritative;
+ int validation_level = 3;
fstring clnt_name_slash;
+ uint8 zeros[16];
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
ZERO_STRUCT(ret_creds);
+ ZERO_STRUCT(zeros);
+
+ logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
+ if (!logon) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (workstation) {
fstr_sprintf( clnt_name_slash, "\\\\%s", workstation );
@@ -379,85 +246,143 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() );
}
- /* Initialise input parameters */
+ /* Initialise input parameters */
- creds_client_step(cli->dc, &clnt_creds);
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
- q.validation_level = validation_level;
+ switch (logon_type) {
+ case INTERACTIVE_LOGON_TYPE: {
- ctr.switch_value = logon_type;
+ struct netr_PasswordInfo *password_info;
- switch (logon_type) {
- case INTERACTIVE_LOGON_TYPE: {
- unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
+ struct samr_Password lmpassword;
+ struct samr_Password ntpassword;
- nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
+ unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
- init_id_info1(&ctr.auth.id1, domain,
- logon_parameters, /* param_ctrl */
- 0xdead, 0xbeef, /* LUID? */
- username, clnt_name_slash,
- (const char *)cli->dc->sess_key, lm_owf_user_pwd,
- nt_owf_user_pwd);
+ unsigned char lm_owf[16];
+ unsigned char nt_owf[16];
+ unsigned char key[16];
- break;
- }
- case NET_LOGON_TYPE: {
- uint8 chal[8];
- unsigned char local_lm_response[24];
- unsigned char local_nt_response[24];
-
- generate_random_buffer(chal, 8);
-
- SMBencrypt(password, chal, local_lm_response);
- SMBNTencrypt(password, chal, local_nt_response);
-
- init_id_info2(&ctr.auth.id2, domain,
- logon_parameters, /* param_ctrl */
- 0xdead, 0xbeef, /* LUID? */
- username, clnt_name_slash, chal,
- local_lm_response, 24, local_nt_response, 24);
- break;
- }
- default:
- DEBUG(0, ("switch value %d not supported\n",
- ctr.switch_value));
- return NT_STATUS_INVALID_INFO_CLASS;
- }
+ password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo);
+ if (!password_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
- r.user = &user;
+ nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
- init_sam_info(&q.sam_id, cli->dc->remote_machine, global_myname(),
- &clnt_creds, &ret_creds, logon_type,
- &ctr);
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm cypher:"));
+ dump_data(100, lm_owf_user_pwd, 16);
- /* Marshall data and send request */
+ DEBUG(100,("nt cypher:"));
+ dump_data(100, nt_owf_user_pwd, 16);
+#endif
+ memset(key, 0, 16);
+ memcpy(key, cli->dc->sess_key, 8);
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
- q, r,
- qbuf, rbuf,
- net_io_q_sam_logon,
- net_io_r_sam_logon,
- NT_STATUS_UNSUCCESSFUL);
+ memcpy(lm_owf, lm_owf_user_pwd, 16);
+ SamOEMhash(lm_owf, key, 16);
+ memcpy(nt_owf, nt_owf_user_pwd, 16);
+ SamOEMhash(nt_owf, key, 16);
- /* Return results */
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("encrypt of lm owf password:"));
+ dump_data(100, lm_owf, 16);
- result = r.status;
+ DEBUG(100,("encrypt of nt owf password:"));
+ dump_data(100, nt_owf, 16);
+#endif
+ memcpy(lmpassword.hash, lm_owf, 16);
+ memcpy(ntpassword.hash, nt_owf, 16);
+
+ init_netr_PasswordInfo(password_info,
+ domain,
+ logon_parameters,
+ 0xdead,
+ 0xbeef,
+ username,
+ clnt_name_slash,
+ lmpassword,
+ ntpassword);
+
+ logon->password = password_info;
+
+ break;
+ }
+ case NET_LOGON_TYPE: {
+ struct netr_NetworkInfo *network_info;
+ uint8 chal[8];
+ unsigned char local_lm_response[24];
+ unsigned char local_nt_response[24];
+ struct netr_ChallengeResponse lm;
+ struct netr_ChallengeResponse nt;
+
+ ZERO_STRUCT(lm);
+ ZERO_STRUCT(nt);
+
+ network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
+ if (!network_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ generate_random_buffer(chal, 8);
+
+ SMBencrypt(password, chal, local_lm_response);
+ SMBNTencrypt(password, chal, local_nt_response);
- if (r.buffer_creds) {
+ lm.length = 24;
+ lm.data = local_lm_response;
+
+ nt.length = 24;
+ nt.data = local_nt_response;
+
