diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/include/smb.h | 47 | ||||
-rw-r--r-- | source3/lsaparse.c | 14 | ||||
-rw-r--r-- | source3/smbd/pipes.c | 238 | ||||
-rw-r--r-- | source3/smbparse.c | 3 |
5 files changed, 285 insertions, 18 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 202b151150..8f8ec5aa8a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -312,6 +312,7 @@ BOOL remove_share_oplock(int fnum, share_lock_token token); /*The following definitions come from lsaparse.c */ +char* lsa_io_r_open_pol(BOOL io, LSA_R_OPEN_POL *r_p, char *q, char *base, int align); char* lsa_io_q_query(BOOL io, LSA_Q_QUERY_INFO *q_q, char *q, char *base, int align); char* lsa_io_r_query(BOOL io, LSA_R_QUERY_INFO *r_q, char *q, char *base, int align); char* lsa_io_q_lookup_sids(BOOL io, LSA_Q_LOOKUP_SIDS *q_s, char *q, char *base, int align); diff --git a/source3/include/smb.h b/source3/include/smb.h index 43e402359f..4850b33e49 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -331,16 +331,6 @@ typedef struct domsid2_info } DOM_SID2; -/* DOM_SID3 - domain SID structure - SIDs stored in unicode */ -typedef struct domsid3_info -{ - UNISTR str; /* domain SID unicode string */ - uint32 undoc; /* value is 0 */ - uint32 type1; /* value is 1 */ - uint32 type2; /* value is 5 or 3 */ - -} DOM_SID3; - /* DOM_RID2 - domain RID structure */ typedef struct domrid2_info { @@ -409,8 +399,8 @@ typedef struct id_info_1 DOM_LOGON_ID logon_id; /* logon ID */ UNIHDR hdr_user_name; /* user name unicode header */ UNIHDR hdr_workgroup_name; /* workgroup name unicode header */ - ARC4_OWF arc4_lm_owf; /* arc4 LM OWF Password */ - ARC4_OWF arc4_nt_owf; /* arc4 NT OWF Password */ + ARC4_OWF arc4_lm_owf; /* rc4 LM OWF Password */ + ARC4_OWF arc4_nt_owf; /* rc4 NT OWF Password */ UNISTR2 uni_domain_name; /* domain name unicode string */ UNISTR2 uni_user_name; /* user name unicode string */ UNISTR2 uni_workgroup_name; /* workgroup name unicode string */ @@ -463,10 +453,11 @@ typedef struct rpc_hdr_info typedef struct dom_query_info { uint16 uni_dom_max_len; /* domain name string length * 2 */ + uint16 padding; /* 2 padding bytes? */ uint16 uni_dom_str_len; /* domain name string length * 2 */ uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ - UNISTR uni_domain_name; /* domain name (unicode string) */ + UNISTR2 uni_domain_name; /* domain name (unicode string) */ DOM_SID dom_sid; /* domain SID */ } DOM_QUERY; @@ -475,14 +466,25 @@ typedef struct dom_query_info typedef DOM_QUERY DOM_QUERY_3; typedef DOM_QUERY DOM_QUERY_5; +#define POL_HND_SIZE 20 + /* LSA_POL_HND */ typedef struct lsa_policy_info { - uint8 data[20]; /* policy handle */ + uint8 data[POL_HND_SIZE]; /* policy handle */ } LSA_POL_HND; +/* LSA_R_OPEN_POL - response to LSA Open Policy */ +typedef struct lsa_r_open_pol_info +{ + LSA_POL_HND pol; /* policy handle */ + + uint32 status; /* return code */ + +} LSA_R_OPEN_POL; + /* LSA_Q_QUERY_INFO - LSA query info policy */ typedef struct lsa_query_info { @@ -530,7 +532,6 @@ typedef struct dom_ref_info /* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */ typedef struct lsa_q_lookup_sids { - LSA_POL_HND pol_hnd; /* policy handle */ uint32 num_entries; uint32 buffer_dom_sid; /* undocumented domain SID buffer pointer */ @@ -669,7 +670,7 @@ typedef struct lsa_q_srv_pwset_info /* LSA_R_SRV_PWSET */ typedef struct lsa_r_srv_pwset_info { - DOM_CHAL srv_chal; /* server-calculated credentials */ + DOM_CRED srv_cred; /* server-calculated credentials */ uint32 status; /* return code */ @@ -1040,8 +1041,10 @@ typedef struct { smb_shm_offset_t next_share_mode_entry; int pid; +#ifdef USE_OPLOCKS uint16 op_port; uint16 op_type; +#endif /* USE_OPLOCKS */ int share_mode; struct timeval time; } share_mode_entry; @@ -1050,8 +1053,10 @@ typedef struct typedef struct { int pid; +#ifdef USE_OPLOCKS uint16 op_port; uint16 op_type; +#endif /* USE_OPLOCKS */ int share_mode; struct timeval time; } min_share_mode_entry; @@ -1077,7 +1082,11 @@ struct connect_record }; #ifndef LOCKING_VERSION +#ifdef USE_OPLOCKS #define LOCKING_VERSION 4 +#else /* USE_OPLOCKS */ +#define LOCKING_VERSION 3 +#endif /* USE_OPLOCKS */ #endif /* LOCKING_VERSION */ #if !defined(FAST_SHARE_MODES) @@ -1093,7 +1102,11 @@ struct connect_record #define SMF_FILENAME_LEN_OFFSET 8 #define SMF_HEADER_LENGTH 10 +#ifdef USE_OPLOCKS #define SMF_ENTRY_LENGTH 20 +#else /* USE_OPLOCKS */ +#define SMF_ENTRY_LENGTH 16 +#endif /* USE_OPLOCKS */ /* * Share mode record offsets. @@ -1104,8 +1117,10 @@ struct connect_record #define SME_SHAREMODE_OFFSET 8 #define SME_PID_OFFSET 12 +#ifdef USE_OPLOCKS #define SME_PORT_OFFSET 16 #define SME_OPLOCK_TYPE_OFFSET 18 +#endif /* USE_OPLOCKS */ #endif /* FAST_SHARE_MODES */ diff --git a/source3/lsaparse.c b/source3/lsaparse.c index 70d4f49380..43e7ef1d40 100644 --- a/source3/lsaparse.c +++ b/source3/lsaparse.c @@ -25,6 +25,20 @@ extern int DEBUGLEVEL; /******************************************************************* +reads or writes an LSA_R_OPEN_POL structure. +********************************************************************/ +char* lsa_io_r_open_pol(BOOL io, LSA_R_OPEN_POL *r_p, char *q, char *base, int align) +{ + if (r_p == NULL) return NULL; + + q = smb_io_pol_hnd(io, &(r_p->pol), q, base, align); + + RW_IVAL(io, q, r_p->status, 0); q += 4; + + return q; +} + +/******************************************************************* reads or writes an LSA_Q_QUERY_INFO structure. ********************************************************************/ char* lsa_io_q_query(BOOL io, LSA_Q_QUERY_INFO *q_q, char *q, char *base, int align) diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index a465e91145..0fb8a89c9e 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -2,7 +2,9 @@ Unix SMB/Netbios implementation. Version 1.9. Pipe SMB reply routines - Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Andrew Tridgell 1992-1997, + Paul Ashton 1997, + Luke Kenneth Casson Leighton 1996-1997. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -51,6 +53,9 @@ a packet to ensure chaining works correctly */ char * known_pipes [] = { "lsarpc", +#if 0 + "NETLOGON", +#endif NULL }; @@ -357,3 +362,234 @@ BOOL api_LsarpcTNP(int cnum,int uid, char *param,char *data, } return(True); } + +/* + PAXX: Someone fix above. + The above API is indexing RPC calls based on RPC flags and + fragment length. I've decided to do it based on operation number :-) +*/ + +/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ +/* identauth >= 2^32 can be detected because it will be specified in hex */ +static void init_dom_sid(DOM_SID *sid, char *domsid) +{ + int identauth; + char *p; + + DEBUG(4,("netlogon