1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1997,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
7 * Copyright (C) Paul Ashton 1997.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "../includes.h"
25
26 extern int DEBUGLEVEL;
27
28 #ifdef NTDOMAIN
29
30 #ifdef USE_ARCFOUR
31 void arcfour(unsigned char data[16], unsigned char data_out[16], unsigned char data_in[16]);
32 #endif
33
34 /*******************************************************************
35 makes an LSA_Q_OPEN_POL structure.
36 ********************************************************************/
make_q_open_pol(LSA_Q_OPEN_POL * r_q,char * server_name,uint32 attributes,uint32 sec_qos,uint16 desired_access)37 void make_q_open_pol(LSA_Q_OPEN_POL *r_q, char *server_name,
38 uint32 attributes, uint32 sec_qos,
39 uint16 desired_access)
40 {
41 if (r_q == NULL) return;
42
43 DEBUG(5,("make_open_pol\n"));
44
45 r_q->ptr = 1; /* undocumented pointer */
46
47 make_unistr2 (&(r_q->uni_server_name), server_name, strlen(server_name));
48 make_obj_attr(&(r_q->attr ), attributes, sec_qos);
49
50 r_q->des_access = desired_access;
51 }
52
53 /*******************************************************************
54 reads or writes an LSA_Q_OPEN_POL structure.
55 ********************************************************************/
lsa_io_q_open_pol(BOOL io,LSA_Q_OPEN_POL * r_q,char * q,char * base,int align,int depth)56 char* lsa_io_q_open_pol(BOOL io, LSA_Q_OPEN_POL *r_q, char *q, char *base, int align, int depth)
57 {
58 if (r_q == NULL) return NULL;
59
60 DEBUG(5,("%s%04x lsa_io_q_open_pol\n", tab_depth(depth), PTR_DIFF(q, base)));
61 depth++;
62
63 DBG_RW_IVAL("ptr ", depth, base, io, q, r_q->ptr ); q += 4;
64
65 q = smb_io_unistr2 (io, &(r_q->uni_server_name), q, base, align, depth);
66 q = smb_io_obj_attr(io, &(r_q->attr ), q, base, align, depth);
67
68 DBG_RW_SVAL("des_access", depth, base, io, q, r_q->des_access); q += 2;
69
70 return q;
71 }
72
73 /*******************************************************************
74 reads or writes an LSA_R_OPEN_POL structure.
75 ********************************************************************/
lsa_io_r_open_pol(BOOL io,LSA_R_OPEN_POL * r_p,char * q,char * base,int align,int depth)76 char* lsa_io_r_open_pol(BOOL io, LSA_R_OPEN_POL *r_p, char *q, char *base, int align, int depth)
77 {
78 if (r_p == NULL) return NULL;
79
80 DEBUG(5,("%s%04x lsa_io_r_open_pol\n", tab_depth(depth), PTR_DIFF(q, base)));
81 depth++;
82
83
84 q = smb_io_pol_hnd(io, &(r_p->pol), q, base, align, depth);
85
86 DBG_RW_IVAL("status", depth, base, io, q, r_p->status); q += 4;
87
88 return q;
89 }
90
91 /*******************************************************************
92 makes an LSA_Q_QUERY_INFO structure.
93 ********************************************************************/
make_q_query(LSA_Q_QUERY_INFO * q_q,LSA_POL_HND * hnd,uint16 info_class)94 void make_q_query(LSA_Q_QUERY_INFO *q_q, LSA_POL_HND *hnd, uint16 info_class)
95 {
96 if (q_q == NULL || hnd == NULL) return;
97
98 DEBUG(5,("make_q_query\n"));
99
100 memcpy(&(q_q->pol), hnd, sizeof(q_q->pol));
101
102 q_q->info_class = info_class;
103 }
104
105 /*******************************************************************
106 reads or writes an LSA_Q_QUERY_INFO structure.
107 ********************************************************************/
lsa_io_q_query(BOOL io,LSA_Q_QUERY_INFO * q_q,char * q,char * base,int align,int depth)108 char* lsa_io_q_query(BOOL io, LSA_Q_QUERY_INFO *q_q, char *q, char *base, int align, int depth)
109 {
110 if (q_q == NULL) return NULL;
111
112 DEBUG(5,("%s%04x lsa_io_q_query\n", tab_depth(depth), PTR_DIFF(q, base)));
113 depth++;
114
115 q = smb_io_pol_hnd(io, &(q_q->pol), q, base, align, depth);
116
117 DBG_RW_SVAL("info_class", depth, base, io, q, q_q->info_class); q += 2;
118
119 return q;
120 }
121
122 /*******************************************************************
123 reads or writes an LSA_Q_ENUM_TRUST_DOM structure.
