Ejemplo n.º 1
0
NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
			 struct cli_state *cli,
			 struct GROUP_POLICY_OBJECT *gpo)
{
	NTSTATUS result;
	char *server, *service, *nt_path, *unix_path;
	char *nt_ini_path, *unix_ini_path;

	result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
					 &server, &service, &nt_path,
					 &unix_path);
	NT_STATUS_NOT_OK_RETURN(result);

	result = gpo_prepare_local_store(mem_ctx, unix_path);
	NT_STATUS_NOT_OK_RETURN(result);

	unix_ini_path = talloc_asprintf(mem_ctx, "%s/%s", unix_path, GPT_INI);
	nt_ini_path = talloc_asprintf(mem_ctx, "%s\\%s", nt_path, GPT_INI);
	NT_STATUS_HAVE_NO_MEMORY(unix_ini_path);
	NT_STATUS_HAVE_NO_MEMORY(nt_ini_path);

	result = gpo_copy_file(mem_ctx, cli, nt_ini_path, unix_ini_path);
	NT_STATUS_NOT_OK_RETURN(result);

	result = gpo_sync_directories(mem_ctx, cli, nt_path, unix_path);
	NT_STATUS_NOT_OK_RETURN(result);

	return NT_STATUS_OK;
}
Ejemplo n.º 2
0
/*
  setup our listening sockets on the configured network interfaces
*/
static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct loadparm_context *lp_ctx,
					  struct interface *ifaces)
{
	int i, num_interfaces;
	TALLOC_CTX *tmp_ctx = talloc_new(cldapd);
	NTSTATUS status;

	num_interfaces = iface_list_count(ifaces);

	/* if we are allowing incoming packets from any address, then
	   we need to bind to the wildcard address */
	if (!lpcfg_bind_interfaces_only(lp_ctx)) {
		const char **wcard = iface_list_wildcard(cldapd, lp_ctx);
		NT_STATUS_HAVE_NO_MEMORY(wcard);
		for (i=0; wcard[i]; i++) {
			status = cldapd_add_socket(cldapd, lp_ctx, wcard[i]);
			NT_STATUS_NOT_OK_RETURN(status);
		}
		talloc_free(wcard);
	}

	/* now we have to also listen on the specific interfaces,
	   so that replies always come from the right IP */
	for (i=0; i<num_interfaces; i++) {
		const char *address = talloc_strdup(tmp_ctx, iface_list_n_ip(ifaces, i));
		status = cldapd_add_socket(cldapd, lp_ctx, address);
		NT_STATUS_NOT_OK_RETURN(status);
	}

	talloc_free(tmp_ctx);

	return NT_STATUS_OK;
}
Ejemplo n.º 3
0
/*
  setup our listening sockets on the configured network interfaces
*/
NTSTATUS nbtd_startup_interfaces(struct nbtd_server *nbtsrv, struct loadparm_context *lp_ctx,
				 struct interface *ifaces)
{
	int num_interfaces = iface_count(ifaces);
	int i;
	TALLOC_CTX *tmp_ctx = talloc_new(nbtsrv);
	NTSTATUS status;

	/* if we are allowing incoming packets from any address, then
	   we also need to bind to the wildcard address */
	if (!lp_bind_interfaces_only(lp_ctx)) {
		const char *primary_address;

		/* the primary address is the address we will return
		   for non-WINS queries not made on a specific
		   interface */
		if (num_interfaces > 0) {
			primary_address = iface_n_ip(ifaces, 0);
		} else {
			primary_address = inet_ntoa(interpret_addr2(
							lp_netbios_name(lp_ctx)));
		}
		primary_address = talloc_strdup(tmp_ctx, primary_address);
		NT_STATUS_HAVE_NO_MEMORY(primary_address);

		status = nbtd_add_socket(nbtsrv, 
					 lp_ctx,
					 "0.0.0.0",
					 primary_address,
					 talloc_strdup(tmp_ctx, "255.255.255.255"),
					 talloc_strdup(tmp_ctx, "0.0.0.0"));
		NT_STATUS_NOT_OK_RETURN(status);
	}

	for (i=0; i<num_interfaces; i++) {
		const char *bcast = iface_n_bcast(ifaces, i);
		const char *address, *netmask;

		/* we can't assume every interface is broadcast capable */
		if (bcast == NULL) continue;

		address = talloc_strdup(tmp_ctx, iface_n_ip(ifaces, i));
		bcast   = talloc_strdup(tmp_ctx, bcast);
		netmask = talloc_strdup(tmp_ctx, iface_n_netmask(ifaces, i));

		status = nbtd_add_socket(nbtsrv, lp_ctx, 
					 address, address, bcast, netmask);
		NT_STATUS_NOT_OK_RETURN(status);
	}

	if (lp_wins_server_list(lp_ctx)) {
		status = nbtd_add_wins_socket(nbtsrv);
		NT_STATUS_NOT_OK_RETURN(status);
	}

	talloc_free(tmp_ctx);

	return NT_STATUS_OK;
}
Ejemplo n.º 4
0
/****************************************************************************
 Do a specific test for an smb password being correct, given a smb_password and
 the lanman and NT responses.
****************************************************************************/
static NTSTATUS authsam_password_ok(struct auth4_context *auth_context,
				    TALLOC_CTX *mem_ctx,
				    uint16_t acct_flags,
				    const struct samr_Password *lm_pwd, 
				    const struct samr_Password *nt_pwd,
				    const struct auth_usersupplied_info *user_info, 
				    DATA_BLOB *user_sess_key, 
				    DATA_BLOB *lm_sess_key)
{
	NTSTATUS status;

	switch (user_info->password_state) {
	case AUTH_PASSWORD_PLAIN: 
	{
		const struct auth_usersupplied_info *user_info_temp;	
		status = encrypt_user_info(mem_ctx, auth_context, 
					   AUTH_PASSWORD_HASH, 
					   user_info, &user_info_temp);
		if (!NT_STATUS_IS_OK(status)) {
			DEBUG(1, ("Failed to convert plaintext password to password HASH: %s\n", nt_errstr(status)));
			return status;
		}
		user_info = user_info_temp;

