2 Unix SMB/Netbios implementation.
4 Pipe SMB reply routines
5 Copyright (C) Andrew Tridgell 1992-1997,
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
7 Copyright (C) Paul Ashton 1997.
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 This file handles reply_ calls on named pipes that the server
25 makes to handle specific protocols
33 extern int DEBUGLEVEL;
38 static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c,
39 DOM_CHAL *srv_chal, int status)
41 DEBUG(6,("make_lsa_r_req_chal: %d\n", __LINE__));
42 memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
46 static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base,
51 DEBUG(6,("lsa_reply_req_chal: %d\n", __LINE__));
53 /* set up the LSA REQUEST CHALLENGE response */
54 make_lsa_r_req_chal(&r_c, srv_chal, 0);
56 /* store the response in the SMB stream */
57 q = lsa_io_r_req_chal(False, &r_c, q, base, 4, 0);
59 DEBUG(6,("lsa_reply_req_chal: %d\n", __LINE__));
61 /* return length of SMB data stored */
62 return PTR_DIFF(q, base);
65 static void make_lsa_r_auth_2(LSA_R_AUTH_2 *r_a,
66 DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status)
68 memcpy( r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
69 memcpy(&(r_a->srv_flgs) , flgs , sizeof(r_a->srv_flgs));
73 static int lsa_reply_auth_2(LSA_Q_AUTH_2 *q_a, char *q, char *base,
74 DOM_CHAL *resp_cred, int status)
78 /* set up the LSA AUTH 2 response */
80 make_lsa_r_auth_2(&r_a, resp_cred, &(q_a->clnt_flgs), status);
82 /* store the response in the SMB stream */
83 q = lsa_io_r_auth_2(False, &r_a, q, base, 4, 0);
85 /* return length of SMB data stored */
86 return PTR_DIFF(q, base);
89 static void make_lsa_r_srv_pwset(LSA_R_SRV_PWSET *r_s,
90 DOM_CRED *srv_cred, int status)
92 DEBUG(5,("make_lsa_r_srv_pwset: %d\n", __LINE__));
94 memcpy(&(r_s->srv_cred), srv_cred, sizeof(r_s->srv_cred));
97 DEBUG(5,("make_lsa_r_srv_pwset: %d\n", __LINE__));
100 static int lsa_reply_srv_pwset(LSA_Q_SRV_PWSET *q_s, char *q, char *base,
101 DOM_CRED *srv_cred, int status)
105 DEBUG(5,("lsa_srv_pwset: %d\n", __LINE__));
107 /* set up the LSA Server Password Set response */
108 make_lsa_r_srv_pwset(&r_s, srv_cred, status);
110 /* store the response in the SMB stream */
111 q = lsa_io_r_srv_pwset(False, &r_s, q, base, 4, 0);
113 DEBUG(5,("lsa_srv_pwset: %d\n", __LINE__));
115 /* return length of SMB data stored */
116 return PTR_DIFF(q, base);
119 static void make_lsa_user_info(LSA_USER_INFO *usr,
123 NTTIME *kickoff_time,
124 NTTIME *pass_last_set_time,
125 NTTIME *pass_can_change_time,
126 NTTIME *pass_must_change_time,
150 char *other_sids) /* space-delimited set of SIDs */
152 /* only cope with one "other" sid, right now. */
153 /* need to count the number of space-delimited sids */
155 int num_other_sids = other_sids != NULL ? 1 : 0;
157 int len_user_name = strlen(user_name );
158 int len_full_name = strlen(full_name );
159 int len_logon_script = strlen(logon_script);
160 int len_profile_path = strlen(profile_path);
161 int len_home_dir = strlen(home_dir );
162 int len_dir_drive = strlen(dir_drive );
164 int len_logon_srv = strlen(logon_srv);
165 int len_logon_dom = strlen(logon_dom);
167 usr->undoc_buffer = 1; /* yes, we're bothering to put USER_INFO data here */
169 usr->logon_time = *logon_time;
170 usr->logoff_time = *logoff_time;
171 usr->kickoff_time = *kickoff_time;
172 usr->pass_last_set_time = *pass_last_set_time;
173 usr->pass_can_change_time = *pass_can_change_time;
174 usr->pass_must_change_time = *pass_must_change_time;
176 make_uni_hdr(&(usr->hdr_user_name ), len_user_name , len_user_name , 4);
177 make_uni_hdr(&(usr->hdr_full_name ), len_full_name , len_full_name , 4);
178 make_uni_hdr(&(usr->hdr_logon_script), len_logon_script, len_logon_script, 4);
179 make_uni_hdr(&(usr->hdr_profile_path), len_profile_path, len_profile_path, 4);
