source3/rpc_client/cli_netlogon.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    NT Domain Authentication SMB / MSRPC client
   4    Copyright (C) Andrew Tridgell 1992-2000
   5    Copyright (C) Jeremy Allison                    1998.
   6    Largely re-written by Jeremy Allison (C)        2005.
   7    Copyright (C) Guenther Deschner                 2008.
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24 #include "system/filesys.h"
  25 #include "libsmb/libsmb.h"
  26 #include "rpc_client/rpc_client.h"
  27 #include "rpc_client/cli_pipe.h"
  28 #include "../libcli/auth/libcli_auth.h"
  29 #include "../libcli/auth/netlogon_creds_cli.h"
  30 #include "../librpc/gen_ndr/ndr_netlogon_c.h"
  31 #include "../librpc/gen_ndr/schannel.h"
  32 #include "rpc_client/cli_netlogon.h"
  33 #include "rpc_client/init_netlogon.h"
  34 #include "rpc_client/util_netlogon.h"
  35 #include "../libcli/security/security.h"
  36 #include "lib/param/param.h"
  37 #include "libcli/smb/smbXcli_base.h"
  38 #include "dbwrap/dbwrap.h"
  39 #include "dbwrap/dbwrap_open.h"
  40 #include "util_tdb.h"
  41
  42
  43 NTSTATUS rpccli_pre_open_netlogon_creds(void)
  44 {
  45         static bool already_open = false;
  46         TALLOC_CTX *frame;
  47         struct loadparm_context *lp_ctx;
  48         char *fname;
  49         struct db_context *global_db;
  50         NTSTATUS status;
  51
  52         if (already_open) {
  53                 return NT_STATUS_OK;
  54         }
  55
  56         frame = talloc_stackframe();
  57
  58         lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
  59         if (lp_ctx == NULL) {
  60                 TALLOC_FREE(frame);
  61                 return NT_STATUS_NO_MEMORY;
  62         }
  63
  64         fname = lpcfg_private_db_path(frame, lp_ctx, "netlogon_creds_cli");
  65         if (fname == NULL) {
  66                 TALLOC_FREE(frame);
  67                 return NT_STATUS_NO_MEMORY;
  68         }
  69
  70         global_db = db_open(talloc_autofree_context(), fname,
  71                             0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH,
  72                             O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2);
  73         if (global_db == NULL) {
  74                 TALLOC_FREE(frame);
  75                 return NT_STATUS_NO_MEMORY;
  76         }
  77
  78         status = netlogon_creds_cli_set_global_db(&global_db);
  79         TALLOC_FREE(frame);
  80         if (!NT_STATUS_IS_OK(status)) {
  81                 return status;
  82         }
  83
  84         already_open = true;
  85         return NT_STATUS_OK;
  86 }
  87
  88 NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
  89                                       const char *server_netbios_domain,
  90                                       const char *client_account,
  91                                       enum netr_SchannelType sec_chan_type,
  92                                       struct messaging_context *msg_ctx,
  93                                       TALLOC_CTX *mem_ctx,
  94                                       struct netlogon_creds_cli_context **netlogon_creds)
  95 {
  96         TALLOC_CTX *frame = talloc_stackframe();
  97         struct loadparm_context *lp_ctx;
  98         NTSTATUS status;
  99
 100         status = rpccli_pre_open_netlogon_creds();
 101         if (!NT_STATUS_IS_OK(status)) {
 102                 TALLOC_FREE(frame);
 103                 return status;
 104         }
 105
 106         lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
 107         if (lp_ctx == NULL) {
 108                 TALLOC_FREE(frame);
 109                 return NT_STATUS_NO_MEMORY;
 110         }
 111         status = netlogon_creds_cli_context_global(lp_ctx,
 112                                                    msg_ctx,
 113                                                    client_account,
 114                                                    sec_chan_type,
 115                                                    server_computer,
 116                                                    server_netbios_domain,
 117                                                    mem_ctx, netlogon_creds);
 118         TALLOC_FREE(frame);
 119         if (!NT_STATUS_IS_OK(status)) {
 120                 return status;
 121         }
 122
 123         return NT_STATUS_OK;
 124 }
 125
 126 NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
 127                                      struct netlogon_creds_cli_context *netlogon_creds,
 128                                      bool force_reauth,
 129                                      struct samr_Password current_nt_hash,
 130                                      const struct samr_Password *previous_nt_hash)
 131 {
 132         TALLOC_CTX *frame = talloc_stackframe();
 133         struct rpc_pipe_client *netlogon_pipe = NULL;
