Exemplo n.º 1
0
void dump_NL_AUTH_SIGNATURE(TALLOC_CTX *mem_ctx,
			    const DATA_BLOB *blob)
{
	enum ndr_err_code ndr_err;
	uint16_t signature_algorithm;

	if (blob->length < 2) {
		return;
	}

	signature_algorithm = SVAL(blob->data, 0);

	switch (signature_algorithm) {
	case NL_SIGN_HMAC_MD5: {
		struct NL_AUTH_SIGNATURE r;
		ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r,
		       (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
			NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &r);
		}
		break;
	}
	case NL_SIGN_HMAC_SHA256: {
		struct NL_AUTH_SHA2_SIGNATURE r;
		ndr_err = ndr_pull_struct_blob(blob, mem_ctx, NULL, &r,
		       (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SHA2_SIGNATURE);
		if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
			NDR_PRINT_DEBUG(NL_AUTH_SHA2_SIGNATURE, &r);
		}
		break;
	}
	default:
		break;
	}
}
Exemplo n.º 2
0
_PUBLIC_ void ndr_print_ntlmssp_lm_response(TALLOC_CTX *mem_ctx,
					    const DATA_BLOB *lm_response,
					    bool ntlmv2)
{
	enum ndr_err_code ndr_err;

	if (ntlmv2) {
		struct LMv2_RESPONSE lm;
		if (lm_response->length == 24) {
			ndr_err = ndr_pull_struct_blob(lm_response, mem_ctx, &lm,
					(ndr_pull_flags_fn_t)ndr_pull_LMv2_RESPONSE);
			if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
				NDR_PRINT_DEBUG(LMv2_RESPONSE, &lm);
			}
		}
	} else {
		struct LM_RESPONSE lm;
		if (lm_response->length == 24) {
			ndr_err = ndr_pull_struct_blob(lm_response, mem_ctx, &lm,
					(ndr_pull_flags_fn_t)ndr_pull_LM_RESPONSE);
			if (NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
				NDR_PRINT_DEBUG(LM_RESPONSE, &lm);
			}
		}
	}
}
Exemplo n.º 3
0
/*
  receive some data on a WREPL connection
*/
static NTSTATUS wreplsrv_process(struct wreplsrv_in_connection *wrepl_conn,
				 struct wreplsrv_in_call **_call)
{
	struct wrepl_wrap packet_out_wrap;
	NTSTATUS status;
	enum ndr_err_code ndr_err;
	struct wreplsrv_in_call *call = *_call;

	ndr_err = ndr_pull_struct_blob(&call->in, call,
				       &call->req_packet,
				       (ndr_pull_flags_fn_t)ndr_pull_wrepl_packet);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		return ndr_map_error2ntstatus(ndr_err);
	}

	if (DEBUGLVL(10)) {
		DEBUG(10,("Received WINS-Replication packet of length %u\n",
			  (unsigned int) call->in.length + 4));
		NDR_PRINT_DEBUG(wrepl_packet, &call->req_packet);
	}

	status = wreplsrv_in_call(call);
	NT_STATUS_IS_ERR_RETURN(status);
	if (!NT_STATUS_IS_OK(status)) {
		/* w2k just ignores invalid packets, so we do */
		DEBUG(10,("Received WINS-Replication packet was invalid, we just ignore it\n"));
		TALLOC_FREE(call);
		*_call = NULL;
		return NT_STATUS_OK;
	}

	/* and now encode the reply */
	packet_out_wrap.packet = call->rep_packet;
	ndr_err = ndr_push_struct_blob(&call->out, call,
				       &packet_out_wrap,
				       (ndr_push_flags_fn_t) ndr_push_wrepl_wrap);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		return ndr_map_error2ntstatus(ndr_err);
	}

	if (DEBUGLVL(10)) {
		DEBUG(10,("Sending WINS-Replication packet of length %u\n",
			 (unsigned int) call->out.length));
		NDR_PRINT_DEBUG(wrepl_packet, &call->rep_packet);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 4
0
static TDB_DATA unparse_share_modes(struct share_mode_data *d)
{
	DATA_BLOB blob;
	enum ndr_err_code ndr_err;

	if (DEBUGLEVEL >= 10) {
		DEBUG(10, ("unparse_share_modes:\n"));
		NDR_PRINT_DEBUG(share_mode_data, d);
	}

	remove_stale_share_mode_entries(d);

	if (d->num_share_modes == 0) {
		DEBUG(10, ("No used share mode found\n"));
		return make_tdb_data(NULL, 0);
	}

	ndr_err = ndr_push_struct_blob(
		&blob, d, d, (ndr_push_flags_fn_t)ndr_push_share_mode_data);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		smb_panic("ndr_push_share_mode_lock failed");
	}

