00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023 #include "includes.h"
00024
00025
00026
00027
00028
00029
00030
00031 static NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli,
00032 TALLOC_CTX *mem_ctx,
00033 const char *server_name,
00034 const char *clnt_name,
00035 const DOM_CHAL *clnt_chal_in,
00036 DOM_CHAL *srv_chal_out)
00037 {
00038 prs_struct qbuf, rbuf;
00039 NET_Q_REQ_CHAL q;
00040 NET_R_REQ_CHAL r;
00041 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00042
00043
00044
00045 DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n",
00046 clnt_name, server_name));
00047
00048
00049 init_q_req_chal(&q, server_name, clnt_name, clnt_chal_in);
00050
00051
00052 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_REQCHAL,
00053 q, r,
00054 qbuf, rbuf,
00055 net_io_q_req_chal,
00056 net_io_r_req_chal,
00057 NT_STATUS_UNSUCCESSFUL);
00058
00059 result = r.status;
00060
00061
00062
00063 if (NT_STATUS_IS_OK(result)) {
00064
00065 *srv_chal_out = r.srv_chal;
00066 }
00067
00068 return result;
00069 }
00070
00071 #if 0
00072
00073
00074
00075
00076
00077
00078
00079
00080 NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
00081 uint16 sec_chan,
00082 uint32 *neg_flags, DOM_CHAL *srv_chal)
00083 {
00084 prs_struct qbuf, rbuf;
00085 NET_Q_AUTH_2 q;
00086 NET_R_AUTH_2 r;
00087 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00088 fstring machine_acct;
00089
00090 if ( sec_chan == SEC_CHAN_DOMAIN )
00091 fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
00092 else
00093 fstrcpy( machine_acct, cli->mach_acct );
00094
00095
00096
00097 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
00098 cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
00099 credstr(cli->clnt_cred.challenge.data), *neg_flags));
00100
00101
00102
00103 init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
00104 sec_chan, global_myname(), &cli->clnt_cred.challenge,
00105 *neg_flags);
00106
00107
00108
00109 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
00110 q, r,
00111 qbuf, rbuf,
00112 net_io_q_auth_2,
00113 net_io_r_auth_2,
00114 NT_STATUS_UNSUCCESSFUL);
00115
00116 result = r.status;
00117
00118 if (NT_STATUS_IS_OK(result)) {
00119 UTIME zerotime;
00120
00121
00122
00123
00124
00125
00126 zerotime.time = 0;
00127 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal, zerotime) == 0) {
00128
00129
00130
00131
00132 DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
00133 password ?).\n", cli->cli->desthost ));
00134 return NT_STATUS_ACCESS_DENIED;
00135 }
00136 *neg_flags = r.srv_flgs.neg_flags;
00137 }
00138
00139 return result;
00140 }
00141 #endif
00142
00143
00144
00145
00146
00147
00148
00149
00150
00151 static NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
00152 TALLOC_CTX *mem_ctx,
00153 const char *server_name,
00154 const char *account_name,
00155 uint16 sec_chan_type,
00156 const char *computer_name,
00157 uint32 *neg_flags_inout,
00158 const DOM_CHAL *clnt_chal_in,
00159 DOM_CHAL *srv_chal_out)
00160 {
00161 prs_struct qbuf, rbuf;
00162 NET_Q_AUTH_2 q;
00163 NET_R_AUTH_2 r;
00164 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00165
00166
00167
00168 DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
00169 server_name, account_name, sec_chan_type, computer_name,
00170 *neg_flags_inout));
00171
00172
00173
