diff options
-rw-r--r-- | source/include/lib_smb_proto.h | 2 | ||||
-rw-r--r-- | source/include/proto.h | 48 | ||||
-rw-r--r-- | source/include/rpc_client_proto.h | 46 | ||||
-rw-r--r-- | source/include/winbindd_proto.h | 44 | ||||
-rw-r--r-- | source/rpc_client/cli_login.c | 89 | ||||
-rw-r--r-- | source/rpc_client/cli_netlogon.c | 665 | ||||
-rw-r--r-- | source/rpc_parse/parse_net.c | 60 |
7 files changed, 529 insertions, 425 deletions
diff --git a/source/include/lib_smb_proto.h b/source/include/lib_smb_proto.h index c84e532f30e..ed94d1e16f3 100644 --- a/source/include/lib_smb_proto.h +++ b/source/include/lib_smb_proto.h @@ -464,6 +464,8 @@ BOOL make_net_user_info2(NET_USER_INFO_2 * usr, char *logon_dom, char *padding, DOM_SID * dom_sid); BOOL net_io_user_info2(char *desc, NET_USER_INFO_2 * usr, prs_struct * ps, int depth); +BOOL net_user_info_3_copy_from_ctr(NET_USER_INFO_3 * usr, + const NET_USER_INFO_CTR *ctr); BOOL make_net_user_info3W(NET_USER_INFO_3 * usr, const NTTIME * logon_time, const NTTIME * logoff_time, diff --git a/source/include/proto.h b/source/include/proto.h index af04e348862..38099ea2ff7 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -2176,14 +2176,14 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, uint32 luid_low, const char *general, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); -BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const uchar * lm_owf_user_pwd, const uchar * nt_owf_user_pwd, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); -BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char lm_chal[8], const char *lm_chal_resp, @@ -2236,30 +2236,26 @@ BOOL lsa_close(POLICY_HND *hnd); /*The following definitions come from rpc_client/cli_netlogon.c */ -void gen_next_creds( struct ntdom_info *nt, DOM_CRED *new_clnt_cred); -BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level); +void gen_next_creds(struct ntdom_info *nt, DOM_CRED * new_clnt_cred); +BOOL cli_net_logon_ctrl2(const char *srv_name, uint32 status_level); uint32 cli_net_auth2(const char *srv_name, - const char *trust_acct, - const char *acct_name, - uint16 sec_chan, - uint32 *neg_flags, DOM_CHAL *srv_chal); -uint32 cli_net_req_chal( const char *srv_name, const char* myhostname, - DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal); -BOOL cli_net_srv_pwset(const char* srv_name, - const char* myhostname, - const char* trust_acct, - const uint8 hashed_trust_pwd[16], - uint16 sec_chan_type); -uint32 cli_net_sam_logon(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3); -BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr); -BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, - uint32 database_id, - uint32 *num_deltas, - SAM_DELTA_HDR *hdr_deltas, - SAM_DELTA_CTR *deltas); + const char *trust_acct, + const char *acct_name, + uint16 sec_chan, uint32 * neg_flags, DOM_CHAL * srv_chal); +uint32 cli_net_req_chal(const char *srv_name, const char *myhostname, + DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal); +BOOL cli_net_srv_pwset(const char *srv_name, + const char *myhostname, + const char *trust_acct, + const uint8 hashed_trust_pwd[16], uint16 sec_chan_type); +uint32 cli_net_sam_logon(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * idc, NET_USER_INFO_CTR * ctr); +BOOL cli_net_sam_logoff(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * ctr); +BOOL cli_net_sam_sync(const char *srv_name, const char *myhostname, + uint32 database_id, + uint32 * num_deltas, + SAM_DELTA_HDR * hdr_deltas, SAM_DELTA_CTR * deltas); /*The following definitions come from rpc_client/cli_netlogon_sync.c */ @@ -3384,6 +3380,8 @@ BOOL make_net_user_info2(NET_USER_INFO_2 * usr, char *logon_dom, char *padding, DOM_SID * dom_sid); BOOL net_io_user_info2(char *desc, NET_USER_INFO_2 * usr, prs_struct * ps, int depth); +BOOL net_user_info_3_copy_from_ctr(NET_USER_INFO_3 * usr, + const NET_USER_INFO_CTR *ctr); BOOL make_net_user_info3W(NET_USER_INFO_3 * usr, const NTTIME * logon_time, const NTTIME * logoff_time, diff --git a/source/include/rpc_client_proto.h b/source/include/rpc_client_proto.h index df52d4b2d7b..9dfc89fc204 100644 --- a/source/include/rpc_client_proto.h +++ b/source/include/rpc_client_proto.h @@ -92,14 +92,14 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, uint32 luid_low, const char *general, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); -BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const uchar * lm_owf_user_pwd, const uchar * nt_owf_user_pwd, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); -BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char lm_chal[8], const char *lm_chal_resp, @@ -152,30 +152,26 @@ BOOL lsa_close(POLICY_HND *hnd); /*The following definitions come from rpc_client/cli_netlogon.c */ -void gen_next_creds( struct ntdom_info *nt, DOM_CRED *new_clnt_cred); -BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level); +void gen_next_creds(struct ntdom_info *nt, DOM_CRED * new_clnt_cred); +BOOL cli_net_logon_ctrl2(const char *srv_name, uint32 status_level); uint32 cli_net_auth2(const