summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c10
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c2
-rw-r--r--source3/rpc_server/srv_samr.c244
3 files changed, 204 insertions, 52 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index ec5b547c86..54d26650e9 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -211,8 +211,16 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
uchar nt_owf[24];
struct smb_passwd *smb_pass = NULL;
+ user_struct *vuser = get_valid_user_struct(p->vuid);
+
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
+ if (vuser == NULL)
+ {
+ DEBUG(0,("get user struct %d failed\n", p->vuid));
+ return False;
+ }
+
if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
@@ -256,7 +264,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
become_root(True);
p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
(uchar*)p->ntlmssp_chal.challenge,
- lm_owf, nt_owf, NULL);
+ lm_owf, nt_owf, NULL, vuser->dc.user_sess_key);
smb_pass = getsmbpwnam(p->user_name);
unbecome_root(True);
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 531fcf6add..4361c0772e 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -140,7 +140,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
p->ntlmssp_auth = False;
fstrcpy(p->name, pipe_name);
-
+
DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
pipe_name, i, pipes_open));
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 2dd7801e81..2437163f2b 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -1944,6 +1944,27 @@ static void samr_reply_query_userinfo(SAMR_Q_QUERY_USERINFO *q_u,
}
/*******************************************************************
+ set_user_info_23
+ ********************************************************************/
+static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
+{
+ static struct sam_passwd *pwd;
+ fstring new_pw;
+ if (!decode_pw_buffer(id23->pass, new_pw, sizeof(new_pw), True))
+ {
+ return False;
+ }
+#ifdef DEBUG_PASSWORD
+ DEBUG(0,("New Password: %s\n", new_pw));
+#endif
+#if 0
+ return mod_sam21pwd_entry(&pwd, True);
+#else
+ return True;
+#endif
+}
+
+/*******************************************************************
api_samr_query_userinfo
********************************************************************/
static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
@@ -1955,6 +1976,87 @@ static void api_samr_query_userinfo( uint16 vuid, prs_struct *data, prs_struct *
/*******************************************************************
+ samr_reply_set_userinfo
+ ********************************************************************/
+static void samr_reply_set_userinfo(SAMR_Q_SET_USERINFO *q_u,
+ prs_struct *rdata, uchar user_sess_key[16])
+{
+ SAMR_R_SET_USERINFO r_u;
+
+ uint32 status = 0x0;
+ uint32 rid = 0x0;
+
+ DEBUG(5,("samr_reply_set_userinfo: %d\n", __LINE__));
+
+ /* search for the handle */
+ if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+
+ /* find the user's rid */
+ if (status == 0x0 && (rid = get_lsa_policy_samr_rid(&(q_u->pol))) == 0xffffffff)
+ {
+ status = 0xC0000000 | NT_STATUS_OBJECT_TYPE_MISMATCH;
+ }
+
+ DEBUG(5,("samr_reply_set_userinfo: rid:0x%x\n", rid));
+
+ /* ok! user info levels (there are lots: see MSDEV help), off we go... */
+ if (status == 0x0)
+ {
+ switch (q_u->switch_value)
+ {
+ case 23:
+ {
+ SAM_USER_INFO_23 *id23 = q_u->info.id23;
+ SamOEMhash(id23->pass, user_sess_key, True);
+ status = set_user_info_23(id23, rid) ? 0 : (0xC0000000 | NT_STATUS_ACCESS_DENIED);
+ break;
+ }
+
+ default:
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+
+ break;
+ }
+ }
+ }
+
+ make_samr_r_set_userinfo(&r_u, status);
+
+ /* store the response in the SMB stream */
+ samr_io_r_set_userinfo("", &r_u, rdata, 0);
+
+ DEBUG(5,("samr_reply_set_userinfo: %d\n", __LINE__));
+
+}
+
+/*******************************************************************
+ api_samr_set_userinfo
+ ********************************************************************/
+static void api_samr_set_userinfo( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+ user_struct *vuser = get_valid_user_struct(vuid);
+ SAMR_Q_SET_USERINFO q_u;
+ ZERO_STRUCT(q_u);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("set user info: sess_key: "));
+ dump_data(100, vuser->dc.user_sess_key, 16);
+#endif
+ samr_io_q_set_userinfo("", &q_u, data, 0);
+ samr_reply_set_userinfo(&q_u, rdata, vuser->dc.user_sess_key);
+
+ if (q_u.info.id != NULL)
+ {
+ free(q_u.info.id);
+ }
+}
+
+
+/*******************************************************************
samr_reply_query_usergroups
********************************************************************/
static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
@@ -2310,6 +2412,13 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
break;
}
+ case 0x01:
+ {
+ switch_value = 0x1;
+ make_unk_info1(&ctr.info.inf1);
+
+ break;
+ }
default:
{
status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
@@ -2340,50 +2449,19 @@ static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *
/*******************************************************************
- samr_reply_unknown_32
+ samr_reply_create_user
********************************************************************/
-static void samr_reply_unknown_32(SAMR_Q_UNKNOWN_32 *q_u,
- prs_struct *rdata,
- int status)
-{
- int i;
- SAMR_R_UNKNOWN_32 r_u;
-
- /* set up the SAMR unknown_32 response */
- bzero(r_u.pol.data, POL_HND_SIZE);
- if (status == 0)
- {
- for (i = 4; i < POL_HND_SIZE; i++)
- {
- r_u.pol.data[i] = i+1;
- }
- }
-
- make_dom_rid4(&(r_u.rid4), 0x0030, 0, 0);
- r_u.status = status;
-
- DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
-
- /* store the response in the SMB stream */
- samr_io_r_unknown_32("", &r_u, rdata, 0);
-
- DEBUG(5,("samr_unknown_32: %d\n", __LINE__));
-
-}
-
-/*******************************************************************
- api_samr_unknown_32
- ********************************************************************/
-static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdata)
+static void samr_reply_create_user(SAMR_Q_CREATE_USER *q_u,
+ prs_struct *rdata)
{
- uint32 status = 0;
struct sam_passwd *sam_pass;
- fstring mach_acct;
-
- SAMR_Q_UNKNOWN_32 q_u;
+ fstring user_name;
- /* grab the samr unknown 32 */
- samr_io_q_unknown_32("", &q_u, data, 0);
+ SAMR_R_CREATE_USER r_u;
+ POLICY_HND pol;
+ uint32 status = 0x0;
+ uint32 user_rid = 0xffffffff;
+ BOOL pol_open = False;
/* find the machine account: tell the caller if it exists.
