source3/rpc_client/cli_netlogon.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    NT Domain Authentication SMB / MSRPC client
   4    Copyright (C) Andrew Tridgell 1992-2000
   5    Copyright (C) Jeremy Allison                    1998.
   6    Largely re-written by Jeremy Allison (C)        2005.
   7    Copyright (C) Guenther Deschner                 2008.
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24 #include "system/filesys.h"
  25 #include "libsmb/libsmb.h"
  26 #include "rpc_client/rpc_client.h"
  27 #include "rpc_client/cli_pipe.h"
  28 #include "../libcli/auth/libcli_auth.h"
  29 #include "../libcli/auth/netlogon_creds_cli.h"
  30 #include "../librpc/gen_ndr/ndr_netlogon_c.h"
  31 #include "../librpc/gen_ndr/schannel.h"
  32 #include "rpc_client/cli_netlogon.h"
  33 #include "rpc_client/init_netlogon.h"
  34 #include "rpc_client/util_netlogon.h"
  35 #include "../libcli/security/security.h"
  36 #include "lib/param/param.h"
  37 #include "libcli/smb/smbXcli_base.h"
  38 #include "dbwrap/dbwrap.h"
  39 #include "dbwrap/dbwrap_open.h"
  40 #include "util_tdb.h"
  41
  42
  43 NTSTATUS rpccli_pre_open_netlogon_creds(void)
  44 {
  45         static bool already_open = false;
  46         TALLOC_CTX *frame;
  47         struct loadparm_context *lp_ctx;
  48         char *fname;
  49         struct db_context *global_db;
  50         NTSTATUS status;
  51
  52         if (already_open) {
  53                 return NT_STATUS_OK;
  54         }
  55
  56         frame = talloc_stackframe();
  57
  58         lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
  59         if (lp_ctx == NULL) {
  60                 TALLOC_FREE(frame);
  61                 return NT_STATUS_NO_MEMORY;
  62         }
  63
  64         fname = lpcfg_private_db_path(frame, lp_ctx, "netlogon_creds_cli");
  65         if (fname == NULL) {
  66                 TALLOC_FREE(frame);
  67                 return NT_STATUS_NO_MEMORY;
  68         }
  69
  70         global_db = db_open(talloc_autofree_context(), fname,
  71                             0, TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH,
  72                             O_RDWR|O_CREAT, 0600, DBWRAP_LOCK_ORDER_2,
  73                             DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS);
  74         if (global_db == NULL) {
  75                 TALLOC_FREE(frame);
  76                 return NT_STATUS_NO_MEMORY;
  77         }
  78
  79         status = netlogon_creds_cli_set_global_db(&global_db);
  80         TALLOC_FREE(frame);
  81         if (!NT_STATUS_IS_OK(status)) {
  82                 return status;
  83         }
  84
  85         already_open = true;
  86         return NT_STATUS_OK;
  87 }
  88
  89 NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
  90                                       const char *server_netbios_domain,
  91                                       const char *client_account,
  92                                       enum netr_SchannelType sec_chan_type,
  93                                       struct messaging_context *msg_ctx,
  94                                       TALLOC_CTX *mem_ctx,
  95                                       struct netlogon_creds_cli_context **netlogon_creds)
  96 {
  97         TALLOC_CTX *frame = talloc_stackframe();
  98         struct loadparm_context *lp_ctx;
  99         NTSTATUS status;
 100
 101         status = rpccli_pre_open_netlogon_creds();
 102         if (!NT_STATUS_IS_OK(status)) {
 103                 TALLOC_FREE(frame);
 104                 return status;
 105         }
 106
 107         lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
 108         if (lp_ctx == NULL) {
 109                 TALLOC_FREE(frame);
 110                 return NT_STATUS_NO_MEMORY;
 111         }
 112         status = netlogon_creds_cli_context_global(lp_ctx,
 113                                                    msg_ctx,
 114                                                    client_account,
 115                                                    sec_chan_type,
 116                                                    server_computer,
 117                                                    server_netbios_domain,
 118                                                    mem_ctx, netlogon_creds);
 119         TALLOC_FREE(frame);
 120         if (!NT_STATUS_IS_OK(status)) {
 121                 return status;
 122         }
 123
 124         return NT_STATUS_OK;
 125 }
 126
 127 NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
 128                                      struct netlogon_creds_cli_context *netlogon_creds,
 129                                      bool force_reauth,
 130                                      struct samr_Password current_nt_hash,
 131                                      const struct samr_Password *previous_nt_hash)
 132 {
 133         TALLOC_CTX *frame = talloc_stackframe();
