This is the 'winbind default domain' patch from Alexander Bokovoy
[ira/wip.git] / source3 / libsmb / cli_netlogon.c
1 /* 
2    Unix SMB/Netbios implementation.
3    Version 1.9.
4    NT Domain Authentication SMB / MSRPC client
5    Copyright (C) Andrew Tridgell 1992-2000
6    Copyright (C) Luke Kenneth Casson Leighton 1996-2000
7    Copyright (C) Tim Potter 2001
8    Copyright (C) Paul Ashton                       1997.
9    Copyright (C) Jeremy Allison                    1998.
10    Copyright (C) Andrew Bartlett                   2001.
11    
12    This program is free software; you can redistribute it and/or modify
13    it under the terms of the GNU General Public License as published by
14    the Free Software Foundation; either version 2 of the License, or
15    (at your option) any later version.
16    
17    This program is distributed in the hope that it will be useful,
18    but WITHOUT ANY WARRANTY; without even the implied warranty of
19    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20    GNU General Public License for more details.
21    
22    You should have received a copy of the GNU General Public License
23    along with this program; if not, write to the Free Software
24    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 */
26
27 #include "includes.h"
28
29 /* Opens a SMB connection to the netlogon pipe */
30
31 struct cli_state *cli_netlogon_initialise(struct cli_state *cli, 
32                                           char *system_name,
33                                           struct ntuser_creds *creds)
34 {
35         return cli_pipe_initialise(cli, system_name, PIPE_NETLOGON, creds);
36 }
37
38 /* LSA Request Challenge. Sends our challenge to server, then gets
39    server response. These are used to generate the credentials. */
40
41 NTSTATUS new_cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, 
42                               DOM_CHAL *srv_chal)
43 {
44         prs_struct qbuf, rbuf;
45         NET_Q_REQ_CHAL q;
46         NET_R_REQ_CHAL r;
47         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
48         extern pstring global_myname;
49
50         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
51         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
52         
53         /* create and send a MSRPC command with api NET_REQCHAL */
54
55         DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s: %s\n",
56                  cli->desthost, global_myname, credstr(clnt_chal->data)));
57         
58         /* store the parameters */
59         init_q_req_chal(&q, cli->srv_name_slash, global_myname, clnt_chal);
60         
61         /* Marshall data and send request */
62
63         if (!net_io_q_req_chal("", &q,  &qbuf, 0) ||
64             !rpc_api_pipe_req(cli, NET_REQCHAL, &qbuf, &rbuf)) {
65                 goto done;
66         }
67
68         /* Unmarhall response */
69
70         if (!net_io_r_req_chal("", &r, &rbuf, 0)) {
71                 goto done;
72         }
73
74         result = r.status;
75
76         /* Return result */
77
78         if (NT_STATUS_IS_OK(result)) {
79                 memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data));
80         }
81         
82  done:
83         prs_mem_free(&qbuf);
84         prs_mem_free(&rbuf);
85         
86         return result;
87 }
88
89 /****************************************************************************
90 LSA Authenticate 2
91
92 Send the client credential, receive back a server credential.
93 Ensure that the server credential returned matches the session key 
94 encrypt of the server challenge originally received. JRA.
95 ****************************************************************************/
96
97 NTSTATUS new_cli_net_auth2(struct cli_state *cli, uint16 sec_chan, 
98                            uint32 neg_flags, DOM_CHAL *srv_chal)
99 {
100         prs_struct qbuf, rbuf;
101         NET_Q_AUTH_2 q;
102         NET_R_AUTH_2 r;
103         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
104         extern pstring global_myname;
105
106         prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
107         prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
108
109         /* create and send a MSRPC command with api NET_AUTH2 */
110
111         DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
112                  cli->srv_name_slash, cli->mach_acct, sec_chan, global_myname,
113                  credstr(cli->clnt_cred.challenge.data), neg_flags));
114
115         /* store the parameters */
116         init_q_auth_2(&q, cli->srv_name_slash, cli->mach_acct, 
117                       sec_chan, global_myname, &cli->clnt_cred.challenge, 
118                       neg_flags);
119
120         /* turn parameters into data stream */
121
122         if (!net_io_q_auth_2("", &q,  &qbuf, 0) ||
123             !rpc_api_pipe_req(cli, NET_AUTH2, &qbuf, &rbuf)) {
124                 goto done;
125         }
126         
127         /* Unmarshall response */
128         
129         if (!net_io_r_auth_2("", &r, &rbuf, 0)) {
130                 goto done;
131         }
132
133         result = r.status;
134
135         if (NT_STATUS_IS_OK(result)) {
136                 UTIME zerotime;
137                 
138                 /*
139                  * Check the returned value using the initial
140                  * server received challenge.
