const char *get_global_sam_name(void) { if (IS_DC) { return lp_workgroup(); } return lp_netbios_name(); }
void check_master_browser_exists(time_t t) { static time_t lastrun=0; struct subnet_record *subrec; const char *workgroup_name = lp_workgroup(); if (t < (lastrun + (CHECK_TIME_MST_BROWSE * 60))) return; lastrun = t; dump_workgroups(False); for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) { struct work_record *work; for (work = subrec->workgrouplist; work; work = work->next) { if (strequal(work->work_group, workgroup_name) && !AM_LOCAL_MASTER_BROWSER(work)) { /* Do a name query for the local master browser on this net. */ query_name( subrec, work->work_group, 0x1d, check_for_master_browser_success, check_for_master_browser_fail, NULL); } } } }
/* reply to a SAM LOGON request */ static void nbtd_ntlogon_sam_logon(struct dgram_mailslot_handler *dgmslot, struct nbtd_interface *iface, struct nbt_dgram_packet *packet, const struct socket_address *src, struct nbt_ntlogon_packet *ntlogon) { struct nbt_name *name = &packet->data.msg.dest_name; struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, False); struct nbt_ntlogon_packet reply; struct nbt_ntlogon_sam_logon_reply *logon; /* only answer sam logon requests on the PDC or LOGON names */ if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) { return; } /* setup a SAM LOGON reply */ ZERO_STRUCT(reply); reply.command = NTLOGON_SAM_LOGON_REPLY; logon = &reply.req.reply; logon->server = talloc_asprintf(packet, "\\\\%s", lp_netbios_name()); logon->user_name = ntlogon->req.logon.user_name; logon->domain = lp_workgroup(); logon->nt_version = 1; logon->lmnt_token = 0xFFFF; logon->lm20_token = 0xFFFF; packet->data.msg.dest_name.type = 0; dgram_mailslot_ntlogon_reply(reply_iface->dgmsock, packet, ntlogon->req.logon.mailslot_name, &reply); }
/***************************************************** return a connection to a server *******************************************************/ static struct cli_state *connect_one(const char *share) { struct cli_state *c; struct in_addr ip; NTSTATUS nt_status; zero_ip(&ip); if (!cmdline_auth_info.got_pass) { char *pass = getpass("Password: "******"?????", cmdline_auth_info.username, lp_workgroup(), cmdline_auth_info.password, 0, cmdline_auth_info.signing_state, NULL))) { return c; } else { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } }
BOOL get_dc_name(const char *domain, const char *realm, fstring srv_name, struct in_addr *ip_out) { struct in_addr dc_ip; BOOL ret; BOOL our_domain = False; zero_ip(&dc_ip); ret = False; if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) ) our_domain = True; /* always try to obey what the admin specified in smb.conf (for the local domain) */ if ( (our_domain && lp_security()==SEC_ADS) || realm ) { ret = ads_dc_name(domain, realm, &dc_ip, srv_name); } if (!ret) { /* fall back on rpc methods if the ADS methods fail */ ret = rpc_dc_name(domain, srv_name, &dc_ip); } *ip_out = dc_ip; return ret; }
void announce_remote(time_t t) { char *s; const char *ptr; static time_t last_time = 0; pstring s2; struct in_addr addr; char *comment; int stype = lp_default_server_announce(); if (last_time && (t < (last_time + REMOTE_ANNOUNCE_INTERVAL))) return; last_time = t; s = lp_remote_announce(); if (!*s) return; comment = string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH); for (ptr=s; next_token(&ptr,s2,NULL,sizeof(s2)); ) { /* The entries are of the form a.b.c.d/WORKGROUP with WORKGROUP being optional */ const char *wgroup; char *pwgroup; int i; pwgroup = strchr_m(s2,'/'); if (pwgroup) *pwgroup++ = 0; if (!pwgroup || !*pwgroup) wgroup = lp_workgroup(); else wgroup = pwgroup; addr = *interpret_addr2(s2); /* Announce all our names including aliases */ /* Give the ip address as the address of our first broadcast subnet. */ for(i=0; my_netbios_names(i); i++) { const char *name = my_netbios_names(i); DEBUG(5,("announce_remote: Doing remote announce for server %s to IP %s.\n", name, inet_ntoa(addr) )); send_announcement(FIRST_SUBNET, ANN_HostAnnouncement, name, /* From nbt name. */ wgroup, 0x1d, /* To nbt name. */ addr, /* To ip. */ REMOTE_ANNOUNCE_INTERVAL, /* Time until next announce. */ name, /* Name to announce. */ stype, /* Type field. */ comment); } } }