00174 init_q_auth_2(&q, server_name, account_name, sec_chan_type,
00175 computer_name, clnt_chal_in, *neg_flags_inout);
00176
00177
00178
00179 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
00180 q, r,
00181 qbuf, rbuf,
00182 net_io_q_auth_2,
00183 net_io_r_auth_2,
00184 NT_STATUS_UNSUCCESSFUL);
00185
00186 result = r.status;
00187
00188 *neg_flags_inout = r.srv_flgs.neg_flags;
00189
00190 if (NT_STATUS_IS_OK(result)) {
00191 *srv_chal_out = r.srv_chal;
00192 }
00193
00194 return result;
00195 }
00196
00197 #if 0
00198
00199
00200
00201
00202
00203
00204
00205
00206 static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
00207 TALLOC_CTX *mem_ctx,
00208 const char *server_name,
00209 const char *account_name,
00210 uint16 sec_chan_type,
00211 const char *computer_name,
00212 uint32 *neg_flags_inout,
00213 const DOM_CHAL *clnt_chal_in,
00214 DOM_CHAL *srv_chal_out)
00215 {
00216 prs_struct qbuf, rbuf;
00217 NET_Q_AUTH_3 q;
00218 NET_R_AUTH_3 r;
00219 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00220
00221
00222
00223 DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
00224 server_name, account_name, sec_chan_type, computer_name,
00225 credstr(clnt_chal_in->data), *neg_flags_inout));
00226
00227
00228 init_q_auth_3(&q, server_name, account_name, sec_chan_type,
00229 computer_name, clnt_chal_in, *neg_flags_inout);
00230
00231
00232
00233 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH3,
00234 q, r,
00235 qbuf, rbuf,
00236 net_io_q_auth_3,
00237 net_io_r_auth_3,
00238 NT_STATUS_UNSUCCESSFUL);
00239
00240 if (NT_STATUS_IS_OK(result)) {
00241 *srv_chal_out = r.srv_chal;
00242 *neg_flags_inout = r.srv_flgs.neg_flags;
00243 }
00244
00245 return result;
00246 }
00247 #endif
00248
00249
00250
00251
00252
00253
00254
00255 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
00256 const char *server_name,
00257 const char *domain,
00258 const char *clnt_name,
00259 const char *machine_account,
00260 const unsigned char machine_pwd[16],
00261 uint32 sec_chan_type,
00262 uint32 *neg_flags_inout)
00263 {
00264 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00265 DOM_CHAL clnt_chal_send;
00266 DOM_CHAL srv_chal_recv;
00267 struct dcinfo *dc;
00268 bool retried = false;
00269
00270 SMB_ASSERT(cli->pipe_idx == PI_NETLOGON);
00271
00272 dc = cli->dc;
00273 if (!dc) {
00274 return NT_STATUS_INVALID_PARAMETER;
00275 }
00276
00277
00278 ZERO_STRUCTP(dc);
00279
00280
00281 memcpy(dc->mach_pw, machine_pwd, 16);
00282
00283 fstrcpy(dc->remote_machine, "\\\\");
00284 fstrcat(dc->remote_machine, server_name);
00285
00286 fstrcpy(dc->domain, domain);
00287
00288 fstr_sprintf( dc->mach_acct, "%s$", machine_account);
00289
00290 again:
00291
00292 generate_random_buffer(clnt_chal_send.data, 8);
00293
00294
00295 result = rpccli_net_req_chal(cli,
00296 cli->mem_ctx,
00297 dc->remote_machine,
00298 clnt_name,
00299 &clnt_chal_send,
00300 &srv_chal_recv);
00301
00302 if (!NT_STATUS_IS_OK(result)) {
00303 return result;
00304 }
00305
00306
00307 creds_client_init(*neg_flags_inout,
00308 dc,
00309 &clnt_chal_send,
00310 &srv_chal_recv,
00311 machine_pwd,
00312 &clnt_chal_send);
00313
00314
00315
00316
00317
00318 result = rpccli_net_auth2(cli,
00319 cli->mem_ctx,
00320 dc->remote_machine,
00321 dc->mach_acct,
00322 sec_chan_type,
00323 clnt_name,
00324 neg_flags_inout,
00325 &clnt_chal_send,
00326 &srv_chal_recv);
