search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
[Samba.git] / source3 / rpc_server / netlogon / srv_netlog_nt.c
blob3b1cdcff287c626f371d80f507cab9fb38572b13
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1998-2001.
8 * Copyright (C) Andrew Bartlett 2001.
9 * Copyright (C) Guenther Deschner 2008-2009.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /* This is the implementation of the netlogon pipe. */
26
27 #include "includes.h"
28 #include "ntdomain.h"
29 #include "../libcli/auth/schannel.h"
30 #include "../librpc/gen_ndr/srv_netlogon.h"
31 #include "../librpc/gen_ndr/ndr_samr_c.h"
32 #include "../librpc/gen_ndr/ndr_lsa_c.h"
33 #include "rpc_client/cli_lsarpc.h"
34 #include "../lib/crypto/md4.h"
35 #include "rpc_client/init_lsa.h"
36 #include "rpc_server/rpc_ncacn_np.h"
37 #include "../libcli/security/security.h"
38 #include "../libcli/security/dom_sid.h"
39 #include "librpc/gen_ndr/ndr_drsblobs.h"
40 #include "lib/crypto/arcfour.h"
41 #include "lib/crypto/md4.h"
42 #include "nsswitch/libwbclient/wbclient.h"
43 #include "../libcli/registry/util_reg.h"
44 #include "passdb.h"
45 #include "auth.h"
46 #include "messages.h"
47
48 extern userdom_struct current_user_info;
49
50 #undef DBGC_CLASS
51 #define DBGC_CLASS DBGC_RPC_SRV
52
53 struct netlogon_server_pipe_state {
54 struct netr_Credential client_challenge;
55 struct netr_Credential server_challenge;
56 };
57
58 /*************************************************************************
59 _netr_LogonControl
60 *************************************************************************/
61
62 WERROR _netr_LogonControl(struct pipes_struct *p,
63 struct netr_LogonControl *r)
64 {
65 struct netr_LogonControl2Ex l;
66
67 switch (r->in.level) {
68 case 1:
69 break;
70 case 2:
71 return WERR_NOT_SUPPORTED;
72 default:
73 return WERR_UNKNOWN_LEVEL;
74 }
75
76 l.in.logon_server = r->in.logon_server;
77 l.in.function_code = r->in.function_code;
78 l.in.level = r->in.level;
79 l.in.data = NULL;
80 l.out.query = r->out.query;
81
82 return _netr_LogonControl2Ex(p, &l);
83 }
84
85 /****************************************************************************
86 Send a message to smbd to do a sam synchronisation
87 **************************************************************************/
88
89 static void send_sync_message(struct messaging_context *msg_ctx)
90 {
91 DEBUG(3, ("sending sam synchronisation message\n"));
92 message_send_all(msg_ctx, MSG_SMB_SAM_SYNC, NULL, 0, NULL);
93 }
94
95 /*************************************************************************
96 _netr_LogonControl2
97 *************************************************************************/
98
99 WERROR _netr_LogonControl2(struct pipes_struct *p,
100 struct netr_LogonControl2 *r)
101 {
102 struct netr_LogonControl2Ex l;
103
104 l.in.logon_server = r->in.logon_server;
105 l.in.function_code = r->in.function_code;
106 l.in.level = r->in.level;
107 l.in.data = r->in.data;
108 l.out.query = r->out.query;
109
110 return _netr_LogonControl2Ex(p, &l);
111 }
112
113 /*************************************************************************
114 *************************************************************************/
115
116 static bool wb_change_trust_creds(const char *domain, WERROR *tc_status)
117 {
118 wbcErr result;
119 struct wbcAuthErrorInfo *error = NULL;
120
121 result = wbcChangeTrustCredentials(domain, &error);
122 switch (result) {
123 case WBC_ERR_WINBIND_NOT_AVAILABLE:
124 return false;
125 case WBC_ERR_DOMAIN_NOT_FOUND:
126 *tc_status = WERR_NO_SUCH_DOMAIN;
127 return true;
128 case WBC_ERR_SUCCESS:
129 *tc_status = WERR_OK;
130 return true;
131 default:
132 break;
133 }
134
135 if (error && error->nt_status != 0) {
136 *tc_status = ntstatus_to_werror(NT_STATUS(error->nt_status));
137 } else {
138 *tc_status = WERR_TRUST_FAILURE;
139 }
140 wbcFreeMemory(error);
141 return true;
142 }
143
144 /*************************************************************************
145 *************************************************************************/
146
147 static bool wb_check_trust_creds(const char *domain, WERROR *tc_status)
148 {
149 wbcErr result;
150 struct wbcAuthErrorInfo *error = NULL;
151
152 result = wbcCheckTrustCredentials(domain, &error);
153 switch (result) {
154 case WBC_ERR_WINBIND_NOT_AVAILABLE:
155 return false;
156 case WBC_ERR_DOMAIN_NOT_FOUND:
157 *tc_status = WERR_NO_SUCH_DOMAIN;
158 return true;
159 case WBC_ERR_SUCCESS:
160 *tc_status = WERR_OK;
161 return true;
162 default:
163 break;
164 }
165
166 if (error && error->nt_status != 0) {
167 *tc_status = ntstatus_to_werror(NT_STATUS(error->nt_status));
168 } else {
169 *tc_status = WERR_TRUST_FAILURE;
170 }
171 wbcFreeMemory(error);
172 return true;
173 }
174
175 /****************************************************************
176 _netr_LogonControl2Ex
177 ****************************************************************/
178
179 WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
180 struct netr_LogonControl2Ex *r)
181 {
182 uint32_t flags = 0x0;
183 WERROR pdc_connection_status = WERR_OK;
184 uint32_t logon_attempts = 0x0;
185 WERROR tc_status;
186 fstring dc_name2;
187 const char *dc_name = NULL;
188 struct sockaddr_storage dc_ss;
189 const char *domain = NULL;
190 struct netr_NETLOGON_INFO_1 *info1;
191 struct netr_NETLOGON_INFO_2 *info2;
192 struct netr_NETLOGON_INFO_3 *info3;
193 struct netr_NETLOGON_INFO_4 *info4;
194 const char *fn;
195 uint32_t acct_ctrl;
196
197 switch (p->opnum) {
198 case NDR_NETR_LOGONCONTROL:
199 fn = "_netr_LogonControl";
200 break;
201 case NDR_NETR_LOGONCONTROL2:
202 fn = "_netr_LogonControl2";
203 break;
204 case NDR_NETR_LOGONCONTROL2EX:
205 fn = "_netr_LogonControl2Ex";
206 break;
207 default:
208 return WERR_INVALID_PARAM;
209 }
210
211 acct_ctrl = p->session_info->info3->base.acct_flags;
212
213 switch (r->in.function_code) {
214 case NETLOGON_CONTROL_TC_VERIFY:
215 case NETLOGON_CONTROL_CHANGE_PASSWORD:
216 case NETLOGON_CONTROL_REDISCOVER:
217 if ((geteuid() != sec_initial_uid()) &&
218 !nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS) &&
219 !nt_token_check_sid(&global_sid_Builtin_Administrators, p->session_info->security_token) &&
220 !(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))) {
221 return WERR_ACCESS_DENIED;
222 }
223 break;
224 default:
225 break;
226 }
227
228 tc_status = WERR_NO_SUCH_DOMAIN;
229
230 switch (r->in.function_code) {
231 case NETLOGON_CONTROL_QUERY:
232 tc_status = WERR_OK;
233 break;
234 case NETLOGON_CONTROL_REPLICATE:
235 case NETLOGON_CONTROL_SYNCHRONIZE:
236 case NETLOGON_CONTROL_PDC_REPLICATE:
237 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
238 case NETLOGON_CONTROL_BREAKPOINT:
239 if (acct_ctrl & ACB_NORMAL) {
240 return WERR_NOT_SUPPORTED;
241 } else if (acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST)) {
242 return WERR_ACCESS_DENIED;
243 } else {
244 return WERR_ACCESS_DENIED;
245 }
246 case NETLOGON_CONTROL_TRUNCATE_LOG:
247 if (acct_ctrl & ACB_NORMAL) {
248 break;
249 } else if (acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST)) {
250 return WERR_ACCESS_DENIED;
251 } else {
252 return WERR_ACCESS_DENIED;
253 }
254
255 case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
256 case NETLOGON_CONTROL_FORCE_DNS_REG:
257 case NETLOGON_CONTROL_QUERY_DNS_REG:
258 return WERR_NOT_SUPPORTED;
259 case NETLOGON_CONTROL_FIND_USER:
260 if (!r->in.data || !r->in.data->user) {
261 return WERR_NOT_SUPPORTED;
262 }
263 break;
264 case NETLOGON_CONTROL_SET_DBFLAG:
265 if (!r->in.data) {
266 return WERR_NOT_SUPPORTED;
267 }
268 break;
269 case NETLOGON_CONTROL_TC_VERIFY:
270 if (!r->in.data || !r->in.data->domain) {
271 return WERR_NOT_SUPPORTED;
272 }
273
274 if (!wb_check_trust_creds(r->in.data->domain, &tc_status)) {
275 return WERR_NOT_SUPPORTED;
276 }
277 break;
278 case NETLOGON_CONTROL_TC_QUERY:
279 if (!r->in.data || !r->in.data->domain) {
280 return WERR_NOT_SUPPORTED;
281 }
282
283 domain = r->in.data->domain;
284
285 if (!is_trusted_domain(domain)) {
286 break;
287 }
288
289 if (!get_dc_name(domain, NULL, dc_name2, &dc_ss)) {
290 tc_status = WERR_NO_LOGON_SERVERS;
291 break;
292 }
293
294 dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
295 if (!dc_name) {
296 return WERR_NOMEM;
297 }
298
299 tc_status = WERR_OK;
300
301 break;
302
303 case NETLOGON_CONTROL_REDISCOVER:
304 if (!r->in.data || !r->in.data->domain) {
305 return WERR_NOT_SUPPORTED;
306 }
307
308 domain = r->in.data->domain;
309
310 if (!is_trusted_domain(domain)) {
311 break;
312 }
313
314 if (!get_dc_name(domain, NULL, dc_name2, &dc_ss)) {
315 tc_status = WERR_NO_LOGON_SERVERS;