static NTSTATUS gensec_ntlmssp3_client_start(struct gensec_security *gensec_security) { NTSTATUS nt_status; struct gensec_ntlmssp_context *gensec_ntlmssp; const char *user, *domain; const char *password; nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); nt_status = ntlmssp_client_start(gensec_ntlmssp, lp_netbios_name(), lp_workgroup(), lp_client_ntlmv2_auth(), &gensec_ntlmssp->ntlmssp_state); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } cli_credentials_get_ntlm_username_domain(gensec_security->credentials, gensec_ntlmssp, &user, &domain); if (!user || !domain) { return NT_STATUS_NO_MEMORY; } nt_status = ntlmssp_set_username(gensec_ntlmssp->ntlmssp_state, user); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } nt_status = ntlmssp_set_domain(gensec_ntlmssp->ntlmssp_state, domain); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } password = cli_credentials_get_password(gensec_security->credentials); if (!password) { return NT_STATUS_NO_MEMORY; } nt_status = ntlmssp_set_password(gensec_ntlmssp->ntlmssp_state, password); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SIGN) { gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } if (gensec_ntlmssp->gensec_security->want_features & GENSEC_FEATURE_SEAL) { gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; gensec_ntlmssp->ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } return NT_STATUS_OK; }
static struct cli_state *connect_one(const char *share) { struct cli_state *c; NTSTATUS nt_status; uint32_t flags = 0; if (get_cmdline_auth_info_use_machine_account(smbcquotas_auth_info) && !set_cmdline_auth_info_machine_account_creds(smbcquotas_auth_info)) { return NULL; } if (get_cmdline_auth_info_use_kerberos(smbcquotas_auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; } set_cmdline_auth_info_getpass(smbcquotas_auth_info); nt_status = cli_full_connection(&c, lp_netbios_name(), server, NULL, 0, share, "?????", get_cmdline_auth_info_username(smbcquotas_auth_info), lp_workgroup(), get_cmdline_auth_info_password(smbcquotas_auth_info), flags, get_cmdline_auth_info_signing_state(smbcquotas_auth_info)); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); return NULL; } if (get_cmdline_auth_info_smb_encrypt(smbcquotas_auth_info)) { nt_status = cli_cm_force_encryption(c, get_cmdline_auth_info_username(smbcquotas_auth_info), get_cmdline_auth_info_password(smbcquotas_auth_info), lp_workgroup(), share); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(c); return NULL; } } return c; }
static NTSTATUS cmd_netlogon_sam_deltas(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; unsigned char trust_passwd[16]; uint32 database_id, num_deltas, tmp; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; UINT64_S seqnum; if (argc != 3) { fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]); return NT_STATUS_OK; } database_id = atoi(argv[1]); tmp = atoi(argv[2]); seqnum.low = tmp & 0xffff; seqnum.high = 0; if (!secrets_init()) { fprintf(stderr, "Unable to initialise secrets database\n"); goto done; } /* Initialise session credentials */ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { fprintf(stderr, "could not fetch trust account password\n"); goto done; } result = cli_nt_setup_creds(cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); goto done; } /* Synchronise sam database */ result = cli_netlogon_sam_deltas(cli, mem_ctx, database_id, seqnum, &num_deltas, &hdr_deltas, &deltas); if (!NT_STATUS_IS_OK(result)) goto done; /* Display results */ display_sam_sync(num_deltas, hdr_deltas, deltas); done: return result; }
