got the SAM logon request generated, and received a SAM logon response back.

YEAH!

need to add:

	- client-side credential calculation
	- client-side parsing of the SAM logon response.

4 files changed, 182 insertions, 24 deletions

diff --git a/source/client/ntclient.c b/source/client/ntclient.c
index 9fa64bd2efd..706cf0fa633 100644
--- a/source/client/ntclient.c
+++ b/source/client/ntclient.c
@@ -26,6 +26,8 @@
 #include "includes.h"
 
 extern int DEBUGLEVEL;
+extern pstring username;
+extern pstring workgroup;
 
 #define CLIENT_TIMEOUT (30*1000)
 
@@ -183,6 +185,122 @@ static BOOL do_lsa_req_chal(uint16 fnum,
 }
 
 /****************************************************************************
+do a LSA SAM Logon
+****************************************************************************/
+static BOOL do_lsa_sam_logon(uint16 fnum,
+		char *logon_srv, char *comp_name,
+        DOM_CRED *clnt_cred, DOM_CRED *rtn_cred,
+		uint16 logon_level, uint16 switch_value, DOM_ID_INFO_1 *id1,
+		DOM_CRED *srv_cred)
+{
+	char *rparam = NULL;
+	char *rdata = NULL;
+	char *p;
+	int rdrcnt,rprcnt;
+	pstring data; /* only 1024 bytes */
+	uint16 setup[2]; /* only need 2 uint16 setup parameters */
+	LSA_Q_SAM_LOGON q_s;
+	int call_id = 0x1;
+    BOOL valid_cred = False;
+
+	if (srv_cred == NULL || clnt_cred == NULL || rtn_cred == NULL) return False;
+
+	/* create and send a MSRPC command with api LSA_SAMLOGON */
+
+	DEBUG(4,("LSA SAM Logon: srv:%s mc:%s clnt %lx %lx %lx rtn: %lx %lx %lx ll: %d\n",
+	          logon_srv, comp_name,
+	          clnt_cred->challenge.data[0], clnt_cred->challenge.data[1], clnt_cred->timestamp.time,
+	          rtn_cred ->challenge.data[0], rtn_cred ->challenge.data[1], rtn_cred ->timestamp.time,
+	          logon_level));
+
+	/* store the parameters */
+	make_sam_info(&(q_s.sam_id), logon_srv, comp_name,
+	             clnt_cred, rtn_cred, logon_level, switch_value, id1);
+
+	/* turn parameters into data stream */
+	p = lsa_io_q_sam_logon(False, &q_s, data + 0x18, data, 4, 0);
+
+	/* create the request RPC_HDR _after_ the main data: length is now known */
+	create_rpc_request(call_id, LSA_SAMLOGON, data, PTR_DIFF(p, data));
+
+	/* create setup parameters. */
+	SIVAL(setup, 0, 0x0026); /* 0x26 indicates "transact named pipe" */
+	SIVAL(setup, 2, fnum); /* file handle, from the SMBcreateX pipe, earlier */
+
+	/* send the data on \PIPE\ */
+	if (cli_call_api("\\PIPE\\", 0, PTR_DIFF(p, data), 2, 1024,
+                BUFFER_SIZE,
+				&rprcnt,&rdrcnt,
+				NULL, data, setup,
+				&rparam,&rdata))
+	{
+#if 0
+		LSA_R_AUTH_2 r_a;
+		RPC_HDR hdr;
+		int hdr_len;
+		int pkt_len;
+
+		DEBUG(5, ("cli_call_api: return OK\n"));
+
+		p = rdata;
+
+		if (p) p = smb_io_rpc_hdr   (True, &hdr, p, rdata, 4, 0);
+		if (p) p = align_offset(p, rdata, 4); /* oh, what a surprise */
+
+		hdr_len = PTR_DIFF(p, rdata);
+
+		if (p && hdr_len != hdr.frag_len - hdr.alloc_hint)
+		{
+			/* header length not same as calculated header length */
+			DEBUG(2,("do_lsa_auth2: hdr_len %x != frag_len-alloc_hint\n",
+			          hdr_len, hdr.frag_len - hdr.alloc_hint));
+			p = NULL;
+		}
+
+		if (p) p = lsa_io_r_auth_2(True, &r_a, p, rdata, 4, 0);
+		
+		pkt_len = PTR_DIFF(p, rdata);
+
+		if (p && pkt_len != hdr.frag_len)
+		{
+			/* packet data size not same as reported fragment length */
+			DEBUG(2,("do_lsa_auth2: pkt_len %x != frag_len \n",
+			                           pkt_len, hdr.frag_len));
+			p = NULL;
+		}
+
+		if (p && r_a.status != 0)
+		{
+			/* report error code */
+			DEBUG(0,("LSA_AUTH2: nt_status error %lx\n", r_a.status));
+			p = NULL;
+		}
+
+		if (p && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags)
+		{
+			/* report different neg_flags */
+			DEBUG(0,("LSA_AUTH2: error neg_flags (q,r) differ - (%lx,%lx)\n",
+					q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags));
+			p = NULL;
+		}
+
+		if (p)
+		{
+			/* ok, at last: we're happy. return the challenge */
+			memcpy(srv_chal, r_a.srv_chal.data, sizeof(srv_chal->data));
+			valid_chal = True;
+		}
+#endif
+	}
+
+	if (rparam) free(rparam);
+	if (rdata) free(rdata);
+
+	return valid_cred;
+}
+
+
+/****************************************************************************
 do a LSA Authenticate 2
 ****************************************************************************/
 static BOOL do_lsa_auth2(uint16 fnum,
@@ -303,6 +421,12 @@ BOOL do_nt_login(char *desthost, char *myhostname,
 	DOM_CHAL auth2_clnt_chal;
 	DOM_CHAL auth2_srv_chal;
 
