source3/rpc_client/ntclienttrust.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 1.9.
   4    NT Domain Authentication SMB / MSRPC client
   5    Copyright (C) Andrew Tridgell 1994-1997
   6    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #ifdef SYSLOG
  24 #undef SYSLOG
  25 #endif
  26
  27 #include "includes.h"
  28
  29 extern int DEBUGLEVEL;
  30
  31
  32 /************************************************************************
  33  check workstation trust account status
  34  ************************************************************************/
  35 BOOL trust_account_check(struct in_addr dest_ip, char *dest_host,
  36                                 char *hostname, char *domain, fstring mach_acct,
  37                                 fstring new_mach_pwd)
  38 {
  39         pstring tmp;
  40         fstring mach_pwd;
  41         struct cli_state cli_trust;
  42         uchar lm_owf_mach_pwd[16];
  43         uchar nt_owf_mach_pwd[16];
  44         uchar lm_sess_pwd[24];
  45         uchar nt_sess_pwd[24];
  46
  47         BOOL right_error_code = False;
  48         uint8 err_cls;
  49         uint32 err_num;
  50
  51         char *start_mach_pwd;
  52         char *change_mach_pwd;
  53
  54         /* initial machine password */
  55         fstrcpy(mach_pwd, hostname);
  56         strlower(mach_pwd);
  57
  58         slprintf(tmp, sizeof(tmp) - 1,"Enter Workstation Trust Account password for [%s].\nDefault is [%s].\nPassword:",
  59                                 mach_acct, mach_pwd);
  60
  61         start_mach_pwd = (char*)getpass(tmp);
  62
  63         if (start_mach_pwd[0] != 0)
  64         {
  65                 fstrcpy(mach_pwd, start_mach_pwd);
  66         }
  67
  68         slprintf(tmp, sizeof(tmp)-1, "Enter new Workstation Trust Account password for [%s]\nPress Return to leave at old value.\nNew Password:",
  69                                 mach_acct);
  70
  71         change_mach_pwd = (char*)getpass(tmp);
  72
  73         if (change_mach_pwd[0] != 0)
  74         {
  75                 fstrcpy(new_mach_pwd, change_mach_pwd);
  76         }
  77         else
  78         {
  79                 DEBUG(1,("trust_account_check: password change not requested\n"));
  80                 change_mach_pwd[0] = 0;
  81         }
  82
  83         DEBUG(1,("initialise cli_trust connection\n"));
  84
  85         if (!cli_initialise(&cli_trust))
  86         {
  87                 DEBUG(1,("cli_initialise failed for cli_trust\n"));
  88                 return False;
  89         }
  90
  91         DEBUG(1,("server connect for cli_trust\n"));
  92
  93         if (!server_connect_init(&cli_trust, hostname, dest_ip, dest_host))
  94         {
  95                 cli_error(&cli_trust, &err_cls, &err_num, NULL);
  96                 DEBUG(1,("server_connect_init failed (%s)\n", cli_errstr(&cli_trust)));
  97
  98                 cli_shutdown(&cli_trust);
  99                 return False;
 100         }
 101
 102         DEBUG(1,("server connect cli_trust succeeded\n"));
 103
 104         nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
 105
 106         DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
 107
 108 #ifdef DEBUG_PASSWORD
 109         DEBUG(100,("client cryptkey: "));
 110         dump_data(100, cli_trust.cryptkey, sizeof(cli_trust.cryptkey));
 111 #endif
 112
 113         SMBencrypt(nt_owf_mach_pwd, cli_trust.cryptkey, nt_sess_pwd);
 114
 115 #ifdef DEBUG_PASSWORD
 116         DEBUG(100,("nt_owf_mach_pwd: "));
 117         dump_data(100, nt_owf_mach_pwd, sizeof(lm_owf_mach_pwd));
 118         DEBUG(100,("nt_sess_pwd: "));
 119         dump_data(100, nt_sess_pwd, sizeof(nt_sess_pwd));
 120 #endif
 121
 122         SMBencrypt(lm_owf_mach_pwd, cli_trust.cryptkey, lm_sess_pwd);
 123
 124 #ifdef DEBUG_PASSWORD
 125         DEBUG(100,("lm_owf_mach_pwd: "));
 126         dump_data(100, lm_owf_mach_pwd, sizeof(lm_owf_mach_pwd));
 127         DEBUG(100,("lm_sess_pwd: "));
 128         dump_data(100, lm_sess_pwd, sizeof(lm_sess_pwd));
 129 #endif
 130
 131         right_error_code = False;
 132
 133         if (cli_session_setup(&cli_trust, mach_acct,
 134                         nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd),
 135                         nt_owf_mach_pwd, sizeof(nt_owf_mach_pwd), domain))
 136         {
 137                 DEBUG(0,("cli_session_setup: NO ERROR! AAAGH! BUG IN SERVER DETECTED!!!\n"));
 138                 cli_shutdown(&cli_trust);
 139
 140                 return False;
 141         }
 142
 143         cli_error(&cli_trust, &err_cls, &err_num, NULL);
 144
 145         if (err_num == (0xC0000000 | NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT))
 146         {
 147                 DEBUG(1,("cli_send_tconX: valid workstation trust account exists\n"));
 148                 right_error_code = True;
 149         }
 150
 151         if (err_num == (0xC0000000 | NT_STATUS_NO_SUCH_USER))
 152         {
 153                 DEBUG(1,("cli_send_tconX: workstation trust account does not exist\n"));
 154                 right_error_code = False;
 155         }
 156
 157         if (!right_error_code)
 158         {
 159                 DEBUG(1,("server_validate failed (%s)\n", cli_errstr(&cli_trust)));
 160         }
 161
 162         cli_shutdown(&cli_trust);
 163         return right_error_code;
 164 }
 165
 166