316 break;
317 }
318
319 dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
320 if (!dc_name) {
321 return WERR_NOMEM;
322 }
323
324 tc_status = WERR_OK;
325
326 break;
327
328 case NETLOGON_CONTROL_CHANGE_PASSWORD:
329 if (!r->in.data || !r->in.data->domain) {
330 return WERR_NOT_SUPPORTED;
331 }
332
333 if (!wb_change_trust_creds(r->in.data->domain, &tc_status)) {
334 return WERR_NOT_SUPPORTED;
335 }
336 break;
337
338 default:
339 /* no idea what this should be */
340 DEBUG(0,("%s: unimplemented function level [%d]\n",
341 fn, r->in.function_code));
342 return WERR_UNKNOWN_LEVEL;
343 }
344
345 /* prepare the response */
346
347 switch (r->in.level) {
348 case 1:
349 info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
350 W_ERROR_HAVE_NO_MEMORY(info1);
351
352 info1->flags = flags;
353 info1->pdc_connection_status = pdc_connection_status;
354
355 r->out.query->info1 = info1;
356 break;
357 case 2:
358 info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
359 W_ERROR_HAVE_NO_MEMORY(info2);
360
361 info2->flags = flags;
362 info2->pdc_connection_status = pdc_connection_status;
363 info2->trusted_dc_name = dc_name;
364 info2->tc_connection_status = tc_status;
365
366 r->out.query->info2 = info2;
367 break;
368 case 3:
369 info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
370 W_ERROR_HAVE_NO_MEMORY(info3);
371
372 info3->flags = flags;
373 info3->logon_attempts = logon_attempts;
374
375 r->out.query->info3 = info3;
376 break;
377 case 4:
378 info4 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_4);
379 W_ERROR_HAVE_NO_MEMORY(info4);
380
381 info4->trusted_dc_name = dc_name;
382 info4->trusted_domain_name = r->in.data->domain;
383
384 r->out.query->info4 = info4;
385 break;
386 default:
387 return WERR_UNKNOWN_LEVEL;
388 }
389
390 if (lp_server_role() == ROLE_DOMAIN_BDC) {
391 send_sync_message(p->msg_ctx);
392 }
393
394 return WERR_OK;
395 }
396
397 /*************************************************************************
398 _netr_NetrEnumerateTrustedDomains
399 *************************************************************************/
400
401 NTSTATUS _netr_NetrEnumerateTrustedDomains(struct pipes_struct *p,
402 struct netr_NetrEnumerateTrustedDomains *r)
403 {
404 NTSTATUS status;
405 NTSTATUS result = NT_STATUS_OK;
406 DATA_BLOB blob;
407 int num_domains = 0;
408 const char **trusted_domains = NULL;
409 struct lsa_DomainList domain_list;
410 struct dcerpc_binding_handle *h = NULL;
411 struct policy_handle pol;
412 uint32_t enum_ctx = 0;
413 int i;
414 uint32_t max_size = (uint32_t)-1;
415
416 DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
417
418 status = rpcint_binding_handle(p->mem_ctx,
419 &ndr_table_lsarpc,
420 p->client_id,
421 p->session_info,
422 p->msg_ctx,
423 &h);
424 if (!NT_STATUS_IS_OK(status)) {
425 return status;
426 }
427
428 status = dcerpc_lsa_open_policy2(h,
429 p->mem_ctx,
430 NULL,
431 true,
432 LSA_POLICY_VIEW_LOCAL_INFORMATION,
433 &pol,
434 &result);
435 if (!NT_STATUS_IS_OK(status)) {
436 goto out;
437 }
438 if (!NT_STATUS_IS_OK(result)) {
439 status = result;
440 goto out;
441 }
442
443 do {
444 /* Lookup list of trusted domains */
445 status = dcerpc_lsa_EnumTrustDom(h,
446 p->mem_ctx,
447 &pol,
448 &enum_ctx,
449 &domain_list,
450 max_size,
451 &result);
452 if (!NT_STATUS_IS_OK(status)) {
453 goto out;
454 }
455 if (!NT_STATUS_IS_OK(result) &&
456 !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
457 !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
458 status = result;
459 goto out;
460 }
461
462 for (i = 0; i < domain_list.count; i++) {
463 if (!add_string_to_array(p->mem_ctx, domain_list.domains[i].name.string,
464 &trusted_domains, &num_domains)) {
465 status = NT_STATUS_NO_MEMORY;
466 goto out;
467 }
468 }
469 } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
470
471 if (num_domains > 0) {
472 /* multi sz terminate */
473 trusted_domains = talloc_realloc(p->mem_ctx, trusted_domains, const char *, num_domains + 1);
474 if (trusted_domains == NULL) {
475 status = NT_STATUS_NO_MEMORY;
476 goto out;
477 }
478
479 trusted_domains[num_domains] = NULL;
480 }
481
482 if (!push_reg_multi_sz(trusted_domains, &blob, trusted_domains)) {
483 TALLOC_FREE(trusted_domains);
484 status = NT_STATUS_NO_MEMORY;
485 goto out;
486 }
487
488 r->out.trusted_domains_blob->data = blob.data;
489 r->out.trusted_domains_blob->length = blob.length;
490
491 DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
492
493 status = NT_STATUS_OK;
494
495 out:
496 if (h && is_valid_policy_hnd(&pol)) {
497 dcerpc_lsa_Close(h, p->mem_ctx, &pol, &result);
498 }
499
500 return status;
501 }
502
503 /*************************************************************************
504 *************************************************************************/
505
506 static NTSTATUS samr_find_machine_account(TALLOC_CTX *mem_ctx,
507 struct dcerpc_binding_handle *b,
508 const char *account_name,
509 uint32_t access_mask,
510 struct dom_sid2 **domain_sid_p,
511 uint32_t *user_rid_p,
512 struct policy_handle *user_handle)
513 {
514 NTSTATUS status;
515 NTSTATUS result = NT_STATUS_OK;
516 struct policy_handle connect_handle, domain_handle;
517 struct lsa_String domain_name;
518 struct dom_sid2 *domain_sid;
519 struct lsa_String names;
520 struct samr_Ids rids;
521 struct samr_Ids types;
522 uint32_t rid;
523
524 status = dcerpc_samr_Connect2(b, mem_ctx,
525 global_myname(),
526 SAMR_ACCESS_CONNECT_TO_SERVER |
527 SAMR_ACCESS_ENUM_DOMAINS |
528 SAMR_ACCESS_LOOKUP_DOMAIN,
529 &connect_handle,
530 &result);
531 if (!NT_STATUS_IS_OK(status)) {
532 goto out;
533 }
534 if (!NT_STATUS_IS_OK(result)) {
535 status = result;
536 goto out;
537 }
538
539 init_lsa_String(&domain_name, get_global_sam_name());
540
541 status = dcerpc_samr_LookupDomain(b, mem_ctx,
542 &connect_handle,
543 &domain_name,
544 &domain_sid,
545 &result);
546 if (!NT_STATUS_IS_OK(status)) {
547 goto out;
548 }
549 if (!NT_STATUS_IS_OK(result)) {
550 status = result;
551 goto out;
552 }
553
554 status = dcerpc_samr_OpenDomain(b, mem_ctx,
555 &connect_handle,
556 SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
557 domain_sid,
558 &domain_handle,
559 &result);
560 if (!NT_STATUS_IS_OK(status)) {
561 goto out;
562 }
563 if (!NT_STATUS_IS_OK(result)) {
564 status = result;
565 goto out;
566 }
567
568 init_lsa_String(&names, account_name);
569
570 status = dcerpc_samr_LookupNames(b, mem_ctx,
571 &domain_handle,
572 1,
573 &names,
574 &rids,
575 &types,
576 &result);
577 if (!NT_STATUS_IS_OK(status)) {
578 goto out;
579 }
580 if (!NT_STATUS_IS_OK(result)) {
581 status = result;
582 goto out;
583 }
584
585 if (rids.count != 1) {
586 status = NT_STATUS_NO_SUCH_USER;
587 goto out;
588 }
589 if (types.count != 1) {
590 status = NT_STATUS_INVALID_PARAMETER;
591 goto out;
592 }
593 if (types.ids[0] != SID_NAME_USER) {
594 status = NT_STATUS_NO_SUCH_USER;
595 goto out;
596 }
597
598 rid = rids.ids[0];
599
600 status = dcerpc_samr_OpenUser(b, mem_ctx,
601 &domain_handle,
602 access_mask,
603 rid,
604 user_handle,
605 &result);
606 if (!NT_STATUS_IS_OK(status)) {
607 goto out;
608 }
609 if (!NT_STATUS_IS_OK(result)) {
610 status = result;
611 goto out;
612 }
613
614 if (user_rid_p) {
615 *user_rid_p = rid;
616 }
617
618 if (domain_sid_p) {
619 *domain_sid_p = domain_sid;
620 }
621
622 out:
623 if (b && is_valid_policy_hnd(&domain_handle)) {
624 dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result);
625 }
626 if (b && is_valid_policy_hnd(&connect_handle)) {
627 dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result);
628 }
629
630 return status;
631 }
632
633 /******************************************************************
634 gets a machine password entry. checks access rights of the host.
635 ******************************************************************/
636
637 static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
638 enum netr_SchannelType sec_chan_type,
639 struct dom_sid *sid,
640 struct messaging_context *msg_ctx)
641 {
642 NTSTATUS status;
643 NTSTATUS result = NT_STATUS_OK;
644 TALLOC_CTX *mem_ctx;
645 struct dcerpc_binding_handle *h = NULL;
646 static struct client_address client_id;
647 struct policy_handle user_handle;
648 uint32_t user_rid;
649 struct dom_sid *domain_sid;
650 uint32_t acct_ctrl;
651 union samr_UserInfo *info;
652 struct auth_serversupplied_info *session_info;
653 #if 0
654
655 /*
656 * Currently this code is redundent as we already have a filter
657 * by hostname list. What this code really needs to do is to
658 * get a hosts allowed/hosts denied list from the SAM database
659 * on a per user basis, and make the access decision there.
