00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027 #include "includes.h"
00028
00029 extern userdom_struct current_user_info;
00030
00031 #undef DBGC_CLASS
00032 #define DBGC_CLASS DBGC_RPC_SRV
00033
00034
00035
00036
00037
00038 static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
00039 DOM_CHAL *srv_chal, NTSTATUS status)
00040 {
00041 DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
00042 memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
00043 r_c->status = status;
00044 }
00045
00046
00047
00048
00049
00050 #define ERROR_NO_SUCH_DOMAIN 0x54b
00051 #define ERROR_NO_LOGON_SERVERS 0x51f
00052 #define NO_ERROR 0x0
00053
00054
00055
00056
00057
00058 NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u,
00059 NET_R_LOGON_CTRL *r_u)
00060 {
00061 uint32 flags = 0x0;
00062 uint32 pdc_connection_status = 0x00;
00063
00064
00065
00066 init_net_r_logon_ctrl(r_u, q_u->query_level, flags,
00067 pdc_connection_status);
00068
00069 return r_u->status;
00070 }
00071
00072
00073
00074
00075
00076 static void send_sync_message(void)
00077 {
00078 TDB_CONTEXT *tdb;
00079
00080 tdb = tdb_open_log(lock_path("connections.tdb"), 0,
00081 TDB_DEFAULT, O_RDONLY, 0);
00082
00083 if (!tdb) {
00084 DEBUG(3, ("send_sync_message(): failed to open connections "
00085 "database\n"));
00086 return;
00087 }
00088
00089 DEBUG(3, ("sending sam synchronisation message\n"));
00090
00091 message_send_all(tdb, MSG_SMB_SAM_SYNC, NULL, 0, False, NULL);
00092
00093 tdb_close(tdb);
00094 }
00095
00096
00097
00098
00099
00100 NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u)
00101 {
00102 uint32 flags = 0x0;
00103 uint32 pdc_connection_status = 0x0;
00104 uint32 logon_attempts = 0x0;
00105 uint32 tc_status;
00106 fstring servername, domain, dc_name, dc_name2;
00107 struct in_addr dc_ip;
00108
00109
00110 unistr2_to_ascii(servername, &q_u->uni_server_name, sizeof(servername));
00111
00112 r_u->status = NT_STATUS_OK;
00113
00114 tc_status = ERROR_NO_SUCH_DOMAIN;
00115 fstrcpy( dc_name, "" );
00116
00117 switch ( q_u->function_code ) {
00118 case NETLOGON_CONTROL_TC_QUERY:
00119 unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
00120
00121 if ( !is_trusted_domain( domain ) )
00122 break;
00123
00124 if ( !get_dc_name( domain, NULL, dc_name2, &dc_ip ) ) {
00125 tc_status = ERROR_NO_LOGON_SERVERS;
00126 break;
00127 }
00128
00129 fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
00130
00131 tc_status = NO_ERROR;
00132
00133 break;
00134
00135 case NETLOGON_CONTROL_REDISCOVER:
00136 unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
00137
00138 if ( !is_trusted_domain( domain ) )
00139 break;
00140
00141 if ( !get_dc_name( domain, NULL, dc_name2, &dc_ip ) ) {
00142 tc_status = ERROR_NO_LOGON_SERVERS;
00143 break;
00144 }
00145
00146 fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
00147
00148 tc_status = NO_ERROR;
00149
00150 break;
00151
00152 default:
00153
00154 DEBUG(0,("_net_logon_ctrl2: unimplemented function level [%d]\n",
00155 q_u->function_code));
00156 }
00157
00158
00159
00160 init_net_r_logon_ctrl2( r_u, q_u->query_level, flags,
00161 pdc_connection_status, logon_attempts, tc_status, dc_name );
00162
00163 if (lp_server_role() == ROLE_DOMAIN_BDC)
00164 send_sync_message();
00165
00166 return r_u->status;
00167 }
00168
00169
00170
00171
00172
00173 NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRUST_DOM_LIST *r_u)
00174 {
00175 const char *trusted_domain = "test_domain";
00176 uint32 num_trust_domains = 1;
00177
00178 DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
00179
00180
00181 init_r_trust_dom(r_u, num_trust_domains, trusted_domain);
00182
