diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 4 | ||||
-rw-r--r-- | source3/rpc_client/cli_login.c | 173 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 470 | ||||
-rw-r--r-- | source3/rpc_client/ntclienttrust.c | 157 | ||||
-rw-r--r-- | source3/rpcclient/cmd_netlogon.c | 9 |
5 files changed, 7 insertions, 806 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 3a97f78cab..2cc41b9d56 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -187,8 +187,7 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \ rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o -RPC_CLIENT_OBJ = rpc_client/cli_netlogon.o rpc_client/cli_pipe.o \ - rpc_client/cli_login.o \ +RPC_CLIENT_OBJ = rpc_client/cli_pipe.o \ rpc_client/cli_spoolss_notify.o LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o @@ -314,7 +313,6 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \ rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \ - rpc_client/cli_login.o rpc_client/cli_netlogon.o \ rpcclient/display_sec.o RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c deleted file mode 100644 index 7b5bf90c5d..0000000000 --- a/source3/rpc_client/cli_login.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - Copyright (C) Jeremy Allison 1999. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern fstring global_myworkgroup; -extern pstring global_myname; - -/**************************************************************************** -Initialize domain session credentials. -****************************************************************************/ - -NTSTATUS cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]) -{ - NTSTATUS result; - DOM_CHAL clnt_chal; - DOM_CHAL srv_chal; - - UTIME zerotime; - - /******************* Request Challenge ********************/ - - generate_random_buffer( clnt_chal.data, 8, False); - - /* send a client challenge; receive a server challenge */ - if (!cli_net_req_chal(cli, &clnt_chal, &srv_chal)) - { - DEBUG(0,("cli_nt_setup_creds: request challenge failed\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /**************** Long-term Session key **************/ - - /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, cli->sess_key); - memset((char *)cli->sess_key+8, '\0', 8); - - /******************* Authenticate 2 ********************/ - - /* calculate auth-2 credentials */ - zerotime.time = 0; - cred_create(cli->sess_key, &clnt_chal, zerotime, &(cli->clnt_cred.challenge)); - - /* - * Send client auth-2 challenge. - * Receive an auth-2 challenge response and check it. - */ - - result = cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? - SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, &srv_chal); - - if (!NT_STATUS_IS_OK(result)) - { - DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed\n")); - return result; - } - - return NT_STATUS_OK; -} - -/**************************************************************************** -NT login - interactive. -*NEVER* use this code. This method of doing a logon (sending the cleartext -password equivalents, protected by the session key) is inherently insecure -given the current design of the NT Domain system. JRA. - ****************************************************************************/ -NTSTATUS cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, - uint32 smb_userid_low, char *password, - NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3) -{ - uchar lm_owf_user_pwd[16]; - uchar nt_owf_user_pwd[16]; - NTSTATUS ret; - - DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); - -#ifdef DEBUG_PASSWORD - - DEBUG(100,("nt owf of user password: ")); - dump_data(100, (char *)lm_owf_user_pwd, 16); - - DEBUG(100,("nt owf of user password: ")); - dump_data(100, (char *)nt_owf_user_pwd, 16); - -#endif - - DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__)); - - /* indicate an "interactive" login */ - ctr->switch_value = INTERACTIVE_LOGON_TYPE; - - /* Create the structure needed for SAM logon. */ - init_id_info1(&ctr->auth.id1, domain, 0, - smb_userid_low, 0, - username, cli->clnt_name_slash, - (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd); - - /* Ensure we overwrite all the plaintext password - equivalents. */ - memset(lm_owf_user_pwd, '\0', sizeof(lm_owf_user_pwd)); - memset(nt_owf_user_pwd, '\0', sizeof(nt_owf_user_pwd)); - - /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(cli, ctr, user_info3); - - memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(lm_owf_user_pwd)); - memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(nt_owf_user_pwd)); - - return