660 * I will leave this code here for now as a reminder to implement
661 * this at a later date. JRA.
662 */
663
664 if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
665 p->client_id.name,
666 p->client_id.addr)) {
667 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
668 return False;
669 }
670 #endif /* 0 */
671
672 mem_ctx = talloc_stackframe();
673 if (mem_ctx == NULL) {
674 status = NT_STATUS_NO_MEMORY;
675 goto out;
676 }
677
678 status = make_session_info_system(mem_ctx, &session_info);
679 if (!NT_STATUS_IS_OK(status)) {
680 goto out;
681 }
682
683 ZERO_STRUCT(user_handle);
684
685 strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr));
686 client_id.name = "127.0.0.1";
687
688 status = rpcint_binding_handle(mem_ctx,
689 &ndr_table_samr,
690 &client_id,
691 session_info,
692 msg_ctx,
693 &h);
694 if (!NT_STATUS_IS_OK(status)) {
695 goto out;
696 }
697
698 become_root();
699 status = samr_find_machine_account(mem_ctx, h, mach_acct,
700 SEC_FLAG_MAXIMUM_ALLOWED,
701 &domain_sid, &user_rid,
702 &user_handle);
703 unbecome_root();
704 if (!NT_STATUS_IS_OK(status)) {
705 goto out;
706 }
707
708 status = dcerpc_samr_QueryUserInfo2(h,
709 mem_ctx,
710 &user_handle,
711 UserControlInformation,
712 &info,
713 &result);
714 if (!NT_STATUS_IS_OK(status)) {
715 goto out;
716 }
717 if (!NT_STATUS_IS_OK(result)) {
718 status = result;
719 goto out;
720 }
721
722 acct_ctrl = info->info16.acct_flags;
723
724 if (acct_ctrl & ACB_DISABLED) {
725 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
726 status = NT_STATUS_ACCOUNT_DISABLED;
727 goto out;
728 }
729
730 if (!(acct_ctrl & ACB_SVRTRUST) &&
731 !(acct_ctrl & ACB_WSTRUST) &&
732 !(acct_ctrl & ACB_DOMTRUST))
733 {
734 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
735 status = NT_STATUS_NO_TRUST_SAM_ACCOUNT;
736 goto out;
737 }
738
739 switch (sec_chan_type) {
740 case SEC_CHAN_BDC:
741 if (!(acct_ctrl & ACB_SVRTRUST)) {
742 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
743 "but not a server trust account\n", mach_acct));
744 status = NT_STATUS_NO_TRUST_SAM_ACCOUNT;
745 goto out;
746 }
747 break;
748 case SEC_CHAN_WKSTA:
749 if (!(acct_ctrl & ACB_WSTRUST)) {
750 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
751 "but not a workstation trust account\n", mach_acct));
752 status = NT_STATUS_NO_TRUST_SAM_ACCOUNT;
753 goto out;
754 }
755 break;
756 case SEC_CHAN_DOMAIN:
757 if (!(acct_ctrl & ACB_DOMTRUST)) {
758 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
759 "but not a interdomain trust account\n", mach_acct));
760 status = NT_STATUS_NO_TRUST_SAM_ACCOUNT;
761 goto out;
762 }
763 break;
764 default:
765 break;
766 }
767
768 become_root();
769 status = dcerpc_samr_QueryUserInfo2(h,
770 mem_ctx,
771 &user_handle,
772 UserInternal1Information,
773 &info,
774 &result);
775 unbecome_root();
776 if (!NT_STATUS_IS_OK(status)) {
777 goto out;
778 }
779 if (!NT_STATUS_IS_OK(result)) {
780 status = result;
781 goto out;
782 }
783
784 if (info->info18.nt_pwd_active == 0) {
785 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
786 status = NT_STATUS_LOGON_FAILURE;
787 goto out;
788 }
789
790 /* samr gives out nthash unencrypted (!) */
791 memcpy(md4pw->hash, info->info18.nt_pwd.hash, 16);
792
793 sid_compose(sid, domain_sid, user_rid);
794
795 out:
796 if (h && is_valid_policy_hnd(&user_handle)) {
797 dcerpc_samr_Close(h, mem_ctx, &user_handle, &result);
798 }
799
800 talloc_free(mem_ctx);
801
802 return status;
803 }
804
805 /*************************************************************************
806 _netr_ServerReqChallenge
807 *************************************************************************/
808
809 NTSTATUS _netr_ServerReqChallenge(struct pipes_struct *p,
810 struct netr_ServerReqChallenge *r)
811 {
812 struct netlogon_server_pipe_state *pipe_state =
813 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
814
815 if (pipe_state) {
816 DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
817 talloc_free(pipe_state);
818 p->private_data = NULL;
819 }
820
821 pipe_state = talloc(p, struct netlogon_server_pipe_state);
822 NT_STATUS_HAVE_NO_MEMORY(pipe_state);
823
824 pipe_state->client_challenge = *r->in.credentials;
825
826 generate_random_buffer(pipe_state->server_challenge.data,
827 sizeof(pipe_state->server_challenge.data));
828
829 *r->out.return_credentials = pipe_state->server_challenge;
830
831 p->private_data = pipe_state;
832
833 return NT_STATUS_OK;
834 }
835
836 /*************************************************************************
837 _netr_ServerAuthenticate
838 Create the initial credentials.
839 *************************************************************************/
840
841 NTSTATUS _netr_ServerAuthenticate(struct pipes_struct *p,
842 struct netr_ServerAuthenticate *r)
843 {
844 struct netr_ServerAuthenticate3 a;
845 uint32_t negotiate_flags = 0;
846 uint32_t rid;
847
848 a.in.server_name = r->in.server_name;
849 a.in.account_name = r->in.account_name;
850 a.in.secure_channel_type = r->in.secure_channel_type;
851 a.in.computer_name = r->in.computer_name;
852 a.in.credentials = r->in.credentials;
853 a.in.negotiate_flags = &negotiate_flags;
854
855 a.out.return_credentials = r->out.return_credentials;
856 a.out.rid = &rid;
857 a.out.negotiate_flags = &negotiate_flags;
858
859 return _netr_ServerAuthenticate3(p, &a);
860
861 }
862
863 /*************************************************************************
864 _netr_ServerAuthenticate3
865 *************************************************************************/
866
867 NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
868 struct netr_ServerAuthenticate3 *r)
869 {
870 NTSTATUS status;
871 uint32_t srv_flgs;
872 /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
873 * so use a copy to avoid destroying the client values. */
874 uint32_t in_neg_flags = *r->in.negotiate_flags;
875 const char *fn;
876 struct dom_sid sid;
877 struct samr_Password mach_pwd;
878 struct netlogon_creds_CredentialState *creds;
879 struct netlogon_server_pipe_state *pipe_state =
880 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
881
882 /* According to Microsoft (see bugid #6099)
883 * Windows 7 looks at the negotiate_flags
884 * returned in this structure *even if the
885 * call fails with access denied* ! So in order
886 * to allow Win7 to connect to a Samba NT style
887 * PDC we set the flags before we know if it's
888 * an error or not.
889 */
890
891 /* 0x000001ff */
892 srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
893 NETLOGON_NEG_PERSISTENT_SAMREPL |
894 NETLOGON_NEG_ARCFOUR |
895 NETLOGON_NEG_PROMOTION_COUNT |
896 NETLOGON_NEG_CHANGELOG_BDC |
897 NETLOGON_NEG_FULL_SYNC_REPL |
898 NETLOGON_NEG_MULTIPLE_SIDS |
899 NETLOGON_NEG_REDO |
900 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
901 NETLOGON_NEG_PASSWORD_SET2;
902
903 /* Ensure we support strong (128-bit) keys. */
904 if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
905 srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
906 }
907
908 if (lp_server_schannel() != false) {
909 srv_flgs |= NETLOGON_NEG_SCHANNEL;
910 }
911
912 switch (p->opnum) {
913 case NDR_NETR_SERVERAUTHENTICATE:
914 fn = "_netr_ServerAuthenticate";
915 break;
916 case NDR_NETR_SERVERAUTHENTICATE2:
917 fn = "_netr_ServerAuthenticate2";
918 break;
919 case NDR_NETR_SERVERAUTHENTICATE3:
920 fn = "_netr_ServerAuthenticate3";
921 break;
922 default:
923 return NT_STATUS_INTERNAL_ERROR;
924 }
925
926 /* We use this as the key to store the creds: */
927 /* r->in.computer_name */
928
929 if (!pipe_state) {
930 DEBUG(0,("%s: no challenge sent to client %s\n", fn,
931 r->in.computer_name));
932 status = NT_STATUS_ACCESS_DENIED;
933 goto out;
934 }
935
936 if ( (lp_server_schannel() == true) &&
937 ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
938
939 /* schannel must be used, but client did not offer it. */
940 DEBUG(0,("%s: schannel required but client failed "
941 "to offer it. Client was %s\n",
942 fn, r->in.account_name));
943 status = NT_STATUS_ACCESS_DENIED;
944 goto out;
945 }
946
947 status = get_md4pw(&mach_pwd,
948 r->in.account_name,
949 r->in.secure_channel_type,
950 &sid, p->msg_ctx);
951 if (!NT_STATUS_IS_OK(status)) {
952 DEBUG(0,("%s: failed to get machine password for "
953 "account %s: %s\n",
954 fn, r->in.account_name, nt_errstr(status) ));
955 /* always return NT_STATUS_ACCESS_DENIED */
956 status = NT_STATUS_ACCESS_DENIED;
957 goto out;
958 }
959
960 /* From the client / server challenges and md4 password, generate sess key */
961 /* Check client credentials are valid. */
962 creds = netlogon_creds_server_init(p->mem_ctx,
963 r->in.account_name,
964 r->in.computer_name,
965 r->in.secure_channel_type,
966 &pipe_state->client_challenge,
967 &pipe_state->server_challenge,
968 &mach_pwd,
969 r->in.credentials,
970 r->out.return_credentials,
971 *r->in.negotiate_flags);
972 if (!creds) {
973 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
974 "request from client %s machine account %s\n",
975 fn, r->in.computer_name,
976 r->in.account_name));
977 status = NT_STATUS_ACCESS_DENIED;
978 goto out;
979 }
980
981 creds->sid = dom_sid_dup(creds, &sid);
982 if (!creds->sid) {
983 status = NT_STATUS_NO_MEMORY;
984 goto out;
985 }
986
987 /* Store off the state so we can continue after client disconnect. */
988 become_root();
989 status = schannel_save_creds_state(p->mem_ctx, lp_private_dir(), creds);
990 unbecome_root();
991
992 if (!NT_STATUS_IS_OK(status)) {
993 goto out;
994 }
995
996 sid_peek_rid(&sid, r->out.rid);
997
998 status = NT_STATUS_OK;
999
1000 out:
1001
1002 *r->out.negotiate_flags = srv_flgs;
1003 return status;
1004 }
1005
1006 /*************************************************************************
1007 _netr_ServerAuthenticate2
1008 *************************************************************************/
1009
1010 NTSTATUS _netr_ServerAuthenticate2(struct pipes_struct *p,
1011 struct netr_ServerAuthenticate2 *r)
1012 {
1013 struct netr_ServerAuthenticate3 a;
1014 uint32_t rid;
1015
1016 a.in.server_name = r->in.server_name;
1017 a.in.account_name = r->in.account_name;
1018 a.in.secure_channel_type = r->in.secure_channel_type;
1019 a.in.computer_name = r->in.computer_name;
1020 a.in.credentials = r->in.credentials;
1021 a.in.negotiate_flags = r->in.negotiate_flags;
1022
1023 a.out.return_credentials = r->out.return_credentials;
1024 a.out.rid = &rid;
1025 a.out.negotiate_flags = r->out.negotiate_flags;
1026
1027 return _netr_ServerAuthenticate3(p, &a);
1028 }
1029
1030 /*************************************************************************
1031 * If schannel is required for this call test that it actually is available.
