return valid_chal;
}
-/****************************************************************************
+/***************************************************************************
do a LSA SAM Logon
****************************************************************************/
-static BOOL do_lsa_sam_logon(uint16 fnum, uint32 sess_key[2], DOM_CHAL *clnt_chal,
+static BOOL do_lsa_sam_logon(uint16 fnum, uint32 sess_key[2], DOM_CRED *sto_clnt_cred,
char *logon_srv, char *comp_name,
DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
uint16 logon_level, uint16 switch_value, DOM_ID_INFO_1 *id1,
+ LSA_USER_INFO *user_info,
DOM_CRED *srv_cred)
{
char *rparam = NULL;
int call_id = 0x1;
BOOL valid_cred = False;
- if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL) return False;
+ if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL || user_info == NULL) return False;
/* create and send a MSRPC command with api LSA_SAMLOGON */
NULL, data, setup,
&rparam,&rdata))
{
- DOM_CRED clnt_cred1;
+ LSA_R_SAM_LOGON r_s;
+ RPC_HDR hdr;
+ int hdr_len;
+ int pkt_len;
+
+ r_s.user = user_info;
DEBUG(5, ("cli_call_api: return OK\n"));
- clnt_cred1.timestamp.time = clnt_cred->timestamp.time + 1;
+ p = rdata;
- /* calculate sam logon credentials at time+1, just like server does */
- cred_create(sess_key, clnt_chal, clnt_cred1.timestamp,
- &(clnt_cred1.challenge));
+ if (p) p = smb_io_rpc_hdr (True, &hdr, p, rdata, 4, 0);
+ if (p) p = align_offset(p, rdata, 4); /* oh, what a surprise */
-#if 0
- LSA_R_AUTH_2 r_a;
- RPC_HDR hdr;
- int hdr_len;
- int pkt_len;
+ hdr_len = PTR_DIFF(p, rdata);
- /* check sam logon credentials at time+1, just like server does */
- if (cred_assert(r_s....creds, sess_key, clnt_chal, clnt_cred->timestamp + 1))
+ if (p && hdr_len != hdr.frag_len - hdr.alloc_hint)
{
- DEBUG(5, ("do_lsa_sam_logon: server credential check OK\n"));
+ /* header length not same as calculated header length */
+ DEBUG(2,("do_lsa_sam_logon: hdr_len %x != frag_len-alloc_hint\n",
+ hdr_len, hdr.frag_len - hdr.alloc_hint));
+ p = NULL;
+ }
+
+ if (p) p = lsa_io_r_sam_logon(True, &r_s, p, rdata, 4, 0);
+
+ pkt_len = PTR_DIFF(p, rdata);
+
+ if (p && pkt_len != hdr.frag_len)
+ {
+ /* packet data size not same as reported fragment length */
+ DEBUG(2,("do_lsa_sam_logon: pkt_len %x != frag_len \n",
+ pkt_len, hdr.frag_len));
+ p = NULL;
}
- else
+
+ if (p && r_s.status != 0)
{
- DEBUG(5, ("do_lsa_sam_logon: server credential check failed\n"));
+ /* report error code */
+ DEBUG(0,("LSA_SAMLOGON: nt_status error %lx\n", r_s.status));
+ p = NULL;
}
+ if (p && r_s.switch_value != 3)
+ {
+ /* report different switch_value */
+ DEBUG(0,("LSA_SAMLOGON: switch_value of 3 expected %x\n",
+ r_s.switch_value));
+ p = NULL;
+ }
+
+ if (p)
+ {
+ if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
+ {
+ DEBUG(5, ("do_lsa_sam_logon: server credential check OK\n"));
+ /* ok, at last: we're happy. return the challenge */
+ memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
+ valid_cred = True;
+ }
+ else
+ {
+ DEBUG(5, ("do_lsa_sam_logon: server credential check failed\n"));
+ }
+ }
+#endif
+ }
+
+ if (rparam) free(rparam);
+ if (rdata) free(rdata);
+
+ return valid_cred;
+}
+
+/***************************************************************************
+do a LSA SAM Logoff
+****************************************************************************/
+static BOOL do_lsa_sam_logoff(uint16 fnum, uint32 sess_key[2], DOM_CRED *sto_clnt_cred,
