2 Unix SMB/CIFS implementation.
4 Copyright (C) Volker Lendecke 2005
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 a composite API for finding a DC and its name
25 #include "libcli/composite/composite.h"
26 #include "libcli/smb_composite/smb_composite.h"
27 #include "winbind/wb_async_helpers.h"
28 #include "winbind/wb_server.h"
29 #include "smbd/service_stream.h"
31 #include "librpc/gen_ndr/nbt.h"
32 #include "librpc/gen_ndr/samr.h"
33 #include "lib/messaging/irpc.h"
34 #include "librpc/gen_ndr/irpc.h"
35 #include "librpc/gen_ndr/ndr_irpc.h"
36 #include "libcli/raw/libcliraw.h"
37 #include "librpc/gen_ndr/ndr_netlogon.h"
38 #include "librpc/gen_ndr/ndr_lsa.h"
39 #include "libcli/auth/credentials.h"
41 struct finddcs_state {
42 struct composite_context *ctx;
43 struct messaging_context *msg_ctx;
45 const char *domain_name;
46 const struct dom_sid *domain_sid;
48 struct nbtd_getdcname r;
51 struct nbt_dc_name *dcs;
54 static void finddcs_resolve(struct composite_context *ctx);
55 static void finddcs_getdc(struct irpc_request *ireq);
57 struct composite_context *wb_finddcs_send(const char *domain_name,
58 const struct dom_sid *domain_sid,
59 struct event_context *event_ctx,
60 struct messaging_context *msg_ctx)
62 struct composite_context *result, *ctx;
63 struct finddcs_state *state;
66 result = talloc_zero(NULL, struct composite_context);
67 if (result == NULL) goto failed;
68 result->state = COMPOSITE_STATE_IN_PROGRESS;
69 result->event_ctx = event_ctx;
71 state = talloc(result, struct finddcs_state);
72 if (state == NULL) goto failed;
74 result->private_data = state;
76 state->domain_name = talloc_strdup(state, domain_name);
77 if (state->domain_name == NULL) goto failed;
78 state->domain_sid = dom_sid_dup(state, domain_sid);
79 if (state->domain_sid == NULL) goto failed;
80 state->msg_ctx = msg_ctx;
82 make_nbt_name(&name, state->domain_name, 0x1c);
83 ctx = resolve_name_send(&name, result->event_ctx,
84 lp_name_resolve_order());
86 if (ctx == NULL) goto failed;
87 ctx->async.fn = finddcs_resolve;
88 ctx->async.private_data = state;
97 static void finddcs_resolve(struct composite_context *ctx)
99 struct finddcs_state *state =
100 talloc_get_type(ctx->async.private_data, struct finddcs_state);
101 struct irpc_request *ireq;
102 uint32_t *nbt_servers;
105 state->ctx->status = resolve_name_recv(ctx, state, &address);
106 if (!comp_is_ok(state->ctx)) return;
109 state->dcs = talloc_array(state, struct nbt_dc_name, state->num_dcs);
110 if (comp_nomem(state->dcs, state->ctx)) return;
112 state->dcs[0].address = talloc_steal(state->dcs, address);
114 nbt_servers = irpc_servers_byname(state->msg_ctx, "nbt_server");
115 if ((nbt_servers == NULL) || (nbt_servers[0] == 0)) {
116 comp_error(state->ctx, NT_STATUS_NO_LOGON_SERVERS);
120 state->r.in.domainname = state->domain_name;
121 state->r.in.ip_address = state->dcs[0].address;
122 state->r.in.my_computername = lp_netbios_name();
123 state->r.in.my_accountname = talloc_asprintf(state, "%s$",
125 if (comp_nomem(state->r.in.my_accountname, state->ctx)) return;
126 state->r.in.account_control = ACB_WSTRUST;
127 state->r.in.domain_sid = dom_sid_dup(state, state->domain_sid);
128 if (comp_nomem(state->r.in.domain_sid, state->ctx)) return;
130 ireq = irpc_call_send(state->msg_ctx, nbt_servers[0],
131 &dcerpc_table_irpc, DCERPC_NBTD_GETDCNAME,
133 irpc_cont(state->ctx, ireq, finddcs_getdc, state);
136 static void finddcs_getdc(struct irpc_request *ireq)
138 struct finddcs_state *state =
139 talloc_get_type(ireq->async.private, struct finddcs_state);
141 state->ctx->status = irpc_call_recv(ireq);
142 if (!comp_is_ok(state->ctx)) return;
144 state->dcs[0].name = talloc_steal(state->dcs, state->r.out.dcname);