 134         struct netlogon_creds_CredentialState *creds = NULL;
 135         NTSTATUS status;
 136
 137         status = netlogon_creds_cli_get(netlogon_creds,
 138                                         frame, &creds);
 139         if (NT_STATUS_IS_OK(status)) {
 140                 const char *action = "using";
 141
 142                 if (force_reauth) {
 143                         action = "overwrite";
 144                 }
 145
 146                 DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n",
 147                          __FUNCTION__, action,
 148                          creds->account_name, creds->computer_name,
 149                          smbXcli_conn_remote_name(cli->conn)));
 150                 if (!force_reauth) {
 151                         TALLOC_FREE(frame);
 152                         return NT_STATUS_OK;
 153                 }
 154                 TALLOC_FREE(creds);
 155         }
 156
 157         status = cli_rpc_pipe_open_noauth(cli,
 158                                           &ndr_table_netlogon,
 159                                           &netlogon_pipe);
 160         if (!NT_STATUS_IS_OK(status)) {
 161                 DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n",
 162                          __FUNCTION__,
 163                          smbXcli_conn_remote_name(cli->conn),
 164                          nt_errstr(status)));
 165                 TALLOC_FREE(frame);
 166                 return status;
 167         }
 168         talloc_steal(frame, netlogon_pipe);
 169
 170         status = netlogon_creds_cli_auth(netlogon_creds,
 171                                          netlogon_pipe->binding_handle,
 172                                          current_nt_hash,
 173                                          previous_nt_hash);
 174         if (!NT_STATUS_IS_OK(status)) {
 175                 TALLOC_FREE(frame);
 176                 return status;
 177         }
 178
 179         status = netlogon_creds_cli_get(netlogon_creds,
 180                                         frame, &creds);
 181         if (!NT_STATUS_IS_OK(status)) {
 182                 TALLOC_FREE(frame);
 183                 return NT_STATUS_INTERNAL_ERROR;
 184         }
 185
 186         DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n",
 187                  __FUNCTION__,
 188                  creds->account_name, creds->computer_name,
 189                  smbXcli_conn_remote_name(cli->conn)));
 190
 191         TALLOC_FREE(frame);
 192         return NT_STATUS_OK;
 193 }
 194
 195 /* Logon domain user */
 196
 197 NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds,
 198                                         struct dcerpc_binding_handle *binding_handle,
 199                                         uint32_t logon_parameters,
 200                                         const char *domain,
 201                                         const char *username,
 202                                         const char *password,
 203                                         const char *workstation,
 204                                         enum netr_LogonInfoClass logon_type)
 205 {
 206         TALLOC_CTX *frame = talloc_stackframe();
 207         NTSTATUS status;
 208         union netr_LogonLevel *logon;
 209         uint16_t validation_level = 0;
 210         union netr_Validation *validation = NULL;
 211         uint8_t authoritative = 0;
 212         uint32_t flags = 0;
 213         char *workstation_slash = NULL;
 214
 215         logon = talloc_zero(frame, union netr_LogonLevel);
 216         if (logon == NULL) {
 217                 TALLOC_FREE(frame);
 218                 return NT_STATUS_NO_MEMORY;
 219         }
 220
 221         if (workstation == NULL) {
 222                 workstation = lp_netbios_name();
 223         }
 224
 225         workstation_slash = talloc_asprintf(frame, "\\\\%s", workstation);
 226         if (workstation_slash == NULL) {
 227                 TALLOC_FREE(frame);
 228                 return NT_STATUS_NO_MEMORY;
 229         }
 230
 231         /* Initialise input parameters */
 232
 233         switch (logon_type) {
 234         case NetlogonInteractiveInformation: {
 235
 236                 struct netr_PasswordInfo *password_info;
 237
 238                 struct samr_Password lmpassword;
 239                 struct samr_Password ntpassword;
 240
 241                 password_info = talloc_zero(frame, struct netr_PasswordInfo);
 242                 if (password_info == NULL) {
 243                         TALLOC_FREE(frame);
 244                         return NT_STATUS_NO_MEMORY;
 245                 }
 246
 247                 nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash);
 248
 249                 password_info->identity_info.domain_name.string         = domain;
 250                 password_info->identity_info.parameter_control          = logon_parameters;