124 ********************************************************************/
lsa_io_q_enum_trust_dom(BOOL io,LSA_Q_ENUM_TRUST_DOM * q_e,char * q,char * base,int align,int depth)125 char* lsa_io_q_enum_trust_dom(BOOL io, LSA_Q_ENUM_TRUST_DOM *q_e, char *q, char *base, int align, int depth)
126 {
127 if (q_e == NULL) return NULL;
128
129 DEBUG(5,("%s%04x lsa_io_q_enum_trust_dom\n", tab_depth(depth), PTR_DIFF(q, base)));
130 depth++;
131
132
133 q = smb_io_pol_hnd(io, &(q_e->pol), q, base, align, depth);
134
135 DBG_RW_IVAL("enum_context ", depth, base, io, q, q_e->enum_context ); q += 4;
136 DBG_RW_IVAL("preferred_len", depth, base, io, q, q_e->preferred_len); q += 4;
137
138 return q;
139 }
140
141 /*******************************************************************
142 makes an LSA_R_ENUM_TRUST_DOM structure.
143 ********************************************************************/
make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM * r_e,LSA_POL_HND * hnd,uint32 status)144 void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, LSA_POL_HND *hnd, uint32 status)
145 {
146 if (r_e == NULL || hnd == NULL) return;
147
148 DEBUG(5,("make_r_enum_trust_dom\n"));
149
150 memcpy(&(r_e->pol), hnd, sizeof(r_e->pol));
151 r_e->status = status;
152 }
153
154 /*******************************************************************
155 reads or writes an LSA_R_ENUM_TRUST_DOM structure.
156 ********************************************************************/
lsa_io_r_enum_trust_dom(BOOL io,LSA_R_ENUM_TRUST_DOM * r_e,char * q,char * base,int align,int depth)157 char* lsa_io_r_enum_trust_dom(BOOL io, LSA_R_ENUM_TRUST_DOM *r_e, char *q, char *base, int align, int depth)
158 {
159 if (r_e == NULL) return NULL;
160
161 DEBUG(5,("%s%04x lsa_io_r_enum_trust_dom\n", tab_depth(depth), PTR_DIFF(q, base)));
162 depth++;
163
164 q = smb_io_pol_hnd(io, &(r_e->pol), q, base, align, depth);
165
166 DBG_RW_IVAL("status", depth, base, io, q, r_e->status); q += 4;
167
168 return q;
169 }
170
171 /*******************************************************************
172 makes an LSA_Q_CLOSE structure.
173 ********************************************************************/
make_q_close(LSA_Q_CLOSE * q_c,LSA_POL_HND * hnd)174 void make_q_close(LSA_Q_CLOSE *q_c, LSA_POL_HND *hnd)
175 {
176 if (q_c == NULL || hnd == NULL) return;
177
178 DEBUG(5,("make_q_close\n"));
179
180 memcpy(&(q_c->pol), hnd, sizeof(q_c->pol));
181 }
182
183
184 /*******************************************************************
185 reads or writes an LSA_Q_CLOSE structure.
186 ********************************************************************/
lsa_io_q_close(BOOL io,LSA_Q_CLOSE * q_c,char * q,char * base,int align,int depth)187 char* lsa_io_q_close(BOOL io, LSA_Q_CLOSE *q_c, char *q, char *base, int align, int depth)
188 {
189 if (q_c == NULL) return NULL;
190
191 DEBUG(5,("%s%04x lsa_io_q_close\n", tab_depth(depth), PTR_DIFF(q, base)));
192 depth++;
193
194 q = smb_io_pol_hnd(io, &(q_c->pol), q, base, align, depth);
195
196 return q;
197 }
198
199 /*******************************************************************
200 makes an LSA_R_CLOSE structure.
201 ********************************************************************/
make_r_close(LSA_R_CLOSE * q_r,LSA_POL_HND * hnd)202 void make_r_close(LSA_R_CLOSE *q_r, LSA_POL_HND *hnd)
203 {
204 if (q_r == NULL || hnd == NULL) return;
205
206 DEBUG(5,("make_r_close\n"));
207
208 memcpy(&(q_r->pol), hnd, sizeof(q_r->pol));
209 }
210
211
212 /*******************************************************************
213 reads or writes an LSA_R_CLOSE structure.
214 ********************************************************************/
lsa_io_r_close(BOOL io,LSA_R_CLOSE * r_c,char * q,char * base,int align,int depth)215 char* lsa_io_r_close(BOOL io, LSA_R_CLOSE *r_c, char *q, char *base, int align, int depth)
216 {
217 if (r_c == NULL) return NULL;
218
219 DEBUG(5,("%s%04x lsa_io_r_close\n", tab_depth(depth), PTR_DIFF(q, base)));
220 depth++;
221
222 q = smb_io_pol_hnd(io, &(r_c->pol), q, base, align, depth);
223
224 DBG_RW_IVAL("status", depth, base, io, q, r_c->status); q += 4;
225
226 return q;
227 }
228
229 /*******************************************************************
230 reads or writes an LSA_Q_QUERY_INFO structure.