	return make_tdb_data(blob.data, blob.length);
}
Exemplo n.º 5
0
static bool leases_db_key(TALLOC_CTX *mem_ctx,
			  const struct GUID *client_guid,
			  const struct smb2_lease_key *lease_key,
			  TDB_DATA *key)
{
	struct leases_db_key db_key = {
		.client_guid = *client_guid,
		.lease_key = *lease_key };
	DATA_BLOB blob;
	enum ndr_err_code ndr_err;

	if (DEBUGLEVEL >= 10) {
		DEBUG(10, ("%s:\n", __func__));
		NDR_PRINT_DEBUG(leases_db_key, &db_key);
	}

	ndr_err = ndr_push_struct_blob(
		&blob, mem_ctx, &db_key,
		(ndr_push_flags_fn_t)ndr_push_leases_db_key);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		DEBUG(10, ("%s: ndr_push_struct_blob_failed: %s\n",
			   __func__, ndr_errstr(ndr_err)));
		return false;
	}

	*key = make_tdb_data(blob.data, blob.length);
	return true;
}
Exemplo n.º 6
0
/**
* @brief Decodes a ncacn_packet
*
* @param mem_ctx	The memory context on which to allocate the packet
*			elements
* @param blob		The blob of data to decode
* @param r		An empty ncacn_packet, must not be NULL
* @param bigendian	Whether the packet is bignedian encoded
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
				  const DATA_BLOB *blob,
				  struct ncacn_packet *r,
				  bool bigendian)
{
	enum ndr_err_code ndr_err;
	struct ndr_pull *ndr;

	ndr = ndr_pull_init_blob(blob, mem_ctx);
	if (!ndr) {
		return NT_STATUS_NO_MEMORY;
	}
	if (bigendian) {
		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
	}

	ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);

	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		talloc_free(ndr);
		return ndr_map_error2ntstatus(ndr_err);
	}
	talloc_free(ndr);

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(ncacn_packet, r);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 7
0
static bool prep_getdc_request(const struct sockaddr_storage *dc_ss,
			       const char *domain_name,
			       const struct dom_sid *sid,
			       uint32_t nt_version,
			       const char *my_mailslot,
			       int dgm_id,
			       struct packet_struct *p)
{
	TALLOC_CTX *frame = talloc_stackframe();
	const char *my_acct_name;
	struct nbt_netlogon_packet packet;
	struct NETLOGON_SAM_LOGON_REQUEST *s;
	enum ndr_err_code ndr_err;
	DATA_BLOB blob = data_blob_null;
	struct dom_sid my_sid;
	bool ret = false;

	ZERO_STRUCT(packet);
	ZERO_STRUCT(my_sid);

	if (sid != NULL) {
		my_sid = *sid;
	}

	my_acct_name = talloc_asprintf(talloc_tos(), "%s$", lp_netbios_name());
	if (my_acct_name == NULL) {
		goto fail;
	}

	packet.command	= LOGON_SAM_LOGON_REQUEST;
	s		= &packet.req.logon;

	s->request_count	= 0;
	s->computer_name	= lp_netbios_name();
	s->user_name		= my_acct_name;
	s->mailslot_name	= my_mailslot;
	s->acct_control		= ACB_WSTRUST;
	s->sid			= my_sid;
	s->nt_version		= nt_version;
	s->lmnt_token		= 0xffff;
	s->lm20_token		= 0xffff;

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(nbt_netlogon_packet, &packet);
	}

	ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &packet,
		       (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_packet);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		goto fail;
	}

	ret = cli_prep_mailslot(false, NBT_MAILSLOT_NTLOGON, 0,
				(char *)blob.data, blob.length,
				lp_netbios_name(), 0, domain_name, 0x1c,
				dc_ss, dgm_id, p);
fail:
	TALLOC_FREE(frame);
	return ret;
}
Exemplo n.º 8
0
static NTSTATUS ntlmssp3_client_initial(struct ntlmssp_state *ntlmssp_state,
				       TALLOC_CTX *out_mem_ctx,
				       DATA_BLOB in, DATA_BLOB *out)
{
	const char *domain = ntlmssp_state->client.netbios_domain;
	const char *workstation = ntlmssp_state->client.netbios_name;
	NTSTATUS status;

	/* These don't really matter in the initial packet, so don't panic if they are not set */
	if (!domain) {
		domain = "";
	}

	if (!workstation) {
		workstation = "";
	}

	if (ntlmssp_state->unicode) {
		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_UNICODE;
	} else {
		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM;
	}

	if (ntlmssp_state->use_ntlmv2) {
		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
	}

	/* generate the ntlmssp negotiate packet */
	status = msrpc_gen(out_mem_ctx,
		  out, "CddAA",
		  "NTLMSSP",
		  NTLMSSP_NEGOTIATE,
		  ntlmssp_state->neg_flags,
		  domain,
		  workstation);

	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("ntlmssp_client_initial: failed to generate "
			  "ntlmssp negotiate packet\n"));
		return status;
	}

	if (DEBUGLEVEL >= 10) {
		struct NEGOTIATE_MESSAGE *negotiate = talloc(
			talloc_tos(), struct NEGOTIATE_MESSAGE);
		if (negotiate != NULL) {
			status = ntlmssp_pull_NEGOTIATE_MESSAGE(
				out, negotiate, negotiate);
			if (NT_STATUS_IS_OK(status)) {
				NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE,
						negotiate);
			}
			TALLOC_FREE(negotiate);
		}
	}

	ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;

	return NT_STATUS_MORE_PROCESSING_REQUIRED;
}
Exemplo n.º 9
0
/**
* @brief NDR Encodes a dcerpc_auth structure
*
* @param mem_ctx	  The memory context the blob will be allocated on
* @param auth_type	  The DCERPC Authentication Type
* @param auth_level	  The DCERPC Authentication Level
* @param auth_pad_length  The padding added to the packet this blob will be
*			   appended to.
* @param auth_context_id  The context id
* @param credentials	  The authentication credentials blob (signature)
* @param blob [out]	  The encoded blob if successful
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
				 enum dcerpc_AuthType auth_type,
				 enum dcerpc_AuthLevel auth_level,
				 uint8_t auth_pad_length,
				 uint32_t auth_context_id,
				 const DATA_BLOB *credentials,
				 DATA_BLOB *blob)
{
	struct dcerpc_auth r;
	enum ndr_err_code ndr_err;

	r.auth_type		= auth_type;
	r.auth_level		= auth_level;
	r.auth_pad_length	= auth_pad_length;
	r.auth_reserved		= 0;
	r.auth_context_id	= auth_context_id;
	r.credentials		= *credentials;

	ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
		(ndr_push_flags_fn_t)ndr_push_dcerpc_auth);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		return ndr_map_error2ntstatus(ndr_err);
	}

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(dcerpc_auth, &r);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 10
0
/*
  receive an incoming dgram request. This is used for general datagram
  requests. Mailslot requests for our listening mailslots
  are handled in the specific mailslot handlers
*/
void dgram_request_handler(struct nbt_dgram_socket *dgmsock, 
			   struct nbt_dgram_packet *packet,
			   struct socket_address *src)
{
	DEBUG(0,("General datagram request from %s:%d\n", src->addr, src->port));
	NDR_PRINT_DEBUG(nbt_dgram_packet, packet);
}
Exemplo n.º 11
0
/*
  handle incoming browse mailslot requests
*/
void nbtd_mailslot_browse_handler(struct dgram_mailslot_handler *dgmslot, 
				  struct nbt_dgram_packet *packet, 
				  struct socket_address *src)
{
	struct nbt_browse_packet *browse = talloc(dgmslot, struct nbt_browse_packet);
	struct nbt_name *name = &packet->data.msg.dest_name;
	NTSTATUS status;

	if (browse == NULL) {
		status = NT_STATUS_INVALID_PARAMETER;
		goto failed;
	}

	status = dgram_mailslot_browse_parse(dgmslot, browse, packet, browse);
	if (!NT_STATUS_IS_OK(status)) goto failed;

	DEBUG(4,("Browse %s (Op %d) on '%s' '%s' from %s:%d\n", 
		nbt_browse_opcode_string(browse->opcode), browse->opcode,
		nbt_name_string(browse, name), dgmslot->mailslot_name,
		src->addr, src->port));

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(nbt_browse_packet, browse);
	}

	talloc_free(browse);
	return;

failed:
	DEBUG(2,("nbtd browse handler failed from %s:%d to %s - %s\n",
		 src->addr, src->port, nbt_name_string(browse, name),
		 nt_errstr(status)));
	talloc_free(browse);

}
Exemplo n.º 12
0
/*
  we received a badly formed packet - log it
*/
void nbtd_bad_packet(struct nbt_name_packet *packet, 
		     const struct socket_address *src, const char *reason)
{
	DEBUG(2,("nbtd: bad packet '%s' from %s:%d\n", reason, src->addr, src->port));
	if (DEBUGLVL(5)) {
		NDR_PRINT_DEBUG(nbt_name_packet, packet);		
	}
}
Exemplo n.º 13
0
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
					files_struct *fsp,
					struct security_descriptor *parent_desc,
					bool is_directory)
{
	TALLOC_CTX *ctx = talloc_tos();
	NTSTATUS status = NT_STATUS_OK;
	struct security_descriptor *psd = NULL;
	size_t size;

	if (!sd_has_inheritable_components(parent_desc, is_directory)) {
		return NT_STATUS_OK;
	}

