source4/winbind/wb_connect_sam.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Connect to the SAMR pipe, given an smbcli_tree and possibly some
   5    credentials. Try ntlmssp, schannel and anon in that order.
   6
   7    Copyright (C) Volker Lendecke 2005
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 #include "includes.h"
  25 #include "libcli/composite/composite.h"
  26
  27 #include "libcli/raw/libcliraw.h"
  28 #include "librpc/gen_ndr/ndr_samr.h"
  29
  30
  31 /* Helper to initialize SAMR with a specific auth methods. Verify by opening
  32  * the SAM handle */
  33
  34 struct connect_samr_state {
  35         struct composite_context *ctx;
  36         uint8_t auth_type;
  37         struct cli_credentials *creds;
  38         struct dom_sid *sid;
  39
  40         struct dcerpc_pipe *samr_pipe;
  41         struct policy_handle *connect_handle;
  42         struct policy_handle *domain_handle;
  43
  44         struct samr_Connect2 c;
  45         struct samr_OpenDomain o;
  46 };
  47
  48 static void connect_samr_recv_pipe(struct composite_context *ctx);
  49 static void connect_samr_recv_conn(struct rpc_request *req);
  50 static void connect_samr_recv_open(struct rpc_request *req);
  51
  52 struct composite_context *wb_connect_sam_send(struct smbcli_tree *tree,
  53                                               uint8_t auth_type,
  54                                               struct cli_credentials *creds,
  55                                               const struct dom_sid *domain_sid)
  56 {
  57         struct composite_context *result, *ctx;
  58         struct connect_samr_state *state;
  59
  60         result = talloc(NULL, struct composite_context);
  61         if (result == NULL) goto failed;
  62         result->state = COMPOSITE_STATE_IN_PROGRESS;
  63         result->async.fn = NULL;
  64         result->event_ctx = tree->session->transport->socket->event.ctx;
  65
  66         state = talloc(result, struct connect_samr_state);
  67         if (state == NULL) goto failed;
  68         state->ctx = result;
  69         result->private_data = state;
  70
  71         state->auth_type = auth_type;
  72         state->creds = creds;
  73         state->sid = dom_sid_dup(state, domain_sid);
  74         if (state->sid == NULL) goto failed;
  75
  76         state->samr_pipe = dcerpc_pipe_init(state, result->event_ctx);
  77         if (state->samr_pipe == NULL) goto failed;
  78
  79         ctx = dcerpc_pipe_open_smb_send(state->samr_pipe->conn, tree,
  80                                         "\\samr");
  81         ctx->async.fn = connect_samr_recv_pipe;
  82         ctx->async.private_data = state;
  83         return result;
  84
  85  failed:
  86         talloc_free(result);
  87         return NULL;
  88 }
  89
  90 static void connect_samr_recv_pipe(struct composite_context *ctx)
  91 {
  92         struct connect_samr_state *state =
  93                 talloc_get_type(ctx->async.private_data,
  94                                 struct connect_samr_state);
  95         struct rpc_request *req;
  96
  97         state->ctx->status = dcerpc_pipe_open_smb_recv(ctx);
  98         if (!composite_is_ok(state->ctx)) return;
  99
 100         switch (state->auth_type) {
 101         case DCERPC_AUTH_TYPE_NONE:
 102                 state->ctx->status =
 103                         dcerpc_bind_auth_none(state->samr_pipe,
 104                                               DCERPC_SAMR_UUID,
 105                                               DCERPC_SAMR_VERSION);
 106                 break;
 107         case DCERPC_AUTH_TYPE_NTLMSSP:
 108         case DCERPC_AUTH_TYPE_SCHANNEL:
 109                 if (state->creds == NULL) {
 110                         composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
 111                         return;
 112                 }
 113                 state->samr_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
 114                 state->ctx->status =
 115                         dcerpc_bind_auth_password(state->samr_pipe,
 116                                                   DCERPC_SAMR_UUID,
 117                                                   DCERPC_SAMR_VERSION,
 118                                                   state->creds,
