diff options
| author | Luke Leighton <lkcl@samba.org> | 2000-04-09 06:11:35 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 2000-04-09 06:11:35 +0000 |
| commit | ee094f5897e0a43858a295e0eb18bada7a38d2b6 (patch) | |
| tree | 71f5bf291a4915c7c400aadb9d99e2db66d53978 | |
| parent | d5498f171e680db68ccdecc4a98b9ebfdc65a0b0 (diff) | |
| download | samba-ee094f5897e0a43858a295e0eb18bada7a38d2b6.tar.gz samba-ee094f5897e0a43858a295e0eb18bada7a38d2b6.tar.xz samba-ee094f5897e0a43858a295e0eb18bada7a38d2b6.zip | |
gets really interesting. it's dog-slow (at debug level 100), but
i think i now have security=domain working.
i also think i fixed the bug where NT5 wks fails with an RPC error
when the user password is wrong.
| -rw-r--r-- | source/include/lib_smb_proto.h | 3 | ||||
| -rw-r--r-- | source/include/proto.h | 26 | ||||
| -rw-r--r-- | source/netlogond/srv_netlogon_nt.c | 97 | ||||
| -rw-r--r-- | source/rpc_parse/parse_net.c | 15 | ||||
| -rw-r--r-- | source/rpc_server/srv_netlog.c | 5 |
5 files changed, 99 insertions, 47 deletions
diff --git a/source/include/lib_smb_proto.h b/source/include/lib_smb_proto.h index 19f42d6e478..f21bf9090b5 100644 --- a/source/include/lib_smb_proto.h +++ b/source/include/lib_smb_proto.h @@ -534,7 +534,8 @@ BOOL net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON * q_l, prs_struct *ps, int depth); BOOL make_r_sam_logon(NET_R_SAM_LOGON * r_s, const DOM_CRED * srv_creds, - uint16 switch_value, void *id, uint32 status); + uint16 switch_value, void *id, + uint32 auth_resp, uint32 status); BOOL net_io_user_info_ctr(char *desc, NET_USER_INFO_CTR * ctr, prs_struct *ps, int depth); void free_net_user_info_ctr(NET_USER_INFO_CTR * ctr); diff --git a/source/include/proto.h b/source/include/proto.h index 013099034df..829cf308d5e 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -176,7 +176,7 @@ void add_char_string(char *s); /*The following definitions come from lib/cmd_interp.c */ void free_cmd_set_array(uint32 num_entries, struct command_set **entries); -struct command_set *add_cmd_set_to_array(uint32 * len, +struct command_set *add_cmd_set_to_array(uint32 *len, struct command_set ***array, const struct command_set *cmd); void add_command_set(const struct command_set *cmds); @@ -1391,8 +1391,7 @@ msrpc_service_fns *get_service_fns(void); uint32 _net_req_chal(const UNISTR2 *uni_logon_server, const UNISTR2 *uni_logon_client, - const DOM_CHAL * clnt_chal, - DOM_CHAL * srv_chal); + const DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal); uint32 _net_logon_ctrl2(const UNISTR2 *uni_server_name, uint32 function_code, uint32 query_level, @@ -1405,23 +1404,20 @@ uint32 _net_auth(const UNISTR2 *uni_logon_srv, const UNISTR2 *uni_acct_name, uint16 sec_chan, const UNISTR2 *uni_comp_name, - const DOM_CHAL * clnt_chal, - DOM_CHAL * srv_chal); + const DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal); uint32 _net_auth_2(const UNISTR2 *uni_logon_srv, const UNISTR2 *uni_acct_name, uint16 sec_chan, const UNISTR2 *uni_comp_name, const DOM_CHAL * clnt_chal, const NEG_FLAGS * clnt_flgs, - DOM_CHAL * srv_chal, - NEG_FLAGS * srv_flgs); + DOM_CHAL * srv_chal, NEG_FLAGS * srv_flgs); uint32 _net_srv_pwset(const UNISTR2 *uni_logon_srv, const UNISTR2 *uni_acct_name, uint16 sec_chan, const UNISTR2 *uni_comp_name, const DOM_CRED * clnt_cred, - const uint8 pwd[16], - DOM_CRED * srv_cred); + const uint8 pwd[16], DOM_CRED * srv_cred); uint32 _net_sam_logon(const UNISTR2 *uni_logon_srv, const UNISTR2 *uni_comp_name, const DOM_CRED * clnt_cred, @@ -1429,10 +1425,8 @@ uint32 _net_sam_logon(const UNISTR2 *uni_logon_srv, const NET_ID_INFO_CTR * id_ctr, uint16 validation_level, DOM_CRED * srv_creds, - NET_USER_INFO_CTR * uctr, - uint32 *auth_resp); -uint32 _net_sam_logoff(const DOM_SAM_INFO * sam_id, - DOM_CRED * srv_creds); + NET_USER_INFO_CTR * uctr, uint32 *auth_resp); +uint32 _net_sam_logoff(const DOM_SAM_INFO * sam_id, DOM_CRED * srv_creds); uint32 _net_sam_sync(const UNISTR2 *uni_srv_name, const UNISTR2 *uni_cli_name, DOM_CRED * cli_creds, @@ -2623,7 +2617,8 @@ BOOL net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON * q_l, prs_struct *ps, int depth); BOOL make_r_sam_logon(NET_R_SAM_LOGON * r_s, const DOM_CRED * srv_creds, - uint16 switch_value, void *id, uint32 status); + uint16 switch_value, void *id, + uint32 auth_resp, uint32 status); BOOL net_io_user_info_ctr(char *desc, NET_USER_INFO_CTR * ctr, prs_struct *ps, int depth); void free_net_user_info_ctr(NET_USER_INFO_CTR * ctr); @@ -2971,7 +2966,8 @@ void cmd_lsa_lookup_names(struct client_info *info, int argc, char *argv[]); void cmd_lsa_lookup_sids(struct client_info *info, int argc, char *argv[]); void cmd_lsa_set_secret(struct client_info *info, int argc, char *argv[]); void cmd_lsa_create_secret(struct client_info *info, int argc, char *argv[]); -void cmd_lsa_query_secret_secobj(struct client_info *info, int argc, char *argv[]); +void cmd_lsa_query_secret_secobj(struct client_info *info, int argc, + char *argv[]); void cmd_lsa_query_secret(struct client_info *info, int argc, char *argv[]); /*The following definitions come from rpcclient/cmd_netlogon.c */ diff --git a/source/netlogond/srv_netlogon_nt.c b/source/netlogond/srv_netlogon_nt.c index 960aae992b2..3c050b23d1c 100644 --- a/source/netlogond/srv_netlogon_nt.c +++ b/source/netlogond/srv_netlogon_nt.c @@ -63,7 +63,8 @@ static uint32 direct_samr_userinfo(const UNISTR2 *uni_user, ZERO_STRUCTP(ctr); } - status_sam = _samr_connect(NULL, SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); + status_sam = + _samr_connect(NULL, SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); if (status_sam == NT_STATUS_NOPROBLEMO) { status_dom = _samr_open_domain(&sam_pol, @@ -207,6 +208,60 @@ static BOOL get_md4pw(char *md4pw, char *trust_name, char *trust_acct) /************************************************************************* net_login_interactive: *************************************************************************/ +static uint32 remote_interactive(const NET_ID_INFO_1 * id1, + struct dcinfo *dc, NET_USER_INFO_3 * usr) +{ + const UNISTR2 *uni_samusr = &id1->uni_user_name; + const