*/
#include "includes.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
+#include "librpc/gen_ndr/ndr_dcom.h"
+#include "auth/auth.h"
+#include "lib/ldb/include/ldb.h"
struct server_pipe_state {
- TALLOC_CTX *mem_ctx;
struct netr_Credential client_challenge;
struct netr_Credential server_challenge;
BOOL authenticated;
{
struct server_pipe_state *state;
NTSTATUS status;
- TALLOC_CTX *mem_ctx;
- mem_ctx = talloc_init("netlogon_bind");
- if (!mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
- state = talloc_p(mem_ctx, struct server_pipe_state);
+ state = talloc_p(dce_call->conn, struct server_pipe_state);
if (state == NULL) {
- talloc_destroy(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(state);
- state->mem_ctx = mem_ctx;
state->authenticated = True;
- state->creds = talloc_p(mem_ctx, struct creds_CredentialState);
- if (state->creds == NULL) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
- ZERO_STRUCTP(state->creds);
-
if (dce_call->conn->auth_state.session_info == NULL) {
- talloc_destroy(mem_ctx);
+ talloc_free(state);
+ smb_panic("No session info provided by schannel level setup!");
return NT_STATUS_NO_USER_SESSION_KEY;
}
- status = schannel_fetch_session_key(mem_ctx,
- dce_call->conn->auth_state.session_info->workstation,
- state->creds);
+ status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security,
+ state,
+ &state->creds);
+
if (!NT_STATUS_IS_OK(status)) {
- talloc_destroy(mem_ctx);
+ DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status)));
+ talloc_free(state);
return status;
}
dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
NTSTATUS status;
+ DEBUG(5, ("schannel bind on netlogon\n"));
+
status = netlogon_schannel_setup(dce_call);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status)));
return status;
}
}
struct server_pipe_state *pipe_state = conn->private;
if (pipe_state) {
- talloc_destroy(pipe_state->mem_ctx);
+ talloc_free(pipe_state);
}
conn->private = NULL;
struct netr_ServerReqChallenge *r)
{
struct server_pipe_state *pipe_state = dce_call->conn->private;
- TALLOC_CTX *pipe_mem_ctx;
ZERO_STRUCTP(r->out.credentials);
/* destroyed on pipe shutdown */
if (pipe_state) {
- talloc_destroy(pipe_state->mem_ctx);
+ talloc_free(pipe_state);
dce_call->conn->private = NULL;
}
- pipe_mem_ctx = talloc_init("internal netlogon pipe state for %s",
- r->in.computer_name);
-
- if (!pipe_mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- pipe_state = talloc_p(pipe_mem_ctx, struct server_pipe_state);
+ pipe_state = talloc_p(dce_call->conn, struct server_pipe_state);
if (!pipe_state) {
- talloc_destroy(pipe_mem_ctx);
return NT_STATUS_NO_MEMORY;
}
- pipe_state->mem_ctx = pipe_mem_ctx;
pipe_state->authenticated = False;
pipe_state->creds = NULL;
pipe_state->account_name = NULL;
pipe_state->client_challenge = *r->in.credentials;
generate_random_buffer(pipe_state->server_challenge.data,
- sizeof(pipe_state->server_challenge.data),
- False);
+ sizeof(pipe_state->server_challenge.data));
*r->out.credentials = pipe_state->server_challenge;
return NT_STATUS_ACCESS_DENIED;
}
- sam_ctx = samdb_connect();
+ sam_ctx = samdb_connect(mem_ctx);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
if (num_records == 0) {
DEBUG(3,("Couldn't find user [%s] in samdb.\n",
r->in.account_name));
- samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER;
}
if (num_records > 1) {
- DEBUG(1,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
- samdb_close(sam_ctx);
+ DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
- samdb_close(sam_ctx);
return NT_STATUS_ACCESS_DENIED;
}
- samdb_close(sam_ctx);
-
if (!pipe_state->creds) {
- pipe_state->creds = talloc_p(pipe_state->mem_ctx, struct creds_CredentialState);
+ pipe_state->creds = talloc_p(pipe_state, struct creds_CredentialState);
if (!pipe_state->creds) {
return NT_STATUS_NO_MEMORY;
}
if (pipe_state->account_name) {
/* We don't want a memory leak on this long-lived talloc context */
- talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
+ talloc_free(pipe_state->account_name);
}
- pipe_state->account_name = talloc_strdup(pipe_state->mem_ctx, r->in.account_name);
+ pipe_state->account_name = talloc_strdup(pipe_state, r->in.account_name);
if (pipe_state->computer_name) {
/* We don't want a memory leak on this long-lived talloc context */
- talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
+ talloc_free(pipe_state->computer_name);
}
- pipe_state->computer_name = talloc_strdup(pipe_state->mem_ctx, r->in.computer_name);
+ pipe_state->computer_name = talloc_strdup(pipe_state, r->in.computer_name);
/* remember this session key state */
nt_status = schannel_store_session_key(mem_ctx, pipe_state->computer_name, pipe_state->creds);
struct netr_ServerAuthenticate *r)
{
struct netr_ServerAuthenticate3 r3;
- uint32 negotiate_flags, rid;
+ uint32_t rid = 0;
+ /* TODO:
+ * negotiate_flags is used as an [in] parameter
+ * so it need to be initialised.
