From 4ba2096a0390529bcfb01fc1fd0569d2ea27850d Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 9 Mar 2000 04:30:57 +0000 Subject: login validation level 2 and 3 negotiated from netr_auth2 neg_flags. --- source/include/proto.h | 202 +++++++++++++++++++++++-------------- source/include/rpc_client_proto.h | 36 ++++--- source/include/rpc_parse_proto.h | 1 + source/include/rpc_samr.h | 12 +++ source/include/winbindd_proto.h | 1 + source/rpc_client/cli_login.c | 61 +++++++---- source/rpc_client/msrpc_netlogon.c | 17 +++- source/rpc_client/msrpc_samr.c | 4 +- source/rpc_parse/parse_prs.c | 2 +- source/rpc_parse/parse_samr.c | 88 ++++++++++++---- source/rpcclient/cmd_netlogon.c | 9 +- source/samrd/srv_samr_dom_tdb.c | 5 + source/samrd/srv_samr_passdb.c | 5 + 13 files changed, 299 insertions(+), 144 deletions(-) diff --git a/source/include/proto.h b/source/include/proto.h index 3b6c2dd4fd8..a0d3587f32d 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -2167,7 +2167,8 @@ uint32 cli_nt_setup_creds(const char *srv_name, const char *domain, const char *myhostname, const char *trust_acct, - const uchar trust_pwd[16], uint16 sec_chan); + const uchar trust_pwd[16], uint16 sec_chan, + uint16 *validation_level); BOOL cli_nt_srv_pwset(const char *srv_name, const char *myhostname, const char *trust_acct, const uchar * new_hashof_trust_pwd, uint16 sec_chan); @@ -2175,22 +2176,27 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char *general, - NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3); uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, - const char *domain, const char *username, - uint32 luid_low, - const uchar * lm_owf_user_pwd, - const uchar * nt_owf_user_pwd, - NET_ID_INFO_CTR * ctr, - NET_USER_INFO_3 * user_info3); + const char *domain, const char *username, + uint32 luid_low, + const uchar * lm_owf_user_pwd, + const uchar * nt_owf_user_pwd, + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3); uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, - const char *domain, const char *username, - uint32 luid_low, const char lm_chal[8], - const char *lm_chal_resp, - int lm_chal_len, - const char *nt_chal_resp, - int nt_chal_len, - NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); + const char *domain, const char *username, + uint32 luid_low, const char lm_chal[8], + const char *lm_chal_resp, + int lm_chal_len, + const char *nt_chal_resp, + int nt_chal_len, + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3); BOOL cli_nt_logoff(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr); BOOL net_sam_sync(const char *srv_name, @@ -4435,70 +4441,110 @@ void smbd_process(void); /*The following definitions come from smbd/reply.c */ -int reply_special(char *inbuf,char *outbuf); -int reply_tcon(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_unknown(char *inbuf,char *outbuf); -int reply_ioctl(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_chkpth(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_getatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_setatr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_dskattr(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_fclose(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_open(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_open_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_ulogoffX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_unlink(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_size, int dum_buffsize); -int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length, int dum_buffsiz); -int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int dum_size,int