ret; -} - -/**************************************************************************** -NT login - network. -*ALWAYS* use this call to validate a user as it does not expose plaintext -password equivalents over the network. JRA. -****************************************************************************/ - -NTSTATUS cli_nt_login_network(struct cli_state *cli, - const auth_usersupplied_info *user_info, - uchar chal[8], - uint32 smb_userid_low, NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3) -{ - DEBUG(5,("cli_nt_login_network: %d\n", __LINE__)); - /* indicate a "network" login */ - ctr->switch_value = NET_LOGON_TYPE; - - /* Create the structure needed for SAM logon. */ - init_id_info2(&ctr->auth.id2, user_info->domain.str, 0, smb_userid_low, 0, - user_info->smb_name.str, - /* Send our cleint's workstaion name if we have it, otherwise ours */ - ((user_info->wksta_name.len > 0) ? - user_info->wksta_name.str : - cli->clnt_name_slash), - chal, - user_info->lm_resp.data, user_info->lm_resp.length, - user_info->nt_resp.data, user_info->nt_resp.length); - - /* Send client sam-logon request - update credentials on success. */ - return cli_net_sam_logon(cli, ctr, user_info3); -} - -/**************************************************************************** -NT Logoff. -****************************************************************************/ -BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) -{ - DEBUG(5,("cli_nt_logoff: %d\n", __LINE__)); - - /* Send client sam-logoff request - update credentials on success. */ - return cli_net_sam_logoff(cli, ctr); -} diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c deleted file mode 100644 index 90c8a34c21..0000000000 --- a/source3/rpc_client/cli_netlogon.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 1998. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -#include "includes.h" - -extern pstring global_myname; -extern fstring global_myworkgroup; - -/**************************************************************************** -Generate the next creds to use. -****************************************************************************/ - -static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred) -{ - /* - * Create the new client credentials. - */ - - cli->clnt_cred.timestamp.time = time(NULL); - - memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred)); - - /* Calculate the new credentials. */ - cred_create(cli->sess_key, &(cli->clnt_cred.challenge), - new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); - -} - -#if UNUSED_CODE -/**************************************************************************** -do a LSA Logon Control2 -****************************************************************************/ -BOOL cli_net_logon_ctrl2(struct cli_state *cli, NTSTATUS status_level) -{ - prs_struct rbuf; - prs_struct buf; - NET_Q_LOGON_CTRL2 q_l; - BOOL ok = False; - - prs_init(&buf , 1024, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_LOGON_CTRL2 */ - - DEBUG(4,("do_net_logon_ctrl2 from %s status level:%x\n", - global_myname, status_level)); - - /* store the parameters */ - init_q_logon_ctrl2(&q_l, cli->srv_name_slash, - status_level); - - /* turn parameters into data stream */ - if(!net_io_q_logon_ctrl2("", &q_l, &buf, 0)) { - DEBUG(0,("cli_net_logon_ctrl2: Error : failed to marshall NET_Q_LOGON_CTRL2 struct.\n")); - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &buf, &rbuf)) - { - NET_R_LOGON_CTRL2 r_l; - - /* - * Unmarshall the return buffer. - */ - ok = net_io_r_logon_ctrl2("", &r_l, &rbuf, 0); - - if (ok && r_l.status != 0) - { - /* report error code */ - DEBUG(0,("do_net_logon_ctrl2: Error %s\n", nt_errstr(r_l.status))); - cli->nt_error = r_l.status; - ok = False; - } - } - - prs_mem_free(&buf); - prs_mem_free(&rbuf); - - return ok; -} -#endif - -/**************************************************************************** -LSA Authenticate 2 - -Send the client credential, receive back a server credential. -Ensure that the server credential returned matches the session key -encrypt of the server challenge originally received. JRA. -****************************************************************************/ - -NTSTATUS cli_net_auth2(struct cli_state *cli, uint16 sec_chan, - uint32 neg_flags, DOM_CHAL *srv_chal) -{ - prs_struct rbuf; - prs_struct buf; - NET_Q_AUTH_2 q_a; - BOOL ok = False; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - prs_init(&buf , 1024, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_AUTH2 */ - - DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", - cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname, - credstr(cli->clnt_cred.challenge.data), neg_flags)); - - /* store the parameters */ - init_q_auth_2(&q_a, cli->srv_name_slash, cli->mach_acct, - sec_chan, global_myname, &cli->clnt_cred.challenge, neg_flags); - - /* turn parameters into data stream */ - if(!net_io_q_auth_2("", &q_a, &buf, 0)) { - DEBUG(0,("cli_net_auth2: Error : failed to marshall NET_Q_AUTH_2 struct.