diff options
| author | Luke Leighton <lkcl@samba.org> | 1997-10-22 17:51:02 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1997-10-22 17:51:02 +0000 |
| commit | b88ee3e16c6b671069f53ca2e9c5694ec8b1c030 (patch) | |
| tree | 334148e4bddec0ff7b9600321039bc5afe63e994 | |
| parent | 6ee065ce6e099acfc7e83ad399ef6e60b4c625c1 (diff) | |
| download | samba-b88ee3e16c6b671069f53ca2e9c5694ec8b1c030.tar.gz samba-b88ee3e16c6b671069f53ca2e9c5694ec8b1c030.tar.xz samba-b88ee3e16c6b671069f53ca2e9c5694ec8b1c030.zip | |
Makefile client.c :
adding start of undocumented options to do NT domain logons, client-side.
starting with LSA_REQCHAL.
the code here happily crashes smbd: i'll investigate this further... :-)
smbparse.c pipeutil.c lsaparse.c :
moved some of the common make_xxxx() functions out of pipeutil.c
so that the make_xxxx and (smb/lsa)_io_xxxx functions now sit
together. makes sense, really...
added a make_q_req_chal() function.
restructured make_rpc_reply() and called it make_rpc_hdr(). created
functions create_rpc_reply() and create_rpc_response().
pipenetlog.c pipentlsa.c pipesrvsvc.c
calling new create_rpc_reply() function instead of old make_rpc_reply().
proto.h :
usual.
smb.h:
added enum for RPC_PACKET_TYPE
| -rw-r--r-- | source/client/client.c | 100 | ||||
| -rw-r--r-- | source/include/proto.h | 23 | ||||
| -rw-r--r-- | source/include/smb.h | 8 | ||||
| -rw-r--r-- | source/lsaparse.c | 23 | ||||
| -rw-r--r-- | source/pipenetlog.c | 17 | ||||
| -rw-r--r-- | source/pipentlsa.c | 16 | ||||
| -rw-r--r-- | source/pipesrvsvc.c | 15 | ||||
| -rw-r--r-- | source/pipeutil.c | 117 | ||||
| -rw-r--r-- | source/smbparse.c | 140 |
9 files changed, 315 insertions, 144 deletions
diff --git a/source/client/client.c b/source/client/client.c index aaa0186a78d..6d488bd2f5f 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -3515,6 +3515,67 @@ static BOOL process(char *base_directory) return(True); } +/**************************************************************************** +LSA Request Challenge on the NETLOGON pipe. +****************************************************************************/ +static BOOL cli_lsa_req_chal(void) +{ + char *rparam = NULL; + char *rdata = NULL; + char *p; + int rdrcnt,rprcnt; + int count = 0; + pstring param; /* only 1024 bytes */ + LSA_Q_REQ_CHAL q_c; + DOM_CHAL clnt_chal; + int call_id = 0x1; + + /* create and send a MSRPC command with api LSA_REQCHAL */ + + clnt_chal.data[0] = 0x11111111; + clnt_chal.data[1] = 0x22222222; + + DEBUG(4,("LSA Request Challenge from %s to %s: %lx %lx\n", + desthost, myhostname, clnt_chal.data[0], clnt_chal.data[1])); + + /* store the parameters */ + make_q_req_chal(&q_c, desthost, myhostname, &clnt_chal); + + /* turn parameters into data stream */ + p = lsa_io_q_req_chal(False, &q_c, param + 0x18, param, 4, 5); + + /* create the request RPC_HDR _after_ the main data: length is now known */ + create_rpc_request(call_id, LSA_REQCHAL, param, PTR_DIFF(p, param)); + + /* send the data on \PIPE\NETLOGON */ + if (cli_call_api(PIPE_NETLOGON, PTR_DIFF(p, param),0, + 1024,BUFFER_SIZE, + &rprcnt,&rdrcnt, + param,NULL, + &rparam,&rdata)) + { +#if 0 + /* oh, now what??? */ + + int res = SVAL(rparam,0); + int converter=SVAL(rparam,2); + int i; + BOOL long_share_name=False; + + if (res == 0) + { + count=SVAL(rparam,4); + p = rdata; + + } +#endif + } + + if (rparam) free(rparam); + if (rdata) free(rdata); + + return(count>0); +} /**************************************************************************** usage on the program @@ -3559,6 +3620,7 @@ static void usage(char *pname) extern int optind; pstring query_host; BOOL message = False; + BOOL nt_domain_logon = False; extern char tar_type; static pstring servicesf = CONFIGFILE; pstring term_code; @@ -3658,7 +3720,7 @@ static void usage(char *pname) } while ((opt = - getopt(argc, argv,"s:B:O:M:i:Nn:d:Pp:l:hI:EB:U:L:t:m:W:T:D:c:")) != EOF) + getopt(argc, argv,"s:B:O:M:S:i:Nn:d:Pp:l:hI:EB:U:L:t:m:W:T:D:c:")) != EOF) switch (opt) { case 'm': @@ -3667,6 +3729,11 @@ static void usage(char *pname) case 'O': strcpy(user_socket_options,optarg); break; + case 'S': + strcpy(desthost,optarg); + strupper(desthost); + nt_domain_logon = True; + break; case 'M': name_type = 0x03; /* messages are sent to NetBIOS name type 0x3 */ strcpy(desthost,optarg); @@ -3822,7 +3889,7 @@ static void usage(char *pname) return(1); } - if (*query_host) + if (*query_host && !nt_domain_logon) { int ret = 0; sprintf(service,"\\\\%s\\IPC$",query_host); @@ -3871,6 +3938,35 @@ static void usage(char *pname) return(ret); } + if (nt_domain_logon) + { + int ret = 0; + sprintf(service,"\\\\%s\\IPC$",query_host); + strupper(service); + connect_as_ipc = True; + + DEBUG(5,("NT Domain Logon. Service: %s\n", service)); + + if (cli_open_sockets(port)) + { + if (!cli_send_login(NULL,NULL,True,True)) + { + return(1); + } + + cli_lsa_req_chal(); +#if 0 + cli_lsa_auth2(); + cli_lsa_sam_logon(); + cli_lsa_sam_logoff(); +#endif + cli_send_logout(); + close_sockets(); + } + + return(ret); + } + if (cli_open_sockets(port)) { if (!process(base_directory)) diff --git a/source/include/proto.h b/source/include/proto.h index 636b99e6466..d62adb9f842 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -372,6 +372,9 @@ char* lsa_io_q_lookup_sids(BOOL io, LSA_Q_LOOKUP_SIDS *q_s, char *q, char *base, char* lsa_io_r_lookup_sids(BOOL io, LSA_R_LOOKUP_SIDS *r_s, char *q, char *base, int align, int depth); char* lsa_io_q_lookup_rids(BOOL io, LSA_Q_LOOKUP_RIDS *q_r, char *q, char *base, int align, int depth); char* lsa_io_r_lookup_rids(BOOL io, LSA_R_LOOKUP_RIDS *r_r, char *q, char *base, int align, int depth); +void make_q_req_chal(LSA_Q_REQ_CHAL *q_c, + char *logon_srv, char *logon_clnt, + DOM_CHAL *clnt_chal); char* lsa_io_q_req_chal(BOOL io, LSA_Q_REQ_CHAL *q_c, char *q, char *base, int align, int depth); char* lsa_io_r_req_chal(BOOL io, LSA_R_REQ_CHAL *r_c, char *q, char *base, int align, int depth); char* lsa_io_q_auth_2(BOOL io, LSA_Q_AUTH_2 *q_a, char *q, char *base, int align, int depth); @@ -708,17 +711,10 @@ void initrpcreply(char *inbuf, char *q); void endrpcreply(char *inbuf, char *q, int datalen, int rtnval, int *rlen); BOOL name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid); char *dom_sid_to_string(DOM_SID *sid); -void make_dom_sid(DOM_SID *sid, char *domsid); int make_dom_sids(char *sids_str, DOM_SID *sids, int max_sids); int make_dom_gids(char *gids_str, DOM_GID *gids); -void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len); -int make_rpc_reply(char *inbuf, char *q, int data_len); -void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate); -void make_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate); -void make_unistr(UNISTR *str, char *buf); -void make_unistr2(UNISTR2 *str, char *buf, int len); -void make_dom_rid2(DOM_RID2 *rid2, uint32 rid); -void make_dom_sid2(DOM_SID2 *sid2, char *sid_str); +int create_rpc_request(uint32 call_id, uint16 op_num, char *q, int data_len); +int create_rpc_reply(uint32 call_id, char *q, int data_len); /*The following definitions come from predict.c */ @@ -893,12 +889,19 @@ void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); char* smb_io_utime(BOOL io, UTIME *t, char *q, char *base, int align, int depth); char* smb_io_time(BOOL io, NTTIME *nttime, char *q, char *base, int align, int depth); +void make_dom_sid(DOM_SID *sid, char *domsid); char* smb_io_dom_sid(BOOL io, DOM_SID *sid, char *q, char *base, int align, int depth); +void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate); char* smb_io_unihdr(BOOL io, UNIHDR *hdr, char *q, char *base, int align, int depth); +void make_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate); char* smb_io_unihdr2(BOOL