char *srv_name, - const char *trust_acct, - const char *acct_name, - uint16 sec_chan, - uint32 *neg_flags, DOM_CHAL *srv_chal); -uint32 cli_net_req_chal( const char *srv_name, const char* myhostname, - DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal); -BOOL cli_net_srv_pwset(const char* srv_name, - const char* myhostname, - const char* trust_acct, - const uint8 hashed_trust_pwd[16], - uint16 sec_chan_type); -uint32 cli_net_sam_logon(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3); -BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr); -BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, - uint32 database_id, - uint32 *num_deltas, - SAM_DELTA_HDR *hdr_deltas, - SAM_DELTA_CTR *deltas); + const char *trust_acct, + const char *acct_name, + uint16 sec_chan, uint32 * neg_flags, DOM_CHAL * srv_chal); +uint32 cli_net_req_chal(const char *srv_name, const char *myhostname, + DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal); +BOOL cli_net_srv_pwset(const char *srv_name, + const char *myhostname, + const char *trust_acct, + const uint8 hashed_trust_pwd[16], uint16 sec_chan_type); +uint32 cli_net_sam_logon(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * idc, NET_USER_INFO_CTR * ctr); +BOOL cli_net_sam_logoff(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * ctr); +BOOL cli_net_sam_sync(const char *srv_name, const char *myhostname, + uint32 database_id, + uint32 * num_deltas, + SAM_DELTA_HDR * hdr_deltas, SAM_DELTA_CTR * deltas); /*The following definitions come from rpc_client/cli_pipe.c */ diff --git a/source/include/winbindd_proto.h b/source/include/winbindd_proto.h index 7a83a4c3386..2f5db9b0edb 100644 --- a/source/include/winbindd_proto.h +++ b/source/include/winbindd_proto.h @@ -1259,30 +1259,26 @@ BOOL lsa_close(POLICY_HND *hnd); /*The following definitions come from rpc_client/cli_netlogon.c */ -void gen_next_creds( struct ntdom_info *nt, DOM_CRED *new_clnt_cred); -BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level); +void gen_next_creds(struct ntdom_info *nt, DOM_CRED * new_clnt_cred); +BOOL cli_net_logon_ctrl2(const char *srv_name, uint32 status_level); uint32 cli_net_auth2(const char *srv_name, - const char *trust_acct, - const char *acct_name, - uint16 sec_chan, - uint32 *neg_flags, DOM_CHAL *srv_chal); -uint32 cli_net_req_chal( const char *srv_name, const char* myhostname, - DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal); -BOOL cli_net_srv_pwset(const char* srv_name, - const char* myhostname, - const char* trust_acct, - const uint8 hashed_trust_pwd[16], - uint16 sec_chan_type); -uint32 cli_net_sam_logon(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3); -BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr); -BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, - uint32 database_id, - uint32 *num_deltas, - SAM_DELTA_HDR *hdr_deltas, - SAM_DELTA_CTR *deltas); + const char *trust_acct, + const char *acct_name, + uint16 sec_chan, uint32 * neg_flags, DOM_CHAL * srv_chal); +uint32 cli_net_req_chal(const char *srv_name, const char *myhostname, + DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal); +BOOL cli_net_srv_pwset(const char *srv_name, + const char *myhostname, + const char *trust_acct, + const uint8 hashed_trust_pwd[16], uint16 sec_chan_type); +uint32 cli_net_sam_logon(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * idc, NET_USER_INFO_CTR * ctr); +BOOL cli_net_sam_logoff(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * ctr); +BOOL cli_net_sam_sync(const char *srv_name, const char *myhostname, + uint32 database_id, + uint32 * num_deltas, + SAM_DELTA_HDR * hdr_deltas, SAM_DELTA_CTR * deltas); /*The following definitions come from rpc_client/cli_pipe.c */ @@ -1894,6 +1890,8 @@ BOOL make_net_user_info2(NET_USER_INFO_2 * usr, char *logon_dom, char *padding, DOM_SID * dom_sid); BOOL net_io_user_info2(char *desc, NET_USER_INFO_2 * usr, prs_struct * ps, int depth); +BOOL net_user_info_3_copy_from_ctr(NET_USER_INFO_3 * usr, + const NET_USER_INFO_CTR *ctr); BOOL make_net_user_info3W(NET_USER_INFO_3 * usr, const NTTIME * logon_time, const NTTIME * logoff_time, diff --git a/source/rpc_client/cli_login.c b/source/rpc_client/cli_login.c index ae6aff300e3..9316e61f0fa 100644 --- a/source/rpc_client/cli_login.c +++ b/source/rpc_client/cli_login.c @@ -38,7 +38,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, { DOM_CHAL clnt_chal; DOM_CHAL srv_chal; - uint32 ret; + uint32 status; UTIME zerotime; uint8 sess_key[16]; DOM_CRED clnt_cred; @@ -49,11 +49,11 @@ uint32 cli_nt_setup_creds(const char *srv_name, generate_random_buffer(clnt_chal.data, 8, False); /* send a client challenge; receive a server challenge */ - ret = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); - if (ret != 0) + status = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); + if (status != 0) { DEBUG(1, ("cli_nt_setup_creds: request challenge failed\n")); - return ret; + return status; } /**************** Long-term Session key **************/ @@ -77,17 +77,17 @@ uint32 cli_nt_setup_creds(const char *srv_name, * Send