1032 *************************************************************************/
1033 static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info,
1034 const char *computer_name,
1035 bool integrity, bool privacy)
1036 {
1037 if (auth_info && auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
1038 if (!privacy && !integrity) {
1039 return NT_STATUS_OK;
1040 }
1041
1042 if ((!privacy && integrity) &&
1043 auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
1044 return NT_STATUS_OK;
1045 }
1046
1047 if ((privacy || integrity) &&
1048 auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
1049 return NT_STATUS_OK;
1050 }
1051 }
1052
1053 /* test didn't pass */
1054 DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n",
1055 computer_name));
1056
1057 return NT_STATUS_ACCESS_DENIED;
1058 }
1059
1060 /*************************************************************************
1061 *************************************************************************/
1062
1063 static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
1064 TALLOC_CTX *mem_ctx,
1065 const char *computer_name,
1066 struct netr_Authenticator *received_authenticator,
1067 struct netr_Authenticator *return_authenticator,
1068 struct netlogon_creds_CredentialState **creds_out)
1069 {
1070 NTSTATUS status;
1071 bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
1072
1073 if (schannel_global_required) {
1074 status = schannel_check_required(&p->auth,
1075 computer_name,
1076 false, false);
1077 if (!NT_STATUS_IS_OK(status)) {
1078 return status;
1079 }
1080 }
1081
1082 status = schannel_check_creds_state(mem_ctx, lp_private_dir(),
1083 computer_name, received_authenticator,
1084 return_authenticator, creds_out);
1085
1086 return status;
1087 }
1088
1089 /*************************************************************************
1090 *************************************************************************/
1091
1092 static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
1093 struct auth_serversupplied_info *session_info,
1094 struct messaging_context *msg_ctx,
1095 const char *account_name,
1096 struct samr_Password *nt_hash)
1097 {
1098 NTSTATUS status;
1099 NTSTATUS result = NT_STATUS_OK;
1100 struct dcerpc_binding_handle *h = NULL;
1101 static struct client_address client_id;
1102 struct policy_handle user_handle;
1103 uint32_t acct_ctrl;
1104 union samr_UserInfo *info;
1105 struct samr_UserInfo18 info18;
1106 DATA_BLOB in,out;
1107
1108 ZERO_STRUCT(user_handle);
1109
1110 strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr));
1111 client_id.name = "127.0.0.1";
1112
1113 status = rpcint_binding_handle(mem_ctx,
1114 &ndr_table_samr,
1115 &client_id,
1116 session_info,
1117 msg_ctx,
1118 &h);
1119 if (!NT_STATUS_IS_OK(status)) {
1120 goto out;
1121 }
1122
1123 become_root();
1124 status = samr_find_machine_account(mem_ctx,
1125 h,
1126 account_name,
1127 SEC_FLAG_MAXIMUM_ALLOWED,
1128 NULL,
1129 NULL,
1130 &user_handle);
1131 unbecome_root();
1132 if (!NT_STATUS_IS_OK(status)) {
1133 goto out;
1134 }
1135
1136 status = dcerpc_samr_QueryUserInfo2(h,
1137 mem_ctx,
1138 &user_handle,
1139 UserControlInformation,
1140 &info,
1141 &result);
1142 if (!NT_STATUS_IS_OK(status)) {
1143 goto out;
1144 }
1145 if (!NT_STATUS_IS_OK(result)) {
1146 status = result;
1147 goto out;
1148 }
1149
1150 acct_ctrl = info->info16.acct_flags;
1151
1152 if (!(acct_ctrl & ACB_WSTRUST ||
1153 acct_ctrl & ACB_SVRTRUST ||
1154 acct_ctrl & ACB_DOMTRUST)) {
1155 status = NT_STATUS_NO_SUCH_USER;
1156 goto out;
1157 }
1158
1159 if (acct_ctrl & ACB_DISABLED) {
1160 status = NT_STATUS_ACCOUNT_DISABLED;
1161 goto out;
1162 }
1163
1164 ZERO_STRUCT(info18);
1165
1166 in = data_blob_const(nt_hash->hash, 16);
1167 out = data_blob_talloc_zero(mem_ctx, 16);
1168 sess_crypt_blob(&out, &in, &session_info->user_session_key, true);
1169 memcpy(info18.nt_pwd.hash, out.data, out.length);
1170
1171 info18.nt_pwd_active = true;
1172
1173 info->info18 = info18;
1174
1175 become_root();
1176 status = dcerpc_samr_SetUserInfo2(h,
1177 mem_ctx,
1178 &user_handle,
1179 UserInternal1Information,
1180 info,
1181 &result);
1182 unbecome_root();
1183 if (!NT_STATUS_IS_OK(status)) {
1184 goto out;
1185 }
1186 if (!NT_STATUS_IS_OK(result)) {
1187 status = result;
1188 goto out;
1189 }
1190
1191 out:
1192 if (h && is_valid_policy_hnd(&user_handle)) {
1193 dcerpc_samr_Close(h, mem_ctx, &user_handle, &result);
1194 }
1195
1196 return status;
1197 }
1198
1199 /*************************************************************************
1200 _netr_ServerPasswordSet
1201 *************************************************************************/
1202
1203 NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
1204 struct netr_ServerPasswordSet *r)
1205 {
1206 NTSTATUS status = NT_STATUS_OK;
1207 int i;
1208 struct netlogon_creds_CredentialState *creds;
1209
1210 DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
1211
1212 become_root();
1213 status = netr_creds_server_step_check(p, p->mem_ctx,
1214 r->in.computer_name,
1215 r->in.credential,
1216 r->out.return_authenticator,
1217 &creds);
1218 unbecome_root();
1219
1220 if (!NT_STATUS_IS_OK(status)) {
1221 DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
1222 "request from client %s machine account %s\n",
1223 r->in.computer_name, creds->computer_name));
1224 TALLOC_FREE(creds);
1225 return status;
1226 }
1227
1228 DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
1229 r->in.computer_name, creds->computer_name));
1230
1231 netlogon_creds_des_decrypt(creds, r->in.new_password);
1232
1233 DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
1234 for(i = 0; i < sizeof(r->in.new_password->hash); i++)
1235 DEBUG(100,("%02X ", r->in.new_password->hash[i]));
1236 DEBUG(100,("\n"));
1237
1238 status = netr_set_machine_account_password(p->mem_ctx,
1239 p->session_info,
1240 p->msg_ctx,
1241 creds->account_name,
1242 r->in.new_password);
1243 return status;
1244 }
1245
1246 /****************************************************************
1247 _netr_ServerPasswordSet2
1248 ****************************************************************/
1249
1250 NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
1251 struct netr_ServerPasswordSet2 *r)
1252 {
1253 NTSTATUS status;
1254 struct netlogon_creds_CredentialState *creds = NULL;
1255 DATA_BLOB plaintext;
1256 struct samr_CryptPassword password_buf;
1257 struct samr_Password nt_hash;
1258
1259 become_root();
1260 status = netr_creds_server_step_check(p, p->mem_ctx,
1261 r->in.computer_name,
1262 r->in.credential,
1263 r->out.return_authenticator,
1264 &creds);
1265 unbecome_root();
1266
1267 if (!NT_STATUS_IS_OK(status)) {
1268 const char *computer_name = "<unknown>";
1269
1270 if (creds && creds->computer_name) {
1271 computer_name = creds->computer_name;
1272 }
1273 DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
1274 "failed. Rejecting auth request from client %s machine account %s\n",
1275 r->in.computer_name, computer_name));
1276 TALLOC_FREE(creds);
1277 return status;
1278 }
1279
1280 memcpy(password_buf.data, r->in.new_password->data, 512);
1281 SIVAL(password_buf.data, 512, r->in.new_password->length);
1282 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
1283
1284 if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
1285 TALLOC_FREE(creds);
1286 return NT_STATUS_WRONG_PASSWORD;
1287 }
1288
1289 mdfour(nt_hash.hash, plaintext.data, plaintext.length);
1290
1291 status = netr_set_machine_account_password(p->mem_ctx,
1292 p->session_info,
1293 p->msg_ctx,
1294 creds->account_name,
1295 &nt_hash);
1296 TALLOC_FREE(creds);
1297 return status;
1298 }
1299
1300 /*************************************************************************
1301 _netr_LogonSamLogoff
1302 *************************************************************************/
1303
1304 NTSTATUS _netr_LogonSamLogoff(struct pipes_struct *p,
1305 struct netr_LogonSamLogoff *r)
1306 {
1307 NTSTATUS status;
1308 struct netlogon_creds_CredentialState *creds;
1309
1310 become_root();
1311 status = netr_creds_server_step_check(p, p->mem_ctx,
1312 r->in.computer_name,
1313 r->in.credential,
1314 r->out.return_authenticator,
1315 &creds);
1316 unbecome_root();
1317
1318 return status;
1319 }
1320
1321 static NTSTATUS _netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
1322 {
1323 switch (r->in.logon_level) {
1324 case NetlogonInteractiveInformation:
1325 case NetlogonServiceInformation:
1326 case NetlogonInteractiveTransitiveInformation:
1327 case NetlogonServiceTransitiveInformation:
1328 if (r->in.logon->password == NULL) {
1329 return NT_STATUS_INVALID_PARAMETER;
1330 }
1331
1332 switch (r->in.validation_level) {
1333 case NetlogonValidationSamInfo: /* 2 */
1334 case NetlogonValidationSamInfo2: /* 3 */
1335 break;
1336 case NetlogonValidationSamInfo4: /* 6 */
1337 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
1338 DEBUG(10,("Not adding validation info level 6 "
