source/rpc_client/cli_netlogon.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    NT Domain Authentication SMB / MSRPC client
   4    Copyright (C) Andrew Tridgell 1992-2000
   5    Copyright (C) Luke Kenneth Casson Leighton 1996-2000
   6    Copyright (C) Tim Potter 2001
   7    Copyright (C) Paul Ashton                       1997.
   8    Copyright (C) Jeremy Allison                    1998.
   9    Copyright (C) Andrew Bartlett                   2001.
  10
  11    This program is free software; you can redistribute it and/or modify
  12    it under the terms of the GNU General Public License as published by
  13    the Free Software Foundation; either version 2 of the License, or
  14    (at your option) any later version.
  15
  16    This program is distributed in the hope that it will be useful,
  17    but WITHOUT ANY WARRANTY; without even the implied warranty of
  18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19    GNU General Public License for more details.
  20
  21    You should have received a copy of the GNU General Public License
  22    along with this program; if not, write to the Free Software
  23    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  24 */
  25
  26 #include "includes.h"
  27
  28 /* LSA Request Challenge. Sends our challenge to server, then gets
  29    server response. These are used to generate the credentials. */
  30
  31 NTSTATUS cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal,
  32                           DOM_CHAL *srv_chal)
  33 {
  34         prs_struct qbuf, rbuf;
  35         NET_Q_REQ_CHAL q;
  36         NET_R_REQ_CHAL r;
  37         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  38
  39         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
  40         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
  41
  42         /* create and send a MSRPC command with api NET_REQCHAL */
  43
  44         DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
  45                  global_myname(), cli->desthost, credstr(clnt_chal->data)));
  46
  47         /* store the parameters */
  48         init_q_req_chal(&q, cli->srv_name_slash, global_myname(), clnt_chal);
  49
  50         /* Marshall data and send request */
  51
  52         if (!net_io_q_req_chal("", &q,  &qbuf, 0) ||
  53             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_REQCHAL, &qbuf, &rbuf)) {
  54                 goto done;
  55         }
  56
  57         /* Unmarhall response */
  58
  59         if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
  60                 goto done;
  61         }
  62
  63         result = r.status;
  64
  65         /* Return result */
  66
  67         if (NT_STATUS_IS_OK(result)) {
  68                 memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
  69         }
  70
  71  done:
  72         prs_mem_free(&qbuf);
  73         prs_mem_free(&rbuf);
  74
  75         return result;
  76 }
  77
  78 NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli,
  79                              const char *server_name,
  80                              const char *computer_name,
  81                              DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal)
  82 {
  83         prs_struct qbuf, rbuf;
  84         NET_Q_REQ_CHAL q;
  85         NET_R_REQ_CHAL r;
  86         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  87
  88         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->cli->mem_ctx, MARSHALL);
  89         prs_init(&rbuf, 0, cli->cli->mem_ctx, UNMARSHALL);
  90
  91         /* create and send a MSRPC command with api NET_REQCHAL */
  92
  93         DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n",
  94                  computer_name, server_name));
  95
  96         /* store the parameters */
  97         init_q_req_chal(&q, server_name, computer_name, clnt_chal);
  98
  99         /* Marshall data and send request */
 100
 101         if (!net_io_q_req_chal("", &q,  &qbuf, 0) ||
 102             !rpc_api_pipe_req_int(cli, NET_REQCHAL, &qbuf, &rbuf)) {
 103                 goto done;
 104         }
 105
 106         /* Unmarhall response */
 107
 108         if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
 109                 goto done;
 110         }
 111
 112         result = r.status;
 113
 114         /* Return result */
 115
 116         if (NT_STATUS_IS_OK(result)) {
 117                 memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
 118         }
 119
 120  done:
 121         prs_mem_free(&qbuf);
 122         prs_mem_free(&rbuf);
 123
 124         return result;
 125 }
 126
 127 /****************************************************************************
 128 LSA Authenticate 2
 129
 130 Send the client credential, receive back a server credential.
 131 Ensure that the server credential returned matches the session key
 132 encrypt of the server challenge originally received. JRA.
