source3/rpc_client/cli_samr.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    RPC pipe client
   4    Copyright (C) Tim Potter                        2000-2001,
   5    Copyright (C) Andrew Tridgell              1992-1997,2000,
   6    Copyright (C) Rafal Szczesniak                       2002.
   7    Copyright (C) Jeremy Allison                         2005.
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24
  25 static void init_lsa_String(struct lsa_String *name, const char *s)
  26 {
  27         name->string = s;
  28 }
  29
  30 /* Query user info */
  31
  32 NTSTATUS rpccli_samr_query_userinfo(struct rpc_pipe_client *cli,
  33                                     TALLOC_CTX *mem_ctx,
  34                                     const POLICY_HND *user_pol,
  35                                     uint16 switch_value,
  36                                     SAM_USERINFO_CTR **ctr)
  37 {
  38         prs_struct qbuf, rbuf;
  39         SAMR_Q_QUERY_USERINFO q;
  40         SAMR_R_QUERY_USERINFO r;
  41         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  42
  43         DEBUG(10,("cli_samr_query_userinfo\n"));
  44
  45         ZERO_STRUCT(q);
  46         ZERO_STRUCT(r);
  47
  48         /* Marshall data and send request */
  49
  50         init_samr_q_query_userinfo(&q, user_pol, switch_value);
  51
  52         CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERINFO,
  53                 q, r,
  54                 qbuf, rbuf,
  55                 samr_io_q_query_userinfo,
  56                 samr_io_r_query_userinfo,
  57                 NT_STATUS_UNSUCCESSFUL);
  58
  59         /* Return output parameters */
  60
  61         result = r.status;
  62         *ctr = r.ctr;
  63
  64         return result;
  65 }
  66
  67 /* Enumerate domain groups */
  68
  69 NTSTATUS rpccli_samr_enum_dom_groups(struct rpc_pipe_client *cli,
  70                                      TALLOC_CTX *mem_ctx,
  71                                      POLICY_HND *pol, uint32 *start_idx,
  72                                      uint32 size, struct acct_info **dom_groups,
  73                                      uint32 *num_dom_groups)
  74 {
  75         prs_struct qbuf, rbuf;
  76         SAMR_Q_ENUM_DOM_GROUPS q;
  77         SAMR_R_ENUM_DOM_GROUPS r;
  78         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
  79         uint32 name_idx, i;
  80
  81         DEBUG(10,("cli_samr_enum_dom_groups starting at index %u\n", (unsigned int)*start_idx));
  82
  83         ZERO_STRUCT(q);
  84         ZERO_STRUCT(r);
  85
  86         /* Marshall data and send request */
  87
  88         init_samr_q_enum_dom_groups(&q, pol, *start_idx, size);
  89
  90         CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_GROUPS,
  91                 q, r,
  92                 qbuf, rbuf,
  93                 samr_io_q_enum_dom_groups,
  94                 samr_io_r_enum_dom_groups,
  95                 NT_STATUS_UNSUCCESSFUL);
  96
  97         /* Return output parameters */
  98
  99         result = r.status;
 100
 101         if (!NT_STATUS_IS_OK(result) &&
 102             NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
 103                 goto done;
 104
 105         *num_dom_groups = r.num_entries2;
 106
 107         if (*num_dom_groups == 0)
 108                 goto done;
 109
 110         if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
 111                 result = NT_STATUS_NO_MEMORY;
 112                 goto done;
 113         }
 114
 115         memset(*dom_groups, 0, sizeof(struct acct_info) * (*num_dom_groups));
 116
 117         name_idx = 0;
 118
 119         for (i = 0; i < *num_dom_groups; i++) {
 120
 121                 (*dom_groups)[i].rid = r.sam[i].rid;
 122
 123                 if (r.sam[i].hdr_name.buffer) {
 124                         unistr2_to_ascii((*dom_groups)[i].acct_name,
 125                                          &r.uni_grp_name[name_idx],
 126                                          sizeof((*dom_groups)[i].acct_name));
 127                         name_idx++;
 128                 }
 129
 130                 *start_idx = r.next_idx;
 131         }
 132
 133  done:
 134         return result;
 135 }
 136
 137 /* Enumerate domain groups */
 138
 139 NTSTATUS rpccli_samr_enum_als_groups(struct rpc_pipe_client *cli,
 140                                      TALLOC_CTX *mem_ctx,
 141                                      POLICY_HND *pol, uint32 *start_idx,
 142                                      uint32 size, struct acct_info **dom_aliases,
 143                                      uint32 *num_dom_aliases)
 144 {
 145         prs_struct qbuf, rbuf;
 146         SAMR_Q_ENUM_DOM_ALIASES q;
 147         SAMR_R_ENUM_DOM_ALIASES r;
 148         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 149         uint32 name_idx, i;
 150
 151         DEBUG(10,("cli_samr_enum_als_groups starting at index %u\n", (unsigned int)*start_idx));
 152
 153         ZERO_STRUCT(q);
 154         ZERO_STRUCT(r);
 155
 156         /* Marshall data and send request */
 157
 158         init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size);
 159
 160         CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_ALIASES,
 161                 q, r,
 162                 qbuf, rbuf,
 163                 samr_io_q_enum_dom_aliases,
 164                 samr_io_r_enum_dom_aliases,
 165                 NT_STATUS_UNSUCCESSFUL);
 166
 167         /* Return output parameters */
 168
 169         result = r.status;
 170
 171         if (!NT_STATUS_IS_OK(result) &&