141                  */
142
143                 zerotime.time = 0;
144                 if (cred_assert( &r.srv_chal, cli->sess_key, srv_chal, 
145                                  zerotime) == 0) {
146
147                         /*
148                          * Server replied with bad credential. Fail.
149                          */
150                         DEBUG(0,("cli_net_auth2: server %s replied with bad credential (bad machine \
151 password ?).\n", cli->desthost ));
152                         result = NT_STATUS_ACCESS_DENIED;
153                         goto done;
154                 }
155         }
156
157  done:
158         prs_mem_free(&qbuf);
159         prs_mem_free(&rbuf);
160         
161         return result;
162 }
163
164 /* Initialize domain session credentials */
165
166 NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, 
167                                 unsigned char mach_pwd[16])
168 {
169         DOM_CHAL clnt_chal;
170         DOM_CHAL srv_chal;
171         UTIME zerotime;
172         NTSTATUS result;
173
174         /******************* Request Challenge ********************/
175
176         generate_random_buffer(clnt_chal.data, 8, False);
177         
178         /* send a client challenge; receive a server challenge */
179         result = new_cli_net_req_chal(cli, &clnt_chal, &srv_chal);
180
181         if (!NT_STATUS_IS_OK(result)) {
182                 DEBUG(0,("cli_nt_setup_creds: request challenge failed\n"));
183                 return result;
184         }
185         
186         /**************** Long-term Session key **************/
187
188         /* calculate the session key */
189         cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, 
190                          cli->sess_key);
191         memset((char *)cli->sess_key+8, '\0', 8);
192
193         /******************* Authenticate 2 ********************/
194
195         /* calculate auth-2 credentials */
196         zerotime.time = 0;
197         cred_create(cli->sess_key, &clnt_chal, zerotime, 
198                     &cli->clnt_cred.challenge);
199
200         /*  
201          * Send client auth-2 challenge.
202          * Receive an auth-2 challenge response and check it.
203          */
204         
205         result = new_cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
206                                    SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, 
207                                    &srv_chal);
208         if (!NT_STATUS_IS_OK(result)) {
209                 DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed %s\n",
210                          get_nt_error_msg(result)));
211         }
212
213         return result;
214 }
215
216 /* Logon Control 2 */
217
218 NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
219                                   uint32 query_level)
220 {
221         prs_struct qbuf, rbuf;
222         NET_Q_LOGON_CTRL2 q;
223         NET_R_LOGON_CTRL2 r;
224         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
225
226         ZERO_STRUCT(q);
227         ZERO_STRUCT(r);
228
229         /* Initialise parse structures */
230
231         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
232         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
233
234         /* Initialise input parameters */
235
236         init_net_q_logon_ctrl2(&q, cli->srv_name_slash, query_level);
237
238         /* Marshall data and send request */
239
240         if (!net_io_q_logon_ctrl2("", &q, &qbuf, 0) ||
241             !rpc_api_pipe_req(cli, NET_LOGON_CTRL2, &qbuf, &rbuf)) {
242                 result = NT_STATUS_UNSUCCESSFUL;
243                 goto done;
244         }
245
246         /* Unmarshall response */
247
248         if (!net_io_r_logon_ctrl2("", &r, &rbuf, 0)) {
249                 result = NT_STATUS_UNSUCCESSFUL;
250                 goto done;
251         }
252
253         result = r.status;
254
255  done:
256         prs_mem_free(&qbuf);
257         prs_mem_free(&rbuf);
258
259         return result;
260 }
261
262 /****************************************************************************
263 Generate the next creds to use.  Yuck - this is a cut&paste from another
264 file.  They should be combined at some stage.  )-:
265 ****************************************************************************/
266
267 static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred)
268 {
269   /*
270    * Create the new client credentials.
