{ 0 , NULL }
};
-/**************************************************************************
- Check if a name matches any of the well known SID values.
-***************************************************************************/
-
-BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
-{
- rid_name *rnp;
- int i;
-
- for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
- rnp = &builtin_alias_rids[i];
- if(strequal(rnp->name, windows_name)) {
- string_to_sid( psid, "S-1-5-32" );
- SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
- psid->sub_auths[psid->num_auths++] = rnp->rid;
- return True;
- }
- }
-
- for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
- rnp = &domain_user_rids[i];
- if(strequal(rnp->name, windows_name)) {
- *psid = global_machine_sid;
- SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
- psid->sub_auths[psid->num_auths++] = rnp->rid;
- return True;
- }
- }
-
- for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
- rnp = &domain_group_rids[i];
- if(strequal(rnp->name, windows_name)) {
- *psid = global_machine_sid;
- SMB_ASSERT_ARRAY(psid->sub_auths, psid->num_auths+1);
- psid->sub_auths[psid->num_auths++] = rnp->rid;
- return True;
- }
- }
-
- return False;
-}
-
int make_dom_gids(char *gids_str, DOM_GID **ppgids)
{
char *ptr;
return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
}
+static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
+{
+ uchar lm_owf[24];
+ uchar nt_owf[24];
+
+ DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
+
+ if (p->ntlmssp_resp.hdr_lm_resp.str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_nt_resp.str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_usr .str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
+ if (p->ntlmssp_resp.hdr_wks .str_str_len == 0) return False;
+
+ memset(p->user_name, 0, sizeof(p->user_name));
+ memset(p->domain , 0, sizeof(p->domain ));
+ memset(p->wks , 0, sizeof(p->wks ));
+
+ if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+ {
+ fstrcpy(p->user_name, unistrn2((uint16*)p->ntlmssp_resp.user , p->ntlmssp_resp.hdr_usr .str_str_len/2));
+ fstrcpy(p->domain , unistrn2((uint16*)p->ntlmssp_resp.domain, p->ntlmssp_resp.hdr_domain.str_str_len/2));
+ fstrcpy(p->wks , unistrn2((uint16*)p->ntlmssp_resp.wks , p->ntlmssp_resp.hdr_wks .str_str_len/2));
+ }
+ else
+ {
+ fstrcpy(p->user_name, p->ntlmssp_resp.user );
+ fstrcpy(p->domain , p->ntlmssp_resp.domain);
+ fstrcpy(p->wks , p->ntlmssp_resp.wks );
+ }
+
+ DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
+
+ memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
+ memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm, nt owfs:\n"));
+ dump_data(100, lm_owf, sizeof(lm_owf));
+ dump_data(100, nt_owf, sizeof(nt_owf));
+#endif
+ become_root(True);
+ p->ntlmssp_validated = pass_check_smb(p->user_name, p->domain,
+ p->ntlmssp_chal.challenge, lm_owf, nt_owf, NULL);
+ unbecome_root(True);
+
+ return p->ntlmssp_validated;
+}
+
+static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
+{
+ /* receive a negotiate; send a challenge; receive a response */
+ switch (p->auth_verifier.msg_type)
+ {
+ case NTLMSSP_NEGOTIATE:
+ {
+ smb_io_rpc_auth_ntlmssp_neg("", &p->ntlmssp_neg, pd, 0);
+ break;
+ }
+ case NTLMSSP_AUTH:
+ {
+ smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
+ if (!api_pipe_ntlmssp_verify(p))
+ {
+ pd->offset = 0;
+ }
+ break;
+ }
+ default:
+ {
+ /* NTLMSSP expected: unexpected message type */
+ DEBUG(3,("unexpected message type in NTLMSSP %d\n",
+ p->auth_verifier.msg_type));
+ return False;