io, UNIHDR2 *hdr2, char *q, char *base, int align, int depth); +void make_unistr(UNISTR *str, char *buf); char* smb_io_unistr(BOOL io, UNISTR *uni, char *q, char *base, int align, int depth); +void make_unistr2(UNISTR2 *str, char *buf, int len); char* smb_io_unistr2(BOOL io, UNISTR2 *uni2, char *q, char *base, int align, int depth); +void make_dom_sid2(DOM_SID2 *sid2, char *sid_str); char* smb_io_dom_sid2(BOOL io, DOM_SID2 *sid2, char *q, char *base, int align, int depth); +void make_dom_rid2(DOM_RID2 *rid2, uint32 rid); char* smb_io_dom_rid2(BOOL io, DOM_RID2 *rid2, char *q, char *base, int align, int depth); char* smb_io_clnt_srv(BOOL io, DOM_CLNT_SRV *log, char *q, char *base, int align, int depth); char* smb_io_log_info(BOOL io, DOM_LOG_INFO *log, char *q, char *base, int align, int depth); @@ -911,6 +914,8 @@ char* smb_io_arc4_owf(BOOL io, ARC4_OWF *hash, char *q, char *base, int align, i char* smb_io_id_info1(BOOL io, DOM_ID_INFO_1 *id, char *q, char *base, int align, int depth); char* smb_io_sam_info(BOOL io, DOM_SAM_INFO *sam, char *q, char *base, int align, int depth); char* smb_io_gid(BOOL io, DOM_GID *gid, char *q, char *base, int align, int depth); +void make_rpc_header(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, + uint32 call_id, int data_len, int opnum); char* smb_io_rpc_hdr(BOOL io, RPC_HDR *rpc, char *q, char *base, int align, int depth); char* smb_io_pol_hnd(BOOL io, LSA_POL_HND *pol, char *q, char *base, int align, int depth); char* smb_io_dom_query_3(BOOL io, DOM_QUERY_3 *d_q, char *q, char *base, int align, int depth); diff --git a/source/include/smb.h b/source/include/smb.h index d10b449e6fd..83ed54c998f 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -268,6 +268,14 @@ typedef fstring string; /* NETLOGON opcodes and data structures */ +enum RPC_PKT_TYPE +{ + RPC_REQUEST = 0x00, + RPC_RESPONSE = 0x02, + RPC_BIND = 0x0B, + RPC_BINDACK = 0x0C +}; + #define NET_QUERYFORPDC 7 /* Query for PDC */ #define NET_QUERYFORPDC_R 12 /* Response to Query for PDC */ #define NET_SAMLOGON 18 diff --git a/source/lsaparse.c b/source/lsaparse.c index ae3d06faac9..7b23f057f1f 100644 --- a/source/lsaparse.c +++ b/source/lsaparse.c @@ -232,7 +232,28 @@ char* lsa_io_r_lookup_rids(BOOL io, LSA_R_LOOKUP_RIDS *r_r, char *q, char *base, } /******************************************************************* -reads or writes a structure. +makes an LSA_Q_REQ_CHAL structure. +********************************************************************/ +void make_q_req_chal(LSA_Q_REQ_CHAL *q_c, + char *logon_srv, char *logon_clnt, + DOM_CHAL *clnt_chal) +{ + if (q_c == NULL) return; + + DEBUG(5,("make_q_req_chal: %d\n", __LINE__)); + + q_c->undoc_buffer = 1; /* don't know what this buffer is */ + + make_unistr2(&(q_c->uni_logon_srv ), logon_srv , strlen(logon_srv )); + make_unistr2(&(q_c->uni_logon_clnt), logon_clnt, strlen(logon_clnt)); + + memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data)); + + DEBUG(5,("make_q_req_chal: %d\n", __LINE__)); +} + +/******************************************************************* +reads or writes an LSA_Q_REQ_CHAL structure. ********************************************************************/ char* lsa_io_q_req_chal(BOOL io, LSA_Q_REQ_CHAL *q_c, char *q, char *base, int align, int depth) { diff --git a/source/pipenetlog.c b/source/pipenetlog.c index 7e69ac3880d..fcd44b9701e 100644 --- a/source/pipenetlog.c +++ b/source/pipenetlog.c @@ -624,12 +624,14 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - uint16 opnum = SVAL(data,22); - int pkttype = CVAL(data, 2); + /* really should decode these using an RPC_HDR structure */ + int pkttype = CVAL(data, 2); + uint32 call_id = SVAL(data,12); + uint16 opnum = SVAL(data,22); user_struct *vuser; - if (pkttype == 0x0b) /* RPC BIND */ + if (pkttype == RPC_BIND) /* RPC BIND */ { DEBUG(4,("netlogon rpc bind %x\n",pkttype)); LsarpcTNP1(data,rdata,rdata_len); @@ -648,7 +650,7 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_REQCHAL\n")); api_lsa_req_chal(cnum, uid, vuser, param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -656,7 +658,7 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_AUTH2\n")); api_lsa_auth_2(vuser, param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -664,7 +666,7 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_SRVPWSET\n")); api_lsa_srv_pwset(vuser, param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -672,7 +674,7 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_SAMLOGON\n")); api_lsa_sam_logon(vuser, param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -680,6 +682,7 @@ BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_SAMLOGOFF\n")); api_lsa_sam_logoff(vuser, param, data, rdata, rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } diff --git a/source/pipentlsa.c b/source/pipentlsa.c index 592cf8901ef..cabde4f8cdc 100644 --- a/source/pipentlsa.c +++ b/source/pipentlsa.c @@ -300,10 +300,12 @@ BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - uint16 opnum = SVAL(data,22); + /* really should decode these using an RPC_HDR structure */ + int pkttype = CVAL(data, 2); + uint32 call_id = CVAL(data, 12); + uint16 opnum = SVAL(data, 22); - int pkttype = CVAL(data, 2); - if (pkttype == 0x0b) /* RPC BIND */ + if (pkttype == RPC_BIND) /* RPC BIND */ { DEBUG(4,("netlogon rpc bind %x\n",pkttype)); LsarpcTNP1(data,rdata,rdata_len); @@ -317,7 +319,7 @@ BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_OPENPOLICY\n")); api_lsa_open_policy(param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -326,7 +328,7 @@ BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, DEBUG(3,("LSA_QUERYINFOPOLICY\n")); api_lsa_query_info(param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -394,7 +396,7 @@ BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_OPENSECRET\n")); api_lsa_lookup_sids(param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } @@ -402,7 +404,7 @@ BOOL api_ntLsarpcTNP(int cnum,int uid, char *param,char *data, { DEBUG(3,("LSA_LOOKUPNAMES\n")); api_lsa_lookup_names(param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } diff --git a/source/pipesrvsvc.c b/source/pipesrvsvc.c index 845590d98c7..2c94bb2ebfb 100644 --- a/source/pipesrvsvc.c +++ b/source/pipesrvsvc.c @@ -188,15 +188,14 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data, char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - uint16 opnum; - char *q; - int pkttype; - extern pstring myname; + int pkttype = CVAL(data, 2); + uint32 call_id = SVAL(data,12); + uint16 opnum = SVAL(data,22); - opnum = SVAL(data,22); + extern pstring myname; + char *q; - pkttype = CVAL(data, 2); - if (pkttype == 0x0b) /* RPC BIND */ + if (pkttype == RPC_BIND) /* RPC BIND */ { DEBUG(4,("srvsvc rpc bind %x\n",pkttype)); LsarpcTNP1(data,rdata,rdata_len); @@ -214,7 +213,7 @@ BOOL api_srvsvcTNP(int cnum,int uid, char *param,char *data, { api_srv_net_share_info( param, data, rdata, rdata_len); - make_rpc_reply(data, *rdata, *rdata_len); + create_rpc_reply(call_id, *rdata, *rdata_len); break; } diff --git a/source/pipeutil.c b/source/pipeutil.c index a939e127661..135eb19190c 100644 --- a/source/pipeutil.c +++ b/source/pipeutil.c @@ -123,51 +123,6 @@ char *dom_sid_to_string(DOM_SID *sid) return sidstr; } -/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ -/* identauth >= 2^32 can be detected because it will be specified in hex */ -void make_dom_sid(DOM_SID *sid, char *domsid) -{ - int identauth; - char *p; - - if (sid == NULL) return; - - if (domsid == NULL) - { - DEBUG(4,("netlogon domain SID: none\n")); - sid->sid_rev_num = 0; - sid->num_auths = 0; - return; - } - - DEBUG(4,("netlogon domain SID: %s\n", domsid)); - - /* assume, but