	/* Create an inherited descriptor from the parent. */

	if (DEBUGLEVEL >= 10) {
		DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
			fsp_str_dbg(fsp) ));
		NDR_PRINT_DEBUG(security_descriptor, parent_desc);
	}

	status = se_create_child_secdesc(ctx,
			&psd,
			&size,
			parent_desc,
			&handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX],
			&handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX],
			is_directory);
	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}

	if (DEBUGLEVEL >= 10) {
		DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
			fsp_str_dbg(fsp) ));
		NDR_PRINT_DEBUG(security_descriptor, parent_desc);
	}

	return SMB_VFS_FSET_NT_ACL(fsp,
				(OWNER_SECURITY_INFORMATION |
				 GROUP_SECURITY_INFORMATION |
				 DACL_SECURITY_INFORMATION),
				psd);
}
Exemplo n.º 14
0
static struct share_mode_data *parse_share_modes(TALLOC_CTX *mem_ctx,
						 const TDB_DATA dbuf)
{
	struct share_mode_data *d;
	enum ndr_err_code ndr_err;
	uint32_t i;
	DATA_BLOB blob;

	d = talloc(mem_ctx, struct share_mode_data);
	if (d == NULL) {
		DEBUG(0, ("talloc failed\n"));
		goto fail;
	}

	blob.data = dbuf.dptr;
	blob.length = dbuf.dsize;

	ndr_err = ndr_pull_struct_blob_all(
		&blob, d, d, (ndr_pull_flags_fn_t)ndr_pull_share_mode_data);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		DEBUG(1, ("ndr_pull_share_mode_lock failed: %s\n",
			  ndr_errstr(ndr_err)));
		goto fail;
	}

	/*
	 * Initialize the values that are [skip] in the idl. The NDR code does
	 * not initialize them.
	 */

	for (i=0; i<d->num_share_modes; i++) {
		struct share_mode_entry *e = &d->share_modes[i];

		e->stale = false;
		e->lease = NULL;
		if (e->op_type != LEASE_OPLOCK) {
			continue;
		}
		if (e->lease_idx >= d->num_leases) {
			continue;
		}
		e->lease = &d->leases[e->lease_idx];
	}
	d->modified = false;
	d->fresh = false;

	if (DEBUGLEVEL >= 10) {
		DEBUG(10, ("parse_share_modes:\n"));
		NDR_PRINT_DEBUG(share_mode_data, d);
	}

	return d;
fail:
	TALLOC_FREE(d);
	return NULL;
}
Exemplo n.º 15
0
static
NTSTATUS schannel_store_session_key_tdb(struct tdb_wrap *tdb_sc,
					TALLOC_CTX *mem_ctx,
					struct netlogon_creds_CredentialState *creds)
{
	enum ndr_err_code ndr_err;
	DATA_BLOB blob;
	TDB_DATA value;
	int ret;
	char *keystr;
	char *name_upper;

	name_upper = strupper_talloc(mem_ctx, creds->computer_name);
	if (!name_upper) {
		return NT_STATUS_NO_MEMORY;
	}

	keystr = talloc_asprintf(mem_ctx, "%s/%s",
				 SECRETS_SCHANNEL_STATE, name_upper);
	TALLOC_FREE(name_upper);
	if (!keystr) {
		return NT_STATUS_NO_MEMORY;
	}

	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, creds,
			(ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		talloc_free(keystr);
		return ndr_map_error2ntstatus(ndr_err);
	}

	value.dptr = blob.data;
	value.dsize = blob.length;

	ret = tdb_store_bystring(tdb_sc->tdb, keystr, value, TDB_REPLACE);
	if (ret != TDB_SUCCESS) {
		DEBUG(0,("Unable to add %s to session key db - %s\n",
			 keystr, tdb_errorstr_compat(tdb_sc->tdb)));
		talloc_free(keystr);
		return NT_STATUS_INTERNAL_DB_CORRUPTION;
	}

	DEBUG(3,("schannel_store_session_key_tdb: stored schannel info with key %s\n",
		keystr));

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(netlogon_creds_CredentialState, creds);
	}

	talloc_free(keystr);

	return NT_STATUS_OK;
}
Exemplo n.º 16
0
/*
  handle incoming netlogon mailslot requests
*/
void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot, 
				    struct nbt_dgram_packet *packet, 
				    struct socket_address *src)
{
	NTSTATUS status = NT_STATUS_NO_MEMORY;
	struct nbtd_interface *iface = 
		talloc_get_type(dgmslot->private_data, struct nbtd_interface);
	struct nbt_netlogon_packet *netlogon = 
		talloc(dgmslot, struct nbt_netlogon_packet);
	struct nbtd_iface_name *iname;
	struct nbt_name *name = &packet->data.msg.dest_name;

	if (netlogon == NULL) goto failed;

	/*
	  see if the we are listening on the destination netbios name
	*/
	iname = nbtd_find_iname(iface, name, 0);
	if (iname == NULL) {
		status = NT_STATUS_BAD_NETWORK_NAME;
		goto failed;
	}

