b4f0db766bfb4ac97236ae36da88753c4d378bdb
[kai/samba.git] / source3 / pipenetlog.c
1 /* 
2    Unix SMB/Netbios implementation.
3    Version 1.9.
4    Pipe SMB reply routines
5    Copyright (C) Andrew Tridgell 1992-1997,
6    Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
7    Copyright (C) Paul Ashton  1997.
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 2 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program; if not, write to the Free Software
21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23 /*
24    This file handles reply_ calls on named pipes that the server
25    makes to handle specific protocols
26 */
27
28
29 #include "includes.h"
30 #include "trans2.h"
31 #include "nterr.h"
32
33 extern int DEBUGLEVEL;
34
35
36 #ifdef NTDOMAIN
37
38 static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c,
39                                 DOM_CHAL *srv_chal, int status)
40 {
41         DEBUG(6,("make_lsa_r_req_chal: %d\n", __LINE__));
42         memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
43         r_c->status = status;
44 }
45
46 static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base,
47                                         DOM_CHAL *srv_chal)
48 {
49         LSA_R_REQ_CHAL r_c;
50
51         DEBUG(6,("lsa_reply_req_chal: %d\n", __LINE__));
52
53         /* set up the LSA REQUEST CHALLENGE response */
54         make_lsa_r_req_chal(&r_c, srv_chal, 0);
55
56         /* store the response in the SMB stream */
57         q = lsa_io_r_req_chal(False, &r_c, q, base, 4, 0);
58
59         DEBUG(6,("lsa_reply_req_chal: %d\n", __LINE__));
60
61         /* return length of SMB data stored */
62         return PTR_DIFF(q, base);
63 }
64
65 static void make_lsa_r_auth_2(LSA_R_AUTH_2 *r_a,
66                               DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status)
67 {
68         memcpy(  r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
69         memcpy(&(r_a->srv_flgs)    , flgs           , sizeof(r_a->srv_flgs));
70         r_a->status = status;
71 }
72
73 static int lsa_reply_auth_2(LSA_Q_AUTH_2 *q_a, char *q, char *base,
74                                 DOM_CHAL *resp_cred, int status)
75 {
76         LSA_R_AUTH_2 r_a;
77
78         /* set up the LSA AUTH 2 response */
79
80         make_lsa_r_auth_2(&r_a, resp_cred, &(q_a->clnt_flgs), status);
81
82         /* store the response in the SMB stream */
83         q = lsa_io_r_auth_2(False, &r_a, q, base, 4, 0);
84
85         /* return length of SMB data stored */
86         return PTR_DIFF(q, base);
87 }
88
89 static void make_lsa_r_srv_pwset(LSA_R_SRV_PWSET *r_a,
90                              DOM_CRED *srv_cred, int status)  
91 {
92         memcpy(&(r_a->srv_cred), srv_cred, sizeof(r_a->srv_cred));
93         r_a->status = status;
94 }
95
96 static int lsa_reply_srv_pwset(LSA_Q_SRV_PWSET *q_s, char *q, char *base,
97                                 DOM_CRED *srv_cred, int status)
98 {
99         LSA_R_SRV_PWSET r_s;
100
101         /* set up the LSA Server Password Set response */
102         make_lsa_r_srv_pwset(&r_s, srv_cred, status);
103
104         /* store the response in the SMB stream */
105         q = lsa_io_r_srv_pwset(False, &r_s, q, base, 4, 0);
106
107         /* return length of SMB data stored */
108         return PTR_DIFF(q, base);
109 }
110
111 static void make_lsa_user_info(LSA_USER_INFO *usr,
112
113         NTTIME *logon_time,
114         NTTIME *logoff_time,
115         NTTIME *kickoff_time,
116         NTTIME *pass_last_set_time,
117         NTTIME *pass_can_change_time,
118         NTTIME *pass_must_change_time,
119
120         char *user_name,
121         char *full_name,
122         char *logon_script,
123         char *profile_path,
124         char *home_dir,
125         char *dir_drive,
126
127         uint16 logon_count,
128         uint16 bad_pw_count,
129
130         uint32 user_id,
131         uint32 group_id,
132         uint32 num_groups,
133         DOM_GID *gids,
134         uint32 user_flgs,
135
136         char sess_key[16],
137
138         char *logon_srv,
139         char *logon_dom,
140
141         char *dom_sid,
142         char *other_sids) /* space-delimited set of SIDs */ 
143 {
144         /* only cope with one "other" sid, right now. */
145         /* need to count the number of space-delimited sids */
146         int i;
147         int num_other_sids = other_sids != NULL ? 1 : 0;
148
149         int len_user_name    = strlen(user_name   );
150         int len_full_name    = strlen(full_name   );
151         int len_logon_script = strlen(logon_script);
