search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Lots of doc updates. Getting ready for 2.2.5 release.
[Samba.git] / source / libsmb / cli_netlogon.c
blob560de2192eeeb960eb389c50760aad655c5de474
1 /*
2 Unix SMB/CIFS implementation.
3 NT Domain Authentication SMB / MSRPC client
4 Copyright (C) Andrew Tridgell 1992-2000
5 Copyright (C) Luke Kenneth Casson Leighton 1996-2000
6 Copyright (C) Tim Potter 2001
7 Copyright (C) Paul Ashton 1997.
8 Copyright (C) Jeremy Allison 1998.
9 Copyright (C) Andrew Bartlett 2001.
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26 #include "includes.h"
27
28 /* Opens a SMB connection to the netlogon pipe */
29
30 struct cli_state *cli_netlogon_initialise(struct cli_state *cli,
31 char *system_name,
32 struct ntuser_creds *creds)
33 {
34 return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds);
35 }
36
37 /* LSA Request Challenge. Sends our challenge to server, then gets
38 server response. These are used to generate the credentials. */
39
40 NTSTATUS new_cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal,
41 DOM_CHAL *srv_chal)
42 {
43 prs_struct qbuf, rbuf;
44 NET_Q_REQ_CHAL q;
45 NET_R_REQ_CHAL r;
46 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
47 extern pstring global_myname;
48
49 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
50 prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
51
52 /* create and send a MSRPC command with api NET_REQCHAL */
53
54 DEBUG(4,("new_cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
55 cli->desthost, global_myname, credstr(clnt_chal->data)));
56
57 /* store the parameters */
58 init_q_req_chal(&q, cli->srv_name_slash, global_myname, clnt_chal);
59
60 /* Marshall data and send request */
61
62 if (!net_io_q_req_chal("", &q, &qbuf, 0) ||
63 !rpc_api_pipe_req(cli, NET_REQCHAL, &qbuf, &rbuf)) {
64 goto done;
65 }
66
67 /* Unmarhall response */
68
69 if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
70 goto done;
71 }
72
73 result = r.status;
74
75 /* Return result */
76
77 if (NT_STATUS_IS_OK(result)) {
78 memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
79 }
80
81 done:
82 prs_mem_free(&qbuf);
83 prs_mem_free(&rbuf);
84
85 return result;
86 }
87
88 /****************************************************************************
89 LSA Authenticate 2
90
91 Send the client credential, receive back a server credential.
92 Ensure that the server credential returned matches the session key
93 encrypt of the server challenge originally received. JRA.
94 ****************************************************************************/
95
96 NTSTATUS new_cli_net_auth2(struct cli_state *cli,
97 uint16 sec_chan,
98 uint32 neg_flags, DOM_CHAL *srv_chal)
99 {
100 prs_struct qbuf, rbuf;
101 NET_Q_AUTH_2 q;
102 NET_R_AUTH_2 r;
103 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
104 extern pstring global_myname;
105
106 prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
107 prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
108
109 /* create and send a MSRPC command with api NET_AUTH2 */
110
111 DEBUG(4,("new_cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
112 cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
113 credstr(cli->clnt_cred.challenge.data), neg_flags));
114
115 /* store the parameters */
116 init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct,
117 sec_chan, global_myname, &cli->clnt_cred.challenge,
118 neg_flags);
119
120 /* turn parameters into data stream */
121
122 if (!net_io_q_auth_2("", &q, &qbuf, 0) ||
123 !rpc_api_pipe_req(cli, NET_AUTH2, &qbuf, &rbuf)) {
124 goto done;
125 }
126
127 /* Unmarshall response */
128
129 if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
130 goto done;
131 }
132
133 result = r.status;
134
135 if (NT_STATUS_IS_OK(result)) {
136 UTIME zerotime;
137
138 /*
139 * Check the returned value using the initial
140 * server received challenge.
141 */
142
143 zerotime.time = 0;
144 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal,
145 zerotime) == 0) {
146
147 /*
148 * Server replied with bad credential. Fail.
