/****************************************************************************
display sec_desc structure
****************************************************************************/
void display_sec_desc(struct security_descriptor *sec)
{
char *sid_str;
if (!sec) {
printf("NULL\n");
return;
}
printf("revision: %d\n", sec->revision);
display_acl_type(sec->type);
if (sec->sacl) {
printf("SACL\n");
display_sec_acl(sec->sacl);
}
if (sec->dacl) {
printf("DACL\n");
display_sec_acl(sec->dacl);
}
if (sec->owner_sid) {
sid_str = dom_sid_string(NULL, sec->owner_sid);
printf("\tOwner SID:\t%s\n", sid_str);
talloc_free(sid_str);
}
if (sec->group_sid) {
sid_str = dom_sid_string(NULL, sec->group_sid);
printf("\tGroup SID:\t%s\n", sid_str);
talloc_free(sid_str);
}
}
/*
encode a sid in SDDL format
*/
static char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
const struct dom_sid *domain_sid)
{
int i;
char *sidstr;
sidstr = dom_sid_string(mem_ctx, sid);
if (sidstr == NULL) return NULL;
/* seen if its a well known sid */
for (i=0;sid_codes[i].sid;i++) {
if (strcmp(sidstr, sid_codes[i].sid) == 0) {
talloc_free(sidstr);
return talloc_strdup(mem_ctx, sid_codes[i].code);
}
}
/* or a well known rid in our domain */
if (dom_sid_in_domain(domain_sid, sid)) {
uint32_t rid = sid->sub_auths[sid->num_auths-1];
for (;i<ARRAY_SIZE(sid_codes);i++) {
if (rid == sid_codes[i].rid) {
talloc_free(sidstr);
return talloc_strdup(mem_ctx, sid_codes[i].code);
}
}
}
talloc_free(sidstr);
/* TODO: encode well known sids as two letter codes */
return dom_sid_string(mem_ctx, sid);
}
/****************************************************************************
prints a struct security_token to debug output.
****************************************************************************/
void security_token_debug(int dbg_lev, const struct security_token *token)
{
TALLOC_CTX *mem_ctx;
int i;
if (!token) {
DEBUG(dbg_lev, ("Security token: (NULL)\n"));
return;
}
mem_ctx = talloc_init("security_token_debug()");
if (!mem_ctx) {
return;
}
DEBUG(dbg_lev, ("Security token of user %s\n",
dom_sid_string(mem_ctx, token->user_sid) ));
DEBUGADD(dbg_lev, (" SIDs (%lu):\n",
(unsigned long)token->num_sids));
for (i = 0; i < token->num_sids; i++) {
DEBUGADD(dbg_lev, (" SID[%3lu]: %s\n", (unsigned long)i,
dom_sid_string(mem_ctx, token->sids[i])));
}
security_token_debug_privileges(dbg_lev, token);
talloc_free(mem_ctx);
}
static struct MprVar mprAliases(struct samba3_groupdb *db)
{
struct MprVar mpv = mprObject("array"), a, am;
int i, j;
for (i = 0; i < db->alias_count; i++) {
char *tmp;
a = mprObject("alias");
tmp = dom_sid_string(NULL, db->aliases[i].sid);
mprSetVar(&a, "sid", mprString(tmp));
talloc_free(tmp);
am = mprArray("array");
for (j = 0; j < db->aliases[i].member_count; j++) {
tmp = dom_sid_string(NULL, db->aliases[i].members[j]);
mprAddArray(&am, j, mprString(tmp));
talloc_free(tmp);
}
mprSetVar(&a, "members", am);
}
if (i == 0) {
mprSetVar(&mpv, "length", mprCreateIntegerVar(i));
}
return mpv;
}
static void init_domain_recv_queryinfo(struct tevent_req *subreq)
{
struct init_domain_state *state =
tevent_req_callback_data(subreq,
struct init_domain_state);
struct lsa_DomainInfo *dominfo;
struct composite_context *ctx;
uint32_t lflags;
state->ctx->status = dcerpc_lsa_QueryInfoPolicy_r_recv(subreq, state);
TALLOC_FREE(subreq);
if (!composite_is_ok(state->ctx)) return;