1339 "without ADS passdb backend\n"));
1340 return NT_STATUS_INVALID_INFO_CLASS;
1341 }
1342 break;
1343 default:
1344 return NT_STATUS_INVALID_INFO_CLASS;
1345 }
1346
1347 break;
1348 case NetlogonNetworkInformation:
1349 case NetlogonNetworkTransitiveInformation:
1350 if (r->in.logon->network == NULL) {
1351 return NT_STATUS_INVALID_PARAMETER;
1352 }
1353
1354 switch (r->in.validation_level) {
1355 case NetlogonValidationSamInfo: /* 2 */
1356 case NetlogonValidationSamInfo2: /* 3 */
1357 break;
1358 case NetlogonValidationSamInfo4: /* 6 */
1359 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
1360 DEBUG(10,("Not adding validation info level 6 "
1361 "without ADS passdb backend\n"));
1362 return NT_STATUS_INVALID_INFO_CLASS;
1363 }
1364 break;
1365 default:
1366 return NT_STATUS_INVALID_INFO_CLASS;
1367 }
1368
1369 break;
1370
1371 case NetlogonGenericInformation:
1372 if (r->in.logon->generic == NULL) {
1373 return NT_STATUS_INVALID_PARAMETER;
1374 }
1375
1376 /* we don't support this here */
1377 return NT_STATUS_INVALID_PARAMETER;
1378 #if 0
1379 switch (r->in.validation_level) {
1380 /* TODO: case NetlogonValidationGenericInfo: 4 */
1381 case NetlogonValidationGenericInfo2: /* 5 */
1382 break;
1383 default:
1384 return NT_STATUS_INVALID_INFO_CLASS;
1385 }
1386
1387 break;
1388 #endif
1389 default:
1390 return NT_STATUS_INVALID_PARAMETER;
1391 }
1392
1393 return NT_STATUS_OK;
1394 }
1395
1396 /*************************************************************************
1397 _netr_LogonSamLogon_base
1398 *************************************************************************/
1399
1400 static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
1401 struct netr_LogonSamLogonEx *r,
1402 struct netlogon_creds_CredentialState *creds)
1403 {
1404 NTSTATUS status = NT_STATUS_OK;
1405 union netr_LogonLevel *logon = r->in.logon;
1406 const char *nt_username, *nt_domain, *nt_workstation;
1407 struct auth_usersupplied_info *user_info = NULL;
1408 struct auth_serversupplied_info *server_info = NULL;
1409 struct auth_context *auth_context = NULL;
1410 uint8_t pipe_session_key[16];
1411 bool process_creds = true;
1412 const char *fn;
1413
1414 switch (p->opnum) {
1415 case NDR_NETR_LOGONSAMLOGON:
1416 process_creds = true;
1417 fn = "_netr_LogonSamLogon";
1418 break;
1419 case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
1420 process_creds = true;
1421 fn = "_netr_LogonSamLogonWithFlags";
1422 break;
1423 case NDR_NETR_LOGONSAMLOGONEX:
1424 process_creds = false;
1425 fn = "_netr_LogonSamLogonEx";
1426 break;
1427 default:
1428 return NT_STATUS_INTERNAL_ERROR;
1429 }
1430
1431 *r->out.authoritative = true; /* authoritative response */
1432
1433 switch (r->in.validation_level) {
1434 case 2:
1435 r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
1436 if (!r->out.validation->sam2) {
1437 return NT_STATUS_NO_MEMORY;
1438 }
1439 break;
1440 case 3:
1441 r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
1442 if (!r->out.validation->sam3) {
1443 return NT_STATUS_NO_MEMORY;
1444 }
1445 break;
1446 case 6:
1447 r->out.validation->sam6 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo6);
1448 if (!r->out.validation->sam6) {
1449 return NT_STATUS_NO_MEMORY;
1450 }
1451 break;
1452 default:
1453 DEBUG(0,("%s: bad validation_level value %d.\n",
1454 fn, (int)r->in.validation_level));
1455 return NT_STATUS_INVALID_INFO_CLASS;
1456 }
1457
1458 switch (r->in.logon_level) {
1459 case NetlogonInteractiveInformation:
1460 case NetlogonServiceInformation:
1461 case NetlogonInteractiveTransitiveInformation:
1462 case NetlogonServiceTransitiveInformation:
1463 nt_username = logon->password->identity_info.account_name.string ?
1464 logon->password->identity_info.account_name.string : "";
1465 nt_domain = logon->password->identity_info.domain_name.string ?
1466 logon->password->identity_info.domain_name.string : "";
1467 nt_workstation = logon->password->identity_info.workstation.string ?
1468 logon->password->identity_info.workstation.string : "";
1469
1470 DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
1471 break;
1472 case NetlogonNetworkInformation:
1473 case NetlogonNetworkTransitiveInformation:
1474 nt_username = logon->network->identity_info.account_name.string ?
1475 logon->network->identity_info.account_name.string : "";
1476 nt_domain = logon->network->identity_info.domain_name.string ?
1477 logon->network->identity_info.domain_name.string : "";
1478 nt_workstation = logon->network->identity_info.workstation.string ?
1479 logon->network->identity_info.workstation.string : "";
1480
1481 DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
1482 break;
1483 default:
1484 DEBUG(2,("SAM Logon: unsupported switch value\n"));
1485 return NT_STATUS_INVALID_INFO_CLASS;
1486 } /* end switch */
1487
1488 DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
1489 fstrcpy(current_user_info.smb_name, nt_username);
1490 sub_set_smb_name(nt_username);
1491
1492 DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
1493 r->in.validation_level, nt_username));
1494
1495 status = NT_STATUS_OK;
1496
1497 switch (r->in.logon_level) {
1498 case NetlogonNetworkInformation:
1499 case NetlogonNetworkTransitiveInformation:
1500 {
1501 const char *wksname = nt_workstation;
1502
1503 status = make_auth_context_fixed(talloc_tos(), &auth_context,
1504 logon->network->challenge);
1505 if (!NT_STATUS_IS_OK(status)) {
1506 return status;
1507 }
1508
1509 /* For a network logon, the workstation name comes in with two
1510 * backslashes in the front. Strip them if they are there. */
1511
1512 if (*wksname == '\\') wksname++;
1513 if (*wksname == '\\') wksname++;
1514
1515 /* Standard challenge/response authentication */
1516 if (!make_user_info_netlogon_network(&user_info,
1517 nt_username, nt_domain,
1518 wksname,
1519 logon->network->identity_info.parameter_control,
1520 logon->network->lm.data,
1521 logon->network->lm.length,
1522 logon->network->nt.data,
1523 logon->network->nt.length)) {
1524 status = NT_STATUS_NO_MEMORY;
1525 }
1526 break;
1527 }
1528 case NetlogonInteractiveInformation:
1529 case NetlogonServiceInformation:
1530 case NetlogonInteractiveTransitiveInformation:
1531 case NetlogonServiceTransitiveInformation:
1532
1533 /* 'Interactive' authentication, supplies the password in its
1534 MD4 form, encrypted with the session key. We will convert
1535 this to challenge/response for the auth subsystem to chew
1536 on */
1537 {
1538 uint8_t chal[8];
1539
1540 status = make_auth_context_subsystem(talloc_tos(),
1541 &auth_context);
1542 if (!NT_STATUS_IS_OK(status)) {
1543 return status;
1544 }
1545
1546 auth_context->get_ntlm_challenge(auth_context, chal);
1547
1548 if (!make_user_info_netlogon_interactive(&user_info,
1549 nt_username, nt_domain,
1550 nt_workstation,
1551 logon->password->identity_info.parameter_control,
1552 chal,
1553 logon->password->lmpassword.hash,
1554 logon->password->ntpassword.hash,
1555 creds->session_key)) {
1556 status = NT_STATUS_NO_MEMORY;
1557 }
1558 break;
1559 }
1560 default:
1561 DEBUG(2,("SAM Logon: unsupported switch value\n"));
1562 return NT_STATUS_INVALID_INFO_CLASS;
1563 } /* end switch */
1564
1565 if ( NT_STATUS_IS_OK(status) ) {
1566 status = auth_context->check_ntlm_password(auth_context,
1567 user_info, &server_info);
1568 }
1569
1570 TALLOC_FREE(auth_context);
1571 free_user_info(&user_info);
1572
1573 DEBUG(5,("%s: check_password returned status %s\n",
1574 fn, nt_errstr(status)));
1575
1576 /* Check account and password */
1577
1578 if (!NT_STATUS_IS_OK(status)) {
1579 /* If we don't know what this domain is, we need to
1580 indicate that we are not authoritative. This
1581 allows the client to decide if it needs to try
1582 a local user. Fix by jpjanosi@us.ibm.com, #2976 */
1583 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
1584 && !strequal(nt_domain, get_global_sam_name())
1585 && !is_trusted_domain(nt_domain) )
1586 *r->out.authoritative = false; /* We are not authoritative */
1587
1588 TALLOC_FREE(server_info);
1589 return status;
1590 }
1591
1592 if (server_info->guest) {
1593 /* We don't like guest domain logons... */
1594 DEBUG(5,("%s: Attempted domain logon as GUEST "
1595 "denied.\n", fn));
1596 TALLOC_FREE(server_info);
1597 return NT_STATUS_LOGON_FAILURE;
1598 }
1599
1600 /* This is the point at which, if the login was successful, that
1601 the SAM Local Security Authority should record that the user is
1602 logged in to the domain. */
1603
1604 if (process_creds) {
1605 /* Get the pipe session key from the creds. */
1606 memcpy(pipe_session_key, creds->session_key, 16);
1607 } else {
1608 struct schannel_state *schannel_auth;
1609 /* Get the pipe session key from the schannel. */
1610 if ((p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL)
1611 || (p->auth.auth_ctx == NULL)) {
1612 return NT_STATUS_INVALID_HANDLE;
1613 }
1614
1615 schannel_auth = talloc_get_type_abort(p->auth.auth_ctx,