static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; int logon_type = NetlogonNetworkInformation; const char *username, *password; uint32_t logon_param = 0; const char *workstation = NULL; struct netr_SamInfo3 *info3 = NULL; uint8_t authoritative = 0; uint32_t flags = 0; /* Check arguments */ if (argc < 3 || argc > 6) { fprintf(stderr, "Usage: samlogon <username> <password> [workstation]" "[logon_type (1 or 2)] [logon_parameter]\n"); return NT_STATUS_OK; } username = argv[1]; password = argv[2]; if (argc >= 4) workstation = argv[3]; if (argc >= 5) sscanf(argv[4], "%i", &logon_type); if (argc == 6) sscanf(argv[5], "%x", &logon_param); if (rpcclient_netlogon_creds == NULL) { result = NT_STATUS_UNSUCCESSFUL; goto done; } /* Perform the sam logon */ result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds, cli->binding_handle, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, logon_type, &authoritative, &flags, &info3); if (!NT_STATUS_IS_OK(result)) goto done; done: return result; }
BOOL torture_domain_open_samr(struct torture_context *torture) { NTSTATUS status; const char *binding; struct libnet_context *ctx; struct event_context *evt_ctx=NULL; TALLOC_CTX *mem_ctx; struct policy_handle domain_handle, handle; struct lsa_String name; struct libnet_DomainOpen io; struct samr_Close r; BOOL ret = True; mem_ctx = talloc_init("test_domainopen_lsa"); binding = torture_setting_string(torture, "binding", NULL); ctx = libnet_context_init(evt_ctx); ctx->cred = cmdline_credentials; name.string = lp_workgroup(); /* * Testing synchronous version */ printf("opening domain\n"); io.in.type = DOMAIN_SAMR; io.in.domain_name = name.string; io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; status = libnet_DomainOpen(ctx, mem_ctx, &io); if (!NT_STATUS_IS_OK(status)) { printf("Composite domain open failed - %s\n", nt_errstr(status)); ret = False; goto done; } domain_handle = ctx->samr.handle; r.in.handle = &domain_handle; r.out.handle = &handle; printf("closing domain handle\n"); status = dcerpc_samr_Close(ctx->samr.pipe, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("Close failed - %s\n", nt_errstr(status)); ret = False; goto done; } done: talloc_free(mem_ctx); talloc_free(ctx); return ret; }
/* do some samr ops using the schannel connection */ static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) { NTSTATUS status; struct samr_GetDomPwInfo r; struct samr_Connect connect; struct samr_OpenDomain opendom; int i; struct lsa_String name; struct policy_handle handle; struct policy_handle domain_handle; name.string = lp_workgroup(); r.in.domain_name = &name; connect.in.system_name = 0; connect.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; connect.out.connect_handle = &handle; printf("Testing Connect and OpenDomain on BUILTIN\n"); status = dcerpc_samr_Connect(p, mem_ctx, &connect); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("Connect failed (expected, schannel mapped to anonymous): %s\n", nt_errstr(status)); } else { printf("Connect failed - %s\n", nt_errstr(status)); return False; } } else { opendom.in.connect_handle = &handle; opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32"); opendom.out.domain_handle = &domain_handle; status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom); if (!NT_STATUS_IS_OK(status)) { printf("OpenDomain failed - %s\n", nt_errstr(status)); return False; } } printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string); /* do several ops to test credential chaining */ for (i=0;i<5;i++) { status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status)); return False; } } } return True; }
