DOM_SID *sid, char *name, uint32 *type);
BOOL msrpc_lsa_set_secret(const char* srv_name,
const char* secret_name,
- const STRING2 *secret);
+ const char* data, int len);
BOOL msrpc_lsa_query_secret(const char* srv_name,
const char* secret_name,
STRING2 *secret,
DOM_SID *sid, char *name, uint32 *type);
BOOL msrpc_lsa_set_secret(const char* srv_name,
const char* secret_name,
- const STRING2 *secret);
+ const char* data, int len);
BOOL msrpc_lsa_query_secret(const char* srv_name,
const char* secret_name,
STRING2 *secret,
#define LSA_OPENPOLICY 0x06
#define LSA_OPENPOLICY2 0x2c
#define LSA_OPENSECRET 0x1c
+#define LSA_SETSECRET 0x1d
#define LSA_QUERYSECRET 0x1e
-#define LSA_SETSECRET 0x1f
#define LSA_MAX_GROUPS 32
#define LSA_MAX_SIDS 32
{
POLICY_HND pol;
- uint32 ptr_value;
LSA_SECRET_VALUE value;
+ uint32 unknown;
} LSA_Q_SET_SECRET;
dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
DEBUG(100,("session key:\n"));
- dump_data(100, sess_key, sizeof(sess_key));
+ dump_data(100, sess_key, 16);
#endif
pwd->crypted = True;
dump_data(100, pwd->smb_lm_pwd, sizeof(pwd->smb_lm_pwd));
DEBUG(100,("session key:\n"));
- dump_data(100, sess_key, sizeof(sess_key));
+ dump_data(100, sess_key, 16);
#endif
pwd->crypted = True;
BOOL nt_encrypt_string2(STRING2 *out, const STRING2 *in, const uchar *key)
{
- uchar bufhdr[8];
- int datalen;
-
const uchar *keyptr = key;
const uchar *keyend = key + 16;
+ int datalen = in->str_str_len;
uchar *outbuf = (uchar *)out->buffer;
const uchar *inbuf = (const uchar *)in->buffer;
const uchar *inbufend;
- smbhash(bufhdr, inbuf, keyptr, 1);
- datalen = IVAL(inbuf, 0);
+ out->str_max_len = in->str_max_len;
+ out->str_str_len = in->str_str_len;
+ out->undoc = 0;
- if ((datalen > in->str_str_len) || (datalen > MAX_STRINGLEN))
- {
- DEBUG(0, ("nt_decrypt_string2: failed\n"));
- return False;
- }
-
- out->str_max_len = out->str_str_len = datalen;
- inbuf += 8;
inbufend = inbuf + datalen;
+
+ dump_data_pw("nt_encrypt_string2\n", inbuf, datalen);
while (inbuf < inbufend)
{
outbuf += 8;
}
+ dump_data_pw("nt_decrypt_string2\n", bufhdr, 8);
+ dump_data_pw("nt_decrypt_string2\n", out->buffer, datalen);
+
return True;
}
cli_connection_free(con);
return NULL;
}
+ dump_data_pw("sess key:", con->msrpc.smb->cli->nt.usr_sess_key, 16);
}
else
{
if (!cli_connection_get(from, &con))
{
+ DEBUG(0,("cli_pol_link: no connection\n"));
return False;
}
}
if (con == NULL)
{
+ DEBUG(0,("cli_get_usr_sesskey: no connection\n"));
return False;
}
nt = cli_conn_get_ntinfo(con);
- if (nt != NULL)
+ if (nt == NULL)
{
- memcpy(usr_sess_key,nt->usr_sess_key,sizeof(nt->usr_sess_key));
+ DEBUG(0,("cli_get_usr_sesskey: no ntdom_info\n"));
+ return False;
}
-
+
+ memcpy(usr_sess_key,nt->usr_sess_key,sizeof(nt->usr_sess_key));
return True;
}
nt = cli_conn_get_ntinfo(con);
memcpy(sess_key, nt->sess_key, sizeof(nt->sess_key));
+ dump_data_pw("sess_key:", sess_key, 16);
+
return True;
}
lsa_io_q_open_pol2("", &q_o, &buf, 0);
/* send the data on \PIPE\ */
- if (rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf))
+ if (rpc_con_pipe_req(con, LSA_OPENPOLICY2, &buf, &rbuf))
