source/libnet/libnet_rpc.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Copyright (C) Stefan Metzmacher  2004
   5    Copyright (C) Rafal Szczesniak   2005
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "libnet/libnet.h"
  23 #include "libcli/libcli.h"
  24 #include "libcli/composite/composite.h"
  25 #include "librpc/rpc/dcerpc.h"
  26 #include "librpc/gen_ndr/ndr_lsa_c.h"
  27 #include "librpc/gen_ndr/ndr_samr.h"
  28
  29
  30 struct rpc_connect_srv_state {
  31         struct libnet_context *ctx;
  32         struct libnet_RpcConnect r;
  33         const char *binding;
  34
  35         /* information about the progress */
  36         void (*monitor_fn)(struct monitor_msg*);
  37 };
  38
  39
  40 static void continue_pipe_connect(struct composite_context *ctx);
  41
  42
  43 /**
  44  * Initiates connection to rpc pipe on remote server
  45  *
  46  * @param ctx initialised libnet context
  47  * @param mem_ctx memory context of this call
  48  * @param r data structure containing necessary parameters and return values
  49  * @return composite context of this call
  50  **/
  51
  52 static struct composite_context* libnet_RpcConnectSrv_send(struct libnet_context *ctx,
  53                                                            TALLOC_CTX *mem_ctx,
  54                                                            struct libnet_RpcConnect *r,
  55                                                            void (*monitor)(struct monitor_msg*))
  56 {
  57         struct composite_context *c;
  58         struct rpc_connect_srv_state *s;
  59         struct dcerpc_binding *b;
  60         struct composite_context *pipe_connect_req;
  61
  62         /* composite context allocation and setup */
  63         c = composite_create(ctx, ctx->event_ctx);
  64         if (c == NULL) return c;
  65
  66         s = talloc_zero(c, struct rpc_connect_srv_state);
  67         if (composite_nomem(s, c)) return c;
  68
  69         c->private_data = s;
  70         s->monitor_fn   = monitor;
  71
  72         s->ctx = ctx;
  73         s->r = *r;
  74         ZERO_STRUCT(s->r.out);
  75
  76         /* prepare binding string */
  77         switch (r->level) {
  78         case LIBNET_RPC_CONNECT_SERVER:
  79                 s->binding = talloc_asprintf(s, "ncacn_np:%s", r->in.name);
  80                 break;
  81         case LIBNET_RPC_CONNECT_SERVER_ADDRESS:
  82                 s->binding = talloc_asprintf(s, "ncacn_np:%s", r->in.address);
  83                 break;
  84
  85         case LIBNET_RPC_CONNECT_BINDING:
  86                 s->binding = talloc_strdup(s, r->in.binding);
  87                 break;
  88
  89         case LIBNET_RPC_CONNECT_DC:
  90         case LIBNET_RPC_CONNECT_PDC:
  91                 /* this should never happen - DC and PDC level has a separate
  92                    composite function */
  93         case LIBNET_RPC_CONNECT_DC_INFO:
  94                 /* this should never happen - DC_INFO level has a separate
  95                    composite function */
  96                 composite_error(c, NT_STATUS_INVALID_LEVEL);
  97                 return c;
  98         }
  99
 100         /* parse binding string to the structure */
 101         c->status = dcerpc_parse_binding(c, s->binding, &b);
 102         if (!NT_STATUS_IS_OK(c->status)) {
 103                 DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", s->binding));
 104                 composite_error(c, c->status);
 105                 return c;
 106         }
 107
 108         if (r->level == LIBNET_RPC_CONNECT_SERVER_ADDRESS) {
 109                 b->target_hostname = talloc_reference(b, r->in.name);
 110                 if (composite_nomem(b->target_hostname, c)) {
 111                         return c;
 112                 }
 113         }
 114
 115         /* connect to remote dcerpc pipe */
 116         pipe_connect_req = dcerpc_pipe_connect_b_send(c, b, r->in.dcerpc_iface,
 117                                                       ctx->cred, c->event_ctx);
 118         if (composite_nomem(pipe_connect_req, c)) return c;
 119
 120         composite_continue(c, pipe_connect_req, continue_pipe_connect, c);
 121         return c;
 122 }
 123
 124
 125 /*
 126   Step 2 of RpcConnectSrv - get rpc connection
 127 */
 128 static void continue_pipe_connect(struct composite_context *ctx)
 129 {
 130         struct composite_context *c;
 131         struct rpc_connect_srv_state *s;
 132
 133         c = talloc_get_type(ctx->async.private_data, struct composite_context);
 134         s = talloc_get_type(c->private_data, struct rpc_connect_srv_state);
 135
 136         /* receive result of rpc pipe connection */
 137         c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->r.out.dcerpc_pipe);
 138
 139         /* post monitor message */
 140         if (s->monitor_fn) {
