rpcclient interactive login (with trust account changing if you are root)
authorLuke Leighton <lkcl@samba.org>
Thu, 15 Oct 1998 23:51:07 +0000 (23:51 +0000)
committerLuke Leighton <lkcl@samba.org>
Thu, 15 Oct 1998 23:51:07 +0000 (23:51 +0000)
cli_session_setup handles null sessions correctly

13 files changed:
source/Makefile.in
source/include/proto.h
source/libsmb/clientgen.c
source/passdb/smbpass.c
source/passdb/smbpassfile.c
source/rpc_client/cli_login.c
source/rpc_client/cli_lsarpc.c
source/rpc_client/cli_netlogon.c
source/rpc_parse/parse_net.c
source/rpcclient/cmd_netlogon.c
source/rpcclient/rpcclient.c
source/smbd/password.c
source/smbd/process.c

index 3906b365b8cb906f72cbb3e994945d48cb6b9d88..35e98e025bf12640c1eff1e7e997e4670934815a 100644 (file)
@@ -192,9 +192,9 @@ RPCCLIENT_OBJ = rpcclient/rpcclient.o \
              rpcclient/cmd_wkssvc.o \
              rpcclient/cmd_samr.o \
              rpcclient/cmd_srvsvc.o \
+             rpcclient/cmd_netlogon.o \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
              $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ)
-#             rpcclient/cmd_netlogon.o 
 
 SMBWRAPPER_OBJ = smbwrapper/smbw.o smbwrapper/wrapped.o \
                smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \
index 411f923ba8410423c42dabb51cad2af9d80052a0..09fe5b0873f16a64f605bd52ace4003b20d8ee1c 100644 (file)
@@ -1189,6 +1189,7 @@ BOOL trust_password_unlock(void);
 BOOL trust_password_delete( char *domain, char *name );
 BOOL get_trust_account_password( unsigned char *ret_pwd, time_t *pass_last_set_time);
 BOOL set_trust_account_password( unsigned char *md4_new_pwd);
+BOOL trust_get_passwd( unsigned char trust_passwd[16], char *myname, char *domain);
 
 /*The following definitions come from  printing/pcap.c  */
 
@@ -1452,6 +1453,11 @@ void make_q_srv_pwset(NET_Q_SRV_PWSET *q_s, char *logon_srv, char *acct_name,
                 uint16 sec_chan, char *comp_name, DOM_CRED *cred, char nt_cypher[16]);
 void net_io_q_srv_pwset(char *desc,  NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth);
 void net_io_r_srv_pwset(char *desc,  NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth);
+void make_id_info1(NET_ID_INFO_1 *id, char *domain_name,
+                               uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
+                               char *user_name, char *wksta_name,
+                               char sess_key[16],
+                               unsigned char lm_cypher[16], unsigned char nt_cypher[16]);
 void make_id_info2(NET_ID_INFO_2 *id, char *domain_name,
                                uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
                                char *user_name, char *wksta_name,
@@ -1911,6 +1917,10 @@ BOOL api_wkssvc_rpc(pipes_struct *p, prs_struct *data);
 void cmd_lsa_query_info(struct client_info *info);
 void cmd_lsa_lookup_sids(struct client_info *info);
 
+/*The following definitions come from  rpcclient/cmd_netlogon.c  */
+
+void cmd_netlogon_login_test(struct client_info *info);
+
 /*The following definitions come from  rpcclient/cmd_samr.c  */
 
 void cmd_sam_ntchange_pwd(struct client_info *info);
index 64e67c552215ef913d27cfde3febf57cc77e9365..a6ffb57834e3328bbb53e736d8661feb9a0bd1d2 100644 (file)
@@ -2494,15 +2494,25 @@ BOOL cli_establish_connection(struct cli_state *cli,
 
        if (cli->pwd.cleartext || cli->pwd.null_pwd)
        {
-               /* attempt clear-text session */
-
                fstring passwd;
+               int pass_len;
 
-               pwd_get_cleartext(&(cli->pwd), passwd);
+               if (cli->pwd.null_pwd)
+               {
+                       /* attempt null session */
+                       passwd[0] = 0;
+                       pass_len = 1;
+               }
+               else
+               {
+                       /* attempt clear-text session */
+                       pwd_get_cleartext(&(cli->pwd), passwd);
+                       pass_len = strlen(passwd);
+               }
 