UNISTR2 *uni_samnam = &id1->uni_domain_name; + fstring user; + fstring domain; + uint32 status; + char nt_pwd[16]; + char lm_pwd[16]; + unsigned char key[16]; + + memset(key, 0, 16); + memcpy(key, dc->sess_key, 8); + + memcpy(lm_pwd, id1->lm_owf.data, 16); + memcpy(nt_pwd, id1->nt_owf.data, 16); + + dump_data_pw("key:", key, 16); + + dump_data_pw("lm owf password:", lm_pwd, 16); + dump_data_pw("nt owf password:", nt_pwd, 16); + + SamOEMhash((uchar *) lm_pwd, key, 0); + SamOEMhash((uchar *) nt_pwd, key, 0); + + dump_data_pw("decrypt of lm owf password:", lm_pwd, 16); + dump_data_pw("decrypt of nt owf password:", nt_pwd, 16); + + unistr2_to_ascii(user, uni_samusr, sizeof(user) - 1); + unistr2_to_ascii(domain, uni_samnam, sizeof(domain) - 1); + + DEBUG(5, ("remote_interactive: user:%s domain:%s\n", user, domain)); + + status = check_domain_security(user, domain, + NULL, lm_pwd, 16, nt_pwd, 16, usr); + if (status != 0x0) + { + return status; + } + + memset(key, 0, 16); + memcpy(key, dc->sess_key, 8); + dump_data_pw("key:", key, 16); + dump_data_pw("user sess key:", usr->user_sess_key, 16); + SamOEMhash((uchar *) usr->user_sess_key, key, 0); + dump_data_pw("encrypt of user session key:", usr->user_sess_key, 16); + + return status; +} + +/************************************************************************* + net_login_interactive: + *************************************************************************/ static uint32 net_login_interactive(const NET_ID_INFO_1 * id1, struct dcinfo *dc) { @@ -304,9 +359,8 @@ static uint32 net_login_general(const NET_ID_INFO_4 * id4, /************************************************************************* net_login_network: *************************************************************************/ -static uint32 remote_net_login_network(const NET_ID_INFO_2 * id2, - struct dcinfo *dc, - NET_USER_INFO_3 * usr) +static uint32 remote_network(const NET_ID_INFO_2 * id2, + struct dcinfo *dc, NET_USER_INFO_3 * usr) { const UNISTR2 *uni_samusr = &id2->uni_user_name; const UNISTR2 *uni_samnam = &id2->uni_domain_name; @@ -316,17 +370,20 @@ static uint32 remote_net_login_network(const NET_ID_INFO_2 * id2, uint32 status; int nt_pw_len = id2->hdr_nt_chal_resp.str_str_len; int lm_pw_len = id2->hdr_lm_chal_resp.str_str_len; + unistr2_to_ascii(user, uni_samusr, sizeof(user) - 1); unistr2_to_ascii(domain, uni_samnam, sizeof(domain) - 1); + DEBUG(5, - ("remote_net_login_network: lm_len:%d nt_len:%d user:%s domain:%s\n", + ("remote_network: lm_len:%d nt_len:%d user:%s domain:%s\n", lm_pw_len, nt_pw_len, user, domain)); + status = check_domain_security(user, domain, id2->lm_chal, - (const uchar *)id2-> - lm_chal_resp.buffer, lm_pw_len, - (const uchar *)id2-> - nt_chal_resp.buffer, nt_pw_len, usr); + (const uchar *)id2->lm_chal_resp. + buffer, lm_pw_len, + (const uchar *)id2->nt_chal_resp. + buffer, nt_pw_len, usr); if (status != 0x0) { return status; @@ -678,6 +735,7 @@ uint32 _net_auth_2(const UNISTR2 *uni_logon_srv, /* mask out unsupported bits */ srv_flgs->neg_flags = clnt_flgs->neg_flags & 