		FALL_THROUGH;
	}
	case AUTH_PASSWORD_HASH:
		*lm_sess_key = data_blob(NULL, 0);
		*user_sess_key = data_blob(NULL, 0);
		status = hash_password_check(mem_ctx, 
					     lpcfg_lanman_auth(auth_context->lp_ctx),
					     user_info->password.hash.lanman,
					     user_info->password.hash.nt,
					     user_info->mapped.account_name,
					     lm_pwd, nt_pwd);
		NT_STATUS_NOT_OK_RETURN(status);
		break;
		
	case AUTH_PASSWORD_RESPONSE:
		status = ntlm_password_check(mem_ctx, 
					     lpcfg_lanman_auth(auth_context->lp_ctx),
						 lpcfg_ntlm_auth(auth_context->lp_ctx),
					     user_info->logon_parameters, 
					     &auth_context->challenge.data, 
					     &user_info->password.response.lanman, 
					     &user_info->password.response.nt,
					     user_info->mapped.account_name,
					     user_info->client.account_name, 
					     user_info->client.domain_name, 
					     lm_pwd, nt_pwd,
					     user_sess_key, lm_sess_key);
		NT_STATUS_NOT_OK_RETURN(status);
		break;
	}

	return NT_STATUS_OK;
}
Ejemplo n.º 5
0
static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx,
				       struct messaging_context *msg_ctx,
				       const char *domain_name,
				       struct GUID *domain_guid,
				       uint32_t flags,
				       const char *site_name,
				       struct netr_DsRGetDCNameInfo **info)
{
	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
	struct ip_service_name *dclist = NULL;
	int num_dcs;

	DEBUG(10,("dsgetdcname_rediscover\n"));

	if (flags & DS_IS_FLAT_NAME) {

		status = discover_dc_netbios(mem_ctx, domain_name, flags,
					     &dclist, &num_dcs);
		NT_STATUS_NOT_OK_RETURN(status);

		return process_dc_netbios(mem_ctx, msg_ctx, domain_name, flags,
					  dclist, num_dcs, info);
	}

	if (flags & DS_IS_DNS_NAME) {

		status = discover_dc_dns(mem_ctx, domain_name, domain_guid,
					 flags, site_name, &dclist, &num_dcs);
		NT_STATUS_NOT_OK_RETURN(status);

		return process_dc_dns(mem_ctx, domain_name, flags,
				      dclist, num_dcs, info);
	}

	status = discover_dc_dns(mem_ctx, domain_name, domain_guid, flags,
				 site_name, &dclist, &num_dcs);

	if (NT_STATUS_IS_OK(status) && num_dcs != 0) {

		status = process_dc_dns(mem_ctx, domain_name, flags, dclist,
					num_dcs, info);
		if (NT_STATUS_IS_OK(status)) {
			return status;
		}
	}

	status = discover_dc_netbios(mem_ctx, domain_name, flags, &dclist,
				     &num_dcs);
	NT_STATUS_NOT_OK_RETURN(status);

	return process_dc_netbios(mem_ctx, msg_ctx, domain_name, flags, dclist,
				  num_dcs, info);
}
Ejemplo n.º 6
0
static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
					    struct rpc_pipe_client *lsa_pipe,
					    const char *name,
					    struct dom_sid *sid)
{
	NTSTATUS status, result;
	struct policy_handle lsa_handle;
	struct dcerpc_binding_handle *b = lsa_pipe->binding_handle;

	struct lsa_RefDomainList *domains = NULL;
	struct lsa_TransSidArray3 sids;
	uint32_t count = 0;

	struct lsa_String names;
	uint32_t num_names = 1;

	if (!sid || !name) {
		return NT_STATUS_INVALID_PARAMETER;
	}

	ZERO_STRUCT(sids);

	init_lsa_String(&names, name);

	status = rpccli_lsa_open_policy2(lsa_pipe, mem_ctx,
					 false,
					 SEC_STD_READ_CONTROL |
					 LSA_POLICY_VIEW_LOCAL_INFORMATION |
					 LSA_POLICY_LOOKUP_NAMES,
					 &lsa_handle);
	NT_STATUS_NOT_OK_RETURN(status);

	status = dcerpc_lsa_LookupNames3(b, mem_ctx,
					 &lsa_handle,
					 num_names,
					 &names,
					 &domains,
					 &sids,
					 LSA_LOOKUP_NAMES_ALL, /* sure ? */
					 &count,
					 0, 0,
					 &result);
	NT_STATUS_NOT_OK_RETURN(status);
	NT_STATUS_NOT_OK_RETURN(result);

	if (count != 1 || sids.count != 1) {
		return NT_STATUS_INVALID_NETWORK_RESPONSE;
	}

	sid_copy(sid, sids.sids[0].sid);