145 comp_done(state->ctx);
148 NTSTATUS wb_finddcs_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
149 int *num_dcs, struct nbt_dc_name **dcs)
151 NTSTATUS status =composite_wait(c);
152 if (NT_STATUS_IS_OK(status)) {
153 struct finddcs_state *state =
154 talloc_get_type(c->private_data, struct finddcs_state);
155 *num_dcs = state->num_dcs;
156 *dcs = talloc_steal(mem_ctx, state->dcs);
162 NTSTATUS wb_finddcs(const char *domain_name, const struct dom_sid *domain_sid,
163 struct event_context *event_ctx,
164 struct messaging_context *msg_ctx,
166 int *num_dcs, struct nbt_dc_name **dcs)
168 struct composite_context *c = wb_finddcs_send(domain_name, domain_sid,
170 return wb_finddcs_recv(c, mem_ctx, num_dcs, dcs);
173 struct get_schannel_creds_state {
174 struct composite_context *ctx;
175 struct cli_credentials *wks_creds;
176 struct dcerpc_pipe *p;
177 struct netr_ServerReqChallenge r;
179 struct creds_CredentialState *creds_state;
180 struct netr_Credential netr_cred;
181 uint32_t negotiate_flags;
182 struct netr_ServerAuthenticate2 a;
185 static void get_schannel_creds_recv_auth(struct rpc_request *req);
186 static void get_schannel_creds_recv_chal(struct rpc_request *req);
187 static void get_schannel_creds_recv_pipe(struct composite_context *ctx);
189 struct composite_context *wb_get_schannel_creds_send(struct cli_credentials *wks_creds,
190 struct smbcli_tree *tree,
191 struct event_context *ev)
193 struct composite_context *result, *ctx;
194 struct get_schannel_creds_state *state;
196 result = talloc_zero(NULL, struct composite_context);
197 if (result == NULL) goto failed;
198 result->state = COMPOSITE_STATE_IN_PROGRESS;
199 result->event_ctx = ev;
201 state = talloc(result, struct get_schannel_creds_state);
202 if (state == NULL) goto failed;
203 result->private_data = state;
206 state->wks_creds = wks_creds;
208 state->p = dcerpc_pipe_init(state, ev);
209 if (state->p == NULL) goto failed;
211 ctx = dcerpc_pipe_open_smb_send(state->p->conn, tree, "\\netlogon");
212 if (ctx == NULL) goto failed;
214 ctx->async.fn = get_schannel_creds_recv_pipe;
215 ctx->async.private_data = state;
223 static void get_schannel_creds_recv_pipe(struct composite_context *ctx)
225 struct get_schannel_creds_state *state =
226 talloc_get_type(ctx->async.private_data,
227 struct get_schannel_creds_state);
228 struct rpc_request *req;
230 state->ctx->status = dcerpc_pipe_open_smb_recv(ctx);
231 if (!comp_is_ok(state->ctx)) return;
233 state->ctx->status = dcerpc_bind_auth_none(state->p,
234 DCERPC_NETLOGON_UUID,
235 DCERPC_NETLOGON_VERSION);
236 if (!comp_is_ok(state->ctx)) return;
238 state->r.in.computer_name =
239 cli_credentials_get_workstation(state->wks_creds);
240 state->r.in.server_name =
241 talloc_asprintf(state, "\\\\%s",
242 dcerpc_server_name(state->p));
243 if (comp_nomem(state->r.in.server_name, state->ctx)) return;
245 state->r.in.credentials = talloc(state, struct netr_Credential);
246 if (comp_nomem(state->r.in.credentials, state->ctx)) return;
248 state->r.out.credentials = talloc(state, struct netr_Credential);
249 if (comp_nomem(state->r.out.credentials, state->ctx)) return;
251 generate_random_buffer(state->r.in.credentials->data,
252 sizeof(state->r.in.credentials->data));
254 req = dcerpc_netr_ServerReqChallenge_send(state->p, state, &state->r);
255 rpc_cont(state->ctx, req, get_schannel_creds_recv_chal, state);
258 static void get_schannel_creds_recv_chal(struct rpc_request *req)
260 struct get_schannel_creds_state *state =
261 talloc_get_type(req->async.private,
262 struct get_schannel_creds_state);
263 const struct samr_Password *mach_pwd;
265 state->ctx->status = dcerpc_ndr_request_recv(req);