+ init_netr_NetworkInfo(network_info,
+ domain,
+ logon_parameters,
+ 0xdead,
+ 0xbeef,
+ username,
+ clnt_name_slash,
+ chal,
+ nt,
+ lm);
+
+ logon->network = network_info;
+
+ break;
+ }
+ default:
+ DEBUG(0, ("switch value %d not supported\n",
+ logon_type));
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ result = rpccli_netr_LogonSamLogon(cli, mem_ctx,
+ cli->dc->remote_machine,
+ global_myname(),
+ &clnt_creds,
+ &ret_creds,
+ logon_type,
+ logon,
+ validation_level,
+ &validation,
+ &authoritative);
+
+ if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
/* Check returned credentials if present. */
- if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
+ if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
}
- return result;
+ return result;
}
-/**
- * Logon domain user with an 'network' SAM logon
+/**
+ * Logon domain user with an 'network' SAM logon
*
* @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
**/
@@ -468,31 +393,47 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
const char *server,
const char *username,
const char *domain,
- const char *workstation,
- const uint8 chal[8],
+ const char *workstation,
+ const uint8 chal[8],
DATA_BLOB lm_response,
DATA_BLOB nt_response,
- NET_USER_INFO_3 *info3)
+ struct netr_SamInfo3 **info3)
{
- prs_struct qbuf, rbuf;
- NET_Q_SAM_LOGON q;
- NET_R_SAM_LOGON r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- NET_ID_INFO_CTR ctr;
int validation_level = 3;
const char *workstation_name_slash;
const char *server_name_slash;
uint8 zeros[16];
- DOM_CRED clnt_creds;
- DOM_CRED ret_creds;
- int i;
+ struct netr_Authenticator clnt_creds;
+ struct netr_Authenticator ret_creds;
+ union netr_LogonLevel *logon = NULL;
+ struct netr_NetworkInfo *network_info;
+ uint8_t authoritative;
+ union netr_Validation validation;
+ struct netr_ChallengeResponse lm;
+ struct netr_ChallengeResponse nt;
+ struct netr_UserSessionKey user_session_key;
+ struct netr_LMSessionKey lmsesskey;
+
+ *info3 = NULL;
ZERO_STRUCT(zeros);
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
ZERO_STRUCT(ret_creds);
- creds_client_step(cli->dc, &clnt_creds);
+ ZERO_STRUCT(lm);
+ ZERO_STRUCT(nt);
+
+ logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
+ if (!logon) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
+ if (!network_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ netlogon_creds_client_step(cli->dc, &clnt_creds);
if (server[0] != '\\' && server[1] != '\\') {
server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
@@ -513,60 +454,62 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
/* Initialise input parameters */
- q.validation_level = validation_level;
-
- ctr.switch_value = NET_LOGON_TYPE;
+ lm.data = lm_response.data;
+ lm.length = lm_response.length;
+ nt.data = nt_response.data;
+ nt.length = nt_response.length;
- init_id_info2(&ctr.auth.id2, domain,
- logon_parameters, /* param_ctrl */
- 0xdead, 0xbeef, /* LUID? */
- username, workstation_name_slash, (const uchar*)chal,
- lm_response.data, lm_response.length, nt_response.data, nt_response.length);
-
- init_sam_info(&q.sam_id, server_name_slash, global_myname(),
- &clnt_creds, &ret_creds, NET_LOGON_TYPE,
- &ctr);
+ init_netr_NetworkInfo(network_info,
+ domain,
+ logon_parameters,
+ 0xdead,
+ 0xbeef,
+ username,
+ workstation_name_slash,
+ (uint8_t *) chal,
+ nt,
+ lm);
- r.user = info3;
+ logon->network = network_info;
- /* Marshall data and send request */
-
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
- q, r,
- qbuf, rbuf,
- net_io_q_sam_logon,
- net_io_r_sam_logon,
- NT_STATUS_UNSUCCESSFUL);
+ /* Marshall data and send request */
- if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
- SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
- } else {
- memset(info3->user_sess_key, '\0', 16);
+ result = rpccli_netr_LogonSamLogon(cli, mem_ctx,
+ server_name_slash,
+ global_myname(),
+ &clnt_creds,
+ &ret_creds,
+ NET_LOGON_TYPE,
+ logon,
+ validation_level,
+ &validation,
+ &authoritative);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
}
- if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
- SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
- } else {
- memset(info3->lm_sess_key, '\0', 8);
- }
+ user_session_key = validation.sam3->base.key;
+ lmsesskey = validation.sam3->base.LMSessKey;
- for (i=0; i < 7; i++) {
- memset(&info3->unknown[i], '\0', 4);
+ if (memcmp(zeros, user_session_key.key, 16) != 0) {
+ SamOEMhash(user_session_key.key, cli->dc->sess_key, 16);
}
- /* Return results */
-
- result = r.status;
+ if (memcmp(zeros, lmsesskey.key, 8) != 0) {
+ SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8);
+ }
- if (r.buffer_creds) {
+ if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
/* Check returned credentials if present. */
- if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
+ if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
return NT_STATUS_ACCESS_DENIED;
}
}
- return result;
+ *info3 = validation.sam3;
+
+ return result;
}
NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
@@ -575,26 +518,43 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
const char *server,
const char *username,
const char *domain,
- const char *workstation,
- const uint8 chal[8],
+ const char *workstation,
+ const uint8 chal[8],
DATA_BLOB lm_response,
DATA_BLOB nt_response,
- NET_USER_INFO_3 *info3)
+ struct netr_SamInfo3 **info3)
{
- prs_struct qbuf, rbuf;
- NET_Q_SAM_LOGON_EX q;
- NET_R_SAM_LOGON_EX r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- NET_ID_INFO_CTR ctr;
int validation_level = 3;
const char *workstation_name_slash;
const char *server_name_slash;
uint8 zeros[16];
- int i;
+ union netr_LogonLevel *logon = NULL;
+ struct netr_NetworkInfo *network_info;
+ uint8_t authoritative;
+ union netr_Validation validation;
+ struct netr_ChallengeResponse lm;
+ struct netr_ChallengeResponse nt;
+ struct netr_UserSessionKey user_session_key;
+ struct netr_LMSessionKey lmsesskey;
+ uint32_t flags = 0;
+
+ *info3 = NULL;
ZERO_STRUCT(zeros);
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
+
+ ZERO_STRUCT(lm);
+ ZERO_STRUCT(nt);
+
+ logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
+ if (!logon) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
+ if (!network_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (server[0] != '\\' && server[1] != '\\') {
server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
@@ -615,97 +575,53 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
/* Initialise input parameters */
- q.validation_level = validation_level;
-
- ctr.switch_value = NET_LOGON_TYPE;
+ lm.data = lm_response.data;
+ lm.length = lm_response.length;
+ nt.data = nt_response.data;
+ nt.length = nt_response.length;
- init_id_info2(&ctr.auth.id2, domain,
- logon_parameters, /* param_ctrl */
- 0xdead, 0xbeef, /* LUID? */
- username, workstation_name_slash, (const uchar*)chal,
- lm_response.data, lm_response.length, nt_response.data,
- nt_response.length);
-
- init_sam_info_ex(&q.sam_id, server_name_slash, global_myname(),
- NET_LOGON_TYPE, &ctr);
+ init_netr_NetworkInfo(network_info,
+ domain,
+ logon_parameters,
+ 0xdead,
+ 0xbeef,
+ username,
+ workstation_name_slash,
+ (uint8_t *) chal,
+ nt,
+ lm);
- r.user = info3;
+ logon->network = network_info;
/* Marshall data and send request */
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON_EX,
- q, r, qbuf, rbuf,
- net_io_q_sam_logon_ex,
- net_io_r_sam_logon_ex,
- NT_STATUS_UNSUCCESSFUL);
-
- if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
- SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
- } else {
- memset(info3->user_sess_key, '\0', 16);
+ result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx,
+ server_name_slash,
+ global_myname(),
+ NET_LOGON_TYPE,
+ logon,
+ validation_level,
+ &validation,
+ &authoritative,
+ &flags);
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
}
- if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
- SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
- } else {
- memset(info3->lm_sess_key, '\0', 8);
- }
+ user_session_key = validation.sam3->base.key;
+ lmsesskey = validation.sam3->base.LMSessKey;
- for (i=0; i < 7; i++) {