271    */
272
273   cli->clnt_cred.timestamp.time = time(NULL);
274
275   memcpy(new_clnt_cred, &cli->clnt_cred, sizeof(*new_clnt_cred));
276
277   /* Calculate the new credentials. */
278   cred_create(cli->sess_key, &(cli->clnt_cred.challenge),
279               new_clnt_cred->timestamp, &(new_clnt_cred->challenge));
280
281 }
282
283 /* Sam synchronisation */
284
285 NTSTATUS cli_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, DOM_CRED *ret_creds,
286                                uint32 database_id, uint32 *num_deltas,
287                                SAM_DELTA_HDR **hdr_deltas, 
288                                SAM_DELTA_CTR **deltas)
289 {
290         prs_struct qbuf, rbuf;
291         NET_Q_SAM_SYNC q;
292         NET_R_SAM_SYNC r;
293         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
294         DOM_CRED clnt_creds;
295
296         ZERO_STRUCT(q);
297         ZERO_STRUCT(r);
298
299         /* Initialise parse structures */
300
301         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
302         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
303
304         /* Initialise input parameters */
305
306         gen_next_creds(cli, &clnt_creds);
307
308         init_net_q_sam_sync(&q, cli->srv_name_slash, cli->clnt_name_slash + 2,
309                             &clnt_creds, ret_creds, database_id);
310
311         /* Marshall data and send request */
312
313         if (!net_io_q_sam_sync("", &q, &qbuf, 0) ||
314             !rpc_api_pipe_req(cli, NET_SAM_SYNC, &qbuf, &rbuf)) {
315                 result = NT_STATUS_UNSUCCESSFUL;
316                 goto done;
317         }
318
319         /* Unmarshall response */
320
321         if (!net_io_r_sam_sync("", cli->sess_key, &r, &rbuf, 0)) {
322                 result = NT_STATUS_UNSUCCESSFUL;
323                 goto done;
324         }
325
326         /* Return results */
327
328         result = r.status;
329         *num_deltas = r.num_deltas2;
330         *hdr_deltas = r.hdr_deltas;
331         *deltas = r.deltas;
332
333         memcpy(ret_creds, &r.srv_creds, sizeof(*ret_creds));
334
335  done:
336         prs_mem_free(&qbuf);
337         prs_mem_free(&rbuf);
338
339         return result;
340 }
341
342 /* Sam synchronisation */
343
344 NTSTATUS cli_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx,
345                                  uint32 database_id, UINT64_S seqnum,
346                                  uint32 *num_deltas, 
347                                  SAM_DELTA_HDR **hdr_deltas, 
348                                  SAM_DELTA_CTR **deltas)
349 {
350         prs_struct qbuf, rbuf;
351         NET_Q_SAM_DELTAS q;
352         NET_R_SAM_DELTAS r;
353         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
354         DOM_CRED clnt_creds;
355
356         ZERO_STRUCT(q);
357         ZERO_STRUCT(r);
358
359         /* Initialise parse structures */
360
361         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
362         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
363
364         /* Initialise input parameters */
365
366         gen_next_creds(cli, &clnt_creds);
367
368         init_net_q_sam_deltas(&q, cli->srv_name_slash, 
369                               cli->clnt_name_slash + 2, &clnt_creds, 
370                               database_id, seqnum);
371
372         /* Marshall data and send request */
373
374         if (!net_io_q_sam_deltas("", &q, &qbuf, 0) ||
375             !rpc_api_pipe_req(cli, NET_SAM_DELTAS, &qbuf, &rbuf)) {
376                 result = NT_STATUS_UNSUCCESSFUL;
377                 goto done;
378         }
379
380         /* Unmarshall response */
381
382         if (!net_io_r_sam_deltas("", cli->sess_key, &r, &rbuf, 0)) {
383                 result = NT_STATUS_UNSUCCESSFUL;
384                 goto done;
385         }
386
387         /* Return results */
388
389         result = r.status;
390         *num_deltas = r.num_deltas2;
391         *hdr_deltas = r.hdr_deltas;
392         *deltas = r.deltas;
393
394  done:
395         prs_mem_free(&qbuf);
396         prs_mem_free(&rbuf);
397
398         return result;
399 }
400
401 /* Logon domain user */
402
403 NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
404                                 char *username, char *password,
405                                 int logon_type)
406 {
407         prs_struct qbuf, rbuf;
408         NET_Q_SAM_LOGON q;
409         NET_R_SAM_LOGON r;
410         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
411         DOM_CRED clnt_creds, dummy_rtn_creds;
412         extern pstring global_myname;
413         NET_ID_INFO_CTR ctr;
414         NET_USER_INFO_3 user;
415         int validation_level = 3;
416
417         ZERO_STRUCT(q);
418         ZERO_STRUCT(r);
419
420         /* Initialise parse structures */
421
422         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
423         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
424
425         /* Initialise input parameters */
426
427         gen_next_creds(cli, &clnt_creds);
428
429         q.validation_level = validation_level;
430
431         memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
432         dummy_rtn_creds.timestamp.time = time(NULL);
433
434         ctr.switch_value = logon_type;
