/* Unix SMB/Netbios implementation. Version 1.9. NT Domain Authentication SMB / MSRPC client Copyright (C) Andrew Tridgell 1994-1997 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifdef SYSLOG #undef SYSLOG #endif #include "includes.h" #include "nterr.h" extern int DEBUGLEVEL; #define DEBUG_TESTING extern struct cli_state *smb_cli; extern FILE* out_hnd; extern pstring global_myname; /**************************************************************************** experimental nt login. ****************************************************************************/ void cmd_netlogon_login_test(struct client_info *info) { uint16 nt_pipe_fnum; #if 0 extern BOOL global_machine_password_needs_changing; #endif fstring nt_user_name; fstring password; BOOL res = True; char *nt_password; unsigned char trust_passwd[16]; #if 0 /* machine account passwords */ pstring new_mach_pwd; /* initialisation */ new_mach_pwd[0] = 0; #endif if (!next_token(NULL, nt_user_name, NULL, sizeof(nt_user_name))) { fstrcpy(nt_user_name, smb_cli->user_name); if (nt_user_name[0] == 0) { report(out_hnd,"ntlogin: must specify username with anonymous connection\n"); return; } } if (next_token(NULL, password, NULL, sizeof(password))) { nt_password = password; } else { nt_password = getpass("Enter NT Login password:"); } DEBUG(5,("do_nt_login_test: username %s\n", nt_user_name)); res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, info->myhostname) : False; #if 0 /* check whether the user wants to change their machine password */ res = res ? trust_account_check(info->dest_ip, info->dest_host, info->myhostname, smb_cli->domain, info->mach_acct, new_mach_pwd) : False; #endif /* open NETLOGON session. negotiate credentials */ res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False; res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, smb_cli->mach_acct, global_myname, trust_passwd, SEC_CHAN_WKSTA) == 0x0 : False; #if 0 /* change the machine password? */ if (global_machine_password_needs_changing) { unsigned char new_trust_passwd[16]; generate_random_buffer(new_trust_passwd, 16, True); res = res ? cli_nt_srv_pwset(smb_cli, nt_pipe_fnum, new_trust_passwd, SEC_CHAN_WKSTA) : False; if (res) { global_machine_password_needs_changing = !set_trust_account_password(new_trust_passwd); } memset(new_trust_passwd, 0, 16); } #endif memset(trust_passwd, 0, 16); /* do an NT login */ res = res ? cli_nt_login_interactive(smb_cli, nt_pipe_fnum, smb_cli->domain, nt_user_name, getuid(), nt_password, &info->dom.ctr, &info->dom.user_info3) : False; /*** clear out the password ***/ memset(password, 0, sizeof(password)); /* ok! you're logged in! do anything you like, then... */ /* do an NT logout */ res = res ? cli_nt_logoff(smb_cli, nt_pipe_fnum, &info->dom.ctr) : False; /* close the session */ cli_nt_session_close(smb_cli, nt_pipe_fnum); report(out_hnd,"cmd_nt_login: login (%s) test succeeded: %s\n", nt_user_name, BOOLSTR(res)); } /**************************************************************************** experimental nt login. ****************************************************************************/ void cmd_netlogon_domain_test(struct client_info *info) { uint16 nt_pipe_fnum; fstring nt_trust_dom; BOOL res = True; unsigned char trust_passwd[16]; fstring inter_dom_acct; if (!next_token(NULL, nt_trust_dom, NULL, sizeof(nt_trust_dom))) { report(out_hnd,"domtest: must specify domain name\n"); return; } DEBUG(5,("do_nt_login_test: domain %s\n", nt_trust_dom)); fstrcpy(inter_dom_acct, nt_trust_dom); fstrcat(inter_dom_acct, "$"); res = res ? trust_get_passwd(trust_passwd, smb_cli->domain, nt_trust_dom) : False; /* open NETLOGON session. negotiate credentials */ res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, &nt_pipe_fnum) : False; res = res ? cli_nt_setup_creds(smb_cli, nt_pipe_fnum, inter_dom_acct, global_myname, trust_passwd, SEC_CHAN_DOMAIN) == 0x0 : False; memset(trust_passwd, 0, 16); /* close the session */ cli_nt_session_close(smb_cli, nt_pipe_fnum); report(out_hnd,"cmd_nt_login: credentials (%s) test succeeded: %s\n", nt_trust_dom, BOOLSTR(res)); } /**************************************************************************** experimental SAM synchronisation. ****************************************************************************/ void cmd_sam_sync(struct client_info *info) { SAM_DELTA_HDR hdr_deltas[MAX_SAM_DELTAS]; SAM_DELTA_CTR deltas[MAX_SAM_DELTAS]; uint32 num; uchar trust_passwd[16]; extern pstring global_myname; if (!trust_get_passwd(trust_passwd, smb_cli->domain, global_myname)) { report(out_hnd, "cmd_sam_sync: no trust account password\n"); return; } if (do_sam_sync(smb_cli, trust_passwd, smb_cli->mach_acct, global_myname, hdr_deltas, deltas, &num)) { display_sam_sync(out_hnd, ACTION_HEADER , hdr_deltas, deltas, num); display_sam_sync(out_hnd, ACTION_ENUMERATE, hdr_deltas, deltas, num); display_sam_sync(out_hnd, ACTION_FOOTER , hdr_deltas, deltas, num); } }