- memset(&info3->unknown[i], '\0', 4);
+ if (memcmp(zeros, user_session_key.key, 16) != 0) {
+ SamOEMhash(user_session_key.key, cli->dc->sess_key, 16);
}
- /* Return results */
-
- result = r.status;
-
- return result;
-}
-
-/***************************************************************************
-LSA Server Password Set.
-****************************************************************************/
-
-NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- const char *machine_name, const uint8 hashed_mach_pwd[16])
-{
- prs_struct rbuf;
- prs_struct qbuf;
- DOM_CRED clnt_creds;
- NET_Q_SRV_PWSET q;
- NET_R_SRV_PWSET r;
- uint16 sec_chan_type = 2;
- NTSTATUS result;
-
- creds_client_step(cli->dc, &clnt_creds);
-
- DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n",
- cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
-
- /* store the parameters */
- init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
- cli->dc->mach_acct, sec_chan_type, machine_name,
- &clnt_creds, hashed_mach_pwd);
-
- CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET,
- q, r,
- qbuf, rbuf,
- net_io_q_srv_pwset,
- net_io_r_srv_pwset,
- NT_STATUS_UNSUCCESSFUL);
-
- result = r.status;
-
- if (!NT_STATUS_IS_OK(result)) {
- /* report error code */
- DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
+ if (memcmp(zeros, lmsesskey.key, 8) != 0) {
+ SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8);
}
- /* Always check returned credentials. */
- if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
- DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
+ *info3 = validation.sam3;
return result;
+
+ return result;
}
diff --git a/source3/rpc_client/cli_svcctl.c b/source3/rpc_client/cli_svcctl.c
index 95673c1565..b21909fd03 100644
--- a/source3/rpc_client/cli_svcctl.c
+++ b/source3/rpc_client/cli_svcctl.c
@@ -57,81 +57,6 @@ const char* svc_status_string( uint32 state )
return talloc_strdup(talloc_tos(), msg);
}
-/********************************************************************
-********************************************************************/
-
-WERROR rpccli_svcctl_open_scm(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *hSCM, uint32 access_desired )
-{
- SVCCTL_Q_OPEN_SCMANAGER in;
- SVCCTL_R_OPEN_SCMANAGER out;
- prs_struct qbuf, rbuf;
- fstring server;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- /* leave the database name NULL to get the default service db */
-
- in.database = NULL;
-
- /* set the server name */
-
- if ( !(in.servername = TALLOC_P( mem_ctx, UNISTR2 )) )
- return WERR_NOMEM;
- fstr_sprintf( server, "\\\\%s", cli->cli->desthost );
- init_unistr2( in.servername, server, UNI_STR_TERMINATE );
-
- in.access = access_desired;
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SCMANAGER_W,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_open_scmanager,
- svcctl_io_r_open_scmanager,
- WERR_GENERAL_FAILURE );
-
- if ( !W_ERROR_IS_OK( out.status ) )
- return out.status;
-
- memcpy( hSCM, &out.handle, sizeof(POLICY_HND) );
-
- return out.status;
-}
-
-/********************************************************************
-********************************************************************/
-
-WERROR rpccli_svcctl_open_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *hSCM, POLICY_HND *hService,
- const char *servicename, uint32 access_desired )
-{
- SVCCTL_Q_OPEN_SERVICE in;
- SVCCTL_R_OPEN_SERVICE out;
- prs_struct qbuf, rbuf;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- memcpy( &in.handle, hSCM, sizeof(POLICY_HND) );
- init_unistr2( &in.servicename, servicename, UNI_STR_TERMINATE );
- in.access = access_desired;
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SERVICE_W,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_open_service,
- svcctl_io_r_open_service,
- WERR_GENERAL_FAILURE );
-
- if ( !W_ERROR_IS_OK( out.status ) )
- return out.status;
-
- memcpy( hService, &out.handle, sizeof(POLICY_HND) );
-
- return out.status;
-}
-
/*******************************************************************