435
436         switch (logon_type) {
437         case INTERACTIVE_LOGON_TYPE: {
438                 unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
439
440                 nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
441
442                 init_id_info1(&ctr.auth.id1, lp_workgroup(), 
443                               0, /* param_ctrl */
444                               0xdead, 0xbeef, /* LUID? */
445                               username, cli->clnt_name_slash,
446                               cli->sess_key, lm_owf_user_pwd,
447                               nt_owf_user_pwd);
448
449                 break;
450         }
451         case NET_LOGON_TYPE: {
452                 uint8 chal[8];
453                 unsigned char local_lm_response[24];
454                 unsigned char local_nt_response[24];
455
456                 generate_random_buffer(chal, 8, False);
457
458                 SMBencrypt(password, chal, local_lm_response);
459                 SMBNTencrypt(password, chal, local_nt_response);
460
461                 init_id_info2(&ctr.auth.id2, lp_workgroup(), 
462                               0, /* param_ctrl */
463                               0xdead, 0xbeef, /* LUID? */
464                               username, cli->clnt_name_slash, chal,
465                               local_lm_response, 24, local_nt_response, 24);
466                 break;
467         }
468         default:
469                 DEBUG(0, ("switch value %d not supported\n", 
470                           ctr.switch_value));
471                 goto done;
472         }
473
474         init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname,
475                       &clnt_creds, &dummy_rtn_creds, logon_type,
476                       &ctr);
477
478         /* Marshall data and send request */
479
480         if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
481             !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
482                 goto done;
483         }
484
485         /* Unmarshall response */
486
487         r.user = &user;
488
489         if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
490                 goto done;
491         }
492
493         /* Return results */
494
495         result = r.status;
496
497  done:
498         prs_mem_free(&qbuf);
499         prs_mem_free(&rbuf);
500
501         return result;
502 }
503
504
505 /** 
506  * Logon domain user with an 'network' SAM logon 
507  *
508  * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
509  **/
510
511 NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx,
512                                         const char *username, const char *domain, const char *workstation, 
513                                         const uint8 chal[8],
514                                         DATA_BLOB lm_response, DATA_BLOB nt_response,
515                                         NET_USER_INFO_3 *info3)
516
517 {
518         prs_struct qbuf, rbuf;
519         NET_Q_SAM_LOGON q;
520         NET_R_SAM_LOGON r;
521         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
522         DOM_CRED clnt_creds, dummy_rtn_creds;
523         NET_ID_INFO_CTR ctr;
524         extern pstring global_myname;
525         int validation_level = 3;
526         char *workstation_name_slash;
527         
528         ZERO_STRUCT(q);
529         ZERO_STRUCT(r);
530
531         workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
532         
533         if (!workstation_name_slash) {
534                 DEBUG(0, ("talloc_asprintf failed!\n"));
535                 return NT_STATUS_NO_MEMORY;
536         }
537
538         /* Initialise parse structures */
539
540         prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
541         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
542
543         /* Initialise input parameters */
544
545         gen_next_creds(cli, &clnt_creds);
546
547         q.validation_level = validation_level;
548
549         memset(&dummy_rtn_creds, '\0', sizeof(dummy_rtn_creds));
550         dummy_rtn_creds.timestamp.time = time(NULL);
551
552         ctr.switch_value = NET_LOGON_TYPE;
553
554         init_id_info2(&ctr.auth.id2, domain,
555                       0, /* param_ctrl */
556                       0xdead, 0xbeef, /* LUID? */
557                       username, workstation_name_slash, (const uchar*)chal,
558                       lm_response.data, lm_response.length, nt_response.data, nt_response.length);
559  
560         init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname,
561                       &clnt_creds, &dummy_rtn_creds, NET_LOGON_TYPE,
562                       &ctr);
563
564         /* Marshall data and send request */
565
566         if (!net_io_q_sam_logon("", &q, &qbuf, 0) ||
567             !rpc_api_pipe_req(cli, NET_SAMLOGON, &qbuf, &rbuf)) {
568                 goto done;
569         }
570
571         /* Unmarshall response */
572
573         r.user = info3;
574
575         if (!net_io_r_sam_logon("", &r, &rbuf, 0)) {
576                 goto done;
577         }
578
579         /* Return results */
580
581         result = r.status;
582
583  done:
584         prs_mem_free(&qbuf);
585         prs_mem_free(&rbuf);
586
587         return result;