149 */
150 DEBUG(0,("new_cli_net_auth2: server %s replied with bad credential (bad machine \
151 password ?).\n", cli->desthost ));
152 result = NT_STATUS_ACCESS_DENIED;
153 goto done;
154 }
155 }
156
157 done:
158 prs_mem_free(&qbuf);
159 prs_mem_free(&rbuf);
160
161 return result;
162 }
163
164 /* Initialize domain session credentials */
165
166 NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli,
167 uint16 sec_chan,
168 const unsigned char mach_pwd[16])
169 {
170 DOM_CHAL clnt_chal;
171 DOM_CHAL srv_chal;
172 UTIME zerotime;
173 NTSTATUS result;
174
175 /******************* Request Challenge ********************/
176
177 generate_random_buffer(clnt_chal.data, 8, False);
178
179 /* send a client challenge; receive a server challenge */
180 result = new_cli_net_req_chal(cli, &clnt_chal, &srv_chal);
181
182 if (!NT_STATUS_IS_OK(result)) {
183 DEBUG(0,("new_cli_nt_setup_creds: request challenge failed\n"));
184 return result;
185 }
186
187 /**************** Long-term Session key **************/
188
189 /* calculate the session key */
190 cred_session_key(&clnt_chal, &srv_chal, mach_pwd,
191 cli->sess_key);
192 memset((char *)cli->sess_key+8, '\0', 8);
193
194 /******************* Authenticate 2 ********************/
195
196 /* calculate auth-2 credentials */
197 zerotime.time = 0;
198 cred_create(cli->sess_key, &clnt_chal, zerotime,
199 &cli->clnt_cred.challenge);
200
201 /*
202 * Send client auth-2 challenge.
203 * Receive an auth-2 challenge response and check it.
204 */
205
206 result = new_cli_net_auth2(cli, sec_chan, 0x000001ff,
207 &srv_chal);
208 if (!NT_STATUS_IS_OK(result)) {
209 DEBUG(0,("new_cli_nt_setup_creds: auth2 challenge failed %s\n",
210 get_nt_error_msg(result)));
211 }
212
213 return result;
214 }
215
216 /* Logon Control 2 */
217
218 NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
219 uint32 query_level)
220 {
221 prs_struct qbuf, rbuf;
222 NET_Q_LOGON_CTRL2 q;
223 NET_R_LOGON_CTRL2 r;
224 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
225
226 ZERO_STRUCT(q);
227 ZERO_STRUCT(r);
228
229 /* Initialise parse structures */
230
231 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
232 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
233
234 /* Initialise input parameters */
235
236 init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level);
237
238 /* Marshall data and send request */
239
240 if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) ||
241 !rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &qbuf, &rbuf)) {
242 result = NT_STATUS_UNSUCCESSFUL;
243 goto done;
244 }
245
246 /* Unmarshall response */
247
248 if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) {
249 result = NT_STATUS_UNSUCCESSFUL;
250 goto done;
251 }
252
253 result = r.status;
254
255 done:
256 prs_mem_free(&qbuf);
257 prs_mem_free(&rbuf);
258
259 return result;
260 }
261
262 /****************************************************************************
263 Generate the next creds to use. Yuck - this is a cut&paste from another
264 file. They should be combined at some stage. )-:
265 ****************************************************************************/
266
267 static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
268 {
269 /*
270 * Create the new client credentials.
271 */
272
273 cli->clnt_cred.timestamp.time = time(NULL);
274
275 memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
276
277 /* Calculate the new credentials. */
278 cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
279 new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
280
281 }
282
283 /* Sam synchronisation */
284
285 NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
286 uint32 database_id, uint32 *num_deltas,
287 SAM_DELTA_HDR **hdr_deltas,
288 SAM_DELTA_CTR **deltas)
289 {
290 prs_struct qbuf, rbuf;
291 NET_Q_SAM_SYNC q;
292 NET_R_SAM_SYNC r;
293 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
294 DOM_CRED clnt_creds;
295
296 ZERO_STRUCT(q);
297 ZERO_STRUCT(r);
298
299 /* Initialise parse structures */
300
301 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
302 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
303
304 /* Initialise input parameters */
305
306 gen_next_creds(cli, &clnt_creds);
307
308 init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
309 &clnt_creds, ret_creds, database_id);
310
311 /* Marshall data and send request */
312
313 if (!net_io_q_sam_sync("", &q, &qbuf, 0) ||
314 !rpc_api_pipe_req(cli, NET_SAM_SYNC, &qbuf, &rbuf)) {
315 result = NT_STATUS_UNSUCCESSFUL;
316 goto done;
317 }
318
319 /* Unmarshall response */
320