 134         struct rpc_pipe_client *netlogon_pipe = NULL;
 135         struct netlogon_creds_CredentialState *creds = NULL;
 136         NTSTATUS status;
 137
 138         status = netlogon_creds_cli_get(netlogon_creds,
 139                                         frame, &creds);
 140         if (NT_STATUS_IS_OK(status)) {
 141                 const char *action = "using";
 142
 143                 if (force_reauth) {
 144                         action = "overwrite";
 145                 }
 146
 147                 DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n",
 148                          __FUNCTION__, action,
 149                          creds->account_name, creds->computer_name,
 150                          smbXcli_conn_remote_name(cli->conn)));
 151                 if (!force_reauth) {
 152                         TALLOC_FREE(frame);
 153                         return NT_STATUS_OK;
 154                 }
 155                 TALLOC_FREE(creds);
 156         }
 157
 158         status = cli_rpc_pipe_open_noauth(cli,
 159                                           &ndr_table_netlogon,
 160                                           &netlogon_pipe);
 161         if (!NT_STATUS_IS_OK(status)) {
 162                 DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n",
 163                          __FUNCTION__,
 164                          smbXcli_conn_remote_name(cli->conn),
 165                          nt_errstr(status)));
 166                 TALLOC_FREE(frame);
 167                 return status;
 168         }
 169         talloc_steal(frame, netlogon_pipe);
 170
 171         status = netlogon_creds_cli_auth(netlogon_creds,
 172                                          netlogon_pipe->binding_handle,
 173                                          current_nt_hash,
 174                                          previous_nt_hash);
 175         if (!NT_STATUS_IS_OK(status)) {
 176                 TALLOC_FREE(frame);
 177                 return status;
 178         }
 179
 180         status = netlogon_creds_cli_get(netlogon_creds,
 181                                         frame, &creds);
 182         if (!NT_STATUS_IS_OK(status)) {
 183                 TALLOC_FREE(frame);
 184                 return NT_STATUS_INTERNAL_ERROR;
 185         }
 186
 187         DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n",
 188                  __FUNCTION__,
 189                  creds->account_name, creds->computer_name,
 190                  smbXcli_conn_remote_name(cli->conn)));
 191
 192         TALLOC_FREE(frame);
 193         return NT_STATUS_OK;
 194 }
 195
 196 /* Logon domain user */
 197
 198 NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds,
 199                                         struct dcerpc_binding_handle *binding_handle,
 200                                         uint32_t logon_parameters,
 201                                         const char *domain,
 202                                         const char *username,
 203                                         const char *password,
 204                                         const char *workstation,
 205                                         enum netr_LogonInfoClass logon_type)
 206 {
 207         TALLOC_CTX *frame = talloc_stackframe();
 208         NTSTATUS status;
 209         union netr_LogonLevel *logon;
 210         uint16_t validation_level = 0;
 211         union netr_Validation *validation = NULL;
 212         uint8_t authoritative = 0;
 213         uint32_t flags = 0;
 214         char *workstation_slash = NULL;
 215
 216         logon = talloc_zero(frame, union netr_LogonLevel);
 217         if (logon == NULL) {
 218                 TALLOC_FREE(frame);
 219                 return NT_STATUS_NO_MEMORY;
 220         }
 221
 222         if (workstation == NULL) {
 223                 workstation = lp_netbios_name();
 224         }
 225
 226         workstation_slash = talloc_asprintf(frame, "\\\\%s", workstation);
 227         if (workstation_slash == NULL) {
 228                 TALLOC_FREE(frame);
 229                 return NT_STATUS_NO_MEMORY;
 230         }
 231
 232         /* Initialise input parameters */
 233
 234         switch (logon_type) {
 235         case NetlogonInteractiveInformation: {
 236
 237                 struct netr_PasswordInfo *password_info;
 238
 239                 struct samr_Password lmpassword;
 240                 struct samr_Password ntpassword;
 241
 242                 password_info = talloc_zero(frame, struct netr_PasswordInfo);
 243                 if (password_info == NULL) {
 244                         TALLOC_FREE(frame);
 245                         return NT_STATUS_NO_MEMORY;
 246                 }
 247
 248                 nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash);
 249
 250                 password_info->identity_info.domain_name.string         = domain;
 251                 password_info->identity_info.parameter_control          = logon_parameters;