	return NT_STATUS_OK;
}
Ejemplo n.º 7
0
/*
  add a blob to a smb2_create attribute blob
*/
NTSTATUS smb2_create_blob_add(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, 
			      uint32_t tag,
			      DATA_BLOB add, BOOL last)
{
	NTSTATUS status;
	uint32_t ofs = blob->length;
	uint8_t pad = smb2_padding_size(add.length, 8);
	status = data_blob_realloc(mem_ctx, blob, blob->length + 0x18 + add.length + pad);
	NT_STATUS_NOT_OK_RETURN(status);
	
	if (last) {
		SIVAL(blob->data, ofs+0x00, 0);
	} else {
		SIVAL(blob->data, ofs+0x00, 0x18 + add.length + pad);
	}
	SSVAL(blob->data, ofs+0x04, 0x10); /* offset of tag */
	SIVAL(blob->data, ofs+0x06, 0x04); /* tag length */
	SSVAL(blob->data, ofs+0x0A, 0x18); /* offset of data */
	SIVAL(blob->data, ofs+0x0C, add.length);
	SIVAL(blob->data, ofs+0x10, tag);
	SIVAL(blob->data, ofs+0x14, 0); /* pad? */
	memcpy(blob->data+ofs+0x18, add.data, add.length);
	memset(blob->data+ofs+0x18+add.length, 0, pad);

	return NT_STATUS_OK;
}
Ejemplo n.º 8
0
/* do a single node query */
static NTSTATUS do_node_query(struct nbt_name_socket *nbtsock,
			      const char *addr, 
			      const char *node_name, 
			      enum nbt_name_type node_type,
			      BOOL broadcast)
{
	struct nbt_name_query io;
	NTSTATUS status;
	int i;

	io.in.name.name = node_name;
	io.in.name.type = node_type;
	io.in.name.scope = NULL;
	io.in.dest_addr = addr;
	io.in.broadcast = broadcast;
	io.in.wins_lookup = options.wins_lookup;
	io.in.timeout = 1;
	io.in.retries = 2;

	status = nbt_name_query(nbtsock, nbtsock, &io);
	NT_STATUS_NOT_OK_RETURN(status);

	for (i=0;i<io.out.num_addrs;i++) {
		printf("%s %s<%02x>\n",
		       io.out.reply_addrs[i],
		       io.out.name.name,
		       io.out.name.type);
	}
	if (options.node_status && io.out.num_addrs > 0) {
		do_node_status(nbtsock, io.out.reply_addrs[0]);
	}

	return status;
}
Ejemplo n.º 9
0
static NTSTATUS scripts_get_reg_config(TALLOC_CTX *mem_ctx,
				       struct gp_extension_reg_info **reg_info)
{
	NTSTATUS status;
	struct gp_extension_reg_info *info = NULL;

	struct gp_extension_reg_table table[] = {
		{ "ProcessGroupPolicy", REG_SZ, "scripts_process_group_policy" },
		{ "NoGPOListChanges", REG_DWORD, "1" },
		{ "NoSlowLink", REG_DWORD, "1" },
		{ "NotifyLinkTransition", REG_DWORD, "1" },
		{ NULL, REG_NONE, NULL },
	};

	info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
	NT_STATUS_HAVE_NO_MEMORY(info);

	status = gpext_info_add_entry(mem_ctx, GP_EXT_NAME,
				      GP_EXT_GUID_SCRIPTS,
				      table, info);
	NT_STATUS_NOT_OK_RETURN(status);

	*reg_info = info;

	return NT_STATUS_OK;
}
Ejemplo n.º 10
0
/*
  form the lock context used for byte range locking. This is separate
  from the locking key used for opendb locking as it needs to take
  account of file streams (each stream is a separate byte range
  locking space)
*/
static NTSTATUS pvfs_brl_locking_handle(TALLOC_CTX *mem_ctx,
					struct pvfs_filename *name,
					struct ntvfs_handle *ntvfs,
					struct brl_handle **_h)
{
	DATA_BLOB odb_key, key;
	NTSTATUS status;
	struct brl_handle *h;

	status = pvfs_locking_key(name, mem_ctx, &odb_key);
	NT_STATUS_NOT_OK_RETURN(status);

	if (name->stream_name == NULL) {
		key = odb_key;
	} else {
		key = data_blob_talloc(mem_ctx, NULL, 
				       odb_key.length + strlen(name->stream_name) + 1);
		NT_STATUS_HAVE_NO_MEMORY(key.data);
		memcpy(key.data, odb_key.data, odb_key.length);
		memcpy(key.data + odb_key.length, 
		       name->stream_name, strlen(name->stream_name) + 1);
		data_blob_free(&odb_key);
	}

	h = brl_create_handle(mem_ctx, ntvfs, &key);
	NT_STATUS_HAVE_NO_MEMORY(h);

	*_h = h;
	return NT_STATUS_OK;
}
Ejemplo n.º 11
0
NTSTATUS ntvfs_handle_set_backend_data(struct ntvfs_handle *h,
						struct ntvfs_module_context *ntvfs,
						TALLOC_CTX *private_data)
{
	struct ntvfs_handle_data *d;
	bool first_time = h->backend_data?false:true;

	for (d=h->backend_data; d; d = d->next) {
		if (d->owner != ntvfs) continue;
		d->private_data = talloc_steal(d, private_data);
		return NT_STATUS_OK;
	}

	d = talloc(h, struct ntvfs_handle_data);
	NT_STATUS_HAVE_NO_MEMORY(d);
	d->owner = ntvfs;
	d->private_data = talloc_steal(d, private_data);