 172             NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 173                 goto done;
 174         }
 175
 176         *num_dom_aliases = r.num_entries2;
 177
 178         if (*num_dom_aliases == 0)
 179                 goto done;
 180
 181         if (!((*dom_aliases) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_aliases))) {
 182                 result = NT_STATUS_NO_MEMORY;
 183                 goto done;
 184         }
 185
 186         memset(*dom_aliases, 0, sizeof(struct acct_info) * *num_dom_aliases);
 187
 188         name_idx = 0;
 189
 190         for (i = 0; i < *num_dom_aliases; i++) {
 191
 192                 (*dom_aliases)[i].rid = r.sam[i].rid;
 193
 194                 if (r.sam[i].hdr_name.buffer) {
 195                         unistr2_to_ascii((*dom_aliases)[i].acct_name,
 196                                          &r.uni_grp_name[name_idx],
 197                                          sizeof((*dom_aliases)[i].acct_name));
 198                         name_idx++;
 199                 }
 200
 201                 *start_idx = r.next_idx;
 202         }
 203
 204  done:
 205         return result;
 206 }
 207
 208 /* User change password */
 209
 210 NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
 211                                     TALLOC_CTX *mem_ctx,
 212                                     const char *username,
 213                                     const char *newpassword,
 214                                     const char *oldpassword)
 215 {
 216         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 217         struct samr_CryptPassword new_nt_password;
 218         struct samr_CryptPassword new_lm_password;
 219         struct samr_Password old_nt_hash_enc;
 220         struct samr_Password old_lanman_hash_enc;
 221
 222         uchar old_nt_hash[16];
 223         uchar old_lanman_hash[16];
 224         uchar new_nt_hash[16];
 225         uchar new_lanman_hash[16];
 226         struct lsa_String server, account;
 227         char *srv_name_slash = NULL;
 228
 229         DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
 230
 231         init_lsa_String(&server, srv_name_slash);
 232         init_lsa_String(&account, username);
 233
 234         srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
 235         if (!srv_name_slash) {
 236                 return NT_STATUS_NO_MEMORY;
 237         }
 238
 239         /* Calculate the MD4 hash (NT compatible) of the password */
 240         E_md4hash(oldpassword, old_nt_hash);
 241         E_md4hash(newpassword, new_nt_hash);
 242
 243         if (lp_client_lanman_auth() &&
 244             E_deshash(newpassword, new_lanman_hash) &&
 245             E_deshash(oldpassword, old_lanman_hash)) {
 246                 /* E_deshash returns false for 'long' passwords (> 14
 247                    DOS chars).  This allows us to match Win2k, which
 248                    does not store a LM hash for these passwords (which
 249                    would reduce the effective password length to 14) */
 250
 251                 encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
 252
 253                 SamOEMhash(new_lm_password.data, old_nt_hash, 516);
 254                 E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
 255         } else {
 256                 ZERO_STRUCT(new_lm_password);
 257                 ZERO_STRUCT(old_lanman_hash_enc);
 258         }
 259
 260         encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
 261
 262         SamOEMhash(new_nt_password.data, old_nt_hash, 516);
 263         E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 264
 265         result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
 266                                                  &server,
 267                                                  &account,
 268                                                  &new_nt_password,
 269                                                  &old_nt_hash_enc,
 270                                                  true,
 271                                                  &new_lm_password,
 272                                                  &old_lanman_hash_enc);
 273
 274         return result;
 275 }
 276
 277 /* User change password given blobs */
 278
 279 NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
 280                                          TALLOC_CTX *mem_ctx,
 281                                          const char *username,
 282                                          DATA_BLOB new_nt_password_blob,
 283                                          DATA_BLOB old_nt_hash_enc_blob,
 284                                          DATA_BLOB new_lm_password_blob,
 285                                          DATA_BLOB old_lm_hash_enc_blob)
 286 {
 287         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 288         struct samr_CryptPassword new_nt_password;
 289         struct samr_CryptPassword new_lm_password;
 290         struct samr_Password old_nt_hash_enc;
 291         struct samr_Password old_lm_hash_enc;
 292         struct lsa_String server, account;
 293         char *srv_name_slash = NULL;
 294
 295         DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
 296
 297         srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
 298         if (!srv_name_slash) {
 299                 return NT_STATUS_NO_MEMORY;
 300         }
 301
 302         init_lsa_String(&server, srv_name_slash);
 303         init_lsa_String(&account, username);
 304