+ }
+ }
+
+ return (pd->offset != 0);
+}
+
+struct api_cmd
+{
+ char * pipe_clnt_name;
+ char * pipe_srv_name;
+ BOOL (*fn) (pipes_struct *, prs_struct *);
+};
+
+static struct api_cmd api_fd_commands[] =
+{
+ { "lsarpc", "lsass", api_ntlsa_rpc },
+ { "samr", "lsass", api_samr_rpc },
+ { "srvsvc", "ntsvcs", api_srvsvc_rpc },
+ { "wkssvc", "ntsvcs", api_wkssvc_rpc },
+ { "NETLOGON", "lsass", api_netlog_rpc },
+ { "winreg", "winreg", api_reg_rpc },
+ { NULL, NULL, NULL }
+};
+
+static BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *pd)
+{
+ p->ntlmssp_auth = False;
+
+ DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
+
+ if (p->hdr.auth_len != 0)
+ {
+ /* decode the authentication verifier response */
+ smb_io_rpc_hdr_autha("", &p->autha_info, pd, 0);
+ if (pd->offset == 0) return False;
+
+ p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
+
+ if (p->ntlmssp_auth)
+ {
+ smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
+ if (pd->offset == 0) return False;
+
+ p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
+ }
+
+ if (p->ntlmssp_auth)
+ {
+ if (!api_pipe_ntlmssp(p, pd)) return False;
+ }
+ }
+
+ return p->ntlmssp_auth;
+}
+
+static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
+{
+ uint16 assoc_gid;
+ fstring ack_pipe_name;
+ int i = 0;
+
+ p->ntlmssp_auth = False;
+
+ DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
+
+ for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
+ {
+ if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+ api_fd_commands[i].fn != NULL)
+ {
+ DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
+ api_fd_commands[i].pipe_clnt_name,
+ api_fd_commands[i].pipe_srv_name));
+ fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
+ break;
+ }
+ }
+
+ if (api_fd_commands[i].fn == NULL) return False;
+
+ /* decode the bind request */
+ smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0);
+
+ if (pd->offset == 0) return False;
+
+ if (p->hdr.auth_len != 0)
+ {
+ /* decode the authentication verifier */
+ smb_io_rpc_hdr_auth ("", &p->auth_info , pd, 0);
+ if (pd->offset == 0) return False;
+
+ p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
+
+ if (p->ntlmssp_auth)
+ {
+ smb_io_rpc_auth_verifier("", &p->auth_verifier, pd, 0);
+ if (pd->offset == 0) return False;
+
+ p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
+ }
+
+ if (p->ntlmssp_auth)
+ {
+ if (!api_pipe_ntlmssp(p, pd)) return False;
+ }
+ }
+
+ /* name has to be \PIPE\xxxxx */
+ fstrcpy(ack_pipe_name, "\\PIPE\\");
+ fstrcat(ack_pipe_name, p->pipe_srv_name);
+
+ DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
+
+ prs_init(&(p->rdata), 1024, 4, 0, False);
+ prs_init(&(p->rhdr ), 0x10, 4, 0, False);
+ prs_init(&(p->rauth), 1024, 4, 0, False);
+ prs_init(&(p->rverf), 0x08, 4, 0, False);
+ prs_init(&(p->rntlm), 1024, 4, 0, False);
+
+ /***/
+ /*** do the bind ack first ***/
+ /***/
+
+ if (p->ntlmssp_auth)
+ {
+ assoc_gid = 0x7a77;
+ }
+ else
+ {
+ assoc_gid = p->hdr_rb.bba.assoc_gid;
+ }
+
+ make_rpc_hdr_ba(&p->hdr_ba,
+ p->hdr_rb.bba.max_tsize,
+ p->hdr_rb.bba.max_rsize,
+ assoc_gid,
+ ack_pipe_name,
+ 0x1, 0x0, 0x0,
+ &(p->hdr_rb.transfer));
+
+ smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0);
+ mem_realloc_data(p->rdata.data, p->rdata.offset);
+
+ /***/
+ /*** now the authentication ***/
+ /***/
+
+ if (p->ntlmssp_auth)
+ {
+ uint8 challenge[8];
+ generate_random_buffer(challenge, 8, False);
+
+ /*** authentication info ***/
+
+ make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0, 1);
