diff options
Diffstat (limited to 'source/rpc_client/cli_netlogon.c')
| -rw-r--r-- | source/rpc_client/cli_netlogon.c | 665 |
1 files changed, 349 insertions, 316 deletions
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c index 044d2533c7c..5fda8a50213 100644 --- a/source/rpc_client/cli_netlogon.c +++ b/source/rpc_client/cli_netlogon.c @@ -37,29 +37,29 @@ extern int DEBUGLEVEL; Generate the next creds to use. ****************************************************************************/ -void gen_next_creds( struct ntdom_info *nt, DOM_CRED *new_clnt_cred) +void gen_next_creds(struct ntdom_info *nt, DOM_CRED * new_clnt_cred) { - /* - * Create the new client credentials. - */ + /* + * Create the new client credentials. + */ - nt->clnt_cred.timestamp.time = time(NULL); + nt->clnt_cred.timestamp.time = time(NULL); - memcpy(new_clnt_cred, &nt->clnt_cred, sizeof(*new_clnt_cred)); + memcpy(new_clnt_cred, &nt->clnt_cred, sizeof(*new_clnt_cred)); - /* Calculate the new credentials. */ - cred_create(nt->sess_key, &(nt->clnt_cred.challenge), - new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); + /* Calculate the new credentials. */ + cred_create(nt->sess_key, &(nt->clnt_cred.challenge), + new_clnt_cred->timestamp, &(new_clnt_cred->challenge)); } /**************************************************************************** do a LSA Logon Control2 ****************************************************************************/ -BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level) +BOOL cli_net_logon_ctrl2(const char *srv_name, uint32 status_level) { prs_struct rbuf; - prs_struct buf; + prs_struct buf; NET_Q_LOGON_CTRL2 q_l; BOOL ok = False; @@ -70,18 +70,18 @@ BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level) return False; } - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); /* create and send a MSRPC command with api NET_LOGON_CTRL2 */ - DEBUG(4,("net_logon_ctrl2 status level:%x\n", status_level)); + DEBUG(4, ("net_logon_ctrl2 status level:%x\n", status_level)); /* store the parameters */ make_q_logon_ctrl2(&q_l, srv_name, 0, 0, status_level); /* turn parameters into data stream */ - if (net_io_q_logon_ctrl2("", &q_l, &buf, 0) && + if (net_io_q_logon_ctrl2("", &q_l, &buf, 0) && rpc_con_pipe_req(con, NET_LOGON_CTRL2, &buf, &rbuf)) { NET_R_LOGON_CTRL2 r_l; @@ -92,13 +92,15 @@ BOOL cli_net_logon_ctrl2(const char* srv_name, uint32 status_level) if (ok && r_l.status != 0) { /* report error code */ - DEBUG(5,("net_logon_ctrl2: Error %s\n", get_nt_error_msg(r_l.status))); + DEBUG(5, + ("net_logon_ctrl2: Error %s\n", + get_nt_error_msg(r_l.status))); ok = False; } } prs_free_data(&rbuf); - prs_free_data(&buf ); + prs_free_data(&buf); cli_connection_unlink(con); return ok; @@ -113,13 +115,12 @@ encrypt of the server challenge originally received. JRA. ****************************************************************************/ uint32 cli_net_auth2(const char *srv_name, - const char *trust_acct, - const char *acct_name, - uint16 sec_chan, - uint32 *neg_flags, DOM_CHAL *srv_chal) + const char *trust_acct, + const char *acct_name, + uint16 sec_chan, uint32 * neg_flags, DOM_CHAL * srv_chal) { prs_struct rbuf; - prs_struct buf; + prs_struct buf; NET_Q_AUTH_2 q_a; uint32 status = 0x0; uint8 sess_key[16]; @@ -129,43 +130,42 @@ uint32 cli_net_auth2(const char *srv_name, if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; } if (!cli_get_con_sesskey(con, sess_key)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; } - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); /* create and send a MSRPC command with api NET_AUTH2 */ - DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", - srv_name, trust_acct, sec_chan, acct_name, - *neg_flags)); + DEBUG(4, ("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", + srv_name, trust_acct, sec_chan, acct_name, *neg_flags)); cli_con_get_cli_cred(con, &clnt_cred); /* store