*******************************************************************/
@@ -204,36 +129,6 @@ WERROR rpccli_svcctl_enumerate_services( struct rpc_pipe_client *cli, TALLOC_CTX
/*******************************************************************
*******************************************************************/
-WERROR rpccli_svcctl_query_status( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *hService, SERVICE_STATUS *status )
-{
- SVCCTL_Q_QUERY_STATUS in;
- SVCCTL_R_QUERY_STATUS out;
- prs_struct qbuf, rbuf;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- memcpy( &in.handle, hService, sizeof(POLICY_HND) );
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_QUERY_STATUS,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_query_status,
- svcctl_io_r_query_status,
- WERR_GENERAL_FAILURE );
-
- if ( !W_ERROR_IS_OK( out.status ) )
- return out.status;
-
- memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) );
-
- return out.status;
-}
-
-/*******************************************************************
-*******************************************************************/
-
WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *hService, SERVICE_CONFIG *config )
{
@@ -304,109 +199,3 @@ WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
return out.status;
}
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR rpccli_svcctl_start_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *hService,
- const char **parm_array, uint32 parmcount )
-{
- SVCCTL_Q_START_SERVICE in;
- SVCCTL_R_START_SERVICE out;
- prs_struct qbuf, rbuf;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- memcpy( &in.handle, hService, sizeof(POLICY_HND) );
-
- in.parmcount = 0;
- in.parameters = NULL;
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_START_SERVICE_W,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_start_service,
- svcctl_io_r_start_service,
- WERR_GENERAL_FAILURE );
-
- return out.status;
-}
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR rpccli_svcctl_control_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *hService, uint32 control,
- SERVICE_STATUS *status )
-{
- SVCCTL_Q_CONTROL_SERVICE in;
- SVCCTL_R_CONTROL_SERVICE out;
- prs_struct qbuf, rbuf;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- memcpy( &in.handle, hService, sizeof(POLICY_HND) );
- in.control = control;
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_CONTROL_SERVICE,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_control_service,
- svcctl_io_r_control_service,
- WERR_GENERAL_FAILURE );
-
- if ( !W_ERROR_IS_OK( out.status ) )
- return out.status;
-
- memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) );
-
- return out.status;
-}
-
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR rpccli_svcctl_get_dispname( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
- POLICY_HND *hService, fstring displayname )
-{
- SVCCTL_Q_GET_DISPLAY_NAME in;
- SVCCTL_R_GET_DISPLAY_NAME out;
- prs_struct qbuf, rbuf;
-
- ZERO_STRUCT(in);
- ZERO_STRUCT(out);
-
- memcpy( &in.handle, hService, sizeof(POLICY_HND) );
- in.display_name_len = 0;
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_get_display_name,
- svcctl_io_r_get_display_name,
- WERR_GENERAL_FAILURE );
-
- /* second time with correct buffer size...should be ok */
-
- if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) {
- in.display_name_len = out.display_name_len;
-
- CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME,
- in, out,
- qbuf, rbuf,
- svcctl_io_q_get_display_name,
- svcctl_io_r_get_display_name,
- WERR_GENERAL_FAILURE );
- }
-
- if ( !W_ERROR_IS_OK( out.status ) )
- return out.status;
-
- rpcstr_pull( displayname, out.displayname.buffer, sizeof(displayname), -1, STR_TERMINATE );
-
- return out.status;
-}
diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c
index 114e435945..fce382ed1b 100644
--- a/source3/rpc_client/init_lsa.c
+++ b/source3/rpc_client/init_lsa.c
@@ -86,3 +86,32 @@ void init_lsa_obj_attr(struct lsa_ObjectAttribute *r,
r->sec_qos = sec_qos;
}
+/*******************************************************************
+ Inits a lsa_TranslatedSid structure.