+ smb_io_rpc_hdr_auth("", &p->auth_info, &p->rverf, 0);
+ mem_realloc_data(p->rverf.data, p->rverf.offset);
+
+ /*** NTLMSSP verifier ***/
+
+ make_rpc_auth_verifier(&p->auth_verifier,
+ "NTLMSSP", NTLMSSP_CHALLENGE);
+ smb_io_rpc_auth_verifier("", &p->auth_verifier, &p->rauth, 0);
+ mem_realloc_data(p->rauth.data, p->rauth.offset);
+
+ /* NTLMSSP challenge ***/
+
+ make_rpc_auth_ntlmssp_chal(&p->ntlmssp_chal,
+ 0x000082b1, challenge);
+ smb_io_rpc_auth_ntlmssp_chal("", &p->ntlmssp_chal, &p->rntlm, 0);
+ mem_realloc_data(p->rntlm.data, p->rntlm.offset);
+ }
+
+ /***/
+ /*** then do the header, now we know the length ***/
+ /***/
+
+ make_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+ p->hdr.call_id,
+ p->rdata.offset + p->rverf.offset + p->rauth.offset + p->rntlm.offset + 0x10,
+ p->rauth.offset + p->rntlm.offset);
+
+ smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0);
+ mem_realloc_data(p->rhdr.data, p->rdata.offset);
+
+ /***/
+ /*** link rpc header, bind acknowledgment and authentication responses ***/
+ /***/
+
+ if (p->ntlmssp_auth)
+ {
+ prs_link(NULL , &p->rhdr , &p->rdata);
+ prs_link(&p->rhdr , &p->rdata, &p->rverf);
+ prs_link(&p->rdata, &p->rverf, &p->rauth);
+ prs_link(&p->rverf, &p->rauth, &p->rntlm);
+ prs_link(&p->rauth, &p->rntlm, NULL );
+ }
+ else
+ {
+ prs_link(NULL , &p->rhdr , &p->rdata);
+ prs_link(&p->rhdr, &p->rdata, NULL );
+ }
+
+ return True;
+}
+
+
+static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
+{
+ return True;
+}
+
+static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
+{
+ int i = 0;
+
+ if (p->ntlmssp_auth && p->ntlmssp_validated)
+ {
+ if (!api_pipe_auth_process(p)) return False;
+
+ DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n"));
+#if 0
+ become_user();
+#endif
+ }
+
+ for (i = 0; api_fd_commands[i].pipe_clnt_name; i++)
+ {
+ if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
+ api_fd_commands[i].fn != NULL)
+ {
+ DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
+ return api_fd_commands[i].fn(p, pd);
+ }
+ }
+ return False;
+}
+
+BOOL rpc_command(pipes_struct *p, prs_struct *pd)
+{
+ BOOL reply = False;
+ if (pd->data == NULL) return False;
+
+ /* process the rpc header */
+ smb_io_rpc_hdr("", &p->hdr, pd, 0);
+
+ if (pd->offset == 0) return False;
+
+ switch (p->hdr.pkt_type)
+ {
+ case RPC_BIND :
+ {
+ reply = api_pipe_bind_req(p, pd);
+ break;
+ }
+ case RPC_REQUEST:
+ {
+ reply = api_pipe_request (p, pd);
+ break;
+ }
+ case RPC_BINDRESP: /* not the real name! */
+ {
+ reply = api_pipe_bind_auth_resp(p, pd);
+ break;
+ }
+ }
+
+
+ return reply;
+}
+
/*******************************************************************
receives a netlogon pipe and responds.
/* do the actual command */
p->rdata.offset = 0;
- api_rpc_cmds[fn_num].fn(p->uid, data, &(p->rdata));
+ api_rpc_cmds[fn_num].fn(p->vuid, data, &(p->rdata));
if (p->rdata.data == NULL || p->rdata.offset == 0)
{
mem_realloc_data(p->rdata.data, p->rdata.offset);
- DEBUG(10,("called %s\n", rpc_name));
+ DEBUG(10,("called %s\n", rpc_name));
return True;
}
********************************************************************/
uint32 lookup_user_rid(char *user_name, uint32 *rid)
{
- struct smb_passwd *smb_pass;
+ struct sam_passwd *sam_pass;
(*rid) = 0;
/* find the user account */
become_root(True);
- smb_pass = getsmbpwnam(user_name);
+ sam_pass = getsam21pwnam(user_name);
unbecome_root(True);
- if (smb_pass != NULL)
+ if (sam_pass != NULL)
{
- /* lkclXXXX SHOULD use name_to_rid() here! */
- (*rid) = smb_pass->smb_userid;
+ (*rid) = sam_pass->user_rid;
return 0x0;
}