\n")); - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return result; - } - - /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, NET_AUTH2, &buf, &rbuf)) - { - NET_R_AUTH_2 r_a; - - ok = net_io_r_auth_2("", &r_a, &rbuf, 0); - result = r_a.status; - - if (ok && !NT_STATUS_IS_OK(result)) - { - /* report error code */ - DEBUG(0,("cli_net_auth2: Error %s\n", nt_errstr(result))); - ok = False; - } - - if (ok) - { - /* - * Check the returned value using the initial - * server received challenge. - */ - UTIME zerotime; - - zerotime.time = 0; - if(cred_assert( &r_a.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \ -password ?).\n", cli->desthost )); - ok = False; - } - } - -#if 0 - /* - * Try commenting this out to see if this makes the connect - * work for a NT 3.51 PDC. JRA. - */ - - if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags) - { - /* report different neg_flags */ - DEBUG(0,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n", - q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags)); - ok = False; - } -#endif - - } - - prs_mem_free(&buf); - prs_mem_free(&rbuf); - - return result; -} - -/**************************************************************************** -LSA Request Challenge. Sends our challenge to server, then gets -server response. These are used to generate the credentials. -****************************************************************************/ - -BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal) -{ - prs_struct rbuf; - prs_struct buf; - NET_Q_REQ_CHAL q_c; - BOOL valid_chal = False; - - prs_init(&buf , 1024, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_REQCHAL */ - - DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", - cli->desthost, global_myname, credstr(clnt_chal->data))); - - /* store the parameters */ - init_q_req_chal(&q_c, cli->srv_name_slash, - global_myname, clnt_chal); - - /* turn parameters into data stream */ - if(!net_io_q_req_chal("", &q_c, &buf, 0)) { - DEBUG(0,("cli_net_req_chal: Error : failed to marshall NET_Q_REQ_CHAL struct.\n")); - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, NET_REQCHAL, &buf, &rbuf)) - { - NET_R_REQ_CHAL r_c; - BOOL ok; - - ok = net_io_r_req_chal("", &r_c, &rbuf, 0); - - if (ok && !NT_STATUS_IS_OK(r_c.status)) - { - /* report error code */ - DEBUG(0,("cli_net_req_chal: Error %s\n", nt_errstr(r_c.status))); - ok = False; - } - - if (ok) - { - /* ok, at last: we're happy. return the challenge */ - memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data)); - valid_chal = True; - } - } - - prs_mem_free(&buf); - prs_mem_free(&rbuf); - - return valid_chal; -} -/*************************************************************************** - LSA SAM Logon internal - interactive or network. Does level 2 or 3 but always - returns level 3. -****************************************************************************/ - -static NTSTATUS cli_net_sam_logon_internal(struct cli_state *cli, NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3, - uint16 validation_level) -{ - DOM_CRED new_clnt_cred; - DOM_CRED dummy_rtn_creds; - prs_struct rbuf; - prs_struct buf; - NET_Q_SAM_LOGON q_s; - NET_R_SAM_LOGON r_s; - NTSTATUS retval = NT_STATUS_OK; - - gen_next_creds( cli, &new_clnt_cred); - - prs_init(&buf , 1024, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_SAMLOGON */ - - DEBUG(4,("cli_net_sam_logon_internal: srv:%s mc:%s clnt %s %x ll: %d\n", - cli->srv_name_slash, global_myname, - credstr(new_clnt_cred.challenge.data), cli->clnt_cred.timestamp.time, - ctr->switch_value)); - - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); - dummy_rtn_creds.timestamp.time = time(NULL); - - /* store the parameters */ - q_s.validation_level = validation_level; - init_sam_info(&q_s.sam_id, cli->srv_name_slash, - global_myname, &new_clnt_cred, &dummy_rtn_creds, - ctr->switch_value, ctr); - - /* turn parameters into data stream */ - if(!net_io_q_sam_logon("", &q_s, &buf, 0)) { - DEBUG(0,("cli_net_sam_logon_internal: Error : failed to marshall NET_Q_SAM_LOGON struct.