From 8fe02c239d70497af449ed0cdf1a32de10021ba1 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 13 Oct 1997 15:55:54 +0000 Subject: split pipes.c down into util, netlog and ntlsa. --- source/pipenetlog.c | 610 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 610 insertions(+) create mode 100644 source/pipenetlog.c (limited to 'source/pipenetlog.c') diff --git a/source/pipenetlog.c b/source/pipenetlog.c new file mode 100644 index 00000000000..ef5acdc5450 --- /dev/null +++ b/source/pipenetlog.c @@ -0,0 +1,610 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Pipe SMB reply routines + Copyright (C) Andrew Tridgell 1992-1997, + Copyright (C) Luke Kenneth Casson Leighton 1996-1997. + Copyright (C) Paul Ashton 1997. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ +/* + This file handles reply_ calls on named pipes that the server + makes to handle specific protocols +*/ + + +#include "includes.h" +#include "trans2.h" +#include "nterr.h" + +extern int DEBUGLEVEL; + + +#ifdef NTDOMAIN + +static void make_lsa_r_req_chal(LSA_R_REQ_CHAL *r_c, + DOM_CHAL *srv_chal, int status) +{ + DEBUG(6,("make_lsa_r_req_chal: %d\n", __LINE__)); + memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data)); + r_c->status = status; +} + +static int lsa_reply_req_chal(LSA_Q_REQ_CHAL *q_c, char *q, char *base, + DOM_CHAL *srv_chal) +{ + LSA_R_REQ_CHAL r_c; + + DEBUG(6,("lsa_reply_req_chal: %d\n", __LINE__)); + + /* set up the LSA REQUEST CHALLENGE response */ + make_lsa_r_req_chal(&r_c, srv_chal, 0); + + /* store the response in the SMB stream */ + q = lsa_io_r_req_chal(False, &r_c, q, base, 4, 0); + + DEBUG(6,("lsa_reply_req_chal: %d\n", __LINE__)); + + /* return length of SMB data stored */ + return PTR_DIFF(q, base); +} + +static void make_lsa_r_auth_2(LSA_R_AUTH_2 *r_a, + DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status) +{ + memcpy( r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data)); + memcpy(&(r_a->srv_flgs) , flgs , sizeof(r_a->srv_flgs)); + r_a->status = status; +} + +static int lsa_reply_auth_2(LSA_Q_AUTH_2 *q_a, char *q, char *base, + DOM_CHAL *resp_cred, int status) +{ + LSA_R_AUTH_2 r_a; + + /* set up the LSA AUTH 2 response */ + + make_lsa_r_auth_2(&r_a, resp_cred, &(q_a->clnt_flgs), status); + + /* store the response in the SMB stream */ + q = lsa_io_r_auth_2(False, &r_a, q, base, 4, 0); + + /* return length of SMB data stored */ + return PTR_DIFF(q, base); +} + +static void make_lsa_r_srv_pwset(LSA_R_SRV_PWSET *r_a, + DOM_CRED *srv_cred, int status) +{ + memcpy(&(r_a->srv_cred), srv_cred, sizeof(r_a->srv_cred)); + r_a->status = status; +} + +static int lsa_reply_srv_pwset(LSA_Q_SRV_PWSET *q_s, char *q, char *base, + DOM_CRED *srv_cred, int status) +{ + LSA_R_SRV_PWSET r_s; + + /* set up the LSA Server Password Set response */ + make_lsa_r_srv_pwset(&r_s, srv_cred, status); + + /* store the response in the SMB stream */ + q = lsa_io_r_srv_pwset(False, &r_s, q, base, 4, 0); + + /* return length of SMB data stored */ + return PTR_DIFF(q, base); +} + +static void make_lsa_user_info(LSA_USER_INFO *usr, + + NTTIME *logon_time, + NTTIME *logoff_time, + NTTIME *kickoff_time, + NTTIME *pass_last_set_time, + NTTIME *pass_can_change_time, + NTTIME *pass_must_change_time, + + char *user_name, + char *full_name, + char *logon_script, + char *profile_path, + char *home_dir, + char *dir_drive, + + uint16 logon_count, + uint16 bad_pw_count, + + uint32 user_id, + uint32 group_id, + uint32 num_groups, + DOM_GID *gids, + uint32 user_flgs, + + char sess_key[16], + + char *logon_srv, + char *logon_dom, + + char *dom_sid, + char *other_sids) /* space-delimited set of SIDs */ +{ + /* only cope with one "other" sid, right now. */ + /* need to count the number of space-delimited sids */ + int i; + int num_other_sids = other_sids != NULL ? 1 : 0; + + int len_user_name = strlen(user_name ); + int len_full_name = strlen(full_name ); + int len_logon_script = strlen(logon_script); + int len_profile_path = strlen(profile_path); + int len_home_dir = strlen(home_dir ); + int len_dir_drive = strlen(dir_drive ); + + int len_logon_srv = strlen(logon_srv); + int len_logon_dom = strlen(logon_dom); + + usr->undoc_buffer = 1; /* yes, we're bothering to put USER_INFO data here */ + + usr->logon_time = *logon_time; + usr->logoff_time = *logoff_time; + usr->kickoff_time = *kickoff_time; + usr->pass_last_set_time = *pass_last_set_time; + usr->pass_can_change_time = *pass_can_change_time; + usr->pass_must_change_time = *pass_must_change_time; + + make_uni_hdr(&(usr->hdr_user_name ), len_user_name , len_user_name , 4); + make_uni_hdr(&(usr->hdr_full_name ), len_full_name , len_full_name , 4); + make_uni_hdr(&(usr->hdr_logon_script), len_logon_script, len_logon_script, 4); + make_uni_hdr(&(usr->hdr_profile_path), len_profile_path, len_profile_path, 4); + make_uni_hdr(&(usr->hdr_home_dir ), len_home_dir , len_home_dir , 4); + make_uni_hdr(&(usr->hdr_dir_drive ), len_dir_drive , len_dir_drive , 4); + + usr->logon_count = logon_count; + usr->bad_pw_count = bad_pw_count; + + usr->user_id = user_id; + usr->group_id = group_id; + usr->num_groups = num_groups; + usr->buffer_groups = num_groups ? 1 : 0; /* yes, we're bothering to put group info in */ + usr->user_flgs = user_flgs; + + if (sess_key != NULL) + { + memcpy(usr->sess_key, sess_key, sizeof(usr->sess_key)); + } + else + { + bzero(usr->sess_key, sizeof(usr->sess_key)); + } + + make_uni_hdr(&(usr->hdr_logon_srv), len_logon_srv, len_logon_srv, 4); + make_uni_hdr(&(usr->hdr_logon_dom), len_logon_dom, len_logon_dom, 4); + + usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */ + + bzero(usr->padding, sizeof(usr->padding)); + + usr->num_other_sids = num_other_sids; + usr->buffer_other_sids = num_other_sids != 0 ? 1 : 0; + + make_unistr2(&(usr->uni_user_name ), user_name , len_user_name , 0); + make_unistr2(&(usr->uni_full_name ), full_name , len_full_name , 0); + make_unistr2(&(usr->uni_logon_script), logon_script, len_logon_script, 0); + make_unistr2(&(usr->uni_profile_path), profile_path, len_profile_path, 0); + make_unistr2(&(usr->uni_home_dir ), home_dir , len_home_dir , 0); + make_unistr2(&(usr->uni_dir_drive ), dir_drive , len_dir_drive , 0); + + usr->num_groups2 = num_groups; + for (i = 0; i < num_groups; i++) + { + usr->gids[i] = gids[i]; + } + + make_unistr2(&(usr->uni_logon_srv), logon_srv, len_logon_srv, 0); + make_unistr2(&(usr->uni_logon_dom), logon_dom, len_logon_dom, 0); + + make_dom_sid(&(usr->dom_sid), dom_sid); + make_dom_sid(&(usr->other_sids[0]), other_sids); +} + + +static int lsa_reply_sam_logon(LSA_Q_SAM_LOGON *q_s, char *q, char *base, + DOM_CRED *srv_cred, LSA_USER_INFO *user_info) +{ + LSA_R_SAM_LOGON r_s; + + /* XXXX maybe we want to say 'no', reject the client's credentials */ + r_s.buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&(r_s.srv_creds), srv_cred, sizeof(r_s.srv_creds)); + + /* store the user information, if there is any. */ + r_s.user = user_info; + r_s.buffer_user = user_info != NULL ? 