00183 DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
00184
00185 return r_u->status;
00186 }
00187
00188
00189
00190
00191
00192 static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
00193 DOM_CRED *srv_cred, NTSTATUS status)
00194 {
00195 DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
00196
00197 memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred));
00198 r_s->status = status;
00199
00200 DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
00201 }
00202
00203
00204
00205
00206
00207 static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
00208 {
00209 struct samu *sampass = NULL;
00210 const uint8 *pass;
00211 BOOL ret;
00212 uint32 acct_ctrl;
00213
00214 #if 0
00215
00216
00217
00218
00219
00220
00221
00222
00223
00224 if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
00225 client_name(), client_addr()))
00226 {
00227 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
00228 return False;
00229 }
00230 #endif
00231
00232 if ( !(sampass = samu_new( NULL )) ) {
00233 return NT_STATUS_NO_MEMORY;
00234 }
00235
00236
00237 become_root();
00238 ret = pdb_getsampwnam(sampass, mach_acct);
00239 unbecome_root();
00240
00241 if (!ret) {
00242 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
00243 TALLOC_FREE(sampass);
00244 return NT_STATUS_ACCESS_DENIED;
00245 }
00246
00247 acct_ctrl = pdb_get_acct_ctrl(sampass);
00248 if (acct_ctrl & ACB_DISABLED) {
00249 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
00250 TALLOC_FREE(sampass);
00251 return NT_STATUS_ACCOUNT_DISABLED;
00252 }
00253
00254 if (!(acct_ctrl & ACB_SVRTRUST) &&
00255 !(acct_ctrl & ACB_WSTRUST) &&
00256 !(acct_ctrl & ACB_DOMTRUST))
00257 {
00258 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
00259 TALLOC_FREE(sampass);
00260 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
00261 }
00262
00263 switch (sec_chan_type) {
00264 case SEC_CHAN_BDC:
00265 if (!(acct_ctrl & ACB_SVRTRUST)) {
00266 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
00267 "but not a server trust account\n", mach_acct));
00268 TALLOC_FREE(sampass);
00269 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
00270 }
00271 break;
00272 case SEC_CHAN_WKSTA:
00273 if (!(acct_ctrl & ACB_WSTRUST)) {
00274 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
00275 "but not a workstation trust account\n", mach_acct));
00276 TALLOC_FREE(sampass);
00277 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
00278 }
00279 break;
00280 case SEC_CHAN_DOMAIN:
00281 if (!(acct_ctrl & ACB_DOMTRUST)) {
00282 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
00283 "but not a interdomain trust account\n", mach_acct));
00284 TALLOC_FREE(sampass);
00285 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
00286 }
00287 break;
00288 default:
00289 break;
00290 }
00291
00292 if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
00293 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
00294 TALLOC_FREE(sampass);
00295 return NT_STATUS_LOGON_FAILURE;
00296 }
00297
00298 memcpy(md4pw, pass, 16);
00299 dump_data(5, md4pw, 16);
00300
00301 TALLOC_FREE(sampass);
00302
00303 return NT_STATUS_OK;
00304
00305
00306 }
00307
00308
00309
00310
00311
00312 NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
00313 {
00314 if (!p->dc) {
00315 p->dc = TALLOC_ZERO_P(p->pipe_state_mem_ctx, struct dcinfo);
00316 if (!p->dc) {
00317 return NT_STATUS_NO_MEMORY;
00318 }
00319 } else {
00320 DEBUG(10,("_net_req_chal: new challenge requested. Clearing old state.\n"));
00321 ZERO_STRUCTP(p->dc);
00322 }
00323
00324 rpcstr_pull(p->dc->remote_machine,
00325 q_u->uni_logon_clnt.buffer,
00326 sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