 141                 struct monitor_msg msg;
 142                 struct msg_net_rpc_connect data;
 143                 struct dcerpc_binding *binding = s->r.out.dcerpc_pipe->binding;
 144
 145                 /* prepare monitor message and post it */
 146                 data.host        = binding->host;
 147                 data.endpoint    = binding->endpoint;
 148                 data.transport   = binding->transport;
 149                 data.domain_name = binding->target_hostname;
 150
 151                 msg.type      = mon_NetRpcConnect;
 152                 msg.data      = (void*)&data;
 153                 msg.data_size = sizeof(data);
 154                 s->monitor_fn(&msg);
 155         }
 156
 157         composite_done(c);
 158 }
 159
 160
 161 /**
 162  * Receives result of connection to rpc pipe on remote server
 163  *
 164  * @param c composite context
 165  * @param ctx initialised libnet context
 166  * @param mem_ctx memory context of this call
 167  * @param r data structure containing necessary parameters and return values
 168  * @return nt status of rpc connection
 169  **/
 170
 171 static NTSTATUS libnet_RpcConnectSrv_recv(struct composite_context *c,
 172                                           struct libnet_context *ctx,
 173                                           TALLOC_CTX *mem_ctx,
 174                                           struct libnet_RpcConnect *r)
 175 {
 176         NTSTATUS status;
 177         struct rpc_connect_srv_state *s = talloc_get_type(c->private_data,
 178                                           struct rpc_connect_srv_state);
 179
 180         status = composite_wait(c);
 181         if (NT_STATUS_IS_OK(status)) {
 182                 /* move the returned rpc pipe between memory contexts */
 183                 s = talloc_get_type(c->private_data, struct rpc_connect_srv_state);
 184                 r->out.dcerpc_pipe = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
 185
 186                 /* reference created pipe structure to long-term libnet_context
 187                    so that it can be used by other api functions even after short-term
 188                    mem_ctx is freed */
 189                 if (r->in.dcerpc_iface == &ndr_table_samr) {
 190                         ctx->samr.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
 191
 192                 } else if (r->in.dcerpc_iface == &ndr_table_lsarpc) {
 193                         ctx->lsa.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
 194                 }
 195
 196                 r->out.error_string = talloc_strdup(mem_ctx, "Success");
 197
 198         } else {
 199                 r->out.error_string = talloc_asprintf(mem_ctx, "Error: %s", nt_errstr(status));
 200         }
 201
 202         talloc_free(c);
 203         return status;
 204 }
 205
 206
 207 struct rpc_connect_dc_state {
 208         struct libnet_context *ctx;
 209         struct libnet_RpcConnect r;
 210         struct libnet_RpcConnect r2;
 211         struct libnet_LookupDCs f;
 212         const char *connect_name;
 213
 214         /* information about the progress */
 215         void (*monitor_fn)(struct monitor_msg *);
 216 };
 217
 218
 219 static void continue_lookup_dc(struct composite_context *ctx);
 220 static void continue_rpc_connect(struct composite_context *ctx);
 221
 222
 223 /**
 224  * Initiates connection to rpc pipe on domain pdc
 225  *
 226  * @param ctx initialised libnet context
 227  * @param mem_ctx memory context of this call
 228  * @param r data structure containing necessary parameters and return values
 229  * @return composite context of this call
 230  **/
 231
 232 static struct composite_context* libnet_RpcConnectDC_send(struct libnet_context *ctx,
 233                                                           TALLOC_CTX *mem_ctx,
 234                                                           struct libnet_RpcConnect *r,
 235                                                           void (*monitor)(struct monitor_msg *msg))
 236 {
 237         struct composite_context *c;
 238         struct rpc_connect_dc_state *s;
 239         struct composite_context *lookup_dc_req;
 240
 241         /* composite context allocation and setup */
 242         c = composite_create(ctx, ctx->event_ctx);
 243         if (c == NULL) return c;
 244
 245         s = talloc_zero(c, struct rpc_connect_dc_state);
 246         if (composite_nomem(s, c)) return c;
 247
 248         c->private_data = s;
 249         s->monitor_fn   = monitor;
 250
 251         s->ctx = ctx;
 252         s->r   = *r;
 253         ZERO_STRUCT(s->r.out);
 254
 255         switch (r->level) {
 256         case LIBNET_RPC_CONNECT_PDC:
 257                 s->f.in.name_type = NBT_NAME_PDC;
 258                 break;
 259
 260         case LIBNET_RPC_CONNECT_DC:
 261                 s->f.in.name_type = NBT_NAME_LOGON;