 133 ****************************************************************************/
 134
 135 NTSTATUS cli_net_auth2(struct cli_state *cli,
 136                        uint16 sec_chan,
 137                        uint32 *neg_flags, DOM_CHAL *srv_chal)
 138 {
 139         prs_struct qbuf, rbuf;
 140         NET_Q_AUTH_2 q;
 141         NET_R_AUTH_2 r;
 142         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 143         fstring machine_acct;
 144
 145         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
 146         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
 147
 148         if ( sec_chan == SEC_CHAN_DOMAIN )
 149                 fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
 150         else
 151                 fstrcpy( machine_acct, cli->mach_acct );
 152
 153         /* create and send a MSRPC command with api NET_AUTH2 */
 154
 155         DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
 156                  cli->srv_name_slash, machine_acct, sec_chan, global_myname(),
 157                  credstr(cli->clnt_cred.challenge.data), *neg_flags));
 158
 159         /* store the parameters */
 160
 161         init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
 162                       sec_chan, global_myname(), &cli->clnt_cred.challenge,
 163                       *neg_flags);
 164
 165         /* turn parameters into data stream */
 166
 167         if (!net_io_q_auth_2("", &q,  &qbuf, 0) ||
 168             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_AUTH2, &qbuf, &rbuf)) {
 169                 goto done;
 170         }
 171
 172         /* Unmarshall response */
 173
 174         if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
 175                 goto done;
 176         }
 177
 178         result = r.status;
 179
 180         if (NT_STATUS_IS_OK(result)) {
 181                 UTIME zerotime;
 182
 183                 /*
 184                  * Check the returned value using the initial
 185                  * server received challenge.
 186                  */
 187
 188                 zerotime.time = 0;
 189                 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal,
 190                                  zerotime) == 0) {
 191
 192                         /*
 193                          * Server replied with bad credential. Fail.
 194                          */
 195                         DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
 196 password ?).\n", cli->desthost ));
 197                         result = NT_STATUS_ACCESS_DENIED;
 198                         goto done;
 199                 }
 200                 *neg_flags = r.srv_flgs.neg_flags;
 201         }
 202
 203  done:
 204         prs_mem_free(&qbuf);
 205         prs_mem_free(&rbuf);
 206
 207         return result;
 208 }
 209
 210 NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
 211                           const char *server_name,
 212                           const char *account_name,
 213                           uint16 sec_chan_type,
 214                           const char *computer_name,
 215                           const DOM_CHAL *credentials,
 216                           uint32 *neg_flags,
 217                           DOM_CHAL *srv_chal)
 218 {
 219         prs_struct qbuf, rbuf;
 220         NET_Q_AUTH_2 q;
 221         NET_R_AUTH_2 r;
 222         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 223
 224         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
 225         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
 226
 227         /* create and send a MSRPC command with api NET_AUTH2 */
 228
 229         DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
 230                  server_name, account_name, sec_chan_type, computer_name,
 231                  *neg_flags));
 232
 233         /* store the parameters */
 234
 235         init_q_auth_2(&q, server_name, account_name, sec_chan_type,
 236                       computer_name, credentials, *neg_flags);
 237
 238         /* turn parameters into data stream */
 239
 240         if (!net_io_q_auth_2("", &q,  &qbuf, 0) ||
 241             !rpc_api_pipe_req_int(cli, NET_AUTH2, &qbuf, &rbuf)) {
 242                 goto done;
 243         }
 244
 245         /* Unmarshall response */
 246
 247         if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
 248                 goto done;
 249         }
 250
 251         result = r.status;
 252
 253         if (NT_STATUS_IS_OK(result)) {
 254                 *srv_chal = r.srv_chal;
 255                 *neg_flags = r.srv_flgs.neg_flags;
 256         }
 257
 258  done:
 259         prs_mem_free(&qbuf);
 260         prs_mem_free(&rbuf);
 261
 262         return result;
 263 }
 264
 265 /****************************************************************************
 266 LSA Authenticate 3
 267
 268 Send the client credential, receive back a server credential.
 269 Ensure that the server credential returned matches the session key
 270 encrypt of the server challenge originally received. JRA.