 305         memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
 306         memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
 307         memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
 308         memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
 309
 310         result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
 311                                                  &server,
 312                                                  &account,
 313                                                  &new_nt_password,
 314                                                  &old_nt_hash_enc,
 315                                                  true,
 316                                                  &new_lm_password,
 317                                                  &old_lm_hash_enc);
 318         return result;
 319 }
 320
 321
 322 /* change password 3 */
 323
 324 NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,
 325                                 TALLOC_CTX *mem_ctx,
 326                                 const char *username,
 327                                 const char *newpassword,
 328                                 const char *oldpassword,
 329                                 struct samr_DomInfo1 **dominfo1,
 330                                 struct samr_ChangeReject **reject)
 331 {
 332         NTSTATUS status;
 333
 334         struct samr_CryptPassword new_nt_password;
 335         struct samr_CryptPassword new_lm_password;
 336         struct samr_Password old_nt_hash_enc;
 337         struct samr_Password old_lanman_hash_enc;
 338
 339         uchar old_nt_hash[16];
 340         uchar old_lanman_hash[16];
 341         uchar new_nt_hash[16];
 342         uchar new_lanman_hash[16];
 343
 344         struct lsa_String server, account;
 345         char *srv_name_slash = NULL;
 346
 347         DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
 348
 349         srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
 350         if (!srv_name_slash) {
 351                 return NT_STATUS_NO_MEMORY;
 352         }
 353
 354         init_lsa_String(&server, srv_name_slash);
 355         init_lsa_String(&account, username);
 356
 357         /* Calculate the MD4 hash (NT compatible) of the password */
 358         E_md4hash(oldpassword, old_nt_hash);
 359         E_md4hash(newpassword, new_nt_hash);
 360
 361         if (lp_client_lanman_auth() &&
 362             E_deshash(newpassword, new_lanman_hash) &&
 363             E_deshash(oldpassword, old_lanman_hash)) {
 364                 /* E_deshash returns false for 'long' passwords (> 14
 365                    DOS chars).  This allows us to match Win2k, which
 366                    does not store a LM hash for these passwords (which
 367                    would reduce the effective password length to 14) */
 368
 369                 encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
 370
 371                 SamOEMhash(new_lm_password.data, old_nt_hash, 516);
 372                 E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
 373         } else {
 374                 ZERO_STRUCT(new_lm_password);
 375                 ZERO_STRUCT(old_lanman_hash_enc);
 376         }
 377
 378         encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
 379
 380         SamOEMhash(new_nt_password.data, old_nt_hash, 516);
 381         E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 382
 383         status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
 384                                                  &server,
 385                                                  &account,
 386                                                  &new_nt_password,
 387                                                  &old_nt_hash_enc,
 388                                                  true,
 389                                                  &new_lm_password,
 390                                                  &old_lanman_hash_enc,
 391                                                  NULL,
 392                                                  dominfo1,
 393                                                  reject);
 394         return status;
 395 }
 396
 397 /* This function returns the bizzare set of (max_entries, max_size) required
 398    for the QueryDisplayInfo RPC to actually work against a domain controller
 399    with large (10k and higher) numbers of users.  These values were
 400    obtained by inspection using ethereal and NT4 running User Manager. */
 401
 402 void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
 403                                uint32 *max_size)
 404 {
 405         switch(loop_count) {
 406         case 0:
 407                 *max_entries = 512;
 408                 *max_size = 16383;
 409                 break;
 410         case 1:
 411                 *max_entries = 1024;
 412                 *max_size = 32766;
 413                 break;
 414         case 2:
 415                 *max_entries = 2048;
 416                 *max_size = 65532;
 417                 break;
 418         case 3:
 419                 *max_entries = 4096;
 420                 *max_size = 131064;
 421                 break;
 422         default:              /* loop_count >= 4 */
 423                 *max_entries = 4096;
 424                 *max_size = 131071;
 425                 break;
 426         }
 427 }
 428
 429 /* Lookup rids.  Note that NT4 seems to crash if more than ~1000 rids are
 430    looked up in one packet. */
 431
 432 NTSTATUS rpccli_samr_lookup_rids(struct rpc_pipe_client *cli,