 119                                                   state->auth_type,
 120                                                   NULL);
 121                 break;
 122         default:
 123                 state->ctx->status = NT_STATUS_INTERNAL_ERROR;
 124
 125         }
 126
 127         state->connect_handle = talloc(state, struct policy_handle);
 128         if (composite_nomem(state->connect_handle, state->ctx)) return;
 129
 130         state->c.in.system_name =
 131                 talloc_asprintf(state, "\\\\%s",
 132                                 dcerpc_server_name(state->samr_pipe));
 133         state->c.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 134         state->c.out.connect_handle = state->connect_handle;
 135
 136         req = dcerpc_samr_Connect2_send(state->samr_pipe, state, &state->c);
 137         composite_continue_rpc(state->ctx, req, connect_samr_recv_conn, state);
 138 }
 139
 140 static void connect_samr_recv_conn(struct rpc_request *req)
 141 {
 142         struct connect_samr_state *state =
 143                 talloc_get_type(req->async.private,
 144                                 struct connect_samr_state);
 145
 146         state->ctx->status = dcerpc_ndr_request_recv(req);
 147         if (!composite_is_ok(state->ctx)) return;
 148         state->ctx->status = state->c.out.result;
 149         if (!composite_is_ok(state->ctx)) return;
 150
 151         state->domain_handle = talloc(state, struct policy_handle);
 152         if (composite_nomem(state->domain_handle, state->ctx)) return;
 153
 154         state->o.in.connect_handle = state->connect_handle;
 155         state->o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 156         state->o.in.sid = state->sid;
 157         state->o.out.domain_handle = state->domain_handle;
 158
 159         req = dcerpc_samr_OpenDomain_send(state->samr_pipe, state, &state->o);
 160         composite_continue_rpc(state->ctx, req,
 161                                connect_samr_recv_open, state);
 162 }
 163
 164 static void connect_samr_recv_open(struct rpc_request *req)
 165 {
 166         struct connect_samr_state *state =
 167                 talloc_get_type(req->async.private,
 168                                 struct connect_samr_state);
 169
 170         state->ctx->status = dcerpc_ndr_request_recv(req);
 171         if (!composite_is_ok(state->ctx)) return;
 172         state->ctx->status = state->o.out.result;
 173         if (!composite_is_ok(state->ctx)) return;
 174
 175         composite_done(state->ctx);
 176 }
 177
 178 NTSTATUS wb_connect_sam_recv(struct composite_context *c,
 179                              TALLOC_CTX *mem_ctx,
 180                              struct dcerpc_pipe **samr_pipe,
 181                              struct policy_handle **connect_handle,
 182                              struct policy_handle **domain_handle)
 183 {
 184         NTSTATUS status = composite_wait(c);
 185         if (NT_STATUS_IS_OK(status)) {
 186                 struct connect_samr_state *state =
 187                         talloc_get_type(c->private_data,
 188                                         struct connect_samr_state);
 189                 *samr_pipe = talloc_steal(mem_ctx, state->samr_pipe);
 190                 *connect_handle = talloc_steal(mem_ctx, state->connect_handle);
 191                 *domain_handle = talloc_steal(mem_ctx, state->domain_handle);
 192         }
 193         talloc_free(c);
 194         return status;
 195 }
 196
 197 NTSTATUS wb_connect_sam(struct smbcli_tree *tree,
 198                         uint8_t auth_type,
 199                         struct cli_credentials *creds,
 200                         const struct dom_sid *domain_sid,
 201                         TALLOC_CTX *mem_ctx,
 202                         struct dcerpc_pipe **samr_pipe,
 203                         struct policy_handle **connect_handle,
 204                         struct policy_handle **domain_handle)
 205 {
 206         struct composite_context *c =
 207                 wb_connect_sam_send(tree, auth_type, creds, domain_sid);
 208         return wb_connect_sam_recv(c, mem_ctx, samr_pipe, connect_handle,
 209                                    domain_handle);
 210 }