	DLIST_ADD(h->backend_data, d);

	if (first_time) {
		NTSTATUS status;
		status = h->ctx->handles.make_valid(h->ctx->handles.private_data, h);
		NT_STATUS_NOT_OK_RETURN(status);
	}

	return NT_STATUS_OK;
}
Ejemplo n.º 12
0
_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, 
				    struct tevent_context *event_ctx, 
				    struct loadparm_context *lp_ctx,
				    struct auth_serversupplied_info *server_info, 
				    struct auth_session_info **_session_info) 
{
	struct auth_session_info *session_info;
	NTSTATUS nt_status;

	session_info = talloc(mem_ctx, struct auth_session_info);
	NT_STATUS_HAVE_NO_MEMORY(session_info);

	session_info->server_info = talloc_reference(session_info, server_info);

	/* unless set otherwise, the session key is the user session
	 * key from the auth subsystem */ 
	session_info->session_key = server_info->user_session_key;

	nt_status = security_token_create(session_info,
					  event_ctx,
					  lp_ctx,
					  server_info->account_sid,
					  server_info->primary_group_sid,
					  server_info->n_domain_groups,
					  server_info->domain_groups,
					  server_info->authenticated,
					  &session_info->security_token);
	NT_STATUS_NOT_OK_RETURN(nt_status);

	session_info->credentials = NULL;

	*_session_info = session_info;
	return NT_STATUS_OK;
}
Ejemplo n.º 13
0
static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
{
	NTSTATUS status;
	struct timeval current_time;
	struct timeval boot_time;

	req->smb_conn->negotiate.protocol = PROTOCOL_SMB2;

	current_time = timeval_current(); /* TODO: handle timezone?! */
	boot_time = timeval_current(); /* TODO: fix me */

	io->out._pad		= 0;
	io->out.unknown2	= 0x06;
	ZERO_STRUCT(io->out.sessid);
	io->out.unknown3	= 0x0d;
	io->out.unknown4	= 0x00;
	io->out.unknown5	= 0x01;
	io->out.unknown6	= 0x01;
	io->out.unknown7	= 0x01;
	io->out.current_time	= timeval_to_nttime(&current_time);
	io->out.boot_time	= timeval_to_nttime(&boot_time);
	status = smb2srv_negprot_secblob(req, &io->out.secblob);
	NT_STATUS_NOT_OK_RETURN(status);
	io->out.unknown9	= 0x204d4c20;

	return NT_STATUS_OK;
}
Ejemplo n.º 14
0
/*
 * queue a wbsrv_call reply on a wbsrv_connection
 * NOTE: that this implies talloc_free(call),
 *       use talloc_reference(call) if you need it after
 *       calling wbsrv_queue_reply
 */
NTSTATUS wbsrv_samba3_send_reply(struct wbsrv_samba3_call *call)
{
	struct wbsrv_connection *wbsrv_conn = call->wbconn;
	struct tevent_req *subreq;
	NTSTATUS status;

	status = wbsrv_samba3_push_reply(call);
	NT_STATUS_NOT_OK_RETURN(status);

	call->out_iov[0].iov_base = (char *) call->out.data;
	call->out_iov[0].iov_len = call->out.length;

	subreq = tstream_writev_queue_send(call,
					   wbsrv_conn->conn->event.ctx,
					   wbsrv_conn->tstream,
					   wbsrv_conn->send_queue,
					   call->out_iov, 1);
	if (subreq == NULL) {
		wbsrv_terminate_connection(wbsrv_conn, "wbsrv_call_loop: "
				"no memory for tstream_writev_queue_send");
		return NT_STATUS_NO_MEMORY;
	}
	tevent_req_set_callback(subreq, wbsrv_samba3_send_reply_done, call);

	return status;
}
Ejemplo n.º 15
0
/*
  pull a string in a uint16_t ofs/ uint16_t length/blob format
  UTF-16 without termination
*/
NTSTATUS smb2_pull_o16s16_string(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx,
				 uint8_t *ptr, const char **str)
{
	DATA_BLOB blob;
	NTSTATUS status;
	void *vstr;
	size_t converted_size = 0;
	bool ret;

	status = smb2_pull_o16s16_blob(buf, mem_ctx, ptr, &blob);
	NT_STATUS_NOT_OK_RETURN(status);

	if (blob.data == NULL) {
		*str = NULL;
		return NT_STATUS_OK;
	}

	if (blob.length == 0) {
		char *s;
		s = talloc_strdup(mem_ctx, "");
		NT_STATUS_HAVE_NO_MEMORY(s);
		*str = s;
		return NT_STATUS_OK;
	}

	ret = convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, 
				     blob.data, blob.length, &vstr, &converted_size);
	data_blob_free(&blob);
	(*str) = (char *)vstr;
	if (!ret) {
		return NT_STATUS_ILLEGAL_CHARACTER;
	}
	return NT_STATUS_OK;
}
Ejemplo n.º 16
0
static NTSTATUS wreplsrv_out_connect_wait_assoc_ctx(struct wreplsrv_out_connect_state *state)
{
	NTSTATUS status;

	status = wrepl_associate_recv(state->subreq, &state->assoc_io);
	TALLOC_FREE(state->subreq);
	NT_STATUS_NOT_OK_RETURN(status);

	state->wreplconn->assoc_ctx.peer_ctx = state->assoc_io.out.assoc_ctx;
	state->wreplconn->assoc_ctx.peer_major = state->assoc_io.out.major_version;

	if (state->type == WINSREPL_PARTNER_PUSH) {
		if (state->wreplconn->assoc_ctx.peer_major >= 5) {
			state->wreplconn->partner->push.wreplconn = state->wreplconn;
			talloc_steal(state->wreplconn->partner, state->wreplconn);
		} else {
			state->type = WINSREPL_PARTNER_NONE;
		}
	} else if (state->type == WINSREPL_PARTNER_PULL) {
		state->wreplconn->partner->pull.wreplconn = state->wreplconn;
		talloc_steal(state->wreplconn->partner, state->wreplconn);
	}

	state->stage = WREPLSRV_OUT_CONNECT_STAGE_DONE;

	return NT_STATUS_OK;
}
Ejemplo n.º 17
0
/*
  send a nttrans create reply
*/
static NTSTATUS nttrans_create_send(struct nttrans_op *op)
{
	union smb_open *io = talloc_get_type(op->op_info, union smb_open);
	uint8_t *params;
	NTSTATUS status;

	status = nttrans_setup_reply(op, op->trans, 69, 0, 0);
	NT_STATUS_NOT_OK_RETURN(status);
	params = op->trans->out.params.data;