	DEBUG(5,("netlogon request to %s from %s:%d\n",
		 nbt_name_string(netlogon, name), src->addr, src->port));
	status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon);
	if (!NT_STATUS_IS_OK(status)) goto failed;

	switch (netlogon->command) {
	case LOGON_PRIMARY_QUERY:
		nbtd_netlogon_getdc(dgmslot, iface, packet, 
				    src, netlogon);
		break;
	case LOGON_SAM_LOGON_REQUEST:
		nbtd_netlogon_samlogon(dgmslot, iface, packet, 
				       src, netlogon);
		break;
	default:
		DEBUG(2,("unknown netlogon op %d from %s:%d\n", 
			 netlogon->command, src->addr, src->port));
		NDR_PRINT_DEBUG(nbt_netlogon_packet, netlogon);
		break;
	}

	talloc_free(netlogon);
	return;

failed:
	DEBUG(2,("nbtd netlogon handler failed from %s:%d to %s - %s\n",
		 src->addr, src->port, nbt_name_string(netlogon, name),
		 nt_errstr(status)));
	talloc_free(netlogon);
}
Exemplo n.º 17
0
static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
			      struct replUpToDateVectorBlob *new_utdv)
{
	NTSTATUS status = NT_STATUS_OK;
	krb5_error_code ret = 0;
	struct libnet_keytab_context *keytab_ctx =
		(struct libnet_keytab_context *)ctx->private_data;

	if (new_utdv) {
		enum ndr_err_code ndr_err;
		DATA_BLOB blob;

		if (DEBUGLEVEL >= 10) {
			NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv);
		}

		ndr_err = ndr_push_struct_blob(&blob, mem_ctx, new_utdv,
				(ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
			status = ndr_map_error2ntstatus(ndr_err);
			ctx->error_message = talloc_asprintf(ctx,
					"Failed to push UpToDateVector: %s",
					nt_errstr(status));
			goto done;
		}

		status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0,
							     ctx->nc_dn, "UTDV",
							     ENCTYPE_NULL,
							     blob);
		if (!NT_STATUS_IS_OK(status)) {
			goto done;
		}
	}

	ret = libnet_keytab_add(keytab_ctx);
	if (ret) {
		status = krb5_to_nt_status(ret);
		ctx->error_message = talloc_asprintf(ctx,
			"Failed to add entries to keytab %s: %s",
			keytab_ctx->keytab_name, error_message(ret));
		goto done;
	}

	ctx->result_message = talloc_asprintf(ctx,
		"Vampired %d accounts to keytab %s",
		keytab_ctx->count,
		keytab_ctx->keytab_name);

done:
	TALLOC_FREE(keytab_ctx);
	return status;
}
Exemplo n.º 18
0
/*
  load the notify array
*/
static NTSTATUS notify_load(struct notify_context *notify, struct db_record *rec)
{
	TDB_DATA dbuf;
	DATA_BLOB blob;
	NTSTATUS status;
	int seqnum;

	seqnum = notify->db->get_seqnum(notify->db);

	if (seqnum == notify->seqnum && notify->array != NULL) {
		return NT_STATUS_OK;
	}

	notify->seqnum = seqnum;

	talloc_free(notify->array);
	notify->array = TALLOC_ZERO_P(notify, struct notify_array);
	NT_STATUS_HAVE_NO_MEMORY(notify->array);

	if (!rec) {
		if (notify->db->fetch(notify->db, notify, notify->key, &dbuf) != 0) {
			return NT_STATUS_INTERNAL_DB_CORRUPTION;
		}
	} else {
		dbuf = rec->value;
	}

	blob.data = (uint8 *)dbuf.dptr;
	blob.length = dbuf.dsize;

	status = NT_STATUS_OK;
	if (blob.length > 0) {
		enum ndr_err_code ndr_err;
		ndr_err = ndr_pull_struct_blob(&blob, notify->array, notify->array,
					       (ndr_pull_flags_fn_t)ndr_pull_notify_array);
		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
			status = ndr_map_error2ntstatus(ndr_err);
		}
	}

	if (DEBUGLEVEL >= 10) {
		DEBUG(10, ("notify_load:\n"));
		NDR_PRINT_DEBUG(notify_array, notify->array);
	}

	if (!rec) {
		talloc_free(dbuf.dptr);
	}

	return status;
}
Exemplo n.º 19
0
NTSTATUS smbXsrv_tcon_update(struct smbXsrv_tcon *tcon)
{
	struct smbXsrv_tcon_table *table = tcon->table;
	NTSTATUS status;
	uint8_t key_buf[SMBXSRV_TCON_GLOBAL_TDB_KEY_SIZE];
	TDB_DATA key;

	if (tcon->global->db_rec != NULL) {
		DEBUG(0, ("smbXsrv_tcon_update(0x%08x): "
			  "Called with db_rec != NULL'\n",
			  tcon->global->tcon_global_id));
		return NT_STATUS_INTERNAL_ERROR;
	}

	key = smbXsrv_tcon_global_id_to_key(tcon->global->tcon_global_id,
					    key_buf);

	tcon->global->db_rec = dbwrap_fetch_locked(table->global.db_ctx,
						   tcon->global, key);
	if (tcon->global->db_rec == NULL) {
		DEBUG(0, ("smbXsrv_tcon_update(0x%08x): "
			  "Failed to lock global key '%s'\n",
			  tcon->global->tcon_global_id,
			  hex_encode_talloc(talloc_tos(), key.dptr,
					    key.dsize)));
		return NT_STATUS_INTERNAL_DB_ERROR;
	}

	status = smbXsrv_tcon_global_store(tcon->global);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("smbXsrv_tcon_update: "
			 "global_id (0x%08x) store failed - %s\n",
			 tcon->global->tcon_global_id,
			 nt_errstr(status)));
		return status;
	}

	if (DEBUGLVL(10)) {
		struct smbXsrv_tconB tcon_blob;