\n")); - retval = NT_STATUS_NO_MEMORY; - goto out; - } - - /* send the data on \PIPE\ */ - if (!rpc_api_pipe_req(cli, NET_SAMLOGON, &buf, &rbuf)) { - DEBUG(0,("cli_net_sam_logon_internal: Error rpc_api_pipe_req failed.\n")); - retval = NT_STATUS_UNSUCCESSFUL; - goto out; - } - - r_s.user = user_info3; - - if(!net_io_r_sam_logon("", &r_s, &rbuf, 0)) { - DEBUG(0,("cli_net_sam_logon_internal: Error : failed to unmarshal NET_R_SAM_LOGON struct.\n")); - retval = NT_STATUS_NO_MEMORY; - goto out; - } - - retval = r_s.status; - - /* - * Don't treat NT_STATUS_INVALID_INFO_CLASS as an error - we will re-issue - * the call. - */ - - if (NT_STATUS_V(retval) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) { - goto out; - } - - if (!NT_STATUS_IS_OK(retval)) { - /* report error code */ - DEBUG(0,("cli_net_sam_logon_internal: %s\n", nt_errstr(r_s.status))); - goto out; - } - - /* Update the credentials. */ - if (!clnt_deal_with_creds(cli->sess_key, &cli->clnt_cred, &r_s.srv_creds)) { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(0,("cli_net_sam_logon_internal: server %s replied with bad credential (bad machine \ -password ?).\n", cli->desthost )); - retval = NT_STATUS_WRONG_PASSWORD; - } - - if (r_s.switch_value != validation_level) { - /* report different switch_value */ - DEBUG(0,("cli_net_sam_logon: switch_value of %x expected %x\n", (unsigned int)validation_level, - (unsigned int)r_s.switch_value)); - retval = NT_STATUS_INVALID_PARAMETER; - } - -out: - - prs_mem_free(&buf); - prs_mem_free(&rbuf); - - return retval; -} - -/*************************************************************************** -LSA SAM Logon - interactive or network. -****************************************************************************/ - -NTSTATUS cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3) -{ - uint16 validation_level=3; - NTSTATUS result; - - result = cli_net_sam_logon_internal(cli, ctr, user_info3, - validation_level); - - if (NT_STATUS_IS_OK(result)) { - DEBUG(10,("cli_net_sam_logon: Success \n")); - } else if (NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) { - DEBUG(10,("cli_net_sam_logon: STATUS INVALID INFO CLASS \n")); - - validation_level=2; - - /* - * Since this is the second time we call this function, don't care - * for the error. If its error, return False. - */ - - result = cli_net_sam_logon_internal(cli, ctr, user_info3, - validation_level); - } - - return result; -} - -/*************************************************************************** -LSA SAM Logoff. - -This currently doesnt work correctly as the domain controller -returns NT_STATUS_INVALID_INFO_CLASS - we obviously need to -send a different info level. Right now though, I'm not sure -what that needs to be (I need to see one on the wire before -I can be sure). JRA. -****************************************************************************/ -BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) -{ - DOM_CRED new_clnt_cred; - DOM_CRED dummy_rtn_creds; - prs_struct rbuf; - prs_struct buf; - NET_Q_SAM_LOGOFF q_s; - BOOL ok = False; - - gen_next_creds( cli, &new_clnt_cred); - - prs_init(&buf , 1024, cli->mem_ctx, MARSHALL); - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); - - /* create and send a MSRPC command with api NET_SAMLOGOFF */ - - DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n", - cli->srv_name_slash, global_myname, - credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time, - ctr->switch_value)); - - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); - - init_sam_info(&q_s.sam_id, cli->srv_name_slash, - global_myname, &new_clnt_cred, &dummy_rtn_creds, - ctr->switch_value, ctr); - - /* turn parameters into data stream */ - if(!net_io_q_sam_logoff("", &q_s, &buf, 0)) { - DEBUG(0,("cli_net_sam_logoff: Error : failed to marshall NET_Q_SAM_LOGOFF struct.\n")); - prs_mem_free(&buf); - prs_mem_free(&rbuf); - return False; - } - - /* send the data on \PIPE\ */ - if (rpc_api_pipe_req(cli, NET_SAMLOGOFF, &buf, &rbuf)) - { - NET_R_SAM_LOGOFF r_s; - - ok = net_io_r_sam_logoff("", &r_s, &rbuf, 0); - - if (ok && !NT_STATUS_IS_OK(r_s.status)) - { - /* report error code */ - DEBUG(0,("cli_net_sam_logoff: %s\n", nt_errstr(r_s.status))); - ok = False; - } - - /* Update the credentials. */ - if (ok && !clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_creds))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(0,("cli_net_sam_logoff: server %s replied with bad credential (bad machine \ -password ?).\n", cli->desthost )); - ok = False; - } - } - - prs_mem_free(&buf); - prs_mem_free(&rbuf); - - return ok; -} diff --git a/source3/rpc_client/ntclienttrust.c b/source3/rpc_client/ntclienttrust.c deleted file mode 100644 index 284fd491f8..0000000000 --- a/source3/rpc_client/ntclienttrust.