00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #include "includes.h"
00025 #include "utils/net.h"
00026
00027
00028
00029 #define CHECK_RPC_ERR(rpc, msg) \
00030 if (!NT_STATUS_IS_OK(result = rpc)) { \
00031 DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
00032 goto done; \
00033 }
00034
00035 #define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
00036 if (!NT_STATUS_IS_OK(result = rpc)) { \
00037 DEBUG(0, debug_args); \
00038 goto done; \
00039 }
00040
00041
00042
00043
00044
00045
00046
00047
00048 NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
00049 DOM_SID *dom_sid )
00050 {
00051 struct rpc_pipe_client *pipe_hnd = NULL;
00052 POLICY_HND sam_pol, domain_pol, user_pol;
00053 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
00054 char *acct_name;
00055 uint32 flags = 0x3e8;
00056 const char *const_acct_name;
00057 uint32 user_rid;
00058 uint32 num_rids, *name_types, *user_rids;
00059 SAM_USERINFO_CTR ctr, *qctr = NULL;
00060 SAM_USER_INFO_16 p16;
00061
00062
00063
00064 if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) {
00065 DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
00066 nt_errstr(status) ));
00067 return status;
00068 }
00069
00070 status = rpccli_samr_connect(pipe_hnd, mem_ctx,
00071 SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol);
00072 if ( !NT_STATUS_IS_OK(status) )
00073 return status;
00074
00075
00076 status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
00077 SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol);
00078 if ( !NT_STATUS_IS_OK(status) )
00079 return status;
00080
00081
00082
00083 acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname());
00084 strlower_m(acct_name);
00085 const_acct_name = acct_name;
00086
00087 status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
00088 &domain_pol, flags, 1, &const_acct_name,
00089 &num_rids, &user_rids, &name_types);
00090 if ( !NT_STATUS_IS_OK(status) )
00091 return status;
00092
00093 if ( name_types[0] != SID_NAME_USER) {
00094 DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
00095 return NT_STATUS_INVALID_WORKSTATION;
00096 }
00097
00098 user_rid = user_rids[0];
00099
00100
00101
00102 status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
00103 SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
00104 if ( !NT_STATUS_IS_OK(status) ) {
00105 goto done;
00106 }
00107
00108
00109
00110 status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, 16, &qctr);
00111 if ( !NT_STATUS_IS_OK(status) ) {
00112 rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
00113 goto done;
00114 }
00115
00116
00117
00118 ZERO_STRUCT(ctr);
00119 ctr.switch_value = 16;
00120 ctr.info.id16 = &p16;
00121
00122 p16.acb_info = qctr->info.id16->acb_info | ACB_DISABLED;
00123
00124 status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
00125 &cli->user_session_key, &ctr);
00126
00127 rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
00128
00129 done:
00130 rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
00131 rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol);
00132
00133 cli_rpc_pipe_close(pipe_hnd);
00134
00135 return status;
00136 }
00137
00138
00139
00140
00141
00142 int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *pw )
00143 {
00144 if (!secrets_store_domain_sid(domain, sid)) {
00145 DEBUG(1,("Failed to save domain sid\n"));
00146 return -1;
00147 }
00148
00149 if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) {
00150 DEBUG(1,("Failed to save machine password\n"));
00151 return -1;
00152 }
00153
00154 return 0;
00155 }
00156
00157
00158
00159
00160 NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli,
00161 char **domain, DOM_SID **sid )
00162 {
00163 struct rpc_pipe_client *pipe_hnd = NULL;
00164 POLICY_HND lsa_pol;
00165 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
00166
00167 if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) {
00168 DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
00169 nt_errstr(status) ));
00170 return status;
00171 }
00172
00173 status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
00174 SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
00175 if ( !NT_STATUS_IS_OK(status) )
00176 return status;
00177
00178 status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx,
00179 &lsa_pol, 5, domain, sid);
00180 if ( !NT_STATUS_IS_OK(status) )
00181 return status;
00182
00183 rpccli_lsa_close(pipe_hnd, mem_ctx, &lsa_pol);
00184 cli_rpc_pipe_close(pipe_hnd);
00185
00186
00187 if (!domain) {
00188 DEBUG(0, ("Could not get domain name.\n"));
00189 return NT_STATUS_UNSUCCESSFUL;
00190 }
00191
00192 return NT_STATUS_OK;
00193 }
00194
00195
00196
00197
00198
00199 NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli,
00200 DOM_SID *dom_sid, const char *clear_pw,
00201 enum netdom_domain_t dom_type )
00202 {
00203 struct rpc_pipe_client *pipe_hnd = NULL;
00204 POLICY_HND sam_pol, domain_pol, user_pol;