should check, that domsid starts "S-" */ - p = strtok(domsid+2,"-"); - sid->sid_rev_num = atoi(p); - - /* identauth in decimal should be < 2^32 */ - /* identauth in hex should be >= 2^32 */ - identauth = atoi(strtok(0,"-")); - - DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num)); - DEBUG(4,("netlogon %s ia %d\n", p, identauth)); - - sid->id_auth[0] = 0; - sid->id_auth[1] = 0; - sid->id_auth[2] = (identauth & 0xff000000) >> 24; - sid->id_auth[3] = (identauth & 0x00ff0000) >> 16; - sid->id_auth[4] = (identauth & 0x0000ff00) >> 8; - sid->id_auth[5] = (identauth & 0x000000ff); - - sid->num_auths = 0; - - while ((p = strtok(0, "-")) != NULL) - { - sid->sub_auths[sid->num_auths++] = atoi(p); - } -} - int make_dom_sids(char *sids_str, DOM_SID *sids, int max_sids) { char *ptr; @@ -262,77 +217,21 @@ int make_dom_gids(char *gids_str, DOM_GID *gids) return count; } -void create_rpc_reply(RPC_HDR *hdr, uint32 call_id, int data_len) -{ - if (hdr == NULL) return; - - hdr->major = 5; /* RPC version 5 */ - hdr->minor = 0; /* minor version 0 */ - hdr->pkt_type = 2; /* RPC response packet */ - hdr->frag = 3; /* first frag + last frag */ - hdr->pack_type = 0x10; /* packed data representation */ - hdr->frag_len = data_len; /* fragment length, fill in later */ - hdr->auth_len = 0; /* authentication length */ - hdr->call_id = call_id; /* call identifier - match incoming RPC */ - hdr->alloc_hint = data_len - 0x18; /* allocation hint (no idea) */ - hdr->context_id = 0; /* presentation context identifier */ - hdr->cancel_count = 0; /* cancel count */ - hdr->reserved = 0; /* reserved */ -} - -int make_rpc_reply(char *inbuf, char *q, int data_len) +int create_rpc_request(uint32 call_id, uint16 op_num, char *q, int data_len) { - uint32 callid = IVAL(inbuf, 12); RPC_HDR hdr; - create_rpc_reply(&hdr, callid, data_len); + /* XXXX cheat - use cancel count to store opnum */ + make_rpc_header(&hdr, RPC_RESPONSE, call_id, data_len, op_num); return smb_io_rpc_hdr(False, &hdr, q, q, 4, 0) - q; } -void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate) -{ - hdr->uni_max_len = 2 * max_len; - hdr->uni_str_len = 2 * len; - hdr->undoc = terminate; -} - -void make_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate) -{ - make_uni_hdr(&(hdr->unihdr), max_len, len, terminate); - hdr->undoc_buffer = len > 0 ? 1 : 0; -} - -void make_unistr(UNISTR *str, char *buf) -{ - /* store the string (null-terminated copy) */ - PutUniCode((char *)(str->buffer), buf); -} - -void make_unistr2(UNISTR2 *str, char *buf, int len) +int create_rpc_reply(uint32 call_id, char *q, int data_len) { - /* set up string lengths. add one if string is not null-terminated */ - str->uni_max_len = len; - str->undoc = 0; - str->uni_str_len = len; - - /* store the string (null-terminated copy) */ - PutUniCode((char *)str->buffer, buf); -} + RPC_HDR hdr; -void make_dom_rid2(DOM_RID2 *rid2, uint32 rid) -{ - rid2->type = 0x5; - rid2->undoc = 0x5; - rid2->rid = rid; - rid2->rid_idx = 0; + /* XXXX cheat - use cancel count to store opnum */ + make_rpc_header(&hdr, RPC_RESPONSE, call_id, data_len, 0); + return smb_io_rpc_hdr(False, &hdr, q, q, 4, 0) - q; } -void make_dom_sid2(DOM_SID2 *sid2, char *sid_str) -{ - int len_sid_str = strlen(sid_str); - - sid2->type = 0x5; - sid2->undoc = 0; - make_uni_hdr2(&(sid2->hdr), len_sid_str, len_sid_str, 0); - make_unistr (&(sid2->str), sid_str); -} diff --git a/source/smbparse.c b/source/smbparse.c index c9a3337c22e..ec0e877778d 100644 --- a/source/smbparse.c +++ b/source/smbparse.c @@ -23,7 +23,6 @@ extern int DEBUGLEVEL; - /******************************************************************* reads or writes a UTIME type. ********************************************************************/ @@ -60,6 +59,56 @@ char* smb_io_time(BOOL io, NTTIME *nttime, char *q, char *base, int align, int d } /******************************************************************* +creates a DOM_SID structure. + +BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 +identauth >= 2^32 can be detected because it will be specified in hex + +********************************************************************/ +void make_dom_sid(DOM_SID *sid, char *domsid) +{ + int identauth; + char *p; + + if (sid == NULL) return; + + if (domsid == NULL) + { + DEBUG(4,("netlogon domain SID: none\n")); + sid->sid_rev_num = 0; + sid->num_auths = 0; + return; + } + + DEBUG(4,("netlogon domain SID: %s\n", domsid)); + + /* assume, but should check, that domsid starts "S-" */ + p = strtok(domsid+2,"-"); + sid->sid_rev_num = atoi(p); + + /* identauth in decimal should be < 2^32 */ + /* identauth in hex should be >= 2^32 */ + identauth = atoi(strtok(0,"-")); + + DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num)); + DEBUG(4,("netlogon %s ia %d\n", p, identauth)); + + sid->id_auth[0] = 0; + sid->id_auth[1] = 0; + sid->id_auth[2] = (identauth & 0xff000000) >> 24; + sid->id_auth[3] = (identauth & 0x00ff0000) >> 16; + sid->id_auth[4] = (identauth & 0x0000ff00) >> 8; + sid->id_auth[5] = (identauth & 0x000000ff); + + sid->num_auths = 0; + + while ((p = strtok(0, "-")) != NULL) + { + sid->sub_auths[sid->num_auths++] = atoi(p); + } +} + +/******************************************************************* reads or writes a DOM_SID structure. ********************************************************************/ char* smb_io_dom_sid(BOOL io, DOM_SID *sid, char *q, char *base, int align, int depth) @@ -93,6 +142,16 @@ char* smb_io_dom_sid(BOOL io, DOM_SID *sid, char *q, char *base, int align, int } /******************************************************************* +creates a UNIHDR structure. +********************************************************************/ +void make_uni_hdr(UNIHDR *hdr, int max_len, int len, uint16 terminate) +{ + hdr->uni_max_len = 2 * max_len; + hdr->uni_str_len = 2 * len; + hdr->undoc = terminate; +} + +/******************************************************************* reads or writes a UNIHDR structure. ********************************************************************/ char* smb_io_unihdr(BOOL io, UNIHDR *hdr, char *q, char *base, int align, int depth) @@ -116,6 +175,15 @@ char* smb_io_unihdr(BOOL io, UNIHDR *hdr, char *q, char *base, int align, int de } /******************************************************************* +creates a UNIHDR2 structure. +********************************************************************/ +void make_uni_hdr2(UNIHDR2 *hdr, int max_len, int len, uint16 terminate) +{ + make_uni_hdr(&(hdr->unihdr), max_len, len, terminate); + hdr->undoc_buffer = len > 0 ? 1 : 0; +} + +/******************************************************************* reads or writes a UNIHDR2 structure. ********************************************************************/ char* smb_io_unihdr2(BOOL io, UNIHDR2 *hdr2, char *q, char *base, int align, int depth) @@ -134,6 +202,15 @@ char* smb_io_unihdr2(BOOL io, UNIHDR2 *hdr2, char *q, char *base, int align, int } /******************************************************************* +creates a UNISTR structure. +********************************************************************/ +void make_unistr(UNISTR *str, char *buf) +{ + /* store the string (null-terminated copy) */ + PutUniCode((char *)(str->buffer), buf); +} + +/******************************************************************* reads or writes a UNISTR structure. XXXX NOTE: UNISTR structures NEED to be null-terminated. ********************************************************************/ @@ -160,6 +237,20 @@ char* smb_io_unistr(BOOL io, UNISTR *uni, char *q, char *base, int align, int de } /******************************************************************* +creates a UNISTR2 