                /* attempt clear-text session */
                if (!cli_session_setup(cli, cli->user_name,
-                              passwd, strlen(passwd),
+                              passwd, pass_len,
                               NULL, 0,
                               cli->domain))
                {
index eefc30382b700fbf7a887fe1e72789bc253ff629..bde696290d23f44094fd2749560212b5afab70c9 100644 (file)
@@ -330,8 +330,8 @@ static struct sam_passwd *getsmbfile21pwent(void *vp)
        pwfile = getpwnam(pw_buf->smb_name);
        if (pwfile == NULL)
        {
-               DEBUG(0,"getsmbfile21pwent: smbpasswd database is corrupt!\n"));
-               DEBUG(0,"getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
+               DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
+               DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
                return NULL;
        }
 
index 8542ad081d20a470796bdaf2c82fe3388dfa33e5..13a1a9f50892ec00a3dea88cba92cb567aea9bd1 100644 (file)
@@ -24,6 +24,8 @@ extern int DEBUGLEVEL;
 static int gotalarm;
 int pw_file_lock_depth = 0;
 
+BOOL global_machine_password_needs_changing = False;
+
 /***************************************************************
  Signal function to tell us we timed out.
 ****************************************************************/
@@ -318,3 +320,37 @@ account is now invalid. Please recreate. Error was %s.\n", strerror(errno) ));
   fflush(mach_passwd_fp);
   return True;
 }
+
+BOOL trust_get_passwd( unsigned char trust_passwd[16], char *myname, char *domain)
+{
+  time_t lct;
+
+  /*
+   * Get the machine account password.
+   */
+  if(!trust_password_lock( myname, domain, False)) {
+    DEBUG(0,("domain_client_validate: unable to open the machine account password file for \
+machine %s in domain %s.\n", myname, domain ));
+    return False;
+  }
+
+  if(get_trust_account_password( trust_passwd, &lct) == False) {
+    DEBUG(0,("domain_client_validate: unable to read the machine account password for \
+machine %s in domain %s.\n", myname, domain ));
+    trust_password_unlock();
+    return False;
+  }
+
+  trust_password_unlock();
+
+  /* 
+   * Here we check the last change time to see if the machine
+   * password needs changing. JRA. 
+   */
+
+  if(time(NULL) > lct + lp_machine_password_timeout())
+  {
+    global_machine_password_needs_changing = True;
+  }
+  return True;
+}
index abe471379ba4b52b895cfc3d5d9b7b890e558c30..1b12828550e9aa0ee9b13add7d582fd376f4df5d 100644 (file)
@@ -83,7 +83,7 @@ BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd)
 {
   unsigned char processed_new_pwd[16];
 
-  DEBUG(5,("cli_nt_login_interactive: %d\n", __LINE__));
+  DEBUG(5,("cli_nt_srv_pwset: %d\n", __LINE__));
 
 #ifdef DEBUG_PASSWORD
   dump_data(6, new_hashof_mach_pwd, 16);
@@ -96,7 +96,6 @@ BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd)
   return cli_net_srv_pwset(cli, processed_new_pwd);
 }
 
-#if UNUSED_CODE
 /****************************************************************************
 NT login - interactive.
 *NEVER* use this code. This method of doing a logon (sending the cleartext
@@ -149,7 +148,6 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
 
   return ret;
 }
-#endif
 
 /****************************************************************************
 NT login - network.
@@ -177,7 +175,6 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
   return cli_net_sam_logon(cli, ctr, user_info3);
 }
 
-#if UNUSED_CODE
 /****************************************************************************
 NT Logoff.
 ****************************************************************************/
@@ -188,4 +185,3 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr)
   /* Send client sam-logoff request - update credentials on success. */
   return cli_net_sam_logoff(cli, ctr);
 }
-#endif
index d010ae4e2925700b6c2e28cfadd743ce270760db..c28092941794cd7f381bc9f8fc2f3218b9463d7e 100644 (file)
@@ -58,11 +58,11 @@ BOOL do_lsa_open_policy(struct cli_state *cli,
        if (sec_qos)
        {
                make_lsa_sec_qos(&qos, 2, 1, 0, 0x20000000);
-               make_q_open_pol(&q_o, server_name, 0, 0, &qos);
+               make_q_open_pol(&q_o, 0x5c, 0, 0, &qos);
        }
        else
        {
-               make_q_open_pol(&q_o, server_name, 0, 0x1, NULL);
+               make_q_open_pol(&q_o, 0x5c, 0, 0x1, NULL);
        }
 
        /* turn parameters into data stream */
index 2671bac7737249c3e050d447e58ce32fbfb8b899..9c81b7369247fb0e3d8c1a8e9011420be629c686 100644 (file)
@@ -391,7 +391,6 @@ password ?).\n", cli->desthost ));
   return ok;
 }
 
-#if UNUSED_CODE
 /***************************************************************************
 LSA SAM Logoff.
 
