Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
[samba.git] / source4 / winbind / wb_connect_lsa.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Connect to the LSA pipe, given an smbcli_tree and possibly some
5    credentials. Try ntlmssp, schannel and anon in that order.
6
7    Copyright (C) Volker Lendecke 2005
8    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
9  
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "libcli/composite/composite.h"
26
27 #include "libcli/raw/libcliraw.h"
28 #include "librpc/gen_ndr/ndr_lsa_c.h"
29 #include "winbind/wb_server.h"
30
31 /* Helper to initialize LSA with a specific auth methods. Verify by opening
32  * the LSA policy. */
33
34 struct init_lsa_state {
35         struct composite_context *ctx;
36         struct dcerpc_pipe *lsa_pipe;
37
38         uint8_t auth_type;
39         struct cli_credentials *creds;
40
41         struct lsa_ObjectAttribute objectattr;
42         struct lsa_OpenPolicy2 openpolicy;
43         struct policy_handle *handle;
44 };
45
46 static void init_lsa_recv_pipe(struct composite_context *ctx);
47 static void init_lsa_recv_openpol(struct rpc_request *req);
48
49 struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx,
50                                            struct wbsrv_domain *domain)
51 {
52         struct composite_context *result, *ctx;
53         struct init_lsa_state *state;
54
55         result = composite_create(mem_ctx, domain->netlogon_pipe->conn->event_ctx);
56         if (result == NULL) goto failed;
57
58         state = talloc(result, struct init_lsa_state);
59         if (state == NULL) goto failed;
60         state->ctx = result;
61         result->private_data = state;
62
63         /* this will make the secondary connection on the same IPC$ share, 
64            secured with SPNEGO or NTLMSSP */
65         ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe,
66                                                     domain->lsa_binding,
67                                                     &ndr_table_lsarpc,
68                                                     domain->libnet_ctx->cred,
69                                                     domain->libnet_ctx->lp_ctx);
70         composite_continue(state->ctx, ctx, init_lsa_recv_pipe, state);
71         return result;
72         
73  failed:
74         talloc_free(result);
75         return NULL;
76 }
77
78 static void init_lsa_recv_pipe(struct composite_context *ctx)
79 {
80         struct rpc_request *req;
81         struct init_lsa_state *state =
82                 talloc_get_type(ctx->async.private_data,
83                                 struct init_lsa_state);
84
85         state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state,
86                                                                    &state->lsa_pipe);
87         if (!composite_is_ok(state->ctx)) return;
88                         
89         state->handle = talloc(state, struct policy_handle);
90         if (composite_nomem(state->handle, state->ctx)) return;
91
92         state->openpolicy.in.system_name =
93                 talloc_asprintf(state, "\\\\%s",
94                                 dcerpc_server_name(state->lsa_pipe));
95         ZERO_STRUCT(state->objectattr);
96         state->openpolicy.in.attr = &state->objectattr;
97         state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
98         state->openpolicy.out.handle = state->handle;
99
100         req = dcerpc_lsa_OpenPolicy2_send(state->lsa_pipe, state,
101                                           &state->openpolicy);
102         composite_continue_rpc(state->ctx, req, init_lsa_recv_openpol, state);
103 }
104
105 static void init_lsa_recv_openpol(struct rpc_request *req)
106 {
107         struct init_lsa_state *state =
108                 talloc_get_type(req->async.private_data,
109                                 struct init_lsa_state);
110
111         state->ctx->status = dcerpc_ndr_request_recv(req);
112         if (!composite_is_ok(state->ctx)) return;
113         state->ctx->status = state->openpolicy.out.result;
114         if (!composite_is_ok(state->ctx)) return;
115
116         composite_done(state->ctx);
117 }
118
119 NTSTATUS wb_init_lsa_recv(struct composite_context *c,
120                           TALLOC_CTX *mem_ctx,
121                           struct dcerpc_pipe **lsa_pipe,
122                           struct policy_handle **lsa_policy)
123 {
124         NTSTATUS status = composite_wait(c);
125         if (NT_STATUS_IS_OK(status)) {
126                 struct init_lsa_state *state =
127                         talloc_get_type(c->private_data,
128                                         struct init_lsa_state);
129                 *lsa_pipe = talloc_steal(mem_ctx, state->lsa_pipe);
130                 *lsa_policy = talloc_steal(mem_ctx, state->handle);
131         }
132         talloc_free(c);
133         return status;
134 }
135