structure. +********************************************************************/ +void make_unistr2(UNISTR2 *str, char *buf, int len) +{ + /* set up string lengths. add one if string is not null-terminated */ + str->uni_max_len = len; + str->undoc = 0; + str->uni_str_len = len; + + /* store the string (null-terminated copy) */ + PutUniCode((char *)str->buffer, buf); +} + +/******************************************************************* reads or writes a UNISTR2 structure. XXXX NOTE: UNISTR2 structures need NOT be null-terminated. the uni_str_len member tells you how long the string is; @@ -193,6 +284,19 @@ char* smb_io_unistr2(BOOL io, UNISTR2 *uni2, char *q, char *base, int align, int } /******************************************************************* +creates a DOM_SID2 structure. +********************************************************************/ +void make_dom_sid2(DOM_SID2 *sid2, char *sid_str) +{ + int len_sid_str = strlen(sid_str); + + sid2->type = 0x5; + sid2->undoc = 0; + make_uni_hdr2(&(sid2->hdr), len_sid_str, len_sid_str, 0); + make_unistr (&(sid2->str), sid_str); +} + +/******************************************************************* reads or writes a DOM_SID2 structure. ********************************************************************/ char* smb_io_dom_sid2(BOOL io, DOM_SID2 *sid2, char *q, char *base, int align, int depth) @@ -220,6 +324,17 @@ char* smb_io_dom_sid2(BOOL io, DOM_SID2 *sid2, char *q, char *base, int align, i } /******************************************************************* +creates a DOM_RID2 structure. +********************************************************************/ +void make_dom_rid2(DOM_RID2 *rid2, uint32 rid) +{ + rid2->type = 0x5; + rid2->undoc = 0x5; + rid2->rid = rid; + rid2->rid_idx = 0; +} + +/******************************************************************* reads or writes a DOM_RID2 structure. ********************************************************************/ char* smb_io_dom_rid2(BOOL io, DOM_RID2 *rid2, char *q, char *base, int align, int depth) @@ -494,6 +609,28 @@ char* smb_io_gid(BOOL io, DOM_GID *gid, char *q, char *base, int align, int dept } /******************************************************************* +creates an RPC_HDR structure. +********************************************************************/ +void make_rpc_header(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, + uint32 call_id, int data_len, int opnum) +{ + if (hdr == NULL) return; + + hdr->major = 5; /* RPC version 5 */ + hdr->minor = 0; /* minor version 0 */ + hdr->pkt_type = pkt_type; /* RPC packet type */ + hdr->frag = 3; /* first frag + last frag */ + hdr->pack_type = 0x10; /* packed data representation */ + hdr->frag_len = data_len; /* fragment length, fill in later */ + hdr->auth_len = 0; /* authentication length */ + hdr->call_id = call_id; /* call identifier - match incoming RPC */ + hdr->alloc_hint = data_len - 0x18; /* allocation hint (no idea) */ + hdr->context_id = 0; /* presentation context identifier */ + hdr->cancel_count = opnum; /* cancel count. or opnum. XXXX CHEAT! */ + hdr->reserved = 0; /* reserved */ +} + +/******************************************************************* reads or writes an RPC_HDR structure. ********************************************************************/ char* smb_io_rpc_hdr(BOOL io, RPC_HDR *rpc, char *q, char *base, int align, int depth) @@ -516,6 +653,7 @@ char* smb_io_rpc_hdr(BOOL io, RPC_HDR *rpc, char *q, char *base, int align, int DBG_RW_IVAL("call_id ", depth, base, io, q, rpc->call_id); q += 4; DBG_RW_IVAL("alloc_hint", depth, base, io, q, rpc->alloc_hint); q += 4; DBG_RW_CVAL("context_id", depth, base, io, q, rpc->context_id); q++; + DBG_RW_CVAL("cancel_ct ", depth, base, io, q, rpc->cancel_count); q++; DBG_RW_CVAL("reserved ", depth, base, io, q, rpc->reserved); q++; return q; |