static NTSTATUS cmd_netlogon_sam_sync(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; unsigned char trust_passwd[16]; uint32 database_id = 0, num_deltas; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; DOM_CRED ret_creds; if (argc > 2) { fprintf(stderr, "Usage: %s [database_id]\n", argv[0]); return NT_STATUS_OK; } if (argc == 2) database_id = atoi(argv[1]); if (!secrets_init()) { fprintf(stderr, "Unable to initialise secrets database\n"); return result; } /* Initialise session credentials */ if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { fprintf(stderr, "could not fetch trust account password\n"); goto done; } result = cli_nt_setup_creds(cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); goto done; } /* on first call the returnAuthenticator is empty */ memset(&ret_creds, 0, sizeof(ret_creds)); /* Synchronise sam database */ result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, database_id, &num_deltas, &hdr_deltas, &deltas); if (!NT_STATUS_IS_OK(result)) goto done; /* Display results */ display_sam_sync(num_deltas, hdr_deltas, deltas); done: return result; }
bool torture_domain_open_samr(struct torture_context *torture) { NTSTATUS status; struct libnet_context *ctx; TALLOC_CTX *mem_ctx; struct policy_handle domain_handle, handle; struct libnet_DomainOpen io; struct samr_Close r; const char *domain_name; bool ret = true; mem_ctx = talloc_init("test_domainopen_lsa"); ctx = libnet_context_init(torture->ev, torture->lp_ctx); ctx->cred = cmdline_credentials; /* we're accessing domain controller so the domain name should be passed (it's going to be resolved to dc name and address) instead of specific server name. */ domain_name = lp_workgroup(torture->lp_ctx); /* * Testing synchronous version */ printf("opening domain\n"); io.in.type = DOMAIN_SAMR; io.in.domain_name = domain_name; io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; status = libnet_DomainOpen(ctx, mem_ctx, &io); if (!NT_STATUS_IS_OK(status)) { printf("Composite domain open failed - %s\n", nt_errstr(status)); ret = false; goto done; } domain_handle = ctx->samr.handle; r.in.handle = &domain_handle; r.out.handle = &handle; printf("closing domain handle\n"); status = dcerpc_samr_Close(ctx->samr.pipe, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("Close failed - %s\n", nt_errstr(status)); ret = false; goto done; } done: talloc_free(mem_ctx); talloc_free(ctx); return ret; }
enum winbindd_result winbindd_domain_name(struct winbindd_cli_state *state) { DEBUG(3, ("[%5lu]: request domain name\n", (unsigned long)state->pid)); fstrcpy(state->response.data.domain_name, lp_workgroup()); return WINBINDD_OK; }
static void init_sid_name_map (void) { int i = 0; if (sid_name_map_initialized) return; generate_wellknown_sids(); if ((lp_security() == SEC_USER) && lp_domain_logons()) { sid_name_map[i].sid = get_global_sam_sid(); /* This is not lp_workgroup() for good reason: it must stay around longer than the lp_*() strings do */ sid_name_map[i].name = strdup(lp_workgroup()); sid_name_map[i].known_users = NULL; i++; sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = strdup(global_myname()); sid_name_map[i].known_users = NULL; i++; } else { sid_name_map[i].sid = get_global_sam_sid(); sid_name_map[i].name = strdup(global_myname()); sid_name_map[i].known_users = NULL; i++; } sid_name_map[i].sid = &global_sid_Builtin; sid_name_map[i].name = "BUILTIN"; sid_name_map[i].known_users = &builtin_groups[0]; i++; sid_name_map[i].sid = &global_sid_World_Domain; sid_name_map[i].name = ""; sid_name_map[i].known_users = &everyone_users[0]; i++; sid_name_map[i].sid = &global_sid_Creator_Owner_Domain; sid_name_map[i].name = ""; sid_name_map[i].known_users = &creator_owner_users[0]; i++; sid_name_map[i].sid = &global_sid_NT_Authority; sid_name_map[i].name = "NT Authority"; sid_name_map[i].known_users = &nt_authority_users[0]; i++; /* End of array. */ sid_name_map[i].sid = NULL; sid_name_map[i].name = NULL; sid_name_map[i].known_users = NULL; sid_name_map_initialized = True; return; }