+********************************************************************/
+
+void init_lsa_translated_sid(struct lsa_TranslatedSid *r,
+ enum lsa_SidType sid_type,
+ uint32_t rid,
+ uint32_t sid_index)
+{
+ r->sid_type = sid_type;
+ r->rid = rid;
+ r->sid_index = sid_index;
+}
+
+/*******************************************************************
+ Inits a lsa_TranslatedName2 structure.
+********************************************************************/
+
+void init_lsa_translated_name2(struct lsa_TranslatedName2 *r,
+ enum lsa_SidType sid_type,
+ const char *name,
+ uint32_t sid_index,
+ uint32_t unknown)
+{
+ r->sid_type = sid_type;
+ init_lsa_String(&r->name, name);
+ r->sid_index = sid_index;
+ r->unknown = unknown;
+}
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
new file mode 100644
index 0000000000..62f1fac626
--- /dev/null
+++ b/source3/rpc_client/init_netlogon.c
@@ -0,0 +1,220 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * RPC Pipe client / server routines
+ * Copyright (C) Guenther Deschner 2008.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_SamBaseInfo(struct netr_SamBaseInfo *r,
+ NTTIME last_logon,
+ NTTIME last_logoff,
+ NTTIME acct_expiry,
+ NTTIME last_password_change,
+ NTTIME allow_password_change,
+ NTTIME force_password_change,
+ const char *account_name,
+ const char *full_name,
+ const char *logon_script,
+ const char *profile_path,
+ const char *home_directory,
+ const char *home_drive,
+ uint16_t logon_count,
+ uint16_t bad_password_count,
+ uint32_t rid,
+ uint32_t primary_gid,
+ struct samr_RidWithAttributeArray groups,
+ uint32_t user_flags,
+ struct netr_UserSessionKey key,
+ const char *logon_server,
+ const char *domain,
+ struct dom_sid2 *domain_sid,
+ struct netr_LMSessionKey LMSessKey,
+ uint32_t acct_flags)
+{
+ r->last_logon = last_logon;
+ r->last_logoff = last_logoff;
+ r->acct_expiry = acct_expiry;
+ r->last_password_change = last_password_change;
+ r->allow_password_change = allow_password_change;
+ r->force_password_change = force_password_change;
+ init_lsa_String(&r->account_name, account_name);
+ init_lsa_String(&r->full_name, full_name);
+ init_lsa_String(&r->logon_script, logon_script);
+ init_lsa_String(&r->profile_path, profile_path);
+ init_lsa_String(&r->home_directory, home_directory);
+ init_lsa_String(&r->home_drive, home_drive);
+ r->logon_count = logon_count;
+ r->bad_password_count = bad_password_count;
+ r->rid = rid;
+ r->primary_gid = primary_gid;
+ r->groups = groups;
+ r->user_flags = user_flags;
+ r->key = key;
+ init_lsa_StringLarge(&r->logon_server, logon_server);
+ init_lsa_StringLarge(&r->domain, domain);
+ r->domain_sid = domain_sid;
+ r->LMSessKey = LMSessKey;
+ r->acct_flags = acct_flags;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_SamInfo3(struct netr_SamInfo3 *r,
+ NTTIME last_logon,
+ NTTIME last_logoff,
+ NTTIME acct_expiry,
+ NTTIME last_password_change,
+ NTTIME allow_password_change,
+ NTTIME force_password_change,
+ const char *account_name,
+ const char *full_name,
+ const char *logon_script,
+ const char *profile_path,
+ const char *home_directory,
+ const char *home_drive,