+ *
+ * (I think ... = 0; seems wrong here --metze)
+ */
+ uint32 negotiate_flags = 0;
r3.in.server_name = r->in.server_name;
r3.in.account_name = r->in.account_name;
struct netr_ServerAuthenticate2 *r)
{
struct netr_ServerAuthenticate3 r3;
- uint32 rid;
+ uint32 rid = 0;
r3.in.server_name = r->in.server_name;
r3.in.account_name = r->in.account_name;
return NT_STATUS_ACCESS_DENIED;
}
- sam_ctx = samdb_connect();
+ sam_ctx = samdb_connect(mem_ctx);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
if (num_records == 0) {
DEBUG(3,("Couldn't find user [%s] in samdb.\n",
pipe_state->account_name));
- samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER;
}
if (num_records > 1) {
- DEBUG(1,("Found %d records matching user [%s]\n", num_records,
+ DEBUG(0,("Found %d records matching user [%s]\n", num_records,
pipe_state->account_name));
- samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
if (!domain_sid) {
- samdb_close(sam_ctx);
- DEBUG(1,("no objectSid in user record\n"));
+ DEBUG(0,("no objectSid in user record\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (num_records_domain == 0) {
DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
domain_sid));
- samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER;
}
if (num_records_domain > 1) {
- DEBUG(1,("Found %d records matching domain [%s]\n",
+ DEBUG(0,("Found %d records matching domain [%s]\n",
num_records_domain, domain_sid));
- samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
mod.dn = talloc_strdup(mem_ctx, msgs[0]->dn);
if (!mod.dn) {
- samdb_close(sam_ctx);
return NT_STATUS_NO_MEMORY;
}
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
- samdb_close(sam_ctx);
return nt_status;
}
ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */
-
- samdb_close(sam_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
- samdb_close(sam_ctx);
return NT_STATUS_OK;
}
NTSTATUS nt_status;
const uint8_t *chal;
static const char zeros[16];
+ struct netr_SamBaseInfo *sam;
struct netr_SamInfo2 *sam2;
- struct netr_SamInfo3 *sam;
+ struct netr_SamInfo3 *sam3;
+ struct netr_SamInfo6 *sam6;
if (!pipe_state) {
DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
switch (r->in.logon_level) {
case 1:
case 3:
+ case 5:
creds_arcfour_crypt(pipe_state->creds,
r->in.logon.password->lmpassword.hash,
sizeof(r->in.logon.password->lmpassword.hash));
r->in.logon.password->ntpassword.hash,
sizeof(r->in.logon.password->ntpassword.hash));
- nt_status = make_auth_context_subsystem(&auth_context);
+ nt_status = make_auth_context_subsystem(pipe_state, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
chal = auth_context->get_ntlm_challenge(auth_context);
- nt_status = make_user_info_netlogon_interactive(&user_info,
+ nt_status = make_user_info_netlogon_interactive(auth_context,
+ &user_info,
r->in.logon.password->identity_info.account_name.string,
r->in.logon.password->identity_info.domain_name.string,
r->in.logon.password->identity_info.workstation.string,
case 2:
case 6:
- nt_status = make_auth_context_fixed(&auth_context, r->in.logon.network->challenge);
+ nt_status = make_auth_context_fixed(pipe_state,
+ &auth_context, r->in.logon.network->challenge);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
- nt_status = make_user_info_netlogon_network(&user_info,
+ nt_status = make_user_info_netlogon_network(auth_context,
+ &user_info,
r->in.logon.network->identity_info.account_name.string,
r->in.logon.network->identity_info.domain_name.string,
r->in.logon.network->identity_info.workstation.string,
nt_status = auth_context->check_ntlm_password(auth_context,
user_info,
+ mem_ctx,
&server_info);
+ /* keep the auth_context for the life of this call */
+ talloc_steal(dce_call, auth_context);
+
if (!NT_STATUS_IS_OK(nt_status)) {
- free_auth_context(&auth_context);
return nt_status;
}
- free_auth_context(&auth_context);
- sam = talloc_p(mem_ctx, struct netr_SamInfo3);
+ sam = talloc_p(mem_ctx, struct netr_SamBaseInfo);
+
+ ZERO_STRUCTP(sam);
sam->last_logon = server_info->last_logon;
sam->last_logoff = server_info->last_logoff;
sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