00327
00328
00329
00330
00331 if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && !retried) {
00332 retried = true;
00333 goto again;
00334 }
00335
00336 if (!NT_STATUS_IS_OK(result)) {
00337 return result;
00338 }
00339
00340
00341
00342
00343
00344
00345 if (!creds_client_check(dc, &srv_chal_recv)) {
00346
00347
00348
00349 DEBUG(0,("rpccli_netlogon_setup_creds: server %s "
00350 "replied with bad credential\n",
00351 cli->cli->desthost ));
00352 return NT_STATUS_ACCESS_DENIED;
00353 }
00354
00355 DEBUG(5,("rpccli_netlogon_setup_creds: server %s credential "
00356 "chain established.\n",
00357 cli->cli->desthost ));
00358
00359 return NT_STATUS_OK;
00360 }
00361
00362
00363
00364 NTSTATUS rpccli_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00365 uint32 query_level)
00366 {
00367 prs_struct qbuf, rbuf;
00368 NET_Q_LOGON_CTRL2 q;
00369 NET_R_LOGON_CTRL2 r;
00370 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00371 fstring server;
00372
00373 ZERO_STRUCT(q);
00374 ZERO_STRUCT(r);
00375
00376
00377
00378 slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
00379 init_net_q_logon_ctrl2(&q, server, query_level);
00380
00381
00382
00383 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_LOGON_CTRL2,
00384 q, r,
00385 qbuf, rbuf,
00386 net_io_q_logon_ctrl2,
00387 net_io_r_logon_ctrl2,
00388 NT_STATUS_UNSUCCESSFUL);
00389
00390 result = r.status;
00391 return result;
00392 }
00393
00394
00395
00396 WERROR rpccli_netlogon_getanydcname(struct rpc_pipe_client *cli,
00397 TALLOC_CTX *mem_ctx, const char *mydcname,
00398 const char *domainname, fstring newdcname)
00399 {
00400 prs_struct qbuf, rbuf;
00401 NET_Q_GETANYDCNAME q;
00402 NET_R_GETANYDCNAME r;
00403 WERROR result;
00404 fstring mydcname_slash;
00405
00406 ZERO_STRUCT(q);
00407 ZERO_STRUCT(r);
00408
00409
00410
00411 slprintf(mydcname_slash, sizeof(fstring)-1, "\\\\%s", mydcname);
00412 init_net_q_getanydcname(&q, mydcname_slash, domainname);
00413
00414
00415
00416 CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_GETANYDCNAME,
00417 q, r,
00418 qbuf, rbuf,
00419 net_io_q_getanydcname,
00420 net_io_r_getanydcname,
00421 WERR_GENERAL_FAILURE);
00422
00423 result = r.status;
00424
00425 if (W_ERROR_IS_OK(result)) {
00426 rpcstr_pull_unistr2_fstring(newdcname, &r.uni_dcname);
00427 }
00428
00429 return result;
00430 }
00431
00432 static WERROR pull_domain_controller_info_from_getdcname_reply(TALLOC_CTX *mem_ctx,
00433 struct DS_DOMAIN_CONTROLLER_INFO **info_out,
00434 NET_R_DSR_GETDCNAME *r)
00435 {
00436 struct DS_DOMAIN_CONTROLLER_INFO *info;
00437
00438 info = TALLOC_ZERO_P(mem_ctx, struct DS_DOMAIN_CONTROLLER_INFO);
00439 if (!info) {
00440 return WERR_NOMEM;
00441 }
00442
00443 if (&r->uni_dc_unc) {
00444
00445 char *tmp;
00446 tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_unc);
00447 if (tmp == NULL) {
00448 return WERR_GENERAL_FAILURE;
00449 }
00450 if (*tmp == '\\') tmp += 1;
00451 if (*tmp == '\\') tmp += 1;
00452
00453 info->domain_controller_name = talloc_strdup(mem_ctx, tmp);
00454 if (info->domain_controller_name == NULL) {
00455 return WERR_GENERAL_FAILURE;
00456 }
00457 }
00458
00459 if (&r->uni_dc_address) {
00460
00461 char *tmp;
00462 tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_address);
00463 if (tmp == NULL) {
00464 return WERR_GENERAL_FAILURE;
00465 }
00466 if (*tmp == '\\') tmp += 1;