	SSVAL(params,        0, io->ntcreatex.out.oplock_level);
	smbsrv_push_fnum(params, 2, io->ntcreatex.out.file.ntvfs);
	SIVAL(params,        4, io->ntcreatex.out.create_action);
	SIVAL(params,        8, 0); /* ea error offset */
	push_nttime(params, 12, io->ntcreatex.out.create_time);
	push_nttime(params, 20, io->ntcreatex.out.access_time);
	push_nttime(params, 28, io->ntcreatex.out.write_time);
	push_nttime(params, 36, io->ntcreatex.out.change_time);
	SIVAL(params,       44, io->ntcreatex.out.attrib);
	SBVAL(params,       48, io->ntcreatex.out.alloc_size);
	SBVAL(params,       56, io->ntcreatex.out.size);
	SSVAL(params,       64, io->ntcreatex.out.file_type);
	SSVAL(params,       66, io->ntcreatex.out.ipc_state);
	SCVAL(params,       68, io->ntcreatex.out.is_directory);

	return NT_STATUS_OK;
}
Ejemplo n.º 18
0
static NTSTATUS wreplsrv_push_notify_inform(struct wreplsrv_push_notify_state *state)
{
	struct wreplsrv_service *service = state->io->in.partner->service;
	struct wrepl_packet *req = &state->req_packet;
	struct wrepl_replication *repl_out = &state->req_packet.message.replication;
	struct wrepl_table *table_out = &state->req_packet.message.replication.info.table;
	NTSTATUS status;

	req->opcode	= WREPL_OPCODE_BITS;
	req->assoc_ctx	= state->wreplconn->assoc_ctx.peer_ctx;
	req->mess_type	= WREPL_REPLICATION;

	repl_out->command = state->command;

	status = wreplsrv_fill_wrepl_table(service, state, table_out,
					   service->wins_db->local_owner, state->full_table);
	NT_STATUS_NOT_OK_RETURN(status);

	/* we won't get a reply to a inform message */
	state->ctrl.send_only		= true;

	state->subreq = wrepl_request_send(state,
					   state->wreplconn->service->task->event_ctx,
					   state->wreplconn->sock, req, &state->ctrl);
	NT_STATUS_HAVE_NO_MEMORY(state->subreq);

	tevent_req_set_callback(state->subreq,
				wreplsrv_push_notify_handler_treq,
				state);

	state->stage = WREPLSRV_PUSH_NOTIFY_STAGE_WAIT_INFORM;

	return NT_STATUS_OK;
}
Ejemplo n.º 19
0
NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, 
				  struct loadparm_context *lp_ctx,
				  struct auth_session_info **_session_info) 
{
	NTSTATUS nt_status;
	struct auth_user_info_dc *user_info_dc = NULL;
	struct auth_session_info *session_info = NULL;
	TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
	
	nt_status = auth_system_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx),
					    &user_info_dc);
	if (!NT_STATUS_IS_OK(nt_status)) {
		talloc_free(mem_ctx);
		return nt_status;
	}

	/* references the user_info_dc into the session_info */
	nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
	talloc_free(mem_ctx);

	NT_STATUS_NOT_OK_RETURN(nt_status);

	session_info->credentials = cli_credentials_init(session_info);
	if (!session_info->credentials) {
		return NT_STATUS_NO_MEMORY;
	}

	cli_credentials_set_conf(session_info->credentials, lp_ctx);

	cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx);
	*_session_info = session_info;

	return NT_STATUS_OK;
}
Ejemplo n.º 20
0
static NTSTATUS smb2srv_negprot_backend(struct smb2srv_request *req, struct smb2_negprot *io)
{
	NTSTATUS status;
	struct timeval current_time;
	struct timeval boot_time;
	uint16_t i;
	uint16_t dialect = 0;

	/* we only do one dialect for now */
	if (io->in.dialect_count < 1) {
		return NT_STATUS_NOT_SUPPORTED;
	}
	for (i=0; i < io->in.dialect_count; i++) {
		dialect = io->in.dialects[i];
		if (dialect == SMB2_DIALECT_REVISION_202) {
			break;
		}
	}
	if (dialect != SMB2_DIALECT_REVISION_202) {
		DEBUG(0,("Got unexpected SMB2 dialect %u\n", dialect));
		return NT_STATUS_NOT_SUPPORTED;
	}

	req->smb_conn->negotiate.protocol = PROTOCOL_SMB2_02;

	current_time = timeval_current(); /* TODO: handle timezone?! */
	boot_time = timeval_current(); /* TODO: fix me */