1 : 0; + r_s.status = user_info != NULL ? 0 : (0xC000000|NT_STATUS_NO_SUCH_USER); + + /* store the response in the SMB stream */ + q = lsa_io_r_sam_logon(False, &r_s, q, base, 4, 0); + + /* return length of SMB data stored */ + return PTR_DIFF(q, base); +} + + +static int lsa_reply_sam_logoff(LSA_Q_SAM_LOGOFF *q_s, char *q, char *base, + DOM_CRED *srv_cred, + uint32 status) +{ + LSA_R_SAM_LOGOFF r_s; + + /* XXXX maybe we want to say 'no', reject the client's credentials */ + r_s.buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&(r_s.srv_creds), srv_cred, sizeof(r_s.srv_creds)); + + r_s.status = status; + + /* store the response in the SMB stream */ + q = lsa_io_r_sam_logoff(False, &r_s, q, base, 4, 0); + + /* return length of SMB data stored */ + return PTR_DIFF(q, base); +} + + +static BOOL update_dcinfo(int cnum, uint16 vuid, + struct dcinfo *dc, DOM_CHAL *clnt_chal, char *mach_acct) +{ + struct smb_passwd *smb_pass; + int i; + + unbecome_user(); + smb_pass = get_smbpwnam(mach_acct); + become_user(cnum, vuid); + + if (smb_pass != NULL) + { + memcpy(dc->md4pw, smb_pass->smb_nt_passwd, sizeof(dc->md4pw)); + DEBUG(5,("dc->md4pw(%d) :", sizeof(dc->md4pw))); + dump_data(5, dc->md4pw, 16); + } + else + { + /* No such machine account. Should error out here, but we'll + print and carry on */ + DEBUG(1,("No account in domain for %s\n", mach_acct)); + return False; + } + + { + char foo[16]; + for (i = 0; i < 16; i++) sprintf(foo+i*2,"%02x ", dc->md4pw[i]); + DEBUG(4,("pass %s %s\n", mach_acct, foo)); + } + + /* copy the client credentials */ + memcpy(dc->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data)); + memcpy(dc->clnt_cred.data, clnt_chal->data, sizeof(clnt_chal->data)); + + /* create a server challenge for the client */ + /* PAXX: set these to random values. */ + /* lkcl: paul, you mentioned that it doesn't really matter much */ + for (i = 0; i < 8; i++) + { + dc->srv_chal.data[i] = 0xA5; + } + + /* from client / server challenges and md4 password, generate sess key */ + cred_session_key(&(dc->clnt_chal), &(dc->srv_chal), + dc->md4pw, dc->sess_key); + + DEBUG(6,("update_dcinfo: %d\n", __LINE__)); + + return True; +} + +static void api_lsa_req_chal( int cnum, uint16 vuid, + user_struct *vuser, + char *param, char *data, + char **rdata, int *rdata_len ) +{ + LSA_Q_REQ_CHAL q_r; + + fstring mach_acct; + + /* grab the challenge... */ + lsa_io_q_req_chal(True, &q_r, data + 0x18, data, 4, 0); + + fstrcpy(mach_acct, unistr2(q_r.uni_logon_clnt.buffer)); + + strcat(mach_acct, "$"); + + DEBUG(6,("q_r.clnt_chal.data(%d) :", sizeof(q_r.clnt_chal.data))); + dump_data(6, q_r.clnt_chal.data, 8); + + update_dcinfo(cnum, vuid, &(vuser->dc), &(q_r.clnt_chal), mach_acct); + + /* construct reply. return status is always 0x0 */ + *rdata_len = lsa_reply_req_chal(&q_r, *rdata + 0x18, *rdata, + &(vuser->dc.srv_chal)); + +} + +static void