summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/client/ntclient.c115
-rw-r--r--source3/include/byteorder.h6
-rw-r--r--source3/include/proto.h15
3 files changed, 89 insertions, 47 deletions
diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c
index a32f6e690d..8d1ad0e8eb 100644
--- a/source3/client/ntclient.c
+++ b/source3/client/ntclient.c
@@ -40,13 +40,12 @@ extern pstring workgroup;
check workstation trust account status
************************************************************************/
BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
- char *myhostname, char *domain)
+ char *myhostname, char *domain,
+ fstring mach_pwd, fstring new_mach_pwd)
{
pstring tmp;
struct cli_state wksta_trust;
fstring mach_acct;
- fstring mach_pwd;
- fstring new_mach_pwd;
uchar lm_owf_mach_pwd[16];
uchar nt_owf_mach_pwd[16];
uchar lm_sess_pwd[24];
@@ -88,8 +87,8 @@ BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
if (!server_connect_init(&wksta_trust, myhostname, dest_ip, dest_host))
{
- int err_cls;
- int err_num;
+ uint8 err_cls;
+ uint32 err_num;
cli_error(&wksta_trust, &err_cls, &err_num);
DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&wksta_trust)));
@@ -109,17 +108,17 @@ BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
lm_sess_pwd, sizeof(lm_sess_pwd),
nt_sess_pwd, sizeof(nt_sess_pwd)))
{
- int err_cls;
- int err_num;
+ uint8 err_cls;
+ uint32 err_num;
cli_error(&wksta_trust, &err_cls, &err_num);
- if (err_cls == 0xC000 && err_num == NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)
+ if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT))
{
DEBUG(1,("server_validate: valid workstation trust account exists\n"));
right_error_code = True;
}
- if (err_cls == 0xC000 && err_num == NT_STATUS_NO_SUCH_USER)
+ if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER))
{
DEBUG(1,("server_validate: workstation trust account does not exist\n"));
right_error_code = False;
@@ -149,6 +148,10 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
DOM_CHAL auth2_srv_chal;
+ DOM_CRED srv_pwset_clnt_cred;
+ DOM_CRED srv_pwset_rtn_cred;
+ DOM_CRED srv_pwset_srv_cred;
+
DOM_CRED sam_logon_clnt_cred;
DOM_CRED sam_logon_rtn_cred;
DOM_CRED sam_logon_srv_cred;
@@ -166,6 +169,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
uchar sess_key[8];
char nt_owf_mach_pwd[16];
+ char nt_owf_new_mach_pwd[16];
fstring server_name;
fstring mach_acct;
@@ -204,10 +208,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
return False;
}
- /************ check workstation trust account *******************/
-
- wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup);
-
/******************* open the \PIPE\lsarpc file *****************/
if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_LSARPC, Client, cnum)) == 0xffff)
@@ -300,6 +300,46 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
+ /************ Check workstation trust account *******************/
+
+ /* default machine password is lower-case machine name (really secure) */
+ fstrcpy(mach_pwd, myhostname);
+ strlower(mach_pwd);
+
+ wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup, mach_pwd, new_mach_pwd);
+
+ /************ Long-term Session key (default) **********/
+
+ {
+ char lm_owf_mach_pwd[16];
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
+#endif
+ nt_lm_owf_gen( mach_pwd, nt_owf_mach_pwd , lm_owf_mach_pwd );
+ }
+
+#ifdef DEBUG_PASSWORD
+ dump_data(6, nt_owf_mach_pwd, 16);
+#endif
+
+ /* calculate the session key */
+ cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
+
+ /*********** next new trust account password ************/
+ {
+ char lm_owf_new_mach_pwd[16];
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd));
+#endif
+ nt_lm_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd, lm_owf_new_mach_pwd);
+ }
+
+#ifdef DEBUG_PASSWORD
+ dump_data(6, nt_owf_new_mach_pwd, 16);
+#endif
+
+
+
/******************* open the \PIPE\NETLOGON file *****************/
if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_NETLOGON, Client, cnum)) == 0xffff)
@@ -336,35 +376,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
return False;
}
- /************ Long-term Session key (default) **********/
-
-#if 0
- /* DAMN! can't get the machine password - need become_root() to do it! */
- /* get the machine password */
- if (!get_md4pw(mach_acct, nt_owf_mach_pwd))
- {
- cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
- free(inbuf); free(outbuf);
- return False;
- }
-
- DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd));
-#else
-
- {
- char lm_owf_mach_pwd[16];
- nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
- DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
- }
-
-#endif
-
- dump_data(6, nt_owf_mach_pwd, 16);
-
- /* calculate the session key */
- cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
-
-
/******************* Authenticate 2 ********************/
/* calculate auth-2 credentials */