 262                 break;
 263
 264         default:
 265                 break;
 266         }
 267
 268         s->f.in.domain_name = r->in.name;
 269         s->f.out.num_dcs    = 0;
 270         s->f.out.dcs        = NULL;
 271
 272         /* find the domain pdc first */
 273         lookup_dc_req = libnet_LookupDCs_send(ctx, c, &s->f);
 274         if (composite_nomem(lookup_dc_req, c)) return c;
 275
 276         composite_continue(c, lookup_dc_req, continue_lookup_dc, c);
 277         return c;
 278 }
 279
 280
 281 /*
 282   Step 2 of RpcConnectDC: get domain controller name and
 283   initiate RpcConnect to it
 284 */
 285 static void continue_lookup_dc(struct composite_context *ctx)
 286 {
 287         struct composite_context *c;
 288         struct rpc_connect_dc_state *s;
 289         struct composite_context *rpc_connect_req;
 290         struct monitor_msg msg;
 291         struct msg_net_lookup_dc data;
 292
 293         c = talloc_get_type(ctx->async.private_data, struct composite_context);
 294         s = talloc_get_type(c->private_data, struct rpc_connect_dc_state);
 295
 296         /* receive result of domain controller lookup */
 297         c->status = libnet_LookupDCs_recv(ctx, c, &s->f);
 298         if (!composite_is_ok(c)) return;
 299
 300         /* decide on preferred address type depending on DC type */
 301         s->connect_name = s->f.out.dcs[0].name;
 302
 303         /* post monitor message */
 304         if (s->monitor_fn) {
 305                 /* prepare a monitor message and post it */
 306                 data.domain_name = s->f.in.domain_name;
 307                 data.hostname    = s->f.out.dcs[0].name;
 308                 data.address     = s->f.out.dcs[0].address;
 309
 310                 msg.type         = mon_NetLookupDc;
 311                 msg.data         = &data;
 312                 msg.data_size    = sizeof(data);
 313                 s->monitor_fn(&msg);
 314         }
 315
 316         /* ok, pdc has been found so do attempt to rpc connect */
 317         s->r2.level            = LIBNET_RPC_CONNECT_SERVER_ADDRESS;
 318
 319         /* this will cause yet another name resolution, but at least
 320          * we pass the right name down the stack now */
 321         s->r2.in.name          = talloc_strdup(s, s->connect_name);
 322         s->r2.in.address       = talloc_steal(s, s->f.out.dcs[0].address);
 323         s->r2.in.dcerpc_iface  = s->r.in.dcerpc_iface;
 324
 325         /* send rpc connect request to the server */
 326         rpc_connect_req = libnet_RpcConnectSrv_send(s->ctx, c, &s->r2, s->monitor_fn);
 327         if (composite_nomem(rpc_connect_req, c)) return;
 328
 329         composite_continue(c, rpc_connect_req, continue_rpc_connect, c);
 330 }
 331
 332
 333 /*
 334   Step 3 of RpcConnectDC: get rpc connection to the server
 335 */
 336 static void continue_rpc_connect(struct composite_context *ctx)
 337 {
 338         struct composite_context *c;
 339         struct rpc_connect_dc_state *s;
 340
 341         c = talloc_get_type(ctx->async.private_data, struct composite_context);
 342         s = talloc_get_type(c->private_data, struct rpc_connect_dc_state);
 343
 344         c->status = libnet_RpcConnectSrv_recv(ctx, s->ctx, c, &s->r2);
 345
 346         /* error string is to be passed anyway */
 347         s->r.out.error_string  = s->r2.out.error_string;
 348         if (!composite_is_ok(c)) return;
 349
 350         s->r.out.dcerpc_pipe = s->r2.out.dcerpc_pipe;
 351
 352         /* post monitor message */
 353         if (s->monitor_fn) {
 354                 struct monitor_msg msg;
 355                 struct msg_net_rpc_connect data;
 356                 struct dcerpc_binding *binding = s->r.out.dcerpc_pipe->binding;
 357
 358                 data.host        = binding->host;
 359                 data.endpoint    = binding->endpoint;
 360                 data.transport   = binding->transport;
 361                 data.domain_name = binding->target_hostname;
 362
 363                 msg.type      = mon_NetRpcConnect;
 364                 msg.data      = (void*)&data;
 365                 msg.data_size = sizeof(data);
 366                 s->monitor_fn(&msg);
 367         }
 368
 369         composite_done(c);
 370 }
 371
 372
 373 /**
 374  * Receives result of connection to rpc pipe on domain pdc
 375  *
 376  * @param c composite context
 377  * @param ctx initialised libnet context
 378  * @param mem_ctx memory context of this call
 379  * @param r data structure containing necessary parameters and return values
 380  * @return nt status of rpc connection
 381  **/
 382
 383 static NTSTATUS libnet_RpcConnectDC_recv(struct composite_context *c,
 384                                          struct libnet_context *ctx,
 385                                          TALLOC_CTX *mem_ctx,
