vfs_catia: add chmod()
[Samba.git] / source3 / rpc_client / cli_pipe_schannel.c
bloba8423337cb568c7736901227afea81a42fc131ea
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Largely rewritten by Jeremy Allison 2005.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "../librpc/gen_ndr/ndr_schannel.h"
22 #include "../librpc/gen_ndr/ndr_netlogon.h"
23 #include "../libcli/auth/schannel.h"
24 #include "rpc_client/cli_netlogon.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "passdb.h"
28 #include "libsmb/libsmb.h"
29 #include "../libcli/smb/smbXcli_base.h"
30 #include "libcli/auth/netlogon_creds_cli.h"
32 #undef DBGC_CLASS
33 #define DBGC_CLASS DBGC_RPC_CLI
35 /****************************************************************************
36 Open a named pipe to an SMB server and bind using schannel (bind type 68).
37 Fetch the session key ourselves using a temporary netlogon pipe.
38 ****************************************************************************/
40 NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
41 struct messaging_context *msg_ctx,
42 const struct ndr_interface_table *table,
43 enum dcerpc_transport_t transport,
44 enum dcerpc_AuthLevel auth_level,
45 const char *domain,
46 struct rpc_pipe_client **presult,
47 TALLOC_CTX *mem_ctx,
48 struct netlogon_creds_cli_context **pcreds)
50 TALLOC_CTX *frame = talloc_stackframe();
51 const char *dc_name = smbXcli_conn_remote_name(cli->conn);
52 struct rpc_pipe_client *result = NULL;
53 NTSTATUS status;
54 struct netlogon_creds_cli_context *netlogon_creds = NULL;
55 struct netlogon_creds_CredentialState *creds = NULL;
56 uint32_t netlogon_flags = 0;
57 enum netr_SchannelType sec_chan_type = 0;
58 const char *_account_name = NULL;
59 const char *account_name = NULL;
60 struct samr_Password current_nt_hash;
61 struct samr_Password *previous_nt_hash = NULL;
62 bool ok;
64 ok = get_trust_pw_hash(domain,
65 current_nt_hash.hash,
66 &_account_name,
67 &sec_chan_type);
68 if (!ok) {
69 TALLOC_FREE(frame);
70 return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
73 account_name = talloc_asprintf(frame, "%s$", _account_name);
74 if (account_name == NULL) {
75 SAFE_FREE(previous_nt_hash);
76 TALLOC_FREE(frame);
77 return NT_STATUS_NO_MEMORY;
80 status = rpccli_create_netlogon_creds(dc_name,
81 domain,
82 account_name,
83 sec_chan_type,
84 msg_ctx,
85 frame,
86 &netlogon_creds);
87 if (!NT_STATUS_IS_OK(status)) {
88 SAFE_FREE(previous_nt_hash);
89 TALLOC_FREE(frame);
90 return status;
93 status = rpccli_setup_netlogon_creds(cli,
94 netlogon_creds,
95 false, /* force_reauth */
96 current_nt_hash,
97 previous_nt_hash);
98 SAFE_FREE(previous_nt_hash);
99 if (!NT_STATUS_IS_OK(status)) {
100 TALLOC_FREE(frame);
101 return status;
104 status = netlogon_creds_cli_get(netlogon_creds,
105 frame,
106 &creds);
107 if (!NT_STATUS_IS_OK(status)) {
108 TALLOC_FREE(frame);
109 return status;
111 netlogon_flags = creds->negotiate_flags;
112 TALLOC_FREE(creds);
114 if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
115 TALLOC_FREE(frame);
116 return NT_STATUS_DOWNGRADE_DETECTED;
119 status = cli_rpc_pipe_open_schannel_with_key(
120 cli, table, transport, domain,
121 netlogon_creds,
122 &result);
124 if (NT_STATUS_IS_OK(status)) {
125 *presult = result;
126 if (pcreds != NULL) {
127 *pcreds = talloc_move(mem_ctx, &netlogon_creds);
131 TALLOC_FREE(frame);
132 return status;