00327
00328
00329 memcpy(p->dc->clnt_chal.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
00330
00331
00332
00333 generate_random_buffer(p->dc->srv_chal.data, 8);
00334
00335
00336 init_net_r_req_chal(r_u, &p->dc->srv_chal, NT_STATUS_OK);
00337
00338 p->dc->challenge_sent = True;
00339
00340 return NT_STATUS_OK;
00341 }
00342
00343
00344
00345
00346
00347 static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, NTSTATUS status)
00348 {
00349 memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
00350 r_a->status = status;
00351 }
00352
00353
00354
00355
00356
00357 NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
00358 {
00359 NTSTATUS status;
00360 fstring mach_acct;
00361 fstring remote_machine;
00362 DOM_CHAL srv_chal_out;
00363
00364 if (!p->dc || !p->dc->challenge_sent) {
00365 return NT_STATUS_ACCESS_DENIED;
00366 }
00367
00368 rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
00369 q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
00370 rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
00371 q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
00372
00373 status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
00374 if (!NT_STATUS_IS_OK(status)) {
00375 DEBUG(0,("_net_auth: creds_server_check failed. Failed to "
00376 "get password for machine account %s "
00377 "from client %s: %s\n",
00378 mach_acct, remote_machine, nt_errstr(status) ));
00379
00380 return NT_STATUS_ACCESS_DENIED;
00381 }
00382
00383
00384 creds_server_init(0,
00385 p->dc,
00386 &p->dc->clnt_chal,
00387 &p->dc->srv_chal,
00388 p->dc->mach_pw,
00389 &srv_chal_out);
00390
00391
00392 if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
00393 DEBUG(0,("_net_auth: creds_server_check failed. Rejecting auth "
00394 "request from client %s machine account %s\n",
00395 remote_machine, mach_acct ));
00396 return NT_STATUS_ACCESS_DENIED;
00397 }
00398
00399 fstrcpy(p->dc->mach_acct, mach_acct);
00400 fstrcpy(p->dc->remote_machine, remote_machine);
00401 p->dc->authenticated = True;
00402
00403
00404
00405 init_net_r_auth(r_u, &srv_chal_out, NT_STATUS_OK);
00406
00407 return r_u->status;
00408 }
00409
00410
00411
00412
00413
00414 static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
00415 DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status)
00416 {
00417 memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
00418 memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
00419 r_a->status = status;
00420 }
00421
00422
00423
00424
00425
00426 NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
00427 {
00428 NTSTATUS status;
00429 NEG_FLAGS srv_flgs;
00430 fstring mach_acct;
00431 fstring remote_machine;
00432 DOM_CHAL srv_chal_out;
00433
00434 rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
00435 q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
00436
00437
00438 rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
00439 q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
00440
00441 if (!p->dc || !p->dc->challenge_sent) {
00442 DEBUG(0,("_net_auth2: no challenge sent to client %s\n",
00443 remote_machine ));
00444 return NT_STATUS_ACCESS_DENIED;
00445 }
00446
00447 if ( (lp_server_schannel() == True) &&
00448 ((q_u->clnt_flgs.neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
00449
00450
00451 DEBUG(0,("_net_auth2: schannel required but client failed "
00452 "to offer it. Client was %s\n",
00453 mach_acct ));
00454 return NT_STATUS_ACCESS_DENIED;
00455 }
00456
00457 status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
00458 if (!NT_STATUS_IS_OK(status)) {
00459 DEBUG(0,("_net_auth2: failed to get machine password for "