client auth-2 challenge. * Receive an auth-2 challenge response and check it. */ - ret = cli_net_auth2(srv_name, trust_acct, myhostname, + status = cli_net_auth2(srv_name, trust_acct, myhostname, sec_chan, &neg_flags, &srv_chal); - if (ret != 0x0) + if (status != 0x0) { DEBUG(1, ("cli_nt_setup_creds: auth2 challenge failed. status: %x\n", - ret)); + status)); } /* check the client secure channel status */ - if (ret == 0x0 && + if (status == 0x0 && lp_client_schannel() == True && IS_BITS_CLR_ALL(neg_flags, 0x40000000)) { @@ -95,7 +95,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, return NT_STATUS_ACCESS_DENIED | 0xC0000000; } - if (ret == 0x0 && IS_BITS_SET_ALL(neg_flags, 0x40000000)) + if (status == 0x0 && IS_BITS_SET_ALL(neg_flags, 0x40000000)) { extern cli_auth_fns cli_netsec_fns; struct cli_connection *con = NULL; @@ -118,7 +118,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, return NT_STATUS_ACCESS_DENIED | 0xC0000000; } } - return ret; + return status; } /**************************************************************************** @@ -153,6 +153,9 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) { uint8 sess_key[16]; + NET_USER_INFO_CTR user_ctr; + uint32 status; + user_ctr.switch_value = 2; DEBUG(5, ("cli_nt_login_general: %d\n", __LINE__)); @@ -165,7 +168,7 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, if (!cli_get_sesskey_srv(srv_name, sess_key)) { DEBUG(1, ("could not obtain session key for %s\n", srv_name)); - return False; + return NT_STATUS_ACCESS_DENIED; } /* indicate an "general" login */ @@ -176,7 +179,13 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, luid_low, 0, username, myhostname, general); /* Send client sam-logon request - update credentials on success. */ - return cli_net_sam_logon(srv_name, myhostname, ctr, user_info3); + status = cli_net_sam_logon(srv_name, myhostname, ctr, &user_ctr); + if (!net_user_info_3_copy_from_ctr(user_info3, &user_ctr)) + { + status = NT_STATUS_INVALID_PARAMETER; + } + free_net_user_info_ctr(&user_ctr); + return status; } /**************************************************************************** @@ -185,7 +194,7 @@ NT login - interactive. password equivalents, protected by the session key) is inherently insecure given the current design of the NT Domain system. JRA. ****************************************************************************/ -BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const uchar * lm_owf_user_pwd, @@ -193,8 +202,10 @@ BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) { - BOOL ret; + uint32 status; uint8 sess_key[16]; + NET_USER_INFO_CTR user_ctr; + user_ctr.switch_value = 2; DEBUG(5, ("cli_nt_login_interactive: %d\n", __LINE__)); @@ -204,7 +215,7 @@ BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, if (!cli_get_sesskey_srv(srv_name, sess_key)) { DEBUG(1, ("could not obtain session key for %s\n", srv_name)); - return False; + return NT_STATUS_ACCESS_DENIED; } /* indicate an "interactive" login */ @@ -217,14 +228,19 @@ BOOL cli_nt_login_interactive(const char *srv_name, const char *myhostname, (char *)sess_key, lm_owf_user_pwd, nt_owf_user_pwd); /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(srv_name, myhostname, ctr, user_info3); + status = cli_net_sam_logon(srv_name, myhostname, ctr, &user_ctr); + if (!net_user_info_3_copy_from_ctr(user_info3, &user_ctr)) + { + status = NT_STATUS_INVALID_PARAMETER; + } + free_net_user_info_ctr(&user_ctr); memset(ctr->auth.id1.lm_owf.data, '\0', sizeof(ctr->auth.id1.lm_owf.data)); memset(ctr->auth.id1.nt_owf.data, '\0', sizeof(ctr->auth.id1.nt_owf.data)); - return ret; + return status; } /**************************************************************************** @@ -233,7 +249,7 @@ NT login - network. password equivalents over the network. JRA. ****************************************************************************/ -BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, +uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char lm_chal[8], const char *lm_chal_resp, @@ -243,13 +259,16 @@ BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) { uint8 sess_key[16]; - BOOL ret; + uint32 status; + NET_USER_INFO_CTR user_ctr; + user_ctr.switch_value = 2; + DEBUG(5, ("cli_nt_login_network: %d\n", __LINE__)); if (!cli_get_sesskey_srv(srv_name, sess_key)) { DEBUG(1, ("could not obtain session key for %s\n", srv_name)); - return False; + return NT_STATUS_ACCESS_DENIED; } /* indicate a "network" login */ @@ -263,27 +282,25 @@ BOOL cli_nt_login_network(const char *srv_name, const char *myhostname, lm_chal_resp, lm_chal_len, nt_chal_resp, nt_chal_len); /* Send client sam-logon request - update credentials on success. */ - ret = cli_net_sam_logon(srv_name, myhostname, ctr, user_info3); + status = cli_net_sam_logon(srv_name, myhostname, ctr, &user_ctr); -#ifdef DEBUG_PASSWORD - DEBUG(100, ("cli sess key:")); - dump_data(100, sess_key, 8); - DEBUG(100, ("enc padding:")); - dump_data(100, user_info3->padding, 8); - DEBUG(100, ("enc user sess key:")); - dump_data(100, user_info3->user_sess_key, 