	ZERO_STRUCT(io->out);
	switch (lpcfg_server_signing(req->smb_conn->lp_ctx)) {
	case SMB_SIGNING_OFF:
		io->out.security_mode = 0;
		break;
	case SMB_SIGNING_SUPPORTED:
	case SMB_SIGNING_AUTO:
		io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
		break;
	case SMB_SIGNING_REQUIRED:
		io->out.security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED | SMB2_NEGOTIATE_SIGNING_REQUIRED;
		/* force signing on immediately */
		req->smb_conn->smb2_signing_required = true;
		break;
	}
	io->out.dialect_revision   = dialect;
	io->out.capabilities       = 0;
	io->out.max_transact_size  = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
						   "smb2", "max transaction size", 0x10000);
	io->out.max_read_size      = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
						   "smb2", "max read size", 0x10000);
	io->out.max_write_size     = lpcfg_parm_ulong(req->smb_conn->lp_ctx, NULL,
						   "smb2", "max write size", 0x10000);
	io->out.system_time	   = timeval_to_nttime(&current_time);
	io->out.server_start_time  = timeval_to_nttime(&boot_time);
	io->out.reserved2          = 0;
	status = smb2srv_negprot_secblob(req, &io->out.secblob);
	NT_STATUS_NOT_OK_RETURN(status);

	return NT_STATUS_OK;
}
Ejemplo n.º 21
0
static NTSTATUS gensec_ntlmssp3_client_start(struct gensec_security *gensec_security)
{
	NTSTATUS nt_status;
	struct gensec_ntlmssp_context *gensec_ntlmssp;
	const char *user, *domain;
	const char *password;

	nt_status = gensec_ntlmssp_start(gensec_security);
	NT_STATUS_NOT_OK_RETURN(nt_status);

	gensec_ntlmssp =
		talloc_get_type_abort(gensec_security->private_data,
				      struct gensec_ntlmssp_context);

	nt_status = ntlmssp_client_start(gensec_ntlmssp,
					 lp_netbios_name(), lp_workgroup(),
					 lp_client_ntlmv2_auth(), &gensec_ntlmssp->ntlmssp_state);
	if (!NT_STATUS_IS_OK(nt_status)) {
		return nt_status;
	}

	cli_credentials_get_ntlm_username_domain(gensec_security->credentials, gensec_ntlmssp, &user, &domain);
	if (!user || !domain) {
		return NT_STATUS_NO_MEMORY;
	}

	nt_status = ntlmssp_set_username(gensec_ntlmssp->ntlmssp_state, user);
	if (!NT_STATUS_IS_OK(nt_status)) {
		return nt_status;
	}

	nt_status = ntlmssp_set_domain(gensec_ntlmssp->ntlmssp_state, domain);
	if (!NT_STATUS_IS_OK(nt_status)) {
		return nt_status;
	}

	password = cli_credentials_get_password(gensec_security->credentials);
	if (!password) {
		return NT_STATUS_NO_MEMORY;
	}

	nt_status = ntlmssp_set_password(gensec_ntlmssp->ntlmssp_state, password);
	if (!NT_STATUS_IS_OK(nt_status)) {
		return nt_status;
	}

	if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
		gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
	}
	if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SIGN) {
		gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
	}
	if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SEAL) {
		gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
		gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
	}

	return NT_STATUS_OK;
}
Ejemplo n.º 22
0
static NTSTATUS wreplsrv_periodic_run(struct wreplsrv_service *service)
{
	NTSTATUS status;

	status = wreplsrv_load_partners(service);
	NT_STATUS_NOT_OK_RETURN(status);

	status = wreplsrv_scavenging_run(service);
	NT_STATUS_NOT_OK_RETURN(status);

	status = wreplsrv_out_pull_run(service);
	NT_STATUS_NOT_OK_RETURN(status);

	status = wreplsrv_out_push_run(service);
	NT_STATUS_NOT_OK_RETURN(status);

	return NT_STATUS_OK;
}
Ejemplo n.º 23
0
NTSTATUS wreplsrv_setup_periodic(struct wreplsrv_service *service)
{
	NTSTATUS status;

	status = wreplsrv_periodic_schedule(service, 0);
	NT_STATUS_NOT_OK_RETURN(status);

	return NT_STATUS_OK;
}
Ejemplo n.º 24
0
static NTSTATUS authsam_authenticate(struct auth_context *auth_context, 
				     TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, 
				     struct ldb_dn *domain_dn,
				     struct ldb_message *msg,
				     const struct auth_usersupplied_info *user_info, 
				     DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) 
{
	struct samr_Password *lm_pwd, *nt_pwd;
	NTSTATUS nt_status;

	uint16_t acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, domain_dn);
	
	/* Quit if the account was locked out. */
	if (acct_flags & ACB_AUTOLOCK) {
		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", 
			 user_info->mapped.account_name));
		return NT_STATUS_ACCOUNT_LOCKED_OUT;
	}

	/* You can only do an interactive login to normal accounts */
	if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
		if (!(acct_flags & ACB_NORMAL)) {
			return NT_STATUS_NO_SUCH_USER;
		}
	}

	nt_status = samdb_result_passwords(mem_ctx, auth_context->lp_ctx, msg, &lm_pwd, &nt_pwd);
	NT_STATUS_NOT_OK_RETURN(nt_status);

	nt_status = authsam_password_ok(auth_context, mem_ctx, 
					acct_flags, lm_pwd, nt_pwd,
					user_info, user_sess_key, lm_sess_key);
	NT_STATUS_NOT_OK_RETURN(nt_status);

	nt_status = authsam_account_ok(mem_ctx, sam_ctx, 
				       user_info->logon_parameters,
				       domain_dn,
				       msg,
				       user_info->workstation_name,
				       user_info->mapped.account_name,
				       false, false);

	return nt_status;
}
Ejemplo n.º 25
0
/*
  open a file
*/
static NTSTATUS cvfs_open(struct ntvfs_module_context *ntvfs, 
			  struct ntvfs_request *req, union smb_open *io)
{
	struct cvfs_private *p = ntvfs->private_data;
	struct smbcli_request *c_req;
	struct ntvfs_handle *h;
	struct cvfs_file *f;
	NTSTATUS status;