@@ -465,7 +464,6 @@ password ?).\n", cli->desthost ));
 
   return ok;
 }
-#endif
 
 /*********************************************************
  Change the domain password on the PDC.
@@ -605,6 +603,7 @@ BOOL change_trust_account_password( char *domain, char *remote_machine_list)
   unsigned char old_trust_passwd_hash[16];
   unsigned char new_trust_passwd_hash[16];
   time_t lct;
+  BOOL res;
 
   if(!get_trust_account_password( old_trust_passwd_hash, &lct)) {
     DEBUG(0,("change_trust_account_password: unable to read the machine \
@@ -629,10 +628,16 @@ domain %s.\n", timestring(), domain));
        * Return the result of trying to write the new password
        * back into the trust account file.
        */
-      return set_trust_account_password(new_trust_passwd_hash);
+      res = set_trust_account_password(new_trust_passwd_hash);
+      memset(new_trust_passwd_hash, 0, 16);
+      memset(old_trust_passwd_hash, 0, 16);
+      return res;
     }
   }
 
+  memset(new_trust_passwd_hash, 0, 16);
+  memset(old_trust_passwd_hash, 0, 16);
+
   DEBUG(0,("%s : change_trust_account_password: Failed to change password for \
 domain %s.\n", timestring(), domain));
   return False;
index 12d6aca264f6866c8e81045d309a39ee97c97a08..2fc0d1244638ab788503753e03720243a5f24434 100644 (file)
@@ -538,6 +538,75 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids)
        return count;
 }
 
+/*******************************************************************
+makes a NET_ID_INFO_1 structure.
+********************************************************************/
+void make_id_info1(NET_ID_INFO_1 *id, char *domain_name,
+                               uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
+                               char *user_name, char *wksta_name,
+                               char sess_key[16],
+                               unsigned char lm_cypher[16], unsigned char nt_cypher[16])
+{
+       int len_domain_name = strlen(domain_name);
+       int len_user_name   = strlen(user_name  );
+       int len_wksta_name  = strlen(wksta_name );
+
+       unsigned char lm_owf[16];
+       unsigned char nt_owf[16];
+
+       if (id == NULL) return;
+
+       DEBUG(5,("make_id_info1: %d\n", __LINE__));
+
+       id->ptr_id_info1 = 1;
+
+       make_uni_hdr(&(id->hdr_domain_name), len_domain_name, len_domain_name, 4);
+
+       id->param_ctrl = param_ctrl;
+       make_logon_id(&(id->logon_id), log_id_low, log_id_high);
+
+       make_uni_hdr(&(id->hdr_user_name  ), len_user_name  , len_user_name  , 4);
+       make_uni_hdr(&(id->hdr_wksta_name ), len_wksta_name , len_wksta_name , 4);
+
+       if (lm_cypher && nt_cypher)
+       {
+               unsigned char key[16];
+#ifdef DEBUG_PASSWORD
+               DEBUG(100,("lm cypher:"));
+               dump_data(100, lm_cypher, 16);
+
+               DEBUG(100,("nt cypher:"));
+               dump_data(100, nt_cypher, 16);
+#endif
+
+               memset(key, 0, 16);
+               memcpy(key, sess_key, 16);
+
+               memcpy(lm_cypher, lm_owf, 16);
+               SamOEMhash(lm_owf, key, False);
+               memcpy(lm_cypher, lm_owf, 16);
+               SamOEMhash(nt_owf, key, False);
+
+#ifdef DEBUG_PASSWORD
+               DEBUG(100,("encrypt of lm owf password:"));
+               dump_data(100, lm_owf, 16);
+
+               DEBUG(100,("encrypt of nt owf password:"));
+               dump_data(100, nt_owf, 16);
+#endif
+               /* set up pointers to cypher blocks */
+               lm_cypher = lm_owf;
+               nt_cypher = nt_owf;
+       }
+
+       make_owf_info(&(id->lm_owf), lm_cypher);
+       make_owf_info(&(id->nt_owf), nt_cypher);
+
+       make_unistr2(&(id->uni_domain_name), domain_name, len_domain_name);
+       make_unistr2(&(id->uni_user_name  ), user_name  , len_user_name  );
+       make_unistr2(&(id->uni_wksta_name ), wksta_name , len_wksta_name );
+}
+
 /*******************************************************************
 reads or writes an NET_ID_INFO_1 structure.
 ********************************************************************/
index 40bb257072d965e6323d6ed7c36ac6255c12d3f3..88510c95e7c52f39c8b4232bcea4049067846719 100644 (file)
@@ -43,7 +43,13 @@ experimental nt login.
 ****************************************************************************/
 void cmd_netlogon_login_test(struct client_info *info)
 {
+       extern BOOL global_machine_password_needs_changing;
+
+       fstring nt_user_name;
+       fstring password;
        BOOL res = True;
+       char *nt_password;
+       unsigned char trust_passwd[16];
 