static PyObject *py_auth_smbd(PyObject *self, PyObject *args, PyObject *kw) { static char *kwlist[] = {"username", "password", "use_lm_hash", "use_nt_hash", NULL }; struct winbindd_request request; struct winbindd_response response; char *username, *password; int use_lm_hash = 1, use_nt_hash = 1; if (!PyArg_ParseTupleAndKeywords( args, kw, "ss|ii", kwlist, &username, &password, &use_lm_hash, &use_nt_hash)) return NULL; ZERO_STRUCT(request); ZERO_STRUCT(response); if (push_utf8_fstring(request.data.auth_crap.user, username) == -1) { PyErr_SetString("unable to create utf8 string"); return NULL; } generate_random_buffer(request.data.smbd_auth_crap.chal, 8); if (use_lm_hash) { SMBencrypt((uchar *)password, request.data.smbd_auth_crap.chal, (uchar *)request.data.smbd_auth_crap.lm_resp); request.data.smbd_auth_crap.lm_resp_len = 24; } if (use_nt_hash) { SMBNTencrypt((uchar *)password, request.data.smbd_auth_crap.chal, (uchar *)request.data.smbd_auth_crap.nt_resp); request.data.smbd_auth_crap.nt_resp_len = 24; } if (!secrets_fetch_trust_account_password( lp_workgroup(), request.data.smbd_auth_crap.proof, NULL)) { PyErr_SetString( winbind_error, "unable to fetch domain secret"); return NULL; } if (winbindd_request(WINBINDD_SMBD_AUTH_CRAP, &request, &response) != NSS_STATUS_SUCCESS) { PyErr_SetString(winbind_error, "lookup failed"); return NULL; } return PyInt_FromLong(response.data.auth.nt_status); }
/**************************************************************************** display tree of smb workgroups, servers and shares ****************************************************************************/ static BOOL get_workgroups(struct user_auth_info *user_info) { struct cli_state *cli, *cli2; struct in_addr server_ip; pstring master_workgroup; /* Try to connect to a #1d name of our current workgroup. If that doesn't work broadcast for a master browser and then jump off that workgroup. */ pstrcpy(master_workgroup, lp_workgroup()); if (!use_bcast && !find_master_ip(lp_workgroup(), &server_ip)) { DEBUG(4, ("Unable to find master browser for workgroup %s, falling back to broadcast\n", master_workgroup)); use_bcast = True; } else if(!use_bcast) { if (!(cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info))) return False; } if (!(cli2 = get_ipc_connect_master_ip_bcast(master_workgroup, user_info))) { DEBUG(4, ("Unable to find master browser by " "broadcast\n")); if(cli) cli_shutdown(cli); return False; } if(cli2) { if(cli) cli_shutdown(cli); cli = cli2; } if (!cli_NetServerEnum(cli, master_workgroup, SV_TYPE_DOMAIN_ENUM, add_name, &workgroups)) { if(cli) cli_shutdown(cli); return False; } if(cli) cli_shutdown(cli); return True; }