152         int len_profile_path = strlen(profile_path);
153         int len_home_dir     = strlen(home_dir    );
154         int len_dir_drive    = strlen(dir_drive   );
155
156         int len_logon_srv    = strlen(logon_srv);
157         int len_logon_dom    = strlen(logon_dom);
158
159         usr->undoc_buffer = 1; /* yes, we're bothering to put USER_INFO data here */
160
161         usr->logon_time            = *logon_time;
162         usr->logoff_time           = *logoff_time;
163         usr->kickoff_time          = *kickoff_time;
164         usr->pass_last_set_time    = *pass_last_set_time;
165         usr->pass_can_change_time  = *pass_can_change_time;
166         usr->pass_must_change_time = *pass_must_change_time;
167
168         make_uni_hdr(&(usr->hdr_user_name   ), len_user_name   , len_user_name   , 4);
169         make_uni_hdr(&(usr->hdr_full_name   ), len_full_name   , len_full_name   , 4);
170         make_uni_hdr(&(usr->hdr_logon_script), len_logon_script, len_logon_script, 4);
171         make_uni_hdr(&(usr->hdr_profile_path), len_profile_path, len_profile_path, 4);
172         make_uni_hdr(&(usr->hdr_home_dir    ), len_home_dir    , len_home_dir    , 4);
173         make_uni_hdr(&(usr->hdr_dir_drive   ), len_dir_drive   , len_dir_drive   , 4);
174
175         usr->logon_count = logon_count;
176         usr->bad_pw_count = bad_pw_count;
177
178         usr->user_id = user_id;
179         usr->group_id = group_id;
180         usr->num_groups = num_groups;
181         usr->buffer_groups = num_groups ? 1 : 0; /* yes, we're bothering to put group info in */
182         usr->user_flgs = user_flgs;
183
184         if (sess_key != NULL)
185         {
186                 memcpy(usr->sess_key, sess_key, sizeof(usr->sess_key));
187         }
188         else
189         {
190                 bzero(usr->sess_key, sizeof(usr->sess_key));
191         }
192
193         make_uni_hdr(&(usr->hdr_logon_srv), len_logon_srv, len_logon_srv, 4);
194         make_uni_hdr(&(usr->hdr_logon_dom), len_logon_dom, len_logon_dom, 4);
195
196         usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
197
198         bzero(usr->padding, sizeof(usr->padding));
199
200         usr->num_other_sids = num_other_sids;
201         usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0; 
202         
203         make_unistr2(&(usr->uni_user_name   ), user_name   , len_user_name   , 0);
204         make_unistr2(&(usr->uni_full_name   ), full_name   , len_full_name   , 0);
205         make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script, 0);
206         make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path, 0);
207         make_unistr2(&(usr->uni_home_dir    ), home_dir    , len_home_dir    , 0);
208         make_unistr2(&(usr->uni_dir_drive   ), dir_drive   , len_dir_drive   , 0);
209
210         usr->num_groups2 = num_groups;
211         for (i = 0; i < num_groups; i++)
212         {
213                 usr->gids[i] = gids[i];
214         }
215
216         make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv, 0);
217         make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom, 0);
218
219         make_dom_sid(&(usr->dom_sid), dom_sid);
220         make_dom_sid(&(usr->other_sids[0]), other_sids);
221 }
222
223
224 static int lsa_reply_sam_logon(LSA_Q_SAM_LOGON *q_s, char *q, char *base,
225                                 DOM_CRED *srv_cred, LSA_USER_INFO *user_info)
226 {
227         LSA_R_SAM_LOGON r_s;
228
229         /* XXXX maybe we want to say 'no', reject the client's credentials */
230         r_s.buffer_creds = 1; /* yes, we have valid server credentials */
231         memcpy(&(r_s.srv_creds), srv_cred, sizeof(r_s.srv_creds));
232
233         /* store the user information, if there is any. */
234         r_s.user = user_info;
235         r_s.buffer_user = user_info != NULL ? 1 : 0;
236         r_s.status = user_info != NULL ? 0 : (0xC000000|NT_STATUS_NO_SUCH_USER);
237
238         /* store the response in the SMB stream */
239         q = lsa_io_r_sam_logon(False, &r_s, q, base, 4, 0);
240
241         /* return length of SMB data stored */
242         return PTR_DIFF(q, base);
243 }
244
245
246 static int lsa_reply_sam_logoff(LSA_Q_SAM_LOGOFF *q_s, char *q, char *base,
247                                 DOM_CRED *srv_cred, 
248                                 uint32 status)
249 {
250         LSA_R_SAM_LOGOFF r_s;
251
252         /* XXXX maybe we want to say 'no', reject the client's credentials */
253         r_s.buffer_creds = 1; /* yes, we have valid server credentials */
254         memcpy(&(r_s.srv_creds), srv_cred, sizeof(r_s.srv_creds));