domain SID: %s\n", domsid)); + + /* assume, but should check, that domsid starts "S-" */ + p = strtok(domsid+2,"-"); + sid->sid_no = atoi(p); + + /* identauth in decimal should be < 2^32 */ + /* identauth in hex should be >= 2^32 */ + identauth = atoi(strtok(0,"-")); + + DEBUG(4,("netlogon rev %d\n", sid->sid_no)); + DEBUG(4,("netlogon %s ia %d\n", p, identauth)); + + sid->id_auth[0] = 0; + sid->id_auth[1] = 0; + sid->id_auth[2] = (identauth & 0xff000000) >> 24; + sid->id_auth[3] = (identauth & 0x00ff0000) >> 16; + sid->id_auth[4] = (identauth & 0x0000ff00) >> 8; + sid->id_auth[5] = (identauth & 0x000000ff); + + sid->num_auths = 0; + + while ((p = strtok(0, "-")) != NULL) + { + sid->sub_auths[sid->num_auths++] = atoi(p); + } +} + +static void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len) +{ + if (hdr == NULL) return; + + hdr->major = 5; /* RPC version 5 */ + hdr->minor = 0; /* minor version 0 */ + hdr->pkt_type = 2; /* RPC response packet */ + hdr->frag = 3; /* first frag + last frag */ + hdr->pack_type = 1; /* packed data representation */ + hdr->frag_len = data_len; /* fragment length, fill in later */ + hdr->auth_len = 0; /* authentication length */ + hdr->call_id = call_id; /* call identifier - match incoming RPC */ + hdr->alloc_hint = data_len - 0x18; /* allocation hint (no idea) */ + hdr->context_id = 0; /* presentation context identifier */ + hdr->cancel_count = 0; /* cancel count */ + hdr->reserved = 0; /* reserved */ +} + +static void init_rpc_reply(char *inbuf, char *q, char *base, int data_len) +{ + uint32 callid = RIVAL(inbuf, 12); + RPC_HDR hdr; + + create_rpc_reply(&hdr, callid, data_len); + smb_io_rpc_hdr(False, &hdr, q, base, 4); +} + +static int lsa_reply_open_policy(char *q, char *base) +{ + char *start = q; + LSA_R_OPEN_POL r_o; + + /* set up the LSA QUERY INFO response */ + bzero(&(r_o.pol.data), POL_HND_SIZE); + r_o.status = 0x0; + + /* store the response in the SMB stream */ + q = lsa_io_r_open_pol(False, &r_o, q, base, 4); + + /* return length of SMB data stored */ + return q - start; +} + +static void init_unistr2(UNISTR2 *str, char *buf, int len, char terminate) +{ + /* set up string lengths. add one if string is not null-terminated */ + str->uni_max_len = len + (terminate != 0 ? 1 : 0); + str->undoc = 0; + str->uni_str_len = len; + + /* store the string (null-terminated copy) */ + PutUniCode((char *)str->buffer, buf); + + /* overwrite the last character: some strings are terminated with 4 not 0 */ + str->buffer[len] = (uint16)terminate; +} + +static void init_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid) +{ + int domlen = strlen(dom_name); + + d_q->uni_dom_max_len = domlen * 2; + d_q->padding = 0; + d_q->uni_dom_str_len = domlen * 2; + + d_q->buffer_dom_name = 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = 0; /* domain sid pointer */ + + /* NOT null-terminated: 4-terminated instead! */ + init_unistr2(&(d_q->uni_domain_name), dom_name, domlen, 4); + + init_dom_sid(&(d_q->dom_sid), dom_sid); +} + +static int lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, char *q, char *base, + char *dom_name, char *dom_sid) +{ + char *start = q; + LSA_R_QUERY_INFO r_q; + + /* set up the LSA QUERY INFO response */ + + r_q.undoc_buffer = 1; /* not null */ + r_q.info_class = q_q->info_class; + + init_dom_query(&r_q.dom.id5, dom_name, dom_sid); + + r_q.status = 0x0; + + /* store the response in the SMB stream */ + q = lsa_io_r_query(False, &r_q, q, base, 4); + + /* return length of SMB data stored */ + return q - start; +} + +static void init_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c, char chal[8], int status) +{ + memcpy(r_c->srv_chal.data, chal, sizeof(r_c->srv_chal.data)); + r_c->status = status; +} + +#if 0 + char chal[8]; + /* PAXX: set these to random values */ + for (int i = 0; i < 8; i+++) + { + chal[i] = 0xA5; + } +#endif + +static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base, + char chal[8]) +{ + char *start = q; + LSA_R_REQ_CHAL r_c; + + /* set up the LSA REQUEST CHALLENGE response */ + + init_lsa_r_req_chal(&r_c, chal, 0); + + /* store the response in the SMB stream */ + q = lsa_io_r_req_chal(False, &r_c, q, base, 4); + + /* return length of SMB data stored */ + return q - start; +} + +static void init_lsa_chal(DOM_CHAL *cred, char resp_cred[8]) +{ + memcpy(cred->data, resp_cred, sizeof(cred->data)); +} + +static void init_lsa_r_auth_2(LSA_R_AUTH_2 *r_a, + char resp_cred[8], NEG_FLAGS *flgs, int status) +{ + init_lsa_chal(&(r_a->srv_chal), resp_cred); + memcpy(&(r_a->srv_flgs), flgs, sizeof(r_a->srv_flgs)); + r_a->status = status; +} + +static int lsa_reply_auth_2(LSA_Q_AUTH_2 *q_a, char *q, char *base, + char resp_cred[8], int status) +{ + char *start = q; + LSA_R_AUTH_2 r_a; + + /* set up the LSA AUTH 2 response */ + + init_lsa_r_auth_2(&r_a, resp_cred, &(q_a->clnt_flgs), status); + + /* store the response in the SMB stream */ + q = lsa_io_r_auth_2(False, &r_a, q, base, 4); + + /* return length of SMB data stored */ + return q - start; +} + +static void init_lsa_dom_chal(DOM_CRED *cred, char srv_chal[8], UTIME srv_time) +{ + init_lsa_chal(&(cred->challenge), srv_chal); + cred->timestamp = srv_time; +} + + +static void init_lsa_r_srv_pwset(LSA_R_SRV_PWSET *r_a, + char srv_chal[8], UTIME srv_time, int status) +{ + init_lsa_dom_chal(&(r_a->srv_cred), srv_chal, srv_time); + r_a->status = status; +} + +static int lsa_reply_srv_pwset(LSA_Q_SRV_PWSET *q_s, char *q, char *base, + char srv_cred[8], UTIME srv_time, + int status) +{ + char *start = q; + LSA_R_SRV_PWSET r_s; + + /* set up the LSA Server Password Set response */ + init_lsa_r_srv_pwset(&r_s, srv_cred, srv_time, status); + + /* store the response in the SMB stream */ + q = lsa_io_r_srv_pwset(False, &r_s, q, base, 4); + + /* return length of SMB data stored */ + return q - start; +} + diff --git a/source3/smbparse.c b/source3/smbparse.c index 95390522ff..7ea140f7cb 100644 --- a/source3/smbparse.c +++ b/source3/smbparse.c @@ -416,7 +416,7 @@ char* smb_io_pol_hnd(BOOL io, LSA_POL_HND *pol, char *q, char *base, int align) q = align_offset(q, base, align); - RW_PCVAL(io, q, pol->data, 20); q += 20; + RW_PCVAL(io, q, pol->data, POL_HND_SIZE); q += POL_HND_SIZE; return q; } @@ -448,6 +448,7 @@ char* smb_io_dom_query(BOOL io, DOM_QUERY *d_q, char *q, char *base, int align) RW_SVAL(io, q, d_q->uni_dom_max_len, 0); q += 2; /* domain name string length * 2 */ + RW_SVAL(io, q, d_q->padding , 0); q += 2; /* 2 padding bytes */ RW_SVAL(io, q, d_q->uni_dom_str_len, 0); q += 2; /* domain name string length * 2 */ RW_IVAL(io, q, d_q->buffer_dom_name, 0); q += 4; /* undocumented domain name string buffer pointer */ |