	SETUP_PID;

	if (io->generic.level != RAW_OPEN_GENERIC &&
	    p->map_generic) {
		return ntvfs_map_open(ntvfs, req, io);
	}

	status = ntvfs_handle_new(ntvfs, req, &h);
	NT_STATUS_NOT_OK_RETURN(status);

	f = talloc_zero(h, struct cvfs_file);
	NT_STATUS_HAVE_NO_MEMORY(f);
	f->h = h;

	if (!(req->async_states->state & NTVFS_ASYNC_STATE_MAY_ASYNC)) {
		union smb_handle *file;

		status = smb_raw_open(p->tree, req, io);
		NT_STATUS_NOT_OK_RETURN(status);

		SMB_OPEN_OUT_FILE(io, file);
		f->fnum = file->fnum;
		file->ntvfs = NULL;
		status = ntvfs_handle_set_backend_data(f->h, p->ntvfs, f);
		NT_STATUS_NOT_OK_RETURN(status);
		file->ntvfs = f->h;
		DLIST_ADD(p->files, f);

		return NT_STATUS_OK;
	}

	c_req = smb_raw_open_send(p->tree, io);

	ASYNC_RECV_TAIL_F(io, async_open, f);
}
Ejemplo n.º 26
0
NTSTATUS register_gp_extension(TALLOC_CTX *gpext_ctx,
			       int version,
			       const char *name,
			       const char *guid,
			       struct gp_extension_methods *methods)
{
	struct gp_extension_methods *test;
	struct gp_extension *entry;
	NTSTATUS status;

	if (!gpext_ctx) {
		return NT_STATUS_INTERNAL_DB_ERROR;
	}

	if ((version != SMB_GPEXT_INTERFACE_VERSION)) {
		DEBUG(0,("Failed to register gp extension.\n"
		         "The module was compiled against "
			 "SMB_GPEXT_INTERFACE_VERSION %d,\n"
		         "current SMB_GPEXT_INTERFACE_VERSION is %d.\n"
		         "Please recompile against the current "
			 "version of samba!\n",
			 version, SMB_GPEXT_INTERFACE_VERSION));
		return NT_STATUS_OBJECT_TYPE_MISMATCH;
	}

	if (!guid || !name || !name[0] || !methods) {
		DEBUG(0,("Called with NULL pointer or empty name!\n"));
		return NT_STATUS_INVALID_PARAMETER;
	}

	test = get_methods_by_name(extensions, name);
	if (test) {
		DEBUG(0,("GP extension module %s already registered!\n",
			name));
		return NT_STATUS_OBJECT_NAME_COLLISION;
	}

	entry = talloc_zero(gpext_ctx, struct gp_extension);
	NT_STATUS_HAVE_NO_MEMORY(entry);

	entry->name = talloc_strdup(gpext_ctx, name);
	NT_STATUS_HAVE_NO_MEMORY(entry->name);

	entry->guid = talloc_zero(gpext_ctx, struct GUID);
	NT_STATUS_HAVE_NO_MEMORY(entry->guid);
	status = GUID_from_string(guid, entry->guid);
	NT_STATUS_NOT_OK_RETURN(status);

	entry->methods = methods;
	DLIST_ADD(extensions, entry);

	DEBUG(2,("Successfully added GP extension '%s' %s\n",
		name, GUID_string2(gpext_ctx, entry->guid)));

	return NT_STATUS_OK;
}
Ejemplo n.º 27
0
/** 
 * The challenge from the target server, when operating in security=server
 **/
static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8])
{
	struct smb_composite_connect io;
	struct smbcli_options smb_options;
	const char **host_list;
	NTSTATUS status;

	/* Make a connection to the target server, found by 'password server' in smb.conf */
	
	lp_smbcli_options(ctx->auth_ctx->lp_ctx, &smb_options);

	/* Make a negprot, WITHOUT SPNEGO, so we get a challenge nice an easy */
	io.in.options.use_spnego = false;

	/* Hope we don't get * (the default), as this won't work... */
	host_list = lp_passwordserver(ctx->auth_ctx->lp_ctx); 
	if (!host_list) {
		return NT_STATUS_INTERNAL_ERROR;
	}
	io.in.dest_host = host_list[0];
	if (strequal(io.in.dest_host, "*")) {
		return NT_STATUS_INTERNAL_ERROR;
	}
	io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx); 
	io.in.socket_options = lp_socket_options(ctx->auth_ctx->lp_ctx);
	io.in.gensec_settings = lp_gensec_settings(mem_ctx, ctx->auth_ctx->lp_ctx);

	io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host);