the parameters */ make_q_auth_2(&q_a, srv_name, trust_acct, sec_chan, acct_name, - &clnt_cred.challenge, *neg_flags); + &clnt_cred.challenge, *neg_flags); /* turn parameters into data stream */ - if (net_io_q_auth_2("", &q_a, &buf, 0) && + if (net_io_q_auth_2("", &q_a, &buf, 0) && rpc_con_pipe_req(con, NET_AUTH2, &buf, &rbuf)) { NET_R_AUTH_2 r_a; net_io_r_auth_2("", &r_a, &rbuf, 0); - status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0; + status = (rbuf.offset == 0) ? NT_STATUS_INVALID_PARAMETER : 0; if (status == 0x0 && r_a.status != 0) { /* report error code */ - DEBUG(5,("cli_net_auth2: Error %s\n", - get_nt_error_msg(r_a.status))); + DEBUG(5, ("cli_net_auth2: Error %s\n", + get_nt_error_msg(r_a.status))); status = r_a.status; } @@ -178,15 +178,15 @@ uint32 cli_net_auth2(const char *srv_name, UTIME zerotime; zerotime.time = 0; - if(cred_assert( &r_a.srv_chal, sess_key, - srv_chal, zerotime) == 0) + if (cred_assert(&r_a.srv_chal, sess_key, + srv_chal, zerotime) == 0) { /* * Server replied with bad credential. Fail. */ - DEBUG(5,("cli_net_auth2: server %s replied \ + DEBUG(5, ("cli_net_auth2: server %s replied \ with bad credential (bad trust account password ?).\n", srv_name)); - status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT | 0xC0000000; + status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT; } } @@ -203,8 +203,10 @@ with bad credential (bad trust account password ?).\n", srv_name)); if (ok && r_a.srv_flgs.neg_flags != q_a.clnt_flgs.neg_flags) { /* report different neg_flags */ - DEBUG(5,("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n", - q_a.clnt_flgs.neg_flags, r_a.srv_flgs.neg_flags)); + DEBUG(5, + ("cli_net_auth2: error neg_flags (q,r) differ - (%x,%x)\n", + q_a.clnt_flgs.neg_flags, + r_a.srv_flgs.neg_flags)); ok = False; } #endif @@ -212,15 +214,15 @@ with bad credential (bad trust account password ?).\n", srv_name)); } else { - DEBUG(5,("rpc_con_pipe_req FAILED\n")); - status = 0xC0000000 | NT_STATUS_ACCESS_DENIED; + DEBUG(5, ("rpc_con_pipe_req FAILED\n")); + status = NT_STATUS_ACCESS_DENIED; } - DEBUG(5,("cli_net_auth2 neg_flags: %x status: %x\n", - (*neg_flags), status)); + DEBUG(5, ("cli_net_auth2 neg_flags: %x status: %x\n", + (*neg_flags), status)); prs_free_data(&rbuf); - prs_free_data(&buf ); + prs_free_data(&buf); return status; } @@ -230,89 +232,92 @@ LSA Request Challenge. Sends our challenge to server, then gets server response. These are used to generate the credentials. ****************************************************************************/ -uint32 cli_net_req_chal( const char *srv_name, const char* myhostname, - DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal) +uint32 cli_net_req_chal(const char *srv_name, const char *myhostname, + DOM_CHAL * clnt_chal, DOM_CHAL * srv_chal) { - prs_struct rbuf; - prs_struct buf; - NET_Q_REQ_CHAL q_c; - uint32 status = 0x0; + prs_struct rbuf; + prs_struct buf; + NET_Q_REQ_CHAL q_c; + uint32 status = 0x0; struct cli_connection *con = NULL; if (!cli_connection_init(srv_name, PIPE_NETLOGON, &con)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; + } + + if (srv_chal == NULL || clnt_chal == NULL) + return NT_STATUS_INVALID_PARAMETER; + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + + /* create and send a MSRPC command with api NET_REQCHAL */ + + DEBUG(4, + ("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", + srv_name, myhostname, credstr(clnt_chal->data))); + + /* store the parameters */ + make_q_req_chal(&q_c, srv_name, myhostname, clnt_chal); + + /* turn parameters into data stream */ + if (net_io_q_req_chal("", &q_c, &buf, 0) && + rpc_con_pipe_req(con, NET_REQCHAL, &buf, &rbuf)) + { + NET_R_REQ_CHAL r_c; + + net_io_r_req_chal("", &r_c, &rbuf, 0); + status = (rbuf.offset == 0) ? NT_STATUS_INVALID_PARAMETER : 0; + + if (status == 0x0 && r_c.status != 0) + { + /* report error