static NTSTATUS cmd_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, int argc, char **argv) { unsigned char trust_passwd[16]; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; int logon_type = NET_LOGON_TYPE; char *username, *password; /* Check arguments */ if (argc < 3 || argc > 4) { fprintf(stderr, "Usage: samlogon <username> <password> " "[logon_type]\n"); return NT_STATUS_OK; } username = argv[1]; password = argv[2]; if (argc == 4) sscanf(argv[3], "%i", &logon_type); /* Authenticate ourselves with the domain controller */ if (!secrets_init()) { fprintf(stderr, "Unable to initialise secrets database\n"); return result; } if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { fprintf(stderr, "could not fetch trust account password\n"); goto done; } result = cli_nt_setup_creds(cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { fprintf(stderr, "Error initialising session creds\n"); goto done; } /* Perform the sam logon */ result = cli_netlogon_sam_logon(cli, mem_ctx, username, password, logon_type); if (!NT_STATUS_IS_OK(result)) goto done; done: return result; }
static BOOL is_our_primary_domain(const char *domain) { int role = lp_server_role(); if ((role == ROLE_DOMAIN_MEMBER) && strequal(lp_workgroup(), domain)) { return True; } else if (strequal(get_global_sam_name(), domain)) { return True; } return False; }
/**************************************************************************** display tree of smb workgroups, servers and shares ****************************************************************************/ static bool get_workgroups(struct user_auth_info *user_info) { struct cli_state *cli; struct sockaddr_storage server_ss; TALLOC_CTX *ctx = talloc_tos(); char *master_workgroup = NULL; /* Try to connect to a #1d name of our current workgroup. If that doesn't work broadcast for a master browser and then jump off that workgroup. */ master_workgroup = talloc_strdup(ctx, lp_workgroup()); if (!master_workgroup) { return false; } if (!use_bcast && !find_master_ip(lp_workgroup(), &server_ss)) { DEBUG(4, ("Unable to find master browser for workgroup %s, falling back to broadcast\n", master_workgroup)); use_bcast = True; } else if(!use_bcast) { char addr[INET6_ADDRSTRLEN]; print_sockaddr(addr, sizeof(addr), &server_ss); if (!(cli = get_ipc_connect(addr, &server_ss, user_info))) return False; } if (!(cli = get_ipc_connect_master_ip_bcast(talloc_tos(), user_info, &master_workgroup))) { DEBUG(4, ("Unable to find master browser by " "broadcast\n")); return False; } if (!cli_NetServerEnum(cli, master_workgroup, SV_TYPE_DOMAIN_ENUM, add_name, &workgroups)) return False; return True; }
static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; const char *domain = lp_workgroup(); fstring dc_name; struct sockaddr_storage dc_ss; if ( lp_server_role() != ROLE_DOMAIN_MEMBER ) { DEBUG(0,("check_ntdomain_security: Configuration error! Cannot use " "ntdomain auth method when not a member of a domain.\n")); return NT_STATUS_NOT_IMPLEMENTED; } if (!user_info || !server_info || !auth_context) { DEBUG(1,("check_ntdomain_security: Critical variables not present. Failing.\n")); return NT_STATUS_INVALID_PARAMETER; } DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name)); /* * Check that the requested domain is not our own machine name. * If it is, we should never check the PDC here, we use our own local * password file. */ if(strequal(get_global_sam_name(), user_info->mapped.domain_name)) { DEBUG(3,("check_ntdomain_security: Requested domain was for this machine.\n")); return NT_STATUS_NOT_IMPLEMENTED; } /* we need our DC to send the net_sam_logon() request to */ if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) { DEBUG(5,("check_ntdomain_security: unable to locate a DC for domain %s\n", user_info->mapped.domain_name)); return NT_STATUS_NO_LOGON_SERVERS; } nt_status = domain_client_validate(mem_ctx, user_info, domain, (uchar *)auth_context->challenge.data, server_info, dc_name, &dc_ss); return nt_status; }