- sam->logon_script.string = talloc_strdup(mem_ctx, server_info->account_name);
+ sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script);
sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
sam->group_count = 0;
sam->groupids = NULL;
-
- sam->acct_flags = server_info->acct_flags;
-
+ sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
+ sam->acct_flags = server_info->acct_flags;
sam->logon_server.string = lp_netbios_name();
sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
sam->domain_sid->num_auths--;
- sam->AccountControl = 0;
-
- sam->unknown1 = 0;
- sam->unknown2 = 0;
- sam->unknown3 = 0;
- sam->unknown4 = 0;
- sam->unknown5 = 0;
- sam->unknown6 = 0;
- sam->unknown7 = 0;
-
- sam->sidcount = 0;
- sam->sids = NULL;
-
if (server_info->user_session_key.length == sizeof(sam->key.key)) {
memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
} else {
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(sam->key.key, zeros,
- sizeof(sam->key.key)) != 0) {
+ /* It appears that level 6 is not individually encrypted */
+ if ((r->in.validation_level != 6)
+ && memcmp(sam->key.key, zeros,
+ sizeof(sam->key.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
sam->key.key,
sizeof(sam->key.key));
}
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
- if (memcmp(sam->LMSessKey.key, zeros,
- sizeof(sam->LMSessKey.key)) != 0) {
+ /* It appears that level 6 is not individually encrypted */
+ if ((r->in.validation_level != 6)
+ && memcmp(sam->LMSessKey.key, zeros,
+ sizeof(sam->LMSessKey.key)) != 0) {
creds_arcfour_crypt(pipe_state->creds,
sam->LMSessKey.key,
sizeof(sam->LMSessKey.key));
switch (r->in.validation_level) {
case 2:
- {
sam2 = talloc_p(mem_ctx, struct netr_SamInfo2);
+ ZERO_STRUCTP(sam2);
+ sam2->base = *sam;
r->out.validation.sam2 = sam2;
- sam2->last_logon = sam->last_logon;
- sam2->last_logoff = sam->last_logoff;
- sam2->acct_expiry = sam->acct_expiry;
-
- sam2->last_password_change = sam->last_password_change;
- sam2->allow_password_change = sam->allow_password_change;
- sam2->force_password_change = sam->force_password_change;
-
- sam2->account_name = sam->account_name;
- sam2->full_name = sam->full_name;
- sam2->logon_script = sam->logon_script;
- sam2->profile_path = sam->profile_path;
- sam2->home_directory = sam->home_directory;
- sam2->home_drive = sam->home_drive;
-
- sam2->logon_count = sam->logon_count;
- sam2->bad_password_count = sam->bad_password_count;
- sam2->rid = sam->rid;
- sam2->primary_gid = sam->primary_gid;
- sam2->group_count = sam->group_count;
- sam2->groupids = sam->groupids;
-
- sam2->acct_flags = sam->acct_flags;
-
- sam2->key = sam->key;
-
- sam2->logon_server = sam->logon_server;
-
- sam2->domain = sam->domain;
-
- sam2->domain_sid = sam->domain_sid;
-
- sam2->LMSessKey = sam->LMSessKey;
-
- sam2->AccountControl = sam->AccountControl;
-
- sam2->unknown1 = sam->unknown1;
- sam2->unknown2 = sam->unknown2;
- sam2->unknown3 = sam->unknown3;
- sam2->unknown4 = sam->unknown4;
- sam2->unknown5 = sam->unknown5;
- sam2->unknown6 = sam->unknown6;
- sam2->unknown7 = sam->unknown7;
-
break;
- }
+
case 3:
- {
- r->out.validation.sam3 = sam;
+ sam3 = talloc_p(mem_ctx, struct netr_SamInfo3);
+ ZERO_STRUCTP(sam3);
+ sam3->base = *sam;
+ r->out.validation.sam3 = sam3;
break;
- }
+
+ case 6:
+ sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
+ ZERO_STRUCTP(sam6);
+ sam6->base = *sam;
+ sam6->forest.string = lp_realm();
+ sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
+ sam->account_name.string, sam6->forest.string);
+ r->out.validation.sam6 = sam6;
+ break;
+
default:
break;
}
fill in a netr_DomainTrustInfo from a ldb search result
*/
static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res,
- struct netr_DomainTrustInfo *info)
+ struct netr_DomainTrustInfo *info, BOOL is_local)
{
ZERO_STRUCTP(info);
-
- info->domainname.string = samdb_result_string(res, "flatName", NULL);
- if (info->domainname.string == NULL) {
+
+ if (is_local) {
info->domainname.string = samdb_result_string(res, "name", NULL);
info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL);