	/* We don't want to get as far as the session setup */
	io.in.credentials = cli_credentials_init_anon(mem_ctx);
	cli_credentials_set_workstation(io.in.credentials,
					lp_netbios_name(ctx->auth_ctx->lp_ctx),
					CRED_SPECIFIED);

	io.in.service = NULL;

	io.in.workgroup = ""; /* only used with SPNEGO, disabled above */

	io.in.options = smb_options;
	
	io.in.iconv_convenience = lp_iconv_convenience(ctx->auth_ctx->lp_ctx);
	lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options);

	status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
				       ctx->auth_ctx->event_ctx);
	NT_STATUS_NOT_OK_RETURN(status);

	if (io.out.tree->session->transport->negotiate.secblob.length != 8) {
		return NT_STATUS_INTERNAL_ERROR;
	}
	memcpy(chal, io.out.tree->session->transport->negotiate.secblob.data, 8);
	ctx->private_data = talloc_steal(ctx, io.out.tree->session);
	return NT_STATUS_OK;
}
Ejemplo n.º 28
0
/*
  old style session setup (pre NT1 protocol level)
*/
static NTSTATUS session_setup_old(struct composite_context *c,
				  struct smbcli_session *session, 
				  struct smb_composite_sesssetup *io,
				  struct smbcli_request **req) 
{
	NTSTATUS nt_status;
	struct sesssetup_state *state = talloc_get_type(c->private_data, struct sesssetup_state);
	const char *password = cli_credentials_get_password(io->in.credentials);
	DATA_BLOB names_blob = NTLMv2_generate_names_blob(state, session->transport->socket->hostname, cli_credentials_get_domain(io->in.credentials));
	DATA_BLOB session_key;
	int flags = 0;
	if (session->options.lanman_auth) {
		flags |= CLI_CRED_LANMAN_AUTH;
	}

	if (session->options.ntlmv2_auth) {
		flags |= CLI_CRED_NTLMv2_AUTH;
	}

	state->setup.old.level      = RAW_SESSSETUP_OLD;
	state->setup.old.in.bufsize = session->transport->options.max_xmit;
	state->setup.old.in.mpx_max = session->transport->options.max_mux;
	state->setup.old.in.vc_num  = 1;
	state->setup.old.in.sesskey = io->in.sesskey;
	state->setup.old.in.os      = "Unix";
	state->setup.old.in.lanman  = talloc_asprintf(state, "Samba %s", SAMBA_VERSION_STRING);
	cli_credentials_get_ntlm_username_domain(io->in.credentials, state, 
						 &state->setup.old.in.user,
						 &state->setup.old.in.domain);
	
	if (session->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) {
		nt_status = cli_credentials_get_ntlm_response(io->in.credentials, state, 
							      &flags, 
							      session->transport->negotiate.secblob, 
							      names_blob,
							      &state->setup.old.in.password,
							      NULL,
							      NULL, &session_key);
		NT_STATUS_NOT_OK_RETURN(nt_status);
		set_user_session_key(session, &session_key);
		
		data_blob_free(&session_key);
	} else if (session->options.plaintext_auth) {
		state->setup.old.in.password = data_blob_talloc(state, password, strlen(password));
	} else {
		/* could match windows client and return 'cannot logon from this workstation', but it just confuses everybody */
		return NT_STATUS_INVALID_PARAMETER;
	}
	
	*req = smb_raw_sesssetup_send(session, &state->setup);
	if (!*req) {
		return NT_STATUS_NO_MEMORY;
	}
	return (*req)->status;
}
Ejemplo n.º 29
0
/*
  push a uint16_t ofs/ uint16_t length/blob triple into a data blob
  the ofs points to the start of the offset/length pair, and is relative
  to the body start
*/
NTSTATUS smb2_push_o16s16_blob(struct smb2_request_buffer *buf, 
			       uint16_t ofs, DATA_BLOB blob)
{
	NTSTATUS status;
	size_t offset;
	size_t padding_length;
	size_t padding_fix;
	uint8_t *ptr = buf->body+ofs;

	if (buf->dynamic == NULL) {
		return NT_STATUS_INVALID_PARAMETER;
	}

	/* we have only 16 bit for the size */
	if (blob.length > 0xFFFF) {
		return NT_STATUS_INVALID_PARAMETER;
	}

	/* check if there're enough room for ofs and size */
	if (smb2_oob(buf, ptr, 4)) {
		return NT_STATUS_INVALID_PARAMETER;
	}

	if (blob.data == NULL) {
		if (blob.length != 0) {
			return NT_STATUS_INTERNAL_ERROR;
		}
		SSVAL(ptr, 0, 0);
		SSVAL(ptr, 2, 0);
		return NT_STATUS_OK;
	}

	offset = buf->dynamic - buf->hdr;
	padding_length = smb2_padding_size(offset, 2);
	offset += padding_length;
	padding_fix = smb2_padding_fix(buf);

	SSVAL(ptr, 0, offset);
	SSVAL(ptr, 2, blob.length);

	status = smb2_grow_buffer(buf, blob.length + padding_length - padding_fix);
	NT_STATUS_NOT_OK_RETURN(status);

	memset(buf->dynamic, 0, padding_length);
	buf->dynamic += padding_length;

	memcpy(buf->dynamic, blob.data, blob.length);
	buf->dynamic += blob.length;

	buf->size += blob.length + padding_length - padding_fix;
	buf->body_size += blob.length + padding_length;

	return NT_STATUS_OK;
}
Ejemplo n.º 30
0
static NTSTATUS wreplsrv_pull_cycle_wait_send_replies(struct wreplsrv_pull_cycle_state *state)
{
	NTSTATUS status;

	status = wreplsrv_pull_names_recv(state->creq, state, &state->names_io);
	NT_STATUS_NOT_OK_RETURN(status);

	/*
	 * TODO: this should maybe an async call,
	 *       because we may need some network access
	 *       for conflict resolving
	 */
	status = wreplsrv_pull_cycle_apply_records(state);
	NT_STATUS_NOT_OK_RETURN(status);

	status = wreplsrv_pull_cycle_next_owner_wrapper(state);
	NT_STATUS_NOT_OK_RETURN(status);

	return status;
}