231 ********************************************************************/
lsa_io_r_query(BOOL io,LSA_R_QUERY_INFO * r_q,char * q,char * base,int align,int depth)232 char* lsa_io_r_query(BOOL io, LSA_R_QUERY_INFO *r_q, char *q, char *base, int align, int depth)
233 {
234 if (r_q == NULL) return NULL;
235
236 DEBUG(5,("%s%04x lsa_io_r_query\n", tab_depth(depth), PTR_DIFF(q, base)));
237 depth++;
238
239 DBG_RW_IVAL("undoc_buffer", depth, base, io, q, r_q->undoc_buffer); q += 4;
240
241 if (r_q->undoc_buffer != 0)
242 {
243 DBG_RW_SVAL("info_class", depth, base, io, q, r_q->info_class); q += 2;
244
245 switch (r_q->info_class)
246 {
247 case 3:
248 {
249 q = smb_io_dom_query_3(io, &(r_q->dom.id3), q, base, align, depth);
250 break;
251 }
252 case 5:
253 {
254 q = smb_io_dom_query_5(io, &(r_q->dom.id3), q, base, align, depth);
255 break;
256 }
257 default:
258 {
259 /* PANIC! */
260 break;
261 }
262 }
263 }
264
265 DBG_RW_IVAL("status", depth, base, io, q, r_q->status); q += 4;
266
267 return q;
268 }
269
270 /*******************************************************************
271 reads or writes a structure.
272 ********************************************************************/
lsa_io_q_lookup_sids(BOOL io,LSA_Q_LOOKUP_SIDS * q_s,char * q,char * base,int align,int depth)273 char* lsa_io_q_lookup_sids(BOOL io, LSA_Q_LOOKUP_SIDS *q_s, char *q, char *base, int align, int depth)
274 {
275 int i;
276
277 if (q_s == NULL) return NULL;
278
279 DEBUG(5,("%s%04x lsa_io_q_lookup_sids\n", tab_depth(depth), PTR_DIFF(q, base)));
280 depth++;
281
282 q = align_offset(q, base, align);
283
284 q = smb_io_pol_hnd(io, &(q_s->pol_hnd), q, base, align, depth); /* policy handle */
285
286 DBG_RW_IVAL("num_entries ", depth, base, io, q, q_s->num_entries); q += 4;
287 DBG_RW_IVAL("buffer_dom_sid ", depth, base, io, q, q_s->buffer_dom_sid); q += 4; /* undocumented domain SID buffer pointer */
288 DBG_RW_IVAL("buffer_dom_name ", depth, base, io, q, q_s->buffer_dom_name); q += 4; /* undocumented domain name buffer pointer */
289
290 for (i = 0; i < q_s->num_entries; i++)
291 {
292 fstring temp;
293 slprintf(temp, sizeof(temp)-1, "buffer_lookup_sids[%d] ", i);
294 DBG_RW_IVAL(temp, depth, base, io, q, q_s->buffer_lookup_sids[i]); q += 4; /* undocumented domain SID pointers to be looked up. */
295 }
296
297 for (i = 0; i < q_s->num_entries; i++)
298 {
299 q = smb_io_dom_sid(io, &(q_s->dom_sids[i]), q, base, align, depth); /* domain SIDs to be looked up. */
300 }
301
302 DBG_RW_PCVAL(False, "undoc ", depth, base, io, q, q_s->undoc, 16); q += 16; /* completely undocumented 16 bytes */
303
304 return q;
305 }
306
307 /*******************************************************************
308 reads or writes a structure.
309 ********************************************************************/
lsa_io_r_lookup_sids(BOOL io,LSA_R_LOOKUP_SIDS * r_s,char * q,char * base,int align,int depth)310 char* lsa_io_r_lookup_sids(BOOL io, LSA_R_LOOKUP_SIDS *r_s, char *q, char *base, int align, int depth)
311 {
312 int i;
313
314 if (r_s == NULL) return NULL;
315
316 DEBUG(5,("%s%04x lsa_io_r_lookup_sids\n", tab_depth(depth), PTR_DIFF(q, base)));
317 depth++;
318
319 q = align_offset(q, base, align);
320
321 q = smb_io_dom_r_ref(io, &(r_s->dom_ref), q, base, align, depth); /* domain reference info */
322
323 DBG_RW_IVAL("num_entries ", depth, base, io, q, r_s->num_entries); q += 4;
324 DBG_RW_IVAL("undoc_buffer", depth, base, io, q, r_s->undoc_buffer); q += 4;
325 DBG_RW_IVAL("num_entries2", depth, base, io, q, r_s->num_entries2); q += 4;
326
327 for (i = 0; i < r_s->num_entries2; i++)
328 {
329 q = smb_io_dom_sid2(io, &(r_s->dom_sid[i]), q, base, align, depth); /* domain SIDs being looked up */
330 }
331
332 DBG_RW_IVAL("num_entries3", depth, base, io, q, r_s->num_entries3); q += 4;
333
334 DBG_RW_IVAL("status ", depth, base, io, q, r_s->status); q += 4;
335
336 return q;
337 }
338
339 /*******************************************************************
340 reads or writes a structure.
