source3/rpc_client/cli_pipe_schannel.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  RPC Pipe client / server routines
   4  *  Largely rewritten by Jeremy Allison             2005.
   5  *
   6  *  This program is free software; you can redistribute it and/or modify
   7  *  it under the terms of the GNU General Public License as published by
   8  *  the Free Software Foundation; either version 3 of the License, or
   9  *  (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU General Public License
  17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19
  20 #include "includes.h"
  21 #include "../librpc/gen_ndr/ndr_schannel.h"
  22 #include "../librpc/gen_ndr/ndr_netlogon.h"
  23 #include "../libcli/auth/schannel.h"
  24 #include "rpc_client/cli_netlogon.h"
  25 #include "rpc_client/cli_pipe.h"
  26 #include "librpc/rpc/dcerpc.h"
  27 #include "passdb.h"
  28 #include "libsmb/libsmb.h"
  29 #include "../libcli/smb/smbXcli_base.h"
  30 #include "libcli/auth/netlogon_creds_cli.h"
  31
  32 #undef DBGC_CLASS
  33 #define DBGC_CLASS DBGC_RPC_CLI
  34
  35 /****************************************************************************
  36  Open a named pipe to an SMB server and bind using schannel (bind type 68).
  37  Fetch the session key ourselves using a temporary netlogon pipe.
  38  ****************************************************************************/
  39
  40 NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
  41                                     struct messaging_context *msg_ctx,
  42                                     const struct ndr_interface_table *table,
  43                                     enum dcerpc_transport_t transport,
  44                                     const char *domain,
  45                                     struct rpc_pipe_client **presult,
  46                                     TALLOC_CTX *mem_ctx,
  47                                     struct netlogon_creds_cli_context **pcreds)
  48 {
  49         TALLOC_CTX *frame = talloc_stackframe();
  50         const char *dc_name = smbXcli_conn_remote_name(cli->conn);
  51         struct rpc_pipe_client *result = NULL;
  52         NTSTATUS status;
  53         struct cli_credentials *cli_creds = NULL;
  54         struct netlogon_creds_cli_context *netlogon_creds = NULL;
  55         struct netlogon_creds_CredentialState *creds = NULL;
  56         uint32_t netlogon_flags;
  57
  58         status = pdb_get_trust_credentials(domain, NULL,
  59                                            frame, &cli_creds);
  60         if (!NT_STATUS_IS_OK(status)) {
  61                 TALLOC_FREE(frame);
  62                 return status;
  63         }
  64
  65         status = rpccli_create_netlogon_creds_with_creds(cli_creds,
  66                                                          dc_name,
  67                                                          msg_ctx,
  68                                                          frame,
  69                                                          &netlogon_creds);
  70         if (!NT_STATUS_IS_OK(status)) {
  71                 TALLOC_FREE(frame);
  72                 return status;
  73         }
  74
  75         status = rpccli_setup_netlogon_creds_with_creds(cli, transport,
  76                                              netlogon_creds,
  77                                              false, /* force_reauth */
  78                                              cli_creds);
  79         if (!NT_STATUS_IS_OK(status)) {
  80                 TALLOC_FREE(frame);
  81                 return status;
  82         }
  83
  84         status = netlogon_creds_cli_get(netlogon_creds, frame, &creds);
  85         if (!NT_STATUS_IS_OK(status)) {
  86                 TALLOC_FREE(frame);
  87                 return status;
  88         }
  89
  90         netlogon_flags = creds->negotiate_flags;
  91         TALLOC_FREE(creds);
  92
  93         if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) {
  94                 status = cli_rpc_pipe_open_schannel_with_creds(cli, table,
  95                                                                transport,
  96                                                                cli_creds,
  97                                                                netlogon_creds,
  98                                                                &result);
  99                 if (!NT_STATUS_IS_OK(status)) {
 100                         TALLOC_FREE(frame);
 101                         return status;
 102                 }
 103         } else {
 104                 status = cli_rpc_pipe_open_noauth(cli, table, &result);
 105                 if (!NT_STATUS_IS_OK(status)) {
 106                         TALLOC_FREE(frame);
 107                         return status;
 108                 }
 109         }
 110
 111         *presult = result;
 112         if (pcreds != NULL) {
 113                 *pcreds = talloc_move(mem_ctx, &netlogon_creds);
 114         }
 115
 116         TALLOC_FREE(frame);
 117         return NT_STATUS_OK;
 118 }