state->ctx->status = state->queryinfo.out.result;
if (!composite_is_ok(state->ctx)) return;
if (!dom_sid_equal(state->domain->info->sid, &global_sid_Builtin)) {
dominfo = &(*state->queryinfo.out.info)->account_domain;
if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
state->domain->info->name,
dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
dominfo->name.string));
composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
return;
}
if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
dom_sid_string(state, state->domain->info->sid),
dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe),
dom_sid_string(state, dominfo->sid)));
composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
return;
}
}
state->domain->samr_binding = init_domain_binding(state, &ndr_table_samr);
/* We want to use the same flags as the LSA pipe did (so, if
* it needed schannel, then we need that here too) */
lflags = dcerpc_binding_get_flags(state->domain->lsa_binding);
state->ctx->status = dcerpc_binding_set_flags(state->domain->samr_binding,
lflags, 0);
if (!composite_is_ok(state->ctx)) return;
state->domain->libnet_ctx->samr.pipe = NULL;
state->domain->libnet_ctx->samr.samr_handle = NULL;
ctx = wb_connect_samr_send(state, state->domain);
composite_continue(state->ctx, ctx, init_domain_recv_samr, state);
}
static void uid2sid_recv(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
NTSTATUS status;
struct dom_sid *sid;
char *sid_str;
DEBUG(5, ("uid2sid_recv called\n"));
status = wb_uid2sid_recv(ctx, s3call, &sid);
if(NT_STATUS_IS_OK(status)) {
sid_str = dom_sid_string(s3call, sid);
/* If the conversion failed, bail out with a failure. */
if (sid_str == NULL)
wbsrv_samba3_async_epilogue(NT_STATUS_NO_MEMORY,s3call);
/* But we assume this worked, so we'll set the string. Work
* done. */
WBSRV_SAMBA3_SET_STRING(s3call->response.data.sid.sid, sid_str);
s3call->response.data.sid.type = SID_NAME_USER;
}
wbsrv_samba3_async_epilogue(status, s3call);
}
static void generate_sambaPrimaryGroupSID(struct ldb_module *module, const char *local_attr, const struct ldb_message *local, struct ldb_message *remote_mp, struct ldb_message *remote_fb)
{
const struct ldb_val *sidval;
char *sidstring;
struct dom_sid *sid;
NTSTATUS status;
/* We need the domain, so we get it from the objectSid that we hope is here... */
sidval = ldb_msg_find_ldb_val(local, "objectSid");
if (!sidval)
return; /* Sorry, no SID today.. */
sid = talloc(remote_mp, struct dom_sid);
if (sid == NULL) {
return;
}
status = ndr_pull_struct_blob(sidval, sid, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(sid);
return;
}
if (!ldb_msg_find_ldb_val(local, "primaryGroupID"))
return; /* Sorry, no SID today.. */
sid->num_auths--;
sidstring = dom_sid_string(remote_mp, sid);
talloc_free(sid);
ldb_msg_add_fmt(remote_mp, "sambaPrimaryGroupSID", "%s-%d", sidstring, ldb_msg_find_attr_as_uint(local, "primaryGroupID", 0));
talloc_free(sidstring);
}
static struct MprVar mprIdmapDb(struct samba3_idmapdb *db)
{
struct MprVar mpv = mprObject("idmapdb"), mps, mp;
int i;
mprSetVar(&mpv, "user_hwm", mprCreateIntegerVar(db->user_hwm));
mprSetVar(&mpv, "group_hwm", mprCreateIntegerVar(db->group_hwm));
mps = mprArray("array");
for (i = 0; i < db->mapping_count; i++) {
char *tmp;
mp = mprObject("idmap");
mprSetVar(&mp, "IDMAP_GROUP", mprCreateIntegerVar(IDMAP_GROUP));
mprSetVar(&mp, "IDMAP_USER", mprCreateIntegerVar(IDMAP_USER));