 386                                          struct libnet_RpcConnect *r)
 387 {
 388         NTSTATUS status;
 389         struct rpc_connect_dc_state *s = talloc_get_type(c->private_data,
 390                                          struct rpc_connect_dc_state);
 391
 392         status = composite_wait(c);
 393         if (NT_STATUS_IS_OK(status)) {
 394                 /* move connected rpc pipe between memory contexts */
 395                 r->out.dcerpc_pipe = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
 396
 397                 /* reference created pipe structure to long-term libnet_context
 398                    so that it can be used by other api functions even after short-term
 399                    mem_ctx is freed */
 400                 if (r->in.dcerpc_iface == &ndr_table_samr) {
 401                         ctx->samr.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
 402
 403                 } else if (r->in.dcerpc_iface == &ndr_table_lsarpc) {
 404                         ctx->lsa.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
 405                 }
 406
 407         } else {
 408                 r->out.error_string = talloc_asprintf(mem_ctx,
 409                                                       "Failed to rpc connect: %s",
 410                                                       nt_errstr(status));
 411         }
 412
 413         talloc_free(c);
 414         return status;
 415 }
 416
 417
 418
 419 struct rpc_connect_dci_state {
 420         struct libnet_context *ctx;
 421         struct libnet_RpcConnect r;
 422         struct libnet_RpcConnect rpc_conn;
 423         struct policy_handle lsa_handle;
 424         struct lsa_QosInfo qos;
 425         struct lsa_ObjectAttribute attr;
 426         struct lsa_OpenPolicy2 lsa_open_policy;
 427         struct dcerpc_pipe *lsa_pipe;
 428         struct lsa_QueryInfoPolicy2 lsa_query_info2;
 429         struct lsa_QueryInfoPolicy lsa_query_info;
 430         struct dcerpc_binding *final_binding;
 431         struct dcerpc_pipe *final_pipe;
 432
 433         /* information about the progress */
 434         void (*monitor_fn)(struct monitor_msg*);
 435 };
 436
 437
 438 static void continue_dci_rpc_connect(struct composite_context *ctx);
 439 static void continue_lsa_policy(struct rpc_request *req);
 440 static void continue_lsa_query_info(struct rpc_request *req);
 441 static void continue_lsa_query_info2(struct rpc_request *req);
 442 static void continue_epm_map_binding(struct composite_context *ctx);
 443 static void continue_secondary_conn(struct composite_context *ctx);
 444 static void continue_epm_map_binding_send(struct composite_context *c);
 445
 446
 447 /**
 448  * Initiates connection to rpc pipe on remote server or pdc. Received result
 449  * contains info on the domain name, domain sid and realm.
 450  *
 451  * @param ctx initialised libnet context
 452  * @param mem_ctx memory context of this call
 453  * @param r data structure containing necessary parameters and return values. Must be a talloc context
 454  * @return composite context of this call
 455  **/
 456
 457 static struct composite_context* libnet_RpcConnectDCInfo_send(struct libnet_context *ctx,
 458                                                               TALLOC_CTX *mem_ctx,
 459                                                               struct libnet_RpcConnect *r,
 460                                                               void (*monitor)(struct monitor_msg*))
 461 {
 462         struct composite_context *c, *conn_req;
 463         struct rpc_connect_dci_state *s;
 464
 465         /* composite context allocation and setup */
 466         c = composite_create(ctx, ctx->event_ctx);
 467         if (c == NULL) return c;
 468
 469         s = talloc_zero(c, struct rpc_connect_dci_state);
 470         if (composite_nomem(s, c)) return c;
 471
 472         c->private_data = s;
 473         s->monitor_fn   = monitor;
 474
 475         s->ctx = ctx;
 476         s->r   = *r;
 477         ZERO_STRUCT(s->r.out);
 478
 479         /* proceed to pure rpc connection if the binding string is provided,
 480            otherwise try to connect domain controller */
 481         if (r->in.binding == NULL) {
 482                 s->rpc_conn.in.name    = r->in.name;
 483                 s->rpc_conn.level      = LIBNET_RPC_CONNECT_DC;
 484         } else {
 485                 s->rpc_conn.in.binding = r->in.binding;
 486                 s->rpc_conn.level      = LIBNET_RPC_CONNECT_BINDING;
 487         }
 488
 489         /* we need to query information on lsarpc interface first */
 490         s->rpc_conn.in.dcerpc_iface    = &ndr_table_lsarpc;
 491
 492         /* request connection to the lsa pipe on the pdc */
 493         conn_req = libnet_RpcConnect_send(ctx, c, &s->rpc_conn, s->monitor_fn);
 494         if (composite_nomem(c, conn_req)) return c;