00460 "account %s: %s\n",
00461 mach_acct, nt_errstr(status) ));
00462
00463 return NT_STATUS_ACCESS_DENIED;
00464 }
00465
00466
00467 creds_server_init(q_u->clnt_flgs.neg_flags,
00468 p->dc,
00469 &p->dc->clnt_chal,
00470 &p->dc->srv_chal,
00471 p->dc->mach_pw,
00472 &srv_chal_out);
00473
00474
00475 if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
00476 DEBUG(0,("_net_auth2: creds_server_check failed. Rejecting auth "
00477 "request from client %s machine account %s\n",
00478 remote_machine, mach_acct ));
00479 return NT_STATUS_ACCESS_DENIED;
00480 }
00481
00482 srv_flgs.neg_flags = 0x000001ff;
00483
00484 if (lp_server_schannel() != False) {
00485 srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
00486 }
00487
00488
00489 init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);
00490
00491 fstrcpy(p->dc->mach_acct, mach_acct);
00492 fstrcpy(p->dc->remote_machine, remote_machine);
00493 fstrcpy(p->dc->domain, lp_workgroup() );
00494
00495 p->dc->authenticated = True;
00496
00497
00498 become_root();
00499 secrets_store_schannel_session_info(p->mem_ctx,
00500 remote_machine,
00501 p->dc);
00502 unbecome_root();
00503
00504 return r_u->status;
00505 }
00506
00507
00508
00509
00510
00511 NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
00512 {
00513 fstring remote_machine;
00514 struct samu *sampass=NULL;
00515 BOOL ret = False;
00516 unsigned char pwd[16];
00517 int i;
00518 uint32 acct_ctrl;
00519 DOM_CRED cred_out;
00520 const uchar *old_pw;
00521
00522 DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
00523
00524
00525 rpcstr_pull(remote_machine,q_u->clnt_id.login.uni_comp_name.buffer,
00526 sizeof(remote_machine),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0);
00527
00528 if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
00529
00530
00531
00532 DEBUG(0,("_net_srv_pwset: client %s not using schannel for netlogon\n",
00533 remote_machine ));
00534 return NT_STATUS_ACCESS_DENIED;
00535 }
00536
00537 if (!p->dc) {
00538
00539 become_root();
00540 ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
00541 remote_machine,
00542 &p->dc);
00543 unbecome_root();
00544 if (!ret) {
00545 return NT_STATUS_INVALID_HANDLE;
00546 }
00547 }
00548
00549 if (!p->dc || !p->dc->authenticated) {
00550 return NT_STATUS_INVALID_HANDLE;
00551 }
00552
00553 DEBUG(3,("_net_srv_pwset: Server Password Set by remote machine:[%s] on account [%s]\n",
00554 remote_machine, p->dc->mach_acct));
00555
00556
00557 if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
00558 DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
00559 "request from client %s machine account %s\n",
00560 remote_machine, p->dc->mach_acct ));
00561 return NT_STATUS_INVALID_PARAMETER;
00562 }
00563
00564
00565 sampass = samu_new( NULL );
00566 if (!sampass) {
00567 return NT_STATUS_NO_MEMORY;
00568 }
00569
00570 become_root();
00571 secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
00572 remote_machine,
00573 p->dc);
00574 ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
00575 unbecome_root();
00576
00577 if (!ret) {
00578 TALLOC_FREE(sampass);
00579 return NT_STATUS_ACCESS_DENIED;
00580 }
00581
00582
00583
00584 acct_ctrl = pdb_get_acct_ctrl(sampass);
00585
00586 if (!(acct_ctrl & ACB_WSTRUST ||
00587 acct_ctrl & ACB_SVRTRUST ||
00588 acct_ctrl & ACB_DOMTRUST)) {
00589 TALLOC_FREE(sampass);
00590 return NT_STATUS_NO_SUCH_USER;
00591 }
00592
00593 if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
00594 TALLOC_FREE(sampass);
00595 return NT_STATUS_ACCOUNT_DISABLED;
00596 }
00597
00598
00599 cred_hash3( pwd, q_u->pwd, p->dc->sess_key, 0);
00600