255
256         r_s.status = status;
257
258         /* store the response in the SMB stream */
259         q = lsa_io_r_sam_logoff(False, &r_s, q, base, 4, 0);
260
261         /* return length of SMB data stored */
262         return PTR_DIFF(q, base);
263 }
264
265
266 static BOOL update_dcinfo(int cnum, uint16 vuid,
267                 struct dcinfo *dc, DOM_CHAL *clnt_chal, char *mach_acct)
268 {
269     struct smb_passwd *smb_pass;
270         int i;
271
272         unbecome_user();
273         smb_pass = get_smbpwnam(mach_acct);
274         if (!become_user(cnum, vuid))
275         {
276                 DEBUG(0,("update_dcinfo: become_user failed\n"));
277                 return False;
278         }
279
280         if (smb_pass != NULL)
281         {
282                 memcpy(dc->md4pw, smb_pass->smb_nt_passwd, sizeof(dc->md4pw));
283                 DEBUG(5,("dc->md4pw(%d) :", sizeof(dc->md4pw)));
284                 dump_data(5, dc->md4pw, 16);
285         }
286         else
287         {
288                 /* No such machine account. Should error out here, but we'll
289                    print and carry on */
290                 DEBUG(1,("No account in domain for %s\n", mach_acct));
291                 return False;
292         }
293
294         {
295                 char foo[16];
296                 for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]);
297                 DEBUG(4,("pass %s %s\n", mach_acct, foo));
298         }
299
300         /* copy the client credentials */
301         memcpy(dc->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
302         memcpy(dc->clnt_cred.data, clnt_chal->data, sizeof(clnt_chal->data));
303
304         /* create a server challenge for the client */
305         /* PAXX: set these to random values. */
306         /* lkcl: paul, you mentioned that it doesn't really matter much */
307         for (i = 0; i < 8; i++)
308         {
309                 dc->srv_chal.data[i] = 0xA5;
310                 dc->srv_cred.data[i] = 0xA5;
311         }
312
313         /* from client / server challenges and md4 password, generate sess key */
314         cred_session_key(&(dc->clnt_chal), &(dc->srv_chal),
315                            dc->md4pw, dc->sess_key);
316
317         DEBUG(6,("update_dcinfo: %d\n", __LINE__));
318
319         return True;
320 }
321
322 static void api_lsa_req_chal( int cnum, uint16 vuid,
323                               user_struct *vuser,
324                               char *param, char *data,
325                               char **rdata, int *rdata_len )
326 {
327         LSA_Q_REQ_CHAL q_r;
328
329         fstring mach_acct;
330
331         /* grab the challenge... */
332         lsa_io_q_req_chal(True, &q_r, data + 0x18, data, 4, 0);
333
334         fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer));
335
336         strcat(mach_acct, "$");
337
338         DEBUG(6,("q_r.clnt_chal.data(%d) :", sizeof(q_r.clnt_chal.data)));
339         dump_data(6, q_r.clnt_chal.data, 8);
340
341         update_dcinfo(cnum, vuid, &(vuser->dc), &(q_r.clnt_chal), mach_acct);
342
343         /* construct reply.  return status is always 0x0 */
344         *rdata_len = lsa_reply_req_chal(&q_r, *rdata + 0x18, *rdata,
345                                         &(vuser->dc.srv_chal));
346
347 }
348
349 static void api_lsa_auth_2( user_struct *vuser,
350                             char *param, char *data,
351                             char **rdata, int *rdata_len )
352 {
353         LSA_Q_AUTH_2 q_a;
354
355         UTIME srv_time;
356
357         srv_time.time = 0;
358
359         /* grab the challenge... */
360         lsa_io_q_auth_2(True, &q_a, data + 0x18, data, 4, 0);
361
362         /* check that the client credentials are valid */
363         cred_assert(&(q_a.clnt_chal), vuser->dc.sess_key,
364                 &(vuser->dc.clnt_cred), srv_time);
365
366         /* create server challenge for inclusion in the reply */
367         cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred), srv_time, &(vuser->dc.srv_chal));
368
369         /* update the client credentials (copy server challenge) for use next time */
370         memcpy(vuser->dc.clnt_cred.data, vuser->dc.srv_chal.data, sizeof(vuser->dc.clnt_cred.data));
371
372         /* construct reply. */
373         *rdata_len = lsa_reply_auth_2(&q_a, *rdata + 0x18, *rdata,
374                                         &(vuser->dc.srv_chal), 0x0);
375 }
376
377
378 static BOOL deal_with_credentials(user_struct *vuser,
379                         DOM_CRED *clnt_cred, DOM_CRED *srv_cred)
380 {