+	DOM_CRED sam_log_clnt_cred;
+	DOM_CRED sam_log_rtn_cred;
+	DOM_CRED sam_log_srv_cred;
+
+	DOM_ID_INFO_1 id1;
+
 	UTIME zerotime;
 
 	uint32 sess_key[2];
@@ -358,15 +482,20 @@ BOOL do_nt_login(char *desthost, char *myhostname,
 		free(inbuf); free(outbuf);
 		return False;
 	}
-#endif
+
+	DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd));
+#else
 
 	{
 		char lm_owf_mach_pwd[16];
 		nt_lm_owf_gen(mach_pwd, nt_owf_mach_pwd, lm_owf_mach_pwd);
 		DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd));
-		dump_data(6, nt_owf_mach_pwd, 16);
 	}
 
+#endif
+
+	dump_data(6, nt_owf_mach_pwd, 16);
+
 	/* calculate the session key */
 	cred_session_key(&clnt_chal, &srv_chal, nt_owf_mach_pwd, sess_key);
 
@@ -382,6 +511,22 @@ BOOL do_nt_login(char *desthost, char *myhostname,
 		return False;
 	}
 
+	make_id_info1(&id1, workgroup, 0,
+	              getuid(), 0,
+	              username, myhostname,
+	              NULL, NULL);
+
+	/* send client sam-logon challenge; receive a sam-logon challenge */
+	if (!do_lsa_sam_logon(fnum, desthost, mach_acct, 
+	                  &sam_log_clnt_cred, &sam_log_rtn_cred,
+	                  1, 1, &id1,
+	                  &sam_log_srv_cred))
+	{
+		cli_smb_close(inbuf, outbuf, Client, cnum, fnum);
+		free(inbuf); free(outbuf);
+		return False;
+	}
+
 #if 0
 	cli_lsa_sam_logon();
 	cli_lsa_sam_logoff();
diff --git a/source/include/smb.h b/source/include/smb.h
index b6b9d177a1b..b19fbfb4ca4 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -502,12 +502,12 @@ typedef struct id_info_1
   uint32            param_ctrl;          /* param control */
   DOM_LOGON_ID      logon_id;            /* logon ID */
   UNIHDR            hdr_user_name;       /* user name unicode header */
-  UNIHDR            hdr_workgroup_name;  /* workgroup name unicode header */
+  UNIHDR            hdr_wksta_name;      /* workgroup name unicode header */
   ARC4_OWF          arc4_lm_owf;         /* arc4 LM OWF Password */
   ARC4_OWF          arc4_nt_owf;         /* arc4 NT OWF Password */
   UNISTR2           uni_domain_name;     /* domain name unicode string */
   UNISTR2           uni_user_name;       /* user name unicode string */
-  UNISTR2           uni_workgroup_name;  /* workgroup name unicode string */
+  UNISTR2           uni_wksta_name;      /* workgroup name unicode string */
 
