From d4a82ea26d5b9501f210a5c441b1ac09c256a187 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 16 Oct 1998 20:07:02 +0000 Subject: rpc client mods (ntlmssp flags) (This used to be commit 16256f86bf451535c7955b8f51a9b88fc33a8e4d) --- source3/include/ntdomain.h | 3 +++ source3/rpc_client/cli_netlogon.c | 2 +- source3/rpc_client/cli_pipe.c | 31 +++++++++--------------- source3/rpc_server/srv_pipe_hnd.c | 4 ++-- source3/rpc_server/srv_util.c | 50 +++++++++++++++++++++++++++++++++++++++ source3/rpcclient/cmd_lsarpc.c | 4 ++-- source3/rpcclient/cmd_netlogon.c | 2 +- source3/rpcclient/cmd_samr.c | 40 +++++++++++++++++++------------ source3/rpcclient/cmd_srvsvc.c | 10 ++++---- source3/rpcclient/cmd_wkssvc.c | 2 +- 10 files changed, 101 insertions(+), 47 deletions(-) (limited to 'source3') diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index e540bd2ffc..5fb40c5bcc 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -86,6 +86,9 @@ typedef struct pipes_struct BOOL ntlmssp_auth; unsigned char ntlmssp_hash[258]; + fstring user_name; + fstring domain; + fstring wks; uint32 file_offset; uint32 hdr_offsets; diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 9c81b73692..721e261359 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -556,7 +556,7 @@ Error was : %s.\n", remote_machine, cli_errstr(&cli) )); * Now start the NT Domain stuff :-). */ - if(cli_nt_session_open(&cli, PIPE_NETLOGON, False) == False) { + if(cli_nt_session_open(&cli, PIPE_NETLOGON) == False) { DEBUG(0,("modify_trust_password: unable to open the domain client session to \ machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli))); cli_nt_session_close(&cli); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 4ea38fa828..9a54e15dae 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -953,11 +953,21 @@ static BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, return valid_ack; } +/**************************************************************************** + set ntlmssp negotiation flags + ****************************************************************************/ + +BOOL cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs) +{ + cli->ntlmssp_cli_flgs = ntlmssp_flgs; +} + + /**************************************************************************** open a session ****************************************************************************/ -BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted) +BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name) { RPC_IFACE abstract; RPC_IFACE transfer; @@ -999,25 +1009,6 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name, BOOL encrypted) /******************* bind request on pipe *****************/ - if (encrypted) - { - cli->ntlmssp_cli_flgs = 0xb2b3; -/* NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_OEM | - - NTLMSSP_NEGOTIATE_SIGN | - NTLMSSP_NEGOTIATE_SEAL | - NTLMSSP_NEGOTIATE_LM_KEY | - NTLMSSP_NEGOTIATE_NTLM | - NTLMSSP_NEGOTIATE_ALWAYS_SIGN; - - NTLMSSP_NEGOTIATE_00001000 | - NTLMSSP_NEGOTIATE_00002000; - */ - DEBUG(5,("cli_nt_session_open: neg_flags: %x\n", - cli->ntlmssp_cli_flgs)); - } - if (!rpc_pipe_bind(cli, pipe_name, &abstract, &transfer, global_myname)) diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index b1aede6166..27e156943c 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -159,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, SERIOUSLY ALPHA CODE! ****************************************************************************/ -int write_pipe(pipes_struct *p, char *data, int n) +ssize_t write_pipe(pipes_struct *p, char *data, size_t n) { prs_struct pd; struct mem_buf data_buf; @@ -182,7 +182,7 @@ int write_pipe(pipes_struct *p, char *data, int n) pd.io = True; pd.offset = 0; - return rpc_command(p, &pd) ? n : -1; + return rpc_command(p, &pd) ? ((ssize_t)n) : -1; } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index f9532981e0..dc0918f1bf 