 495
 496         composite_continue(c, conn_req, continue_dci_rpc_connect, c);
 497         return c;
 498 }
 499
 500
 501 /*
 502   Step 2 of RpcConnectDCInfo: receive opened rpc pipe and open
 503   lsa policy handle
 504 */
 505 static void continue_dci_rpc_connect(struct composite_context *ctx)
 506 {
 507         struct composite_context *c;
 508         struct rpc_connect_dci_state *s;
 509         struct rpc_request *open_pol_req;
 510
 511         c = talloc_get_type(ctx->async.private_data, struct composite_context);
 512         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 513
 514         c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->rpc_conn);
 515         if (!NT_STATUS_IS_OK(c->status)) {
 516                 composite_error(c, c->status);
 517                 return;
 518         }
 519
 520         /* post monitor message */
 521         if (s->monitor_fn) {
 522                 struct monitor_msg msg;
 523                 struct msg_net_rpc_connect data;
 524                 struct dcerpc_binding *binding = s->r.out.dcerpc_pipe->binding;
 525
 526                 data.host        = binding->host;
 527                 data.endpoint    = binding->endpoint;
 528                 data.transport   = binding->transport;
 529                 data.domain_name = binding->target_hostname;
 530
 531                 msg.type      = mon_NetRpcConnect;
 532                 msg.data      = (void*)&data;
 533                 msg.data_size = sizeof(data);
 534                 s->monitor_fn(&msg);
 535         }
 536
 537         /* prepare to open a policy handle on lsa pipe */
 538         s->lsa_pipe = s->ctx->lsa.pipe;
 539
 540         s->qos.len                 = 0;
 541         s->qos.impersonation_level = 2;
 542         s->qos.context_mode        = 1;
 543         s->qos.effective_only      = 0;
 544
 545         s->attr.sec_qos = &s->qos;
 546
 547         s->lsa_open_policy.in.attr        = &s->attr;
 548         s->lsa_open_policy.in.system_name = talloc_asprintf(c, "\\");
 549         if (composite_nomem(s->lsa_open_policy.in.system_name, c)) return;
 550
 551         s->lsa_open_policy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 552         s->lsa_open_policy.out.handle     = &s->lsa_handle;
 553
 554         open_pol_req = dcerpc_lsa_OpenPolicy2_send(s->lsa_pipe, c, &s->lsa_open_policy);
 555         if (composite_nomem(open_pol_req, c)) return;
 556
 557         composite_continue_rpc(c, open_pol_req, continue_lsa_policy, c);
 558 }
 559
 560
 561 /*
 562   Step 3 of RpcConnectDCInfo: Get policy handle and query lsa info
 563   for kerberos realm (dns name) and guid. The query may fail.
 564 */
 565 static void continue_lsa_policy(struct rpc_request *req)
 566 {
 567         struct composite_context *c;
 568         struct rpc_connect_dci_state *s;
 569         struct rpc_request *query_info_req;
 570
 571         c = talloc_get_type(req->async.private_data, struct composite_context);
 572         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 573
 574         c->status = dcerpc_ndr_request_recv(req);
 575         if (!NT_STATUS_IS_OK(c->status)) {
 576                 composite_error(c, c->status);
 577                 return;
 578         }
 579
 580         if (NT_STATUS_EQUAL(s->lsa_open_policy.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
 581                 s->r.out.realm = NULL;
 582                 s->r.out.guid  = NULL;
 583                 s->r.out.domain_name = NULL;
 584                 s->r.out.domain_sid  = NULL;
 585
 586                 /* Skip to the creating the actual connection, no info available on this transport */
 587                 continue_epm_map_binding_send(c);
 588                 return;
 589
 590         } else if (!NT_STATUS_IS_OK(s->lsa_open_policy.out.result)) {
 591                 composite_error(c, s->lsa_open_policy.out.result);
 592                 return;
 593         }
 594
 595         /* post monitor message */
 596         if (s->monitor_fn) {
 597                 struct monitor_msg msg;
 598
 599                 msg.type      = mon_LsaOpenPolicy;
 600                 msg.data      = NULL;
 601                 msg.data_size = 0;
 602                 s->monitor_fn(&msg);
 603         }
 604
 605         /* query lsa info for dns domain name and guid */
 606         s->lsa_query_info2.in.handle = &s->lsa_handle;
 607         s->lsa_query_info2.in.level  = LSA_POLICY_INFO_DNS;
 608
 609         query_info_req = dcerpc_lsa_QueryInfoPolicy2_send(s->lsa_pipe, c, &s->lsa_query_info2);
 610         if (composite_nomem(query_info_req, c)) return;
 611
 612         composite_continue_rpc(c, query_info_req, continue_lsa_query_info2, c);
 613 }
 614
 615
 616 /*
 617   Step 4 of RpcConnectDCInfo: Get realm and guid if provided (rpc call
 618   may result in failure) and query lsa info for domain name and sid.