 } DOM_ID_INFO_1;
 
@@ -522,7 +522,7 @@ typedef struct sam_info
   
   union
   {
-    DOM_ID_INFO_1 id1; /* auth-level 1 */
+    DOM_ID_INFO_1 *id1; /* auth-level 1 */
 
   } auth;
   
diff --git a/source/pipenetlog.c b/source/pipenetlog.c
index 30300dec3eb..ea2d326c45c 100644
--- a/source/pipenetlog.c
+++ b/source/pipenetlog.c
@@ -436,10 +436,16 @@ static void api_lsa_sam_logon( user_struct *vuser,
                                char **rdata, int *rdata_len )
 {
 	LSA_Q_SAM_LOGON q_l;
+	DOM_ID_INFO_1 id1;	
+
 	LSA_USER_INFO usr_info;
 
 	DOM_CRED srv_creds;
 
+	/* the DOM_ID_INFO_1 structure is a bit big.  plus we might want to
+	   dynamically allocate it inside lsa_io_q_sam_logon, at some point */
+	q_l.sam_id.auth.id1 = &id1;
+
 	lsa_io_q_sam_logon(True, &q_l, data + 0x18, data, 4, 0);
 
 	/* checks and updates credentials.  creates reply credentials */
@@ -465,7 +471,7 @@ static void api_lsa_sam_logon( user_struct *vuser,
 		extern pstring myname;
 		uint32 r_uid;
 		uint32 r_gid;
-		UNISTR2 *uni_samlogon_user = &(q_l.sam_id.auth.id1.uni_user_name);
+		UNISTR2 *uni_samlogon_user = &(q_l.sam_id.auth.id1->uni_user_name);
 
 		dummy_time.low  = 0xffffffff;
 		dummy_time.high = 0x7fffffff;
diff --git a/source/smbparse.c b/source/smbparse.c
index 292cfa1adad..785ae74b179 100644
--- a/source/smbparse.c
+++ b/source/smbparse.c
@@ -597,7 +597,14 @@ void make_arc4_owf(ARC4_OWF *hash, char data[16])
 
 	DEBUG(5,("make_arc4_owf: %d\n", __LINE__));
 	
-	memcpy(hash->data, data, sizeof(hash->data));
+	if (data != NULL)
+	{
+		memcpy(hash->data, data, sizeof(hash->data));
+	}
+	else
+	{
+		bzero(hash->data, sizeof(hash->data));
+	}
 }
 
 /*******************************************************************
@@ -622,12 +629,12 @@ makes a DOM_ID_INFO_1 structure.
 ********************************************************************/
 void make_id_info1(DOM_ID_INFO_1 *id, char *domain_name,
 				uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
-				char *user_name, char *workgroup_name,
+				char *user_name, char *wksta_name,
 				char arc4_lm_owf[16], char arc4_nt_owf[16])
 {
-	int len_domain_name    = strlen(domain_name   );
-	int len_user_name      = strlen(user_name     );
-	int len_workgroup_name = strlen(workgroup_name);
+	int len_domain_name = strlen(domain_name);
+	int len_user_name   = strlen(user_name  );
+	int len_wksta_name  = strlen(wksta_name );
 
 	if (id == NULL) return;
 
@@ -635,20 +642,20 @@ void make_id_info1(DOM_ID_INFO_1 *id, char *domain_name,
 
 	id->ptr_id_info1 = 1;
 