180 make_uni_hdr(&(usr->hdr_home_dir ), len_home_dir , len_home_dir , 4);
181 make_uni_hdr(&(usr->hdr_dir_drive ), len_dir_drive , len_dir_drive , 4);
183 usr->logon_count = logon_count;
184 usr->bad_pw_count = bad_pw_count;
186 usr->user_id = user_id;
187 usr->group_id = group_id;
188 usr->num_groups = num_groups;
189 usr->buffer_groups = num_groups ? 1 : 0; /* yes, we're bothering to put group info in */
190 usr->user_flgs = user_flgs;
192 if (sess_key != NULL)
194 memcpy(usr->sess_key, sess_key, sizeof(usr->sess_key));
198 bzero(usr->sess_key, sizeof(usr->sess_key));
201 make_uni_hdr(&(usr->hdr_logon_srv), len_logon_srv, len_logon_srv, 4);
202 make_uni_hdr(&(usr->hdr_logon_dom), len_logon_dom, len_logon_dom, 4);
204 usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
206 bzero(usr->padding, sizeof(usr->padding));
208 usr->num_other_sids = num_other_sids;
209 usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0;
211 make_unistr2(&(usr->uni_user_name ), user_name , len_user_name );
212 make_unistr2(&(usr->uni_full_name ), full_name , len_full_name );
213 make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script);
214 make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path);
215 make_unistr2(&(usr->uni_home_dir ), home_dir , len_home_dir );
216 make_unistr2(&(usr->uni_dir_drive ), dir_drive , len_dir_drive );
218 usr->num_groups2 = num_groups;
219 for (i = 0; i < num_groups; i++)
221 usr->gids[i] = gids[i];
224 make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv);
225 make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom);
227 make_dom_sid(&(usr->dom_sid), dom_sid);
228 make_dom_sid(&(usr->other_sids[0]), other_sids);
232 static int lsa_reply_sam_logon(LSA_Q_SAM_LOGON *q_s, char *q, char *base,
233 DOM_CRED *srv_cred, LSA_USER_INFO *user_info)
237 /* XXXX maybe we want to say 'no', reject the client's credentials */
238 r_s.buffer_creds = 1; /* yes, we have valid server credentials */
239 memcpy(&(r_s.srv_creds), srv_cred, sizeof(r_s.srv_creds));
241 /* store the user information, if there is any. */
242 r_s.user = user_info;
243 r_s.buffer_user = user_info != NULL ? 1 : 0;
244 r_s.status = user_info != NULL ? 0 : (0xC000000|NT_STATUS_NO_SUCH_USER);
246 /* store the response in the SMB stream */
247 q = lsa_io_r_sam_logon(False, &r_s, q, base, 4, 0);
249 /* return length of SMB data stored */
250 return PTR_DIFF(q, base);
254 static int lsa_reply_sam_logoff(LSA_Q_SAM_LOGOFF *q_s, char *q, char *base,
258 LSA_R_SAM_LOGOFF r_s;
260 /* XXXX maybe we want to say 'no', reject the client's credentials */
261 r_s.buffer_creds = 1; /* yes, we have valid server credentials */
262 memcpy(&(r_s.srv_creds), srv_cred, sizeof(r_s.srv_creds));
266 /* store the response in the SMB stream */
267 q = lsa_io_r_sam_logoff(False, &r_s, q, base, 4, 0);
269 /* return length of SMB data stored */
270 return PTR_DIFF(q, base);
274 static BOOL update_dcinfo(int cnum, uint16 vuid,
275 struct dcinfo *dc, DOM_CHAL *clnt_chal, char *mach_acct)
277 struct smb_passwd *smb_pass;
281 smb_pass = get_smbpwnam(mach_acct);
282 if (!become_user(cnum, vuid))
284 DEBUG(0,("update_dcinfo: become_user failed\n"));
288 if (smb_pass != NULL)
290 memcpy(dc->md4pw, smb_pass->smb_nt_passwd, sizeof(dc->md4pw));
291 DEBUG(5,("dc->md4pw(%d) :", sizeof(dc->md4pw)));
292 dump_data(5, dc->md4pw, 16);
296 /* No such machine account. Should error out here, but we'll
297 print and carry on */
298 DEBUG(1,("No account in domain for %s\n", mach_acct));
304 for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]);
305 DEBUG(4,("pass %s %s\n", mach_acct, foo));
308 /* copy the client credentials */
309 memcpy(dc->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
310 memcpy(dc->clnt_cred.data, clnt_chal->data, sizeof(clnt_chal->data));