00467 if (*tmp == '\\') tmp += 1;
00468
00469 info->domain_controller_address = talloc_strdup(mem_ctx, tmp);
00470 if (info->domain_controller_address == NULL) {
00471 return WERR_GENERAL_FAILURE;
00472 }
00473 }
00474
00475 info->domain_controller_address_type = r->dc_address_type;
00476
00477 info->domain_guid = talloc_memdup(mem_ctx, &r->domain_guid, sizeof(struct GUID));
00478 if (!info->domain_guid) {
00479 return WERR_GENERAL_FAILURE;
00480 }
00481
00482 if (&r->uni_domain_name) {
00483 info->domain_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_domain_name);
00484 if (!info->domain_name) {
00485 return WERR_GENERAL_FAILURE;
00486 }
00487 }
00488
00489 if (&r->uni_forest_name) {
00490 info->dns_forest_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_forest_name);
00491 if (!info->dns_forest_name) {
00492 return WERR_GENERAL_FAILURE;
00493 }
00494 }
00495
00496 info->flags = r->dc_flags;
00497
00498 if (&r->uni_dc_site_name) {
00499 info->dc_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_site_name);
00500 if (!info->dc_site_name) {
00501 return WERR_GENERAL_FAILURE;
00502 }
00503 }
00504
00505 if (&r->uni_client_site_name) {
00506 info->client_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_client_site_name);
00507 if (!info->client_site_name) {
00508 return WERR_GENERAL_FAILURE;
00509 }
00510 }
00511
00512 *info_out = info;
00513
00514 return WERR_OK;
00515 }
00516
00517
00518
00519 WERROR rpccli_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
00520 TALLOC_CTX *mem_ctx,
00521 const char *server_name,
00522 const char *domain_name,
00523 struct GUID *domain_guid,
00524 struct GUID *site_guid,
00525 uint32_t flags,
00526 struct DS_DOMAIN_CONTROLLER_INFO **info_out)
00527 {
00528 prs_struct qbuf, rbuf;
00529 NET_Q_DSR_GETDCNAME q;
00530 NET_R_DSR_GETDCNAME r;
00531 char *tmp_str;
00532
00533 ZERO_STRUCT(q);
00534 ZERO_STRUCT(r);
00535
00536
00537
00538 tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
00539 if (tmp_str == NULL) {
00540 return WERR_NOMEM;
00541 }
00542
00543 init_net_q_dsr_getdcname(&q, tmp_str, domain_name, domain_guid,
00544 site_guid, flags);
00545
00546
00547
00548 CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAME,
00549 q, r,
00550 qbuf, rbuf,
00551 net_io_q_dsr_getdcname,
00552 net_io_r_dsr_getdcname,
00553 WERR_GENERAL_FAILURE);
00554
00555 if (!W_ERROR_IS_OK(r.result)) {
00556 return r.result;
00557 }
00558
00559 r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
00560 if (!W_ERROR_IS_OK(r.result)) {
00561 return r.result;
00562 }
00563
00564 return WERR_OK;
00565 }
00566
00567
00568
00569 WERROR rpccli_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
00570 TALLOC_CTX *mem_ctx,
00571 const char *server_name,
00572 const char *domain_name,
00573 struct GUID *domain_guid,
00574 const char *site_name,
00575 uint32_t flags,
00576 struct DS_DOMAIN_CONTROLLER_INFO **info_out)
00577 {
00578 prs_struct qbuf, rbuf;
00579 NET_Q_DSR_GETDCNAMEEX q;
00580 NET_R_DSR_GETDCNAME r;
00581 char *tmp_str;
00582
00583 ZERO_STRUCT(q);
00584 ZERO_STRUCT(r);
00585
00586
00587
00588 tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
00589 if (tmp_str == NULL) {
00590 return WERR_NOMEM;
00591 }
00592
00593 init_net_q_dsr_getdcnameex(&q, server_name, domain_name, domain_guid,
00594 site_name, flags);
00595
00596
00597