+ char *logon_srv, char *comp_name,
+ DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
+ uint16 logon_level, uint16 switch_value, DOM_ID_INFO_1 *id1,
+ DOM_CRED *srv_cred)
+{
+ char *rparam = NULL;
+ char *rdata = NULL;
+ char *p;
+ int rdrcnt,rprcnt;
+ pstring data; /* only 1024 bytes */
+ uint16 setup[2]; /* only need 2 uint16 setup parameters */
+ LSA_Q_SAM_LOGOFF q_s;
+ int call_id = 0x1;
+ BOOL valid_cred = False;
+
+ if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL) return False;
+
+ /* create and send a MSRPC command with api LSA_SAMLOGON */
+
+ DEBUG(4,("LSA SAM Logoff: srv:%s mc:%s clnt %lx %lx %lx rtn: %lx %lx %lx ll: %d\n",
+ logon_srv, comp_name,
+ clnt_cred->challenge.data[0], clnt_cred->challenge.data[1], clnt_cred->timestamp.time,
+ rtn_cred ->challenge.data[0], rtn_cred ->challenge.data[1], rtn_cred ->timestamp.time,
+ logon_level));
+
+ /* store the parameters */
+ make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
+ clnt_cred, rtn_cred, logon_level, switch_value, id1);
+
+ /* turn parameters into data stream */
+ p = lsa_io_q_sam_logoff(False, &q_s, data + 0x18, data, 4, 0);
+
+ /* create the request RPC_HDR _after_ the main data: length is now known */
+ create_rpc_request(call_id, LSA_SAMLOGOFF, data, PTR_DIFF(p, data));
+
+ /* create setup parameters. */
+ SIVAL(setup, 0, 0x0026); /* 0x26 indicates "transact named pipe" */
+ SIVAL(setup, 2, fnum); /* file handle, from the SMBcreateX pipe, earlier */
+
+ /* send the data on \PIPE\ */
+ if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
+ BUFFER_SIZE,
+ &rprcnt,&rdrcnt,
+ NULL, data, setup,
+ &rparam,&rdata))
+ {
+ LSA_R_SAM_LOGOFF r_s;
+ RPC_HDR hdr;
+ int hdr_len;
+ int pkt_len;
+
DEBUG(5, ("cli_call_api: return OK\n"));
p = rdata;
if (p && hdr_len != hdr.frag_len - hdr.alloc_hint)
{
/* header length not same as calculated header length */
- DEBUG(2,("do_lsa_auth2: hdr_len %x != frag_len-alloc_hint\n",
+ DEBUG(2,("do_lsa_sam_logoff: hdr_len %x != frag_len-alloc_hint\n",
hdr_len, hdr.frag_len - hdr.alloc_hint));
p = NULL;
}
- if (p) p = lsa_io_r_auth_2(True, &r_a, p, rdata, 4, 0);
+ if (p) p = lsa_io_r_sam_logoff(True, &r_s, p, rdata, 4, 0);
pkt_len = PTR_DIFF(p, rdata);
if (p && pkt_len != hdr.frag_len)
{
/* packet data size not same as reported fragment length */
- DEBUG(2,("do_lsa_auth2: pkt_len %x != frag_len \n",
+ DEBUG(2,("do_lsa_sam_logoff: pkt_len %x != frag_len \n",
pkt_len, hdr.frag_len));
p = NULL;
}
- if (p && r_a.status != 0)
+ if (p && r_s.status != 0)
{
/* report error code */
- DEBUG(0,("LSA_AUTH2: nt_status error %lx\n", r_a.status));
- p = NULL;
- }
-
- if (p && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
- {
- /* report different neg_flags */
- DEBUG(0,("LSA_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n",
- q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
+ DEBUG(0,("LSA_SAMLOGOFF: nt_status error %lx\n", r_s.status));
p = NULL;
}
if (p)
{
- /* ok, at last: we're happy. return the challenge */
- memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data));
- valid_chal = True;
+ if (clnt_deal_with_creds(sess_key, sto_clnt_cred, &(r_s.srv_creds)))
+ {
+ DEBUG(5, ("do_lsa_sam_logoff: server credential check OK\n"));
+ /* ok, at last: we're happy. return the challenge */
+ memcpy(srv_cred, &(r_s.srv_creds), sizeof(r_s.srv_creds));
+ valid_cred = True;
+ }
+ else
+ {
+ DEBUG(5, ("do_lsa_sam_logoff: server credential check failed\n"));