		ZERO_STRUCT(tcon_blob);
		tcon_blob.version = SMBXSRV_VERSION_0;
		tcon_blob.info.info0 = tcon;

		DEBUG(10,("smbXsrv_tcon_update: global_id (0x%08x) stored\n",
			  tcon->global->tcon_global_id));
		NDR_PRINT_DEBUG(smbXsrv_tconB, &tcon_blob);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 20
0
struct eventlog_Record_tdb *evlog_pull_record_tdb(TALLOC_CTX *mem_ctx,
						  TDB_CONTEXT *tdb,
						  uint32_t record_number)
{
	struct eventlog_Record_tdb *r;
	TDB_DATA data, key;

	int32_t srecno;
	enum ndr_err_code ndr_err;
	DATA_BLOB blob;

	srecno = record_number;
	key.dptr = (unsigned char *)&srecno;
	key.dsize = sizeof(int32_t);

	data = tdb_fetch(tdb, key);
	if (data.dsize == 0) {
		DEBUG(8,("evlog_pull_record_tdb: "
			"Can't find a record for the key, record %d\n",
			record_number));
		return NULL;
	}

	r = talloc_zero(mem_ctx, struct eventlog_Record_tdb);
	if (!r) {
		goto done;
	}

	blob = data_blob_const(data.dptr, data.dsize);

	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, r,
			   (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record_tdb);

	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		DEBUG(10,("evlog_pull_record_tdb: failed to decode record %d\n",
			record_number));
		TALLOC_FREE(r);
		goto done;
	}

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(eventlog_Record_tdb, r);
	}

	DEBUG(10,("evlog_pull_record_tdb: retrieved entry for record %d\n",
		record_number));
 done:
	SAFE_FREE(data.dptr);

	return r;
}
Exemplo n.º 21
0
static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
			       struct replUpToDateVectorBlob **pold_utdv)
{
	krb5_error_code ret = 0;
	struct libnet_keytab_context *keytab_ctx;
	struct libnet_keytab_entry *entry;
	struct replUpToDateVectorBlob *old_utdv = NULL;
	char *principal;

	ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx);
	if (ret) {
		return krb5_to_nt_status(ret);
	}

	keytab_ctx->dns_domain_name = ctx->dns_domain_name;
	keytab_ctx->clean_old_entries = ctx->clean_old_entries;
	ctx->private_data = keytab_ctx;

	principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s",
				    ctx->nc_dn, ctx->dns_domain_name);
	NT_STATUS_HAVE_NO_MEMORY(principal);

	entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
				     mem_ctx);
	if (entry) {
		enum ndr_err_code ndr_err;
		old_utdv = talloc(mem_ctx, struct replUpToDateVectorBlob);

		ndr_err = ndr_pull_struct_blob(&entry->password, old_utdv, old_utdv,
				(ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
			NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
			ctx->error_message = talloc_asprintf(ctx,
					"Failed to pull UpToDateVector: %s",
					nt_errstr(status));
			return status;
		}

		if (DEBUGLEVEL >= 10) {
			NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv);
		}
	}

	if (pold_utdv) {
		*pold_utdv = old_utdv;
	}

	return NT_STATUS_OK;
}
Exemplo n.º 22
0
/**
* @brief NDR Encodes a NL_AUTH_MESSAGE
*
* @param mem_ctx	The memory context the blob will be allocated on
* @param r		The NL_AUTH_MESSAGE to encode
* @param blob [out]	The encoded blob if successful
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
				   struct NL_AUTH_MESSAGE *r,
				   DATA_BLOB *blob)
{
	enum ndr_err_code ndr_err;

	ndr_err = ndr_push_struct_blob(blob, mem_ctx, r,
		(ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		return ndr_map_error2ntstatus(ndr_err);
	}

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 23
0
NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
				TALLOC_CTX *out_mem_ctx,
				DATA_BLOB in, DATA_BLOB *out)
{
	struct gensec_ntlmssp_context *gensec_ntlmssp =
		talloc_get_type_abort(gensec_security->private_data,
				      struct gensec_ntlmssp_context);
	struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
	NTSTATUS status;
	const DATA_BLOB version_blob = ntlmssp_version_blob();