00598 CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAMEEX,
00599 q, r,
00600 qbuf, rbuf,
00601 net_io_q_dsr_getdcnameex,
00602 net_io_r_dsr_getdcname,
00603 WERR_GENERAL_FAILURE);
00604
00605 if (!W_ERROR_IS_OK(r.result)) {
00606 return r.result;
00607 }
00608
00609 r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
00610 if (!W_ERROR_IS_OK(r.result)) {
00611 return r.result;
00612 }
00613
00614 return WERR_OK;
00615 }
00616
00617
00618
00619 WERROR rpccli_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
00620 TALLOC_CTX *mem_ctx,
00621 const char *server_name,
00622 const char *client_account,
00623 uint32 mask,
00624 const char *domain_name,
00625 struct GUID *domain_guid,
00626 const char *site_name,
00627 uint32_t flags,
00628 struct DS_DOMAIN_CONTROLLER_INFO **info_out)
00629 {
00630 prs_struct qbuf, rbuf;
00631 NET_Q_DSR_GETDCNAMEEX2 q;
00632 NET_R_DSR_GETDCNAME r;
00633 char *tmp_str;
00634
00635 ZERO_STRUCT(q);
00636 ZERO_STRUCT(r);
00637
00638
00639
00640 tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
00641 if (tmp_str == NULL) {
00642 return WERR_NOMEM;
00643 }
00644
00645 init_net_q_dsr_getdcnameex2(&q, server_name, domain_name, client_account,
00646 mask, domain_guid, site_name, flags);
00647
00648
00649
00650 CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAMEEX2,
00651 q, r,
00652 qbuf, rbuf,
00653 net_io_q_dsr_getdcnameex2,
00654 net_io_r_dsr_getdcname,
00655 WERR_GENERAL_FAILURE);
00656
00657 if (!W_ERROR_IS_OK(r.result)) {
00658 return r.result;
00659 }
00660
00661 r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
00662 if (!W_ERROR_IS_OK(r.result)) {
00663 return r.result;
00664 }
00665
00666 return WERR_OK;
00667 }
00668
00669
00670
00671
00672 WERROR rpccli_netlogon_dsr_getsitename(struct rpc_pipe_client *cli,
00673 TALLOC_CTX *mem_ctx,
00674 const char *computer_name,
00675 char **site_name)
00676 {
00677 prs_struct qbuf, rbuf;
00678 NET_Q_DSR_GETSITENAME q;
00679 NET_R_DSR_GETSITENAME r;
00680
00681 ZERO_STRUCT(q);
00682 ZERO_STRUCT(r);
00683
00684
00685
00686 init_net_q_dsr_getsitename(&q, computer_name);
00687
00688
00689
00690 CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETSITENAME,
00691 q, r,
00692 qbuf, rbuf,
00693 net_io_q_dsr_getsitename,
00694 net_io_r_dsr_getsitename,
00695 WERR_GENERAL_FAILURE);
00696
00697 if (!W_ERROR_IS_OK(r.result)) {
00698 return r.result;
00699 }
00700
00701 if ((site_name != NULL) &&
00702 ((*site_name = rpcstr_pull_unistr2_talloc(
00703 mem_ctx, &r.uni_site_name)) == NULL)) {
00704 return WERR_GENERAL_FAILURE;
00705 }
00706
00707 return WERR_OK;
00708 }
00709
00710
00711
00712
00713
00714 NTSTATUS rpccli_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00715 uint32 database_id, uint32 next_rid, uint32 *num_deltas,
00716 SAM_DELTA_HDR **hdr_deltas,
00717 SAM_DELTA_CTR **deltas)
00718 {
00719 prs_struct qbuf, rbuf;
00720 NET_Q_SAM_SYNC q;
00721 NET_R_SAM_SYNC r;
00722 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00723 DOM_CRED clnt_creds;
00724 DOM_CRED ret_creds;
00725
00726 ZERO_STRUCT(q);
00727 ZERO_STRUCT(r);
00728
00729 ZERO_STRUCT(ret_creds);
00730
00731
00732
00733 creds_client_step(cli->dc, &clnt_creds);
00734
00735 init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(),
00736 &clnt_creds, &ret_creds, database_id, next_rid);
00737
00738
00739
