From b9c6add64536e855156a00e32e5288486114e66e Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 7 Nov 1997 03:28:43 +0000 Subject: ipc.c : added a #define around the alignment thing: it's a way to stop NetMonitor from decoding your packets!!!! proto.h : usual. reply.c : added what i believe to be the correct error messages for getting correct domain joining. smb.h : some guesses at good names of the SAMR_XXXX functions. sorting out the SAMR_LOOKUP_RIDS function. this is *not* the same as the LSA_LOOKUP_RIDS function, unless paul accidentally put it on the ntlsa pipe by mistake, instead of the samr pipe :-) rpc_pipes/lsa_hnd.c rpc_pipes/pipe_hnd.c : moved creation and allocation of unique policy handles into this module. rpc_pipes/pipesamr.c rpc_pipes/samrparse.c rpc_pipes/smbparse.c : SAMR_LOOKUP_RIDS is beginning to look _suspiciously_ like the LSA_LOOKUP_RIDS function. but i know that there are subtle discrepancies. (This used to be commit 6bc07b0b4193e28b13a675fece8d9d6b365a7eb0) --- source3/include/proto.h | 23 ++++++++------- source3/include/smb.h | 76 ++++++++++++++++++++++++++++++------------------- source3/smbd/ipc.c | 5 ++++ source3/smbd/reply.c | 11 ++++++- 4 files changed, 74 insertions(+), 41 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index d8d31bf16f..45a9202100 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -390,9 +390,9 @@ struct share_ops *locking_slow_init(int ronly); int str_checksum(char *s); BOOL is_8_3(char *fname, BOOL check_case); -void reset_mangled_stack( int size ); +void create_mangled_stack(int size); BOOL check_mangled_stack(char *s); -BOOL is_mangled( char *s ); +BOOL is_mangled(char *s); void mangle_name_83(char *s); BOOL name_map_mangle(char *OutName,BOOL need83,int snum); @@ -766,8 +766,10 @@ int reply_getattrE(char *inbuf,char *outbuf); /*The following definitions come from rpc_pipes/lsa_hnd.c */ void init_lsa_policy_hnd(void); -BOOL open_lsa_policy_hnd(LSA_POL_HND *hnd, DOM_SID *sid); +BOOL open_lsa_policy_hnd(LSA_POL_HND *hnd); BOOL set_lsa_policy_samr_rid(LSA_POL_HND *hnd, uint32 rid); +BOOL set_lsa_policy_samr_pol_status(LSA_POL_HND *hnd, uint32 pol_status); +BOOL set_lsa_policy_samr_sid(LSA_POL_HND *hnd, DOM_SID *sid); uint32 get_lsa_policy_samr_rid(LSA_POL_HND *hnd); BOOL close_lsa_policy_hnd(LSA_POL_HND *hnd); @@ -889,7 +891,6 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data, /*The following definitions come from rpc_pipes/pipeutil.c */ -void create_pol_hnd(LSA_POL_HND *hnd); void initrpcreply(char *inbuf, char *q); void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen); BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); @@ -912,10 +913,10 @@ char* samr_io_q_close(BOOL io, SAMR_Q_CLOSE *q_u, char *q, char *base, int align char* samr_io_r_close(BOOL io, SAMR_R_CLOSE *r_u, char *q, char *base, int align, int depth); char* samr_io_q_open_secret(BOOL io, SAMR_Q_OPEN_SECRET *q_u, char *q, char *base, int align, int depth); char* samr_io_r_open_secret(BOOL io, SAMR_R_OPEN_SECRET *r_u, char *q, char *base, int align, int depth); -char* samr_io_q_unknown_11(BOOL io, SAMR_Q_UNKNOWN_11 *q_u, char *q, char *base, int align, int depth); -void make_samr_r_unknown_11(SAMR_R_UNKNOWN_11 *r_u, - uint32 switch_value, uint32 unknown_0, uint32 status); -char* samr_io_r_unknown_11(BOOL io, SAMR_R_UNKNOWN_11 *r_u, char *q, char *base, int align, int depth); +char* samr_io_q_lookup_rids(BOOL io, SAMR_Q_LOOKUP_RIDS *q_u, char *q, char *base, int align, int depth); +void make_samr_r_lookup_rids(SAMR_R_LOOKUP_RIDS *r_u, + uint32 num_rids, uint32 rid, uint32 status); +char* samr_io_r_lookup_rids(BOOL io, SAMR_R_LOOKUP_RIDS *r_u, char *q, char *base, int align, int depth); char* samr_io_q_unknown_22(BOOL io, SAMR_Q_UNKNOWN_22 *q_u, char *q, char *base, int align, int depth); char* samr_io_r_unknown_22(BOOL io, SAMR_R_UNKNOWN_22 *r_u, char *q, char *base, int align, int depth); char* samr_io_q_unknown_24(BOOL io, SAMR_Q_UNKNOWN_24 *q_u, char *q, char *base, int align, int depth); @@ -925,8 +926,8 @@ void make_samr_r_unknown_24(SAMR_R_UNKNOWN_24 *r_u, char* samr_io_r_unknown_24(BOOL io, SAMR_R_UNKNOWN_24 *r_u, char *q, char *base, int align, int depth); char* samr_io_q_unknown_32(BOOL io, SAMR_Q_UNKNOWN_32 *q_u, char *q, char *base, int align, int depth); char* samr_io_r_unknown_32(BOOL io, SAMR_R_UNKNOWN_32 *r_u, char *q, char *base, int align, int depth); -char* samr_io_q_unknown_39(BOOL io, SAMR_Q_UNKNOWN_39 *q_u, char *q, char *base, int align, int depth); -char* samr_io_r_unknown_39(BOOL io, SAMR_R_UNKNOWN_39 *r_u, char *q, char *base, int align, int depth); +char* samr_io_q_open_policy(BOOL io, SAMR_Q_OPEN_POLICY *q_u, char *q, char *base, int align, int depth); +char* samr_io_r_open_policy(BOOL io, SAMR_R_OPEN_POLICY *r_u, char *q, char *base, int align, int depth); /*The following definitions come from rpc_pipes/smbparse.c */ @@ -946,6 +947,8 @@ void make_dom_sid2(DOM_SID2 *sid2, char *sid_str); char* smb_io_dom_sid2(BOOL io, DOM_SID2 *sid2, char *q, char *base, int align, int depth); void make_dom_rid2(DOM_RID2 *rid2, uint32 rid); char* smb_io_dom_rid2(BOOL io, DOM_RID2 *rid2, char *q, char *base, int align, int depth); +void make_dom_rid3(DOM_RID3 *rid3, uint32 rid); +char* smb_io_dom_rid3(BOOL io, DOM_RID3 *rid3, char *q, char *base, int align, int depth); void make_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name); char* smb_io_clnt_srv(BOOL io, DOM_CLNT_SRV *log, char *q, char *base, int align, int depth); void make_log_info(DOM_LOG_INFO *log, char *logon_srv, char *acct_name, diff --git a/source3/include/smb.h b/source3/include/smb.h index 83e1d9f85d..afa9e3d9b9 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -293,12 +293,12 @@ enum RPC_PKT_TYPE #define SAMR_CLOSE 0x01 #define SAMR_OPEN_SECRET 0x07 -#define SAMR_LOOKUPNAMES 0x11 +#define SAMR_LOOKUP_RIDS 0x11 #define SAMR_UNKNOWN_3 0x03 #define SAMR_UNKNOWN_22 0x22 #define SAMR_UNKNOWN_24 0x24 #define SAMR_UNKNOWN_34 0x34 -#define SAMR_UNKNOWN_39 0x39 +#define SAMR_OPEN_POLICY 0x39 #define LSA_OPENPOLICY 0x2c #define LSA_QUERYINFOPOLICY 0x07 @@ -423,16 +423,26 @@ typedef struct domsid2_info } DOM_SID2; -/* DOM_RID2 - domain RID structure */ +/* DOM_RID2 - domain RID structure for ntlsa pipe */ typedef struct domrid2_info { uint32 type; /* value is 5 */ - uint32 undoc; /* value is 5 */ + uint32 undoc; /* value is non-zero */ uint32 rid; uint32 rid_idx; /* don't know what this is */ } DOM_RID2; +/* DOM_RID3 - domain RID structure for samr pipe */ +typedef struct domrid3_info +{ + uint32 rid; /* domain-relative (to a SID) id */ + uint32 type1; /* value is 0x1 */ + uint32 ptr_type; /* undocumented pointer */ + uint32 type2; /* value is 0x1 */ + +} DOM_RID3; + /* DOM_CLNT_SRV - client / server names */ typedef struct clnt_srv_info { @@ -841,7 +851,7 @@ typedef struct lsa_q_lookup_rids } LSA_Q_LOOKUP_RIDS; -/* LSA_R_LOOKUP_RIDS - response to LSA Lookup Names */ +/* LSA_R_LOOKUP_RIDS - response to LSA Lookup RIDs by name */ typedef struct lsa_r_lookup_rids { DOM_R_REF dom_ref; /* domain reference info */ @@ -1151,37 +1161,43 @@ typedef struct r_samr_open_secret_info } SAMR_R_OPEN_SECRET; -/* SAMR_Q_UNKNOWN_11 - probably a "read SAM entry" */ -typedef struct q_samr_unknown_11_info +/**************************************************************************** +SAMR_Q_LOOKUP_RIDS - do a conversion (only one!) from name to RID. + +the policy handle allocated by an "samr open secret" call is associated +with a SID. this policy handle is what is queried here, *not* the SID +itself. the response to the lookup rids is relative to this SID. +*****************************************************************************/ +/* SAMR_Q_LOOKUP_RIDS - probably a "read SAM entry" */ +typedef struct q_samr_lookup_names_info { LSA_POL_HND pol; /* policy handle */ - uint32 switch_value1; /* 1 - switch value? */ - uint32 unknown_0; /* 0x0000 03E8 - 32 bit unknown */ - uint32 unknown_1; /* 0 - 32 bit