266 if (!comp_is_ok(state->ctx)) return;
267 state->ctx->status = state->r.out.result;
268 if (!comp_is_ok(state->ctx)) return;
270 state->creds_state = talloc(state, struct creds_CredentialState);
271 if (comp_nomem(state->creds_state, state->ctx)) return;
273 mach_pwd = cli_credentials_get_nt_hash(state->wks_creds, state);
274 if (comp_nomem(mach_pwd, state->ctx)) return;
276 state->negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
278 creds_client_init(state->creds_state, state->r.in.credentials,
279 state->r.out.credentials, mach_pwd,
280 &state->netr_cred, state->negotiate_flags);
282 state->a.in.server_name =
283 talloc_reference(state, state->r.in.server_name);
284 state->a.in.account_name =
285 cli_credentials_get_username(state->wks_creds);
286 state->a.in.secure_channel_type =
287 cli_credentials_get_secure_channel_type(state->wks_creds);
288 state->a.in.computer_name =
289 cli_credentials_get_workstation(state->wks_creds);
290 state->a.in.negotiate_flags = &state->negotiate_flags;
291 state->a.out.negotiate_flags = &state->negotiate_flags;
292 state->a.in.credentials = &state->netr_cred;
293 state->a.out.credentials = &state->netr_cred;
295 req = dcerpc_netr_ServerAuthenticate2_send(state->p, state, &state->a);
296 rpc_cont(state->ctx, req, get_schannel_creds_recv_auth, state);
299 static void get_schannel_creds_recv_auth(struct rpc_request *req)
301 struct get_schannel_creds_state *state =
302 talloc_get_type(req->async.private,
303 struct get_schannel_creds_state);
305 state->ctx->status = dcerpc_ndr_request_recv(req);
306 if (!NT_STATUS_IS_OK(state->ctx->status)) goto done;
307 state->ctx->status = state->a.out.result;
308 if (!NT_STATUS_IS_OK(state->ctx->status)) goto done;
310 if (!creds_client_check(state->creds_state,
311 state->a.out.credentials)) {
312 DEBUG(5, ("Server got us invalid creds\n"));
313 state->ctx->status = NT_STATUS_UNSUCCESSFUL;
317 cli_credentials_set_netlogon_creds(state->wks_creds, state->creds_state);
319 state->ctx->state = COMPOSITE_STATE_DONE;
322 if (!NT_STATUS_IS_OK(state->ctx->status)) {
323 state->ctx->state = COMPOSITE_STATE_ERROR;
325 if ((state->ctx->state >= COMPOSITE_STATE_DONE) &&
326 (state->ctx->async.fn != NULL)) {
327 state->ctx->async.fn(state->ctx);
331 NTSTATUS wb_get_schannel_creds_recv(struct composite_context *c,
333 struct dcerpc_pipe **netlogon_pipe)
335 NTSTATUS status = composite_wait(c);
336 if (NT_STATUS_IS_OK(status)) {
337 struct get_schannel_creds_state *state =
338 talloc_get_type(c->private_data,
339 struct get_schannel_creds_state);
340 *netlogon_pipe = talloc_steal(mem_ctx, state->p);
346 NTSTATUS wb_get_schannel_creds(struct cli_credentials *wks_creds,
347 struct smbcli_tree *tree,
348 struct event_context *event_ctx,
350 struct dcerpc_pipe **netlogon_pipe)
352 struct composite_context *c =
353 wb_get_schannel_creds_send(wks_creds, tree, event_ctx);
354 return wb_get_schannel_creds_recv(c, mem_ctx, netlogon_pipe);
357 struct get_lsa_pipe_state {
358 struct composite_context *ctx;
359 const char *domain_name;
360 const struct dom_sid *domain_sid;
362 struct smb_composite_connect conn;
363 struct dcerpc_pipe *lsa_pipe;
365 struct lsa_ObjectAttribute objectattr;
366 struct lsa_OpenPolicy2 openpolicy;
367 struct policy_handle policy_handle;
369 struct lsa_QueryInfoPolicy queryinfo;
371 struct lsa_Close close;
374 static void get_lsa_pipe_recv_dcs(struct composite_context *ctx);
375 static void get_lsa_pipe_recv_tree(struct composite_context *ctx);
376 static void get_lsa_pipe_recv_pipe(struct composite_context *ctx);
377 static void get_lsa_pipe_recv_openpol(struct rpc_request *req);
378 static void get_lsa_pipe_recv_queryinfo(struct rpc_request *req);