 271 ****************************************************************************/
 272
 273 NTSTATUS cli_net_auth3(struct cli_state *cli,
 274                        uint16 sec_chan,
 275                        uint32 *neg_flags, DOM_CHAL *srv_chal)
 276 {
 277         prs_struct qbuf, rbuf;
 278         NET_Q_AUTH_3 q;
 279         NET_R_AUTH_3 r;
 280         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 281
 282         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
 283         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
 284
 285         /* create and send a MSRPC command with api NET_AUTH2 */
 286
 287         DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
 288                  cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname(),
 289                  credstr(cli->clnt_cred.challenge.data), *neg_flags));
 290
 291         /* store the parameters */
 292         init_q_auth_3(&q, cli->srv_name_slash, cli->mach_acct,
 293                       sec_chan, global_myname(), &cli->clnt_cred.challenge,
 294                       *neg_flags);
 295
 296         /* turn parameters into data stream */
 297
 298         if (!net_io_q_auth_3("", &q,  &qbuf, 0) ||
 299             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_AUTH3, &qbuf, &rbuf)) {
 300                 goto done;
 301         }
 302
 303         /* Unmarshall response */
 304
 305         if (!net_io_r_auth_3("", &r, &rbuf, 0)) {
 306                 goto done;
 307         }
 308
 309         result = r.status;
 310
 311         if (NT_STATUS_IS_OK(result)) {
 312                 UTIME zerotime;
 313
 314                 /*
 315                  * Check the returned value using the initial
 316                  * server received challenge.
 317                  */
 318
 319                 zerotime.time = 0;
 320                 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal,
 321                                  zerotime) == 0) {
 322
 323                         /*
 324                          * Server replied with bad credential. Fail.
 325                          */
 326                         DEBUG(0,("cli_net_auth3: server %s replied with bad credential (bad machine \
 327 password ?).\n", cli->desthost ));
 328                         result = NT_STATUS_ACCESS_DENIED;
 329                         goto done;
 330                 }
 331                 *neg_flags = r.srv_flgs.neg_flags;
 332         }
 333
 334  done:
 335         prs_mem_free(&qbuf);
 336         prs_mem_free(&rbuf);
 337
 338         return result;
 339 }
 340
 341 /* Initialize domain session credentials */
 342
 343 NTSTATUS cli_nt_setup_creds(struct cli_state *cli,
 344                             uint16 sec_chan,
 345                             const unsigned char mach_pwd[16], uint32 *neg_flags, int level)
 346 {
 347         DOM_CHAL clnt_chal;
 348         DOM_CHAL srv_chal;
 349         UTIME zerotime;
 350         NTSTATUS result;
 351
 352         /******************* Request Challenge ********************/
 353
 354         generate_random_buffer(clnt_chal.data, 8);
 355
 356         /* send a client challenge; receive a server challenge */
 357         result = cli_net_req_chal(cli, &clnt_chal, &srv_chal);
 358
 359         if (!NT_STATUS_IS_OK(result)) {
 360                 DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
 361                 return result;
 362         }
 363
 364         /**************** Long-term Session key **************/
 365
 366         /* calculate the session key */
 367         cred_session_key(&clnt_chal, &srv_chal, mach_pwd,
 368                          cli->sess_key);
 369         memset((char *)cli->sess_key+8, '\0', 8);
 370
 371         /******************* Authenticate 2/3 ********************/
 372
 373         /* calculate auth-2/3 credentials */
 374         zerotime.time = 0;
 375         cred_create(cli->sess_key, &clnt_chal, zerotime, &cli->clnt_cred.challenge);
 376
 377         /*
 378          * Send client auth-2/3 challenge.
 379          * Receive an auth-2/3 challenge response and check it.
