/*
Send request to do a non-authenticated dcerpc bind
*/
struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *p,
const struct ndr_interface_table *table)
{
struct ndr_syntax_id syntax;
struct ndr_syntax_id transfer_syntax;
struct composite_context *c;
c = composite_create(mem_ctx, p->conn->event_ctx);
if (c == NULL) return NULL;
c->status = dcerpc_init_syntaxes(table, p->conn->flags,
&syntax, &transfer_syntax);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(2,("Invalid uuid string in "
"dcerpc_bind_auth_none_send\n"));
composite_error(c, c->status);
return c;
}
/* c was only allocated as a container for a possible error */
talloc_free(c);
return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
}
static BOOL torture_wbem_login_async(struct torture_context *torture)
{
BOOL ret = True;
TALLOC_CTX *mem_ctx = talloc_init("torture_wbem_login_async");
struct com_context *com_ctx = NULL;
const char *binding = NULL;
struct composite_context *c = NULL;
struct composite_context *new_ctx = NULL;
struct GUID clsid;
struct GUID iid;
/*
* Initialize our COM and DCOM contexts.
*/
com_init_ctx(&com_ctx, NULL);
dcom_client_init(com_ctx, cmdline_credentials);
/*
* Pull our needed test arguments from the torture parameters subsystem.
*/
binding = torture_setting_string(torture, "binding", NULL);
/*
* Create a new composite for our call sequence, with the private data being
* our return flag.
*/
c = composite_create(mem_ctx, com_ctx->event_ctx);
c->private_data = &ret;
/*
* Create the parameters needed for the activation call: we need the CLSID
* and IID for the specific interface we're after.
*/
GUID_from_string(CLSID_WBEMLEVEL1LOGIN, &clsid);
GUID_from_string(COM_IWBEMLEVEL1LOGIN_UUID, &iid);
/*
* Fire off the asynchronous activation request with all the needed
* input parameters. Then wait for the composite to be done within the
* context of this function, which allows all the asynchronous magic to
* still happen.
*/
new_ctx = dcom_activate_send(c, &clsid, binding, 1, &iid, com_ctx);
composite_continue(c, new_ctx, torture_wbem_login_async_cont, c);
composite_wait(new_ctx);
talloc_free(c);
talloc_report_full(mem_ctx, stdout);
return ret;
}
/*
composite session setup function that hides the details of all the
different session setup varients, including the multi-pass nature of
the spnego varient
*/
struct composite_context *smb_composite_sesssetup_send(struct smbcli_session *session,
struct smb_composite_sesssetup *io)
{
struct composite_context *c;
struct sesssetup_state *state;
NTSTATUS status;
c = composite_create(session, session->transport->ev);
if (c == NULL) return NULL;
state = talloc_zero(c, struct sesssetup_state);
if (composite_nomem(state, c)) return c;
c->private_data = state;
state->io = io;
talloc_set_destructor(state, sesssetup_state_destructor);
/* no session setup at all in earliest protocol varients */
if (session->transport->negotiate.protocol < PROTOCOL_LANMAN1) {
ZERO_STRUCT(io->out);
composite_done(c);
return c;
}
/* see what session setup interface we will use */
if (session->transport->negotiate.protocol < PROTOCOL_NT1) {
status = session_setup_old(c, session, io, &state->req);
} else if (!session->transport->options.use_spnego ||
!(io->in.capabilities & CAP_EXTENDED_SECURITY)) {
status = session_setup_nt1(c, session, io, &state->req);
} else {
status = session_setup_spnego(c, session, io, &state->req);
}
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) ||
NT_STATUS_IS_OK(status)) {
composite_continue_smb(c, state->req, request_handler, c);
return c;
}
composite_error(c, status);
return c;
}
struct composite_context *libnet_UnbecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
{
struct composite_context *c;
struct libnet_UnbecomeDC_state *s;
char *tmp_name;
c = composite_create(mem_ctx, ctx->event_ctx);
if (c == NULL) return NULL;
s = talloc_zero(c, struct libnet_UnbecomeDC_state);
if (composite_nomem(s, c)) return c;
c->private_data = s;
s->creq = c;
s->libnet = ctx;
/* Domain input */
s->domain.dns_name = talloc_strdup(s, r->in.domain_dns_name);
if (composite_nomem(s->domain.dns_name, c)) return c;
s->domain.netbios_name = talloc_strdup(s, r->in.domain_netbios_name);