	/* generate the ntlmssp negotiate packet */
	status = msrpc_gen(out_mem_ctx,
		  out, "CddAAb",
		  "NTLMSSP",
		  NTLMSSP_NEGOTIATE,
		  ntlmssp_state->neg_flags,
		  "", /* domain */
		  "", /* workstation */
		  version_blob.data, version_blob.length);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("ntlmssp_client_initial: failed to generate "
			  "ntlmssp negotiate packet\n"));
		return status;
	}

	if (DEBUGLEVEL >= 10) {
		struct NEGOTIATE_MESSAGE *negotiate = talloc(
			ntlmssp_state, struct NEGOTIATE_MESSAGE);
		if (negotiate != NULL) {
			status = ntlmssp_pull_NEGOTIATE_MESSAGE(
				out, negotiate, negotiate);
			if (NT_STATUS_IS_OK(status)) {
				NDR_PRINT_DEBUG(NEGOTIATE_MESSAGE,
						negotiate);
			}
			TALLOC_FREE(negotiate);
		}
	}

	ntlmssp_state->expected_state = NTLMSSP_CHALLENGE;

	return NT_STATUS_MORE_PROCESSING_REQUIRED;
}
Exemplo n.º 24
0
NTSTATUS smbXsrv_tcon_update(struct smbXsrv_tcon *tcon)
{
	struct smbXsrv_tcon_table *table = tcon->table;
	NTSTATUS status;

	if (tcon->global->db_rec != NULL) {
		DEBUG(0, ("smbXsrv_tcon_update(0x%08x): "
			  "Called with db_rec != NULL'\n",
			  tcon->global->tcon_global_id));
		return NT_STATUS_INTERNAL_ERROR;
	}

	tcon->global->db_rec = smbXsrv_tcon_global_fetch_locked(
						table->global.db_ctx,
						tcon->global->tcon_global_id,
						tcon->global /* TALLOC_CTX */);
	if (tcon->global->db_rec == NULL) {
		return NT_STATUS_INTERNAL_DB_ERROR;
	}

	status = smbXsrv_tcon_global_store(tcon->global);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0,("smbXsrv_tcon_update: "
			 "global_id (0x%08x) store failed - %s\n",
			 tcon->global->tcon_global_id,
			 nt_errstr(status)));
		return status;
	}

	if (DEBUGLVL(10)) {
		struct smbXsrv_tconB tcon_blob;

		ZERO_STRUCT(tcon_blob);
		tcon_blob.version = SMBXSRV_VERSION_0;
		tcon_blob.info.info0 = tcon;

		DEBUG(10,("smbXsrv_tcon_update: global_id (0x%08x) stored\n",
			  tcon->global->tcon_global_id));
		NDR_PRINT_DEBUG(smbXsrv_tconB, &tcon_blob);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 25
0
/*
  save the notify array
*/
static NTSTATUS notify_save(struct notify_context *notify, struct db_record *rec)
{
	TDB_DATA dbuf;
	DATA_BLOB blob;
	NTSTATUS status;
	enum ndr_err_code ndr_err;
	TALLOC_CTX *tmp_ctx;

	/* if possible, remove some depth arrays */
	while (notify->array->num_depths > 0 &&
	       notify->array->depth[notify->array->num_depths-1].num_entries == 0) {
		notify->array->num_depths--;
	}

	/* we might just be able to delete the record */
	if (notify->array->num_depths == 0) {
		return rec->delete_rec(rec);
	}

	tmp_ctx = talloc_new(notify);
	NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);

	ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, notify->array,
				      (ndr_push_flags_fn_t)ndr_push_notify_array);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		talloc_free(tmp_ctx);
		return ndr_map_error2ntstatus(ndr_err);
	}

	if (DEBUGLEVEL >= 10) {
		DEBUG(10, ("notify_save:\n"));
		NDR_PRINT_DEBUG(notify_array, notify->array);
	}

	dbuf.dptr = blob.data;
	dbuf.dsize = blob.length;

	status = rec->store(rec, dbuf, TDB_REPLACE);
	talloc_free(tmp_ctx);

	return status;
}
Exemplo n.º 26
0
static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
        const char *name, uint32 security_info, struct security_descriptor **ppdesc)
{
	NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL,
				name, security_info, ppdesc);
	if (NT_STATUS_IS_OK(status)) {
		if (DEBUGLEVEL >= 10) {
			DEBUG(10,("get_nt_acl_xattr: returning xattr sd for file %s\n",
				name));
			NDR_PRINT_DEBUG(security_descriptor, *ppdesc);
		}
		return NT_STATUS_OK;
	}

	DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n",
			name,
			nt_errstr(status) ));

	return SMB_VFS_NEXT_GET_NT_ACL(handle, name,
			security_info, ppdesc);
}
Exemplo n.º 27
0
static NTSTATUS fget_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp,
        uint32 security_info, struct security_descriptor **ppdesc)
{
	NTSTATUS status = get_nt_acl_tdb_internal(handle, fsp,
				NULL, security_info, ppdesc);
	if (NT_STATUS_IS_OK(status)) {
		if (DEBUGLEVEL >= 10) {
			DEBUG(10,("fget_nt_acl_tdb: returning tdb sd for file %s\n",
				fsp->fsp_name));
			NDR_PRINT_DEBUG(security_descriptor, *ppdesc);
		}
		return NT_STATUS_OK;
	}