379 static void get_lsa_pipe_recv_close(struct rpc_request *req);
381 struct composite_context *wb_get_lsa_pipe_send(struct event_context *event_ctx,
382 struct messaging_context *msg_ctx,
383 const char *domain_name,
384 const struct dom_sid *domain_sid)
386 struct composite_context *result, *ctx;
387 struct get_lsa_pipe_state *state;
389 result = talloc_zero(NULL, struct composite_context);
390 if (result == NULL) goto failed;
391 result->state = COMPOSITE_STATE_IN_PROGRESS;
392 result->event_ctx = event_ctx;
394 state = talloc(result, struct get_lsa_pipe_state);
395 if (state == NULL) goto failed;
396 result->private_data = state;
399 state->domain_name = domain_name;
400 state->domain_sid = domain_sid;
402 ctx = wb_finddcs_send(domain_name, domain_sid, event_ctx, msg_ctx);
403 if (ctx == NULL) goto failed;
405 ctx->async.fn = get_lsa_pipe_recv_dcs;
406 ctx->async.private_data = state;
414 static void get_lsa_pipe_recv_dcs(struct composite_context *ctx)
416 struct get_lsa_pipe_state *state =
417 talloc_get_type(ctx->async.private_data,
418 struct get_lsa_pipe_state);
421 struct nbt_dc_name *dcs;
423 state->ctx->status = wb_finddcs_recv(ctx, state, &num_dcs, &dcs);
424 if (!comp_is_ok(state->ctx)) return;
427 comp_error(state->ctx, NT_STATUS_NO_LOGON_SERVERS);
431 state->conn.in.dest_host = dcs[0].address;
432 state->conn.in.port = 0;
433 state->conn.in.called_name = dcs[0].name;
434 state->conn.in.service = "IPC$";
435 state->conn.in.service_type = "IPC";
436 state->conn.in.workgroup = state->domain_name;
438 state->conn.in.credentials = cli_credentials_init(state);
439 if (comp_nomem(state->conn.in.credentials, state->ctx)) return;
440 cli_credentials_set_conf(state->conn.in.credentials);
441 cli_credentials_set_anonymous(state->conn.in.credentials);
443 ctx = smb_composite_connect_send(&state->conn, state,
444 state->ctx->event_ctx);
445 comp_cont(state->ctx, ctx, get_lsa_pipe_recv_tree, state);
448 static void get_lsa_pipe_recv_tree(struct composite_context *ctx)
450 struct get_lsa_pipe_state *state =
451 talloc_get_type(ctx->async.private_data,
452 struct get_lsa_pipe_state);
454 state->ctx->status = smb_composite_connect_recv(ctx, state);
455 if (!comp_is_ok(state->ctx)) return;
457 state->lsa_pipe = dcerpc_pipe_init(state, state->ctx->event_ctx);
458 if (comp_nomem(state->lsa_pipe, state->ctx)) return;
460 ctx = dcerpc_pipe_open_smb_send(state->lsa_pipe->conn,
461 state->conn.out.tree, "\\lsarpc");
462 comp_cont(state->ctx, ctx, get_lsa_pipe_recv_pipe, state);
465 static void get_lsa_pipe_recv_pipe(struct composite_context *ctx)
467 struct get_lsa_pipe_state *state =
468 talloc_get_type(ctx->async.private_data,
469 struct get_lsa_pipe_state);
470 struct rpc_request *req;
472 state->ctx->status = dcerpc_pipe_open_smb_recv(ctx);
473 if (!comp_is_ok(state->ctx)) return;
475 talloc_unlink(state, state->conn.out.tree); /* The pipe owns it now */
476 state->conn.out.tree = NULL;
478 state->ctx->status = dcerpc_bind_auth_none(state->lsa_pipe,
480 DCERPC_LSARPC_VERSION);
481 if (!comp_is_ok(state->ctx)) return;
483 state->openpolicy.in.system_name =
484 talloc_asprintf(state, "\\\\%s",
485 dcerpc_server_name(state->lsa_pipe));
486 if (comp_nomem(state->openpolicy.in.system_name, state->ctx)) return;
488 ZERO_STRUCT(state->objectattr);
489 state->openpolicy.in.attr = &state->objectattr;
490 state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
491 state->openpolicy.out.handle = &state->policy_handle;
493 req = dcerpc_lsa_OpenPolicy2_send(state->lsa_pipe, state,
495 rpc_cont(state->ctx, req, get_lsa_pipe_recv_openpol, state);
498 static void get_lsa_pipe_recv_openpol(struct rpc_request *req)