 433                                  TALLOC_CTX *mem_ctx,
 434                                  POLICY_HND *domain_pol,
 435                                  uint32 num_rids, uint32 *rids,
 436                                  uint32 *num_names, char ***names,
 437                                  uint32 **name_types)
 438 {
 439         prs_struct qbuf, rbuf;
 440         SAMR_Q_LOOKUP_RIDS q;
 441         SAMR_R_LOOKUP_RIDS r;
 442         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 443         uint32 i;
 444
 445         DEBUG(10,("cli_samr_lookup_rids\n"));
 446
 447         if (num_rids > 1000) {
 448                 DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if "
 449                           "more than ~1000 rids are looked up at once.\n"));
 450         }
 451
 452         ZERO_STRUCT(q);
 453         ZERO_STRUCT(r);
 454
 455         /* Marshall data and send request */
 456
 457         init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, 1000, num_rids, rids);
 458
 459         CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_RIDS,
 460                 q, r,
 461                 qbuf, rbuf,
 462                 samr_io_q_lookup_rids,
 463                 samr_io_r_lookup_rids,
 464                 NT_STATUS_UNSUCCESSFUL);
 465
 466         /* Return output parameters */
 467
 468         result = r.status;
 469
 470         if (!NT_STATUS_IS_OK(result) &&
 471             !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
 472                 goto done;
 473
 474         if (r.num_names1 == 0) {
 475                 *num_names = 0;
 476                 *names = NULL;
 477                 goto done;
 478         }
 479
 480         *num_names = r.num_names1;
 481         *names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1);
 482         *name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);
 483
 484         if ((*names == NULL) || (*name_types == NULL)) {
 485                 TALLOC_FREE(*names);
 486                 TALLOC_FREE(*name_types);
 487                 return NT_STATUS_NO_MEMORY;
 488         }
 489
 490         for (i = 0; i < r.num_names1; i++) {
 491                 fstring tmp;
 492
 493                 unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp));
 494                 (*names)[i] = talloc_strdup(mem_ctx, tmp);
 495                 (*name_types)[i] = r.type[i];
 496         }
 497
 498  done:
 499
 500         return result;
 501 }
 502
 503 /* Set userinfo */
 504
 505 NTSTATUS rpccli_samr_set_userinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 506                                const POLICY_HND *user_pol, uint16 switch_value,
 507                                DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
 508 {
 509         prs_struct qbuf, rbuf;
 510         SAMR_Q_SET_USERINFO q;
 511         SAMR_R_SET_USERINFO r;
 512         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 513
 514         DEBUG(10,("cli_samr_set_userinfo\n"));
 515
 516         ZERO_STRUCT(q);
 517         ZERO_STRUCT(r);
 518
 519         if (!sess_key->length) {
 520                 DEBUG(1, ("No user session key\n"));
 521                 return NT_STATUS_NO_USER_SESSION_KEY;
 522         }
 523
 524         /* Initialise parse structures */
 525
 526         prs_init(&qbuf, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
 527         prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 528
 529         /* Marshall data and send request */
 530
 531         q.ctr = ctr;
 532
 533         init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value,
 534                                  ctr->info.id);
 535
 536         CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO,
 537                 q, r,
 538                 qbuf, rbuf,
 539                 samr_io_q_set_userinfo,
 540                 samr_io_r_set_userinfo,
 541                 NT_STATUS_UNSUCCESSFUL);
 542
 543         /* Return output parameters */
 544
 545         if (!NT_STATUS_IS_OK(result = r.status)) {
 546                 goto done;
 547         }
 548
 549  done:
 550
 551         return result;
 552 }
 553
 554 /* Set userinfo2 */
 555
 556 NTSTATUS rpccli_samr_set_userinfo2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 557                                    const POLICY_HND *user_pol, uint16 switch_value,
 558                                 DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
 559 {
 560         prs_struct qbuf, rbuf;
 561         SAMR_Q_SET_USERINFO2 q;
 562         SAMR_R_SET_USERINFO2 r;
 563         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 564
 565         DEBUG(10,("cli_samr_set_userinfo2\n"));
 566
 567         if (!sess_key->length) {
 568                 DEBUG(1, ("No user session key\n"));
 569                 return NT_STATUS_NO_USER_SESSION_KEY;
 570         }
 571
 572         ZERO_STRUCT(q);
 573         ZERO_STRUCT(r);
 574
 575         /* Marshall data and send request */
 576
 577         init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr);
 578
 579         CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO2,
 580                 q, r,
 581                 qbuf, rbuf,
 582                 samr_io_q_set_userinfo2,
 583                 samr_io_r_set_userinfo2,
 584                 NT_STATUS_UNSUCCESSFUL);
 585
 586         /* Return output parameters */
 587
 588         if (!NT_STATUS_IS_OK(result = r.status)) {
 589                 goto done;
 590         }
 591
 592  done:
 593
 594         return result;
 595 }