0x400001ff; + /* minimum bits required */ if (!IS_BITS_SET_ALL(srv_flgs->neg_flags, 0x000000ff)) { @@ -689,7 +747,7 @@ uint32 _net_auth_2(const UNISTR2 *uni_logon_srv, { srv_flgs->neg_flags &= ~0x40000000; } - else + else if (lp_server_schannel() == True) { /* secure channel MUST be used */ if (IS_BITS_CLR_ALL(srv_flgs->neg_flags, 0x40000000)) @@ -900,17 +958,20 @@ uint32 _net_sam_logon(const UNISTR2 *uni_logon_srv, return NT_STATUS_INVALID_PARAMETER; } - (*auth_resp) = 0; + (*auth_resp) = 1; switch (logon_level) { case NETWORK_LOGON_TYPE: { - return remote_net_login_network(&id_ctr->auth. - id2, &dc, - uctr->usr. - id3);} - case GENERAL_LOGON_TYPE: + return remote_network(&id_ctr->auth.id2, &dc, + uctr->usr.id3); + } case INTERACTIVE_LOGON_TYPE: + { + return remote_interactive(&id_ctr->auth.id1, + &dc, uctr->usr.id3); + } + case GENERAL_LOGON_TYPE: default: { return NT_STATUS_ACCESS_DENIED; @@ -1002,8 +1063,8 @@ uint32 _net_sam_logon(const UNISTR2 *uni_logon_srv, { /* interactive login. */ status = - net_login_interactive(&id_ctr->auth. - id1, &dc); + net_login_interactive(&id_ctr-> + auth.id1, &dc); (*auth_resp) = 1; break; } diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 03753c4d3d2..4b333de1dcf 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1967,21 +1967,17 @@ makes a NET_R_SAM_LOGON structure. ********************************************************************/ BOOL make_r_sam_logon(NET_R_SAM_LOGON * r_s, const DOM_CRED * srv_creds, - uint16 switch_value, void *id, uint32 status) + uint16 switch_value, void *id, + uint32 auth_resp, uint32 status) { if (r_s == NULL) return False; - /* XXXX we may want this behaviour: - if (status == NT_STATUS_NOPROBLEMO) - { - */ - r_s->buffer_creds = 1; + memcpy(&(r_s->srv_creds), srv_creds, sizeof(r_s->srv_creds)); if (status == NT_STATUS_NOPROBLEMO) { - memcpy(&(r_s->srv_creds), srv_creds, sizeof(r_s->srv_creds)); /* store the user information, if there is any. */ r_s->ctr.usr.id = id; if (id != NULL) @@ -1997,15 +1993,12 @@ BOOL make_r_sam_logon(NET_R_SAM_LOGON * r_s, } else { - /* XXXX we may want this behaviour: - r_s->buffer_creds = 0; - */ r_s->ctr.ptr_user_info = 0; r_s->ctr.switch_value = 0; r_s->ctr.usr.id = NULL; } - r_s->auth_resp = 1; + r_s->auth_resp = auth_resp; r_s->status = status; diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c index fc0b5b45c3f..50d867fc3ec 100644 --- a/source/rpc_server/srv_netlog.c +++ b/source/rpc_server/srv_netlog.c @@ -227,6 +227,7 @@ static BOOL api_net_sam_logon( prs_struct *data, prs_struct *rdata) DOM_CRED srv_creds; NET_USER_INFO_CTR uctr; uint32 status; + uint32 auth_resp; BOOL ret; ZERO_STRUCT(uctr); @@ -246,10 +247,10 @@ static BOOL api_net_sam_logon( prs_struct *data, prs_struct *rdata) q_l.sam_id.ctr, q_l.validation_level, &srv_creds, &uctr, - &r_s.auth_resp); + &auth_resp); make_r_sam_logon(&r_s, &srv_creds, q_l.validation_level, status == NT_STATUS_NOPROBLEMO ? uctr.usr.id : NULL, - status); + auth_resp, status); /* store the response in the SMB stream */ ret = net_io_r_sam_logon("", &r_s, rdata, 0); |