dum_buffsize); -int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_lseek(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_flush(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_exit(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_close(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_writeclose(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_lock(connection_struct *conn, - char *inbuf,char *outbuf, int length, int dum_buffsize); -int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_tdis(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_echo(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_printopen(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_printclose(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_printqueue(connection_struct *conn, - char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_printwrite(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_mkdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_rmdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int rename_internals(connection_struct *conn, - char *inbuf, char *outbuf, char *name, +int reply_special(char *inbuf, char *outbuf); +int reply_tcon(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_tcon_and_X(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_unknown(char *inbuf, char *outbuf); +int reply_ioctl(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_sesssetup_and_X(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_chkpth(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_getatr(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_setatr(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_dskattr(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_search(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_fclose(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_open(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_open_and_X(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_ulogoffX(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_mknew(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_ctemp(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_unlink(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_readbraw(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_lockread(connection_struct * conn, char *inbuf, char *outbuf, + int length, int dum_buffsiz); +int reply_read(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_read_and_X(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_writebraw(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_writeunlock(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_write(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_write_and_X(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_lseek(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_flush(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_exit(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_close(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_writeclose(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, + int dum_buffsize); +int reply_lock(connection_struct * conn, + char *inbuf, char *outbuf, int length, int dum_buffsize); +int reply_unlock(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_tdis(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_echo(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_printopen(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, int dum_buffsize); +int reply_printclose(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, + int dum_buffsize); +int reply_printqueue(connection_struct * conn, + char *inbuf, char *outbuf, int dum_size, + int dum_buffsize); +int reply_printwrite(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_mkdir(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_rmdir(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int rename_internals(connection_struct * conn, + char *inbuf, char *outbuf, char *name, char *newname, BOOL