mprSetVar(&mp, "type", mprCreateIntegerVar(db->mappings[i].type));
mprSetVar(&mp, "unix_id", mprCreateIntegerVar(db->mappings[i].unix_id));
tmp = dom_sid_string(NULL, db->mappings[i].sid);
mprSetVar(&mp, "sid", mprString(tmp));
talloc_free(tmp);
mprAddArray(&mps, i, mp);
}
if (i == 0) {
mprSetVar(&mpv, "length", mprCreateIntegerVar(i));
}
mprSetVar(&mpv, "mappings", mps);
return mpv;
}
static struct MprVar mprDomainSecrets(struct samba3_domainsecrets *ds)
{
struct MprVar v, e = mprObject("domainsecrets");
char *tmp;
DATA_BLOB blob;
mprSetVar(&e, "name", mprString(ds->name));
tmp = dom_sid_string(NULL, &ds->sid);
mprSetVar(&e, "sid", mprString(tmp));
talloc_free(tmp);
tmp = GUID_string(NULL, &ds->guid);
mprSetVar(&e, "guid", mprString(tmp));
talloc_free(tmp);
mprSetVar(&e, "plaintext_pw", mprString(ds->plaintext_pw));
mprSetVar(&e, "last_change_time", mprCreateIntegerVar(ds->last_change_time));
mprSetVar(&e, "sec_channel_type", mprCreateIntegerVar(ds->sec_channel_type));
v = mprObject("hash_pw");
blob.data = ds->hash_pw.hash;
blob.length = 16;
mprSetVar(&v, "hash", mprDataBlob(blob));
mprSetVar(&v, "mod_time", mprCreateIntegerVar(ds->hash_pw.mod_time));
mprSetVar(&e, "hash_pw", v);
return e;
}
static struct MprVar mprGroupMappings(struct samba3_groupdb *db)
{
struct MprVar mpv = mprArray("array"), g;
int i;
for (i = 0; i < db->groupmap_count; i++) {
char *tmp;
g = mprObject("group");
mprSetVar(&g, "gid", mprCreateIntegerVar(db->groupmappings[i].gid));
tmp = dom_sid_string(NULL, db->groupmappings[i].sid);
mprSetVar(&g, "sid", mprString(tmp));
talloc_free(tmp);
mprSetVar(&g, "sid_name_use", mprCreateIntegerVar(db->groupmappings[i].sid_name_use));
mprSetVar(&g, "nt_name", mprString(db->groupmappings[i].nt_name));
mprSetVar(&g, "comment", mprString(db->groupmappings[i].comment));
mprAddArray(&mpv, i, g);
}
if (i == 0) {
mprSetVar(&mpv, "length", mprCreateIntegerVar(i));
}
return mpv;
}
static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
{
PyObject *py_ldb;
struct ldb_context *ldb;
const struct dom_sid *sid;
PyObject *ret;
char *retstr;
if (!PyArg_ParseTuple(args, "O", &py_ldb))
return NULL;
PyErr_LDB_OR_RAISE(py_ldb, ldb);
sid = samdb_domain_sid(ldb);
if (!sid) {
PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
return NULL;
}
retstr = dom_sid_string(NULL, sid);
if (retstr == NULL) {
PyErr_NoMemory();
return NULL;
}
ret = PyString_FromString(retstr);
talloc_free(retstr);
return ret;
}
NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
struct libnet_SamDump *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
struct samdump_state *samdump_state = talloc(mem_ctx, struct samdump_state);
struct samdump_trusted_domain *t;
struct samdump_secret *s;
if (!samdump_state) {
return NT_STATUS_NO_MEMORY;
}
samdump_state->secrets = NULL;
samdump_state->trusted_domains = NULL;
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_fn;
r2.in.fn_ctx = samdump_state;
r2.in.machine_account = r->in.machine_account;
nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
r->out.error_string = r2.out.error_string;
talloc_steal(mem_ctx, r->out.error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(samdump_state);
return nt_status;
}
printf("Trusted domains, sids and secrets:\n");
for (t=samdump_state->trusted_domains; t; t=t->next) {
char *secret_name = talloc_asprintf(mem_ctx, "G$$%s", t->name);
for (s=samdump_state->secrets; s; s=s->next) {