500 struct get_lsa_pipe_state *state =
501 talloc_get_type(req->async.private, struct get_lsa_pipe_state);
503 state->ctx->status = dcerpc_ndr_request_recv(req);
504 if (!comp_is_ok(state->ctx)) return;
505 state->ctx->status = state->openpolicy.out.result;
506 if (!comp_is_ok(state->ctx)) return;
508 state->queryinfo.in.handle = &state->policy_handle;
509 state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN;
511 req = dcerpc_lsa_QueryInfoPolicy_send(state->lsa_pipe, state,
513 rpc_cont(state->ctx, req, get_lsa_pipe_recv_queryinfo, state);
516 static void get_lsa_pipe_recv_queryinfo(struct rpc_request *req)
518 struct get_lsa_pipe_state *state =
519 talloc_get_type(req->async.private, struct get_lsa_pipe_state);
520 struct lsa_DomainInfo *dominfo;
522 state->ctx->status = dcerpc_ndr_request_recv(req);
523 if (!comp_is_ok(state->ctx)) return;
524 state->ctx->status = state->queryinfo.out.result;
525 if (!comp_is_ok(state->ctx)) return;
527 dominfo = &state->queryinfo.out.info->account_domain;
529 if (strcasecmp(state->domain_name, dominfo->name.string) != 0) {
530 DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
532 dcerpc_server_name(state->lsa_pipe),
533 dominfo->name.string));
534 comp_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
538 if (!dom_sid_equal(state->domain_sid, dominfo->sid)) {
539 DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
540 dom_sid_string(state, state->domain_sid),
541 dcerpc_server_name(state->lsa_pipe),
542 dom_sid_string(state, dominfo->sid)));
543 comp_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
547 state->close.in.handle = &state->policy_handle;
548 state->close.out.handle = &state->policy_handle;
550 req = dcerpc_lsa_Close_send(state->lsa_pipe, state,
552 rpc_cont(state->ctx, req, get_lsa_pipe_recv_close, state);
555 static void get_lsa_pipe_recv_close(struct rpc_request *req)
557 struct get_lsa_pipe_state *state =
558 talloc_get_type(req->async.private, struct get_lsa_pipe_state);
560 state->ctx->status = dcerpc_ndr_request_recv(req);
561 if (!comp_is_ok(state->ctx)) return;
562 state->ctx->status = state->close.out.result;
563 if (!comp_is_ok(state->ctx)) return;
565 comp_done(state->ctx);
568 NTSTATUS wb_get_lsa_pipe_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
569 struct dcerpc_pipe **pipe)
571 NTSTATUS status = composite_wait(c);
572 if (NT_STATUS_IS_OK(status)) {
573 struct get_lsa_pipe_state *state =
574 talloc_get_type(c->private_data,
575 struct get_lsa_pipe_state);
576 *pipe = talloc_steal(mem_ctx, state->lsa_pipe);
582 NTSTATUS wb_get_lsa_pipe(struct event_context *event_ctx,
583 struct messaging_context *msg_ctx,
584 const char *domain_name,
585 const struct dom_sid *domain_sid,
587 struct dcerpc_pipe **pipe)
589 struct composite_context *c =
590 wb_get_lsa_pipe_send(event_ctx, msg_ctx, domain_name,
592 return wb_get_lsa_pipe_recv(c, mem_ctx, pipe);
595 struct lsa_lookupnames_state {
596 struct composite_context *ctx;
598 struct lsa_LookupNames r;
599 struct lsa_TransSidArray sids;
601 struct wb_sid_object **result;
604 static void lsa_lookupnames_recv_sids(struct rpc_request *req);
606 struct composite_context *wb_lsa_lookupnames_send(struct dcerpc_pipe *lsa_pipe,
607 struct policy_handle *handle,
611 struct composite_context *result;
612 struct rpc_request *req;
613 struct lsa_lookupnames_state *state;
615 struct lsa_String *lsa_names;
618 result = talloc_zero(NULL, struct composite_context);
619 if (result == NULL) goto failed;
620 result->state = COMPOSITE_STATE_IN_PROGRESS;
621 result->event_ctx = lsa_pipe->conn->event_ctx;
623 state = talloc(result, struct lsa_lookupnames_state);
624 if (state == NULL) goto failed;
625 result->private_data = state;