{
LSA_R_OPEN_POL2 r_o;
BOOL p;
{
/* ok, at last: we're happy. return the policy handle */
memcpy(hnd_secret, r_o.pol.data, sizeof(hnd_secret->data));
- valid_pol = True;
+ valid_pol = cli_pol_link(hnd_secret, hnd);
}
}
DEBUG(4,("LSA Set Secret\n"));
memcpy(&q_q.pol, hnd, sizeof(q_q.pol));
- q_q.ptr_value = 1;
+ q_q.unknown = 0x0;
+ q_q.value.ptr_secret = 0x1;
make_strhdr2(&q_q.value.hdr_secret, secret->str_str_len,
secret->str_max_len, 1);
- if (!cli_get_sesskey(hnd, sess_key))
+ if (!cli_get_usr_sesskey(hnd, sess_key))
{
return NT_STATUS_INVALID_PARAMETER;
}
STRING2 enc_secret;
memcpy(&enc_secret, &(r_q.info.value.enc_secret), sizeof(STRING2));
memcpy(last_update, &(r_q.info.last_update), sizeof(NTTIME));
- if (!cli_get_sesskey(hnd, sess_key))
+ if (!cli_get_usr_sesskey(hnd, sess_key))
{
return False;
}
-#ifdef DEBUG_PASSWORD
- dump_data(100, sess_key, 16);
-#endif
+ dump_data_pw("sess key:", sess_key, 16);
valid_info = nt_decrypt_string2(secret, &enc_secret,
sess_key);
}
****************************************************************************/
BOOL msrpc_lsa_set_secret(const char* srv_name,
const char* secret_name,
- const STRING2 *secret)
+ const char* data, int len)
{
BOOL res = True;
BOOL res1;
POLICY_HND pol_sec;
POLICY_HND lsa_pol;
+ STRING2 secret;
+
+ secret.str_max_len = len+8;
+ secret.undoc = 0;
+ secret.str_str_len = len+8;
+
+ SIVAL(secret.buffer, 0, len+8);
+ SIVAL(secret.buffer, 4, len+8);
+ memcpy(secret.buffer+8, data, len);
/* lookup domain controller; receive a policy handle */
res = res ? lsa_open_policy2( srv_name,
- &lsa_pol, False, 0x02000000) : False;
+ &lsa_pol, True, 0x02000000) : False;
/* lookup domain controller; receive a policy handle */
res1 = res ? lsa_open_secret( &lsa_pol,
- secret_name, 0x02000000, &pol_sec) : False;
+ secret_name, 0x020003, &pol_sec) : False;
- res2 = res1 ? (lsa_set_secret(&pol_sec, secret) == NT_STATUS_NOPROBLEMO) : False;
+ res2 = res1 ? (lsa_set_secret(&pol_sec, &secret) == NT_STATUS_NOPROBLEMO) : False;
res1 = res1 ? lsa_close(&pol_sec) : False;
prs_uint32("ptr ", ps, depth, &(r_q->ptr ));
smb_io_unistr2 ("", &(r_q->uni_server_name), r_q->ptr, ps, depth);
+ prs_align(ps);
+
lsa_io_obj_attr("", &(r_q->attr ), ps, depth);
if (r_q->attr.ptr_sec_qos == 0)
smb_io_pol_hnd("", &(q_q->pol), ps, depth);
- prs_uint32("ptr_value ", ps, depth, &(q_q->ptr_value ));
-
- if (q_q->ptr_value != 0)
- {
- lsa_io_secret_value("", &(q_q->value), ps, depth);
- }
+ lsa_io_secret_value("", &(q_q->value), ps, depth);
+ prs_uint32("unknown", ps, depth, &(q_q->unknown));
return True;
}
void cmd_lsa_set_secret(struct client_info *info, int argc, char *argv[])
{
char *secret_name;
- STRING2 secret;
fstring srv_name;
+ char *data;
+ int len;
fstrcpy(srv_name, "\\\\");
fstrcat(srv_name, info->dest_host);
}
secret_name = argv[1];
+ data = argv[2];
+ len = strlen(argv[2]);
- make_string2(&secret, argv[2], strlen(argv[2]));
-
- if (msrpc_lsa_set_secret(srv_name, secret_name, &secret))
+ if (msrpc_lsa_set_secret(srv_name, secret_name, data, len))
{
report(out_hnd, "LSA Set Secret: OK\n");
}