341 ********************************************************************/
lsa_io_q_lookup_rids(BOOL io,LSA_Q_LOOKUP_RIDS * q_r,char * q,char * base,int align,int depth)342 char* lsa_io_q_lookup_rids(BOOL io, LSA_Q_LOOKUP_RIDS *q_r, char *q, char *base, int align, int depth)
343 {
344 int i;
345
346 if (q_r == NULL) return NULL;
347
348 DEBUG(5,("%s%04x lsa_io_q_lookup_rids\n", tab_depth(depth), PTR_DIFF(q, base)));
349 depth++;
350
351 q = align_offset(q, base, align);
352
353 q = smb_io_pol_hnd(io, &(q_r->pol_hnd), q, base, align, depth); /* policy handle */
354
355 DBG_RW_IVAL("num_entries ", depth, base, io, q, q_r->num_entries); q += 4;
356 DBG_RW_IVAL("num_entries2 ", depth, base, io, q, q_r->num_entries2); q += 4;
357 DBG_RW_IVAL("buffer_dom_sid ", depth, base, io, q, q_r->buffer_dom_sid); q += 4; /* undocumented domain SID buffer pointer */
358 DBG_RW_IVAL("buffer_dom_name", depth, base, io, q, q_r->buffer_dom_name); q += 4; /* undocumented domain name buffer pointer */
359
360 for (i = 0; i < q_r->num_entries; i++)
361 {
362 q = smb_io_dom_name(io, &(q_r->lookup_name[i]), q, base, align, depth); /* names to be looked up */
363 }
364
365 DBG_RW_PCVAL(False, "undoc ", depth, base, io, q, q_r->undoc, UNKNOWN_LEN); q += UNKNOWN_LEN; /* completely undocumented bytes of unknown length */
366
367 return q;
368 }
369
370 /*******************************************************************
371 reads or writes a structure.
372 ********************************************************************/
lsa_io_r_lookup_rids(BOOL io,LSA_R_LOOKUP_RIDS * r_r,char * q,char * base,int align,int depth)373 char* lsa_io_r_lookup_rids(BOOL io, LSA_R_LOOKUP_RIDS *r_r, char *q, char *base, int align, int depth)
374 {
375 int i;
376
377 if (r_r == NULL) return NULL;
378
379 DEBUG(5,("%s%04x lsa_io_r_lookup_rids\n", tab_depth(depth), PTR_DIFF(q, base)));
380 depth++;
381
382 q = align_offset(q, base, align);
383
384 q = smb_io_dom_r_ref(io, &(r_r->dom_ref), q, base, align, depth); /* domain reference info */
385
386 DBG_RW_IVAL("num_entries ", depth, base, io, q, r_r->num_entries); q += 4;
387 DBG_RW_IVAL("undoc_buffer", depth, base, io, q, r_r->undoc_buffer); q += 4;
388 DBG_RW_IVAL("num_entries2", depth, base, io, q, r_r->num_entries2); q += 4;
389
390 for (i = 0; i < r_r->num_entries2; i++)
391 {
392 q = smb_io_dom_rid2(io, &(r_r->dom_rid[i]), q, base, align, depth); /* domain RIDs being looked up */
393 }
394
395 DBG_RW_IVAL("num_entries3", depth, base, io, q, r_r->num_entries3); q += 4;
396
397 DBG_RW_IVAL("status ", depth, base, io, q, r_r->status); q += 4;
398
399 return q;
400 }
401
402 /*******************************************************************
403 makes an LSA_Q_REQ_CHAL structure.
404 ********************************************************************/
make_q_req_chal(LSA_Q_REQ_CHAL * q_c,char * logon_srv,char * logon_clnt,DOM_CHAL * clnt_chal)405 void make_q_req_chal(LSA_Q_REQ_CHAL *q_c,
406 char *logon_srv, char *logon_clnt,
407 DOM_CHAL *clnt_chal)
408 {
409 if (q_c == NULL) return;
410
411 DEBUG(5,("make_q_req_chal: %d\n", __LINE__));
412
413 q_c->undoc_buffer = 1; /* don't know what this buffer is */
414
415 make_unistr2(&(q_c->uni_logon_srv ), logon_srv , strlen(logon_srv ));
416 make_unistr2(&(q_c->uni_logon_clnt), logon_clnt, strlen(logon_clnt));
417
418 memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
419
420 DEBUG(5,("make_q_req_chal: %d\n", __LINE__));
421 }
422
423 /*******************************************************************
424 reads or writes an LSA_Q_REQ_CHAL structure.