00601 DEBUG(100,("Server password set : new given value was :\n"));
00602 for(i = 0; i < sizeof(pwd); i++)
00603 DEBUG(100,("%02X ", pwd[i]));
00604 DEBUG(100,("\n"));
00605
00606 old_pw = pdb_get_nt_passwd(sampass);
00607
00608 if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
00609
00610
00611
00612 ret = True;
00613 } else {
00614
00615
00616 if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
00617 TALLOC_FREE(sampass);
00618 return NT_STATUS_NO_MEMORY;
00619 }
00620
00621 if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
00622 TALLOC_FREE(sampass);
00623 return NT_STATUS_NO_MEMORY;
00624 }
00625
00626 if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
00627 TALLOC_FREE(sampass);
00628
00629 return NT_STATUS_UNSUCCESSFUL;
00630 }
00631
00632 become_root();
00633 r_u->status = pdb_update_sam_account(sampass);
00634 unbecome_root();
00635 }
00636
00637
00638 init_net_r_srv_pwset(r_u, &cred_out, r_u->status);
00639
00640 TALLOC_FREE(sampass);
00641 return r_u->status;
00642 }
00643
00644
00645
00646
00647
00648 NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u)
00649 {
00650 fstring remote_machine;
00651
00652 if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
00653
00654
00655
00656 DEBUG(0,("_net_sam_logoff: client %s not using schannel for netlogon\n",
00657 get_remote_machine_name() ));
00658 return NT_STATUS_ACCESS_DENIED;
00659 }
00660
00661
00662 if (!get_valid_user_struct(p->vuid))
00663 return NT_STATUS_NO_SUCH_USER;
00664
00665
00666 rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
00667 sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
00668
00669 if (!p->dc) {
00670
00671 BOOL ret;
00672
00673 become_root();
00674 ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
00675 remote_machine,
00676 &p->dc);
00677 unbecome_root();
00678 if (!ret) {
00679 return NT_STATUS_INVALID_HANDLE;
00680 }
00681 }
00682
00683 if (!p->dc || !p->dc->authenticated) {
00684 return NT_STATUS_INVALID_HANDLE;
00685 }
00686
00687 r_u->buffer_creds = 1;
00688
00689
00690 if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
00691 DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
00692 "request from client %s machine account %s\n",
00693 remote_machine, p->dc->mach_acct ));
00694 return NT_STATUS_INVALID_PARAMETER;
00695 }
00696
00697
00698 become_root();
00699 secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
00700 remote_machine,
00701 p->dc);
00702 unbecome_root();
00703
00704 r_u->status = NT_STATUS_OK;
00705 return r_u->status;
00706 }
00707
00708
00709
00710
00711
00712 static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
00713 const DOM_SID *domain_sid,
00714 size_t num_sids,
00715 const DOM_SID *sids,
00716 int *numgroups, DOM_GID **pgids)
00717 {
00718 int i;
00719
00720 *numgroups=0;
00721 *pgids = NULL;
00722
00723 for (i=0; i<num_sids; i++) {
00724 DOM_GID gid;
00725 if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.g_rid)) {
00726 continue;
00727 }
00728 gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
00729 SE_GROUP_ENABLED);
00730 ADD_TO_ARRAY(mem_ctx, DOM_GID, gid, pgids, numgroups);
00731 if (*pgids == NULL) {
00732 return NT_STATUS_NO_MEMORY;
00733 }
00734 }
00735 return NT_STATUS_OK;
00736 }
00737
00738
00739
00740
00741
00742 static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
00743 NET_Q_SAM_LOGON *q_u,
00744 NET_R_SAM_LOGON *r_u,
00745 BOOL process_creds)
00746 {
00747 NTSTATUS status = NT_STATUS_OK;
00748 NET_USER_INFO_3 *usr_info = NULL;
00749 NET_ID_INFO_CTR *ctr = q_u->sam_id.ctr;
00750 UNISTR2 *uni_samlogon_user = NULL;
00751 UNISTR2 *uni_samlogon_domain = NULL;
00752 UNISTR2 *uni_samlogon_workstation = NULL;