api_lsa_auth_2( user_struct *vuser, + char *param, char *data, + char **rdata, int *rdata_len ) +{ + LSA_Q_AUTH_2 q_a; + + DOM_CHAL srv_chal; + UTIME srv_time; + + srv_time.time = 0; + + /* grab the challenge... */ + lsa_io_q_auth_2(True, &q_a, data + 0x18, data, 4, 0); + + /* check that the client credentials are valid */ + cred_assert(&(q_a.clnt_chal), vuser->dc.sess_key, + &(vuser->dc.srv_cred), srv_time); + + /* create server credentials for inclusion in the reply */ + cred_create(vuser->dc.sess_key, &(vuser->dc.clnt_cred), srv_time, &srv_chal); + + /* construct reply. */ + *rdata_len = lsa_reply_auth_2(&q_a, *rdata + 0x18, *rdata, + &srv_chal, 0x0); +} + + +static BOOL deal_with_credentials(user_struct *vuser, + DOM_CRED *clnt_cred, DOM_CRED *srv_cred) +{ + UTIME new_clnt_time; + + /* doesn't matter that server time is 0 */ + srv_cred->timestamp.time = 0; + + /* check that the client credentials are valid */ + if (cred_assert(&(clnt_cred->challenge), vuser->dc.sess_key, + &(vuser->dc.srv_cred), clnt_cred->timestamp)) + { + return False; + } + + /* increment client time by one second */ + new_clnt_time.time = clnt_cred->timestamp.time + 1; + + /* create server credentials for inclusion in the reply */ + cred_create(vuser->dc.sess_key, &(vuser->dc.clnt_cred), new_clnt_time, + &(srv_cred->challenge)); + + /* update the client and server credentials, for use next time... */ + *(uint32*)(vuser->dc.srv_cred.data) = ( *(uint32*)(vuser->dc.clnt_cred.data) += new_clnt_time.time ); + + return True; +} + +static void api_lsa_srv_pwset( user_struct *vuser, + char *param, char *data, + char **rdata, int *rdata_len ) +{ + LSA_Q_SRV_PWSET q_a; + + DOM_CRED srv_cred; + + /* grab the challenge and encrypted password ... */ + lsa_io_q_srv_pwset(True, &q_a, data + 0x18, data, 4, 0); + + /* checks and updates credentials. creates reply credentials */ + deal_with_credentials(vuser, &(q_a.clnt_id.cred), &srv_cred); + + /* construct reply. always indicate failure. nt keeps going... */ + *rdata_len = lsa_reply_srv_pwset(&q_a, *rdata + 0x18, *rdata, + &srv_cred, + NT_STATUS_WRONG_PASSWORD|0xC000000); +} + + +static void api_lsa_sam_logoff( user_struct *vuser, + char *param, char *data, + char **rdata, int *rdata_len ) +{ + LSA_Q_SAM_LOGOFF q_l; + + DOM_CRED srv_cred; + + /* grab the challenge... */ + lsa_io_q_sam_logoff(True, &q_l, data + 0x18, data, 4, 0); + + /* checks and updates credentials. creates reply credentials */ + deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_cred); + + /* construct reply. always indicate success */ + *rdata_len = lsa_reply_sam_logoff(&q_l, *rdata + 0x18, *rdata, + &srv_cred, + 0x0); +} + + +static void api_lsa_sam_logon( user_struct *vuser, + char *param, char *data, + char **rdata, int *rdata_len ) +{ + LSA_Q_SAM_LOGON q_l; + LSA_USER_INFO usr_info; + LSA_USER_INFO *p_usr_info = NULL; + + DOM_CRED srv_creds; + + lsa_io_q_sam_logon(True, &q_l, data + 0x18, data, 4, 0); + + /* checks and updates credentials. creates reply credentials */ + deal_with_credentials(vuser, &(q_l.sam_id.client.cred), &srv_creds); + + if (vuser != NULL) + { + NTTIME dummy_time; + pstring logon_script; + pstring profile_path; + pstring home_dir; + pstring home_drive; + pstring my_name; + pstring my_workgroup; + pstring dom_sid; + pstring