1616 struct schannel_state);
1617 memcpy(pipe_session_key, schannel_auth->creds->session_key, 16);
1618 }
1619
1620 switch (r->in.validation_level) {
1621 case 2:
1622 status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
1623 r->out.validation->sam2);
1624 break;
1625 case 3:
1626 status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
1627 r->out.validation->sam3);
1628 break;
1629 case 6:
1630 status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16,
1631 r->out.validation->sam6);
1632 break;
1633 }
1634
1635 TALLOC_FREE(server_info);
1636
1637 return status;
1638 }
1639
1640 /****************************************************************
1641 _netr_LogonSamLogonWithFlags
1642 ****************************************************************/
1643
1644 NTSTATUS _netr_LogonSamLogonWithFlags(struct pipes_struct *p,
1645 struct netr_LogonSamLogonWithFlags *r)
1646 {
1647 NTSTATUS status;
1648 struct netlogon_creds_CredentialState *creds;
1649 struct netr_LogonSamLogonEx r2;
1650 struct netr_Authenticator return_authenticator;
1651
1652 *r->out.authoritative = true;
1653
1654 r2.in.server_name = r->in.server_name;
1655 r2.in.computer_name = r->in.computer_name;
1656 r2.in.logon_level = r->in.logon_level;
1657 r2.in.logon = r->in.logon;
1658 r2.in.validation_level = r->in.validation_level;
1659 r2.in.flags = r->in.flags;
1660 r2.out.validation = r->out.validation;
1661 r2.out.authoritative = r->out.authoritative;
1662 r2.out.flags = r->out.flags;
1663
1664 status = _netr_LogonSamLogon_check(&r2);
1665 if (!NT_STATUS_IS_OK(status)) {
1666 return status;
1667 }
1668
1669 become_root();
1670 status = netr_creds_server_step_check(p, p->mem_ctx,
1671 r->in.computer_name,
1672 r->in.credential,
1673 &return_authenticator,
1674 &creds);
1675 unbecome_root();
1676 if (!NT_STATUS_IS_OK(status)) {
1677 return status;
1678 }
1679
1680 status = _netr_LogonSamLogon_base(p, &r2, creds);
1681
1682 *r->out.return_authenticator = return_authenticator;
1683
1684 return status;
1685 }
1686
1687 /*************************************************************************
1688 _netr_LogonSamLogon
1689 *************************************************************************/
1690
1691 NTSTATUS _netr_LogonSamLogon(struct pipes_struct *p,
1692 struct netr_LogonSamLogon *r)
1693 {
1694 NTSTATUS status;
1695 struct netr_LogonSamLogonWithFlags r2;
1696 uint32_t flags = 0;
1697
1698 r2.in.server_name = r->in.server_name;
1699 r2.in.computer_name = r->in.computer_name;
1700 r2.in.credential = r->in.credential;
1701 r2.in.logon_level = r->in.logon_level;
1702 r2.in.logon = r->in.logon;
1703 r2.in.validation_level = r->in.validation_level;
1704 r2.in.return_authenticator = r->in.return_authenticator;
1705 r2.in.flags = &flags;
1706 r2.out.validation = r->out.validation;
1707 r2.out.authoritative = r->out.authoritative;
1708 r2.out.flags = &flags;
1709 r2.out.return_authenticator = r->out.return_authenticator;
1710
1711 status = _netr_LogonSamLogonWithFlags(p, &r2);
1712
1713 return status;
1714 }
1715
1716 /*************************************************************************
1717 _netr_LogonSamLogonEx
1718 - no credential chaining. Map into net sam logon.
1719 *************************************************************************/
1720
1721 NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
1722 struct netr_LogonSamLogonEx *r)
1723 {
1724 NTSTATUS status;
1725 struct netlogon_creds_CredentialState *creds = NULL;
1726
1727 *r->out.authoritative = true;
1728
1729 status = _netr_LogonSamLogon_check(r);
1730 if (!NT_STATUS_IS_OK(status)) {
1731 return status;
1732 }
1733
1734 /* Only allow this if the pipe is protected. */
1735 if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
1736 DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
1737 get_remote_machine_name() ));
1738 return NT_STATUS_INVALID_PARAMETER;
1739 }
1740
1741 become_root();
1742 status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
1743 r->in.computer_name, &creds);
1744 unbecome_root();
1745 if (!NT_STATUS_IS_OK(status)) {
1746 return status;
1747 }
1748
1749 status = _netr_LogonSamLogon_base(p, r, creds);
1750 TALLOC_FREE(creds);
1751
1752 return status;
1753 }
1754
1755 /*************************************************************************
1756 _ds_enum_dom_trusts
1757 *************************************************************************/
1758 #if 0 /* JERRY -- not correct */
1759 NTSTATUS _ds_enum_dom_trusts(struct pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
1760 DS_R_ENUM_DOM_TRUSTS *r_u)
1761 {
1762 NTSTATUS status = NT_STATUS_OK;
1763
1764 /* TODO: According to MSDN, the can only be executed against a
1765 DC or domain member running Windows 2000 or later. Need
1766 to test against a standalone 2k server and see what it
1767 does. A windows 2000 DC includes its own domain in the
1768 list. --jerry */
1769
1770 return status;
1771 }
1772 #endif /* JERRY */
1773
1774
1775 /****************************************************************
1776 ****************************************************************/
1777
1778 WERROR _netr_LogonUasLogon(struct pipes_struct *p,
1779 struct netr_LogonUasLogon *r)
1780 {
1781 p->rng_fault_state = true;
1782 return WERR_NOT_SUPPORTED;
1783 }
1784
1785 /****************************************************************
1786 ****************************************************************/
1787
1788 WERROR _netr_LogonUasLogoff(struct pipes_struct *p,
1789 struct netr_LogonUasLogoff *r)
1790 {
1791 p->rng_fault_state = true;
1792 return WERR_NOT_SUPPORTED;
1793 }
1794
1795 /****************************************************************
1796 ****************************************************************/
1797
1798 NTSTATUS _netr_DatabaseDeltas(struct pipes_struct *p,
1799 struct netr_DatabaseDeltas *r)
1800 {
1801 p->rng_fault_state = true;
1802 return NT_STATUS_NOT_IMPLEMENTED;
1803 }
1804
1805 /****************************************************************
1806 ****************************************************************/
1807
1808 NTSTATUS _netr_DatabaseSync(struct pipes_struct *p,
1809 struct netr_DatabaseSync *r)
1810 {
1811 p->rng_fault_state = true;
1812 return NT_STATUS_NOT_IMPLEMENTED;
1813 }
1814
1815 /****************************************************************
1816 ****************************************************************/
1817
1818 NTSTATUS _netr_AccountDeltas(struct pipes_struct *p,
1819 struct netr_AccountDeltas *r)
1820 {
1821 p->rng_fault_state = true;
1822 return NT_STATUS_NOT_IMPLEMENTED;
1823 }
1824
1825 /****************************************************************
1826 ****************************************************************/
1827
1828 NTSTATUS _netr_AccountSync(struct pipes_struct *p,
1829 struct netr_AccountSync *r)
1830 {
1831 p->rng_fault_state = true;
1832 return NT_STATUS_NOT_IMPLEMENTED;
1833 }
1834
1835 /****************************************************************
1836 ****************************************************************/
1837
1838 static bool wb_getdcname(TALLOC_CTX *mem_ctx,
1839 const char *domain,
1840 const char **dcname,
1841 uint32_t flags,
1842 WERROR *werr)
1843 {
1844 wbcErr result;
1845 struct wbcDomainControllerInfo *dc_info = NULL;
1846
1847 result = wbcLookupDomainController(domain,
1848 flags,
1849 &dc_info);
1850 switch (result) {
1851 case WBC_ERR_SUCCESS:
1852 break;
1853 case WBC_ERR_WINBIND_NOT_AVAILABLE:
1854 return false;
1855 case WBC_ERR_DOMAIN_NOT_FOUND:
1856 *werr = WERR_NO_SUCH_DOMAIN;
1857 return true;
1858 default:
1859 *werr = WERR_DOMAIN_CONTROLLER_NOT_FOUND;
1860 return true;
1861 }
1862
1863 *dcname = talloc_strdup(mem_ctx, dc_info->dc_name);
1864 wbcFreeMemory(dc_info);
1865 if (!*dcname) {
1866 *werr = WERR_NOMEM;
1867 return false;
1868 }
1869
1870 *werr = WERR_OK;
1871
1872 return true;
1873 }
1874
1875 /****************************************************************
1876 _netr_GetDcName
1877 ****************************************************************/
1878
1879 WERROR _netr_GetDcName(struct pipes_struct *p,
1880 struct netr_GetDcName *r)
1881 {
1882 NTSTATUS status;
1883 WERROR werr;
1884 uint32_t flags;
1885 struct netr_DsRGetDCNameInfo *info;
1886 bool ret;
1887
1888 ret = wb_getdcname(p->mem_ctx,
1889 r->in.domainname,
1890 r->out.dcname,
1891 WBC_LOOKUP_DC_IS_FLAT_NAME |
1892 WBC_LOOKUP_DC_RETURN_FLAT_NAME |
1893 WBC_LOOKUP_DC_PDC_REQUIRED,
1894 &werr);
1895 if (ret == true) {
1896 return werr;
1897 }
1898
1899 flags = DS_PDC_REQUIRED | DS_IS_FLAT_NAME | DS_RETURN_FLAT_NAME;
1900
1901 status = dsgetdcname(p->mem_ctx,
1902 p->msg_ctx,
1903 r->in.domainname,
1904 NULL,
1905 NULL,
1906 flags,
1907 &info);
1908 if (!NT_STATUS_IS_OK(status)) {
1909 return ntstatus_to_werror(status);
1910 }
1911
1912 *r->out.dcname = talloc_strdup(p->mem_ctx, info->dc_unc);
1913 talloc_free(info);
1914 if (!*r->out.dcname) {