 619 */
 620 static void continue_lsa_query_info2(struct rpc_request *req)
 621 {
 622         struct composite_context *c;
 623         struct rpc_connect_dci_state *s;
 624         struct rpc_request *query_info_req;
 625
 626         c = talloc_get_type(req->async.private_data, struct composite_context);
 627         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 628
 629         c->status = dcerpc_ndr_request_recv(req);
 630
 631         /* In case of error just null the realm and guid and proceed
 632            to the next step. After all, it doesn't have to be AD domain
 633            controller we talking to - NT-style PDC also counts */
 634
 635         if (NT_STATUS_EQUAL(c->status, NT_STATUS_NET_WRITE_FAULT)) {
 636                 s->r.out.realm = NULL;
 637                 s->r.out.guid  = NULL;
 638
 639         } else {
 640                 if (!NT_STATUS_IS_OK(c->status)) {
 641                         s->r.out.error_string = talloc_asprintf(c,
 642                                                                 "lsa_QueryInfoPolicy2 failed: %s",
 643                                                                 nt_errstr(c->status));
 644                         composite_error(c, c->status);
 645                         return;
 646                 }
 647
 648                 if (!NT_STATUS_IS_OK(s->lsa_query_info2.out.result)) {
 649                         s->r.out.error_string = talloc_asprintf(c,
 650                                                                 "lsa_QueryInfoPolicy2 failed: %s",
 651                                                                 nt_errstr(s->lsa_query_info2.out.result));
 652                         composite_error(c, s->lsa_query_info2.out.result);
 653                         return;
 654                 }
 655
 656                 /* Copy the dns domain name and guid from the query result */
 657
 658                 /* this should actually be a conversion from lsa_StringLarge */
 659                 s->r.out.realm = s->lsa_query_info2.out.info->dns.dns_domain.string;
 660                 s->r.out.guid  = talloc(c, struct GUID);
 661                 if (composite_nomem(s->r.out.guid, c)) {
 662                         s->r.out.error_string = NULL;
 663                         return;
 664                 }
 665                 *s->r.out.guid = s->lsa_query_info2.out.info->dns.domain_guid;
 666         }
 667
 668         /* post monitor message */
 669         if (s->monitor_fn) {
 670                 struct monitor_msg msg;
 671
 672                 msg.type      = mon_LsaQueryPolicy;
 673                 msg.data      = NULL;
 674                 msg.data_size = 0;
 675                 s->monitor_fn(&msg);
 676         }
 677
 678         /* query lsa info for domain name and sid */
 679         s->lsa_query_info.in.handle = &s->lsa_handle;
 680         s->lsa_query_info.in.level  = LSA_POLICY_INFO_DOMAIN;
 681
 682         query_info_req = dcerpc_lsa_QueryInfoPolicy_send(s->lsa_pipe, c, &s->lsa_query_info);
 683         if (composite_nomem(query_info_req, c)) return;
 684
 685         composite_continue_rpc(c, query_info_req, continue_lsa_query_info, c);
 686 }
 687
 688
 689 /*
 690   Step 5 of RpcConnectDCInfo: Get domain name and sid
 691 */
 692 static void continue_lsa_query_info(struct rpc_request *req)
 693 {
 694         struct composite_context *c;
 695         struct rpc_connect_dci_state *s;
 696
 697         c = talloc_get_type(req->async.private_data, struct composite_context);
 698         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 699
 700         c->status = dcerpc_ndr_request_recv(req);
 701         if (!NT_STATUS_IS_OK(c->status)) {
 702                 s->r.out.error_string = talloc_asprintf(c,
 703                                                         "lsa_QueryInfoPolicy failed: %s",
 704                                                         nt_errstr(c->status));
 705                 composite_error(c, c->status);
 706                 return;
 707         }
 708
 709         /* post monitor message */
 710         if (s->monitor_fn) {
 711                 struct monitor_msg msg;
 712
 713                 msg.type      = mon_LsaQueryPolicy;
 714                 msg.data      = NULL;
 715                 msg.data_size = 0;
 716                 s->monitor_fn(&msg);
 717         }
 718
 719         /* Copy the domain name and sid from the query result */
 720         s->r.out.domain_sid  = s->lsa_query_info.out.info->domain.sid;
 721         s->r.out.domain_name = s->lsa_query_info.out.info->domain.name.string;
 722
 723         continue_epm_map_binding_send(c);
 724 }
 725
 726 /*
 727    Step 5 (continued) of RpcConnectDCInfo: request endpoint
 728    map binding.
