source3/rpc_client/ntclienttrust.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    NT Domain Authentication SMB / MSRPC client
   4    Copyright (C) Andrew Tridgell 1994-1997
   5    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24
  25 /************************************************************************
  26  check workstation trust account status
  27  ************************************************************************/
  28 BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
  29                                 char *hostname, char *domain, fstring mach_acct,
  30                                 fstring new_mach_pwd)
  31 {
  32         pstring tmp;
  33         fstring mach_pwd;
  34         struct cli_state cli_trust;
  35         uchar lm_owf_mach_pwd[16];
  36         uchar nt_owf_mach_pwd[16];
  37         uchar lm_sess_pwd[24];
  38         uchar nt_sess_pwd[24];
  39
  40         BOOL right_error_code = False;
  41         uint8 err_cls;
  42         uint32 err_num;
  43
  44         char *start_mach_pwd;
  45         char *change_mach_pwd;
  46
  47         /* initial machine password */
  48         fstrcpy(mach_pwd, hostname);
  49         strlower(mach_pwd);
  50
  51         slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
  52                                 mach_acct, mach_pwd);
  53
  54         start_mach_pwd = (char*)getpass(tmp);
  55
  56         if (start_mach_pwd[0] != 0)
  57         {
  58                 fstrcpy(mach_pwd, start_mach_pwd);
  59         }
  60
  61         slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
  62                                 mach_acct);
  63
  64         change_mach_pwd = (char*)getpass(tmp);
  65
  66         if (change_mach_pwd[0] != 0)
  67         {
  68                 fstrcpy(new_mach_pwd, change_mach_pwd);
  69         }
  70         else
  71         {
  72                 DEBUG(1,("trust_account_check: password change not requested\n"));
  73                 change_mach_pwd[0] = 0;
  74         }
  75
  76         DEBUG(1,("initialise cli_trust connection\n"));
  77
  78         if (!cli_initialise(&cli_trust))
  79         {
  80                 DEBUG(1,("cli_initialise failed for cli_trust\n"));
  81                 return False;
  82         }
  83
  84         DEBUG(1,("server connect for cli_trust\n"));
  85
  86         if (!server_connect_init(&cli_trust, hostname, dest_ip, dest_host))
  87         {
  88                 cli_error(&cli_trust, &err_cls, &err_num, NULL);
  89                 DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&cli_trust)));
  90
  91                 cli_shutdown(&cli_trust);
  92                 return False;
  93         }
  94
  95         DEBUG(1,("server connect cli_trust succeeded\n"));
  96
  97         nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
  98
  99         DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
 100
 101 #ifdef DEBUG_PASSWORD
 102         DEBUG(100,("client cryptkey: "));
 103         dump_data(100, cli_trust.cryptkey, sizeof(cli_trust.cryptkey));
 104 #endif
 105
 106         SMBencrypt(nt_owf_mach_pwd, cli_trust.cryptkey, nt_sess_pwd);
 107
 108 #ifdef DEBUG_PASSWORD
 109         DEBUG(100,("nt_owf_mach_pwd: "));
 110         dump_data(100, nt_owf_mach_pwd, sizeof(lm_owf_mach_pwd));
 111         DEBUG(100,("nt_sess_pwd: "));
 112         dump_data(100, nt_sess_pwd, sizeof(nt_sess_pwd));
 113 #endif
 114
 115         SMBencrypt(lm_owf_mach_pwd, cli_trust.cryptkey, lm_sess_pwd);
 116
 117 #ifdef DEBUG_PASSWORD
 118         DEBUG(100,("lm_owf_mach_pwd: "));
 119         dump_data(100, lm_owf_mach_pwd, sizeof(lm_owf_mach_pwd));
 120         DEBUG(100,("lm_sess_pwd: "));
 121         dump_data(100, lm_sess_pwd, sizeof(lm_sess_pwd));
 122 #endif
 123
 124         right_error_code = False;
 125
 126         if (cli_session_setup(&cli_trust, mach_acct,
 127                         nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd),
 128                         nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), domain))
 129         {
 130                 DEBUG(0,("cli_session_setup: NO ERROR! AAAGH! BUG IN SERVER DETECTED!!!\n"));
 131                 cli_shutdown(&cli_trust);
 132
 133                 return False;
 134         }
 135
 136         cli_error(&cli_trust, &err_cls, &err_num, NULL);
 137
 138         if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT))
 139         {
 140                 DEBUG(1,("cli_send_tconX: valid workstation trust account exists\n"));
 141                 right_error_code = True;
 142         }
 143
 144         if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER))
 145         {
 146                 DEBUG(1,("cli_send_tconX: workstation trust account does not exist\n"));
 147                 right_error_code = False;
 148         }
 149
 150         if (!right_error_code)
 151         {
 152                 DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&cli_trust)));
 153         }
 154
 155         cli_shutdown(&cli_trust);
 156         return right_error_code;
 157 }