16); -#endif + if (!net_user_info_3_copy_from_ctr(user_info3, &user_ctr)) + { + status = NT_STATUS_INVALID_PARAMETER; + } + free_net_user_info_ctr(&user_ctr); + + dump_data_pw("cli sess key:", sess_key, 8); + dump_data_pw("enc padding:", user_info3->padding, 8); + dump_data_pw("enc user sess key:", user_info3->user_sess_key, 16); SamOEMhash(user_info3->user_sess_key, sess_key, 0); SamOEMhash(user_info3->padding, sess_key, 3); -#ifdef DEBUG_PASSWORD - DEBUG(100, ("dec paddin:")); - dump_data(100, user_info3->padding, 8); - DEBUG(100, ("dec user sess key:")); - dump_data(100, user_info3->user_sess_key, 16); -#endif - return ret; + dump_data_pw("dec padding:", user_info3->padding, 8); + dump_data_pw("dec user sess key:", user_info3->user_sess_key, 16); + + return status; } /**************************************************************************** diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c index 044d2533c7c..5fda8a50213 100644 --- a/source/rpc_client/cli_netlogon.c +++ b/source/rpc_client/cli_netlogon.c @@ -37,29 +37,29 @@ extern int DEBUGLEVEL; Generate the next creds to use. ****************************************************************************/ -void gen_next_creds( struct ntdom_info *nt, DOM_CRED *new_clnt_cred) +void gen_next_creds(struct ntdom_info *nt, DOM_CRED * new_clnt_cred) { - /* - * Create the new client credentials. - */ + /* + * Create the new client credentials. + */ - nt->clnt_cred.timestamp.time = time(NULL); + nt->clnt_cred.timestamp.time = time(NULL); - memcpy(new_clnt_cred, &nt->clnt_cred, sizeof(*new_clnt_cred)); + memcpy(new_clnt_cred, &nt->clnt_cred, sizeof(*new_clnt_cred)); - /* Calculate the new credentials. */ - cred_create(nt->sess_key, &(nt->clnt_cred.challenge), - new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); + /* Calculate the new credentials. */ + cred_create(nt->sess_key, &(nt->clnt_cred.challenge), + new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); } /**************************************************************************** do a LSA Logon Control2 ****************************************************************************/ -BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level) +BOOL cli_net_logon_ctrl2(const char *srv_name, uint32 status_level) { prs_struct rbuf; - prs_struct buf; + prs_struct buf; NET_Q_LOGON_CTRL2 q_l; BOOL ok = False; @@ -70,18 +70,18 @@ BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level) return False; } - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); /* create and send a MSRPC command with api NET_LOGON_CTRL2 */ - DEBUG(4,("net_logon_ctrl2 status level:%x\n", status_level)); + DEBUG(4, ("net_logon_ctrl2 status level:%x\n", status_level)); /* store the parameters */ make_q_logon_ctrl2(&q_l, srv_name, 0, 0, status_level); /* turn parameters into data stream */ - if (net_io_q_logon_ctrl2("", &q_l, &buf, 0) && + if (net_io_q_logon_ctrl2("", &q_l, &buf, 0) && rpc_con_pipe_req(con, NET_LOGON_CTRL2, &buf, &rbuf)) { NET_R_LOGON_CTRL2 r_l; @@ -92,13 +92,15 @@ BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level) if (ok && r_l.status != 0) { /* report error code */ - DEBUG(5,("net_logon_ctrl2: Error %s\n", get_nt_error_msg(r_l.status))); + DEBUG(5, + ("net_logon_ctrl2: Error %s\n", + get_nt_error_msg(r_l.status))); ok = False; } } prs_free_data(&rbuf); - prs_free_data(&buf ); + prs_free_data(&buf); cli_connection_unlink(con); return ok; @@ -113,13 +115,12 @@ encrypt of the server challenge originally received. JRA. ****************************************************************************/ uint32 cli_net_auth2(const char *srv_name, - const char *trust_acct, - const char *acct_name, - uint16 sec_chan, - uint32 *neg_flags, DOM_CHAL *srv_chal) + const char *trust_acct, + const char *acct_name, + uint16 sec_chan, uint32 * neg_flags, DOM_CHAL * srv_chal) { prs_struct rbuf; - prs_struct buf; + prs_struct buf; NET_Q_AUTH_2 q_a; uint32 status = 0x0; uint8 sess_key[16]; @@ -129,43 +130,42 @@ uint32 cli_net_auth2(const char *srv_name, if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; } if (!cli_get_con_sesskey(con, sess_key)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; } - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); /* create and send a MSRPC command with api NET_AUTH2 */ - DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", - srv_name, trust_acct, sec_chan, acct_name, - *neg_flags)); + DEBUG(4, ("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", + srv_name, trust_acct, sec_chan, acct_name, *neg_flags)); cli_con_get_cli_cred(con, &clnt_cred); /* store the parameters */ make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name, - &clnt_cred.challenge, *neg_flags); + &clnt_cred.challenge, *neg_flags); /* turn parameters into data stream */ - if (net_io_q_auth_2("", &q_a, &buf, 0) && + if (net_io_q_auth_2("", &q_a, &buf, 0) && rpc_con_pipe_req(con, NET_AUTH2, &buf, &rbuf)) { NET_R_AUTH_2 r_a; net_io_r_auth_2("", &r_a, &rbuf, 0); - status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0; + status = (rbuf.offset == 0) ? NT_STATUS_INVALID_PARAMETER : 0; if (status == 0x0 && r_a.status != 0) { /* report error code */ - DEBUG(5,("cli_net_auth2: Error %s\n", - get_nt_error_msg(r_a.status))); + DEBUG(5, ("cli_net_auth2: Error %s\n", + get_nt_error_msg(r_a.status))); status = r_a.status; } @@ -178,15 +178,15 @@ uint32 cli_net_auth2(const char *srv_name, UTIME zerotime; zerotime.time = 0; - if(cred_assert( &r_a.srv_chal, sess_key, - srv_chal, zerotime) == 0) + if (cred_assert(&r_a.srv_chal, sess_key, + srv_chal, zerotime) == 0) { /* * Server replied with bad credential. Fail. */ - DEBUG(5,("cli_net_auth2: server %s replied \ + DEBUG(5, ("cli_net_auth2: server %s replied \ with bad credential (bad trust account password ?).