 252                 password_info->identity_info.logon_id_low               = 0xdead;
 253                 password_info->identity_info.logon_id_high              = 0xbeef;
 254                 password_info->identity_info.account_name.string        = username;
 255                 password_info->identity_info.workstation.string         = workstation_slash;
 256
 257                 password_info->lmpassword = lmpassword;
 258                 password_info->ntpassword = ntpassword;
 259
 260                 logon->password = password_info;
 261
 262                 break;
 263         }
 264         case NetlogonNetworkInformation: {
 265                 struct netr_NetworkInfo *network_info;
 266                 uint8 chal[8];
 267                 unsigned char local_lm_response[24];
 268                 unsigned char local_nt_response[24];
 269                 struct netr_ChallengeResponse lm;
 270                 struct netr_ChallengeResponse nt;
 271
 272                 ZERO_STRUCT(lm);
 273                 ZERO_STRUCT(nt);
 274
 275                 network_info = talloc_zero(frame, struct netr_NetworkInfo);
 276                 if (network_info == NULL) {
 277                         TALLOC_FREE(frame);
 278                         return NT_STATUS_NO_MEMORY;
 279                 }
 280
 281                 generate_random_buffer(chal, 8);
 282
 283                 SMBencrypt(password, chal, local_lm_response);
 284                 SMBNTencrypt(password, chal, local_nt_response);
 285
 286                 lm.length = 24;
 287                 lm.data = local_lm_response;
 288
 289                 nt.length = 24;
 290                 nt.data = local_nt_response;
 291
 292                 network_info->identity_info.domain_name.string          = domain;
 293                 network_info->identity_info.parameter_control           = logon_parameters;
 294                 network_info->identity_info.logon_id_low                = 0xdead;
 295                 network_info->identity_info.logon_id_high               = 0xbeef;
 296                 network_info->identity_info.account_name.string         = username;
 297                 network_info->identity_info.workstation.string          = workstation_slash;
 298
 299                 memcpy(network_info->challenge, chal, 8);
 300                 network_info->nt = nt;
 301                 network_info->lm = lm;
 302
 303                 logon->network = network_info;
 304
 305                 break;
 306         }
 307         default:
 308                 DEBUG(0, ("switch value %d not supported\n",
 309                         logon_type));
 310                 TALLOC_FREE(frame);
 311                 return NT_STATUS_INVALID_INFO_CLASS;
 312         }
 313
 314         status = netlogon_creds_cli_LogonSamLogon(creds,
 315                                                   binding_handle,
 316                                                   logon_type,
 317                                                   logon,
 318                                                   frame,
 319                                                   &validation_level,
 320                                                   &validation,
 321                                                   &authoritative,
 322                                                   &flags);
 323         TALLOC_FREE(frame);
 324         if (!NT_STATUS_IS_OK(status)) {
 325                 return status;
 326         }
 327
 328         return NT_STATUS_OK;
 329 }
 330
 331 static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
 332                                         uint16_t validation_level,
 333                                         union netr_Validation *validation,
 334                                         struct netr_SamInfo3 **info3_p)
 335 {
 336         struct netr_SamInfo3 *info3;
 337         NTSTATUS status;
 338
 339         if (validation == NULL) {
 340                 return NT_STATUS_INVALID_PARAMETER;
 341         }
 342
 343         switch (validation_level) {
 344         case 3:
 345                 if (validation->sam3 == NULL) {
 346                         return NT_STATUS_INVALID_PARAMETER;
 347                 }
 348
 349                 info3 = talloc_move(mem_ctx, &validation->sam3);
 350                 break;
 351         case 6:
 352                 if (validation->sam6 == NULL) {
 353                         return NT_STATUS_INVALID_PARAMETER;
 354                 }
 355
 356                 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
 357                 if (info3 == NULL) {
 358                         return NT_STATUS_NO_MEMORY;
 359                 }
 360                 status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
 361                 if (!NT_STATUS_IS_OK(status)) {
 362                         TALLOC_FREE(info3);
 363                         return status;