00753 fstring nt_username, nt_domain, nt_workstation;
00754 auth_usersupplied_info *user_info = NULL;
00755 auth_serversupplied_info *server_info = NULL;
00756 struct samu *sampw;
00757 struct auth_context *auth_context = NULL;
00758
00759 if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
00760
00761
00762
00763 DEBUG(0,("_net_sam_logon_internal: client %s not using schannel for netlogon\n",
00764 get_remote_machine_name() ));
00765 return NT_STATUS_ACCESS_DENIED;
00766 }
00767
00768 usr_info = TALLOC_P(p->mem_ctx, NET_USER_INFO_3);
00769 if (!usr_info) {
00770 return NT_STATUS_NO_MEMORY;
00771 }
00772
00773 ZERO_STRUCTP(usr_info);
00774
00775
00776 r_u->user = usr_info;
00777 r_u->auth_resp = 1;
00778 if (q_u->validation_level != 2 && q_u->validation_level != 3) {
00779 DEBUG(0,("_net_sam_logon: bad validation_level value %d.\n", (int)q_u->validation_level ));
00780 return NT_STATUS_ACCESS_DENIED;
00781 }
00782
00783 r_u->switch_value = q_u->validation_level;
00784 r_u->buffer_creds = 1;
00785
00786 if (!get_valid_user_struct(p->vuid))
00787 return NT_STATUS_NO_SUCH_USER;
00788
00789 if (process_creds) {
00790 fstring remote_machine;
00791
00792
00793
00794
00795
00796 rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
00797 sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
00798
00799 if (!p->dc) {
00800
00801 BOOL ret;
00802
00803 become_root();
00804 ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
00805 remote_machine,
00806 &p->dc);
00807 unbecome_root();
00808 if (!ret) {
00809 return NT_STATUS_INVALID_HANDLE;
00810 }
00811 }
00812
00813 if (!p->dc || !p->dc->authenticated) {
00814 return NT_STATUS_INVALID_HANDLE;
00815 }
00816
00817
00818 if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
00819 DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth "
00820 "request from client %s machine account %s\n",
00821 remote_machine, p->dc->mach_acct ));
00822 return NT_STATUS_INVALID_PARAMETER;
00823 }
00824
00825
00826 become_root();
00827 secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
00828 remote_machine,
00829 p->dc);
00830 unbecome_root();
00831 }
00832
00833 switch (q_u->sam_id.logon_level) {
00834 case INTERACTIVE_LOGON_TYPE:
00835 uni_samlogon_user = &ctr->auth.id1.uni_user_name;
00836 uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
00837
00838 uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
00839
00840 DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
00841 break;
00842 case NET_LOGON_TYPE:
00843 uni_samlogon_user = &ctr->auth.id2.uni_user_name;
00844 uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
00845 uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
00846
00847 DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
00848 break;
00849 default:
00850 DEBUG(2,("SAM Logon: unsupported switch value\n"));
00851 return NT_STATUS_INVALID_INFO_CLASS;
00852 }
00853
00854 rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
00855 rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
00856 rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
00857
00858 DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
00859 fstrcpy(current_user_info.smb_name, nt_username);
00860 sub_set_smb_name(nt_username);
00861
00862 DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username));
00863
00864 status = NT_STATUS_OK;
00865
00866 switch (ctr->switch_value) {
00867 case NET_LOGON_TYPE:
00868 {
00869 const char *wksname = nt_workstation;
00870
00871 if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
00872 return status;
00873 }
00874
00875
00876
00877
00878 if (*wksname == '\\') wksname++;
00879 if (*wksname == '\\') wksname++;