void update_trustdom_cache( void ) { char **domain_names; struct dom_sid *dom_sids; uint32 num_domains; uint32 last_check; int time_diff; TALLOC_CTX *mem_ctx = NULL; time_t now = time(NULL); int i; /* get the timestamp. We have to initialise it if the last timestamp == 0 */ if ( (last_check = trustdom_cache_fetch_timestamp()) == 0 ) trustdom_cache_store_timestamp(0, now+TRUSTDOM_UPDATE_INTERVAL); time_diff = (int) (now - last_check); if ( (time_diff > 0) && (time_diff < TRUSTDOM_UPDATE_INTERVAL) ) { DEBUG(10,("update_trustdom_cache: not time to update trustdom_cache yet\n")); return; } /* note that we don't lock the timestamp. This prevents this smbd from blocking all other smbd daemons while we enumerate the trusted domains */ trustdom_cache_store_timestamp(now, now+TRUSTDOM_UPDATE_INTERVAL); if ( !(mem_ctx = talloc_init("update_trustdom_cache")) ) { DEBUG(0,("update_trustdom_cache: talloc_init() failed!\n")); goto done; } /* get the domains and store them */ if ( enumerate_domain_trusts(mem_ctx, lp_workgroup(), &domain_names, &num_domains, &dom_sids)) { for ( i=0; i<num_domains; i++ ) { trustdom_cache_store( domain_names[i], NULL, &dom_sids[i], now+TRUSTDOM_UPDATE_INTERVAL); } } else { /* we failed to fetch the list of trusted domains - restore the old timestamp */ trustdom_cache_store_timestamp(last_check, last_check+TRUSTDOM_UPDATE_INTERVAL); } done: talloc_destroy( mem_ctx ); return; }
void register_my_workgroup_one_subnet(struct subnet_record *subrec) { int i; struct work_record *work; /* Create the workgroup on the subnet. */ if((work = create_workgroup_on_subnet(subrec, lp_workgroup(), PERMANENT_TTL)) == NULL) { DEBUG(0,("register_my_workgroup_and_names: Failed to create my workgroup %s on subnet %s. \ Exiting.\n", lp_workgroup(), subrec->subnet_name)); return; }
static int add_signature(char *outbuf, char *p) { char *start = p; fstring lanman; fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING); p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE); p += srvstr_push(outbuf, p, lanman, -1, STR_TERMINATE); p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE); return PTR_DIFF(p, start); }
NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_usersupplied_info **user_info_mapped) { const char *domain; char *account_name; char *d; DEBUG(5,("map_user_info: Mapping user [%s]\\[%s] from workstation [%s]\n", user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name)); account_name = talloc_strdup(mem_ctx, user_info->client.account_name); if (!account_name) { return NT_STATUS_NO_MEMORY; } /* don't allow "" as a domain, fixes a Win9X bug where it doens't supply a domain for logon script 'net use' commands. */ /* Split user@realm names into user and realm components. This is TODO to fix with proper userprincipalname support */ if (user_info->client.domain_name && *user_info->client.domain_name) { domain = user_info->client.domain_name; } else if (strchr_m(user_info->client.account_name, '@')) { d = strchr_m(account_name, '@'); if (!d) { return NT_STATUS_INTERNAL_ERROR; } d[0] = '\0'; d++; domain = d; } else { domain = lp_workgroup(); } *user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info); if (!*user_info_mapped) { return NT_STATUS_NO_MEMORY; } talloc_reference(*user_info_mapped, user_info); **user_info_mapped = *user_info; (*user_info_mapped)->mapped_state = True; (*user_info_mapped)->mapped.domain_name = talloc_strdup(*user_info_mapped, domain); (*user_info_mapped)->mapped.account_name = talloc_strdup(*user_info_mapped, account_name); talloc_free(account_name); if (!(*user_info_mapped)->mapped.domain_name || !(*user_info_mapped)->mapped.account_name) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; }