312 /* create a server challenge for the client */
313 /* PAXX: set these to random values. */
314 /* lkcl: paul, you mentioned that it doesn't really matter much */
315 dc->srv_chal.data[0] = 0x11111111;
316 dc->srv_chal.data[1] = 0x11111111;
317 dc->srv_cred.data[0] = 0x11111111;
318 dc->srv_cred.data[1] = 0x11111111;
320 /* from client / server challenges and md4 password, generate sess key */
321 cred_session_key(&(dc->clnt_chal), &(dc->srv_chal),
322 dc->md4pw, dc->sess_key);
324 DEBUG(6,("update_dcinfo: %d\n", __LINE__));
329 static void api_lsa_req_chal( int cnum, uint16 vuid,
331 char *param, char *data,
332 char **rdata, int *rdata_len )
338 /* grab the challenge... */
339 lsa_io_q_req_chal(True, &q_r, data + 0x18, data, 4, 0);
341 fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer));
343 strcat(mach_acct, "$");
345 DEBUG(6,("q_r.clnt_chal.data: %lx %lx\n",
346 q_r.clnt_chal.data[0], q_r.clnt_chal.data[1]));
348 update_dcinfo(cnum, vuid, &(vuser->dc), &(q_r.clnt_chal), mach_acct);
350 /* construct reply. return status is always 0x0 */
351 *rdata_len = lsa_reply_req_chal(&q_r, *rdata + 0x18, *rdata,
352 &(vuser->dc.srv_chal));
356 static void api_lsa_auth_2( user_struct *vuser,
357 char *param, char *data,
358 char **rdata, int *rdata_len )
367 /* grab the challenge... */
368 lsa_io_q_auth_2(True, &q_a, data + 0x18, data, 4, 0);
370 /* check that the client credentials are valid */
371 cred_assert(&(q_a.clnt_chal), vuser->dc.sess_key,
372 &(vuser->dc.clnt_cred), srv_time);
374 /* create server challenge for inclusion in the reply */
375 cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &srv_cred);
377 /* update the client credentials for use next time */
378 memcpy(vuser->dc.clnt_cred.data, &(srv_cred.data), sizeof(srv_cred.data));
379 memcpy(vuser->dc.srv_cred .data, &(srv_cred.data), sizeof(srv_cred.data));
381 /* construct reply. */
382 *rdata_len = lsa_reply_auth_2(&q_a, *rdata + 0x18, *rdata,
387 static BOOL deal_with_credentials(user_struct *vuser,
388 DOM_CRED *clnt_cred, DOM_CRED *srv_cred)
393 /* doesn't matter that server time is 0 */
394 srv_cred->timestamp.time = 0;
396 /* check that the client credentials are valid */
397 if (cred_assert(&(clnt_cred->challenge), vuser->dc.sess_key,
398 &(vuser->dc.clnt_cred), clnt_cred->timestamp))
403 /* increment client time by one second */
404 new_clnt_time.time = clnt_cred->timestamp.time + 1;
406 DEBUG(5,("deal_with_credentials: new_clnt_time=%lx\n", new_clnt_time.time));
408 /* create server credentials for inclusion in the reply */
409 cred_create(vuser->dc.sess_key, &(vuser->dc.clnt_cred), new_clnt_time,
410 &(srv_cred->challenge));
412 DEBUG(5,("deal_with_credentials: %d\n", __LINE__));
414 DEBUG(5,("deal_with_credentials: clnt_cred[0]=%lx\n",
415 vuser->dc.clnt_cred.data[0]));
417 new_cred = IVAL(vuser->dc.clnt_cred.data, 0);
418 new_cred += new_clnt_time.time;
420 DEBUG(5,("deal_with_credentials: new_cred[0]=%lx\n", new_cred));
422 SIVAL(vuser->dc.clnt_cred.data, 0, new_cred);
423 SIVAL(vuser->dc.srv_cred .data, 0, new_cred);
428 static void api_lsa_srv_pwset( user_struct *vuser,
429 char *param, char *data,
430 char **rdata, int *rdata_len )
436 /* grab the challenge and encrypted password ... */
437 lsa_io_q_srv_pwset(True, &q_a, data + 0x18, data, 4, 0);
439 /* checks and updates credentials. creates reply credentials */
440 deal_with_credentials(vuser, &(q_a.clnt_id.cred), &srv_cred);
442 DEBUG(5,("api_lsa_srv_pwset: %d\n", __LINE__));
444 /* construct reply. always indicate failure. nt keeps going... */
445 *rdata_len = lsa_reply_srv_pwset(&q_a, *rdata + 0x18, *rdata,
447 NT_STATUS_WRONG_PASSWORD|0xC000000);
451 static void api_lsa_sam_logoff( user_struct *vuser,
452 char *param, char *data,
453 char **rdata, int *rdata_len )
455 LSA_Q_SAM_LOGOFF q_l;