\n", srv_name)); - status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT | 0xC0000000; + status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT; } } @@ -203,8 +203,10 @@ with bad credential (bad trust account password ?).\n", srv_name)); if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags) { /* report different neg_flags */ - DEBUG(5,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n", - q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags)); + DEBUG(5, + ("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n", + q_a.clnt_flgs.neg_flags, + r_a.srv_flgs.neg_flags)); ok = False; } #endif @@ -212,15 +214,15 @@ with bad credential (bad trust account password ?).\n", srv_name)); } else { - DEBUG(5,("rpc_con_pipe_req FAILED\n")); - status = 0xC0000000 | NT_STATUS_ACCESS_DENIED; + DEBUG(5, ("rpc_con_pipe_req FAILED\n")); + status = NT_STATUS_ACCESS_DENIED; } - DEBUG(5,("cli_net_auth2 neg_flags: %x status: %x\n", - (*neg_flags), status)); + DEBUG(5, ("cli_net_auth2 neg_flags: %x status: %x\n", + (*neg_flags), status)); prs_free_data(&rbuf); - prs_free_data(&buf ); + prs_free_data(&buf); return status; } @@ -230,89 +232,92 @@ LSA Request Challenge. Sends our challenge to server, then gets server response. These are used to generate the credentials. ****************************************************************************/ -uint32 cli_net_req_chal( const char *srv_name, const char* myhostname, - DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal) +uint32 cli_net_req_chal(const char *srv_name, const char *myhostname, + DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal) { - prs_struct rbuf; - prs_struct buf; - NET_Q_REQ_CHAL q_c; - uint32 status = 0x0; + prs_struct rbuf; + prs_struct buf; + NET_Q_REQ_CHAL q_c; + uint32 status = 0x0; struct cli_connection *con = NULL; if (!cli_connection_init(srv_name, PIPE_NETLOGON, &con)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; + } + + if (srv_chal == NULL || clnt_chal == NULL) + return NT_STATUS_INVALID_PARAMETER; + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + + /* create and send a MSRPC command with api NET_REQCHAL */ + + DEBUG(4, + ("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", + srv_name, myhostname, credstr(clnt_chal->data))); + + /* store the parameters */ + make_q_req_chal(&q_c, srv_name, myhostname, clnt_chal); + + /* turn parameters into data stream */ + if (net_io_q_req_chal("", &q_c, &buf, 0) && + rpc_con_pipe_req(con, NET_REQCHAL, &buf, &rbuf)) + { + NET_R_REQ_CHAL r_c; + + net_io_r_req_chal("", &r_c, &rbuf, 0); + status = (rbuf.offset == 0) ? NT_STATUS_INVALID_PARAMETER : 0; + + if (status == 0x0 && r_c.status != 0) + { + /* report error code */ + DEBUG(5, + ("cli_net_req_chal: Error %s\n", + get_nt_error_msg(r_c.status))); + status = r_c.status; + } + + if (status == 0x0) + { + /* ok, at last: we're happy. return the challenge */ + memcpy(srv_chal, r_c.srv_chal.data, + sizeof(srv_chal->data)); + } + } + else + { + DEBUG(5, ("rpc_con_pipe_req FAILED\n")); + status = NT_STATUS_ACCESS_DENIED; } - if (srv_chal == NULL || clnt_chal == NULL) - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - - /* create and send a MSRPC command with api NET_REQCHAL */ - - DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", - srv_name, myhostname, credstr(clnt_chal->data))); - - /* store the parameters */ - make_q_req_chal(&q_c, srv_name, myhostname, clnt_chal); - - /* turn parameters into data stream */ - if (net_io_q_req_chal("", &q_c, &buf, 0) && - rpc_con_pipe_req(con, NET_REQCHAL, &buf, &rbuf)) - { - NET_R_REQ_CHAL r_c; - - net_io_r_req_chal("", &r_c, &rbuf, 0); - status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0; - - if (status == 0x0 && r_c.status != 0) - { - /* report error code */ - DEBUG(5,("cli_net_req_chal: Error %s\n", get_nt_error_msg(r_c.status))); - status = r_c.status; - } - - if (status == 0x0) - { - /* ok, at last: we're happy. return the challenge */ - memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data)); - } - } - else - { - DEBUG(5,("rpc_con_pipe_req FAILED\n")); - status = 0xC0000000 | NT_STATUS_ACCESS_DENIED; - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return status; + prs_free_data(&rbuf); + prs_free_data(&buf); + + return status; } /*************************************************************************** LSA