1915 return WERR_NOMEM;
1916 }
1917
1918 return WERR_OK;
1919 }
1920
1921 /****************************************************************
1922 _netr_GetAnyDCName
1923 ****************************************************************/
1924
1925 WERROR _netr_GetAnyDCName(struct pipes_struct *p,
1926 struct netr_GetAnyDCName *r)
1927 {
1928 NTSTATUS status;
1929 WERROR werr;
1930 uint32_t flags;
1931 struct netr_DsRGetDCNameInfo *info;
1932 bool ret;
1933
1934 ret = wb_getdcname(p->mem_ctx,
1935 r->in.domainname,
1936 r->out.dcname,
1937 WBC_LOOKUP_DC_IS_FLAT_NAME |
1938 WBC_LOOKUP_DC_RETURN_FLAT_NAME,
1939 &werr);
1940 if (ret == true) {
1941 return werr;
1942 }
1943
1944 flags = DS_IS_FLAT_NAME | DS_RETURN_FLAT_NAME;
1945
1946 status = dsgetdcname(p->mem_ctx,
1947 p->msg_ctx,
1948 r->in.domainname,
1949 NULL,
1950 NULL,
1951 flags,
1952 &info);
1953 if (!NT_STATUS_IS_OK(status)) {
1954 return ntstatus_to_werror(status);
1955 }
1956
1957 *r->out.dcname = talloc_strdup(p->mem_ctx, info->dc_unc);
1958 talloc_free(info);
1959 if (!*r->out.dcname) {
1960 return WERR_NOMEM;
1961 }
1962
1963 return WERR_OK;
1964 }
1965
1966 /****************************************************************
1967 ****************************************************************/
1968
1969 NTSTATUS _netr_DatabaseSync2(struct pipes_struct *p,
1970 struct netr_DatabaseSync2 *r)
1971 {
1972 p->rng_fault_state = true;
1973 return NT_STATUS_NOT_IMPLEMENTED;
1974 }
1975
1976 /****************************************************************
1977 ****************************************************************/
1978
1979 NTSTATUS _netr_DatabaseRedo(struct pipes_struct *p,
1980 struct netr_DatabaseRedo *r)
1981 {
1982 p->rng_fault_state = true;
1983 return NT_STATUS_NOT_IMPLEMENTED;
1984 }
1985
1986 /****************************************************************
1987 ****************************************************************/
1988
1989 WERROR _netr_DsRGetDCName(struct pipes_struct *p,
1990 struct netr_DsRGetDCName *r)
1991 {
1992 p->rng_fault_state = true;
1993 return WERR_NOT_SUPPORTED;
1994 }
1995
1996 /****************************************************************
1997 ****************************************************************/
1998
1999 NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
2000 struct netr_LogonGetCapabilities *r)
2001 {
2002 return NT_STATUS_NOT_IMPLEMENTED;
2003 }
2004
2005 /****************************************************************
2006 ****************************************************************/
2007
2008 WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p,
2009 struct netr_NETRLOGONSETSERVICEBITS *r)
2010 {
2011 p->rng_fault_state = true;
2012 return WERR_NOT_SUPPORTED;
2013 }
2014
2015 /****************************************************************
2016 ****************************************************************/
2017
2018 WERROR _netr_LogonGetTrustRid(struct pipes_struct *p,
2019 struct netr_LogonGetTrustRid *r)
2020 {
2021 p->rng_fault_state = true;
2022 return WERR_NOT_SUPPORTED;
2023 }
2024
2025 /****************************************************************
2026 ****************************************************************/
2027
2028 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p,
2029 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
2030 {
2031 p->rng_fault_state = true;
2032 return WERR_NOT_SUPPORTED;
2033 }
2034
2035 /****************************************************************
2036 ****************************************************************/
2037
2038 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p,
2039 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
2040 {
2041 p->rng_fault_state = true;
2042 return WERR_NOT_SUPPORTED;
2043 }
2044
2045 /****************************************************************
2046 ****************************************************************/
2047
2048 WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p,
2049 struct netr_DsRGetDCNameEx *r)
2050 {
2051 p->rng_fault_state = true;
2052 return WERR_NOT_SUPPORTED;
2053 }
2054
2055 /****************************************************************
2056 ****************************************************************/
2057
2058 WERROR _netr_DsRGetSiteName(struct pipes_struct *p,
2059 struct netr_DsRGetSiteName *r)
2060 {
2061 p->rng_fault_state = true;
2062 return WERR_NOT_SUPPORTED;
2063 }
2064
2065 /****************************************************************
2066 ****************************************************************/
2067
2068 NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p,
2069 struct netr_LogonGetDomainInfo *r)
2070 {
2071 p->rng_fault_state = true;
2072 return NT_STATUS_NOT_IMPLEMENTED;
2073 }
2074
2075 /****************************************************************
2076 ****************************************************************/
2077
2078 WERROR _netr_ServerPasswordGet(struct pipes_struct *p,
2079 struct netr_ServerPasswordGet *r)
2080 {
2081 p->rng_fault_state = true;
2082 return WERR_NOT_SUPPORTED;
2083 }
2084
2085 /****************************************************************
2086 ****************************************************************/
2087
2088 WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p,
2089 struct netr_NETRLOGONSENDTOSAM *r)
2090 {
2091 p->rng_fault_state = true;
2092 return WERR_NOT_SUPPORTED;
2093 }
2094
2095 /****************************************************************
2096 ****************************************************************/
2097
2098 WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p,
2099 struct netr_DsRAddressToSitenamesW *r)
2100 {
2101 p->rng_fault_state = true;
2102 return WERR_NOT_SUPPORTED;
2103 }
2104
2105 /****************************************************************
2106 ****************************************************************/
2107
2108 WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p,
2109 struct netr_DsRGetDCNameEx2 *r)
2110 {
2111 p->rng_fault_state = true;
2112 return WERR_NOT_SUPPORTED;
2113 }
2114
2115 /****************************************************************
2116 ****************************************************************/
2117
2118 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p,
2119 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
2120 {
2121 p->rng_fault_state = true;
2122 return WERR_NOT_SUPPORTED;
2123 }
2124
2125 /****************************************************************
2126 ****************************************************************/
2127
2128 WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p,
2129 struct netr_NetrEnumerateTrustedDomainsEx *r)
2130 {
2131 p->rng_fault_state = true;
2132 return WERR_NOT_SUPPORTED;
2133 }
2134
2135 /****************************************************************
2136 ****************************************************************/
2137
2138 WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p,
2139 struct netr_DsRAddressToSitenamesExW *r)
2140 {
2141 p->rng_fault_state = true;
2142 return WERR_NOT_SUPPORTED;
2143 }
2144
2145 /****************************************************************
2146 ****************************************************************/
2147
2148 WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p,
2149 struct netr_DsrGetDcSiteCoverageW *r)
2150 {
2151 p->rng_fault_state = true;
2152 return WERR_NOT_SUPPORTED;
2153 }
2154
2155 /****************************************************************
2156 ****************************************************************/
2157
2158 WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p,
2159 struct netr_DsrEnumerateDomainTrusts *r)
2160 {
2161 p->rng_fault_state = true;
2162 return WERR_NOT_SUPPORTED;
2163 }
2164
2165 /****************************************************************
2166 ****************************************************************/
2167
2168 WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p,
2169 struct netr_DsrDeregisterDNSHostRecords *r)
2170 {
2171 p->rng_fault_state = true;
2172 return WERR_NOT_SUPPORTED;
2173 }
2174
2175 /****************************************************************
2176 ****************************************************************/
2177
2178 NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p,
2179 struct netr_ServerTrustPasswordsGet *r)
2180 {
2181 p->rng_fault_state = true;
2182 return NT_STATUS_NOT_IMPLEMENTED;
2183 }
2184
2185 /****************************************************************
2186 ****************************************************************/
2187
2188 WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
2189 struct netr_DsRGetForestTrustInformation *r)
2190 {
2191 p->rng_fault_state = true;
2192 return WERR_NOT_SUPPORTED;
2193 }
2194
2195 /****************************************************************