628 state->sids.count = 0;
629 state->sids.sids = NULL;
630 state->num_names = num_names;
633 lsa_names = talloc_array(state, struct lsa_String, num_names);
634 if (lsa_names == NULL) goto failed;
636 for (i=0; i<num_names; i++) {
637 lsa_names[i].string = names[i];
640 state->r.in.handle = handle;
641 state->r.in.num_names = num_names;
642 state->r.in.names = lsa_names;
643 state->r.in.sids = &state->sids;
644 state->r.in.level = 1;
645 state->r.in.count = &state->count;
646 state->r.out.count = &state->count;
647 state->r.out.sids = &state->sids;
649 req = dcerpc_lsa_LookupNames_send(lsa_pipe, state, &state->r);
650 if (req == NULL) goto failed;
652 req->async.callback = lsa_lookupnames_recv_sids;
653 req->async.private = state;
661 static void lsa_lookupnames_recv_sids(struct rpc_request *req)
663 struct lsa_lookupnames_state *state =
664 talloc_get_type(req->async.private,
665 struct lsa_lookupnames_state);
668 state->ctx->status = dcerpc_ndr_request_recv(req);
669 if (!comp_is_ok(state->ctx)) return;
670 state->ctx->status = state->r.out.result;
671 if (!NT_STATUS_IS_OK(state->ctx->status) &&
672 !NT_STATUS_EQUAL(state->ctx->status, STATUS_SOME_UNMAPPED)) {
673 comp_error(state->ctx, state->ctx->status);
677 state->result = talloc_array(state, struct wb_sid_object *,
679 if (comp_nomem(state->result, state->ctx)) return;
681 for (i=0; i<state->num_names; i++) {
682 struct lsa_TranslatedSid *sid = &state->r.out.sids->sids[i];
683 struct lsa_TrustInformation *dom;
685 state->result[i] = talloc_zero(state->result,
686 struct wb_sid_object);
687 if (comp_nomem(state->result[i], state->ctx)) return;
689 state->result[i]->type = sid->sid_type;
690 if (state->result[i]->type == SID_NAME_UNKNOWN) {
694 if (sid->sid_index >= state->r.out.domains->count) {
695 comp_error(state->ctx, NT_STATUS_INVALID_PARAMETER);
699 dom = &state->r.out.domains->domains[sid->sid_index];
701 state->result[i]->sid = dom_sid_add_rid(state->result[i],
705 comp_done(state->ctx);
708 NTSTATUS wb_lsa_lookupnames_recv(struct composite_context *c,
710 struct wb_sid_object ***sids)
712 NTSTATUS status = composite_wait(c);
713 if (NT_STATUS_IS_OK(status)) {
714 struct lsa_lookupnames_state *state =
715 talloc_get_type(c->private_data,
716 struct lsa_lookupnames_state);
717 *sids = talloc_steal(mem_ctx, state->result);
723 NTSTATUS wb_lsa_lookupnames(struct dcerpc_pipe *lsa_pipe,
724 struct policy_handle *handle,
725 int num_names, const char **names,
727 struct wb_sid_object ***sids)
729 struct composite_context *c =
730 wb_lsa_lookupnames_send(lsa_pipe, handle, num_names, names);
731 return wb_lsa_lookupnames_recv(c, mem_ctx, sids);
734 struct lsa_lookupname_state {
735 struct composite_context *ctx;
736 struct dcerpc_pipe *lsa_pipe;
738 struct wb_sid_object *sid;
740 struct lsa_ObjectAttribute objectattr;
741 struct lsa_OpenPolicy2 openpolicy;
742 struct policy_handle policy_handle;
743 struct lsa_Close close;
746 static void lsa_lookupname_recv_open(struct rpc_request *req);
747 static void lsa_lookupname_recv_sids(struct composite_context *ctx);
749 struct composite_context *wb_lsa_lookupname_send(struct dcerpc_pipe *lsa_pipe,
752 struct composite_context *result;
753 struct rpc_request *req;
754 struct lsa_lookupname_state *state;
756 result = talloc_zero(NULL, struct composite_context);
757 if (result == NULL) goto failed;
758 result->state = COMPOSITE_STATE_IN_PROGRESS;
759 result->event_ctx = lsa_pipe->conn->event_ctx;
761 state = talloc(result, struct lsa_lookupname_state);
762 if (state == NULL) goto failed;
763 result->private_data = state;
765 state->lsa_pipe = lsa_pipe;
766 state->name = talloc_strdup(state, name);
767 if (state->name == NULL) goto failed;