unknown */ - uint32 switch_value2; /* 1 - switch value? */ + uint32 num_rids1; /* 1 - number of rids being looked up */ + uint32 rid; /* 0000 03e8 - RID of the server being queried? */ + uint32 ptr; /* 0 - 32 bit unknown */ + uint32 num_rids2; /* 1 - number of rids being looked up */ UNIHDR hdr_mach_acct; /* unicode machine account name header */ UNISTR2 uni_mach_acct; /* unicode machine account name */ -} SAMR_Q_UNKNOWN_11; +} SAMR_Q_LOOKUP_RIDS; -/* SAMR_R_UNKNOWN_11 - probably an open */ -typedef struct r_samr_unknown_11_info +/* SAMR_R_LOOKUP_RIDS - probably an open */ +typedef struct r_samr_lookup_names_info { - uint32 switch_value1; /* 1 - switch value? */ - uint32 ptr_0; /* pointer */ - uint32 switch_value2; /* 1 - switch value? */ - uint32 unknown_0; /* 0x000003e8 - 32 bit unknown */ - uint32 switch_value3; /* 1 - switch value? */ - uint32 ptr_1; /* pointer */ - uint32 switch_value4; /* 1 - switch value? */ - uint32 switch_value5; /* 1 - switch value? */ + uint32 num_entries; + uint32 undoc_buffer; /* undocumented buffer pointer */ + + uint32 num_entries2; + DOM_RID3 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */ - uint32 status; /* return status - 0x99: user exists */ + uint32 num_entries3; + + uint32 status; /* return code */ -} SAMR_R_UNKNOWN_11; +} SAMR_R_LOOKUP_RIDS; /* SAMR_Q_UNKNOWN_22 - probably an open */ @@ -1279,24 +1295,24 @@ typedef struct r_samr_unknown_32_info } SAMR_R_UNKNOWN_32; -/* SAMR_Q_UNKNOWN_39 - probably an open */ -typedef struct q_samr_unknown_39_info +/* SAMR_Q_OPEN_POLICY - probably an open */ +typedef struct q_samr_open_policy_info { uint32 ptr_srv_name; /* pointer (to server name?) */ UNISTR2 uni_srv_name; /* unicode server name starting with '\\' */ uint32 unknown_0; /* 32 bit unknown */ -} SAMR_Q_UNKNOWN_39; +} SAMR_Q_OPEN_POLICY; -/* SAMR_R_UNKNOWN_39 - probably an open */ -typedef struct r_samr_unknown_39_info +/* SAMR_R_OPEN_POLICY - probably an open */ +typedef struct r_samr_open_policy_info { LSA_POL_HND pol; /* policy handle */ uint32 status; /* return status */ -} SAMR_R_UNKNOWN_39; +} SAMR_R_OPEN_POLICY; /* WKS_Q_UNKNOWN_0 - probably a capabilities request */ diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 604cf24d8f..741290d2a2 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -144,7 +144,12 @@ static void send_trans_reply(char *outbuf,char *data,char *param,uint16 *setup, this_lparam = MIN(lparam,max_send - (500+lsetup*SIZEOFWORD)); /* hack */ this_ldata = MIN(ldata,max_send - (500+lsetup*SIZEOFWORD+this_lparam)); +#ifdef CONFUSE_NETMONITOR_MSRPC_DECODING + /* if you don't want Net Monitor to decode your packets, do this!!! */ + align = ((this_lparam+1)%4); +#else align = (this_lparam%4); +#endif set_message(outbuf,10+lsetup,align+this_ldata+this_lparam,True); if (this_lparam) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index e8d79b098c..78dad6f02f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -516,12 +516,21 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) smb_pass = get_smbpwd_entry(user, 0); if (!smb_pass) + { + /* lkclXXXX: if workstation entry doesn't exist, indicate logon failure */ + DEBUG(4,("Workstation trust account %s doesn't exist.",user)); + SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */ + CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */ + return(ERROR(NT_STATUS_LOGON_FAILURE, 0xc000)); /* decimal 109 NT error, 0xc000 */ + } + else { /* PAXX: This is the NO LOGON workstation trust account stuff */ + /* lkclXXXX: if the workstation *does* exist, indicate failure differently! */ DEBUG(4,("No Workstation trust account %s",user)); SSVAL(outbuf, smb_flg2, 0xc003); /* PAXX: Someone please unhack this */ CVAL(outbuf, smb_reh) = 1; /* PAXX: Someone please unhack this */ - return(ERROR(NT_STATUS_LOGON_FAILURE, 0xc000)); /* 0x109 NT error, 0xc000 */ + return(ERROR(NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, 0xc000)); /* decimal 409 NT error, 0xc000 */ } computer_id = True; -- cgit