code */ + DEBUG(5, + ("cli_net_req_chal: Error %s\n", + get_nt_error_msg(r_c.status))); + status = r_c.status; + } + + if (status == 0x0) + { + /* ok, at last: we're happy. return the challenge */ + memcpy(srv_chal, r_c.srv_chal.data, + sizeof(srv_chal->data)); + } + } + else + { + DEBUG(5, ("rpc_con_pipe_req FAILED\n")); + status = NT_STATUS_ACCESS_DENIED; } - if (srv_chal == NULL || clnt_chal == NULL) - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - - /* create and send a MSRPC command with api NET_REQCHAL */ - - DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n", - srv_name, myhostname, credstr(clnt_chal->data))); - - /* store the parameters */ - make_q_req_chal(&q_c, srv_name, myhostname, clnt_chal); - - /* turn parameters into data stream */ - if (net_io_q_req_chal("", &q_c, &buf, 0) && - rpc_con_pipe_req(con, NET_REQCHAL, &buf, &rbuf)) - { - NET_R_REQ_CHAL r_c; - - net_io_r_req_chal("", &r_c, &rbuf, 0); - status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0; - - if (status == 0x0 && r_c.status != 0) - { - /* report error code */ - DEBUG(5,("cli_net_req_chal: Error %s\n", get_nt_error_msg(r_c.status))); - status = r_c.status; - } - - if (status == 0x0) - { - /* ok, at last: we're happy. return the challenge */ - memcpy(srv_chal, r_c.srv_chal.data, sizeof(srv_chal->data)); - } - } - else - { - DEBUG(5,("rpc_con_pipe_req FAILED\n")); - status = 0xC0000000 | NT_STATUS_ACCESS_DENIED; - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return status; + prs_free_data(&rbuf); + prs_free_data(&buf); + + return status; } /*************************************************************************** LSA Server Password Set. ****************************************************************************/ -BOOL cli_net_srv_pwset(const char* srv_name, - const char* myhostname, - const char* trust_acct, - const uint8 hashed_trust_pwd[16], - uint16 sec_chan_type) +BOOL cli_net_srv_pwset(const char *srv_name, + const char *myhostname, + const char *trust_acct, + const uint8 hashed_trust_pwd[16], uint16 sec_chan_type) { - prs_struct rbuf; - prs_struct buf; - DOM_CRED new_clnt_cred; - NET_Q_SRV_PWSET q_s; - BOOL ok = False; - unsigned char processed_new_pwd[16]; - /* Process the new password. */ + prs_struct rbuf; + prs_struct buf; + DOM_CRED new_clnt_cred; + NET_Q_SRV_PWSET q_s; + BOOL ok = False; + unsigned char processed_new_pwd[16]; + /* Process the new password. */ uint8 sess_key[16]; - + struct cli_connection *con = NULL; if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) @@ -325,152 +330,172 @@ BOOL cli_net_srv_pwset(const char* srv_name, return False; } - cred_hash3( processed_new_pwd, hashed_trust_pwd, sess_key, 1); - - cli_con_gen_next_creds( con, &new_clnt_cred); - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - - /* create and send a MSRPC command with api NET_SRV_PWSET */ - - DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n", - srv_name, trust_acct, sec_chan_type, myhostname, - credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time)); - - /* store the parameters */ - make_q_srv_pwset(&q_s, srv_name, trust_acct, sec_chan_type, - myhostname, &new_clnt_cred, (char *)processed_new_pwd); - - /* turn parameters into data stream */ - if (net_io_q_srv_pwset("", &q_s, &buf, 0) && - rpc_con_pipe_req(con, NET_SRVPWSET, &buf, &rbuf)) - { - NET_R_SRV_PWSET r_s; - - net_io_r_srv_pwset("", &r_s, &rbuf, 0); - ok = (rbuf.offset != 0); - - if (ok && r_s.status != 0) - { - /* report error code */ - DEBUG(5,("cli_net_srv_pwset: %s\n", get_nt_error_msg(r_s.status))); - ok = False; - } - - /* Update the credentials. */ - if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_cred))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(5,("cli_net_srv_pwset: server %s replied with bad credential \ -(bad trust account password ?).