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - Unix SMB/CIFS implementation. - NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1997 - Copyright (C) Luke Kenneth Casson Leighton 1996-1997 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - - -/************************************************************************ - check workstation trust account status - ************************************************************************/ -BOOL trust_account_check(struct in_addr dest_ip, char *dest_host, - char *hostname, char *domain, fstring mach_acct, - fstring new_mach_pwd) -{ - pstring tmp; - fstring mach_pwd; - struct cli_state cli_trust; - uchar lm_owf_mach_pwd[16]; - uchar nt_owf_mach_pwd[16]; - uchar lm_sess_pwd[24]; - uchar nt_sess_pwd[24]; - - BOOL right_error_code = False; - uint8 err_cls; - uint32 err_num; - - char *start_mach_pwd; - char *change_mach_pwd; - - /* initial machine password */ - fstrcpy(mach_pwd, hostname); - strlower(mach_pwd); - - slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:", - mach_acct, mach_pwd); - - start_mach_pwd = (char*)getpass(tmp); - - if (start_mach_pwd[0] != 0) - { - fstrcpy(mach_pwd, start_mach_pwd); - } - - slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:", - mach_acct); - - change_mach_pwd = (char*)getpass(tmp); - - if (change_mach_pwd[0] != 0) - { - fstrcpy(new_mach_pwd, change_mach_pwd); - } - else - { - DEBUG(1,("trust_account_check: password change not requested\n")); - change_mach_pwd[0] = 0; - } - - DEBUG(1,("initialise cli_trust connection\n")); - - if (!cli_initialise(&cli_trust)) - { - DEBUG(1,("cli_initialise failed for cli_trust\n")); - return False; - } - - DEBUG(1,("server connect for cli_trust\n")); - - if (!server_connect_init(&cli_trust, hostname, dest_ip, dest_host)) - { - cli_error(&cli_trust, &err_cls, &err_num, NULL); - DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&cli_trust))); - - cli_shutdown(&cli_trust); - return False; - } - - DEBUG(1,("server connect cli_trust succeeded\n")); - - nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd); - - DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("client cryptkey: ")); - dump_data(100, cli_trust.cryptkey, sizeof(cli_trust.cryptkey)); -#endif - - SMBencrypt(nt_owf_mach_pwd, cli_trust.cryptkey, nt_sess_pwd); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("nt_owf_mach_pwd: ")); - dump_data(100, nt_owf_mach_pwd, sizeof(lm_owf_mach_pwd)); - DEBUG(100,("nt_sess_pwd: ")); - dump_data(100, nt_sess_pwd, sizeof(nt_sess_pwd)); -#endif - - SMBencrypt(lm_owf_mach_pwd, cli_trust.cryptkey, lm_sess_pwd); - -#ifdef DEBUG_PASSWORD - DEBUG(100,("lm_owf_mach_pwd: ")); - dump_data(100, lm_owf_mach_pwd, sizeof(lm_owf_mach_pwd)); - DEBUG(100,("lm_sess_pwd: ")); - dump_data(100, lm_sess_pwd, sizeof(lm_sess_pwd)); -#endif - - right_error_code = False; - - if (cli_session_setup(&cli_trust, mach_acct, - nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), - nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), domain)) - { - DEBUG(0,("cli_session_setup: NO ERROR! AAAGH! BUG IN SERVER DETECTED!!!\n")); - cli_shutdown(&cli_trust); - - return False; - } - - cli_error(&cli_trust, &err_cls, &err_num, NULL); - - if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)) - { - DEBUG(1,("cli_send_tconX: valid workstation trust account exists\n")); - right_error_code = True; - } - - if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER)) - { - DEBUG(1,("cli_send_tconX: workstation trust account does not exist\n")); - right_error_code = False; - } - - if (!right_error_code) - { - DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&cli_trust))); - } - - cli_shutdown(&cli_trust); - return right_error_code; -} diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 4d67cba1b5..2e89572660 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -174,7 +174,8 @@ static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, goto done; } - result = cli_nt_setup_creds(cli, trust_passwd); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); @@ -237,7 +238,8 @@ static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, goto done; } - result = cli_nt_setup_creds(cli, trust_passwd); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); @@ -299,7 +301,8 @@ static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, goto done; } - result = cli_nt_setup_creds(cli, trust_passwd); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); |