321 if (!net_io_r_sam_sync("", cli->sess_key, &r, &rbuf, 0)) {
322 result = NT_STATUS_UNSUCCESSFUL;
323 goto done;
324 }
325
326 /* Return results */
327
328 result = r.status;
329 *num_deltas = r.num_deltas2;
330 *hdr_deltas = r.hdr_deltas;
331 *deltas = r.deltas;
332
333 memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
334
335 done:
336 prs_mem_free(&qbuf);
337 prs_mem_free(&rbuf);
338
339 return result;
340 }
341
342 /* Sam synchronisation */
343
344 NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx,
345 uint32 database_id, UINT64_S seqnum,
346 uint32 *num_deltas,
347 SAM_DELTA_HDR **hdr_deltas,
348 SAM_DELTA_CTR **deltas)
349 {
350 prs_struct qbuf, rbuf;
351 NET_Q_SAM_DELTAS q;
352 NET_R_SAM_DELTAS r;
353 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
354 DOM_CRED clnt_creds;
355
356 ZERO_STRUCT(q);
357 ZERO_STRUCT(r);
358
359 /* Initialise parse structures */
360
361 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
362 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
363
364 /* Initialise input parameters */
365
366 gen_next_creds(cli, &clnt_creds);
367
368 init_net_q_sam_deltas(&q, cli->srv_name_slash,
369 cli->clnt_name_slash + 2, &clnt_creds,
370 database_id, seqnum);
371
372 /* Marshall data and send request */
373
374 if (!net_io_q_sam_deltas("", &q, &qbuf, 0) ||
375 !rpc_api_pipe_req(cli, NET_SAM_DELTAS, &qbuf, &rbuf)) {
376 result = NT_STATUS_UNSUCCESSFUL;
377 goto done;
378 }
379
380 /* Unmarshall response */
381
382 if (!net_io_r_sam_deltas("", cli->sess_key, &r, &rbuf, 0)) {
383 result = NT_STATUS_UNSUCCESSFUL;
384 goto done;
385 }
386
387 /* Return results */
388
389 result = r.status;
390 *num_deltas = r.num_deltas2;
391 *hdr_deltas = r.hdr_deltas;
392 *deltas = r.deltas;
393
394 done:
395 prs_mem_free(&qbuf);
396 prs_mem_free(&rbuf);
397
398 return result;
399 }
400
401 /* Logon domain user */
402
403 NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
404 char *username, char *password,
405 int logon_type)
406 {
407 prs_struct qbuf, rbuf;
408 NET_Q_SAM_LOGON q;
409 NET_R_SAM_LOGON r;
410 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
411 DOM_CRED clnt_creds, dummy_rtn_creds;
412 extern pstring global_myname;
413 NET_ID_INFO_CTR ctr;
414 NET_USER_INFO_3 user;
415 int validation_level = 3;
416
417 ZERO_STRUCT(q);
418 ZERO_STRUCT(r);
419
420 /* Initialise parse structures */
421
422 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
423 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
424
425 /* Initialise input parameters */
426
427 gen_next_creds(cli, &clnt_creds);
428
429 q.validation_level = validation_level;
430
431 memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
432 dummy_rtn_creds.timestamp.time = time(NULL);
433
434 ctr.switch_value = logon_type;
435
436 switch (logon_type) {
437 case INTERACTIVE_LOGON_TYPE: {
438 unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
439
440 nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
441
442 init_id_info1(&ctr.auth.id1, lp_workgroup(),
443 0, /* param_ctrl */
444 0xdead, 0xbeef, /* LUID? */
445 username, cli->clnt_name_slash,
446 (char *)cli->sess_key, lm_owf_user_pwd,
447 nt_owf_user_pwd);
448
449 break;
450 }
451 case NET_LOGON_TYPE: {
452 uint8 chal[8];
453 unsigned char local_lm_response[24];
454 unsigned char local_nt_response[24];
455
456 generate_random_buffer(chal, 8, False);
457
458 SMBencrypt((const uchar *)password, chal, local_lm_response);
459 SMBNTencrypt((const uchar *)password, chal, local_nt_response);
460
461 init_id_info2(&ctr.auth.id2, lp_workgroup(),
462 0, /* param_ctrl */
463 0xdead, 0xbeef, /* LUID? */
464 username, cli->clnt_name_slash, chal,
465 local_lm_response, 24, local_nt_response, 24);
466 break;
467 }
468 default:
469 DEBUG(0, ("switch value %d not supported\n",
470 ctr.switch_value));
471 goto done;
472 }
473
474 init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname,
475 &clnt_creds, &dummy_rtn_creds, logon_type,
476 &ctr);
477
478 /* Marshall data and send request */
479
480 if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
481 !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
482 goto done;
483 }
484
485 /* Unmarshall response */
486
487 r.user = &user;
488
489 if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
490 goto done;
491 }
492
493 /* Return results */
494
495 result = r.status;
496
497 done:
498 prs_mem_free(&qbuf);
499 prs_mem_free(&rbuf);
500
501 return result;
502 }
503
504 /**
505 * Logon domain user with an 'network' SAM logon
506 *
507 * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
508 **/
509