 364                 }
 365
 366                 info3->sidcount = validation->sam6->sidcount;
 367                 info3->sids = talloc_move(info3, &validation->sam6->sids);
 368                 break;
 369         default:
 370                 return NT_STATUS_BAD_VALIDATION_CLASS;
 371         }
 372
 373         *info3_p = info3;
 374
 375         return NT_STATUS_OK;
 376 }
 377
 378 /**
 379  * Logon domain user with an 'network' SAM logon
 380  *
 381  * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
 382  **/
 383
 384
 385 NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
 386                                        struct dcerpc_binding_handle *binding_handle,
 387                                        TALLOC_CTX *mem_ctx,
 388                                        uint32_t logon_parameters,
 389                                        const char *username,
 390                                        const char *domain,
 391                                        const char *workstation,
 392                                        const uint8 chal[8],
 393                                        DATA_BLOB lm_response,
 394                                        DATA_BLOB nt_response,
 395                                        uint8_t *authoritative,
 396                                        uint32_t *flags,
 397                                        struct netr_SamInfo3 **info3)
 398 {
 399         NTSTATUS status;
 400         const char *workstation_name_slash;
 401         union netr_LogonLevel *logon = NULL;
 402         struct netr_NetworkInfo *network_info;
 403         uint16_t validation_level = 0;
 404         union netr_Validation *validation = NULL;
 405         uint8_t _authoritative = 0;
 406         uint32_t _flags = 0;
 407         struct netr_ChallengeResponse lm;
 408         struct netr_ChallengeResponse nt;
 409
 410         *info3 = NULL;
 411
 412         if (authoritative == NULL) {
 413                 authoritative = &_authoritative;
 414         }
 415         if (flags == NULL) {
 416                 flags = &_flags;
 417         }
 418
 419         ZERO_STRUCT(lm);
 420         ZERO_STRUCT(nt);
 421
 422         logon = talloc_zero(mem_ctx, union netr_LogonLevel);
 423         if (!logon) {
 424                 return NT_STATUS_NO_MEMORY;
 425         }
 426
 427         network_info = talloc_zero(mem_ctx, struct netr_NetworkInfo);
 428         if (!network_info) {
 429                 return NT_STATUS_NO_MEMORY;
 430         }
 431
 432         if (workstation[0] != '\\' && workstation[1] != '\\') {
 433                 workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
 434         } else {
 435                 workstation_name_slash = workstation;
 436         }
 437
 438         if (!workstation_name_slash) {
 439                 DEBUG(0, ("talloc_asprintf failed!\n"));
 440                 return NT_STATUS_NO_MEMORY;
 441         }
 442
 443         /* Initialise input parameters */
 444
 445         lm.data = lm_response.data;
 446         lm.length = lm_response.length;
 447         nt.data = nt_response.data;
 448         nt.length = nt_response.length;
 449
 450         network_info->identity_info.domain_name.string          = domain;
 451         network_info->identity_info.parameter_control           = logon_parameters;
 452         network_info->identity_info.logon_id_low                = 0xdead;
 453         network_info->identity_info.logon_id_high               = 0xbeef;
 454         network_info->identity_info.account_name.string         = username;
 455         network_info->identity_info.workstation.string          = workstation_name_slash;
 456
 457         memcpy(network_info->challenge, chal, 8);
 458         network_info->nt = nt;
 459         network_info->lm = lm;
 460
 461         logon->network = network_info;
 462
 463         /* Marshall data and send request */
 464
 465         status = netlogon_creds_cli_LogonSamLogon(creds,
 466                                                   binding_handle,
 467                                                   NetlogonNetworkInformation,
 468                                                   logon,
 469                                                   mem_ctx,
 470                                                   &validation_level,
 471                                                   &validation,
 472                                                   authoritative,
 473                                                   flags);
 474         if (!NT_STATUS_IS_OK(status)) {
 475                 return status;
 476         }
 477
 478         status = map_validation_to_info3(mem_ctx,
 479                                          validation_level, validation,
 480                                          info3);
 481         if (!NT_STATUS_IS_OK(status)) {
 482                 return status;
 483         }
 484
 485         return NT_STATUS_OK;
 486 }