2 Unix SMB/Netbios implementation.
4 NT Domain Authentication SMB / MSRPC client
5 Copyright (C) Andrew Tridgell 1994-1997
6 Copyright (C) Luke Kenneth Casson Leighton 1996-1997
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 extern int DEBUGLEVEL
;
30 extern pstring username
;
31 extern pstring workgroup
;
33 #define CLIENT_TIMEOUT (30*1000)
38 /****************************************************************************
39 experimental nt login.
40 ****************************************************************************/
41 BOOL
do_nt_login(char *desthost
, char *myhostname
,
49 DOM_CHAL auth2_srv_chal
;
51 DOM_CRED sam_logon_clnt_cred
;
52 DOM_CRED sam_logon_rtn_cred
;
53 DOM_CRED sam_logon_srv_cred
;
55 DOM_CRED sam_logoff_clnt_cred
;
56 DOM_CRED sam_logoff_rtn_cred
;
57 DOM_CRED sam_logoff_srv_cred
;
60 LSA_USER_INFO user_info1
;
67 char nt_owf_mach_pwd
[16];
75 static char abs_data
[16];
76 static char trn_data
[16];
78 /* received from LSA Query Info Policy, level 5 */
79 fstring level5_domain_name
;
80 pstring level5_domain_sid
;
82 /* received from LSA Query Info Policy, level 3 */
83 fstring level3_domain_name
;
84 pstring level3_domain_sid
;
92 inbuf
= (char *)malloc(BUFFER_SIZE
+ SAFETY_MARGIN
);
93 outbuf
= (char *)malloc(BUFFER_SIZE
+ SAFETY_MARGIN
);
95 if (!inbuf
|| !outbuf
)
97 DEBUG(0,("out of memory\n"));
101 /******************* open the \PIPE\lsarpc file *****************/
103 if ((fnum
= rpc_pipe_open(inbuf
, outbuf
, PIPE_LSARPC
, Client
, cnum
)) == 0xffff)
105 free(inbuf
); free(outbuf
);
109 /******************* bind request on \PIPE\lsarpc *****************/
111 /* create and send a MSRPC command with api LSA_OPENPOLICY */
113 DEBUG(4,("LSA RPC Bind[%x]\n", fnum
));
115 for (i
= 0; i
< sizeof(trn_data
); i
++)
120 for (i
= 0; i
< sizeof(abs_data
); i
++)
125 /* create interface UUIDs. */
126 make_rpc_iface(&abstract
, abs_data
, 0x0);
127 make_rpc_iface(&transfer
, trn_data
, 0x2);
129 if (!rpc_pipe_bind(PIPE_LSARPC
, fnum
, ++call_id
, &abstract
, &transfer
))
131 free(inbuf
); free(outbuf
);
135 /**************** Set Named Pipe State ***************/
136 if (!rpc_pipe_set_hnd_state(PIPE_LSARPC
, fnum
, 0x4300))
138 free(inbuf
); free(outbuf
);
142 /******************* Open Policy ********************/
144 fstrcpy(server_name
, ("\\\\"));
145 fstrcpy(&server_name
[2], myhostname
);
147 /* send an open policy request; receive a policy handle */
148 if (!do_lsa_open_policy(fnum
, ++call_id
, server_name
, &pol
))
150 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
151 free(inbuf
); free(outbuf
);
155 /**************** Query Info Policy, level 3 ********************/
157 /* send a query info policy at level 3; receive an info policy */
158 if (!do_lsa_query_info_pol(fnum
, ++call_id
, &pol
, 0x3,
159 level3_domain_name
, level3_domain_sid
))
161 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
162 free(inbuf
); free(outbuf
);
166 /**************** Query Info Policy, level 5 ********************/
168 /* send a query info policy at level 5; receive an info policy */
169 if (!do_lsa_query_info_pol(fnum
, ++call_id
, &pol
, 0x5,
170 level5_domain_name
, level5_domain_sid
))
172 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
173 free(inbuf
); free(outbuf
);
177 /******************* Open Policy ********************/
179 /* send a close policy request; receive a close pol response */
180 if (!do_lsa_close(fnum
, ++call_id
, &pol
))
182 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
183 free(inbuf
); free(outbuf
);
187 /******************* close the \PIPE\lsarpc file *******************/
189 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
193 /******************* open the \PIPE\NETLOGON file *****************/
195 if ((fnum
= rpc_pipe_open(inbuf
, outbuf
, PIPE_NETLOGON
, Client
, cnum
)) == 0xffff)
197 free(inbuf
); free(outbuf
