svn commit: samba r13395 - in trunk/source: include libsmb rpc_parse rpc_server

jra at samba.org jra at samba.org
Wed Feb 8 22:16:02 GMT 2006 

Author: jra
Date: 2006-02-08 22:16:00 +0000 (Wed, 08 Feb 2006)
New Revision: 13395

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13395

Log:
Add in userinfo26, re-enable userinfo25 - took the knowledge
from Samba4 on how to decode the 532 byte password buffers.
Getting closer to passing samba4 RPC-SCHANNEL test.
Jeremy.

Modified:
   trunk/source/include/rpc_samr.h
   trunk/source/libsmb/smbencrypt.c
   trunk/source/rpc_parse/parse_samr.c
   trunk/source/rpc_server/srv_samr_nt.c


Changeset:
Modified: trunk/source/include/rpc_samr.h
===================================================================
--- trunk/source/include/rpc_samr.h	2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/include/rpc_samr.h	2006-02-08 22:16:00 UTC (rev 13395)
@@ -277,7 +277,14 @@
 	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
 } SAM_USER_INFO_25;
 
+/* SAM_USER_INFO_26 */
+typedef struct sam_user_info_26
+{
+	uint8 pass[532];
+	uint8 pw_len;
+} SAM_USER_INFO_26;
 
+
 /* SAM_USER_INFO_21 */
 typedef struct sam_user_info_21
 {
@@ -1272,6 +1279,7 @@
 		SAM_USER_INFO_23 *id23;
 		SAM_USER_INFO_24 *id24;
 		SAM_USER_INFO_25 *id25;
+		SAM_USER_INFO_26 *id26;
 		void* id; /* to make typecasting easy */
 
 	} info;

Modified: trunk/source/libsmb/smbencrypt.c
===================================================================
--- trunk/source/libsmb/smbencrypt.c	2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/libsmb/smbencrypt.c	2006-02-08 22:16:00 UTC (rev 13395)
@@ -531,6 +531,25 @@
 }
 
 /***********************************************************
+ Decode an arc4 encrypted password change buffer.
+************************************************************/
+
+void encode_or_decode_arc4_passwd_buffer(char pw_buf[532], const DATA_BLOB *psession_key)
+{
+	struct MD5Context tctx;
+	unsigned char key_out[16];
+
+	/* Confounder is last 16 bytes. */
+
+	MD5Init(&tctx);
+	MD5Update(&tctx, &pw_buf[516], 16);
+	MD5Update(&tctx, psession_key->data, psession_key->length);
+	MD5Final(key_out, &tctx);
+	/* arc4 with key_out. */
+	SamOEMhash(pw_buf, key_out, 516);
+}
+
+/***********************************************************
  Encrypt/Decrypt used for LSA secrets and trusted domain
  passwords.
 ************************************************************/

Modified: trunk/source/rpc_parse/parse_samr.c
===================================================================
--- trunk/source/rpc_parse/parse_samr.c	2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/rpc_parse/parse_samr.c	2006-02-08 22:16:00 UTC (rev 13395)
@@ -5404,13 +5404,41 @@
 	if (MARSHALLING(ps) && (usr->pw_len != 0)) {
 		if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
 			return False;
+	} else if (UNMARSHALLING(ps)) {
+		if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
+			return False;
 	}
+
+	return True;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_user_info26(const char *desc, SAM_USER_INFO_26 * usr,
+			       prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info26");
+	depth++;
+
 	if(!prs_align(ps))
 		return False;
 
+	if(!prs_uint8s(False, "password", ps, depth, usr->pass, 
+		       sizeof(usr->pass)))
+		return False;
+	
+	if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
+		return False;
+
 	return True;
 }
 
+
 /*************************************************************************
  init_sam_user_info23
 
@@ -6475,6 +6503,16 @@
 		}
 		ret = sam_io_user_info25("", ctr->info.id25, ps, depth);
 		break;
+	case 26:
+		if (UNMARSHALLING(ps))
+			ctr->info.id26 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_26,1);
+
+		if (ctr->info.id26 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info26("", ctr->info.id26, ps,  depth);
+		break;
 	default:
 		DEBUG(2, ("samr_io_userinfo_ctr: unknown switch level 0x%x\n", ctr->switch_value));
 		ret = False;

Modified: trunk/source/rpc_server/srv_samr_nt.c
===================================================================
--- trunk/source/rpc_server/srv_samr_nt.c	2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/rpc_server/srv_samr_nt.c	2006-02-08 22:16:00 UTC (rev 13395)
@@ -3316,27 +3316,27 @@
 			break;
 
 		case 25:
-#if 0
-			/*
-			 * Currently we don't really know how to unmarshall
-			 * the level 25 struct, and the password encryption
-			 * is different. This is a placeholder for when we
-			 * do understand it. In the meantime just return INVALID
-			 * info level and W2K SP2 drops down to level 23... JRA.
-			 */
-
 			if (!p->session_key.length) {
 				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			SamOEMhashBlob(ctr->info.id25->pass, 532, &p->session_key);
+			encode_or_decode_arc4_passwd_buffer(ctr->info.id25->pass, &p->session_key);
 
 			dump_data(100, (char *)ctr->info.id25->pass, 532);
 
-			if (!set_user_info_pw(ctr->info.id25->pass, &sid))
+			if (!set_user_info_pw(ctr->info.id25->pass, pwd))
 				r_u->status = NT_STATUS_ACCESS_DENIED;
 			break;
-#endif
-			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+
+		case 26:
+			if (!p->session_key.length) {
+				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+			}
+			encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
+
+			dump_data(100, (char *)ctr->info.id26->pass, 516);
+
+			if (!set_user_info_pw(ctr->info.id26->pass, pwd))
+				r_u->status = NT_STATUS_ACCESS_DENIED;
 			break;
 
 		case 23:
@@ -3432,7 +3432,7 @@
 			has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
 	}
 	
-	DEBUG(5, ("_samr_set_userinfo: %s does%s possess sufficient rights\n",
+	DEBUG(5, ("_samr_set_userinfo2: %s does%s possess sufficient rights\n",
 		p->pipe_user_name, has_enough_rights ? "" : " not"));
 
 	/* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
@@ -3464,6 +3464,28 @@
 			if (!set_user_info_21(ctr->info.id21, pwd))
 				return NT_STATUS_ACCESS_DENIED;
 			break;
+		case 23:
+			if (!p->session_key.length) {
+				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+			}
+			SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
+
+			dump_data(100, (char *)ctr->info.id23->pass, 516);
+
+			if (!set_user_info_23(ctr->info.id23, pwd))
+				r_u->status = NT_STATUS_ACCESS_DENIED;
+			break;
+		case 26:
+			if (!p->session_key.length) {
+				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+			}
+			encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
+
+			dump_data(100, (char *)ctr->info.id26->pass, 516);
+
+			if (!set_user_info_pw(ctr->info.id26->pass, pwd))
+				r_u->status = NT_STATUS_ACCESS_DENIED;
+			break;
 		default:
 			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
 	}

More information about the samba-cvs mailing list