+ }
}
-#endif
}
if (rparam) free(rparam);
DOM_CHAL clnt_chal;
DOM_CHAL srv_chal;
- DOM_CHAL auth2_clnt_chal;
+ DOM_CRED clnt_cred;
+
DOM_CHAL auth2_srv_chal;
- DOM_CRED sam_log_clnt_cred;
- DOM_CRED sam_log_rtn_cred;
- DOM_CRED sam_log_srv_cred;
+ DOM_CRED sam_logon_clnt_cred;
+ DOM_CRED sam_logon_rtn_cred;
+ DOM_CRED sam_logon_srv_cred;
+
+ DOM_CRED sam_logoff_clnt_cred;
+ DOM_CRED sam_logoff_rtn_cred;
+ DOM_CRED sam_logoff_srv_cred;
DOM_ID_INFO_1 id1;
+ LSA_USER_INFO user_info1;
UTIME zerotime;
/******************* Authenticate 2 ********************/
/* calculate auth-2 credentials */
- cred_create(sess_key, &clnt_chal, zerotime, &auth2_clnt_chal);
+ cred_create(sess_key, &clnt_chal, zerotime, &(clnt_cred.challenge));
/* send client auth-2 challenge; receive an auth-2 challenge */
if (!do_lsa_auth2(fnum, desthost, mach_acct, 2, myhostname,
- &auth2_clnt_chal, 0x000001ff, &auth2_srv_chal))
+ &(clnt_cred.challenge), 0x000001ff, &auth2_srv_chal))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
/*********************** SAM Logon **********************/
- sam_log_clnt_cred.timestamp.time = time(NULL);
+ clnt_cred.timestamp.time = sam_logon_clnt_cred.timestamp.time = time(NULL);
/* calculate sam logon credentials, using the auth2 client challenge */
- cred_create(sess_key, &auth2_clnt_chal, sam_log_clnt_cred.timestamp,
- &(sam_log_clnt_cred.challenge));
+ cred_create(sess_key, &(clnt_cred.challenge), sam_logon_clnt_cred.timestamp,
+ &(sam_logon_clnt_cred.challenge));
/* send client sam-logon challenge; receive a sam-logon challenge */
- if (!do_lsa_sam_logon(fnum, sess_key, &auth2_clnt_chal,
+ if (!do_lsa_sam_logon(fnum, sess_key, &clnt_cred,
desthost, mach_acct,
- &sam_log_clnt_cred, &sam_log_rtn_cred,
- 1, 1, &id1,
- &sam_log_srv_cred))
+ &sam_logon_clnt_cred, &sam_logon_rtn_cred,
+ 1, 1, &id1, &user_info1,
+ &sam_logon_srv_cred))
{
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return False;
}
-#if 0
- cli_lsa_sam_logoff();
-#endif
+ /*********************** SAM Logoff *********************/
+
+ clnt_cred.timestamp.time = sam_logoff_clnt_cred.timestamp.time = time(NULL);
+
+ /* calculate sam logoff credentials, using the sam logon return challenge */
+ cred_create(sess_key, &(clnt_cred.challenge),
+ sam_logoff_clnt_cred.timestamp,
+ &(sam_logoff_clnt_cred.challenge));
+
+ /* send client sam-logoff challenge; receive a sam-logoff challenge */
+ if (!do_lsa_sam_logoff(fnum, sess_key, &clnt_cred,
+ desthost, mach_acct,
+ &sam_logoff_clnt_cred, &sam_logoff_rtn_cred,
+ 1, 1, &id1,
+ &sam_logoff_srv_cred))
+ {
+ cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
+ free(inbuf); free(outbuf);
+ return False;
+ }
cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
free(inbuf); free(outbuf);
return True;
}
-
-#endif
void cred_create(uint32 session_key[2], DOM_CHAL *stor_cred, UTIME timestamp,
DOM_CHAL *cred)
{
+ DOM_CHAL time_cred;
unsigned char calc_cred[8];
unsigned char timecred[8];
unsigned char netsesskey[8];
cred->data[0] = IVAL(calc_cred, 0);
cred->data[1] = IVAL(calc_cred, 4);
+ time_cred.data[0] = IVAL(timecred, 0);
+ time_cred.data[1] = IVAL(timecred, 4);
+
/* debug output*/
DEBUG(4,("cred_create\n"));
DEBUG(5,(" sess_key : %lx %lx\n", session_key [0], session_key [1]));
DEBUG(5,(" stor_cred: %lx %lx\n", stor_cred->data[0], stor_cred->data[1]));
- DEBUG(5,(" timecred : %lx %lx\n", IVAL(timecred, 0) , IVAL(timecred, 4) ));
+ DEBUG(5,(" timestamp: %lx\n" , timestamp.time));
