s4: ran minimal_includes.pl on source4/winbind
[samba.git] / source4 / winbind / wb_connect_lsa.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Connect to the LSA pipe, given an smbcli_tree and possibly some
5    credentials. Try ntlmssp, schannel and anon in that order.
6
7    Copyright (C) Volker Lendecke 2005
8    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
9  
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "libcli/composite/composite.h"
26
27 #include "librpc/gen_ndr/ndr_lsa_c.h"
28 #include "winbind/wb_server.h"
29
30 /* Helper to initialize LSA with a specific auth methods. Verify by opening
31  * the LSA policy. */
32
33 struct init_lsa_state {
34         struct composite_context *ctx;
35         struct dcerpc_pipe *lsa_pipe;
36
37         uint8_t auth_type;
38         struct cli_credentials *creds;
39
40         struct lsa_ObjectAttribute objectattr;
41         struct lsa_OpenPolicy2 openpolicy;
42         struct policy_handle *handle;
43 };
44
45 static void init_lsa_recv_pipe(struct composite_context *ctx);
46 static void init_lsa_recv_openpol(struct rpc_request *req);
47
48 struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx,
49                                            struct wbsrv_domain *domain)
50 {
51         struct composite_context *result, *ctx;
52         struct init_lsa_state *state;
53
54         result = composite_create(mem_ctx, domain->netlogon_pipe->conn->event_ctx);
55         if (result == NULL) goto failed;
56
57         state = talloc(result, struct init_lsa_state);
58         if (state == NULL) goto failed;
59         state->ctx = result;
60         result->private_data = state;
61
62         /* this will make the secondary connection on the same IPC$ share, 
63            secured with SPNEGO or NTLMSSP */
64         ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe,
65                                                     domain->lsa_binding,
66                                                     &ndr_table_lsarpc,
67                                                     domain->libnet_ctx->cred,
68                                                     domain->libnet_ctx->lp_ctx);
69         composite_continue(state->ctx, ctx, init_lsa_recv_pipe, state);
70         return result;
71         
72  failed:
73         talloc_free(result);
74         return NULL;
75 }
76
77 static void init_lsa_recv_pipe(struct composite_context *ctx)
78 {
79         struct rpc_request *req;
80         struct init_lsa_state *state =
81                 talloc_get_type(ctx->async.private_data,
82                                 struct init_lsa_state);
83
84         state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state,
85                                                                    &state->lsa_pipe);
86         if (!composite_is_ok(state->ctx)) return;
87                         
88         state->handle = talloc(state, struct policy_handle);
89         if (composite_nomem(state->handle, state->ctx)) return;
90
91         state->openpolicy.in.system_name =
92                 talloc_asprintf(state, "\\\\%s",
93                                 dcerpc_server_name(state->lsa_pipe));
94         ZERO_STRUCT(state->objectattr);
95         state->openpolicy.in.attr = &state->objectattr;
96         state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
97         state->openpolicy.out.handle = state->handle;
98
99         req = dcerpc_lsa_OpenPolicy2_send(state->lsa_pipe, state,
100                                           &state->openpolicy);
101         composite_continue_rpc(state->ctx, req, init_lsa_recv_openpol, state);
102 }
103
104 static void init_lsa_recv_openpol(struct rpc_request *req)
105 {
106         struct init_lsa_state *state =
107                 talloc_get_type(req->async.private_data,
108                                 struct init_lsa_state);
109
110         state->ctx->status = dcerpc_ndr_request_recv(req);
111         if (!composite_is_ok(state->ctx)) return;
112         state->ctx->status = state->openpolicy.out.result;
113         if (!composite_is_ok(state->ctx)) return;
114
115         composite_done(state->ctx);
116 }
117
118 NTSTATUS wb_init_lsa_recv(struct composite_context *c,
119                           TALLOC_CTX *mem_ctx,
120                           struct dcerpc_pipe **lsa_pipe,
121                           struct policy_handle **lsa_policy)
122 {
123         NTSTATUS status = composite_wait(c);
124         if (NT_STATUS_IS_OK(status)) {
125                 struct init_lsa_state *state =
126                         talloc_get_type(c->private_data,
127                                         struct init_lsa_state);
128                 *lsa_pipe = talloc_steal(mem_ctx, state->lsa_pipe);
129                 *lsa_policy = talloc_steal(mem_ctx, state->handle);
130         }
131         talloc_free(c);
132         return status;
133 }
134