-	make_uni_hdr(&(id->hdr_domain_name   ), len_domain_name   , len_domain_name   , 4);
+	make_uni_hdr(&(id->hdr_domain_name), len_domain_name, len_domain_name, 4);
 
 	id->param_ctrl = param_ctrl;
 	make_logon_id(&(id->logon_id), log_id_low, log_id_high);
 
-	make_uni_hdr(&(id->hdr_user_name     ), len_user_name     , len_user_name     , 4);
-	make_uni_hdr(&(id->hdr_workgroup_name), len_workgroup_name, len_workgroup_name, 4);
+	make_uni_hdr(&(id->hdr_user_name  ), len_user_name  , len_user_name  , 4);
+	make_uni_hdr(&(id->hdr_wksta_name ), len_wksta_name , len_wksta_name , 4);
 
 	make_arc4_owf(&(id->arc4_lm_owf), arc4_lm_owf);
 	make_arc4_owf(&(id->arc4_nt_owf), arc4_nt_owf);
 
-	make_unistr2(&(id->uni_domain_name   ), domain_name   , len_domain_name   );
-	make_unistr2(&(id->uni_user_name     ), user_name     , len_user_name     );
-	make_unistr2(&(id->uni_workgroup_name), workgroup_name, len_workgroup_name);
+	make_unistr2(&(id->uni_domain_name), domain_name, len_domain_name);
+	make_unistr2(&(id->uni_user_name  ), user_name  , len_user_name  );
+	make_unistr2(&(id->uni_wksta_name ), wksta_name , len_wksta_name );
 }
 
 /*******************************************************************
@@ -667,20 +674,20 @@ char* smb_io_id_info1(BOOL io, DOM_ID_INFO_1 *id, char *q, char *base, int align
 
 	if (id->ptr_id_info1 != 0)
 	{
-		q = smb_io_unihdr(io, &(id->hdr_domain_name   ), q, base, align, depth);
+		q = smb_io_unihdr(io, &(id->hdr_domain_name), q, base, align, depth);
 
 		DBG_RW_IVAL("param_ctrl", depth, base, io, q, id->param_ctrl); q += 4;
 		q = smb_io_logon_id(io, &(id->logon_id), q, base, align, depth);
 
-		q = smb_io_unihdr(io, &(id->hdr_user_name     ), q, base, align, depth);
-		q = smb_io_unihdr(io, &(id->hdr_workgroup_name), q, base, align, depth);
+		q = smb_io_unihdr(io, &(id->hdr_user_name  ), q, base, align, depth);
+		q = smb_io_unihdr(io, &(id->hdr_wksta_name ), q, base, align, depth);
 
 		q = smb_io_arc4_owf(io, &(id->arc4_lm_owf), q, base, align, depth);
 		q = smb_io_arc4_owf(io, &(id->arc4_nt_owf), q, base, align, depth);
 
-		q = smb_io_unistr2(io, &(id->uni_domain_name   ), q, base, align, depth);
-		q = smb_io_unistr2(io, &(id->uni_user_name     ), q, base, align, depth);
-		q = smb_io_unistr2(io, &(id->uni_workgroup_name), q, base, align, depth);
+		q = smb_io_unistr2(io, &(id->uni_domain_name), q, base, align, depth);
+		q = smb_io_unistr2(io, &(id->uni_user_name  ), q, base, align, depth);
+		q = smb_io_unistr2(io, &(id->uni_wksta_name ), q, base, align, depth);
 	}
 
 	return q;
@@ -691,7 +698,7 @@ makes a DOM_SAM_INFO structure.
 ********************************************************************/
 void make_sam_info(DOM_SAM_INFO *sam,
 				char *logon_srv, char *comp_name, DOM_CRED *clnt_cred,
-				DOM_CRED *rtn_cred, uint16 switch_value, uint16 logon_level,
+				DOM_CRED *rtn_cred, uint16 logon_level, uint16 switch_value,
 				DOM_ID_INFO_1 *id1)
 {
 	if (sam == NULL) return;