00740 CLI_DO_RPC_COPY_SESS_KEY(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC,
00741 q, r,
00742 qbuf, rbuf,
00743 net_io_q_sam_sync,
00744 net_io_r_sam_sync,
00745 NT_STATUS_UNSUCCESSFUL);
00746
00747
00748
00749 result = r.status;
00750 *num_deltas = r.num_deltas2;
00751 *hdr_deltas = r.hdr_deltas;
00752 *deltas = r.deltas;
00753
00754 if (!NT_STATUS_IS_ERR(result)) {
00755
00756 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
00757 DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n"));
00758 return NT_STATUS_ACCESS_DENIED;
00759 }
00760 }
00761
00762 return result;
00763 }
00764
00765
00766
00767 NTSTATUS rpccli_netlogon_sam_deltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00768 uint32 database_id, uint64 seqnum,
00769 uint32 *num_deltas,
00770 SAM_DELTA_HDR **hdr_deltas,
00771 SAM_DELTA_CTR **deltas)
00772 {
00773 prs_struct qbuf, rbuf;
00774 NET_Q_SAM_DELTAS q;
00775 NET_R_SAM_DELTAS r;
00776 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00777 DOM_CRED clnt_creds;
00778
00779 ZERO_STRUCT(q);
00780 ZERO_STRUCT(r);
00781
00782
00783
00784 creds_client_step(cli->dc, &clnt_creds);
00785
00786 init_net_q_sam_deltas(&q, cli->dc->remote_machine,
00787 global_myname(), &clnt_creds,
00788 database_id, seqnum);
00789
00790
00791
00792 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAM_DELTAS,
00793 q, r,
00794 qbuf, rbuf,
00795 net_io_q_sam_deltas,
00796 net_io_r_sam_deltas,
00797 NT_STATUS_UNSUCCESSFUL);
00798
00799
00800
00801 result = r.status;
00802 *num_deltas = r.num_deltas2;
00803 *hdr_deltas = r.hdr_deltas;
00804 *deltas = r.deltas;
00805
00806 if (!NT_STATUS_IS_ERR(result)) {
00807
00808 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
00809 DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n"));
00810 return NT_STATUS_ACCESS_DENIED;
00811 }
00812 }
00813
00814 return result;
00815 }
00816
00817
00818
00819 NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
00820 TALLOC_CTX *mem_ctx,
00821 uint32 logon_parameters,
00822 const char *domain,
00823 const char *username,
00824 const char *password,
00825 const char *workstation,
00826 int logon_type)
00827 {
00828 prs_struct qbuf, rbuf;
00829 NET_Q_SAM_LOGON q;
00830 NET_R_SAM_LOGON r;
00831 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00832 DOM_CRED clnt_creds;
00833 DOM_CRED ret_creds;
00834 NET_ID_INFO_CTR ctr;
00835 NET_USER_INFO_3 user;
00836 int validation_level = 3;
00837 fstring clnt_name_slash;
00838
00839 ZERO_STRUCT(q);
00840 ZERO_STRUCT(r);
00841 ZERO_STRUCT(ret_creds);
00842
00843 if (workstation) {
00844 fstr_sprintf( clnt_name_slash, "\\\\%s", workstation );
00845 } else {
00846 fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() );
00847 }
00848
00849
00850
00851 creds_client_step(cli->dc, &clnt_creds);
00852
00853 q.validation_level = validation_level;
00854
00855 ctr.switch_value = logon_type;
00856
00857 switch (logon_type) {
00858 case INTERACTIVE_LOGON_TYPE: {
00859 unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
00860
00861 nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
00862
00863 init_id_info1(&ctr.auth.id1, domain,
00864 logon_parameters,
00865 0xdead, 0xbeef,
00866 username, clnt_name_slash,
00867 (const char *)cli->dc->sess_key, lm_owf_user_pwd,
00868 nt_owf_user_pwd);
00869
00870 break;
00871 }
00872 case NET_LOGON_TYPE: {
00873 uint8 chal[8];