 729
 730    We may short-cut to this step if we don't support LSA OpenPolicy on this transport
 731 */
 732 static void continue_epm_map_binding_send(struct composite_context *c)
 733 {
 734         struct rpc_connect_dci_state *s;
 735         struct composite_context *epm_map_req;
 736         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 737
 738         /* prepare to get endpoint mapping for the requested interface */
 739         s->final_binding = talloc(s, struct dcerpc_binding);
 740         if (composite_nomem(s->final_binding, c)) return;
 741
 742         *s->final_binding = *s->lsa_pipe->binding;
 743         /* Ensure we keep hold of the member elements */
 744         if (composite_nomem(talloc_reference(s->final_binding, s->lsa_pipe->binding), c)) return;
 745
 746         epm_map_req = dcerpc_epm_map_binding_send(c, s->final_binding, s->r.in.dcerpc_iface,
 747                                                   s->lsa_pipe->conn->event_ctx);
 748         if (composite_nomem(epm_map_req, c)) return;
 749
 750         composite_continue(c, epm_map_req, continue_epm_map_binding, c);
 751 }
 752
 753 /*
 754   Step 6 of RpcConnectDCInfo: Receive endpoint mapping and create secondary
 755   rpc connection derived from already used pipe but connected to the requested
 756   one (as specified in libnet_RpcConnect structure)
 757 */
 758 static void continue_epm_map_binding(struct composite_context *ctx)
 759 {
 760         struct composite_context *c, *sec_conn_req;
 761         struct rpc_connect_dci_state *s;
 762
 763         c = talloc_get_type(ctx->async.private_data, struct composite_context);
 764         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 765
 766         c->status = dcerpc_epm_map_binding_recv(ctx);
 767         if (!NT_STATUS_IS_OK(c->status)) {
 768                 s->r.out.error_string = talloc_asprintf(c,
 769                                                         "failed to map pipe with endpoint mapper - %s",
 770                                                         nt_errstr(c->status));
 771                 composite_error(c, c->status);
 772                 return;
 773         }
 774
 775         /* create secondary connection derived from lsa pipe */
 776         sec_conn_req = dcerpc_secondary_connection_send(s->lsa_pipe, s->final_binding);
 777         if (composite_nomem(sec_conn_req, c)) return;
 778
 779         composite_continue(c, sec_conn_req, continue_secondary_conn, c);
 780 }
 781
 782
 783 /*
 784   Step 7 of RpcConnectDCInfo: Get actual pipe to be returned
 785   and complete this composite call
 786 */
 787 static void continue_secondary_conn(struct composite_context *ctx)
 788 {
 789         struct composite_context *c;
 790         struct rpc_connect_dci_state *s;
 791
 792         c = talloc_get_type(ctx->async.private_data, struct composite_context);
 793         s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
 794
 795         c->status = dcerpc_secondary_connection_recv(ctx, &s->final_pipe);
 796         if (!NT_STATUS_IS_OK(c->status)) {
 797                 s->r.out.error_string = talloc_asprintf(c,
 798                                                         "secondary connection failed: %s",
 799                                                         nt_errstr(c->status));
 800
 801                 composite_error(c, c->status);
 802                 return;
 803         }
 804
 805         s->r.out.dcerpc_pipe = s->final_pipe;
 806
 807         /* post monitor message */
 808         if (s->monitor_fn) {
 809                 struct monitor_msg msg;
 810                 struct msg_net_rpc_connect data;
 811                 struct dcerpc_binding *binding = s->r.out.dcerpc_pipe->binding;
 812
 813                 /* prepare monitor message and post it */
 814                 data.host        = binding->host;
 815                 data.endpoint    = binding->endpoint;
 816                 data.transport   = binding->transport;
 817                 data.domain_name = binding->target_hostname;
 818
 819                 msg.type      = mon_NetRpcConnect;
 820                 msg.data      = (void*)&data;
 821                 msg.data_size = sizeof(data);
 822                 s->monitor_fn(&msg);
 823         }
 824
 825         composite_done(c);
 826 }
 827
 828
 829 /**
 830  * Receives result of connection to rpc pipe and gets basic
 831  * domain info (name, sid, realm, guid)
 832  *
 833  * @param c composite context
 834  * @param ctx initialised libnet context
 835  * @param mem_ctx memory context of this call
 836  * @param r data structure containing return values
 837  * @return nt status of rpc connection
 838  **/
 839
 840 static NTSTATUS libnet_RpcConnectDCInfo_recv(struct composite_context *c, struct libnet_context *ctx,
 841                                              TALLOC_CTX *mem_ctx, struct libnet_RpcConnect *r)
 842 {
 843         NTSTATUS status;
 844         struct rpc_connect_dci_state *s = talloc_get_type(c->private_data,