425 ********************************************************************/
lsa_io_q_req_chal(BOOL io,LSA_Q_REQ_CHAL * q_c,char * q,char * base,int align,int depth)426 char* lsa_io_q_req_chal(BOOL io, LSA_Q_REQ_CHAL *q_c, char *q, char *base, int align, int depth)
427 {
428 if (q_c == NULL) return NULL;
429
430 DEBUG(5,("%s%04x lsa_io_q_req_chal\n", tab_depth(depth), PTR_DIFF(q, base)));
431 depth++;
432
433 q = align_offset(q, base, align);
434
435 DBG_RW_IVAL("undoc_buffer", depth, base, io, q, q_c->undoc_buffer); q += 4;
436
437 q = smb_io_unistr2(io, &(q_c->uni_logon_srv), q, base, align, depth); /* logon server unicode string */
438 q = smb_io_unistr2(io, &(q_c->uni_logon_clnt), q, base, align, depth); /* logon client unicode string */
439
440 /* client challenge is _not_ aligned after the unicode strings */
441 q = smb_io_chal(io, &(q_c->clnt_chal), q, base, 0, depth); /* client challenge */
442
443 return q;
444 }
445
446 /*******************************************************************
447 reads or writes a structure.
448 ********************************************************************/
lsa_io_r_req_chal(BOOL io,LSA_R_REQ_CHAL * r_c,char * q,char * base,int align,int depth)449 char* lsa_io_r_req_chal(BOOL io, LSA_R_REQ_CHAL *r_c, char *q, char *base, int align, int depth)
450 {
451 if (r_c == NULL) return NULL;
452
453 DEBUG(5,("%s%04x lsa_io_r_req_chal\n", tab_depth(depth), PTR_DIFF(q, base)));
454 depth++;
455
456 q = align_offset(q, base, align);
457
458 q = smb_io_chal(io, &(r_c->srv_chal), q, base, align, depth); /* server challenge */
459
460 DBG_RW_IVAL("status", depth, base, io, q, r_c->status); q += 4;
461
462 return q;
463 }
464
465
466 /*******************************************************************
467 reads or writes a structure.
468 ********************************************************************/
make_q_auth_2(LSA_Q_AUTH_2 * q_a,char * logon_srv,char * acct_name,uint16 sec_chan,char * comp_name,DOM_CHAL * clnt_chal,uint32 clnt_flgs)469 void make_q_auth_2(LSA_Q_AUTH_2 *q_a,
470 char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
471 DOM_CHAL *clnt_chal, uint32 clnt_flgs)
472 {
473 if (q_a == NULL) return;
474
475 DEBUG(5,("make_q_auth_2: %d\n", __LINE__));
476
477 make_log_info(&(q_a->clnt_id), logon_srv, acct_name, sec_chan, comp_name);
478 memcpy(q_a->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
479 q_a->clnt_flgs.neg_flags = clnt_flgs;
480
481 DEBUG(5,("make_q_auth_2: %d\n", __LINE__));
482 }
483
484 /*******************************************************************
485 reads or writes a structure.
486 ********************************************************************/
lsa_io_q_auth_2(BOOL io,LSA_Q_AUTH_2 * q_a,char * q,char * base,int align,int depth)487 char* lsa_io_q_auth_2(BOOL io, LSA_Q_AUTH_2 *q_a, char *q, char *base, int align, int depth)
488 {
489 if (q_a == NULL) return NULL;
490
491 DEBUG(5,("%s%04x lsa_io_q_auth_2\n", tab_depth(depth), PTR_DIFF(q, base)));
492 depth++;
493
494 q = align_offset(q, base, align);
495
496 q = smb_io_log_info (io, &(q_a->clnt_id), q, base, align, depth); /* client identification info */
497 /* client challenge is _not_ aligned */
498 q = smb_io_chal (io, &(q_a->clnt_chal), q, base, 0, depth); /* client-calculated credentials */
499 q = smb_io_neg_flags(io, &(q_a->clnt_flgs), q, base, align, depth);
500
501 return q;
502 }
503
504 /*******************************************************************
505 reads or writes a structure.
506 ********************************************************************/
lsa_io_r_auth_2(BOOL io,LSA_R_AUTH_2 * r_a,char * q,char * base,int align,int depth)507 char* lsa_io_r_auth_2(BOOL io, LSA_R_AUTH_2 *r_a, char *q, char *base, int align, int depth)
508 {
509 if (r_a == NULL) return NULL;
510
511 DEBUG(5,("%s%04x lsa_io_r_auth_2\n", tab_depth(depth), PTR_DIFF(q, base)));
512 depth++;
513
514 q = align_offset(q, base, align);
515
516 q = smb_io_chal (io, &(r_a->srv_chal), q, base, align, depth); /* server challenge */
517 q = smb_io_neg_flags(io, &(r_a->srv_flgs), q, base, align, depth);
518
519 DBG_RW_IVAL("status", depth, base, io, q, r_a->status); q += 4;
520
521 return q;
522 }
523
524
525 /*******************************************************************
526 reads or writes a structure.