 380          */
 381         switch (level) {
 382                 case 2:
 383                         result = cli_net_auth2(cli, sec_chan, neg_flags, &srv_chal);
 384                         break;
 385                 case 3:
 386                         result = cli_net_auth3(cli, sec_chan, neg_flags, &srv_chal);
 387                         break;
 388                 default:
 389                         DEBUG(1,("cli_nt_setup_creds: unsupported auth level: %d\n", level));
 390                         break;
 391         }
 392
 393         if (!NT_STATUS_IS_OK(result))
 394                 DEBUG(3,("cli_nt_setup_creds: auth%d challenge failed %s\n", level, nt_errstr(result)));
 395
 396         return result;
 397 }
 398
 399 /* Logon Control 2 */
 400
 401 NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 402                                   uint32 query_level)
 403 {
 404         prs_struct qbuf, rbuf;
 405         NET_Q_LOGON_CTRL2 q;
 406         NET_R_LOGON_CTRL2 r;
 407         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 408
 409         ZERO_STRUCT(q);
 410         ZERO_STRUCT(r);
 411
 412         /* Initialise parse structures */
 413
 414         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 415         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 416
 417         /* Initialise input parameters */
 418
 419         init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level);
 420
 421         /* Marshall data and send request */
 422
 423         if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) ||
 424             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_LOGON_CTRL2, &qbuf, &rbuf)) {
 425                 result = NT_STATUS_UNSUCCESSFUL;
 426                 goto done;
 427         }
 428
 429         /* Unmarshall response */
 430
 431         if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) {
 432                 result = NT_STATUS_UNSUCCESSFUL;
 433                 goto done;
 434         }
 435
 436         result = r.status;
 437
 438  done:
 439         prs_mem_free(&qbuf);
 440         prs_mem_free(&rbuf);
 441
 442         return result;
 443 }
 444
 445 /* GetDCName */
 446
 447 NTSTATUS rpccli_netlogon_getdcname(struct rpc_pipe_client *cli,
 448                                    TALLOC_CTX *mem_ctx, const char *mydcname,
 449                                    const char *domainname, fstring newdcname)
 450 {
 451         prs_struct qbuf, rbuf;
 452         NET_Q_GETDCNAME q;
 453         NET_R_GETDCNAME r;
 454         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 455
 456         ZERO_STRUCT(q);
 457         ZERO_STRUCT(r);
 458
 459         /* Initialise parse structures */
 460
 461         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 462         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 463
 464         /* Initialise input parameters */
 465
 466         init_net_q_getdcname(&q, mydcname, domainname);
 467
 468         /* Marshall data and send request */
 469
 470         if (!net_io_q_getdcname("", &q, &qbuf, 0) ||
 471             !rpc_api_pipe_req_int(cli, NET_GETDCNAME, &qbuf, &rbuf)) {
 472                 result = NT_STATUS_UNSUCCESSFUL;
 473                 goto done;
 474         }
 475
 476         /* Unmarshall response */
 477
 478         if (!net_io_r_getdcname("", &r, &rbuf, 0)) {
 479                 result = NT_STATUS_UNSUCCESSFUL;
 480                 goto done;
 481         }
 482
 483         result = r.status;
 484
 485         if (NT_STATUS_IS_OK(result))
 486                 rpcstr_pull_unistr2_fstring(newdcname, &r.uni_dcname);
 487
 488  done:
 489         prs_mem_free(&qbuf);
 490         prs_mem_free(&rbuf);
 491
 492         return result;
 493 }
 494
 495 NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 496                                 const char *domainname, fstring dcname)
 497 {
 498         return rpccli_netlogon_getdcname(&cli->pipes[PI_NETLOGON], mem_ctx,
 499                                          cli->srv_name_slash, domainname,
 500                                          dcname);
 501 }
 502
 503 /****************************************************************************
 504 Generate the next creds to use.
 505 ****************************************************************************/
 506
 507 static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
 508 {
 509         /*
 510          * Create the new client credentials.
 511          */
 512
 513         cli->clnt_cred.timestamp.time = time(NULL);
 514
 515         memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
 516
 517         /* Calculate the new credentials. */
 518         cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
 519                     new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
 520 }
 521
 522 /* Sam synchronisation */
 523
 524 NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
 525                                uint32 database_id, uint32 next_rid, uint32 *num_deltas,
 526                                SAM_DELTA_HDR **hdr_deltas,
 527                                SAM_DELTA_CTR **deltas)
 528 {
 529         prs_struct qbuf, rbuf;
 530         NET_Q_SAM_SYNC q;
 531         NET_R_SAM_SYNC r;