770 state->openpolicy.in.system_name =
771 talloc_asprintf(state, "\\\\%s",
772 dcerpc_server_name(state->lsa_pipe));
773 ZERO_STRUCT(state->objectattr);
774 state->openpolicy.in.attr = &state->objectattr;
775 state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
776 state->openpolicy.out.handle = &state->policy_handle;
778 req = dcerpc_lsa_OpenPolicy2_send(state->lsa_pipe, state,
780 if (req == NULL) goto failed;
782 req->async.callback = lsa_lookupname_recv_open;
783 req->async.private = state;
791 static void lsa_lookupname_recv_open(struct rpc_request *req)
793 struct lsa_lookupname_state *state =
794 talloc_get_type(req->async.private,
795 struct lsa_lookupname_state);
796 struct composite_context *ctx;
798 state->ctx->status = dcerpc_ndr_request_recv(req);
799 if (!comp_is_ok(state->ctx)) return;
800 state->ctx->status = state->openpolicy.out.result;
801 if (!comp_is_ok(state->ctx)) return;
803 ctx = wb_lsa_lookupnames_send(state->lsa_pipe, &state->policy_handle,
805 comp_cont(state->ctx, ctx, lsa_lookupname_recv_sids, state);
808 static void lsa_lookupname_recv_sids(struct composite_context *ctx)
810 struct lsa_lookupname_state *state =
811 talloc_get_type(ctx->async.private_data,
812 struct lsa_lookupname_state);
813 struct rpc_request *req;
814 struct wb_sid_object **sids;
816 state->ctx->status = wb_lsa_lookupnames_recv(ctx, state, &sids);
818 if (NT_STATUS_IS_OK(state->ctx->status)) {
821 state->sid = sids[0];
825 state->close.in.handle = &state->policy_handle;
826 state->close.out.handle = &state->policy_handle;
828 req = dcerpc_lsa_Close_send(state->lsa_pipe, state,
831 req->async.callback =
832 (void(*)(struct rpc_request *))talloc_free;
835 comp_done(state->ctx);
838 NTSTATUS wb_lsa_lookupname_recv(struct composite_context *c,
840 struct wb_sid_object **sid)
842 NTSTATUS status = composite_wait(c);
843 if (NT_STATUS_IS_OK(status)) {
844 struct lsa_lookupname_state *state =
845 talloc_get_type(c->private_data,
846 struct lsa_lookupname_state);
847 *sid = talloc_steal(mem_ctx, state->sid);
853 NTSTATUS wb_lsa_lookupname(struct dcerpc_pipe *lsa_pipe, const char *name,
854 TALLOC_CTX *mem_ctx, struct wb_sid_object **sid)
856 struct composite_context *c =
857 wb_lsa_lookupname_send(lsa_pipe, name);
858 return wb_lsa_lookupname_recv(c, mem_ctx, sid);
861 struct cmd_lookupname_state {
862 struct composite_context *ctx;
863 struct wbsrv_call *call;
864 struct wbsrv_domain *domain;
866 struct wb_sid_object *result;
869 static void cmd_lookupname_recv_lsa(struct composite_context *ctx);
870 static void cmd_lookupname_recv_sid(struct composite_context *ctx);
872 struct composite_context *wb_cmd_lookupname_send(struct wbsrv_call *call,
875 struct composite_context *result, *ctx;
876 struct cmd_lookupname_state *state;
877 struct wbsrv_service *service = call->wbconn->listen_socket->service;
879 result = talloc_zero(call, struct composite_context);
880 if (result == NULL) goto failed;
881 result->state = COMPOSITE_STATE_IN_PROGRESS;
882 result->event_ctx = call->event_ctx;
884 state = talloc(result, struct cmd_lookupname_state);
885 if (state == NULL) goto failed;
887 result->private_data = state;
890 state->name = talloc_strdup(state, name);
892 state->domain = service->domains;
894 if (state->domain->lsa_pipe != NULL) {
895 ctx = wb_lsa_lookupname_send(state->domain->lsa_pipe, name);
896 if (ctx == NULL) goto failed;
897 ctx->async.fn = cmd_lookupname_recv_sid;
898 ctx->async.private_data = state;
902 ctx = wb_get_lsa_pipe_send(result->event_ctx,
903 call->wbconn->conn->msg_ctx,
906 if (ctx == NULL) goto failed;
907 ctx->async.fn = cmd_lookupname_recv_lsa;
908 ctx->async.private_data = state;