);
201 /******************* bind request on \PIPE\NETLOGON *****************/
203 if (!rpc_pipe_bind(PIPE_NETLOGON
, fnum
, ++call_id
, &abstract
, &transfer
))
205 free(inbuf
); free(outbuf
);
209 /**************** Set Named Pipe State ***************/
210 if (!rpc_pipe_set_hnd_state(PIPE_NETLOGON
, fnum
, 0x4300))
212 free(inbuf
); free(outbuf
);
216 /******************* Request Challenge ********************/
218 fstrcpy(mach_acct
, myhostname
);
221 fstrcpy(mach_pwd
, myhostname
);
222 strcat(mach_acct
, "$");
224 clnt_chal
.data
[0] = 0x11111111;
225 clnt_chal
.data
[1] = 0x22222222;
227 /* send a client challenge; receive a server challenge */
228 if (!do_lsa_req_chal(fnum
, ++call_id
, desthost
, myhostname
, &clnt_chal
, &srv_chal
))
230 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
231 free(inbuf
); free(outbuf
);
235 /************ Long-term Session key (default) **********/
238 /* DAMN! can't get the machine password - need become_root() to do it! */
239 /* get the machine password */
240 if (!get_md4pw(mach_acct
, nt_owf_mach_pwd
))
242 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
243 free(inbuf
); free(outbuf
);
247 DEBUG(5,("got nt owf from smbpasswd entry: %s\n", mach_pwd
));
251 char lm_owf_mach_pwd
[16];
252 nt_lm_owf_gen(mach_pwd
, nt_owf_mach_pwd
, lm_owf_mach_pwd
);
253 DEBUG(5,("generating nt owf from initial machine pwd: %s\n", mach_pwd
));
258 dump_data(6, nt_owf_mach_pwd
, 16);
260 /* calculate the session key */
261 cred_session_key(&clnt_chal
, &srv_chal
, nt_owf_mach_pwd
, sess_key
);
264 /******************* Authenticate 2 ********************/
266 /* calculate auth-2 credentials */
267 cred_create(sess_key
, &clnt_chal
, zerotime
, &(clnt_cred
.challenge
));
269 /* send client auth-2 challenge; receive an auth-2 challenge */
270 if (!do_lsa_auth2(fnum
, ++call_id
, desthost
, mach_acct
, 2, myhostname
,
271 &(clnt_cred
.challenge
), 0x000001ff, &auth2_srv_chal
))
273 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
274 free(inbuf
); free(outbuf
);
279 /*********************** SAM Info ***********************/
281 /* this is used in both the SAM Logon and the SAM Logoff */
282 make_id_info1(&id1
, workgroup
, 0,
284 username
, myhostname
,
287 /*********************** SAM Logon **********************/
289 clnt_cred
.timestamp
.time
= sam_logon_clnt_cred
.timestamp
.time
= time(NULL
);
291 /* calculate sam logon credentials, using the auth2 client challenge */
292 cred_create(sess_key
, &(clnt_cred
.challenge
), sam_logon_clnt_cred
.timestamp
,
293 &(sam_logon_clnt_cred
.challenge
));
295 /* send client sam-logon challenge; receive a sam-logon challenge */
296 if (!do_lsa_sam_logon(fnum
, ++call_id
, sess_key
, &clnt_cred
,
298 &sam_logon_clnt_cred
, &sam_logon_rtn_cred
,
299 1, 1, &id1
, &user_info1
,
300 &sam_logon_srv_cred
))
302 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
303 free(inbuf
); free(outbuf
);
307 /*********************** SAM Logoff *********************/
309 clnt_cred
.timestamp
.time
= sam_logoff_clnt_cred
.timestamp
.time
= time(NULL
);
311 /* calculate sam logoff credentials, using the sam logon return challenge */
312 cred_create(sess_key
, &(clnt_cred
.challenge
),
313 sam_logoff_clnt_cred
.timestamp
,
314 &(sam_logoff_clnt_cred
.challenge
));
316 /* send client sam-logoff challenge; receive a sam-logoff challenge */
317 if (!do_lsa_sam_logoff(fnum
, ++call_id
, sess_key
, &clnt_cred
,
319 &sam_logoff_clnt_cred
, &sam_logoff_rtn_cred
,
321 &sam_logoff_srv_cred
))
323 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
324 free(inbuf
); free(outbuf
);
328 /******************** close the \PIPE\NETLOGON file **************/
330 cli_smb_close(inbuf
, outbuf
, Client
, cnum
, fnum
);
332 /* free memory used in all rpc transactions, above */
333 free(inbuf
); free(outbuf
);
337 #endif /* NTDOMAIN */