00880
00881
00882 if (!make_user_info_netlogon_network(&user_info,
00883 nt_username, nt_domain,
00884 wksname,
00885 ctr->auth.id2.param_ctrl,
00886 ctr->auth.id2.lm_chal_resp.buffer,
00887 ctr->auth.id2.lm_chal_resp.str_str_len,
00888 ctr->auth.id2.nt_chal_resp.buffer,
00889 ctr->auth.id2.nt_chal_resp.str_str_len)) {
00890 status = NT_STATUS_NO_MEMORY;
00891 }
00892 break;
00893 }
00894 case INTERACTIVE_LOGON_TYPE:
00895
00896
00897
00898
00899 {
00900 const uint8 *chal;
00901
00902 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
00903 return status;
00904 }
00905
00906 chal = auth_context->get_ntlm_challenge(auth_context);
00907
00908 if (!make_user_info_netlogon_interactive(&user_info,
00909 nt_username, nt_domain,
00910 nt_workstation,
00911 ctr->auth.id1.param_ctrl,
00912 chal,
00913 ctr->auth.id1.lm_owf.data,
00914 ctr->auth.id1.nt_owf.data,
00915 p->dc->sess_key)) {
00916 status = NT_STATUS_NO_MEMORY;
00917 }
00918 break;
00919 }
00920 default:
00921 DEBUG(2,("SAM Logon: unsupported switch value\n"));
00922 return NT_STATUS_INVALID_INFO_CLASS;
00923 }
00924
00925 if ( NT_STATUS_IS_OK(status) ) {
00926 status = auth_context->check_ntlm_password(auth_context,
00927 user_info, &server_info);
00928 }
00929
00930 (auth_context->free)(&auth_context);
00931 free_user_info(&user_info);
00932
00933 DEBUG(5, ("_net_sam_logon: check_password returned status %s\n",
00934 nt_errstr(status)));
00935
00936
00937
00938 if (!NT_STATUS_IS_OK(status)) {
00939
00940
00941
00942
00943 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
00944 && !strequal(nt_domain, get_global_sam_name())
00945 && !is_trusted_domain(nt_domain) )
00946 r_u->auth_resp = 0;
00947
00948 TALLOC_FREE(server_info);
00949 return status;
00950 }
00951
00952 if (server_info->guest) {
00953
00954 DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST "
00955 "denied.\n"));
00956 TALLOC_FREE(server_info);
00957 return NT_STATUS_LOGON_FAILURE;
00958 }
00959
00960
00961
00962
00963
00964 {
00965 DOM_GID *gids = NULL;
00966 const DOM_SID *user_sid = NULL;
00967 const DOM_SID *group_sid = NULL;
00968 DOM_SID domain_sid;
00969 uint32 user_rid, group_rid;
00970
00971 int num_gids = 0;
00972 pstring my_name;
00973 fstring user_sid_string;
00974 fstring group_sid_string;
00975 unsigned char user_session_key[16];
00976 unsigned char lm_session_key[8];
00977 unsigned char pipe_session_key[16];
00978
00979 sampw = server_info->sam_account;
00980
00981
00982
00983 usr_info->ptr_user_info = 0;
00984
00985 user_sid = pdb_get_user_sid(sampw);
00986 group_sid = pdb_get_group_sid(sampw);
00987
00988 if ((user_sid == NULL) || (group_sid == NULL)) {
00989 DEBUG(1, ("_net_sam_logon: User without group or user SID\n"));
00990 return NT_STATUS_UNSUCCESSFUL;
00991 }
00992
00993 sid_copy(&domain_sid, user_sid);
00994 sid_split_rid(&domain_sid, &user_rid);
00995
00996 if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
00997 DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid "
00998 "%s\n but group sid %s.\n"
00999 "The conflicting domain portions are not "
01000 "supported for NETLOGON calls\n",
01001 pdb_get_domain(sampw),
01002 pdb_get_username(sampw),
01003 sid_to_string(user_sid_string, user_sid),
01004 sid_to_string(group_sid_string, group_sid)));
01005 return NT_STATUS_UNSUCCESSFUL;
01006 }
01007
01008
01009 if(server_info->login_server) {
01010 pstrcpy(my_name, server_info->login_server);
01011 } else {
01012 pstrcpy(my_name, global_myname());
01013 }
01014
01015 status = nt_token_to_group_list(p->mem_ctx, &domain_sid,
01016 server_info->num_sids,
01017 server_info->sids,
01018 &num_gids, &gids);
01019