void browse_sync_remote(time_t t) { char *s; const char *ptr; static time_t last_time = 0; char *s2; struct in_addr addr; struct work_record *work; char outbuf[1024]; char *p; unstring myname; TALLOC_CTX *frame = NULL; if (last_time && (t < (last_time + REMOTE_ANNOUNCE_INTERVAL))) return; last_time = t; s = lp_remote_browse_sync(talloc_tos()); if (!*s) return; /* * We only do this if we are the local master browser * for our workgroup on the firsst subnet. */ if((work = find_workgroup_on_subnet(FIRST_SUBNET, lp_workgroup())) == NULL) { DEBUG(0,("browse_sync_remote: Cannot find workgroup %s on subnet %s\n", lp_workgroup(), FIRST_SUBNET->subnet_name )); return; } if(!AM_LOCAL_MASTER_BROWSER(work)) { DEBUG(5,("browse_sync_remote: We can only do this if we are a local master browser \ for workgroup %s on subnet %s.\n", lp_workgroup(), FIRST_SUBNET->subnet_name )); return; }
static int ejs_tree_connect(MprVarHandle eid, int argc, char **argv) { struct cli_credentials *creds; struct smb_composite_connect io; struct smbcli_tree *tree; char *hostname, *sharename; NTSTATUS result; TALLOC_CTX *mem_ctx; if (argc != 2) { ejsSetErrorMsg(eid, "tree_connect(): invalid number of args"); return -1; } /* Set up host, share destination */ mem_ctx = talloc_new(mprMemCtx()); smbcli_parse_unc(argv[0], mem_ctx, &hostname, &sharename); /* Set up credentials */ creds = cli_credentials_init(NULL); cli_credentials_set_conf(creds); cli_credentials_parse_string(creds, argv[1], CRED_SPECIFIED); /* Do connect */ io.in.dest_host = hostname; io.in.port = 0; io.in.called_name = strupper_talloc(mem_ctx, hostname); io.in.service = sharename; io.in.service_type = "?????"; io.in.credentials = creds; io.in.fallback_to_anonymous = False; io.in.workgroup = lp_workgroup(); result = smb_composite_connect(&io, mem_ctx, NULL); tree = io.out.tree; talloc_free(mem_ctx); if (!NT_STATUS_IS_OK(result)) { mpr_Return(eid, mprNTSTATUS(result)); return 0; } mpr_Return(eid, mprCreatePtrVar(tree)); return 0; }
/* setup for schannel on any pipes opened on this connection */ static NTSTATUS setup_schannel( struct cli_state *cli, const char *domain ) { NTSTATUS ret; uchar trust_password[16]; uint32 sec_channel_type; DOM_SID sid; time_t lct; /* use the domain trust password if we're on a DC and this is not our domain */ if ( IS_DC && !strequal(domain, lp_workgroup()) ) { char *pass = NULL; if ( !secrets_fetch_trusted_domain_password( domain, &pass, &sid, &lct) ) { return NT_STATUS_UNSUCCESSFUL; } sec_channel_type = SEC_CHAN_DOMAIN; E_md4hash(pass, trust_password); SAFE_FREE( pass ); } else { if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL, &sec_channel_type)) { return NT_STATUS_UNSUCCESSFUL; } } ret = cli_nt_setup_netsec(cli, sec_channel_type, AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN, trust_password); return ret; }
BOOL torture_domain_open_lsa(struct torture_context *torture) { NTSTATUS status; BOOL ret = True; struct libnet_context *ctx; struct libnet_DomainOpen r; struct lsa_Close lsa_close; struct policy_handle h; const char *domain_name; /* we're accessing domain controller so the domain name should be passed (it's going to be resolved to dc name and address) instead of specific server name. */ domain_name = lp_workgroup(); ctx = libnet_context_init(NULL); if (ctx == NULL) { d_printf("failed to create libnet context\n"); return False; } ctx->cred = cmdline_credentials; ZERO_STRUCT(r); r.in.type = DOMAIN_LSA; r.in.domain_name = domain_name; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; status = libnet_DomainOpen(ctx, torture, &r); if (!NT_STATUS_IS_OK(status)) { d_printf("failed to open domain on lsa service: %s\n", nt_errstr(status)); ret = False; goto done; } ZERO_STRUCT(lsa_close); lsa_close.in.handle = &ctx->lsa.handle; lsa_close.out.handle = &h; status = dcerpc_lsa_Close(ctx->lsa.pipe, ctx, &lsa_close); if (!NT_STATUS_IS_OK(status)) { d_printf("failed to close domain on lsa service: %s\n", nt_errstr(status)); ret = False; } done: talloc_free(ctx); return ret; }