2 Unix SMB/CIFS implementation.
4 Connect to the LSA pipe, given an smbcli_tree and possibly some
5 credentials. Try ntlmssp, schannel and anon in that order.
7 Copyright (C) Volker Lendecke 2005
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "libcli/composite/composite.h"
27 #include "libcli/raw/libcliraw.h"
28 #include "librpc/gen_ndr/ndr_lsa_c.h"
29 #include "winbind/wb_server.h"
31 /* Helper to initialize LSA with a specific auth methods. Verify by opening
34 struct init_lsa_state
{
35 struct composite_context
*ctx
;
36 struct dcerpc_pipe
*lsa_pipe
;
39 struct cli_credentials
*creds
;
41 struct lsa_ObjectAttribute objectattr
;
42 struct lsa_OpenPolicy2 openpolicy
;
43 struct policy_handle
*handle
;
46 static void init_lsa_recv_pipe(struct composite_context
*ctx
);
47 static void init_lsa_recv_openpol(struct rpc_request
*req
);
49 struct composite_context
*wb_init_lsa_send(TALLOC_CTX
*mem_ctx
,
50 struct wbsrv_domain
*domain
)
52 struct composite_context
*result
, *ctx
;
53 struct init_lsa_state
*state
;
55 result
= composite_create(mem_ctx
, domain
->netlogon_pipe
->conn
->event_ctx
);
56 if (result
== NULL
) goto failed
;
58 state
= talloc(result
, struct init_lsa_state
);
59 if (state
== NULL
) goto failed
;
61 result
->private_data
= state
;
63 /* this will make the secondary connection on the same IPC$ share,
64 secured with SPNEGO or NTLMSSP */
65 ctx
= dcerpc_secondary_auth_connection_send(domain
->netlogon_pipe
,
68 domain
->libnet_ctx
->cred
,
69 domain
->libnet_ctx
->lp_ctx
);
70 composite_continue(state
->ctx
, ctx
, init_lsa_recv_pipe
, state
);
78 static void init_lsa_recv_pipe(struct composite_context
*ctx
)
80 struct rpc_request
*req
;
81 struct init_lsa_state
*state
=
82 talloc_get_type(ctx
->async
.private_data
,
83 struct init_lsa_state
);
85 state
->ctx
->status
= dcerpc_secondary_auth_connection_recv(ctx
, state
,
87 if (!composite_is_ok(state
->ctx
)) return;
89 state
->handle
= talloc(state
, struct policy_handle
);
90 if (composite_nomem(state
->handle
, state
->ctx
)) return;
92 state
->openpolicy
.in
.system_name
=
93 talloc_asprintf(state
, "\\\\%s",
94 dcerpc_server_name(state
->lsa_pipe
));
95 ZERO_STRUCT(state
->objectattr
);
96 state
->openpolicy
.in
.attr
= &state
->objectattr
;
97 state
->openpolicy
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
98 state
->openpolicy
.out
.handle
= state
->handle
;
100 req
= dcerpc_lsa_OpenPolicy2_send(state
->lsa_pipe
, state
,
102 composite_continue_rpc(state
->ctx
, req
, init_lsa_recv_openpol
, state
);
105 static void init_lsa_recv_openpol(struct rpc_request
*req
)
107 struct init_lsa_state
*state
=
108 talloc_get_type(req
->async
.private_data
,
109 struct init_lsa_state
);
111 state
->ctx
->status
= dcerpc_ndr_request_recv(req
);
112 if (!composite_is_ok(state
->ctx
)) return;
113 state
->ctx
->status
= state
->openpolicy
.out
.result
;
114 if (!composite_is_ok(state
->ctx
)) return;
116 composite_done(state
->ctx
);
119 NTSTATUS
wb_init_lsa_recv(struct composite_context
*c
,
121 struct dcerpc_pipe
**lsa_pipe
,
122 struct policy_handle
**lsa_policy
)
124 NTSTATUS status
= composite_wait(c
);
125 if (NT_STATUS_IS_OK(status
)) {
126 struct init_lsa_state
*state
=
127 talloc_get_type(c
->private_data
,
128 struct init_lsa_state
);
129 *lsa_pipe
= talloc_steal(mem_ctx
, state
->lsa_pipe
);
130 *lsa_policy
= talloc_steal(mem_ctx
, state
->handle
);