01020 if (!NT_STATUS_IS_OK(status)) {
01021 return status;
01022 }
01023
01024 if (server_info->user_session_key.length) {
01025 memcpy(user_session_key,
01026 server_info->user_session_key.data,
01027 MIN(sizeof(user_session_key),
01028 server_info->user_session_key.length));
01029 if (process_creds) {
01030
01031 memcpy(pipe_session_key, p->dc->sess_key, 16);
01032 } else {
01033
01034 if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL || p->auth.a_u.schannel_auth == NULL) {
01035 return NT_STATUS_INVALID_HANDLE;
01036 }
01037 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
01038 }
01039 SamOEMhash(user_session_key, pipe_session_key, 16);
01040 memset(pipe_session_key, '\0', 16);
01041 }
01042 if (server_info->lm_session_key.length) {
01043 memcpy(lm_session_key,
01044 server_info->lm_session_key.data,
01045 MIN(sizeof(lm_session_key),
01046 server_info->lm_session_key.length));
01047 if (process_creds) {
01048
01049 memcpy(pipe_session_key, p->dc->sess_key, 16);
01050 } else {
01051
01052 if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL || p->auth.a_u.schannel_auth == NULL) {
01053 return NT_STATUS_INVALID_HANDLE;
01054 }
01055 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
01056 }
01057 SamOEMhash(lm_session_key, pipe_session_key, 8);
01058 memset(pipe_session_key, '\0', 16);
01059 }
01060
01061 init_net_user_info3(p->mem_ctx, usr_info,
01062 user_rid,
01063 group_rid,
01064 pdb_get_username(sampw),
01065 pdb_get_fullname(sampw),
01066 pdb_get_homedir(sampw),
01067 pdb_get_dir_drive(sampw),
01068 pdb_get_logon_script(sampw),
01069 pdb_get_profile_path(sampw),
01070 pdb_get_logon_time(sampw),
01071 get_time_t_max(),
01072 get_time_t_max(),
01073 pdb_get_pass_last_set_time(sampw),
01074 pdb_get_pass_can_change_time(sampw),
01075 pdb_get_pass_must_change_time(sampw),
01076 0,
01077 0,
01078 num_gids,
01079 gids ,
01080 LOGON_EXTRA_SIDS,
01081 pdb_get_acct_ctrl(sampw),
01082 server_info->user_session_key.length ? user_session_key : NULL,
01083 server_info->lm_session_key.length ? lm_session_key : NULL,
01084 my_name ,
01085 pdb_get_domain(sampw),
01086 &domain_sid);
01087 ZERO_STRUCT(user_session_key);
01088 ZERO_STRUCT(lm_session_key);
01089 }
01090 TALLOC_FREE(server_info);
01091 return status;
01092 }
01093
01094
01095
01096
01097
01098 NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
01099 {
01100 return _net_sam_logon_internal(p, q_u, r_u, True);
01101 }
01102
01103
01104
01105
01106
01107 NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u)
01108 {
01109 NET_Q_SAM_LOGON q;
01110 NET_R_SAM_LOGON r;
01111
01112 ZERO_STRUCT(q);
01113 ZERO_STRUCT(r);
01114
01115
01116 if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
01117 DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n",
01118 get_remote_machine_name() ));
01119 return NT_STATUS_INVALID_PARAMETER;
01120 }
01121
01122
01123 q.validation_level = q_u->validation_level;
01124
01125
01126 q.sam_id.client.login = q_u->sam_id.client;
01127 q.sam_id.logon_level = q_u->sam_id.logon_level;
01128 q.sam_id.ctr = q_u->sam_id.ctr;
01129
01130 r_u->status = _net_sam_logon_internal(p, &q, &r, False);
01131
01132 if (!NT_STATUS_IS_OK(r_u->status)) {
01133 return r_u->status;
01134 }
01135
01136
01137 r_u->switch_value = r.switch_value;
01138 r_u->user = r.user;
01139 r_u->auth_resp = r.auth_resp;
01140 r_u->flags = 0;
01141 return r_u->status;
01142 }
01143
01144
01145
01146
01147 #if 0
01148 NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
01149 DS_R_ENUM_DOM_TRUSTS *r_u)
01150 {
01151 NTSTATUS status = NT_STATUS_OK;
01152
01153
01154
01155
01156
01157
01158
01159 return status;
01160 }
01161 #endif