527 ********************************************************************/
make_q_srv_pwset(LSA_Q_SRV_PWSET * q_s,char sess_key[8],char * logon_srv,char * acct_name,uint16 sec_chan,char * comp_name,DOM_CRED * cred,char nt_cypher[16])528 void make_q_srv_pwset(LSA_Q_SRV_PWSET *q_s, char sess_key[8],
529 char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
530 DOM_CRED *cred, char nt_cypher[16])
531 {
532 char arc4_nt_owf[16];
533
534 if (q_s == NULL || cred == NULL) return;
535
536 bzero(arc4_nt_owf, sizeof(arc4_nt_owf));
537
538 DEBUG(5,("make_q_srv_pwset\n"));
539
540 make_clnt_info(&(q_s->clnt_id), logon_srv, acct_name, sec_chan, comp_name, cred);
541
542 #ifdef USE_ARCFOUR
543
544 if (nt_cypher)
545 {
546 unsigned char arc4_key[16];
547 #ifdef DEBUG_PASSWORD
548 DEBUG(100,("nt cypher:"));
549 dump_data(100, nt_cypher, 16);
550 #endif
551
552 memset(arc4_key, 0, 16);
553 memcpy(arc4_key, sess_key, 8);
554
555 arcfour(arc4_key, arc4_nt_owf, nt_cypher);
556
557 #ifdef DEBUG_PASSWORD
558 DEBUG(100,("arcfour encrypt of nt owf password:"));
559 dump_data(100, arc4_nt_owf, 16);
560 #endif
561 /* set up pointers to cypher blocks */
562 nt_cypher = arc4_nt_owf;
563 }
564
565 #else
566
567 if (nt_cypher)
568 {
569 /* oops. can only send what-ever-it-is direct */
570 memcpy(arc4_nt_owf, nt_cypher, 16);
571 nt_cypher = arc4_nt_owf;
572 }
573
574 #endif
575
576 memcpy(q_s->pwd, nt_cypher, sizeof(q_s->pwd));
577 }
578
579 /*******************************************************************
580 reads or writes a structure.
581 ********************************************************************/
lsa_io_q_srv_pwset(BOOL io,LSA_Q_SRV_PWSET * q_s,char * q,char * base,int align,int depth)582 char* lsa_io_q_srv_pwset(BOOL io, LSA_Q_SRV_PWSET *q_s, char *q, char *base, int align, int depth)
583 {
584 if (q_s == NULL) return NULL;
585
586 DEBUG(5,("%s%04x lsa_io_q_srv_pwset\n", tab_depth(depth), PTR_DIFF(q, base)));
587 depth++;
588
589 q = align_offset(q, base, align);
590
591 q = smb_io_clnt_info(io, &(q_s->clnt_id), q, base, align, depth); /* client identification/authentication info */
592 DBG_RW_PCVAL(False, "pwd", depth, base, io, q, q_s->pwd, 16); q += 16; /* new password - undocumented */
593
594 return q;
595 }
596
597 /*******************************************************************
598 reads or writes a structure.
599 ********************************************************************/
lsa_io_r_srv_pwset(BOOL io,LSA_R_SRV_PWSET * r_s,char * q,char * base,int align,int depth)600 char* lsa_io_r_srv_pwset(BOOL io, LSA_R_SRV_PWSET *r_s, char *q, char *base, int align, int depth)
601 {
602 if (r_s == NULL) return NULL;
603
604 DEBUG(5,("%s%04x lsa_io_r_srv_pwset\n", tab_depth(depth), PTR_DIFF(q, base)));
605 depth++;
606
607 q = align_offset(q, base, align);
608
609 q = smb_io_cred(io, &(r_s->srv_cred), q, base, align, depth); /* server challenge */
610
611 DBG_RW_IVAL("status", depth, base, io, q, r_s->status); q += 4;
612
613 return q;
614 }
615
616
617 /*******************************************************************
618 reads or writes a structure.