+ DEBUG(5,(" timecred : %lx %lx\n", time_cred .data[0], time_cred .data[1]));
DEBUG(5,(" calc_cred: %lx %lx\n", cred ->data[0], cred ->data[1]));
}
/****************************************************************************
checks credentials; generates next step in the credential chain
****************************************************************************/
-BOOL srv_deal_with_creds(struct dcinfo *dc, DOM_CRED *clnt_cred, DOM_CRED *srv_cred)
+BOOL clnt_deal_with_creds(uint32 sess_key[2],
+ DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred)
{
UTIME new_clnt_time;
uint32 new_cred;
- DEBUG(5,("deal_with_creds: %d\n", __LINE__));
+ DEBUG(5,("clnt_deal_with_creds: %d\n", __LINE__));
+
+ /* increment client time by one second */
+ new_clnt_time.time = sto_clnt_cred->timestamp.time + 1;
- /* check that the client credentials are valid */
- if (!cred_assert(&(clnt_cred->challenge), dc->sess_key,
- &(dc->clnt_cred.challenge), clnt_cred->timestamp))
+ /* check that the received server credentials are valid */
+ if (!cred_assert(&(rcv_srv_cred->challenge), sess_key,
+ &(sto_clnt_cred->challenge), new_clnt_time))
{
return False;
}
- /* increment client time by one second */
- new_clnt_time.time = clnt_cred->timestamp.time + 1;
-
/* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
- new_cred = IVAL(dc->clnt_cred.challenge.data, 0);
+ new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
new_cred += new_clnt_time.time;
- DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred));
-
- /* doesn't matter that server time is 0 */
- srv_cred->timestamp.time = 0;
-
- DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time));
-
- /* create return credentials for inclusion in the reply */
- cred_create(dc->sess_key, &(dc->clnt_cred.challenge), new_clnt_time,
- &(srv_cred->challenge));
-
- DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n",
- dc->clnt_cred.challenge.data[0]));
-
- /* store new seed in client and server credentials */
- SIVAL(dc->clnt_cred.challenge.data, 0, new_cred);
- SIVAL(dc->srv_cred .challenge.data, 0, new_cred);
+ /* store new seed in client credentials */
+ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+ DEBUG(5,(" new clnt cred: %lx %lx\n", sto_clnt_cred->challenge.data[0],
+ sto_clnt_cred->challenge.data[1]));
return True;
}
-#if 0
/****************************************************************************
checks credentials; generates next step in the credential chain
****************************************************************************/
-BOOL clnt_deal_with_creds(struct dcinfo *dc, DOM_CRED *srv_cred, DOM_CRED *clnt_cred)
+BOOL deal_with_creds(uint32 sess_key[2],
+ DOM_CRED *sto_clnt_cred,
+ DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred)
{
UTIME new_clnt_time;
uint32 new_cred;
DEBUG(5,("deal_with_creds: %d\n", __LINE__));
- /* setup new client time */
- dc->clnt_cred.timestamp.time = time(NULL);
-
- /* create sent credentials for inclusion in the reply */
- cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred);
-
- /* increment client time by one second */
- (dc->clnt_cred.timestamp.time)++;
-
- /* create expected return credentials to be received from server */
- cred_create(dc->sess_key, srv_cred, dc->clnt_cred.timestamp.time, clnt_cred);
-
-
-
- /* check that the server credentials are valid */
- if (!cred_assert(&(srv_cred->challenge), dc->sess_key,
- &(dc->clnt_cred), clnt_cred->timestamp))