 532         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 533         DOM_CRED clnt_creds;
 534
 535         ZERO_STRUCT(q);
 536         ZERO_STRUCT(r);
 537
 538         /* Initialise parse structures */
 539
 540         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 541         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 542
 543         /* Initialise input parameters */
 544
 545         gen_next_creds(cli, &clnt_creds);
 546
 547         init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
 548                             &clnt_creds, ret_creds, database_id, next_rid);
 549
 550         /* Marshall data and send request */
 551
 552         if (!net_io_q_sam_sync("", &q, &qbuf, 0) ||
 553             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAM_SYNC, &qbuf, &rbuf)) {
 554                 result = NT_STATUS_UNSUCCESSFUL;
 555                 goto done;
 556         }
 557
 558         /* Unmarshall response */
 559
 560         if (!net_io_r_sam_sync("", cli->sess_key, &r, &rbuf, 0)) {
 561                 result = NT_STATUS_UNSUCCESSFUL;
 562                 goto done;
 563         }
 564
 565         /* Return results */
 566
 567         result = r.status;
 568         *num_deltas = r.num_deltas2;
 569         *hdr_deltas = r.hdr_deltas;
 570         *deltas = r.deltas;
 571
 572         memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
 573
 574  done:
 575         prs_mem_free(&qbuf);
 576         prs_mem_free(&rbuf);
 577
 578         return result;
 579 }
 580
 581 /* Sam synchronisation */
 582
 583 NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 584                                  uint32 database_id, UINT64_S seqnum,
 585                                  uint32 *num_deltas,
 586                                  SAM_DELTA_HDR **hdr_deltas,
 587                                  SAM_DELTA_CTR **deltas)
 588 {
 589         prs_struct qbuf, rbuf;
 590         NET_Q_SAM_DELTAS q;
 591         NET_R_SAM_DELTAS r;
 592         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 593         DOM_CRED clnt_creds;
 594
 595         ZERO_STRUCT(q);
 596         ZERO_STRUCT(r);
 597
 598         /* Initialise parse structures */
 599
 600         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 601         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 602
 603         /* Initialise input parameters */
 604
 605         gen_next_creds(cli, &clnt_creds);
 606
 607         init_net_q_sam_deltas(&q, cli->srv_name_slash,
 608                               cli->clnt_name_slash + 2, &clnt_creds,
 609                               database_id, seqnum);
 610
 611         /* Marshall data and send request */
 612
 613         if (!net_io_q_sam_deltas("", &q, &qbuf, 0) ||
 614             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAM_DELTAS, &qbuf, &rbuf)) {
 615                 result = NT_STATUS_UNSUCCESSFUL;
 616                 goto done;
 617         }
 618
 619         /* Unmarshall response */
 620
 621         if (!net_io_r_sam_deltas("", cli->sess_key, &r, &rbuf, 0)) {
 622                 result = NT_STATUS_UNSUCCESSFUL;
 623                 goto done;
 624         }
 625
 626         /* Return results */
 627
 628         result = r.status;
 629         *num_deltas = r.num_deltas2;
 630         *hdr_deltas = r.hdr_deltas;
 631         *deltas = r.deltas;
 632
 633  done:
 634         prs_mem_free(&qbuf);
 635         prs_mem_free(&rbuf);
 636
 637         return result;
 638 }
 639
 640 /* Logon domain user */
 641
 642 NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 643                                 DOM_CRED *ret_creds,
 644                                 const char *username, const char *password,
 645                                 int logon_type)
 646 {
 647         prs_struct qbuf, rbuf;
 648         NET_Q_SAM_LOGON q;
 649         NET_R_SAM_LOGON r;
 650         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 651         DOM_CRED clnt_creds, dummy_rtn_creds;
 652         NET_ID_INFO_CTR ctr;
 653         NET_USER_INFO_3 user;
 654         int validation_level = 3;
 655
 656         ZERO_STRUCT(q);
 657         ZERO_STRUCT(r);
 658         ZERO_STRUCT(dummy_rtn_creds);
 659
 660         /* Initialise parse structures */
 661
 662         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 663         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 664
 665         /* Initialise input parameters */
 666
 667         gen_next_creds(cli, &clnt_creds);
 668
 669         q.validation_level = validation_level;
 670
 671         if (ret_creds == NULL)
 672                 ret_creds = &dummy_rtn_creds;
 673
 674         ctr.switch_value = logon_type;
 675
 676         switch (logon_type) {
 677         case INTERACTIVE_LOGON_TYPE: {
 678                 unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
 679
 680                 nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
 681
 682                 init_id_info1(&ctr.auth.id1, lp_workgroup(),
 683                               0, /* param_ctrl */
 684                               0xdead, 0xbeef, /* LUID? */
 685                               username, cli->clnt_name_slash,
 686                               (const char *)cli->sess_key, lm_owf_user_pwd,