+ info->guid = samdb_result_guid(res, "objectGUID");
+ info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
} else {
+ info->domainname.string = samdb_result_string(res, "flatName", NULL);
info->fulldomainname.string = samdb_result_string(res, "name", NULL);
+ info->guid = samdb_result_guid(res, "objectGUID");
+ info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
}
/* TODO: we need proper forest support */
info->forest.string = info->fulldomainname.string;
- info->guid = samdb_result_guid(res, "objectGUID");
- info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
-
return NT_STATUS_OK;
}
{
struct server_pipe_state *pipe_state = dce_call->conn->private;
const char * const attrs[] = { "name", "dnsDomain", "objectSid",
- "objectGUID", "flatName", NULL };
+ "objectGUID", "flatName", "securityIdentifier",
+ NULL };
void *sam_ctx;
struct ldb_message **res1, **res2;
struct netr_DomainInfo1 *info1;
return NT_STATUS_ACCESS_DENIED;
}
- sam_ctx = samdb_connect();
+ sam_ctx = samdb_connect(mem_ctx);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
well */
ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
if (ret1 != 1) {
- samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
if (ret2 == -1) {
- samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- /* we don't need the db link any more */
- samdb_close(sam_ctx);
-
info1 = talloc_p(mem_ctx, struct netr_DomainInfo1);
if (info1 == NULL) {
return NT_STATUS_NO_MEMORY;
return NT_STATUS_NO_MEMORY;
}
- status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo);
+ status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo, True);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0]);
+ status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0], True);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
for (i=0;i<ret2;i++) {
- status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1]);
+ status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1], False);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/*
- netr_DSRGETDCNAMEEX2
+ netr_DrsGetDCNameEx2
*/
-static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_DSRGETDCNAMEEX2 *r)
+static WERROR netr_DrsGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DrsGetDCNameEx2 *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
+ void *sam_ctx;
+ struct ldb_message **res;
+ int ret;
+
+ ZERO_STRUCT(r->out);
+
+ sam_ctx = samdb_connect(mem_ctx);
+ if (sam_ctx == NULL) {
+ return WERR_DS_SERVICE_UNAVAILABLE;
+ }
+
+ ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
+ "(&(objectClass=domainDNS)(dnsDomain=%s))",
+ r->in.domain_name);
+ if (ret != 1) {
+ return WERR_NO_SUCH_DOMAIN;
+ }
+
+ r->out.info = talloc_p(mem_ctx, struct netr_DrsGetDCNameEx2Info);
+ if (!r->out.info) {
+ return WERR_NOMEM;
+ }
+
+ /* TODO: - return real IP address
+ * - check all r->in.* parameters (server_unc is ignored by w2k3!)
+ */
+ r->out.info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s", lp_netbios_name(),lp_realm());
+ r->out.info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
+ r->out.info->dc_address_type = 1;
+ r->out.info->domain_guid = samdb_result_guid(res[0], "objectGUID");
+ r->out.info->domain_name = samdb_result_string(res[0], "dnsDomain", NULL);
+ r->out.info->forest_name = samdb_result_string(res[0], "dnsDomain", NULL);
+ r->out.info->dc_flags = 0xE00001FD;
+ r->out.info->dc_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
+ r->out.info->client_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
+
+ return WERR_OK;
}
/*
- netr_NETRLOGONSAMLOGONEX
+ netr_LogonSamLogonEx
*/
-static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_NETRLOGONSAMLOGONEX *r)
+static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_LogonSamLogonEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
ZERO_STRUCT(r->out);
- sam_ctx = samdb_connect();
+ sam_ctx = samdb_connect(mem_ctx);
if (sam_ctx == NULL) {
return WERR_GENERAL_FAILURE;
}
ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
if (ret == -1) {
- samdb_close(sam_ctx);
return WERR_GENERAL_FAILURE;
}