lkclXXXX i have *no* idea if this is a problem or not
@@ -2391,26 +2469,91 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat
reply if the account already exists...
*/
- unistr2_to_ascii(mach_acct, &q_u.uni_mach_acct, sizeof(mach_acct)-1);
+ /* find the policy handle. open a policy on it. */
+ if (status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
- become_root(True);
- sam_pass = getsam21pwntnam(mach_acct);
- unbecome_root(True);
+ /* get a (unique) handle. open a policy on it. */
+ if (status == 0x0 && !(pol_open = open_lsa_policy_hnd(&pol)))
+ {
+ status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ unistr2_to_ascii(user_name, &q_u->uni_name, sizeof(user_name)-1);
+
+ sam_pass = getsam21pwntnam(user_name);
if (sam_pass != NULL)
{
- /* machine account exists: say so */
+ /* account exists: say so */
status = 0xC0000000 | NT_STATUS_USER_EXISTS;
}
else
{
- /* this could cause trouble... */
- DEBUG(0,("trouble!\n"));
- status = 0;
+ pstring err_str;
+ pstring msg_str;
+
+ if (!local_password_change(user_name, True,
+ q_u->acb_info | ACB_DISABLED, 0xffff,
+ NULL,
+ err_str, sizeof(err_str),
+ msg_str, sizeof(msg_str)))
+ {
+ DEBUG(0,("%s\n", err_str));
+ status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
+ }
+ else
+ {
+ sam_pass = getsam21pwntnam(user_name);
+ if (sam_pass == NULL)
+ {
+ /* account doesn't exist: say so */
+ status = 0xC0000000 | NT_STATUS_ACCESS_DENIED;
+ }
+ else
+ {
+ user_rid = sam_pass->user_rid;
+ }
+ }
+ }
+
+ /* associate the RID with the (unique) handle. */
+ if (status == 0x0 && !set_lsa_policy_samr_rid(&pol, user_rid))
+ {
+ /* oh, whoops. don't know what error message to return, here */
+ status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ if (status != 0 && pol_open)
+ {
+ close_lsa_policy_hnd(&pol);
}
+ DEBUG(5,("samr_create_user: %d\n", __LINE__));
+
+ make_samr_r_create_user(&r_u, &pol, 0x000703ff, user_rid, status);
+
+ /* store the response in the SMB stream */
+ samr_io_r_create_user("", &r_u, rdata, 0);
+
+ DEBUG(5,("samr_create_user: %d\n", __LINE__));
+
+}
+
+/*******************************************************************
+ api_samr_create_user
+ ********************************************************************/
+static void api_samr_create_user( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+ SAMR_Q_CREATE_USER q_u;
+
+ /* grab the samr unknown 32 */
+ samr_io_q_create_user("", &q_u, data, 0);
+
/* construct reply. */
- samr_reply_unknown_32(&q_u, rdata, status);
+ samr_reply_create_user(&q_u, rdata);
}
@@ -2709,6 +2852,7 @@ static struct api_struct api_samr_cmds [] =
{ "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names },
{ "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user },
{ "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },
+ { "SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo },
{ "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info },
{ "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
{ "SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo },
@@ -2716,7 +2860,7 @@ static struct api_struct api_samr_cmds [] =
{ "SAMR_QUERY_DISPINFO4" , SAMR_QUERY_DISPINFO4 , api_samr_query_dispinfo },
{ "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo },
{ "SAMR_QUERY_GROUPINFO" , SAMR_QUERY_GROUPINFO , api_samr_query_groupinfo },
- { "SAMR_0x32" , SAMR_UNKNOWN_32 , api_samr_unknown_32 },
+ { "SAMR_CREATE_USER" , SAMR_CREATE_USER , api_samr_create_user },
{ "SAMR_LOOKUP_RIDS" , SAMR_LOOKUP_RIDS , api_samr_lookup_rids },
{ "SAMR_UNKNOWN_38" , SAMR_UNKNOWN_38 , api_samr_unknown_38 },
{ "SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user },
generated by cgit (git 2.34.1) at 2024-11-10 19:35:41 +0000