00874 unsigned char local_lm_response[24];
00875 unsigned char local_nt_response[24];
00876
00877 generate_random_buffer(chal, 8);
00878
00879 SMBencrypt(password, chal, local_lm_response);
00880 SMBNTencrypt(password, chal, local_nt_response);
00881
00882 init_id_info2(&ctr.auth.id2, domain,
00883 logon_parameters,
00884 0xdead, 0xbeef,
00885 username, clnt_name_slash, chal,
00886 local_lm_response, 24, local_nt_response, 24);
00887 break;
00888 }
00889 default:
00890 DEBUG(0, ("switch value %d not supported\n",
00891 ctr.switch_value));
00892 return NT_STATUS_INVALID_INFO_CLASS;
00893 }
00894
00895 r.user = &user;
00896
00897 init_sam_info(&q.sam_id, cli->dc->remote_machine, global_myname(),
00898 &clnt_creds, &ret_creds, logon_type,
00899 &ctr);
00900
00901
00902
00903 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
00904 q, r,
00905 qbuf, rbuf,
00906 net_io_q_sam_logon,
00907 net_io_r_sam_logon,
00908 NT_STATUS_UNSUCCESSFUL);
00909
00910
00911
00912 result = r.status;
00913
00914 if (r.buffer_creds) {
00915
00916 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
00917 DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
00918 return NT_STATUS_ACCESS_DENIED;
00919 }
00920 }
00921
00922 return result;
00923 }
00924
00925
00926
00927
00928
00929
00930
00931
00932 NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
00933 TALLOC_CTX *mem_ctx,
00934 uint32 logon_parameters,
00935 const char *server,
00936 const char *username,
00937 const char *domain,
00938 const char *workstation,
00939 const uint8 chal[8],
00940 DATA_BLOB lm_response,
00941 DATA_BLOB nt_response,
00942 NET_USER_INFO_3 *info3)
00943 {
00944 prs_struct qbuf, rbuf;
00945 NET_Q_SAM_LOGON q;
00946 NET_R_SAM_LOGON r;
00947 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00948 NET_ID_INFO_CTR ctr;
00949 int validation_level = 3;
00950 const char *workstation_name_slash;
00951 const char *server_name_slash;
00952 static uint8 zeros[16];
00953 DOM_CRED clnt_creds;
00954 DOM_CRED ret_creds;
00955 int i;
00956
00957 ZERO_STRUCT(q);
00958 ZERO_STRUCT(r);
00959 ZERO_STRUCT(ret_creds);
00960
00961 creds_client_step(cli->dc, &clnt_creds);
00962
00963 if (server[0] != '\\' && server[1] != '\\') {
00964 server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
00965 } else {
00966 server_name_slash = server;
00967 }
00968
00969 if (workstation[0] != '\\' && workstation[1] != '\\') {
00970 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
00971 } else {
00972 workstation_name_slash = workstation;
00973 }
00974
00975 if (!workstation_name_slash || !server_name_slash) {
00976 DEBUG(0, ("talloc_asprintf failed!\n"));
00977 return NT_STATUS_NO_MEMORY;
00978 }
00979
00980
00981
00982 q.validation_level = validation_level;
00983
00984 ctr.switch_value = NET_LOGON_TYPE;
00985
00986 init_id_info2(&ctr.auth.id2, domain,
00987 logon_parameters,
00988 0xdead, 0xbeef,
00989 username, workstation_name_slash, (const uchar*)chal,
00990 lm_response.data, lm_response.length, nt_response.data, nt_response.length);
00991
00992 init_sam_info(&q.sam_id, server_name_slash, global_myname(),
00993 &clnt_creds, &ret_creds, NET_LOGON_TYPE,
00994 &ctr);
00995
00996 r.user = info3;
00997
00998
00999
01000 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
01001 q, r,
01002 qbuf, rbuf,
01003 net_io_q_sam_logon,
01004 net_io_r_sam_logon,
01005 NT_STATUS_UNSUCCESSFUL);