+ /* check that the received client credentials are valid */
+ if (!cred_assert(&(rcv_clnt_cred->challenge), sess_key,
+ &(sto_clnt_cred->challenge), rcv_clnt_cred->timestamp))
{
return False;
}
+
/* increment client time by one second */
- new_clnt_time = (dc->clnt_cred.timestamp.time += 1);
+ new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
/* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
- new_cred = IVAL(dc->clnt_cred.data, 0);
+ new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
new_cred += new_clnt_time.time;
DEBUG(5,("deal_with_creds: new_cred[0]=%lx\n", new_cred));
- /* create new client credentials */
- cred_create(dc->sess_key, new_cred, new_clnt_time, clnt_cred);
+ /* doesn't matter that server time is 0 */
+ rtn_srv_cred->timestamp.time = 0;
DEBUG(5,("deal_with_creds: new_clnt_time=%lx\n", new_clnt_time.time));
- /* create return credentials for inclusion in the reply
- cred_create(dc->sess_key, srv_cred, new_clnt_time,
- clnt_cred);
- */
+ /* create return credentials for inclusion in the reply */
+ cred_create(sess_key, &(sto_clnt_cred->challenge), new_clnt_time,
+ &(rtn_srv_cred->challenge));
+
DEBUG(5,("deal_with_creds: clnt_cred[0]=%lx\n",
- dc->clnt_cred.data[0]));
+ sto_clnt_cred->challenge.data[0]));
- /* store new seed in client and server credentials */
- SIVAL(dc->clnt_cred.data, 0, new_cred);
- SIVAL(dc->srv_cred .data, 0, new_cred);
+ /* store new seed in client credentials */
+ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
return True;
}
-#endif
+
lsa_io_q_srv_pwset(True, &q_a, data + 0x18, data, 4, 0);
/* checks and updates credentials. creates reply credentials */
- srv_deal_with_creds(&(vuser->dc), &(q_a.clnt_id.cred), &srv_cred);
+ deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
+ &(q_a.clnt_id.cred), &srv_cred);
+ memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
DEBUG(5,("api_lsa_srv_pwset: %d\n", __LINE__));
char **rdata, int *rdata_len )
{
LSA_Q_SAM_LOGOFF q_l;
+ DOM_ID_INFO_1 id1;
DOM_CRED srv_cred;
+ /* the DOM_ID_INFO_1 structure is a bit big. plus we might want to
+ dynamically allocate it inside lsa_io_q_sam_logon, at some point */
+ q_l.sam_id.auth.id1 = &id1;
+
/* grab the challenge... */
lsa_io_q_sam_logoff(True, &q_l, data + 0x18, data, 4, 0);
/* checks and updates credentials. creates reply credentials */
- srv_deal_with_creds(&(vuser->dc), &(q_l.sam_id.client.cred), &srv_cred);
+ deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
+ &(q_l.sam_id.client.cred), &srv_cred);
+ memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
/* construct reply. always indicate success */
*rdata_len = lsa_reply_sam_logoff(&q_l, *rdata + 0x18, *rdata,
{
LSA_Q_SAM_LOGON q_l;
DOM_ID_INFO_1 id1;
-
LSA_USER_INFO usr_info;
- DOM_CRED srv_creds;
+ DOM_CRED srv_cred;
/* the DOM_ID_INFO_1 structure is a bit big. plus we might want to
dynamically allocate it inside lsa_io_q_sam_logon, at some point */
lsa_io_q_sam_logon(True, &q_l, data + 0x18, data, 4, 0);
/* checks and updates credentials. creates reply credentials */
- srv_deal_with_creds(&(vuser->dc), &(q_l.sam_id.client.cred), &srv_creds);
+ deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
+ &(q_l.sam_id.client.cred), &srv_cred);
+ memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
usr_info.ptr_user_info = 0;
}
*rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata,
- &srv_creds, &usr_info);
+ &srv_cred, &usr_info);
}
git.samba.org / gd / samba / .git / commitdiff