if (composite_nomem(s->domain.netbios_name, c)) return c;
/* Source DSA input */
s->source_dsa.address = talloc_strdup(s, r->in.source_dsa_address);
if (composite_nomem(s->source_dsa.address, c)) return c;
/* Destination DSA input */
s->dest_dsa.netbios_name= talloc_strdup(s, r->in.dest_dsa_netbios_name);
if (composite_nomem(s->dest_dsa.netbios_name, c)) return c;
/* Destination DSA dns_name construction */
tmp_name = strlower_talloc(s, s->dest_dsa.netbios_name);
if (composite_nomem(tmp_name, c)) return c;
s->dest_dsa.dns_name = talloc_asprintf_append_buffer(tmp_name, ".%s",
s->domain.dns_name);
if (composite_nomem(s->dest_dsa.dns_name, c)) return c;
unbecomeDC_send_cldap(s);
return c;
}
/*
send a async dcerpc bind request
*/
struct composite_context *dcerpc_bind_send(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *syntax,
const struct ndr_syntax_id *transfer_syntax)
{
struct composite_context *c;
struct ncacn_packet pkt;
DATA_BLOB blob;
struct rpc_request *req;
c = composite_create(mem_ctx,p->conn->event_ctx);
if (c == NULL) return NULL;
c->private_data = p;
p->syntax = *syntax;
p->transfer_syntax = *transfer_syntax;
init_ncacn_hdr(p->conn, &pkt);
pkt.ptype = DCERPC_PKT_BIND;
pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
pkt.call_id = p->conn->call_id;
pkt.auth_length = 0;
if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
}
if (p->binding->flags & DCERPC_HEADER_SIGNING) {
pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
}
pkt.u.bind.max_xmit_frag = 5840;
pkt.u.bind.max_recv_frag = 5840;
pkt.u.bind.assoc_group_id = p->binding->assoc_group_id;
pkt.u.bind.num_contexts = 1;
pkt.u.bind.ctx_list = talloc_array(mem_ctx, struct dcerpc_ctx_list, 1);
if (composite_nomem(pkt.u.bind.ctx_list, c)) return c;
pkt.u.bind.ctx_list[0].context_id = p->context_id;
pkt.u.bind.ctx_list[0].num_transfer_syntaxes = 1;
pkt.u.bind.ctx_list[0].abstract_syntax = p->syntax;
pkt.u.bind.ctx_list[0].transfer_syntaxes = &p->transfer_syntax;
pkt.u.bind.auth_info = data_blob(NULL, 0);
/* construct the NDR form of the packet */
c->status = ncacn_push_auth(&blob, c, p->conn->iconv_convenience, &pkt,
p->conn->security_state.auth_info);
if (!composite_is_ok(c)) return c;
p->conn->transport.recv_data = dcerpc_recv_data;
/*
* we allocate a dcerpc_request so we can be in the same
* request queue as normal requests
*/
req = talloc_zero(c, struct rpc_request);
if (composite_nomem(req, c)) return c;
req->state = RPC_REQUEST_PENDING;
req->call_id = pkt.call_id;
req->async.private_data = c;
req->async.callback = dcerpc_composite_fail;
req->p = p;
req->recv_handler = dcerpc_bind_recv_handler;
DLIST_ADD_END(p->conn->pending, req, struct rpc_request *);
talloc_set_destructor(req, dcerpc_req_dequeue);
c->status = p->conn->transport.send_request(p->conn, &blob,
true);
if (!composite_is_ok(c)) return c;
event_add_timed(c->event_ctx, req,
timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
dcerpc_timeout_handler, req);
return c;
}
struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
struct wb_dom_info *dom_info)
{
struct composite_context *result, *ctx;
struct init_domain_state *state;
result = composite_create(mem_ctx, service->task->event_ctx);
if (result == NULL) goto failed;
state = talloc_zero(result, struct init_domain_state);
if (state == NULL) goto failed;
state->ctx = result;
result->private_data = state;
state->service = service;
state->domain = talloc(state, struct wbsrv_domain);
if (state->domain == NULL) goto failed;
state->domain->info = talloc_reference(state->domain, dom_info);
if (state->domain->info == NULL) goto failed;
/* Caller should check, but to be safe: */
if (dom_info->num_dcs < 1) {
goto failed;
}
/* For now, we just pick the first. The next step will be to
* walk the entire list. Also need to fix finddcs() to return
* the entire list */
state->domain->dc_name = dom_info->dcs[0].name;
state->domain->dc_address = dom_info->dcs[0].address;
/* Create a credentials structure */
state->domain->schannel_creds = cli_credentials_init(state->domain);
if (state->domain->schannel_creds == NULL) goto failed;
cli_credentials_set_event_context(state->domain->schannel_creds, service->task->event_ctx);
