From 14ceb7b501fce6623be284cbcceb573fd2e10d3a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 7 Aug 2013 11:27:25 +0200 Subject: [PATCH] s3:rpc_client: add rpccli_{create,setup}_netlogon_creds() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source3/rpc_client/cli_netlogon.c | 105 ++++++++++++++++++++++++++++++++++++++ source3/rpc_client/cli_netlogon.h | 16 ++++++ 2 files changed, 121 insertions(+) diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index fcd24d6f4cc..89aec37d67d 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -21,15 +21,19 @@ */ #include "includes.h" +#include "libsmb/libsmb.h" #include "rpc_client/rpc_client.h" +#include "rpc_client/cli_pipe.h" #include "../libcli/auth/libcli_auth.h" #include "../libcli/auth/netlogon_creds_cli.h" #include "../librpc/gen_ndr/ndr_netlogon_c.h" +#include "../librpc/gen_ndr/schannel.h" #include "rpc_client/cli_netlogon.h" #include "rpc_client/init_netlogon.h" #include "rpc_client/util_netlogon.h" #include "../libcli/security/security.h" #include "lib/param/param.h" +#include "libcli/smb/smbXcli_base.h" /**************************************************************************** Wrapper function that uses the auth and auth2 calls to set up a NETLOGON @@ -124,6 +128,107 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, return NT_STATUS_OK; } +NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, + const char *server_netbios_domain, + const char *client_account, + enum netr_SchannelType sec_chan_type, + struct messaging_context *msg_ctx, + TALLOC_CTX *mem_ctx, + struct netlogon_creds_cli_context **netlogon_creds) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct loadparm_context *lp_ctx; + NTSTATUS status; + + lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); + if (lp_ctx == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + status = netlogon_creds_cli_context_global(lp_ctx, + msg_ctx, + client_account, + sec_chan_type, + server_computer, + server_netbios_domain, + mem_ctx, netlogon_creds); + TALLOC_FREE(frame); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return NT_STATUS_OK; +} + +NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli, + struct netlogon_creds_cli_context *netlogon_creds, + bool force_reauth, + struct samr_Password current_nt_hash, + const struct samr_Password *previous_nt_hash) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct rpc_pipe_client *netlogon_pipe = NULL; + struct netlogon_creds_CredentialState *creds = NULL; + NTSTATUS status; + + status = netlogon_creds_cli_get(netlogon_creds, + frame, &creds); + if (NT_STATUS_IS_OK(status)) { + const char *action = "using"; + + if (force_reauth) { + action = "overwrite"; + } + + DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n", + __FUNCTION__, action, + creds->account_name, creds->computer_name, + smbXcli_conn_remote_name(cli->conn))); + if (!force_reauth) { + TALLOC_FREE(frame); + return NT_STATUS_OK; + } + TALLOC_FREE(creds); + } + + status = cli_rpc_pipe_open_noauth(cli, + &ndr_table_netlogon, + &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n", + __FUNCTION__, + smbXcli_conn_remote_name(cli->conn), + nt_errstr(status))); + TALLOC_FREE(frame); + return status; + } + talloc_steal(frame, netlogon_pipe); + + status = netlogon_creds_cli_auth(netlogon_creds, + netlogon_pipe->binding_handle, + current_nt_hash, + previous_nt_hash); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + + status = netlogon_creds_cli_get(netlogon_creds, + frame, &creds); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n", + __FUNCTION__, + creds->account_name, creds->computer_name, + smbXcli_conn_remote_name(cli->conn))); + + TALLOC_FREE(frame); + return NT_STATUS_OK; +} + /* Logon domain user */ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h index ad59d5b2039..82e09230398 100644 --- a/source3/rpc_client/cli_netlogon.h +++ b/source3/rpc_client/cli_netlogon.h @@ -23,6 +23,10 @@ #ifndef _RPC_CLIENT_CLI_NETLOGON_H_ #define _RPC_CLIENT_CLI_NETLOGON_H_ +struct cli_state; +struct messaging_context; +struct netlogon_creds_cli_context; + /* The following definitions come from rpc_client/cli_netlogon.c */ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, @@ -33,6 +37,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, const unsigned char machine_pwd[16], enum netr_SchannelType sec_chan_type, uint32_t *neg_flags_inout); +NTSTATUS rpccli_create_netlogon_creds(const char *server_computer, + const char *server_netbios_domain, + const char *client_account, + enum netr_SchannelType sec_chan_type, + struct messaging_context *msg_ctx, + TALLOC_CTX *mem_ctx, + struct netlogon_creds_cli_context **netlogon_creds); +NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli, + struct netlogon_creds_cli_context *netlogon_creds, + bool force_reauth, + struct samr_Password current_nt_hash, + const struct samr_Password *previous_nt_hash); NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 logon_parameters, -- 2.11.4.GIT