        /* machine account passwords */
        pstring new_mach_pwd;
@@ -51,7 +57,28 @@ void cmd_netlogon_login_test(struct client_info *info)
        /* initialisation */
        new_mach_pwd[0] = 0;
 
-       DEBUG(5,("do_nt_login_test: %d\n", __LINE__));
+       if (!next_token(NULL, nt_user_name, NULL, sizeof(nt_user_name)))
+       {
+               fstrcpy(nt_user_name, smb_cli->user_name);
+               if (nt_user_name[0] == 0)
+               {
+                       fprintf(out_hnd,"ntlogin: must specify username with anonymous connection\n");
+                       return;
+               }
+       }
+
+       if (next_token(NULL, password, NULL, sizeof(password)))
+       {
+               nt_password = password;
+       }
+       else
+       {
+               nt_password = getpass("Enter NT Login password:");
+       }
+
+       DEBUG(5,("do_nt_login_test: username %s\n", nt_user_name));
+
+       res = res ? trust_get_passwd(trust_passwd, info->myhostname, smb_cli->domain) : False;
 
 #if 0
        /* check whether the user wants to change their machine password */
@@ -60,38 +87,40 @@ void cmd_netlogon_login_test(struct client_info *info)
                                        info->mach_acct, new_mach_pwd) : False;
 #endif
        /* open NETLOGON session.  negotiate credentials */
-       res = res ? do_nt_session_open(smb_cli, 
-                                 info->dest_host, info->myhostname,
-                                 info->mach_acct,
-                                 smb_cli->user_name, smb_cli->domain,
-                                 info->dom.sess_key, &info->dom.clnt_cred) : False;
+       res = res ? cli_nt_session_open(smb_cli, PIPE_NETLOGON, False) : False;
+
+       res = res ? cli_nt_setup_creds(smb_cli, trust_passwd) : False;
 
        /* change the machine password? */
-       if (new_mach_pwd != NULL && new_mach_pwd[0] != 0)
+       if (global_machine_password_needs_changing)
        {
-               res = res ? do_nt_srv_pwset(smb_cli, info->dom.lsarpc_fnum,
-                                  info->dom.sess_key, &info->dom.clnt_cred, &info->dom.rtn_cred,
-                                  new_mach_pwd,
-                                  info->dest_host, info->mach_acct, info->myhostname) : False;
+               unsigned char new_trust_passwd[16];
+               generate_random_buffer(new_trust_passwd, 16, True);
+               res = res ? cli_nt_srv_pwset(smb_cli, new_trust_passwd) : False;
+
+               if (res)
+               {
+                       global_machine_password_needs_changing = !set_trust_account_password(new_trust_passwd);
+               }
+
+               memset(new_trust_passwd, 0, 16);
        }
 
-       /* create the user-identification info */
-       make_nt_login_interactive(&info->dom.ctr,
-                        info->dom.sess_key,
-                        smb_cli->domain, info->myhostname,
-                        getuid(), smb_cli->user_name);
+       memset(trust_passwd, 0, 16);
 
        /* do an NT login */
-       res = res ? do_nt_login(smb_cli, info->dom.lsarpc_fnum,
-                               info->dom.sess_key, &info->dom.clnt_cred, &info->dom.rtn_cred,
-                               &info->dom.ctr, info->dest_host, info->myhostname, &info->dom.user_info3) : False;
+       res = res ? cli_nt_login_interactive(smb_cli,
+                        smb_cli->domain, nt_user_name,
+                        getuid(), nt_password,
+                        &info->dom.ctr, &info->dom.user_info3) : False;
+
+       /*** clear out the password ***/
+       memset(password, 0, sizeof(password));
 
        /* ok!  you're logged in!  do anything you like, then... */
-          
+
        /* do an NT logout */
-       res = res ? do_nt_logoff(smb_cli, info->dom.lsarpc_fnum,
-                                info->dom.sess_key, &info->dom.clnt_cred, &info->dom.rtn_cred,
-                                &info->dom.ctr, info->dest_host, info->myhostname) : False;
+       res = res ? cli_nt_logoff(smb_cli, &info->dom.ctr) : False;
 