459 /* grab the challenge... */
460 lsa_io_q_sam_logoff(True, &q_l, data + 0x18, data, 4, 0);
462 /* checks and updates credentials. creates reply credentials */
463 deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_cred);
465 /* construct reply. always indicate success */
466 *rdata_len = lsa_reply_sam_logoff(&q_l, *rdata + 0x18, *rdata,
472 static void api_lsa_sam_logon( user_struct *vuser,
473 char *param, char *data,
474 char **rdata, int *rdata_len )
477 LSA_USER_INFO usr_info;
478 LSA_USER_INFO *p_usr_info = NULL;
482 lsa_io_q_sam_logon(True, &q_l, data + 0x18, data, 4, 0);
484 /* checks and updates credentials. creates reply credentials */
485 deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_creds);
490 pstring logon_script;
491 pstring profile_path;
495 pstring my_workgroup;
498 extern pstring myname;
500 dummy_time.low = 0xffffffff;
501 dummy_time.high = 0x7fffffff;
503 get_myname(myname, NULL);
505 pstrcpy(logon_script, lp_logon_script());
506 pstrcpy(profile_path, lp_logon_path ());
507 pstrcpy(dom_sid , lp_domainsid ());
508 pstrcpy(my_workgroup, lp_workgroup ());
510 pstrcpy(username, unistr2(q_l.sam_id.auth.id1.uni_user_name.buffer));
511 pstrcpy(my_name , myname );
514 pstrcpy(home_drive , "a:" );
516 #if (defined(NETGROUP) && defined(AUTOMOUNT))
517 pstrcpy(home_dir , vuser->home_share);
519 pstrcpy(home_dir , "\\\\%L\\%U");
520 standard_sub_basic(home_dir);
523 p_usr_info = &usr_info;
525 make_lsa_user_info(p_usr_info,
527 &dummy_time, /* logon_time */
528 &dummy_time, /* logoff_time */
529 &dummy_time, /* kickoff_time */
530 &dummy_time, /* pass_last_set_time */
531 &dummy_time, /* pass_can_change_time */
532 &dummy_time, /* pass_must_change_time */
534 username, /* user_name */
535 vuser->real_name, /* full_name */
536 logon_script, /* logon_script */
537 profile_path, /* profile_path */
538 home_dir, /* home_dir */
539 home_drive, /* dir_drive */
542 0, /* bad_pw_count */
544 vuser->uid, /* uint32 user_id */
545 vuser->gid, /* uint32 group_id */
546 0, /* uint32 num_groups */
547 NULL, /* DOM_GID *gids */
548 0x20, /* uint32 user_flgs */
550 NULL, /* char sess_key[16] */
552 my_name, /* char *logon_srv */
553 my_workgroup, /* char *logon_dom */
555 dom_sid, /* char *dom_sid */
556 NULL); /* char *other_sids */
559 *rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata,
560 &srv_creds, p_usr_info);
564 BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
565 int mdrcnt,int mprcnt,
566 char **rdata,char **rparam,
567 int *rdata_len,int *rparam_len)
569 uint16 opnum = SVAL(data,22);
570 int pkttype = CVAL(data, 2);
574 if (pkttype == 0x0b) /* RPC BIND */
576 DEBUG(4,("netlogon rpc bind %x\n",pkttype));
577 LsarpcTNP1(data,rdata,rdata_len);
581 DEBUG(4,("netlogon TransactNamedPipe op %x\n",opnum));
583 if ((vuser = get_valid_user_struct(uid)) == NULL) return False;
585 DEBUG(3,("Username of UID %d is %s\n", vuser->uid, vuser->name));
586 #if defined(NETGROUP) && defined(AUTOMOUNT)
587 DEBUG(3,("HOMESHR for %s is %s\n", vuser->name, vuser->home_share));
594 DEBUG(3,("LSA_REQCHAL\n"));
595 api_lsa_req_chal(cnum, uid, vuser, param, data, rdata, rdata_len);
596 make_rpc_reply(data, *rdata, *rdata_len);
602 DEBUG(3,("LSA_AUTH2\n"));
603 api_lsa_auth_2(vuser, param, data, rdata, rdata_len);
604 make_rpc_reply(data, *rdata, *rdata_len);
610 DEBUG(3,("LSA_SRVPWSET\n"));
611 api_lsa_srv_pwset(vuser, param, data, rdata, rdata_len);
612 make_rpc_reply(data, *rdata, *rdata_len);
618 DEBUG(3,("LSA_SAMLOGON\n"));
619 api_lsa_sam_logon(vuser, param, data, rdata, rdata_len);
620 make_rpc_reply(data, *rdata, *rdata_len);
626 DEBUG(3,("LSA_SAMLOGOFF\n"));
627 api_lsa_sam_logoff(vuser, param, data, rdata, rdata_len);
633 DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum));
641 #endif /* NTDOMAIN */