\n", srv_name)); - ok = False; - } - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return ok; + cred_hash3(processed_new_pwd, hashed_trust_pwd, sess_key, 1); + + cli_con_gen_next_creds(con, &new_clnt_cred); + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + + /* create and send a MSRPC command with api NET_SRV_PWSET */ + + DEBUG(4, + ("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n", + srv_name, trust_acct, sec_chan_type, myhostname, + credstr(new_clnt_cred.challenge.data), + new_clnt_cred.timestamp.time)); + + /* store the parameters */ + make_q_srv_pwset(&q_s, srv_name, trust_acct, sec_chan_type, + myhostname, &new_clnt_cred, + (char *)processed_new_pwd); + + /* turn parameters into data stream */ + if (net_io_q_srv_pwset("", &q_s, &buf, 0) && + rpc_con_pipe_req(con, NET_SRVPWSET, &buf, &rbuf)) + { + NET_R_SRV_PWSET r_s; + + net_io_r_srv_pwset("", &r_s, &rbuf, 0); + ok = (rbuf.offset != 0); + + if (ok && r_s.status != 0) + { + /* report error code */ + DEBUG(5, + ("cli_net_srv_pwset: %s\n", + get_nt_error_msg(r_s.status))); + ok = False; + } + + /* Update the credentials. */ + if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_cred))) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(5, + ("cli_net_srv_pwset: server %s replied with bad credential \ +(bad trust account password ?).\n", + srv_name)); + ok = False; + } + } + + prs_free_data(&rbuf); + prs_free_data(&buf); + + return ok; } /*************************************************************************** LSA SAM Logon. ****************************************************************************/ -uint32 cli_net_sam_logon(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr, - NET_USER_INFO_3 *user_info3) +uint32 cli_net_sam_logon(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * idc, NET_USER_INFO_CTR * ctr) { - DOM_CRED new_clnt_cred; - DOM_CRED dummy_rtn_creds; - prs_struct rbuf; - prs_struct buf; - uint16 validation_level = 3; - NET_Q_SAM_LOGON q_s; - uint32 status = 0x0; + DOM_CRED new_clnt_cred; + DOM_CRED dummy_rtn_creds; + prs_struct rbuf; + prs_struct buf; + NET_Q_SAM_LOGON q_s; + uint32 status = 0x0; struct cli_connection *con = NULL; if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) { - return 0xC0000000 | NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; } - cli_con_gen_next_creds( con, &new_clnt_cred); + cli_con_gen_next_creds(con, &new_clnt_cred); - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); - /* create and send a MSRPC command with api NET_SAMLOGON */ + /* create and send a MSRPC command with api NET_SAMLOGON */ - DEBUG(4,("cli_net_sam_logon: srv:%s mc:%s ll: %d\n", - srv_name, myhostname, - ctr->switch_value)); + DEBUG(4, ("cli_net_sam_logon: srv:%s mc:%s ll: %d\n", + srv_name, myhostname, idc->switch_value)); - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); + memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); dummy_rtn_creds.timestamp.time = time(NULL); - /* store the parameters */ - make_sam_info(&(q_s.sam_id), srv_name, myhostname, - &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr); - - q_s.validation_level = validation_level; - - /* turn parameters into data stream */ - if (net_io_q_sam_logon("", &q_s, &buf, 0) && - rpc_con_pipe_req(con, NET_SAMLOGON, &buf, &rbuf)) - { - NET_R_SAM_LOGON r_s; - - r_s.ctr.usr.id3 = user_info3; - - net_io_r_sam_logon("", &r_s, &rbuf, 0); - status = (rbuf.offset == 0) ? 0xC0000000 | NT_STATUS_INVALID_PARAMETER : 0; - - if (status != 0x0) - { - /* report error code */ - DEBUG(5,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status))); - } - - if (status == 0x0) - { - /* report error code */ - DEBUG(5,("cli_net_sam_logon: %s\n", get_nt_error_msg(r_s.status))); - status = r_s.status; - } - - /* Update the credentials. */ - if (status == 0x0 && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(5,("cli_net_sam_logon: server %s replied with bad credential \ -(bad trust account password ?).