 251                 password_info->identity_info.logon_id_low               = 0xdead;
 252                 password_info->identity_info.logon_id_high              = 0xbeef;
 253                 password_info->identity_info.account_name.string        = username;
 254                 password_info->identity_info.workstation.string         = workstation_slash;
 255
 256                 password_info->lmpassword = lmpassword;
 257                 password_info->ntpassword = ntpassword;
 258
 259                 logon->password = password_info;
 260
 261                 break;
 262         }
 263         case NetlogonNetworkInformation: {
 264                 struct netr_NetworkInfo *network_info;
 265                 uint8 chal[8];
 266                 unsigned char local_lm_response[24];
 267                 unsigned char local_nt_response[24];
 268                 struct netr_ChallengeResponse lm;
 269                 struct netr_ChallengeResponse nt;
 270
 271                 ZERO_STRUCT(lm);
 272                 ZERO_STRUCT(nt);
 273
 274                 network_info = talloc_zero(frame, struct netr_NetworkInfo);
 275                 if (network_info == NULL) {
 276                         TALLOC_FREE(frame);
 277                         return NT_STATUS_NO_MEMORY;
 278                 }
 279
 280                 generate_random_buffer(chal, 8);
 281
 282                 SMBencrypt(password, chal, local_lm_response);
 283                 SMBNTencrypt(password, chal, local_nt_response);
 284
 285                 lm.length = 24;
 286                 lm.data = local_lm_response;
 287
 288                 nt.length = 24;
 289                 nt.data = local_nt_response;
 290
 291                 network_info->identity_info.domain_name.string          = domain;
 292                 network_info->identity_info.parameter_control           = logon_parameters;
 293                 network_info->identity_info.logon_id_low                = 0xdead;
 294                 network_info->identity_info.logon_id_high               = 0xbeef;
 295                 network_info->identity_info.account_name.string         = username;
 296                 network_info->identity_info.workstation.string          = workstation_slash;
 297
 298                 memcpy(network_info->challenge, chal, 8);
 299                 network_info->nt = nt;
 300                 network_info->lm = lm;
 301
 302                 logon->network = network_info;
 303
 304                 break;
 305         }
 306         default:
 307                 DEBUG(0, ("switch value %d not supported\n",
 308                         logon_type));
 309                 TALLOC_FREE(frame);
 310                 return NT_STATUS_INVALID_INFO_CLASS;
 311         }
 312
 313         status = netlogon_creds_cli_LogonSamLogon(creds,
 314                                                   binding_handle,
 315                                                   logon_type,
 316                                                   logon,
 317                                                   frame,
 318                                                   &validation_level,
 319                                                   &validation,
 320                                                   &authoritative,
 321                                                   &flags);
 322         TALLOC_FREE(frame);
 323         if (!NT_STATUS_IS_OK(status)) {
 324                 return status;
 325         }
 326
 327         return NT_STATUS_OK;
 328 }
 329
 330 static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
 331                                         uint16_t validation_level,
 332                                         union netr_Validation *validation,
 333                                         struct netr_SamInfo3 **info3_p)
 334 {
 335         struct netr_SamInfo3 *info3;
 336         NTSTATUS status;
 337
 338         if (validation == NULL) {
 339                 return NT_STATUS_INVALID_PARAMETER;
 340         }
 341
 342         switch (validation_level) {
 343         case 3:
 344                 if (validation->sam3 == NULL) {
 345                         return NT_STATUS_INVALID_PARAMETER;
 346                 }
 347
 348                 info3 = talloc_move(mem_ctx, &validation->sam3);
 349                 break;
 350         case 6:
 351                 if (validation->sam6 == NULL) {
 352                         return NT_STATUS_INVALID_PARAMETER;
 353                 }
 354
 355                 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
 356                 if (info3 == NULL) {
 357                         return NT_STATUS_NO_MEMORY;
 358                 }
 359                 status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
 360                 if (!NT_STATUS_IS_OK(status)) {
 361                         TALLOC_FREE(info3);
 362                         return status;
 363                 }