381         UTIME new_clnt_time;
382
383         /* doesn't matter that server time is 0 */
384         srv_cred->timestamp.time = 0;
385
386         /* check that the client credentials are valid */
387         if (cred_assert(&(clnt_cred->challenge), vuser->dc.sess_key,
388                     &(vuser->dc.clnt_cred), clnt_cred->timestamp))
389         {
390                 return False;
391         }
392
393         /* increment client time by one second */
394         new_clnt_time.time = clnt_cred->timestamp.time + 1;
395
396         /* create server credentials for inclusion in the reply */
397         cred_create(vuser->dc.sess_key, &(vuser->dc.clnt_cred), new_clnt_time,
398                     &(srv_cred->challenge));
399
400         /* update the client and server credentials, for use next time... */
401         *(uint32*)(vuser->dc.srv_cred.data) = ( *(uint32*)(vuser->dc.clnt_cred.data) += new_clnt_time.time );
402
403         return True;
404 }
405
406 static void api_lsa_srv_pwset( user_struct *vuser,
407                                char *param, char *data,
408                                char **rdata, int *rdata_len )
409 {
410         LSA_Q_SRV_PWSET q_a;
411
412         DOM_CRED srv_cred;
413
414         /* grab the challenge and encrypted password ... */
415         lsa_io_q_srv_pwset(True, &q_a, data + 0x18, data, 4, 0);
416
417         /* checks and updates credentials.  creates reply credentials */
418         deal_with_credentials(vuser, &(q_a.clnt_id.cred), &srv_cred);
419
420         /* construct reply.  always indicate failure.  nt keeps going... */
421         *rdata_len = lsa_reply_srv_pwset(&q_a, *rdata + 0x18, *rdata,
422                                         &srv_cred,
423                         NT_STATUS_WRONG_PASSWORD|0xC000000);
424 }
425
426
427 static void api_lsa_sam_logoff( user_struct *vuser,
428                                char *param, char *data,
429                                char **rdata, int *rdata_len )
430 {
431         LSA_Q_SAM_LOGOFF q_l;
432
433         DOM_CRED srv_cred;
434
435         /* grab the challenge... */
436         lsa_io_q_sam_logoff(True, &q_l, data + 0x18, data, 4, 0);
437
438         /* checks and updates credentials.  creates reply credentials */
439         deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_cred);
440
441         /* construct reply.  always indicate success */
442         *rdata_len = lsa_reply_sam_logoff(&q_l, *rdata + 0x18, *rdata,
443                                         &srv_cred,
444                         0x0);
445 }
446
447
448 static void api_lsa_sam_logon( user_struct *vuser,
449                                char *param, char *data,
450                                char **rdata, int *rdata_len )
451 {
452         LSA_Q_SAM_LOGON q_l;
453         LSA_USER_INFO usr_info;
454         LSA_USER_INFO *p_usr_info = NULL;
455
456         DOM_CRED srv_creds;
457
458         lsa_io_q_sam_logon(True, &q_l, data + 0x18, data, 4, 0);
459
460         /* checks and updates credentials.  creates reply credentials */
461         deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_creds);
462
463         if (vuser != NULL)
464         {
465                 NTTIME dummy_time;
466                 pstring logon_script;
467                 pstring profile_path;
468                 pstring home_dir;
469                 pstring home_drive;
470                 pstring my_name;
471                 pstring my_workgroup;
472                 pstring dom_sid;
473                 pstring username;
474                 extern pstring myname;
475
476                 dummy_time.low  = 0xffffffff;
477                 dummy_time.high = 0x7fffffff;
478
479                 get_myname(myname, NULL);
480
481                 pstrcpy(logon_script, lp_logon_script());
482                 pstrcpy(profile_path, lp_logon_path  ());
483                 pstrcpy(dom_sid     , lp_domainsid   ());
484                 pstrcpy(my_workgroup, lp_workgroup   ());
485
486                 pstrcpy(username, unistr2(q_l.sam_id.client.login.uni_acct_name.buffer));
487                 pstrcpy(my_name     , myname           );
488                 strupper(my_name);
489
490                 pstrcpy(home_drive  , "a:"             );
491
492 #if (defined(NETGROUP) && defined(AUTOMOUNT))
493                 pstrcpy(home_dir    , vuser->home_share);
494 #else
495                 pstrcpy(home_dir    , "\\\\%L\\%U");
496                 standard_sub_basic(home_dir);
497 #endif
498
499                 p_usr_info = &usr_info;
500
501                 make_lsa_user_info(p_usr_info,
502