 687                               nt_owf_user_pwd);
 688
 689                 break;
 690         }
 691         case NET_LOGON_TYPE: {
 692                 uint8 chal[8];
 693                 unsigned char local_lm_response[24];
 694                 unsigned char local_nt_response[24];
 695
 696                 generate_random_buffer(chal, 8);
 697
 698                 SMBencrypt(password, chal, local_lm_response);
 699                 SMBNTencrypt(password, chal, local_nt_response);
 700
 701                 init_id_info2(&ctr.auth.id2, lp_workgroup(),
 702                               0, /* param_ctrl */
 703                               0xdead, 0xbeef, /* LUID? */
 704                               username, cli->clnt_name_slash, chal,
 705                               local_lm_response, 24, local_nt_response, 24);
 706                 break;
 707         }
 708         default:
 709                 DEBUG(0, ("switch value %d not supported\n",
 710                           ctr.switch_value));
 711                 goto done;
 712         }
 713
 714         init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname(),
 715                       &clnt_creds, ret_creds, logon_type,
 716                       &ctr);
 717
 718         /* Marshall data and send request */
 719
 720         if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
 721             !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAMLOGON, &qbuf, &rbuf)) {
 722                 goto done;
 723         }
 724
 725         /* Unmarshall response */
 726
 727         r.user = &user;
 728
 729         if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
 730                 goto done;
 731         }
 732
 733         /* Return results */
 734
 735         result = r.status;
 736         memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
 737
 738  done:
 739         prs_mem_free(&qbuf);
 740         prs_mem_free(&rbuf);
 741
 742         return result;
 743 }
 744
 745
 746 /**
 747  * Logon domain user with an 'network' SAM logon
 748  *
 749  * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
 750  **/
 751
 752 NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
 753                                            TALLOC_CTX *mem_ctx,
 754                                            const char *server_name_slash,
 755                                            DOM_CRED *clnt_creds,
 756                                            DOM_CRED *ret_creds,
 757                                            const char *username,
 758                                            const char *domain,
 759                                            const char *workstation,
 760                                            const uint8 chal[8],
 761                                            DATA_BLOB lm_response,
 762                                            DATA_BLOB nt_response,
 763                                            NET_USER_INFO_3 *info3,
 764                                            const uint8 *session_key)
 765 {
 766         prs_struct qbuf, rbuf;
 767         NET_Q_SAM_LOGON q;
 768         NET_R_SAM_LOGON r;
 769         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 770         DOM_CRED dummy_rtn_creds;
 771         NET_ID_INFO_CTR ctr;
 772         int validation_level = 3;
 773         char *workstation_name_slash;
 774         uint8 netlogon_sess_key[16];
 775         static uint8 zeros[16];
 776         int i;
 777
 778         ZERO_STRUCT(q);
 779         ZERO_STRUCT(r);
 780         ZERO_STRUCT(dummy_rtn_creds);
 781
 782         workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
 783         if (!workstation_name_slash) {
 784                 DEBUG(0, ("talloc_asprintf failed!\n"));
 785                 return NT_STATUS_NO_MEMORY;
 786         }
 787
 788         /* Initialise parse structures */
 789
 790         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 791         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 792
 793         /* Initialise input parameters */
 794
 795         q.validation_level = validation_level;
 796
 797         if (ret_creds == NULL)
 798                 ret_creds = &dummy_rtn_creds;
 799
 800         ctr.switch_value = NET_LOGON_TYPE;
 801
 802         init_id_info2(&ctr.auth.id2, domain,
 803                       0, /* param_ctrl */
 804                       0xdead, 0xbeef, /* LUID? */
 805                       username, workstation_name_slash, (const uchar*)chal,
 806                       lm_response.data, lm_response.length, nt_response.data, nt_response.length);
 807
 808         init_sam_info(&q.sam_id, server_name_slash, global_myname(),
 809                       clnt_creds, ret_creds, NET_LOGON_TYPE,
 810                       &ctr);
 811
 812         /* Marshall data and send request */
 813
 814         if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
 815             !rpc_api_pipe_req_int(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
 816                 goto done;
 817         }
 818
 819         /* Unmarshall response */
 820
 821         r.user = info3;
 822
 823         if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
 824                 goto done;
 825         }
 826