00205 NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
00206 char *acct_name;
00207 const char *const_acct_name;
00208 uint32 user_rid;
00209 uint32 num_rids, *name_types, *user_rids;
00210 uint32 flags = 0x3e8;
00211 uint32 acb_info = ACB_WSTRUST;
00212 uint32 acct_flags=0;
00213 uint32 fields_present;
00214 uchar pwbuf[532];
00215 SAM_USERINFO_CTR ctr;
00216 SAM_USER_INFO_24 p24;
00217 SAM_USER_INFO_25 p25;
00218 const int infolevel = 25;
00219 struct MD5Context md5ctx;
00220 uchar md5buffer[16];
00221 DATA_BLOB digested_session_key;
00222 uchar md4_trust_password[16];
00223
00224
00225
00226 if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) {
00227 DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
00228 nt_errstr(status) ));
00229 return status;
00230 }
00231
00232 status = rpccli_samr_connect(pipe_hnd, mem_ctx,
00233 SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol);
00234 if ( !NT_STATUS_IS_OK(status) )
00235 return status;
00236
00237
00238 status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
00239 SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol);
00240 if ( !NT_STATUS_IS_OK(status) )
00241 return status;
00242
00243
00244
00245 acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname());
00246 strlower_m(acct_name);
00247 const_acct_name = acct_name;
00248
00249
00250
00251 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE |
00252 SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC |
00253 SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | SAMR_USER_GETATTR |
00254 SAMR_USER_SETATTR;
00255 DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
00256 status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
00257 acct_name, acb_info, acct_flags, &user_pol, &user_rid);
00258
00259 if ( !NT_STATUS_IS_OK(status)
00260 && !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS))
00261 {
00262 d_fprintf(stderr, "Creation of workstation account failed\n");
00263
00264
00265
00266
00267
00268 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED))
00269 d_fprintf(stderr, "User specified does not have administrator privileges\n");
00270
00271 return status;
00272 }
00273
00274
00275
00276 if (NT_STATUS_IS_OK(status)) {
00277 rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
00278 }
00279
00280 status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
00281 &domain_pol, flags, 1, &const_acct_name,
00282 &num_rids, &user_rids, &name_types);
00283 if ( !NT_STATUS_IS_OK(status) )
00284 return status;
00285
00286 if ( name_types[0] != SID_NAME_USER) {
00287 DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
00288 return NT_STATUS_INVALID_WORKSTATION;
00289 }
00290
00291 user_rid = user_rids[0];
00292
00293
00294
00295 status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
00296 SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
00297 if (!NT_STATUS_IS_OK(status)) {
00298 return status;
00299 }
00300
00301
00302
00303 E_md4hash(clear_pw, md4_trust_password);
00304 encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE);
00305
00306 generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
00307 digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
00308
00309 MD5Init(&md5ctx);
00310 MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
00311 MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length);
00312 MD5Final(digested_session_key.data, &md5ctx);
00313
00314 SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
00315 memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
00316
00317
00318
00319 acb_info |= ACB_PWNOEXP;
00320 if ( dom_type == ND_TYPE_AD ) {
00321 #if !defined(ENCTYPE_ARCFOUR_HMAC)
00322 acb_info |= ACB_USE_DES_KEY_ONLY;
00323 #endif
00324 ;;
00325 }
00326
00327
00328
00329 ZERO_STRUCT(ctr);
00330 ZERO_STRUCT(p25);
00331
00332 fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS;
00333 init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf);
00334
00335 ctr.switch_value = infolevel;
00336 ctr.info.id25 = &p25;
00337
00338 status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol,
00339 infolevel, &cli->user_session_key, &ctr);
00340
00341 if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
00342
00343 uchar pwbuf2[516];
00344
00345 ZERO_STRUCT(p24);
00346
00347 encode_pw_buffer(pwbuf2, clear_pw, STR_UNICODE);
00348
00349
00350 init_sam_user_info24(&p24, (char *)pwbuf2, 24);
00351
00352 ctr.switch_value = 24;
00353 ctr.info.id24 = &p24;
00354
00355 status = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx,
00356 &user_pol,
00357 24,
00358 &cli->user_session_key,
00359 &ctr);
00360 }
00361
00362 if ( !NT_STATUS_IS_OK(status) ) {
00363 d_fprintf( stderr, "Failed to set password for machine account (%s)\n",
00364 nt_errstr(status));
00365 return status;
00366 }
00367
00368 rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
00369 cli_rpc_pipe_close(pipe_hnd);
00370
00371 return status;
00372 }
00373