503                                &dummy_time, /* logon_time */
504                                &dummy_time, /* logoff_time */
505                                &dummy_time, /* kickoff_time */
506                                &dummy_time, /* pass_last_set_time */
507                                &dummy_time, /* pass_can_change_time */
508                                &dummy_time, /* pass_must_change_time */
509
510                                username, /* user_name */
511                                vuser->real_name, /* full_name */
512                                logon_script, /* logon_script */
513                                profile_path, /* profile_path */
514                                home_dir, /* home_dir */
515                                home_drive, /* dir_drive */
516
517                                0, /* logon_count */
518                                0, /* bad_pw_count */
519
520                                vuser->uid, /* uint32 user_id */
521                                vuser->gid, /* uint32 group_id */
522                                0,    /* uint32 num_groups */
523                                NULL, /* DOM_GID *gids */
524                                0x20, /* uint32 user_flgs */
525
526                                NULL, /* char sess_key[16] */
527
528                                my_name, /* char *logon_srv */
529                                my_workgroup, /* char *logon_dom */
530
531                                dom_sid, /* char *dom_sid */
532                                NULL); /* char *other_sids */
533         }
534
535         *rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata,
536                                         &srv_creds, p_usr_info);
537 }
538
539
540 BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data,
541                      int mdrcnt,int mprcnt,
542                      char **rdata,char **rparam,
543                      int *rdata_len,int *rparam_len)
544 {
545         uint16 opnum = SVAL(data,22);
546         int pkttype  = CVAL(data, 2);
547
548         user_struct *vuser;
549
550         if (pkttype == 0x0b) /* RPC BIND */
551         {
552                 DEBUG(4,("netlogon rpc bind %x\n",pkttype));
553                 LsarpcTNP1(data,rdata,rdata_len);
554                 return True;
555         }
556
557         DEBUG(4,("netlogon TransactNamedPipe op %x\n",opnum));
558
559         if ((vuser = get_valid_user_struct(uid)) == NULL) return False;
560
561         DEBUG(3,("Username of UID %d is %s\n", vuser->uid, vuser->name));
562 #if defined(NETGROUP) && defined(AUTOMOUNT)
563         DEBUG(3,("HOMESHR for %s is %s\n", vuser->name, vuser->home_share));
564 #endif
565
566         switch (opnum)
567         {
568                 case LSA_REQCHAL:
569                 {
570                         DEBUG(3,("LSA_REQCHAL\n"));
571                         api_lsa_req_chal(cnum, uid, vuser, param, data, rdata, rdata_len);
572                         make_rpc_reply(data, *rdata, *rdata_len);
573                         break;
574                 }
575
576                 case LSA_AUTH2:
577                 {
578                         DEBUG(3,("LSA_AUTH2\n"));
579                         api_lsa_auth_2(vuser, param, data, rdata, rdata_len);
580                         make_rpc_reply(data, *rdata, *rdata_len);
581                         break;
582                 }
583
584                 case LSA_SRVPWSET:
585                 {
586                         DEBUG(3,("LSA_SRVPWSET\n"));
587                         api_lsa_srv_pwset(vuser, param, data, rdata, rdata_len);
588                         make_rpc_reply(data, *rdata, *rdata_len);
589                         break;
590                 }
591
592                 case LSA_SAMLOGON:
593                 {
594                         DEBUG(3,("LSA_SAMLOGON\n"));
595                         api_lsa_sam_logon(vuser, param, data, rdata, rdata_len);
596                         make_rpc_reply(data, *rdata, *rdata_len);
597                         break;
598                 }
599
600                 case LSA_SAMLOGOFF:
601                 {
602                         DEBUG(3,("LSA_SAMLOGOFF\n"));
603                         api_lsa_sam_logoff(vuser, param, data, rdata, rdata_len);
604                         break;
605                 }
606
607                 default:
608                 {
609                         DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum));
610                         break;
611                 }
612         }
613
614         return True;
615 }
616
617 #endif /* NTDOMAIN */