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -208,6 +208,52 @@ BOOL create_rpc_reply(pipes_struct *p, return p->rhdr.data != NULL && p->rhdr.offset == 0x18; } +static BOOL api_pipe_ntlmssp_verify(pipes_struct *p) +{ + uchar lm_owf[24]; + uchar nt_owf[24]; + + DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); + + if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False; + if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False; + + memset(p->user_name, 0, sizeof(p->user_name)); + memset(p->domain , 0, sizeof(p->domain )); + memset(p->wks , 0, sizeof(p->wks )); + + if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE)) + { + fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user , p->ntlmssp_resp.hdr_usr .str_str_len/2)); + fstrcpy(p->domain , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2)); + fstrcpy(p->wks , unistrn2((uint16*)p->ntlmssp_resp.wks , p->ntlmssp_resp.hdr_wks .str_str_len/2)); + } + else + { + fstrcpy(p->user_name, p->ntlmssp_resp.user ); + fstrcpy(p->domain , p->ntlmssp_resp.domain); + fstrcpy(p->wks , p->ntlmssp_resp.wks ); + } + + DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks)); + + memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf)); + memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf)); + +#ifdef DEBUG_PASSWORD + DEBUG(100,"lm, nt owfs:\n")); + dump_data(100, lm_owf, sizeof(lm_owf)); + dump_data(100, nt_owf, sizeof(nt_owf)); +#endif + return True; +#if 0 + return pass_check_smb(p->user_name, p->domain, + p->ntplssp_chal.challenge, lm_owf, nt_owf); +#endif +} static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) { @@ -222,6 +268,10 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd) case NTLMSSP_AUTH: { smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0); + if (!api_pipe_ntlmssp_verify(p)) + { + pd->offset = 0; + } break; } default: diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index d1c2711aed..6dc50c5c22 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -62,7 +62,7 @@ void cmd_lsa_query_info(struct client_info *info) DEBUG(5, ("cmd_lsa_query_info: smb_cli->fd:%d\n", smb_cli->fd)); /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False; /* lookup domain controller; receive a policy handle */ res = res ? do_lsa_open_policy(smb_cli, @@ -171,7 +171,7 @@ void cmd_lsa_lookup_sids(struct client_info *info) sids[0] = &sid; /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC) : False; /* lookup domain controller; receive a policy handle */ res = res ? do_lsa_open_policy(smb_cli, diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 1be24fe130..d5ca2b2b1d 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -87,7 +87,7 @@ void cmd_netlogon_login_test(struct client_info *info) info->mach_acct, new_mach_pwd) : False; #endif /* open NETLOGON session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON) : False; res = res ? cli_nt_setup_creds(smb_cli, trust_passwd) : False; diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 3760b3f22d..5c69c4676c 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -48,14 +48,14 @@ void cmd_sam_ntchange_pwd(struct client_info *info) fstring sid; char *new_passwd; BOOL res = True; - char nt_newpass[516]; - char nt_hshhash[16]; - char nt_newhash[16]; - char nt_oldhash[16]; - char lm_newpass[516]; - char lm_newhash[16]; - char lm_hshhash[16]; - char lm_oldhash[16]; + uchar nt_newpass[516]; + uchar nt_hshhash[16]; + uchar nt_newhash[16]; + uchar nt_oldhash[16]; + uchar lm_newpass[516]; + uchar lm_newhash[16]; + uchar lm_hshhash[16]; + uchar lm_oldhash[16]; fstrcpy(sid , info->dom.level5_sid); fstrcpy(domain, info->dom.level5_dom); @@ -79,8 +79,19 @@ void cmd_sam_ntchange_pwd(struct client_info *info) E_old_pw_hash(lm_newhash, lm_oldhash, lm_hshhash); E_old_pw_hash(lm_newhash, nt_oldhash, nt_hshhash); + cli_nt_set_ntlmssp_flgs(smb_cli, + NTLMSSP_NEGOTIATE_UNICODE | + NTLMSSP_NEGOTIATE_OEM | + NTLMSSP_NEGOTIATE_SIGN | + NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_LM_KEY | + NTLMSSP_NEGOTIATE_NTLM | + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | + NTLMSSP_NEGOTIATE_00001000 | + NTLMSSP_NEGOTIATE_00002000); + /* open SAMR session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; /* establish a connection. */ res = res ? do_samr_unknown_38(smb_cli, srv_name) : False; @@ -90,7 +101,6 @@ void cmd_sam_ntchange_pwd(struct client_info *info) srv_name, smb_cli->user_name, nt_newpass, nt_hshhash, lm_newpass, lm_hshhash) : False; - /* close the session */ cli_nt_session_close(smb_cli); @@ -132,7 +142,7 @@ void cmd_sam_test(struct client_info *info) fprintf(out_hnd, "SAM Encryption Test\n"); /* open SAMR session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, True) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; /* establish a connection. */ res = res ? do_samr_unknown_38(smb_cli, srv_name) : False; @@ -231,7 +241,7 @@ void cmd_sam_enum_users(struct client_info *info) #endif /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; /* establish a connection. */ res = res ? do_samr_connect(smb_cli, @@ -373,7 +383,7 @@ void cmd_sam_query_user(struct client_info *info) info->myhostname, srv_name, domain, sid); /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; /* establish a connection. */ res = res ? do_samr_connect(smb_cli, @@ -461,7 +471,7 @@ void cmd_sam_query_groups(struct client_info *info) info->myhostname, srv_name, domain, sid); /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; /* establish a connection. */ res = res ? do_samr_connect(smb_cli, @@ -550,7 +560,7 @@ void cmd_sam_enum_aliases(struct client_info *info) info->myhostname, srv_name, domain, sid); /* open SAMR session. negotiate credentials */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SAMR) : False; /* establish a connection. */ res = res ? do_samr_connect(smb_cli, diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c index 4d4fb791a9..65d49984bf 100644 --- a/source3/rpcclient/cmd_srvsvc.c +++ b/source3/rpcclient/cmd_srvsvc.c @@ -67,7 +67,7 @@ void cmd_srv_query_info(struct client_info *info) DEBUG(5, ("cmd_srv_query_info: smb_cli->fd:%d\n", smb_cli->fd)); /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False; /* send info level: receive requested info. hopefully. */ res = res ? do_srv_net_srv_get_info(smb_cli, @@ -125,7 +125,7 @@ void cmd_srv_enum_conn(struct client_info *info) DEBUG(5, ("cmd_srv_enum_conn: smb_cli->fd:%d\n", smb_cli->fd)); /* open srvsvc session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False; hnd.ptr_hnd = 1; hnd.handle = 0; @@ -185,7 +185,7 @@ void cmd_srv_enum_shares(struct client_info *info) DEBUG(5, ("cmd_srv_enum_shares: smb_cli->fd:%d\n", smb_cli->fd)); /* open srvsvc session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False; hnd.ptr_hnd = 0; hnd.handle = 0; @@ -245,7 +245,7 @@ void cmd_srv_enum_sess(struct client_info *info) DEBUG(5, ("cmd_srv_enum_sess: smb_cli->fd:%d\n", smb_cli->fd)); /* open srvsvc session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False; hnd.ptr_hnd = 1; hnd.handle = 0; @@ -297,7 +297,7 @@ void cmd_srv_enum_files(struct client_info *info) DEBUG(5, ("cmd_srv_enum_files: smb_cli->fd:%d\n", smb_cli->fd)); /* open srvsvc session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_SRVSVC) : False; hnd.ptr_hnd = 1; hnd.handle = 0; diff --git a/source3/rpcclient/cmd_wkssvc.c b/source3/rpcclient/cmd_wkssvc.c index 350aa29657..0093fbf7c8 100644 --- a/source3/rpcclient/cmd_wkssvc.c +++ b/source3/rpcclient/cmd_wkssvc.c @@ -67,7 +67,7 @@ void cmd_wks_query_info(struct client_info *info) DEBUG(5, ("cmd_wks_query_info: smb_cli->fd:%d\n", smb_cli->fd)); /* open LSARPC session. */ - res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC, False) : False; + res = res ? cli_nt_session_open(smb_cli, PIPE_WKSSVC) : False; /* send info level: receive requested info. hopefully. */ res = res ? do_wks_query_info(smb_cli, -- cgit