 827         ZERO_STRUCT(netlogon_sess_key);
 828         memcpy(netlogon_sess_key, session_key, 8);
 829
 830         if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
 831                 SamOEMhash(info3->user_sess_key, netlogon_sess_key, 16);
 832         } else {
 833                 memset(info3->user_sess_key, '\0', 16);
 834         }
 835
 836         if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
 837                 SamOEMhash(info3->lm_sess_key, netlogon_sess_key, 8);
 838         } else {
 839                 memset(info3->lm_sess_key, '\0', 8);
 840         }
 841
 842         memset(&info3->acct_flags, '\0', 4);
 843         for (i=0; i < 7; i++) {
 844                 memset(&info3->unknown[i], '\0', 4);
 845         }
 846
 847         /* Return results */
 848
 849         result = r.status;
 850         memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
 851
 852  done:
 853         prs_mem_free(&qbuf);
 854         prs_mem_free(&rbuf);
 855
 856         return result;
 857 }
 858
 859 NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli,
 860                                         TALLOC_CTX *mem_ctx,
 861                                         DOM_CRED *ret_creds,
 862                                         const char *username,
 863                                         const char *domain,
 864                                         const char *workstation,
 865                                         const uint8 chal[8],
 866                                         DATA_BLOB lm_response,
 867                                         DATA_BLOB nt_response,
 868                                         NET_USER_INFO_3 *info3)
 869 {
 870         DOM_CRED clnt_creds;
 871
 872         gen_next_creds(cli, &clnt_creds);
 873
 874         return rpccli_netlogon_sam_network_logon(&cli->pipes[PI_NETLOGON],
 875                                                  mem_ctx, cli->srv_name_slash,
 876                                                  &clnt_creds,
 877                                                  ret_creds, username,
 878                                                  domain, workstation, chal,
 879                                                  lm_response, nt_response,
 880                                                  info3, cli->sess_key);
 881 }
 882
 883 /***************************************************************************
 884 LSA Server Password Set.
 885 ****************************************************************************/
 886
 887 NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 888                            const char *machine_name, uint8 hashed_mach_pwd[16])
 889 {
 890         prs_struct rbuf;
 891         prs_struct qbuf;
 892         DOM_CRED new_clnt_cred;
 893         NET_Q_SRV_PWSET q_s;
 894         uint16 sec_chan_type = 2;
 895         NTSTATUS nt_status;
 896
 897         gen_next_creds( cli, &new_clnt_cred);
 898
 899         prs_init(&qbuf , 1024, mem_ctx, MARSHALL);
 900         prs_init(&rbuf, 0,    mem_ctx, UNMARSHALL);
 901
 902         DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n",
 903                  cli->srv_name_slash, cli->mach_acct, sec_chan_type, machine_name,
 904                  credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time));
 905
 906         /* store the parameters */
 907         init_q_srv_pwset(&q_s, cli->srv_name_slash, (const char *)cli->sess_key,
 908                          cli->mach_acct, sec_chan_type, machine_name,
 909                          &new_clnt_cred, hashed_mach_pwd);
 910
 911         /* turn parameters into data stream */
 912         if(!net_io_q_srv_pwset("", &q_s,  &qbuf, 0)) {
 913                 DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n"));
 914                 nt_status = NT_STATUS_UNSUCCESSFUL;
 915                 goto done;
 916         }
 917
 918         /* send the data on \PIPE\ */
 919         if (rpc_api_pipe_req(cli, PI_NETLOGON, NET_SRVPWSET, &qbuf, &rbuf))
 920         {
 921                 NET_R_SRV_PWSET r_s;
 922
 923                 if (!net_io_r_srv_pwset("", &r_s, &rbuf, 0)) {
 924                         nt_status =  NT_STATUS_UNSUCCESSFUL;
 925                         goto done;
 926                 }
 927
 928                 nt_status = r_s.status;
 929
 930                 if (!NT_STATUS_IS_OK(r_s.status))
 931                 {
 932                         /* report error code */
 933                         DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status)));
 934                         goto done;
 935                 }
 936
 937                 /* Update the credentials. */
 938                 if (!clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
 939                 {
 940                         /*
 941                          * Server replied with bad credential. Fail.
 942                          */
 943                         DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \
 944 password ?).\n", cli->desthost ));
 945                         nt_status = NT_STATUS_UNSUCCESSFUL;
 946                 }
 947         }
 948
 949  done:
 950         prs_mem_free(&qbuf);
 951         prs_mem_free(&rbuf);
 952
 953         return nt_status;
 954 }
 955