01006
01007 if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
01008 SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
01009 } else {
01010 memset(info3->user_sess_key, '\0', 16);
01011 }
01012
01013 if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
01014 SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
01015 } else {
01016 memset(info3->lm_sess_key, '\0', 8);
01017 }
01018
01019 for (i=0; i < 7; i++) {
01020 memset(&info3->unknown[i], '\0', 4);
01021 }
01022
01023
01024
01025 result = r.status;
01026
01027 if (r.buffer_creds) {
01028
01029 if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
01030 DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
01031 return NT_STATUS_ACCESS_DENIED;
01032 }
01033 }
01034
01035 return result;
01036 }
01037
01038
01039
01040
01041
01042 NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01043 const char *machine_name, const uint8 hashed_mach_pwd[16])
01044 {
01045 prs_struct rbuf;
01046 prs_struct qbuf;
01047 DOM_CRED clnt_creds;
01048 NET_Q_SRV_PWSET q;
01049 NET_R_SRV_PWSET r;
01050 uint16 sec_chan_type = 2;
01051 NTSTATUS result;
01052
01053 creds_client_step(cli->dc, &clnt_creds);
01054
01055 DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n",
01056 cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
01057
01058
01059 init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
01060 cli->dc->mach_acct, sec_chan_type, machine_name,
01061 &clnt_creds, hashed_mach_pwd);
01062
01063 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET,
01064 q, r,
01065 qbuf, rbuf,
01066 net_io_q_srv_pwset,
01067 net_io_r_srv_pwset,
01068 NT_STATUS_UNSUCCESSFUL);
01069
01070 result = r.status;
01071
01072 if (!NT_STATUS_IS_OK(result)) {
01073
01074 DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
01075 }
01076
01077
01078 if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
01079 DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
01080 return NT_STATUS_ACCESS_DENIED;
01081 }
01082
01083 return result;
01084 }
01085
01086
01087
01088
01089
01090 NTSTATUS rpccli_net_srv_pwset2(struct rpc_pipe_client *cli,
01091 TALLOC_CTX *mem_ctx,
01092 const char *machine_name,
01093 const char *clear_text_mach_pwd)
01094 {
01095 prs_struct rbuf;
01096 prs_struct qbuf;
01097 DOM_CRED clnt_creds;
01098 NET_Q_SRV_PWSET2 q;
01099 NET_R_SRV_PWSET2 r;
01100 uint16 sec_chan_type = 2;
01101 NTSTATUS result;
01102
01103 creds_client_step(cli->dc, &clnt_creds);
01104
01105 DEBUG(4,("cli_net_srv_pwset2: srv:%s acct:%s sc: %d mc: %s\n",
01106 cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
01107
01108
01109 init_q_srv_pwset2(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
01110 cli->dc->mach_acct, sec_chan_type, machine_name,
01111 &clnt_creds, clear_text_mach_pwd);
01112
01113 CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET2,
01114 q, r,
01115 qbuf, rbuf,
01116 net_io_q_srv_pwset2,
01117 net_io_r_srv_pwset2,
01118 NT_STATUS_UNSUCCESSFUL);
01119
01120 result = r.status;
01121
01122 if (!NT_STATUS_IS_OK(result)) {
01123
01124 DEBUG(0,("cli_net_srv_pwset2: %s\n", nt_errstr(result)));
01125 }
01126
01127
01128 if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
01129 DEBUG(0,("rpccli_net_srv_pwset2: credentials chain check failed\n"));
01130 return NT_STATUS_ACCESS_DENIED;
01131 }
01132
01133 return result;
01134 }