916 static void cmd_lookupname_recv_lsa(struct composite_context *ctx)
918 struct cmd_lookupname_state *state =
919 talloc_get_type(ctx->async.private_data,
920 struct cmd_lookupname_state);
921 struct wbsrv_service *service =
922 state->call->wbconn->listen_socket->service;
924 struct dcerpc_pipe *pipe;
926 state->ctx->status = wb_get_lsa_pipe_recv(ctx, state, &pipe);
927 if (!comp_is_ok(state->ctx)) return;
929 if (state->domain->lsa_pipe == NULL) {
930 /* Only put the new pipe in if nobody else was faster. */
931 state->domain->lsa_pipe = talloc_steal(service, pipe);
934 ctx = wb_lsa_lookupname_send(state->domain->lsa_pipe, state->name);
935 comp_cont(state->ctx, ctx, cmd_lookupname_recv_sid, state);
938 static void cmd_lookupname_recv_sid(struct composite_context *ctx)
940 struct cmd_lookupname_state *state =
941 talloc_get_type(ctx->async.private_data,
942 struct cmd_lookupname_state);
944 state->ctx->status = wb_lsa_lookupname_recv(ctx, state,
946 if (!comp_is_ok(state->ctx)) return;
948 comp_done(state->ctx);
951 NTSTATUS wb_cmd_lookupname_recv(struct composite_context *c,
953 struct wb_sid_object **sid)
955 NTSTATUS status = composite_wait(c);
956 if (NT_STATUS_IS_OK(status)) {
957 struct cmd_lookupname_state *state =
958 talloc_get_type(c->private_data,
959 struct cmd_lookupname_state);
960 *sid = talloc_steal(mem_ctx, state->result);
966 NTSTATUS wb_cmd_lookupname(struct wbsrv_call *call, const char *name,
967 TALLOC_CTX *mem_ctx, struct wb_sid_object **sid)
969 struct composite_context *c =
970 wb_cmd_lookupname_send(call, name);
971 return wb_cmd_lookupname_recv(c, mem_ctx, sid);
974 struct cmd_checkmachacc_state {
975 struct composite_context *ctx;
976 struct wbsrv_call *call;
977 struct wbsrv_domain *domain;
980 static void cmd_checkmachacc_recv_init(struct composite_context *ctx);
982 struct composite_context *wb_cmd_checkmachacc_send(struct wbsrv_call *call)
984 struct composite_context *result, *ctx;
985 struct cmd_checkmachacc_state *state;
986 struct wbsrv_service *service = call->wbconn->listen_socket->service;
988 result = talloc(call, struct composite_context);
989 if (result == NULL) goto failed;
990 result->state = COMPOSITE_STATE_IN_PROGRESS;
991 result->event_ctx = call->event_ctx;
993 state = talloc(result, struct cmd_checkmachacc_state);
994 if (state == NULL) goto failed;
996 result->private_data = state;
999 state->domain = service->domains;
1001 if (state->domain->schannel_creds != NULL) {
1002 talloc_free(state->domain->schannel_creds);
1005 state->domain->schannel_creds = cli_credentials_init(service);
1006 if (state->domain->schannel_creds == NULL) goto failed;
1008 cli_credentials_set_conf(state->domain->schannel_creds);
1010 state->ctx->status =
1011 cli_credentials_set_machine_account(state->domain->
1013 if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
1015 ctx = wb_init_domain_send(state->domain, result->event_ctx,
1016 call->wbconn->conn->msg_ctx);
1017 if (ctx == NULL) goto failed;
1018 ctx->async.fn = cmd_checkmachacc_recv_init;
1019 ctx->async.private_data = state;
1024 talloc_free(result);
1028 static void cmd_checkmachacc_recv_init(struct composite_context *ctx)
1030 struct cmd_checkmachacc_state *state =
1031 talloc_get_type(ctx->async.private_data,
1032 struct cmd_checkmachacc_state);
1034 state->ctx->status = wb_init_domain_recv(ctx);
1035 if (!comp_is_ok(state->ctx)) return;
1037 comp_done(state->ctx);
1040 NTSTATUS wb_cmd_checkmachacc_recv(struct composite_context *c)
1042 NTSTATUS status = composite_wait(c);
1047 NTSTATUS wb_cmd_checkmachacc(struct wbsrv_call *call)
1049 struct composite_context *c = wb_cmd_checkmachacc_send(call);
1050 return wb_cmd_checkmachacc_recv(c);