Server Password Set. ****************************************************************************/ -BOOL cli_net_srv_pwset(const char* srv_name, - const char* myhostname, - const char* trust_acct, - const uint8 hashed_trust_pwd[16], - uint16 sec_chan_type) +BOOL cli_net_srv_pwset(const char *srv_name, + const char *myhostname, + const char *trust_acct, + const uint8 hashed_trust_pwd[16], uint16 sec_chan_type) { - prs_struct rbuf; - prs_struct buf; - DOM_CRED new_clnt_cred; - NET_Q_SRV_PWSET q_s; - BOOL ok = False; - unsigned char processed_new_pwd[16]; - /* Process the new password. */ + prs_struct rbuf; + prs_struct buf; + DOM_CRED new_clnt_cred; + NET_Q_SRV_PWSET q_s; + BOOL ok = False; + unsigned char processed_new_pwd[16]; + /* Process the new password. */ uint8 sess_key[16]; - + struct cli_connection *con = NULL; if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) @@ -325,152 +330,172 @@ BOOL cli_net_srv_pwset(const char* srv_name, return False; } - cred_hash3( processed_new_pwd, hashed_trust_pwd, sess_key, 1); - - cli_con_gen_next_creds( con, &new_clnt_cred); - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - - /* create and send a MSRPC command with api NET_SRV_PWSET */ - - DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n", - srv_name, trust_acct, sec_chan_type, myhostname, - credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time)); - - /* store the parameters */ - make_q_srv_pwset(&q_s, srv_name, trust_acct, sec_chan_type, - myhostname, &new_clnt_cred, (char *)processed_new_pwd); - - /* turn parameters into data stream */ - if (net_io_q_srv_pwset("", &q_s, &buf, 0) && - rpc_con_pipe_req(con, NET_SRVPWSET, &buf, &rbuf)) - { - NET_R_SRV_PWSET r_s; - - net_io_r_srv_pwset("", &r_s, &rbuf, 0); - ok = (rbuf.offset != 0); - - if (ok && r_s.status != 0) - { - /* report error code */ - DEBUG(5,("cli_net_srv_pwset: %s\n", get_nt_error_msg(r_s.status))); - ok = False; - } - - /* Update the credentials. */ - if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_cred))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(5,("cli_net_srv_pwset: server %s replied with bad credential \ -(bad trust account password ?).\n", srv_name)); - ok = False; - } - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return ok; + cred_hash3(processed_new_pwd, hashed_trust_pwd, sess_key, 1); + + cli_con_gen_next_creds(con, &new_clnt_cred); + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + + /* create and send a MSRPC command with api NET_SRV_PWSET */ + + DEBUG(4, + ("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n", + srv_name, trust_acct, sec_chan_type, myhostname, + credstr(new_clnt_cred.challenge.data), + new_clnt_cred.timestamp.time)); + + /* store the parameters */ + make_q_srv_pwset(&q_s, srv_name, trust_acct, sec_chan_type, + myhostname, &new_clnt_cred, + (char *)processed_new_pwd); + + /* turn parameters into data stream */ + if (net_io_q_srv_pwset("", &q_s, &buf, 0) && + rpc_con_pipe_req(con, NET_SRVPWSET, &buf, &rbuf)) + { + NET_R_SRV_PWSET r_s; + + net_io_r_srv_pwset("", &r_s, &rbuf, 0); + ok = (rbuf.offset != 0); + + if (ok && r_s.status != 0) + { + /* report error code */ + DEBUG(5, + ("cli_net_srv_pwset: %s\n", + get_nt_error_msg(r_s.status))); + ok = False; + } + + /* Update the credentials. */ + if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_cred))) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(5, + ("cli_net_srv_pwset: server %s replied with bad credential \ +(bad trust account password ?).\n", + srv_name)); + ok = False; + } + } + + prs_free_data(&rbuf); + prs_free_data(&buf); + + return ok; } /*************************************************************************** LSA SAM Logon. ****************************************************************************/ -uint32 cli_net_sam_logon(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3) +uint32 cli_net_sam_logon(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * idc, NET_USER_INFO_CTR * ctr) { - DOM_CRED new_clnt_cred; - DOM_CRED dummy_rtn_creds; - prs_struct rbuf; - prs_struct buf; - uint16 validation_level = 3; - NET_Q_SAM_LOGON q_s; - uint32 status = 0x0; + DOM_CRED new_clnt_cred; + DOM_CRED dummy_rtn_creds; + prs_struct rbuf; + prs_struct buf; + NET_Q_SAM_LOGON q_s; + uint32 status = 0x0; struct cli_connection *con = NULL; if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; } - cli_con_gen_next_creds( con, &new_clnt_cred); + cli_con_gen_next_creds(con, &new_clnt_cred); - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); - /* create and send a MSRPC command with api NET_SAMLOGON */ + /* create and send a MSRPC command with api NET_SAMLOGON */ - DEBUG(4,("cli_net_sam_logon: srv:%s mc:%s ll: %d\n", - srv_name, myhostname, - ctr->switch_value)); + DEBUG(4, ("cli_net_sam_logon: srv:%s mc:%s ll: %d\n", + srv_name, myhostname, idc->switch_value)); - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); + memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); dummy_rtn_creds.timestamp.time = time(NULL); - /* store the parameters */ - make_sam_info(&(q_s.sam_id), srv_name, myhostname, - &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr); - - q_s.validation_level = validation_level; - - /* turn parameters into data stream */ - if (net_io_q_sam_logon("", &q_s, &buf, 0) && - rpc_con_pipe_req(con, NET_SAMLOGON, &buf, &rbuf)) - { - NET_R_SAM_LOGON r_s; - - r_s.ctr.usr.id3 = user_info3; - - net_io_r_sam_logon("", &r_s, &rbuf, 0); - status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0; - - if (status != 0x0) - { - /* report error code */ - DEBUG(5,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status))); - } - - if (status == 0x0) - { - /* report error code */ - DEBUG(5,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status))); - status = r_s.status; - } - - /* Update the credentials. */ - if (status == 0x0 && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(5,("cli_net_sam_logon: server %s replied with bad credential \ -(bad trust account password ?).\n", srv_name)); - status = 0xC0000000 | NT_STATUS_LOGON_FAILURE; - } - - if (status == 0x0 && r_s.ctr.switch_value != 3) - { - /* report different switch_value */ - DEBUG(5,("cli_net_sam_logon: switch_value of 3 expected %x\n", - r_s.ctr.switch_value)); - status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; - } - } - else - { - status = 0xC0000000 | NT_STATUS_INVALID_PARAMETER; - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return status; + /* store the parameters */ + make_sam_info(&(q_s.sam_id), srv_name, myhostname, + &new_clnt_cred, &dummy_rtn_creds, idc->switch_value, + idc); + + q_s.validation_level = ctr->switch_value; + + /* turn parameters into data stream */ + if (net_io_q_sam_logon("", &q_s, &buf, 0) && + rpc_con_pipe_req(con, NET_SAMLOGON, &buf, &rbuf)) + { + NET_R_SAM_LOGON r_s; + + net_io_r_sam_logon("", &r_s, &rbuf, 0); + + if (rbuf.offset == 0) + { + status = NT_STATUS_INVALID_PARAMETER; + } + + if (status != 0x0) + { + /* report error code */ + DEBUG(5, + ("cli_net_sam_logon: %s\n", + get_nt_error_msg(r_s.status))); + } + + if (status == 0x0) + { + /* report error code */ + DEBUG(5, + ("cli_net_sam_logon: %s\n", + get_nt_error_msg(r_s.status))); + status = r_s.status; + } + + /* Update the credentials. */ + if (status == 0x0 + && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(5, + ("cli_net_sam_logon: server %s replied with bad credential \ +(bad trust account password ?).\n", + srv_name)); + status = NT_STATUS_LOGON_FAILURE; + } + + if (status == 0x0 && r_s.ctr.switch_value != ctr->switch_value) + { + /* report different switch_value */ + DEBUG(5, + ("cli_net_sam_logon: wrong switch value %x\n", + r_s.ctr.switch_value)); + status = NT_STATUS_INVALID_INFO_CLASS; + } + + if (status == 0x0) + { + *ctr = r_s.ctr; + } + } + else + { + status = NT_STATUS_INVALID_PARAMETER; + } + + prs_free_data(&rbuf); + prs_free_data(&buf); + + return status; } /*************************************************************************** @@ -482,15 +507,15 @@ send a different info level. Right now though, I'm not sure what that needs to be (I need to see one on the wire before I can be sure). JRA. ****************************************************************************/ -BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr) +BOOL cli_net_sam_logoff(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * ctr) { - DOM_CRED new_clnt_cred; - DOM_CRED dummy_rtn_creds; - prs_struct rbuf; - prs_struct buf; - NET_Q_SAM_LOGOFF q_s; - BOOL ok = False; + DOM_CRED new_clnt_cred; + DOM_CRED dummy_rtn_creds; + prs_struct rbuf; + prs_struct buf; + NET_Q_SAM_LOGOFF q_s; + BOOL ok = False; struct cli_connection *con = NULL; @@ -499,74 +524,78 @@ BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, return False; } - cli_con_gen_next_creds( con, &new_clnt_cred); - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - - /* create and send a MSRPC command with api NET_SAMLOGOFF */ - - DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n", - srv_name, myhostname, - credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time, - ctr->switch_value)); - - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); - - /* store the parameters */ - make_sam_info(&(q_s.sam_id), srv_name, myhostname, - &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr); - - /* turn parameters into data stream */ - if (net_io_q_sam_logoff("", &q_s, &buf, 0) && - rpc_con_pipe_req(con, NET_SAMLOGOFF, &buf, &rbuf)) - { - NET_R_SAM_LOGOFF r_s; - - net_io_r_sam_logoff("", &r_s, &rbuf, 0); - ok = (rbuf.offset != 0); - - if (ok && r_s.status != 0) - { - /* report error code */ - DEBUG(5,("cli_net_sam_logoff: %s\n", get_nt_error_msg(r_s.status))); - ok = False; - } - - /* Update the credentials. */ - if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(5,("cli_net_sam_logoff: server %s replied with bad credential \ -(bad trust account password ?).