cli_credentials_set_conf(state->domain->schannel_creds);
/* Connect the machine account to the credentials */
state->ctx->status =
cli_credentials_set_machine_account(state->domain->
schannel_creds);
if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
state->domain->netlogon_binding = init_domain_binding(state, &dcerpc_table_netlogon);
state->domain->netlogon_pipe = NULL;
if ((!cli_credentials_is_anonymous(state->domain->schannel_creds)) &&
((lp_server_role() == ROLE_DOMAIN_MEMBER) &&
(dom_sid_equal(state->domain->info->sid,
state->service->primary_sid)))) {
state->domain->netlogon_binding->flags |= DCERPC_SCHANNEL;
/* For debugging, it can be a real pain if all the traffic is encrypted */
if (lp_winbind_sealed_pipes()) {
state->domain->netlogon_binding->flags |= (DCERPC_SIGN | DCERPC_SEAL );
} else {
state->domain->netlogon_binding->flags |= (DCERPC_SIGN);
}
}
/* No encryption on anonymous pipes */
ctx = dcerpc_pipe_connect_b_send(state, state->domain->netlogon_binding,
&dcerpc_table_netlogon,
state->domain->schannel_creds,
service->task->event_ctx);
if (composite_nomem(ctx, state->ctx)) {
goto failed;
}
composite_continue(state->ctx, ctx, init_domain_recv_netlogonpipe,
state);
return result;
failed:
talloc_free(result);
return NULL;
}
struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
struct wb_dom_info *dom_info)
{
struct composite_context *result, *ctx;
struct init_domain_state *state;
result = composite_create(mem_ctx, service->task->event_ctx);
if (result == NULL) goto failed;
state = talloc_zero(result, struct init_domain_state);
if (state == NULL) goto failed;
state->ctx = result;
result->private_data = state;
state->service = service;
state->domain = talloc(state, struct wbsrv_domain);
if (state->domain == NULL) goto failed;
state->domain->service = service;
state->domain->info = talloc_reference(state->domain, dom_info);
if (state->domain->info == NULL) goto failed;
state->domain->dc_name = dom_info->dc->name;
state->domain->dc_address = dom_info->dc->address;
state->domain->libnet_ctx = libnet_context_init(service->task->event_ctx,
service->task->lp_ctx);
if (state->domain->libnet_ctx == NULL) goto failed;
talloc_steal(state->domain, state->domain->libnet_ctx);
/* Create a credentials structure */
state->domain->libnet_ctx->cred = cli_credentials_init(state->domain);
if (state->domain->libnet_ctx->cred == NULL) goto failed;
cli_credentials_set_conf(state->domain->libnet_ctx->cred, service->task->lp_ctx);
/* Connect the machine account to the credentials */
state->ctx->status =
cli_credentials_set_machine_account(state->domain->libnet_ctx->cred, state->domain->libnet_ctx->lp_ctx);
if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
state->domain->netlogon_binding = init_domain_binding(state, &ndr_table_netlogon);
state->domain->netlogon_pipe = NULL;
state->domain->netlogon_queue = tevent_queue_create(state->domain,
"netlogon_queue");
if (state->domain->netlogon_queue == NULL) goto failed;
/* We start the queue when the connection is usable */
tevent_queue_stop(state->domain->netlogon_queue);
if ((!cli_credentials_is_anonymous(state->domain->libnet_ctx->cred)) &&
((lpcfg_server_role(service->task->lp_ctx) == ROLE_DOMAIN_MEMBER) ||
(lpcfg_server_role(service->task->lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC)) &&
(dom_sid_equal(state->domain->info->sid,
state->service->primary_sid))) {
uint32_t flags = DCERPC_SCHANNEL | DCERPC_SCHANNEL_AUTO;
/* For debugging, it can be a real pain if all the traffic is encrypted */
if (lpcfg_winbind_sealed_pipes(service->task->lp_ctx)) {
flags |= DCERPC_SIGN | DCERPC_SEAL;
} else {
flags |= DCERPC_SIGN;
}
state->ctx->status = dcerpc_binding_set_flags(state->domain->netlogon_binding,
flags, 0);
if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
}
/* No encryption on anonymous pipes */
ctx = dcerpc_pipe_connect_b_send(state, state->domain->netlogon_binding,
&ndr_table_netlogon,
state->domain->libnet_ctx->cred,
service->task->event_ctx,
service->task->lp_ctx);
if (composite_nomem(ctx, state->ctx)) {
goto failed;
}
composite_continue(state->ctx, ctx, init_domain_recv_netlogonpipe,
state);
return result;
failed:
talloc_free(result);
return NULL;
}