2196 ****************************************************************/
2197
2198 static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx,
2199 struct lsa_ForestTrustInformation *info)
2200 {
2201 struct lsa_ForestTrustRecord *e;
2202 struct pdb_domain_info *dom_info;
2203 struct lsa_ForestTrustDomainInfo *domain_info;
2204
2205 dom_info = pdb_get_domain_info(mem_ctx);
2206 if (dom_info == NULL) {
2207 return NT_STATUS_NO_MEMORY;
2208 }
2209
2210 info->count = 2;
2211 info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, 2);
2212 if (info->entries == NULL) {
2213 return NT_STATUS_NO_MEMORY;
2214 }
2215
2216 e = talloc(info, struct lsa_ForestTrustRecord);
2217 if (e == NULL) {
2218 return NT_STATUS_NO_MEMORY;
2219 }
2220
2221 e->flags = 0;
2222 e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
2223 e->time = 0; /* so far always 0 in trces. */
2224 e->forest_trust_data.top_level_name.string = talloc_steal(info,
2225 dom_info->dns_forest);
2226
2227 info->entries[0] = e;
2228
2229 e = talloc(info, struct lsa_ForestTrustRecord);
2230 if (e == NULL) {
2231 return NT_STATUS_NO_MEMORY;
2232 }
2233
2234 /* TODO: check if disabled and set flags accordingly */
2235 e->flags = 0;
2236 e->type = LSA_FOREST_TRUST_DOMAIN_INFO;
2237 e->time = 0; /* so far always 0 in traces. */
2238
2239 domain_info = &e->forest_trust_data.domain_info;
2240 domain_info->domain_sid = dom_sid_dup(info, &dom_info->sid);
2241
2242 domain_info->dns_domain_name.string = talloc_steal(info,
2243 dom_info->dns_domain);
2244 domain_info->netbios_domain_name.string = talloc_steal(info,
2245 dom_info->name);
2246
2247 info->entries[1] = e;
2248
2249 return NT_STATUS_OK;
2250 }
2251
2252 /****************************************************************
2253 _netr_GetForestTrustInformation
2254 ****************************************************************/
2255
2256 NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p,
2257 struct netr_GetForestTrustInformation *r)
2258 {
2259 NTSTATUS status;
2260 struct netlogon_creds_CredentialState *creds;
2261 struct lsa_ForestTrustInformation *info, **info_ptr;
2262
2263 /* TODO: check server name */
2264
2265 status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
2266 r->in.computer_name,
2267 r->in.credential,
2268 r->out.return_authenticator,
2269 &creds);
2270 if (!NT_STATUS_IS_OK(status)) {
2271 return status;
2272 }
2273
2274 if ((creds->secure_channel_type != SEC_CHAN_DNS_DOMAIN) &&
2275 (creds->secure_channel_type != SEC_CHAN_DOMAIN)) {
2276 return NT_STATUS_NOT_IMPLEMENTED;
2277 }
2278
2279 info_ptr = talloc(p->mem_ctx, struct lsa_ForestTrustInformation *);
2280 if (!info_ptr) {
2281 return NT_STATUS_NO_MEMORY;
2282 }
2283 info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation);
2284 if (!info) {
2285 return NT_STATUS_NO_MEMORY;
2286 }
2287
2288 status = fill_forest_trust_array(p->mem_ctx, info);
2289 if (!NT_STATUS_IS_OK(status)) {
2290 return status;
2291 }
2292
2293 *info_ptr = info;
2294 r->out.forest_trust_info = info_ptr;
2295
2296 return NT_STATUS_OK;
2297 }
2298
2299 /****************************************************************
2300 ****************************************************************/
2301
2302 static NTSTATUS get_password_from_trustAuth(TALLOC_CTX *mem_ctx,
2303 const DATA_BLOB *trustAuth_blob,
2304 const DATA_BLOB *session_key,
2305 struct samr_Password *current_pw_enc,
2306 struct samr_Password *previous_pw_enc)
2307 {
2308 enum ndr_err_code ndr_err;
2309 struct trustAuthInOutBlob trustAuth;
2310
2311 ndr_err = ndr_pull_struct_blob_all(trustAuth_blob, mem_ctx, &trustAuth,
2312 (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
2313 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2314 return NT_STATUS_UNSUCCESSFUL;
2315 }
2316
2317
2318 if (trustAuth.count != 0 && trustAuth.current.count != 0 &&
2319 trustAuth.current.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
2320 mdfour(previous_pw_enc->hash,
2321 trustAuth.current.array[0].AuthInfo.clear.password,
2322 trustAuth.current.array[0].AuthInfo.clear.size);
2323 } else {
2324 return NT_STATUS_UNSUCCESSFUL;
2325 }
2326
2327 arcfour_crypt_blob(current_pw_enc->hash, sizeof(current_pw_enc->hash),
2328 session_key);
2329
2330 if (trustAuth.previous.count != 0 &&
2331 trustAuth.previous.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
2332 mdfour(previous_pw_enc->hash,
2333 trustAuth.previous.array[0].AuthInfo.clear.password,
2334 trustAuth.previous.array[0].AuthInfo.clear.size);
2335 } else {
2336 mdfour(previous_pw_enc->hash, NULL, 0);
2337 }
2338 arcfour_crypt_blob(previous_pw_enc->hash, sizeof(previous_pw_enc->hash),
2339 session_key);
2340
2341 return NT_STATUS_OK;
2342 }
2343
2344 /****************************************************************
2345 _netr_ServerGetTrustInfo
2346 ****************************************************************/
2347
2348 NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p,
2349 struct netr_ServerGetTrustInfo *r)
2350 {
2351 NTSTATUS status;
2352 struct netlogon_creds_CredentialState *creds;
2353 char *account_name;
2354 size_t account_name_last;
2355 bool trusted;
2356 struct netr_TrustInfo *trust_info;
2357 struct pdb_trusted_domain *td;
2358 DATA_BLOB trustAuth_blob;
2359 struct samr_Password *new_owf_enc;
2360 struct samr_Password *old_owf_enc;
2361 DATA_BLOB session_key;
2362
2363 /* TODO: check server name */
2364
2365 status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
2366 r->in.computer_name,
2367 r->in.credential,
2368 r->out.return_authenticator,
2369 &creds);
2370 if (!NT_STATUS_IS_OK(status)) {
2371 return status;
2372 }
2373
2374 account_name = talloc_strdup(p->mem_ctx, r->in.account_name);
2375 if (account_name == NULL) {
2376 return NT_STATUS_NO_MEMORY;
2377 }
2378
2379 account_name_last = strlen(account_name);
2380 if (account_name_last == 0) {
2381 return NT_STATUS_INVALID_PARAMETER;
2382 }
2383 account_name_last--;
2384 if (account_name[account_name_last] == '.') {
2385 account_name[account_name_last] = '\0';
2386 }
2387
2388 if ((creds->secure_channel_type != SEC_CHAN_DNS_DOMAIN) &&
2389 (creds->secure_channel_type != SEC_CHAN_DOMAIN)) {
2390 trusted = false;
2391 } else {
2392 trusted = true;
2393 }
2394
2395
2396 if (trusted) {
2397 account_name_last = strlen(account_name);
2398 if (account_name_last == 0) {
2399 return NT_STATUS_INVALID_PARAMETER;
2400 }
2401 account_name_last--;
2402 if (account_name[account_name_last] == '$') {
2403 account_name[account_name_last] = '\0';
2404 }
2405
2406 status = pdb_get_trusted_domain(p->mem_ctx, account_name, &td);
2407 if (!NT_STATUS_IS_OK(status)) {
2408 return status;
2409 }
2410
2411 if (r->out.trust_info != NULL) {
2412 trust_info = talloc_zero(p->mem_ctx, struct netr_TrustInfo);
2413 if (trust_info == NULL) {
2414 return NT_STATUS_NO_MEMORY;
2415 }
2416 trust_info->count = 1;
2417
2418 trust_info->data = talloc_array(trust_info, uint32_t, 1);
2419 if (trust_info->data == NULL) {
2420 return NT_STATUS_NO_MEMORY;
2421 }
2422 trust_info->data[0] = td->trust_attributes;
2423
2424 *r->out.trust_info = trust_info;
2425 }
2426
2427 new_owf_enc = talloc_zero(p->mem_ctx, struct samr_Password);
2428 old_owf_enc = talloc_zero(p->mem_ctx, struct samr_Password);
2429 if (new_owf_enc == NULL || old_owf_enc == NULL) {
2430 return NT_STATUS_NO_MEMORY;
2431 }
2432
2433 /* TODO: which trustAuth shall we use if we have in/out trust or do they have to
2434 * be equal ? */
2435 if (td->trust_direction & NETR_TRUST_FLAG_INBOUND) {
2436 trustAuth_blob = td->trust_auth_incoming;
2437 } else if (td->trust_direction & NETR_TRUST_FLAG_OUTBOUND) {
2438 trustAuth_blob = td->trust_auth_outgoing;
2439 }
2440
2441 session_key.data = creds->session_key;
2442 session_key.length = sizeof(creds->session_key);
2443 status = get_password_from_trustAuth(p->mem_ctx, &trustAuth_blob,
2444 &session_key,
2445 new_owf_enc, old_owf_enc);
2446
2447 if (!NT_STATUS_IS_OK(status)) {
2448 return status;
2449 }
2450
2451 r->out.new_owf_password = new_owf_enc;
2452 r->out.old_owf_password = old_owf_enc;
2453 } else {
2454 /* TODO: look for machine password */
2455 r->out.new_owf_password = NULL;
2456 r->out.old_owf_password = NULL;
2457
2458 return NT_STATUS_NOT_IMPLEMENTED;
2459 }
2460
2461 return NT_STATUS_OK;
2462 }
2463
2464 /****************************************************************
2465 ****************************************************************/
2466
2467 NTSTATUS _netr_Unused47(struct pipes_struct *p,
2468 struct netr_Unused47 *r)
2469 {
2470 p->rng_fault_state = true;
2471 return NT_STATUS_NOT_IMPLEMENTED;
2472 }
2473
2474 /****************************************************************
2475 ****************************************************************/
2476
2477 NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p,
2478 struct netr_DsrUpdateReadOnlyServerDnsRecords *r)
2479 {
2480 p->rng_fault_state = true;
2481 return NT_STATUS_NOT_IMPLEMENTED;
2482 }
Samba GIT mirror