From cc512947c9e1744c5541252c7cc934ebcd2e6961 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sun, 9 Nov 1997 20:42:47 +0000 Subject: byteorder.h : typecasting for the debug messages of the data dump. hm. #ifdef NTDOMAIN ntclient.c rpc_pipes/lsaparse.c rpc_pipes/ntclientnet.c rpc_pipes/smbparse.c : adding "Net Server Password Set" functionality to smbclient. #endif (This used to be commit ad43183d2dd62a808c9fba03f81562362d4de713) --- source3/client/ntclient.c | 115 +++++++++++++++++++++++++++----------------- source3/include/byteorder.h | 6 +-- source3/include/proto.h | 15 +++++- 3 files changed, 89 insertions(+), 47 deletions(-) diff --git a/source3/client/ntclient.c b/source3/client/ntclient.c index a32f6e690d..8d1ad0e8eb 100644 --- a/source3/client/ntclient.c +++ b/source3/client/ntclient.c @@ -40,13 +40,12 @@ extern pstring workgroup; check workstation trust account status ************************************************************************/ BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host, - char *myhostname, char *domain) + char *myhostname, char *domain, + fstring mach_pwd, fstring new_mach_pwd) { pstring tmp; struct cli_state wksta_trust; fstring mach_acct; - fstring mach_pwd; - fstring new_mach_pwd; uchar lm_owf_mach_pwd[16]; uchar nt_owf_mach_pwd[16]; uchar lm_sess_pwd[24]; @@ -88,8 +87,8 @@ BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host, if (!server_connect_init(&wksta_trust, myhostname, dest_ip, dest_host)) { - int err_cls; - int err_num; + uint8 err_cls; + uint32 err_num; cli_error(&wksta_trust, &err_cls, &err_num); DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&wksta_trust))); @@ -109,17 +108,17 @@ BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host, lm_sess_pwd, sizeof(lm_sess_pwd), nt_sess_pwd, sizeof(nt_sess_pwd))) { - int err_cls; - int err_num; + uint8 err_cls; + uint32 err_num; cli_error(&wksta_trust, &err_cls, &err_num); - if (err_cls == 0xC000 && err_num == NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT) + if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)) { DEBUG(1,("server_validate: valid workstation trust account exists\n")); right_error_code = True; } - if (err_cls == 0xC000 && err_num == NT_STATUS_NO_SUCH_USER) + if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER)) { DEBUG(1,("server_validate: workstation trust account does not exist\n")); right_error_code = False; @@ -149,6 +148,10 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, DOM_CHAL auth2_srv_chal; + DOM_CRED srv_pwset_clnt_cred; + DOM_CRED srv_pwset_rtn_cred; + DOM_CRED srv_pwset_srv_cred; + DOM_CRED sam_logon_clnt_cred; DOM_CRED sam_logon_rtn_cred; DOM_CRED sam_logon_srv_cred; @@ -166,6 +169,7 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, uchar sess_key[8]; char nt_owf_mach_pwd[16]; + char nt_owf_new_mach_pwd[16]; fstring server_name; fstring mach_acct; @@ -204,10 +208,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, return False; } - /************ check workstation trust account *******************/ - - wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup); - /******************* open the \PIPE\lsarpc file *****************/ if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_LSARPC, Client, cnum)) == 0xffff) @@ -300,6 +300,46 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, + /************ Check workstation trust account *******************/ + + /* default machine password is lower-case machine name (really secure) */ + fstrcpy(mach_pwd, myhostname); + strlower(mach_pwd); + + wksta_trust_account_check(dest_ip, dest_host, myhostname, workgroup, mach_pwd, new_mach_pwd); + + /************ Long-term Session key (default) **********/ + + { + char lm_owf_mach_pwd[16]; +#ifdef DEBUG_PASSWORD + DEBUG(100,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); +#endif + nt_lm_owf_gen( mach_pwd, nt_owf_mach_pwd , lm_owf_mach_pwd ); + } + +#ifdef DEBUG_PASSWORD + dump_data(6, nt_owf_mach_pwd, 16); +#endif + + /* calculate the session key */ + cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key); + + /*********** next new trust account password ************/ + { + char lm_owf_new_mach_pwd[16]; +#ifdef DEBUG_PASSWORD + DEBUG(100,("generating nt owf from new machine pwd: %s\n", new_mach_pwd)); +#endif + nt_lm_owf_gen(new_mach_pwd, nt_owf_new_mach_pwd, lm_owf_new_mach_pwd); + } + +#ifdef DEBUG_PASSWORD + dump_data(6, nt_owf_new_mach_pwd, 16); +#endif + + + /******************* open the \PIPE\NETLOGON file *****************/ if ((fnum = rpc_pipe_open(inbuf, outbuf, PIPE_NETLOGON, Client, cnum)) == 0xffff) @@ -336,35 +376,6 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, return False; } - /************ Long-term Session key (default) **********/ - -#if 0 - /* DAMN! can't get the machine password - need become_root() to do it! */ - /* get the machine password */ - if (!get_md4pw(mach_acct, nt_owf_mach_pwd)) - { - cli_smb_close(inbuf, outbuf, Client, cnum, fnum); - free(inbuf); free(outbuf); - return False; - } - - DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd)); -#else - - { - char lm_owf_mach_pwd[16]; - nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd); - DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd)); - } - -#endif - - dump_data(6, nt_owf_mach_pwd, 16); - - /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key); - - /******************* Authenticate 2 ********************/ /* calculate auth-2 credentials */ @@ -379,8 +390,26 @@ BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, return False; } + /**************** Net Server Password Set **************/ + + clnt_cred.timestamp.time = srv_pwset_clnt_cred.timestamp.time = time(NULL); + + /* calculate sam logon credentials, using the auth2 client challenge */ + cred_create(sess_key, &(clnt_cred.challenge), srv_pwset_clnt_cred.timestamp, + &(srv_pwset_clnt_cred.challenge)); + + /* send client srv_pwset challenge; receive a srv_pwset challenge */ + if (!do_lsa_srv_pwset(fnum, ++call_id, sess_key, + dest_host, mach_acct, 2, myhostname, + &srv_pwset_clnt_cred, &srv_pwset_srv_cred, + nt_owf_new_mach_pwd)) + { + cli_smb_close(inbuf, outbuf, Client, cnum, fnum); + free(inbuf); free(outbuf); + return False; + } - /*********************** SAM Info ***********************/ + /****************** SAM Info Preparation *******************/ { char lm_owf_user_pwd[16]; diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h index 4d972a5cac..46a44bad8c 100644 --- a/source3/include/byteorder.h +++ b/source3/include/byteorder.h @@ -207,7 +207,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), PTR_DIFF(inbuf,base),string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (uint8)((outbuf)[idx]))); } } \ DEBUG(5,("\n")); #define DBG_RW_PSVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ @@ -215,7 +215,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), PTR_DIFF(inbuf,base),string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (uint16)((outbuf)[idx]))); } } \ DEBUG(5,("\n")); #define DBG_RW_PIVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ @@ -223,7 +223,7 @@ it also defines lots of intermediate macros, just ignore those :-) DEBUG(5,("%s%04x %s: ", \ tab_depth(depth), PTR_DIFF(inbuf,base),string)); \ if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (uint32)((outbuf)[idx]))); } } \ DEBUG(5,("\n")); #define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ diff --git a/source3/include/proto.h b/source3/include/proto.h index cffa297413..df7e182848 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -629,7 +629,8 @@ void sync_browse_lists(struct subnet_record *d, struct work_record *work, /*The following definitions come from ntclient.c */ BOOL wksta_trust_account_check(struct in_addr dest_ip, char *dest_host, - char *myhostname, char *domain); + char *myhostname, char *domain, + fstring mach_pwd, fstring new_mach_pwd); BOOL do_nt_login(struct in_addr dest_ip, char *dest_host, char *myhostname, int Client, int cnum); @@ -820,6 +821,9 @@ void make_q_auth_2(LSA_Q_AUTH_2 *q_a, DOM_CHAL *clnt_chal, uint32 clnt_flgs); char* lsa_io_q_auth_2(BOOL io, LSA_Q_AUTH_2 *q_a, char *q, char *base, int align, int depth); char* lsa_io_r_auth_2(BOOL io, LSA_R_AUTH_2 *r_a, char *q, char *base, int align, int depth); +void make_q_srv_pwset(LSA_Q_SRV_PWSET *q_s, char sess_key[8], + char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name, + DOM_CRED *cred, char nt_cypher[16]); char* lsa_io_q_srv_pwset(BOOL io, LSA_Q_SRV_PWSET *q_s, char *q, char *base, int align, int depth); char* lsa_io_r_srv_pwset(BOOL io, LSA_R_SRV_PWSET *r_s, char *q, char *base, int align, int depth); char* lsa_io_user_info(BOOL io, LSA_USER_INFO *usr, char *q, char *base, int align, int depth); @@ -846,6 +850,11 @@ BOOL do_lsa_req_chal(uint16 fnum, uint32 call_id, BOOL do_lsa_auth2(uint16 fnum, uint32 call_id, char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name, DOM_CHAL *clnt_chal, uint32 neg_flags, DOM_CHAL *srv_chal); +BOOL do_lsa_srv_pwset(uint16 fnum, uint32 call_id, + uchar sess_key[8], + char *logon_srv, char *mach_acct, uint16 sec_chan_type, char *comp_name, + DOM_CRED *clnt_cred, DOM_CRED *srv_cred, + char nt_owf_new_mach_pwd[16]); BOOL do_lsa_sam_logon(uint16 fnum, uint32 call_id, uchar sess_key[8], DOM_CRED *sto_clnt_cred, char *logon_srv, char *comp_name, @@ -976,6 +985,10 @@ void make_clnt_info2(DOM_CLNT_INFO2 *clnt, char *logon_srv, char *comp_name, DOM_CRED *clnt_cred); char* smb_io_clnt_info2(BOOL io, DOM_CLNT_INFO2 *clnt, char *q, char *base, int align, int depth); +char* make_clnt_info(DOM_CLNT_INFO *clnt, + char *logon_srv, char *acct_name, + uint16 sec_chan, char *comp_name, + DOM_CRED *cred); char* smb_io_clnt_info(BOOL io, DOM_CLNT_INFO *clnt, char *q, char *base, int align, int depth); void make_logon_id(DOM_LOGON_ID *log, uint32 log_id_low, uint32 log_id_high); char* smb_io_logon_id(BOOL io, DOM_LOGON_ID *log, char *q, char *base, int align, int depth); -- cgit