+ uint16_t logon_count,
+ uint16_t bad_password_count,
+ uint32_t rid,
+ uint32_t primary_gid,
+ struct samr_RidWithAttributeArray groups,
+ uint32_t user_flags,
+ struct netr_UserSessionKey key,
+ const char *logon_server,
+ const char *domain,
+ struct dom_sid2 *domain_sid,
+ struct netr_LMSessionKey LMSessKey,
+ uint32_t acct_flags,
+ uint32_t sidcount,
+ struct netr_SidAttr *sids)
+{
+ init_netr_SamBaseInfo(&r->base,
+ last_logon,
+ last_logoff,
+ acct_expiry,
+ last_password_change,
+ allow_password_change,
+ force_password_change,
+ account_name,
+ full_name,
+ logon_script,
+ profile_path,
+ home_directory,
+ home_drive,
+ logon_count,
+ bad_password_count,
+ rid,
+ primary_gid,
+ groups,
+ user_flags,
+ key,
+ logon_server,
+ domain,
+ domain_sid,
+ LMSessKey,
+ acct_flags);
+ r->sidcount = sidcount;
+ r->sids = sids;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_IdentityInfo(struct netr_IdentityInfo *r,
+ const char *domain_name,
+ uint32_t parameter_control,
+ uint32_t logon_id_low,
+ uint32_t logon_id_high,
+ const char *account_name,
+ const char *workstation)
+{
+ init_lsa_String(&r->domain_name, domain_name);
+ r->parameter_control = parameter_control;
+ r->logon_id_low = logon_id_low;
+ r->logon_id_high = logon_id_high;
+ init_lsa_String(&r->account_name, account_name);
+ init_lsa_String(&r->workstation, workstation);
+}
+
+/*******************************************************************
+ inits a structure.
+ This is a network logon packet. The log_id parameters
+ are what an NT server would generate for LUID once the
+ user is logged on. I don't think we care about them.
+
+ Note that this has no access to the NT and LM hashed passwords,
+ so it forwards the challenge, and the NT and LM responses (24
+ bytes each) over the secure channel to the Domain controller
+ for it to say yea or nay. This is the preferred method of
+ checking for a logon as it doesn't export the password
+ hashes to anyone who has compromised the secure channel. JRA.
+
+********************************************************************/
+
+void init_netr_NetworkInfo(struct netr_NetworkInfo *r,
+ const char *domain_name,
+ uint32_t parameter_control,
+ uint32_t logon_id_low,
+ uint32_t logon_id_high,
+ const char *account_name,
+ const char *workstation,
+ uint8_t challenge[8],
+ struct netr_ChallengeResponse nt,
+ struct netr_ChallengeResponse lm)
+{
+ init_netr_IdentityInfo(&r->identity_info,
+ domain_name,
+ parameter_control,
+ logon_id_low,
+ logon_id_high,
+ account_name,
+ workstation);
+ memcpy(r->challenge, challenge, 8);
+ r->nt = nt;
+ r->lm = lm;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
+ const char *domain_name,
+ uint32_t parameter_control,
+ uint32_t logon_id_low,
+ uint32_t logon_id_high,
+ const char *account_name,
+ const char *workstation,
+ struct samr_Password lmpassword,
+ struct samr_Password ntpassword)
+{
+ init_netr_IdentityInfo(&r->identity_info,
+ domain_name,
+ parameter_control,
+ logon_id_low,
+ logon_id_high,
+ account_name,
+ workstation);
+ r->lmpassword = lmpassword;
+ r->ntpassword = ntpassword;
+}
generated by cgit (git 2.34.1) at 2024-09-24 22:24:36 +0000