replace_if_exists); -int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize); -int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_writebs(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_setattrE(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); -int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize); +int reply_mv(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_copy(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_setdir(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_lockingX(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_readbmpx(connection_struct * conn, char *inbuf, char *outbuf, + int length, int bufsize); +int reply_writebmpx(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_writebs(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_setattrE(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); +int reply_getattrE(connection_struct * conn, char *inbuf, char *outbuf, + int dum_size, int dum_buffsize); /*The following definitions come from smbd/server.c */ diff --git a/source/include/rpc_client_proto.h b/source/include/rpc_client_proto.h index 9dfc89fc204..897265ffad6 100644 --- a/source/include/rpc_client_proto.h +++ b/source/include/rpc_client_proto.h @@ -83,7 +83,8 @@ uint32 cli_nt_setup_creds(const char *srv_name, const char *domain, const char *myhostname, const char *trust_acct, - const uchar trust_pwd[16], uint16 sec_chan); + const uchar trust_pwd[16], uint16 sec_chan, + uint16 *validation_level); BOOL cli_nt_srv_pwset(const char *srv_name, const char *myhostname, const char *trust_acct, const uchar * new_hashof_trust_pwd, uint16 sec_chan); @@ -91,22 +92,27 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char *general, - NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3); uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, - const char *domain, const char *username, - uint32 luid_low, - const uchar * lm_owf_user_pwd, - const uchar * nt_owf_user_pwd, - NET_ID_INFO_CTR * ctr, - NET_USER_INFO_3 * user_info3); + const char *domain, const char *username, + uint32 luid_low, + const uchar * lm_owf_user_pwd, + const uchar * nt_owf_user_pwd, + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3); uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, - const char *domain, const char *username, - uint32 luid_low, const char lm_chal[8], - const char *lm_chal_resp, - int lm_chal_len, - const char *nt_chal_resp, - int nt_chal_len, - NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3); + const char *domain, const char *username, + uint32 luid_low, const char lm_chal[8], + const char *lm_chal_resp, + int lm_chal_len, + const char *nt_chal_resp, + int nt_chal_len, + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3); BOOL cli_nt_logoff(const char *srv_name, const char *myhostname, NET_ID_INFO_CTR * ctr); BOOL net_sam_sync(const char *srv_name, diff --git a/source/include/rpc_parse_proto.h b/source/include/rpc_parse_proto.h index 1aac58e4023..b5fc732a9c1 100644 --- a/source/include/rpc_parse_proto.h +++ b/source/include/rpc_parse_proto.h @@ -436,6 +436,7 @@ BOOL samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO * q_u, BOOL make_unk_info3(SAM_UNK_INFO_3 * u_3); BOOL make_unk_info6(SAM_UNK_INFO_6 * u_6); BOOL make_unk_info7(SAM_UNK_INFO_7 * u_7); +BOOL make_unk_info12(SAM_UNK_INFO_12 * u_12); BOOL make_unk_info2(SAM_UNK_INFO_2 * u_2, char *domain, char *server); BOOL make_unk_info1(SAM_UNK_INFO_1 * u_1); BOOL make_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO * r_u, diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h index 5f1fc20268e..68e0e85e462 100644 --- a/source/include/rpc_samr.h +++ b/source/include/rpc_samr.h @@ -439,6 +439,17 @@ typedef struct sam_unknown_info_7_info } SAM_UNK_INFO_7; +typedef struct sam_unknown_info_12_inf +{ + uint32 unknown_0; /* 0xcf1d cc00 */ + uint32 unknown_1; /* 0xffff fffb */ + uint32 unknown_2; /* 0xcf1d cc00 */ + uint32 unknown_3; /* 0xffff fffb */ + + uint32 unknown_4; /* 0x8a88 0000 */ + +} SAM_UNK_INFO_12; + typedef struct sam_unknown_info_2_inf { uint32 unknown_0; /* 0x0000 0000 */ @@ -488,6 +499,7 @@ typedef struct sam_unknown_ctr_info SAM_UNK_INFO_3 inf3; SAM_UNK_INFO_6 inf6; SAM_UNK_INFO_7 inf7; + SAM_UNK_INFO_12 inf12; } info; diff --git a/source/include/winbindd_proto.h b/source/include/winbindd_proto.h index a79c8b2e598..881b69097ac 100644 --- a/source/include/winbindd_proto.h +++ b/source/include/winbindd_proto.h @@ -2170,6 +2170,7 @@ BOOL samr_io_q_query_dom_info(char *desc, SAMR_Q_QUERY_DOMAIN_INFO * q_u, BOOL make_unk_info3(SAM_UNK_INFO_3 * u_3); BOOL make_unk_info6(SAM_UNK_INFO_6 * u_6); BOOL make_unk_info7(SAM_UNK_INFO_7 * u_7); +BOOL make_unk_info12(SAM_UNK_INFO_12 * u_12); BOOL make_unk_info2(SAM_UNK_INFO_2 * u_2, char *domain, char *server); BOOL make_unk_info1(SAM_UNK_INFO_1 * u_1); BOOL make_samr_r_query_dom_info(SAMR_R_QUERY_DOMAIN_INFO * r_u, diff --git a/source/rpc_client/cli_login.c b/source/rpc_client/cli_login.c index 9316e61f0fa..9a7f0cbddd6 100644 --- a/source/rpc_client/cli_login.c +++ b/source/rpc_client/cli_login.c @@ -34,7 +34,8 @@ uint32 cli_nt_setup_creds(const char *srv_name, const char *domain, const char *myhostname, const char *trust_acct, - const uchar trust_pwd[16], uint16 sec_chan) + const uchar trust_pwd[16], uint16 sec_chan, + uint16 * validation_level) { DOM_CHAL clnt_chal; DOM_CHAL srv_chal; @@ -49,7 +50,8 @@ uint32 cli_nt_setup_creds(const char *srv_name, generate_random_buffer(clnt_chal.data, 8, False); /* send a client challenge; receive a server challenge */ - status = cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); + status = + cli_net_req_chal(srv_name, myhostname, &clnt_chal, &srv_chal); if (status != 0) { DEBUG(1, ("cli_nt_setup_creds: request challenge failed\n")); @@ -78,7 +80,7 @@ uint32 cli_nt_setup_creds(const char *srv_name, * Receive an auth-2 challenge response and check it. */ status = cli_net_auth2(srv_name, trust_acct, myhostname, - sec_chan, &neg_flags, &srv_chal); + sec_chan, &neg_flags, &srv_chal); if (status != 0x0) { DEBUG(1, @@ -118,6 +120,16 @@ uint32 cli_nt_setup_creds(const char *srv_name, return NT_STATUS_ACCESS_DENIED | 0xC0000000; } } + + if (IS_BITS_SET_ALL(neg_flags, 0x40)) + { + (*validation_level) = 3; + } + else + { + (*validation_level) = 2; + } + return status; } @@ -150,12 +162,14 @@ BOOL cli_nt_login_general(const char *srv_name, const char *myhostname, const char *domain, const char *username, uint32 luid_low, const char *general, - NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3) { uint8 sess_key[16]; NET_USER_INFO_CTR user_ctr; uint32 status; - user_ctr.switch_value = 2; + user_ctr.switch_value = validation_level; DEBUG(5, ("cli_nt_login_general: %d\n", __LINE__)); @@ -195,17 +209,18 @@ password equivalents, protected by the session key) is inherently insecure given the current design of the NT Domain system. JRA. ****************************************************************************/ uint32 cli_nt_login_interactive(const char *srv_name, const char *myhostname, - const char *domain, const char *username, - uint32 luid_low, - const uchar * lm_owf_user_pwd, - const uchar * nt_owf_user_pwd, - NET_ID_INFO_CTR * ctr, - NET_USER_INFO_3 * user_info3) + const char *domain, const char *username, + uint32 luid_low, + const uchar * lm_owf_user_pwd, + const uchar * nt_owf_user_pwd, + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3) { uint32 status; uint8 sess_key[16]; NET_USER_INFO_CTR user_ctr; - user_ctr.switch_value = 2; + user_ctr.switch_value = validation_level; DEBUG(5, ("cli_nt_login_interactive: %d\n", __LINE__)); @@ -250,18 +265,20 @@ password equivalents over the network. JRA. ****************************************************************************/ uint32 cli_nt_login_network(const char *srv_name, const char *myhostname, - const char *domain, const char *username, - uint32 luid_low, const char lm_chal[8], - const char *lm_chal_resp, - int lm_chal_len, - const char *nt_chal_resp, - int nt_chal_len, - NET_ID_INFO_CTR * ctr, NET_USER_INFO_3 * user_info3) + const char *domain, const char *username, + uint32 luid_low, const char lm_chal[8], + const char *lm_chal_resp, + int lm_chal_len, + const char *nt_chal_resp, + int nt_chal_len, + NET_ID_INFO_CTR * ctr, + uint16 validation_level, + NET_USER_INFO_3 * user_info3) { uint8 sess_key[16]; uint32 status; NET_USER_INFO_CTR user_ctr; - user_ctr.switch_value = 2; + user_ctr.switch_value = validation_level; DEBUG(5, ("cli_nt_login_network: %d\n", __LINE__)); @@ -327,6 +344,7 @@ BOOL net_sam_sync(const char *srv_name, SAM_DELTA_CTR deltas[MAX_SAM_DELTAS], uint32 * num_deltas) { BOOL res = True; + uint16 validation_level; *num_deltas = 0; @@ -335,7 +353,8 @@ BOOL net_sam_sync(const char *srv_name, res = res ? cli_nt_setup_creds(srv_name, domain, myhostname, trust_acct, trust_passwd, - SEC_CHAN_BDC) == 0x0 : False; + SEC_CHAN_BDC, + &validation_level) == 0x0 : False; memset(trust_passwd, 0, 16); diff --git a/source/rpc_client/msrpc_netlogon.c b/source/rpc_client/msrpc_netlogon.c index d42406aaa4b..afb58874ad3 100644 --- a/source/rpc_client/msrpc_netlogon.c +++ b/source/rpc_client/msrpc_netlogon.c @@ -43,12 +43,14 @@ BOOL modify_trust_password(const char *domain, const char *srv_name, uint16 sec_chan) { fstring trust_acct; + uint16 validation_level; fstrcpy(trust_acct, global_myname); fstrcat(trust_acct, "$"); if (cli_nt_setup_creds(srv_name, domain, global_myname, trust_acct, - orig_trust_passwd_hash, sec_chan) != 0x0) + orig_trust_passwd_hash, sec_chan, + &validation_level) != 0x0) { return False; } @@ -82,6 +84,7 @@ static uint32 domain_client_validate(const char *user, const char *domain, fstring trust_acct; fstring srv_name; fstring sec_name; + uint16 validation_level; BOOL cleartext = smb_apasslen != 0 && smb_apasslen != 24 && smb_ntpasslen == 0; @@ -131,7 +134,8 @@ static uint32 domain_client_validate(const char *user, const char *domain, status = cli_nt_setup_creds(srv_name, domain, global_myname, - trust_acct, trust_passwd, acct_type); + trust_acct, trust_passwd, acct_type, + &validation_level); if (status != 0x0) { DEBUG(0, ("domain_client_validate: credentials failed (%s)\n", @@ -149,7 +153,8 @@ static uint32 domain_client_validate(const char *user, const char *domain, domain, user, smb_uid_low, smb_apasswd, smb_ntpasswd, - &ctr, info3); + &ctr, validation_level, + info3); } else if (challenge == NULL) { @@ -157,7 +162,8 @@ static uint32 domain_client_validate(const char *user, const char *domain, global_myname, domain, user, smb_uid_low, - smb_apasswd, &ctr, info3); + smb_apasswd, &ctr, + validation_level, info3); } else { @@ -169,7 +175,8 @@ static uint32 domain_client_validate(const char *user, const char *domain, (const uchar *)smb_apasswd, smb_apasslen, (const uchar *)smb_ntpasswd, - smb_ntpasslen, &ctr, info3); + smb_ntpasslen, &ctr, + validation_level, info3); } if (status == diff --git a/source/rpc_client/msrpc_samr.c b/source/rpc_client/msrpc_samr.c index 7815e173a94..320789afb34 100644 --- a/source/rpc_client/msrpc_samr.c +++ b/source/rpc_client/msrpc_samr.c @@ -2,8 +2,8 @@ Unix SMB/Netbios implementation. Version 1.9. NT Domain Authentication SMB / MSRPC client - Copyright (C) Andrew Tridgell 1994-1999 - Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + Copyright (C) Andrew Tridgell 1994-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index e8f30d32f7d..2a2d4ebe98b 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -292,7 +292,7 @@ void prs_free_data(prs_struct * buf) if (buf->data != NULL) { CHECK_STRUCT(buf); - free(buf->data); /* delete data in this structure */ + safe_free(buf->data); /* delete data in this structure */ buf->data = NULL; } buf->data_size = 0; diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 3af6b51d144..eaeffb2a737 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -553,6 +553,47 @@ static BOOL sam_io_unk_info7(char *desc, SAM_UNK_INFO_7 * u_7, return True; } +/******************************************************************* +makes a structure. +********************************************************************/ +BOOL make_unk_info12(SAM_UNK_INFO_12 * u_12) +{ + if (u_12 == NULL) + return False; + + u_12->unknown_0 = 0xcf1dcc00; + u_12->unknown_1 = 0xfffffffb; + u_12->unknown_2 = 0xcf1dcc00; + u_12->unknown_3 = 0xfffffffb; + + u_12->unknown_4 = 0x8a880000; + + return True; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +static BOOL sam_io_unk_info12(char *desc, SAM_UNK_INFO_12 * u_12, + prs_struct * ps, int depth) +{ + if (u_12 == NULL) + return False; + + prs_debug(ps, depth, desc, "sam_io_unk_info12"); + depth++; + + prs_uint32("unknown_0", ps, depth, &u_12->unknown_0); + prs_uint32("unknown_1", ps, depth, &u_12->unknown_1); + prs_uint32("unknown_2", ps, depth, &u_12->unknown_2); + prs_uint32("unknown_3", ps, depth, &u_12->unknown_3); + prs_uint32("unknown_4", ps, depth, &u_12->unknown_4); + + prs_align(ps); + + return True; +} + /******************************************************************* makes a structure. ********************************************************************/ @@ -602,35 +643,35 @@ static BOOL sam_io_unk_info2(char *desc, SAM_UNK_INFO_2 * u_2, prs_debug(ps, depth, desc, "sam_io_unk_info2"); depth++; - prs_uint32("unknown_0", ps, depth, &u_2->unknown_0); /* 0x0000 0000 */ - prs_uint32("unknown_1", ps, depth, &u_2->unknown_1); /* 0x8000 0000 */ - prs_uint32("unknown_2", ps, depth, &u_2->unknown_2); /* 0x0000 0000 */ + prs_uint32("unknown_0", ps, depth, &u_2->unknown_0); /* 0x0000 0000 */ + prs_uint32("unknown_1", ps, depth, &u_2->unknown_1); /* 0x8000 0000 */ + prs_uint32("unknown_2", ps, depth, &u_2->unknown_2); /* 0x0000 0000 */ - prs_uint32("ptr_0", ps, depth, &u_2->ptr_0); /* pointer to unknown structure */ - smb_io_unihdr("hdr_domain", &u_2->hdr_domain, ps, depth); /* domain name unicode header */ - smb_io_unihdr("hdr_server", &u_2->hdr_server, ps, depth); /* server name unicode header */ + prs_uint32("ptr_0", ps, depth, &u_2->ptr_0); + smb_io_unihdr("hdr_domain", &u_2->hdr_domain, ps, depth); + smb_io_unihdr("hdr_server", &u_2->hdr_server, ps, depth); /* put all the data in here, at the moment, including what the above pointer is referring to */ - prs_uint32("seq_num ", ps, depth, &u_2->seq_num); /* 0x0000 0099 or 0x1000 0000 */ - prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3); /* 0x0000 0000 */ + prs_uint32("seq_num ", ps, depth, &u_2->seq_num); /* 0x0000 0099 or 0x1000 0000 */ + prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3); /* 0x0000 0000 */ - prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4); /* 0x0000 0001 */ - prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5); /* 0x0000 0003 */ - prs_uint32("unknown_6 ", ps, depth, &u_2->unknown_6); /* 0x0000 0001 */ - prs_uint32("num_domain_usrs ", ps, depth, &u_2->num_domain_usrs); /* 0x0000 0008 */ - prs_uint32("num_domain_grps", ps, depth, &u_2->num_domain_grps); /* 0x0000 0003 */ - prs_uint32("num_local_grps", ps, depth, &u_2->num_local_grps); /* 0x0000 0003 */ + prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4); /* 0x0000 0001 */ + prs_uint32("unknown_5 ", ps, depth, &u_2->unknown_5); /* 0x0000 0003 */ + prs_uint32("unknown_6 ", ps, depth, &u_2->unknown_6); /* 0x0000 0001 */ + prs_uint32("num_domain_usrs ", ps, depth, &u_2->num_domain_usrs); + prs_uint32("num_domain_grps", ps, depth, &u_2->num_domain_grps); + prs_uint32("num_local_grps", ps, depth, &u_2->num_local_grps); - prs_uint8s(False, "padding", ps, depth, u_2->padding, sizeof(u_2->padding)); /* 12 bytes zeros */ + prs_uint8s(False, "padding", ps, depth, u_2->padding, sizeof(u_2->padding)); smb_io_unistr2("uni_domain", &u_2->uni_domain, u_2->hdr_domain.buffer, - ps, depth); /* domain name unicode string */ + ps, depth); prs_align(ps); smb_io_unistr2("uni_server", &u_2->uni_server, u_2->hdr_server.buffer, - ps, depth); /* server name unicode string */ + ps, depth); prs_align(ps); @@ -665,10 +706,10 @@ static BOOL sam_io_unk_info1(char *desc, SAM_UNK_INFO_1 * u_1, prs_debug(ps, depth, desc, "sam_io_unk_info1"); depth++; - prs_uint8s(False, "padding", ps, depth, u_1->padding, sizeof(u_1->padding)); /* 12 bytes zeros */ + prs_uint8s(False, "padding", ps, depth, u_1->padding, sizeof(u_1->padding)); - prs_uint32("unknown_1", ps, depth, &u_1->unknown_1); /* 0x8000 0000 */ - prs_uint32("unknown_2", ps, depth, &u_1->unknown_2); /* 0x0000 0000 */ + prs_uint32("unknown_1", ps, depth, &u_1->unknown_1); /* 0x8000 0000 */ + prs_uint32("unknown_2", ps, depth, &u_1->unknown_2); /* 0x0000 0000 */ prs_align(ps); @@ -724,6 +765,13 @@ BOOL samr_io_r_query_dom_info(char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u, switch (r_u->switch_value) { + case 0x0c: + { + sam_io_unk_info12("unk_inf12", + &r_u->ctr->info.inf12, ps, + depth); + break; + } case 0x07: { sam_io_unk_info7("unk_inf7", diff --git a/source/rpcclient/cmd_netlogon.c b/source/rpcclient/cmd_netlogon.c index 9565c79df27..b6d36d844b2 100644 --- a/source/rpcclient/cmd_netlogon.c +++ b/source/rpcclient/cmd_netlogon.c @@ -52,6 +52,7 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[]) fstring trust_acct; fstring domain; char *p; + uint16 validation_level; fstring wks_name; fstring srv_name; @@ -158,7 +159,8 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[]) res = res ? cli_nt_setup_creds(srv_name, domain, info->myhostname, trust_acct, trust_passwd, - SEC_CHAN_WKSTA) == 0x0 : False; + SEC_CHAN_WKSTA, + &validation_level) == 0x0 : False; memset(trust_passwd, 0, 16); @@ -168,6 +170,7 @@ void cmd_netlogon_login_test(struct client_info *info, int argc, char *argv[]) domain, nt_user_name, getuid(), lm_pw, nt_pw, &info->dom.ctr, + validation_level, &info->dom.user_info3) == 0x0) : False; @@ -197,6 +200,7 @@ void cmd_netlogon_domain_test(struct client_info *info, int argc, fstring inter_dom_acct; fstring trust_sec_name; fstring domain; + uint16 validation_level; fstring wks_name; fstring srv_name; @@ -250,7 +254,8 @@ void cmd_netlogon_domain_test(struct client_info *info, int argc, res = res ? cli_nt_setup_creds(srv_name, domain, info->myhostname, inter_dom_acct, trust_passwd, - SEC_CHAN_DOMAIN) == 0x0 : False; + SEC_CHAN_DOMAIN, + &validation_level) == 0x0 : False; memset(trust_passwd, 0, 16); diff --git a/source/samrd/srv_samr_dom_tdb.c b/source/samrd/srv_samr_dom_tdb.c index 78a762dfdfe..260a0c176a7 100644 --- a/source/samrd/srv_samr_dom_tdb.c +++ b/source/samrd/srv_samr_dom_tdb.c @@ -861,6 +861,11 @@ uint32 _samr_query_dom_info(const POLICY_HND *domain_pol, switch (switch_value) { + case 0x0c: + { + make_unk_info12(&(ctr->info.inf12)); + break; + } case 0x07: { make_unk_info7(&(ctr->info.inf7)); diff --git a/source/samrd/srv_samr_passdb.c b/source/samrd/srv_samr_passdb.c index ebac22c4463..d577ea05f23 100644 --- a/source/samrd/srv_samr_passdb.c +++ b/source/samrd/srv_samr_passdb.c @@ -2310,6 +2310,11 @@ uint32 _samr_query_dom_info(const POLICY_HND *domain_pol, switch (switch_value) { + case 0x0c: + { + make_unk_info12(&(ctr->info.inf12)); + break; + } case 0x07: { make_unk_info7(&(ctr->info.inf7)); -- cgit v1.2.1