588 }
589
590 /***************************************************************************
591 LSA Server Password Set.
592 ****************************************************************************/
593
594 NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
595                            char* machine_name, uint8 hashed_mach_pwd[16])
596 {
597         prs_struct rbuf;
598         prs_struct qbuf; 
599         DOM_CRED new_clnt_cred;
600         NET_Q_SRV_PWSET q_s;
601         uint16 sec_chan_type = 2;
602         NTSTATUS nt_status;
603         char *mach_acct;
604
605         gen_next_creds( cli, &new_clnt_cred);
606         
607         prs_init(&qbuf , 1024, mem_ctx, MARSHALL);
608         prs_init(&rbuf, 0,    mem_ctx, UNMARSHALL);
609         
610         /* create and send a MSRPC command with api NET_SRV_PWSET */
611         
612         mach_acct = talloc_asprintf(mem_ctx, "%s$", machine_name);
613         
614         if (!mach_acct) {
615                 DEBUG(0,("talloc_asprintf failed!\n"));
616                 nt_status = NT_STATUS_NO_MEMORY;
617                 goto done;
618         }
619
620         DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s clnt %s %x\n",
621                  cli->srv_name_slash, mach_acct, sec_chan_type, machine_name,
622                  credstr(new_clnt_cred.challenge.data), new_clnt_cred.timestamp.time));
623         
624         /* store the parameters */
625         init_q_srv_pwset(&q_s, cli->srv_name_slash, cli->sess_key,
626                          mach_acct, sec_chan_type, machine_name, 
627                          &new_clnt_cred, (char *)hashed_mach_pwd);
628         
629         /* turn parameters into data stream */
630         if(!net_io_q_srv_pwset("", &q_s,  &qbuf, 0)) {
631                 DEBUG(0,("cli_net_srv_pwset: Error : failed to marshall NET_Q_SRV_PWSET struct.\n"));
632                 nt_status = NT_STATUS_UNSUCCESSFUL;
633                 goto done;
634         }
635         
636         /* send the data on \PIPE\ */
637         if (rpc_api_pipe_req(cli, NET_SRVPWSET, &qbuf, &rbuf))
638         {
639                 NET_R_SRV_PWSET r_s;
640                 
641                 if (!net_io_r_srv_pwset("", &r_s, &rbuf, 0)) {
642                         nt_status =  NT_STATUS_UNSUCCESSFUL;
643                         goto done;
644                 }
645                 
646                 nt_status = r_s.status;
647
648                 if (!NT_STATUS_IS_OK(r_s.status))
649                 {
650                         /* report error code */
651                         DEBUG(0,("cli_net_srv_pwset: %s\n", get_nt_error_msg(nt_status)));
652                         goto done;
653                 }
654
655                 /* Update the credentials. */
656                 if (!clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &(r_s.srv_cred)))
657                 {
658                         /*
659                          * Server replied with bad credential. Fail.
660                          */
661                         DEBUG(0,("cli_net_srv_pwset: server %s replied with bad credential (bad machine \
662 password ?).\n", cli->desthost ));
663                         nt_status = NT_STATUS_UNSUCCESSFUL;
664                 }
665         }
666
667  done:
668         prs_mem_free(&qbuf);
669         prs_mem_free(&rbuf);
670         
671         return nt_status;
672 }
673