510 NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
511 const char *username, const char *domain, const char *workstation,
512 const uint8 chal[8],
513 DATA_BLOB lm_response, DATA_BLOB nt_response,
514 NET_USER_INFO_3 *info3)
515
516 {
517 prs_struct qbuf, rbuf;
518 NET_Q_SAM_LOGON q;
519 NET_R_SAM_LOGON r;
520 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
521 DOM_CRED clnt_creds, dummy_rtn_creds;
522 NET_ID_INFO_CTR ctr;
523 extern pstring global_myname;
524 int validation_level = 3;
525 char *workstation_name_slash;
526
527 ZERO_STRUCT(q);
528 ZERO_STRUCT(r);
529
530 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
531
532 if (!workstation_name_slash) {
533 DEBUG(0, ("talloc_asprintf failed!\n"));
534 return NT_STATUS_NO_MEMORY;
535 }
536
537 /* Initialise parse structures */
538
539 prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
540 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
541
542 /* Initialise input parameters */
543
544 gen_next_creds(cli, &clnt_creds);
545
546 q.validation_level = validation_level;
547
548 memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
549 dummy_rtn_creds.timestamp.time = time(NULL);
550
551 ctr.switch_value = NET_LOGON_TYPE;
552
553 init_id_info2(&ctr.auth.id2, domain,
554 0, /* param_ctrl */
555 0xdead, 0xbeef, /* LUID? */
556 username, workstation_name_slash, (const uchar*)chal,
557 lm_response.data, lm_response.length, nt_response.data, nt_response.length);
558
559 init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname,
560 &clnt_creds, &dummy_rtn_creds, NET_LOGON_TYPE,
561 &ctr);
562
563 /* Marshall data and send request */
564
565 if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
566 !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
567 goto done;
568 }
569
570 /* Unmarshall response */
571
572 r.user = info3;
573
574 if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
575 goto done;
576 }
577
578 /* Return results */
579
580 result = r.status;
581
582 done:
583 prs_mem_free(&qbuf);
584 prs_mem_free(&rbuf);
585
586 return result;
587 }
588
589 #if 0 /* JERRY */
590
591 /*
592 * Still using old implementation in rpc_client/cli_netlogon.c
593 */
594
595 /***************************************************************************
596 LSA Server Password Set.
597 ****************************************************************************/
598
599 NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx,
600 char* machine_name, uint8 hashed_mach_pwd[16])
601 {
602 prs_struct rbuf;
603 prs_struct qbuf;
604 DOM_CRED new_clnt_cred;
605 NET_Q_SRV_PWSET q_s;
606 uint16 sec_chan_type = 2;
607 NTSTATUS nt_status;
608 char *mach_acct;
609
610 gen_next_creds( cli, &new_clnt_cred);
611
612 prs_init(&qbuf , 1024, mem_ctx, MARSHALL);
613 prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
614
615 /* create and send a MSRPC command with api NET_SRV_PWSET */
616
617 mach_acct = talloc_asprintf(mem_ctx, "%s$", machine_name);
618
619 if (!mach_acct) {
620 DEBUG(0,("talloc_asprintf failed!\n"));
621 nt_status = NT_STATUS_NO_MEMORY;
622 goto done;
623 }
624
625 DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n",
626 cli->srv_name_slash, mach_acct, sec_chan_type, machine_name,
627 credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time));
628
629 /* store the parameters */
630 init_q_srv_pwset(&q_s, cli->srv_name_slash, cli->sess_key,
631 mach_acct, sec_chan_type, machine_name,
632 &new_clnt_cred, (char *)hashed_mach_pwd);
633
634 /* turn parameters into data stream */
635 if(!net_io_q_srv_pwset("", &q_s, &qbuf, 0)) {
636 DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n"));
637 nt_status = NT_STATUS_UNSUCCESSFUL;
638 goto done;
639 }
640
641 /* send the data on \PIPE\ */
642 if (rpc_api_pipe_req(cli, NET_SRVPWSET, &qbuf, &rbuf))
643 {
644 NET_R_SRV_PWSET r_s;
645
646 if (!net_io_r_srv_pwset("", &r_s, &rbuf, 0)) {
647 nt_status = NT_STATUS_UNSUCCESSFUL;
648 goto done;
649 }
650
651 nt_status = r_s.status;
652
653 if (!NT_STATUS_IS_OK(r_s.status))
654 {
655 /* report error code */
656 DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status)));
657 goto done;
658 }
659
660 /* Update the credentials. */
661 if (!clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
662 {
663 /*
664 * Server replied with bad credential. Fail.
665 */
666 DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \
667 password ?).\n", cli->desthost ));
668 nt_status = NT_STATUS_UNSUCCESSFUL;
669 }
670 }
671
672 done:
673 prs_mem_free(&qbuf);
674 prs_mem_free(&rbuf);
675
676 return nt_status;
677 }
678
679 #endif /* JERRY */
680
Samba GIT mirror