	DEBUG(10,("fget_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n",
			fsp->fsp_name,
			nt_errstr(status) ));

	return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp,
			security_info, ppdesc);
}
Exemplo n.º 28
0
/*
  test one SDDL example
*/
static bool test_sddl(struct torture_context *tctx, 
					  const void *test_data)
{
	struct security_descriptor *sd, *sd2;
	struct dom_sid *domain;
	const char *sddl = (const char *)test_data;
	const char *sddl2;
	TALLOC_CTX *mem_ctx = tctx;


	domain = dom_sid_parse_talloc(mem_ctx, "S-1-2-3-4");
	sd = sddl_decode(mem_ctx, sddl, domain);
	torture_assert(tctx, sd != NULL, talloc_asprintf(tctx, 
					"Failed to decode '%s'\n", sddl));

	sddl2 = sddl_encode(mem_ctx, sd, domain);
	torture_assert(tctx, sddl2 != NULL, talloc_asprintf(tctx, 
					"Failed to re-encode '%s'\n", sddl));

	sd2 = sddl_decode(mem_ctx, sddl2, domain);
	torture_assert(tctx, sd2 != NULL, talloc_asprintf(tctx, 
					"Failed to decode2 '%s'\n", sddl2));

	torture_assert(tctx, security_descriptor_equal(sd, sd2),
		talloc_asprintf(tctx, "Failed equality test for '%s'\n", sddl));

#if 0
	/* flags don't have a canonical order ... */
	if (strcmp(sddl, sddl2) != 0) {
		printf("Failed sddl equality test\norig: %s\n new: %s\n", sddl, sddl2);
	}
#endif

	if (DEBUGLVL(2)) {
		NDR_PRINT_DEBUG(security_descriptor, sd);
	}
	talloc_free(sd);
	talloc_free(domain);
	return true;
}
Exemplo n.º 29
0
/**
* @brief NDR Encodes a ncacn_packet
*
* @param mem_ctx	The memory context the blob will be allocated on
* @param ptype		The DCERPC packet type
* @param pfc_flags	The DCERPC PFC Falgs
* @param auth_length	The length of the trailing auth blob
* @param call_id	The call ID
* @param u		The payload of the packet
* @param blob [out]	The encoded blob if successful
*
* @return an NTSTATUS error code
*/
NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
				  enum dcerpc_pkt_type ptype,
				  uint8_t pfc_flags,
				  uint16_t auth_length,
				  uint32_t call_id,
				  union dcerpc_payload *u,
				  DATA_BLOB *blob)
{
	struct ncacn_packet r;
	enum ndr_err_code ndr_err;

	r.rpc_vers		= 5;
	r.rpc_vers_minor	= 0;
	r.ptype			= ptype;
	r.pfc_flags		= pfc_flags;
	r.drep[0]		= DCERPC_DREP_LE;
	r.drep[1]		= 0;
	r.drep[2]		= 0;
	r.drep[3]		= 0;
	r.auth_length		= auth_length;
	r.call_id		= call_id;
	r.u			= *u;

	ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
		(ndr_push_flags_fn_t)ndr_push_ncacn_packet);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		return ndr_map_error2ntstatus(ndr_err);
	}

	dcerpc_set_frag_length(blob, blob->length);


	if (DEBUGLEVEL >= 10) {
		/* set frag len for print function */
		r.frag_length = blob->length;
		NDR_PRINT_DEBUG(ncacn_packet, &r);
	}

	return NT_STATUS_OK;
}
Exemplo n.º 30
0
NTSTATUS _eventlog_GetLogInformation(pipes_struct *p,
				     struct eventlog_GetLogInformation *r)
{
	EVENTLOG_INFO *info = find_eventlog_info_by_hnd(p, r->in.handle);
	struct EVENTLOG_FULL_INFORMATION f;
	enum ndr_err_code ndr_err;
	DATA_BLOB blob;

	if (!info) {
		return NT_STATUS_INVALID_HANDLE;
	}

	if (r->in.level != 0) {
		return NT_STATUS_INVALID_LEVEL;
	}

	*r->out.bytes_needed = 4;

	if (r->in.buf_size < 4) {
		return NT_STATUS_BUFFER_TOO_SMALL;
	}

	/* FIXME: this should be retrieved from the handle */
	f.full = false;

	ndr_err = ndr_push_struct_blob(&blob, p->mem_ctx, NULL, &f,
		      (ndr_push_flags_fn_t)ndr_push_EVENTLOG_FULL_INFORMATION);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		return ndr_map_error2ntstatus(ndr_err);
	}

	if (DEBUGLEVEL >= 10) {
		NDR_PRINT_DEBUG(EVENTLOG_FULL_INFORMATION, &f);
	}

	memcpy(r->out.buffer, blob.data, 4);

	return NT_STATUS_OK;
}