619 ********************************************************************/
lsa_io_user_info(BOOL io,LSA_USER_INFO * usr,char * q,char * base,int align,int depth)620 char* lsa_io_user_info(BOOL io, LSA_USER_INFO *usr, char *q, char *base, int align, int depth)
621 {
622 int i;
623
624 if (usr == NULL) return NULL;
625
626 DEBUG(5,("%s%04x lsa_io_user_info\n", tab_depth(depth), PTR_DIFF(q, base)));
627 depth++;
628
629 q = align_offset(q, base, align);
630
631 DBG_RW_IVAL("ptr_user_info ", depth, base, io, q, usr->ptr_user_info); q += 4;
632
633 if (usr->ptr_user_info != 0)
634 {
635 q = smb_io_time(io, &(usr->logon_time) , q, base, align, depth); /* logon time */
636 q = smb_io_time(io, &(usr->logoff_time) , q, base, align, depth); /* logoff time */
637 q = smb_io_time(io, &(usr->kickoff_time) , q, base, align, depth); /* kickoff time */
638 q = smb_io_time(io, &(usr->pass_last_set_time) , q, base, align, depth); /* password last set time */
639 q = smb_io_time(io, &(usr->pass_can_change_time) , q, base, align, depth); /* password can change time */
640 q = smb_io_time(io, &(usr->pass_must_change_time), q, base, align, depth); /* password must change time */
641
642 q = smb_io_unihdr(io, &(usr->hdr_user_name) , q, base, align, depth); /* username unicode string header */
643 q = smb_io_unihdr(io, &(usr->hdr_full_name) , q, base, align, depth); /* user's full name unicode string header */
644 q = smb_io_unihdr(io, &(usr->hdr_logon_script), q, base, align, depth); /* logon script unicode string header */
645 q = smb_io_unihdr(io, &(usr->hdr_profile_path), q, base, align, depth); /* profile path unicode string header */
646 q = smb_io_unihdr(io, &(usr->hdr_home_dir) , q, base, align, depth); /* home directory unicode string header */
647 q = smb_io_unihdr(io, &(usr->hdr_dir_drive) , q, base, align, depth); /* home directory drive unicode string header */
648
649 DBG_RW_SVAL("logon_count ", depth, base, io, q, usr->logon_count ); q += 2; /* logon count */
650 DBG_RW_SVAL("bad_pw_count ", depth, base, io, q, usr->bad_pw_count); q += 2; /* bad password count */
651
652 DBG_RW_IVAL("user_id ", depth, base, io, q, usr->user_id ); q += 4; /* User ID */
653 DBG_RW_IVAL("group_id ", depth, base, io, q, usr->group_id ); q += 4; /* Group ID */
654 DBG_RW_IVAL("num_groups ", depth, base, io, q, usr->num_groups ); q += 4; /* num groups */
655 DBG_RW_IVAL("buffer_groups ", depth, base, io, q, usr->buffer_groups); q += 4; /* undocumented buffer pointer to groups. */
656 DBG_RW_IVAL("user_flgs ", depth, base, io, q, usr->user_flgs ); q += 4; /* user flags */
657
658 DBG_RW_PCVAL(False, "user_sess_key", depth, base, io, q, usr->user_sess_key, 16); q += 16; /* unused user session key */
659
660 q = smb_io_unihdr(io, &(usr->hdr_logon_srv), q, base, align, depth); /* logon server unicode string header */
661 q = smb_io_unihdr(io, &(usr->hdr_logon_dom), q, base, align, depth); /* logon domain unicode string header */
662
663 DBG_RW_IVAL("buffer_dom_id ", depth, base, io, q, usr->buffer_dom_id); q += 4; /* undocumented logon domain id pointer */
664 DBG_RW_PCVAL(False, "padding ", depth, base, io, q, usr->padding, 40); q += 40; /* unused padding bytes? */
665
666 DBG_RW_IVAL("num_other_sids", depth, base, io, q, usr->num_other_sids); q += 4; /* 0 - num_sids */
667 DBG_RW_IVAL("buffer_other_sids", depth, base, io, q, usr->buffer_other_sids); q += 4; /* NULL - undocumented pointer to SIDs. */
668
669 q = smb_io_unistr2(io, &(usr->uni_user_name) , q, base, align, depth); /* username unicode string */
670 q = smb_io_unistr2(io, &(usr->uni_full_name) , q, base, align, depth); /* user's full name unicode string */
671 q = smb_io_unistr2(io, &(usr->uni_logon_script), q, base, align, depth); /* logon script unicode string */
672 q = smb_io_unistr2(io, &(usr->uni_profile_path), q, base, align, depth); /* profile path unicode string */
673 q = smb_io_unistr2(io, &(usr->uni_home_dir) , q, base, align, depth); /* home directory unicode string */
674 q = smb_io_unistr2(io, &(usr->uni_dir_drive) , q, base, align, depth); /* home directory drive unicode string */
675
676 DBG_RW_IVAL("num_groups2 ", depth, base, io, q, usr->num_groups2); q += 4; /* num groups */
677 for (i = 0; i < usr->num_groups2; i++)
678 {
679 q = smb_io_gid(io, &(usr->gids[i]), q, base, align, depth); /* group info */
680 }
681
682 q = smb_io_unistr2(io, &( usr->uni_logon_srv), q, base, align, depth); /* logon server unicode string */
683 q = smb_io_unistr2(io, &( usr->uni_logon_dom), q, base, align, depth); /* logon domain unicode string */
684
685 q = smb_io_dom_sid(io, &(usr->dom_sid), q, base, align, depth); /* domain SID */
686
687 for (i = 0; i < usr->num_other_sids; i++)
688 {
689 q = smb_io_dom_sid(io, &(usr->other_sids[i]), q, base, align, depth); /* other domain SIDs */
690 }
691 }
692
693 return q;
694 }
695
696 /*******************************************************************
697 reads or writes a structure.