@@ -379,8 +390,26 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
return False;
}
+ /**************** Net Server Password Set **************/
+
+ clnt_cred.timestamp.time = srv_pwset_clnt_cred.timestamp.time = time(NULL);
+
+ /* calculate sam logon credentials, using the auth2 client challenge */
+ cred_create(sess_key, &(clnt_cred.challenge), srv_pwset_clnt_cred.timestamp,
+ &(srv_pwset_clnt_cred.challenge));
+
+ /* send client srv_pwset challenge; receive a srv_pwset challenge */
+ if (!do_lsa_srv_pwset(fnum, ++call_id, sess_key,
+ dest_host, mach_acct, 2, myhostname,
+ &srv_pwset_clnt_cred, &srv_pwset_srv_cred,
+ nt_owf_new_mach_pwd))
+ {
+ cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
+ free(inbuf); free(outbuf);
+ return False;
+ }
- /*********************** SAM Info ***********************/
+ /****************** SAM Info Preparation *******************/
{
char lm_owf_user_pwd[16];
diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h
index 4d972a5cac..46a44bad8c 100644
--- a/source3/include/byteorder.h
+++ b/source3/include/byteorder.h
@@ -207,7 +207,7 @@ it also defines lots of intermediate macros, just ignore those :-)
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), PTR_DIFF(inbuf,base),string)); \
if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \
- { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \
+ { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (uint8)((outbuf)[idx]))); } } \
DEBUG(5,("\n"));
#define DBG_RW_PSVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \
@@ -215,7 +215,7 @@ it also defines lots of intermediate macros, just ignore those :-)
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), PTR_DIFF(inbuf,base),string)); \
if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \
- { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \
+ { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (uint16)((outbuf)[idx]))); } } \
DEBUG(5,("\n"));
#define DBG_RW_PIVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \
@@ -223,7 +223,7 @@ it also defines lots of intermediate macros, just ignore those :-)
DEBUG(5,("%s%04x %s: ", \
tab_depth(depth), PTR_DIFF(inbuf,base),string)); \
if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \
- { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \
+ { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (uint32)((outbuf)[idx]))); } } \
DEBUG(5,("\n"));
#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \
diff --git a/source3/include/proto.h b/source3/include/proto.h
index cffa297413..df7e182848 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -629,7 +629,8 @@ void sync_browse_lists(struct subnet_record *d, struct work_record *work,
/*The following definitions come from ntclient.c */
BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host,
- char *myhostname, char *domain);
+ char *myhostname, char *domain,
+ fstring mach_pwd, fstring new_mach_pwd);
BOOL do_nt_login(struct in_addr dest_ip, char *dest_host,
char *myhostname,
int Client, int cnum);
@@ -820,6 +821,9 @@ void make_q_auth_2(LSA_Q_AUTH_2 *q_a,
DOM_CHAL *clnt_chal, uint32 clnt_flgs);
char* lsa_io_q_auth_2(BOOL io, LSA_Q_AUTH_2 *q_a, char *q, char *base, int align, int depth);
char* lsa_io_r_auth_2(BOOL io, LSA_R_AUTH_2 *r_a, char *q, char *base, int align, int depth);
+void make_q_srv_pwset(LSA_Q_SRV_PWSET *q_s, char sess_key[8],
+ char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
+ DOM_CRED *cred, char nt_cypher[16]);
char* lsa_io_q_srv_pwset(BOOL io, LSA_Q_SRV_PWSET *q_s, char *q, char *base, int align, int depth);
char* lsa_io_r_srv_pwset(BOOL io, LSA_R_SRV_PWSET *r_s, char *q, char *base, int align, int depth);
char* lsa_io_user_info(BOOL io, LSA_USER_INFO *usr, char *q, char *base, int align, int depth);
@@ -846,6 +850,11 @@ BOOL do_lsa_req_chal(uint16 fnum, uint32 call_id,
BOOL do_lsa_auth2(uint16 fnum, uint32 call_id,
char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
DOM_CHAL *clnt_chal, uint32 neg_flags, DOM_CHAL *srv_chal);
+BOOL do_lsa_srv_pwset(uint16 fnum, uint32 call_id,
+ uchar sess_key[8],
+ char *logon_srv, char *mach_acct, uint16 sec_chan_type, char *comp_name,
+ DOM_CRED *clnt_cred, DOM_CRED *srv_cred,
+ char nt_owf_new_mach_pwd[16]);
BOOL do_lsa_sam_logon(uint16 fnum, uint32 call_id,
uchar sess_key[8], DOM_CRED *sto_clnt_cred,
char *logon_srv, char *comp_name,
@@ -976,6 +985,10 @@ void make_clnt_info2(DOM_CLNT_INFO2 *clnt,
char *logon_srv, char *comp_name,
DOM_CRED *clnt_cred);
char* smb_io_clnt_info2(BOOL io, DOM_CLNT_INFO2 *clnt, char *q, char *base, int align, int depth);
+char* make_clnt_info(DOM_CLNT_INFO *clnt,
+ char *logon_srv, char *acct_name,
+ uint16 sec_chan, char *comp_name,
+ DOM_CRED *cred);
char* smb_io_clnt_info(BOOL io, DOM_CLNT_INFO *clnt, char *q, char *base, int align, int depth);
void make_logon_id(DOM_LOGON_ID *log, uint32 log_id_low, uint32 log_id_high);
char* smb_io_logon_id(BOOL io, DOM_LOGON_ID *log, char *q, char *base, int align, int depth);