\n", srv_name)); - status = 0xC0000000 | NT_STATUS_LOGON_FAILURE; - } - - if (status == 0x0 && r_s.ctr.switch_value != 3) - { - /* report different switch_value */ - DEBUG(5,("cli_net_sam_logon: switch_value of 3 expected %x\n", - r_s.ctr.switch_value)); - status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; - } - } - else - { - status = 0xC0000000 | NT_STATUS_INVALID_PARAMETER; - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return status; + /* store the parameters */ + make_sam_info(&(q_s.sam_id), srv_name, myhostname, + &new_clnt_cred, &dummy_rtn_creds, idc->switch_value, + idc); + + q_s.validation_level = ctr->switch_value; + + /* turn parameters into data stream */ + if (net_io_q_sam_logon("", &q_s, &buf, 0) && + rpc_con_pipe_req(con, NET_SAMLOGON, &buf, &rbuf)) + { + NET_R_SAM_LOGON r_s; + + net_io_r_sam_logon("", &r_s, &rbuf, 0); + + if (rbuf.offset == 0) + { + status = NT_STATUS_INVALID_PARAMETER; + } + + if (status != 0x0) + { + /* report error code */ + DEBUG(5, + ("cli_net_sam_logon: %s\n", + get_nt_error_msg(r_s.status))); + } + + if (status == 0x0) + { + /* report error code */ + DEBUG(5, + ("cli_net_sam_logon: %s\n", + get_nt_error_msg(r_s.status))); + status = r_s.status; + } + + /* Update the credentials. */ + if (status == 0x0 + && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(5, + ("cli_net_sam_logon: server %s replied with bad credential \ +(bad trust account password ?).\n", + srv_name)); + status = NT_STATUS_LOGON_FAILURE; + } + + if (status == 0x0 && r_s.ctr.switch_value != ctr->switch_value) + { + /* report different switch_value */ + DEBUG(5, + ("cli_net_sam_logon: wrong switch value %x\n", + r_s.ctr.switch_value)); + status = NT_STATUS_INVALID_INFO_CLASS; + } + + if (status == 0x0) + { + *ctr = r_s.ctr; + } + } + else + { + status = NT_STATUS_INVALID_PARAMETER; + } + + prs_free_data(&rbuf); + prs_free_data(&buf); + + return status; } /*************************************************************************** @@ -482,15 +507,15 @@ send a different info level. Right now though, I'm not sure what that needs to be (I need to see one on the wire before I can be sure). JRA. ****************************************************************************/ -BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, - NET_ID_INFO_CTR *ctr) +BOOL cli_net_sam_logoff(const char *srv_name, const char *myhostname, + NET_ID_INFO_CTR * ctr) { - DOM_CRED new_clnt_cred; - DOM_CRED dummy_rtn_creds; - prs_struct rbuf; - prs_struct buf; - NET_Q_SAM_LOGOFF q_s; - BOOL ok = False; + DOM_CRED new_clnt_cred; + DOM_CRED dummy_rtn_creds; + prs_struct rbuf; + prs_struct buf; + NET_Q_SAM_LOGOFF q_s; + BOOL ok = False; struct cli_connection *con = NULL; @@ -499,74 +524,78 @@ BOOL cli_net_sam_logoff(const char* srv_name, const char* myhostname, return False; } - cli_con_gen_next_creds( con, &new_clnt_cred); - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - - /* create and send a MSRPC command with api NET_SAMLOGOFF */ - - DEBUG(4,("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n", - srv_name, myhostname, - credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time, - ctr->switch_value)); - - memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); - - /* store the parameters */ - make_sam_info(&(q_s.sam_id), srv_name, myhostname, - &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, ctr); - - /* turn parameters into data stream */ - if (net_io_q_sam_logoff("", &q_s, &buf, 0) && - rpc_con_pipe_req(con, NET_SAMLOGOFF, &buf, &rbuf)) - { - NET_R_SAM_LOGOFF r_s; - - net_io_r_sam_logoff("", &r_s, &rbuf, 0); - ok = (rbuf.offset != 0); - - if (ok && r_s.status != 0) - { - /* report error code */ - DEBUG(5,("cli_net_sam_logoff: %s\n", get_nt_error_msg(r_s.status))); - ok = False; - } - - /* Update the credentials. */ - if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) - { - /* - * Server replied with bad credential. Fail. - */ - DEBUG(5,("cli_net_sam_logoff: server %s replied with bad credential \ -(bad trust account password ?).