 845                                           struct rpc_connect_dci_state);
 846
 847         status = composite_wait(c);
 848         if (NT_STATUS_IS_OK(status)) {
 849                 r->out.realm        = talloc_steal(mem_ctx, s->r.out.realm);
 850                 r->out.guid         = talloc_steal(mem_ctx, s->r.out.guid);
 851                 r->out.domain_name  = talloc_steal(mem_ctx, s->r.out.domain_name);
 852                 r->out.domain_sid   = talloc_steal(mem_ctx, s->r.out.domain_sid);
 853
 854                 r->out.dcerpc_pipe  = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
 855
 856                 /* reference created pipe structure to long-term libnet_context
 857                    so that it can be used by other api functions even after short-term
 858                    mem_ctx is freed */
 859                 if (r->in.dcerpc_iface == &ndr_table_samr) {
 860                         ctx->samr.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
 861
 862                 } else if (r->in.dcerpc_iface == &ndr_table_lsarpc) {
 863                         ctx->lsa.pipe = talloc_reference(ctx, r->out.dcerpc_pipe);
 864                 }
 865
 866         } else {
 867                 if (s->r.out.error_string) {
 868                         r->out.error_string = talloc_steal(mem_ctx, s->r.out.error_string);
 869                 } else {
 870                         r->out.error_string = talloc_asprintf(mem_ctx, "Connection to DC failed: %s", nt_errstr(status));
 871                 }
 872         }
 873
 874         talloc_free(c);
 875         return status;
 876 }
 877
 878
 879 /**
 880  * Initiates connection to rpc pipe on remote server or pdc, optionally
 881  * providing domain info
 882  *
 883  * @param ctx initialised libnet context
 884  * @param mem_ctx memory context of this call
 885  * @param r data structure containing necessary parameters and return values
 886  * @return composite context of this call
 887  **/
 888
 889 struct composite_context* libnet_RpcConnect_send(struct libnet_context *ctx,
 890                                                  TALLOC_CTX *mem_ctx,
 891                                                  struct libnet_RpcConnect *r,
 892                                                  void (*monitor)(struct monitor_msg*))
 893 {
 894         struct composite_context *c;
 895
 896         switch (r->level) {
 897         case LIBNET_RPC_CONNECT_SERVER:
 898         case LIBNET_RPC_CONNECT_SERVER_ADDRESS:
 899         case LIBNET_RPC_CONNECT_BINDING:
 900                 c = libnet_RpcConnectSrv_send(ctx, mem_ctx, r, monitor);
 901                 break;
 902
 903         case LIBNET_RPC_CONNECT_PDC:
 904         case LIBNET_RPC_CONNECT_DC:
 905                 c = libnet_RpcConnectDC_send(ctx, mem_ctx, r, monitor);
 906                 break;
 907
 908         case LIBNET_RPC_CONNECT_DC_INFO:
 909                 c = libnet_RpcConnectDCInfo_send(ctx, mem_ctx, r, monitor);
 910                 break;
 911
 912         default:
 913                 c = talloc_zero(mem_ctx, struct composite_context);
 914                 composite_error(c, NT_STATUS_INVALID_LEVEL);
 915         }
 916
 917         return c;
 918 }
 919
 920
 921 /**
 922  * Receives result of connection to rpc pipe on remote server or pdc
 923  *
 924  * @param c composite context
 925  * @param ctx initialised libnet context
 926  * @param mem_ctx memory context of this call
 927  * @param r data structure containing necessary parameters and return values
 928  * @return nt status of rpc connection
 929  **/
 930
 931 NTSTATUS libnet_RpcConnect_recv(struct composite_context *c, struct libnet_context *ctx,
 932                                 TALLOC_CTX *mem_ctx, struct libnet_RpcConnect *r)
 933 {
 934         switch (r->level) {
 935         case LIBNET_RPC_CONNECT_SERVER:
 936         case LIBNET_RPC_CONNECT_BINDING:
 937                 return libnet_RpcConnectSrv_recv(c, ctx, mem_ctx, r);
 938
 939         case LIBNET_RPC_CONNECT_PDC:
 940         case LIBNET_RPC_CONNECT_DC:
 941                 return libnet_RpcConnectDC_recv(c, ctx, mem_ctx, r);
 942
 943         case LIBNET_RPC_CONNECT_DC_INFO:
 944                 return libnet_RpcConnectDCInfo_recv(c, ctx, mem_ctx, r);
 945
 946         default:
 947                 ZERO_STRUCT(r->out);
 948                 return NT_STATUS_INVALID_LEVEL;
 949         }
 950 }
 951
 952
 953 /**
 954  * Connect to a rpc pipe on a remote server - sync version
 955  *
 956  * @param ctx initialised libnet context
 957  * @param mem_ctx memory context of this call
 958  * @param r data structure containing necessary parameters and return values
 959  * @return nt status of rpc connection
 960  **/
 961
 962 NTSTATUS libnet_RpcConnect(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
 963                            struct libnet_RpcConnect *r)
 964 {
 965         struct composite_context *c;
 966
 967         c = libnet_RpcConnect_send(ctx, mem_ctx, r, NULL);
 968         return libnet_RpcConnect_recv(c, ctx, mem_ctx, r);
 969 }