        /* close the session */
        cli_nt_session_close(smb_cli);
index 7d1df61bb7f35764164de1b1b73aa6092914813a..ba7f7d01807ee3a7e6ca29013df32fc84eff29b8 100644 (file)
@@ -105,15 +105,13 @@ struct
   char *description;
 } commands[] = 
 {
-#if 0
-  {"ntlogin",    cmd_netlogon_login_test, "<username> NT Domain login test"},
-#endif
-  {"wksinfo",    cmd_wks_query_info,   "DCE/RPC - Workstation Query Info"},
-  {"srvinfo",    cmd_srv_query_info,   "DCE/RPC - Server Query Info"},
-  {"srvsessions",cmd_srv_enum_sess,    "DCE/RPC - List sessions on a server"},
-  {"srvshares",  cmd_srv_enum_shares,  "DCE/RPC - List shares on a server"},
-  {"srvconnections",cmd_srv_enum_conn, "DCE/RPC - List connections on a server"},
-  {"srvfiles",   cmd_srv_enum_files,   "DCE/RPC - List files on a server"},
+  {"ntlogin",    cmd_netlogon_login_test, "[username] [password] NT Domain login test"},
+  {"wksinfo",    cmd_wks_query_info,   "Workstation Query Info"},
+  {"srvinfo",    cmd_srv_query_info,   "Server Query Info"},
+  {"srvsessions",cmd_srv_enum_sess,    "List sessions on a server"},
+  {"srvshares",  cmd_srv_enum_shares,  "List shares on a server"},
+  {"srvconnections",cmd_srv_enum_conn, "List connections on a server"},
+  {"srvfiles",   cmd_srv_enum_files,   "List files on a server"},
   {"lsaquery",   cmd_lsa_query_info,   "Query Info Policy (domain member or server)"},
   {"lookupsids", cmd_lsa_lookup_sids,  "Resolve names from SIDs"},
   {"enumusers",  cmd_sam_enum_users,   "SAM User Database Query (experimental!)"},
index 761313b6886a6b087b041a2b8af482c7679ddfe8..45d4d72863d5788cc3d502a3f15ab9b5272f3ace 100644 (file)
@@ -24,8 +24,6 @@
 extern int DEBUGLEVEL;
 extern int Protocol;
 
-BOOL global_machine_pasword_needs_changing;
-
 /* users from session setup */
 static pstring session_users="";
 
@@ -1136,7 +1134,6 @@ BOOL domain_client_validate( char *user, char *domain,
   unsigned char local_lm_response[24];
   unsigned char local_nt_reponse[24];
   unsigned char trust_passwd[16];
-  time_t lct;
   fstring remote_machine;
   char *p;
   struct in_addr dest_ip;
@@ -1193,29 +1190,11 @@ BOOL domain_client_validate( char *user, char *domain,
   /*
    * Get the machine account password.
    */
-  if(!trust_password_lock( global_myworkgroup, global_myname, False)) {
-    DEBUG(0,("domain_client_validate: unable to open the machine account password file for \
-machine %s in domain %s.\n", global_myname, global_myworkgroup ));
-    return False;
-  }
-
-  if(get_trust_account_password( trust_passwd, &lct) == False) {
-    DEBUG(0,("domain_client_validate: unable to read the machine account password for \
-machine %s in domain %s.\n", global_myname, global_myworkgroup ));
-    trust_password_unlock();
+  if (!trust_get_passwd( trust_passwd, global_myworkgroup, global_myname))
+  {
     return False;
   }
 
-  trust_password_unlock();
-
-  /* 
-   * Here we check the last change time to see if the machine
-   * password needs changing. JRA. 
-   */
-
-  if(time(NULL) > lct + lp_machine_password_timeout())
-    global_machine_pasword_needs_changing = True;
-
   /*
    * At this point, smb_apasswd points to the lanman response to
    * the challenge in local_challenge, and smb_ntpasswd points to
index 6e1bdc941a34a7f9fdd17e12acce99875b1cf6d4..9c00d6fc008b8ba3c72cf4e1c031443f6f4fb1e9 100644 (file)
@@ -49,7 +49,7 @@ extern char *InBuffer;
 extern char *OutBuffer;
 extern int smb_read_error;
 extern BOOL reload_after_sighup;
-extern BOOL global_machine_pasword_needs_changing;
+extern BOOL global_machine_password_needs_changing;
 extern fstring global_myworkgroup;
 extern pstring global_myname;
 extern int max_send;