username; + extern pstring myname; + + dummy_time.low = 0xffffffff; + dummy_time.high = 0x7fffffff; + + get_myname(myname, NULL); + + pstrcpy(logon_script, lp_logon_script()); + pstrcpy(profile_path, lp_logon_path ()); + pstrcpy(dom_sid , lp_domainsid ()); + pstrcpy(my_workgroup, lp_workgroup ()); + + pstrcpy(username, unistr2(q_l.sam_id.client.login.uni_acct_name.buffer)); + pstrcpy(my_name , myname ); + strupper(my_name); + + pstrcpy(home_drive , "a:" ); + +#if (defined(NETGROUP) && defined(AUTOMOUNT)) + pstrcpy(home_dir , vuser->home_share); +#else + pstrcpy(home_dir , "\\\\%L\\%U"); + standard_sub_basic(home_dir); +#endif + + p_usr_info = &usr_info; + + make_lsa_user_info(p_usr_info, + + &dummy_time, /* logon_time */ + &dummy_time, /* logoff_time */ + &dummy_time, /* kickoff_time */ + &dummy_time, /* pass_last_set_time */ + &dummy_time, /* pass_can_change_time */ + &dummy_time, /* pass_must_change_time */ + + username, /* user_name */ + vuser->real_name, /* full_name */ + logon_script, /* logon_script */ + profile_path, /* profile_path */ + home_dir, /* home_dir */ + home_drive, /* dir_drive */ + + 0, /* logon_count */ + 0, /* bad_pw_count */ + + vuser->uid, /* uint32 user_id */ + vuser->gid, /* uint32 group_id */ + 0, /* uint32 num_groups */ + NULL, /* DOM_GID *gids */ + 0x20, /* uint32 user_flgs */ + + NULL, /* char sess_key[16] */ + + my_name, /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + + dom_sid, /* char *dom_sid */ + NULL); /* char *other_sids */ + } + + *rdata_len = lsa_reply_sam_logon(&q_l, *rdata + 0x18, *rdata, + &srv_creds, p_usr_info); +} + + +BOOL api_netlogrpcTNP(int cnum,int uid, char *param,char *data, + int mdrcnt,int mprcnt, + char **rdata,char **rparam, + int *rdata_len,int *rparam_len) +{ + uint16 opnum = SVAL(data,22); + int pkttype = CVAL(data, 2); + + user_struct *vuser; + + if (pkttype == 0x0b) /* RPC BIND */ + { + DEBUG(4,("netlogon rpc bind %x\n",pkttype)); + LsarpcTNP1(data,rdata,rdata_len); + return True; + } + + DEBUG(4,("netlogon TransactNamedPipe op %x\n",opnum)); + + if ((vuser = get_valid_user_struct(uid)) == NULL) return False; + + DEBUG(3,("Username of UID %d is %s\n", vuser->uid, vuser->name)); +#if defined(NETGROUP) && defined(AUTOMOUNT) + DEBUG(3,("HOMESHR for %s is %s\n", vuser->name, vuser->home_share)); +#endif + + switch (opnum) + { + case LSA_REQCHAL: + { + DEBUG(3,("LSA_REQCHAL\n")); + api_lsa_req_chal(cnum, uid, vuser, param, data, rdata, rdata_len); + make_rpc_reply(data, *rdata, *rdata_len); + break; + } + + case LSA_AUTH2: + { + DEBUG(3,("LSA_AUTH2\n")); + api_lsa_auth_2(vuser, param, data, rdata, rdata_len); + make_rpc_reply(data, *rdata, *rdata_len); + break; + } + + case LSA_SRVPWSET: + { + DEBUG(3,("LSA_SRVPWSET\n")); + api_lsa_srv_pwset(vuser, param, data, rdata, rdata_len); + make_rpc_reply(data, *rdata, *rdata_len); + break; + } + + case LSA_SAMLOGON: + { + DEBUG(3,("LSA_SAMLOGON\n")); + api_lsa_sam_logon(vuser, param, data, rdata, rdata_len); + make_rpc_reply(data, *rdata, *rdata_len); + break; + } + + case LSA_SAMLOGOFF: + { + DEBUG(3,("LSA_SAMLOGOFF\n")); + api_lsa_sam_logoff(vuser, param, data, rdata, rdata_len); + break; + } + + default: + { + DEBUG(4, ("**** netlogon, unknown code: %lx\n", opnum)); + break; + } + } + + return True; +} + +#endif /* NTDOMAIN */ -- cgit