698 ********************************************************************/
lsa_io_q_sam_logon(BOOL io,LSA_Q_SAM_LOGON * q_l,char * q,char * base,int align,int depth)699 char* lsa_io_q_sam_logon(BOOL io, LSA_Q_SAM_LOGON *q_l, char *q, char *base, int align, int depth)
700 {
701 if (q_l == NULL) return NULL;
702
703 DEBUG(5,("%s%04x lsa_io_q_sam_logon\n", tab_depth(depth), PTR_DIFF(q, base)));
704 depth++;
705
706 q = align_offset(q, base, align);
707
708 q = smb_io_sam_info(io, &(q_l->sam_id), q, base, align, depth); /* domain SID */
709
710 return q;
711 }
712
713 /*******************************************************************
714 reads or writes a structure.
715 ********************************************************************/
lsa_io_r_sam_logon(BOOL io,LSA_R_SAM_LOGON * r_l,char * q,char * base,int align,int depth)716 char* lsa_io_r_sam_logon(BOOL io, LSA_R_SAM_LOGON *r_l, char *q, char *base, int align, int depth)
717 {
718 if (r_l == NULL) return NULL;
719
720 DEBUG(5,("%s%04x lsa_io_r_sam_logon\n", tab_depth(depth), PTR_DIFF(q, base)));
721 depth++;
722
723 q = align_offset(q, base, align);
724
725 DBG_RW_IVAL("buffer_creds", depth, base, io, q, r_l->buffer_creds); q += 4; /* undocumented buffer pointer */
726 q = smb_io_cred(io, &(r_l->srv_creds), q, base, align, depth); /* server credentials. server time stamp appears to be ignored. */
727
728 DBG_RW_SVAL("switch_value", depth, base, io, q, r_l->switch_value); q += 2;
729 q = align_offset(q, base, align);
730 q = lsa_io_user_info(io, r_l->user, q, base, align, depth);
731 DBG_RW_IVAL("auth_resp ", depth, base, io, q, r_l->auth_resp); q += 4; /* 1 - Authoritative response; 0 - Non-Auth? */
732
733 DBG_RW_IVAL("status ", depth, base, io, q, r_l->status); q += 4;
734
735 return q;
736 }
737
738 /*******************************************************************
739 reads or writes a structure.
740 ********************************************************************/
lsa_io_q_sam_logoff(BOOL io,LSA_Q_SAM_LOGOFF * q_l,char * q,char * base,int align,int depth)741 char* lsa_io_q_sam_logoff(BOOL io, LSA_Q_SAM_LOGOFF *q_l, char *q, char *base, int align, int depth)
742 {
743 if (q_l == NULL) return NULL;
744
745 DEBUG(5,("%s%04x lsa_io_q_sam_logoff\n", tab_depth(depth), PTR_DIFF(q, base)));
746 depth++;
747
748 q = align_offset(q, base, align);
749
750 q = smb_io_sam_info(io, &(q_l->sam_id), q, base, align, depth); /* domain SID */
751
752 return q;
753 }
754
755 /*******************************************************************
756 reads or writes a structure.
757 ********************************************************************/
lsa_io_r_sam_logoff(BOOL io,LSA_R_SAM_LOGOFF * r_l,char * q,char * base,int align,int depth)758 char* lsa_io_r_sam_logoff(BOOL io, LSA_R_SAM_LOGOFF *r_l, char *q, char *base, int align, int depth)
759 {
760 if (r_l == NULL) return NULL;
761
762 DEBUG(5,("%s%04x lsa_io_r_sam_logoff\n", tab_depth(depth), PTR_DIFF(q, base)));
763 depth++;
764
765 q = align_offset(q, base, align);
766
767 DBG_RW_IVAL("buffer_creds", depth, base, io, q, r_l->buffer_creds); q += 4; /* undocumented buffer pointer */
768 q = smb_io_cred(io, &(r_l->srv_creds), q, base, align, depth); /* server credentials. server time stamp appears to be ignored. */
769
770 DBG_RW_IVAL("status ", depth, base, io, q, r_l->status); q += 4;
771
772 return q;
773 }
774
775 #if 0
776 /*******************************************************************
777 reads or writes a structure.
778 ********************************************************************/
779 char* lsa_io_(BOOL io, *, char *q, char *base, int align, int depth)
780 {
781 if (== NULL) return NULL;
782
783 q = align_offset(q, base, align);
784
785 DBG_RW_IVAL("", depth, base, io, q, ); q += 4;
786
787 return q;
788 }
789 #endif
790
791 #endif
792