 364
 365                 info3->sidcount = validation->sam6->sidcount;
 366                 info3->sids = talloc_move(info3, &validation->sam6->sids);
 367                 break;
 368         default:
 369                 return NT_STATUS_BAD_VALIDATION_CLASS;
 370         }
 371
 372         *info3_p = info3;
 373
 374         return NT_STATUS_OK;
 375 }
 376
 377 /**
 378  * Logon domain user with an 'network' SAM logon
 379  *
 380  * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
 381  **/
 382
 383
 384 NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
 385                                        struct dcerpc_binding_handle *binding_handle,
 386                                        TALLOC_CTX *mem_ctx,
 387                                        uint32_t logon_parameters,
 388                                        const char *username,
 389                                        const char *domain,
 390                                        const char *workstation,
 391                                        const uint8 chal[8],
 392                                        DATA_BLOB lm_response,
 393                                        DATA_BLOB nt_response,
 394                                        uint8_t *authoritative,
 395                                        uint32_t *flags,
 396                                        struct netr_SamInfo3 **info3)
 397 {
 398         NTSTATUS status;
 399         const char *workstation_name_slash;
 400         union netr_LogonLevel *logon = NULL;
 401         struct netr_NetworkInfo *network_info;
 402         uint16_t validation_level = 0;
 403         union netr_Validation *validation = NULL;
 404         uint8_t _authoritative = 0;
 405         uint32_t _flags = 0;
 406         struct netr_ChallengeResponse lm;
 407         struct netr_ChallengeResponse nt;
 408
 409         *info3 = NULL;
 410
 411         if (authoritative == NULL) {
 412                 authoritative = &_authoritative;
 413         }
 414         if (flags == NULL) {
 415                 flags = &_flags;
 416         }
 417
 418         ZERO_STRUCT(lm);
 419         ZERO_STRUCT(nt);
 420
 421         logon = talloc_zero(mem_ctx, union netr_LogonLevel);
 422         if (!logon) {
 423                 return NT_STATUS_NO_MEMORY;
 424         }
 425
 426         network_info = talloc_zero(mem_ctx, struct netr_NetworkInfo);
 427         if (!network_info) {
 428                 return NT_STATUS_NO_MEMORY;
 429         }
 430
 431         if (workstation[0] != '\\' && workstation[1] != '\\') {
 432                 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
 433         } else {
 434                 workstation_name_slash = workstation;
 435         }
 436
 437         if (!workstation_name_slash) {
 438                 DEBUG(0, ("talloc_asprintf failed!\n"));
 439                 return NT_STATUS_NO_MEMORY;
 440         }
 441
 442         /* Initialise input parameters */
 443
 444         lm.data = lm_response.data;
 445         lm.length = lm_response.length;
 446         nt.data = nt_response.data;
 447         nt.length = nt_response.length;
 448
 449         network_info->identity_info.domain_name.string          = domain;
 450         network_info->identity_info.parameter_control           = logon_parameters;
 451         network_info->identity_info.logon_id_low                = 0xdead;
 452         network_info->identity_info.logon_id_high               = 0xbeef;
 453         network_info->identity_info.account_name.string         = username;
 454         network_info->identity_info.workstation.string          = workstation_name_slash;
 455
 456         memcpy(network_info->challenge, chal, 8);
 457         network_info->nt = nt;
 458         network_info->lm = lm;
 459
 460         logon->network = network_info;
 461
 462         /* Marshall data and send request */
 463
 464         status = netlogon_creds_cli_LogonSamLogon(creds,
 465                                                   binding_handle,
 466                                                   NetlogonNetworkInformation,
 467                                                   logon,
 468                                                   mem_ctx,
 469                                                   &validation_level,
 470                                                   &validation,
 471                                                   authoritative,
 472                                                   flags);
 473         if (!NT_STATUS_IS_OK(status)) {
 474                 return status;
 475         }
 476
 477         status = map_validation_to_info3(mem_ctx,
 478                                          validation_level, validation,
 479                                          info3);
 480         if (!NT_STATUS_IS_OK(status)) {
 481                 return status;
 482         }
 483
 484         return NT_STATUS_OK;
 485 }