\n", srv_name )); - ok = False; - } - } - - prs_free_data(&rbuf); - prs_free_data(&buf ); - - return ok; + cli_con_gen_next_creds(con, &new_clnt_cred); + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + + /* create and send a MSRPC command with api NET_SAMLOGOFF */ + + DEBUG(4, ("cli_net_sam_logoff: srv:%s mc:%s clnt %s %x ll: %d\n", + srv_name, myhostname, + credstr(new_clnt_cred.challenge.data), + new_clnt_cred.timestamp.time, ctr->switch_value)); + + memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds)); + + /* store the parameters */ + make_sam_info(&(q_s.sam_id), srv_name, myhostname, + &new_clnt_cred, &dummy_rtn_creds, ctr->switch_value, + ctr); + + /* turn parameters into data stream */ + if (net_io_q_sam_logoff("", &q_s, &buf, 0) && + rpc_con_pipe_req(con, NET_SAMLOGOFF, &buf, &rbuf)) + { + NET_R_SAM_LOGOFF r_s; + + net_io_r_sam_logoff("", &r_s, &rbuf, 0); + ok = (rbuf.offset != 0); + + if (ok && r_s.status != 0) + { + /* report error code */ + DEBUG(5, + ("cli_net_sam_logoff: %s\n", + get_nt_error_msg(r_s.status))); + ok = False; + } + + /* Update the credentials. */ + if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) + { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(5, + ("cli_net_sam_logoff: server %s replied with bad credential \ +(bad trust account password ?).\n", + srv_name)); + ok = False; + } + } + + prs_free_data(&rbuf); + prs_free_data(&buf); + + return ok; } /*************************************************************************** Synchronise SAM Database (requires SEC_CHAN_BDC). ****************************************************************************/ -BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, - uint32 database_id, - uint32 *num_deltas, - SAM_DELTA_HDR *hdr_deltas, - SAM_DELTA_CTR *deltas) +BOOL cli_net_sam_sync(const char *srv_name, const char *myhostname, + uint32 database_id, + uint32 * num_deltas, + SAM_DELTA_HDR * hdr_deltas, SAM_DELTA_CTR * deltas) { NET_Q_SAM_SYNC q_s; prs_struct rbuf; - prs_struct buf; + prs_struct buf; DOM_CRED new_clnt_cred; BOOL ok = False; uint8 sess_key[16]; - + struct cli_connection *con = NULL; if (!cli_connection_getsrv(srv_name, PIPE_NETLOGON, &con)) @@ -580,17 +609,17 @@ BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, } cli_con_gen_next_creds(con, &new_clnt_cred); - - prs_init(&buf , 0, 4, False); - prs_init(&rbuf, 0, 4, True ); - + + prs_init(&buf, 0, 4, False); + prs_init(&rbuf, 0, 4, True); + /* create and send a MSRPC command with api NET_SAM_SYNC */ - + make_q_sam_sync(&q_s, srv_name, myhostname, &new_clnt_cred, database_id); - + /* turn parameters into data stream */ - if (net_io_q_sam_sync("", &q_s, &buf, 0) && + if (net_io_q_sam_sync("", &q_s, &buf, 0) && rpc_con_pipe_req(con, NET_SAM_SYNC, &buf, &rbuf)) { NET_R_SAM_SYNC r_s; @@ -601,17 +630,21 @@ BOOL cli_net_sam_sync( const char* srv_name, const char* myhostname, net_io_r_sam_sync("", sess_key, &r_s, &rbuf, 0); ok = (rbuf.offset != 0); - if (ok && r_s.status != 0 && r_s.status != STATUS_MORE_ENTRIES) + if (ok && r_s.status != 0 + && r_s.status != STATUS_MORE_ENTRIES) { /* report error code */ - DEBUG(5,("cli_net_sam_sync: %s\n", get_nt_error_msg(r_s.status))); + DEBUG(5, + ("cli_net_sam_sync: %s\n", + get_nt_error_msg(r_s.status))); ok = False; } - + /* Update the credentials. */ if (ok && !cli_con_deal_with_creds(con, &(r_s.srv_creds))) { - DEBUG(5,("cli_net_sam_sync: server %s replied with bad \ + DEBUG(5, + ("cli_net_sam_sync: server %s replied with bad \ credential (bad trust account password ?).\n", srv_name)); ok = False; } @@ -626,9 +659,9 @@ credential (bad trust account password ?).\n", srv_name)); } } } - + prs_free_data(&rbuf); - prs_free_data(&buf ); - + prs_free_data(&buf); + return ok; } |