\n", srv_name )); - ok = False; - } - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return ok; + cli_con_gen_next_creds(con, &new_clnt_cred); + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + + /* create and send a MSRPC command with api NET_SAMLOGOFF */ + + DEBUG(4, ("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n", + srv_name, myhostname, + credstr(new_clnt_cred.challenge.data), + new_clnt_cred.timestamp.time, ctr->switch_value)); + + memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); + + /* store the parameters */ + make_sam_info(&(q_s.sam_id), srv_name, myhostname, + &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, + ctr); + + /* turn parameters into data stream */ + if (net_io_q_sam_logoff("", &q_s, &buf, 0) && + rpc_con_pipe_req(con, NET_SAMLOGOFF, &buf, &rbuf)) + { + NET_R_SAM_LOGOFF r_s; + + net_io_r_sam_logoff("", &r_s, &rbuf, 0); + ok = (rbuf.offset != 0); + + if (ok && r_s.status != 0) + { + /* report error code */ + DEBUG(5, + ("cli_net_sam_logoff: %s\n", + get_nt_error_msg(r_s.status))); + ok = False; + } + + /* Update the credentials. */ + if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(5, + ("cli_net_sam_logoff: server %s replied with bad credential \ +(bad trust account password ?).\n", + srv_name)); + ok = False; + } + } + + prs_free_data(&rbuf); + prs_free_data(&buf); + + return ok; } /*************************************************************************** Synchronise SAM Database (requires SEC_CHAN_BDC). ****************************************************************************/ -BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, - uint32 database_id, - uint32 *num_deltas, - SAM_DELTA_HDR *hdr_deltas, - SAM_DELTA_CTR *deltas) +BOOL cli_net_sam_sync(const char *srv_name, const char *myhostname, + uint32 database_id, + uint32 * num_deltas, + SAM_DELTA_HDR * hdr_deltas, SAM_DELTA_CTR * deltas) { NET_Q_SAM_SYNC q_s; prs_struct rbuf; - prs_struct buf; + prs_struct buf; DOM_CRED new_clnt_cred; BOOL ok = False; uint8 sess_key[16]; - + struct cli_connection *con = NULL; if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) @@ -580,17 +609,17 @@ BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, } cli_con_gen_next_creds(con, &new_clnt_cred); - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + /* create and send a MSRPC command with api NET_SAM_SYNC */ - + make_q_sam_sync(&q_s, srv_name, myhostname, &new_clnt_cred, database_id); - + /* turn parameters into data stream */ - if (net_io_q_sam_sync("", &q_s, &buf, 0) && + if (net_io_q_sam_sync("", &q_s, &buf, 0) && rpc_con_pipe_req(con, NET_SAM_SYNC, &buf, &rbuf)) { NET_R_SAM_SYNC r_s; @@ -601,17 +630,21 @@ BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, net_io_r_sam_sync("", sess_key, &r_s, &rbuf, 0); ok = (rbuf.offset != 0); - if (ok && r_s.status != 0 && r_s.status != STATUS_MORE_ENTRIES) + if (ok && r_s.status != 0 + && r_s.status != STATUS_MORE_ENTRIES) { /* report error code */ - DEBUG(5,("cli_net_sam_sync: %s\n", get_nt_error_msg(r_s.status))); + DEBUG(5, + ("cli_net_sam_sync: %s\n", + get_nt_error_msg(r_s.status))); ok = False; } - + /* Update the credentials. */ if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) { - DEBUG(5,("cli_net_sam_sync: server %s replied with bad \ + DEBUG(5, + ("cli_net_sam_sync: server %s replied with bad \ credential (bad trust account password ?).\n", srv_name)); ok = False; } @@ -626,9 +659,9 @@ credential (bad trust account password ?).\n", srv_name)); } } } - + prs_free_data(&rbuf); - prs_free_data(&buf ); - + prs_free_data(&buf); + return ok; } diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index ead0c87b778..3698ca87292 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1356,6 +1356,66 @@ BOOL net_io_user_info2(char *desc, NET_USER_INFO_2 * usr, prs_struct * ps, } /************************************************************************* + net_user_info_3_copy_from_ctr + *************************************************************************/ +BOOL net_user_info_3_copy_from_ctr(NET_USER_INFO_3 * usr, + const NET_USER_INFO_CTR *ctr) +{ + ZERO_STRUCTP(usr); + if (ctr->ptr_user_info == 0) + { + return True; + } + switch (ctr->switch_value) + { + case 2: + { + const NET_USER_INFO_2 *usr2 = ctr->usr.id2; + if (!make_net_user_info3W(usr, + &usr2->logon_time, + &usr2->logoff_time, + &usr2->kickoff_time, + &usr2->pass_last_set_time, + &usr2->pass_can_change_time, + &usr2->pass_must_change_time, + &usr2->uni_user_name, + &usr2->uni_full_name, + &usr2->uni_logon_script, + &usr2->uni_profile_path, + &usr2->uni_home_dir, + &usr2->uni_dir_drive, + usr2->logon_count, + usr2->bad_pw_count, + usr2->user_id, + usr2->group_id, + usr2->num_groups, + usr2->gids, + usr2->user_flgs, + usr2->user_sess_key, + &usr2->uni_logon_srv, + &usr2->uni_logon_dom, + usr2->padding, + &usr2->dom_sid.sid, NULL)) + { + return False; + } + break; + } + case 3: + { + memcpy(usr, ctr->usr.id3, sizeof(*usr)); + break; + } + default: + { + DEBUG(0,("invalid NET_USER_INFO_X info class\n")); + return False; + } + } + return True; +} + +/************************************************************************* make_net_user_info3 *************************************************************************/ BOOL make_net_user_info3W(NET_USER_INFO_3 * usr, |