size_t converted_size = 0;
char *secret_string;
if (strcasecmp_m(s->name, secret_name) != 0) {
continue;
}
if (!convert_string_talloc_handle(mem_ctx, lpcfg_iconv_handle(ctx->lp_ctx), CH_UTF16, CH_UNIX,
s->secret.data, s->secret.length,
(void **)&secret_string, &converted_size)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Could not convert secret for domain %s to a string",
t->name);
talloc_free(samdump_state);
return NT_STATUS_INVALID_PARAMETER;
}
printf("%s\t%s\t%s\n",
t->name, dom_sid_string(mem_ctx, t->sid),
secret_string);
}
}
talloc_free(samdump_state);
return nt_status;
}
static void init_domain_recv_queryinfo(struct rpc_request *req)
{
struct init_domain_state *state =
talloc_get_type(req->async.private_data, struct init_domain_state);
struct lsa_DomainInfo *dominfo;
struct composite_context *ctx;
state->ctx->status = dcerpc_ndr_request_recv(req);
if (!composite_is_ok(state->ctx)) return;
state->ctx->status = state->queryinfo.out.result;
if (!composite_is_ok(state->ctx)) return;
dominfo = &state->queryinfo.out.info->account_domain;
if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) {
DEBUG(2, ("Expected domain name %s, DC %s said %s\n",
state->domain->info->name,
dcerpc_server_name(state->domain->lsa_pipe),
dominfo->name.string));
composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
return;
}
if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) {
DEBUG(2, ("Expected domain sid %s, DC %s said %s\n",
dom_sid_string(state, state->domain->info->sid),
dcerpc_server_name(state->domain->lsa_pipe),
dom_sid_string(state, dominfo->sid)));
composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE);
return;
}
state->domain->samr_binding = init_domain_binding(state, &dcerpc_table_samr);
/* We want to use the same flags as the LSA pipe did (so, if
* it needed schannel, then we need that here too) */
state->domain->samr_binding->flags = state->domain->lsa_binding->flags;
state->domain->samr_pipe = NULL;
ctx = wb_connect_samr_send(state, state->domain);
composite_continue(state->ctx, ctx, init_domain_recv_samr, state);
}
int net_vampire(struct net_context *ctx, int argc, const char **argv)
{
NTSTATUS status;
struct libnet_context *libnetctx;
struct libnet_Vampire *r;
char *tmp, *targetdir = NULL;
const char *domain_name;
switch (argc) {
case 0: /* no args -> fail */
return net_vampire_usage(ctx, argc, argv);
case 1: /* only DOMAIN */
tmp = talloc_strdup(ctx, argv[0]);
break;
case 2: /* domain and target dir */
tmp = talloc_strdup(ctx, argv[0]);
targetdir = talloc_strdup(ctx, argv[1]);
break;
default: /* too many args -> fail */
return net_vampire_usage(ctx, argc, argv);
}
domain_name = tmp;
libnetctx = libnet_context_init(ctx->event_ctx, ctx->lp_ctx);
if (!libnetctx) {
return -1;
}
libnetctx->cred = ctx->credentials;
r = talloc(ctx, struct libnet_Vampire);
if (!r) {
return -1;
}
/* prepare parameters for the vampire */
r->in.netbios_name = lp_netbios_name(ctx->lp_ctx);
r->in.domain_name = domain_name;
r->in.targetdir = targetdir;
r->out.error_string = NULL;
/* do the domain vampire */
status = libnet_Vampire(libnetctx, r, r);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "Vampire of domain failed: %s\n",
r->out.error_string ? r->out.error_string : nt_errstr(status));
talloc_free(r);
talloc_free(libnetctx);
return -1;
}
d_printf("Vampired domain %s (%s)\n", r->out.domain_name, dom_sid_string(ctx, r->out.domain_sid));
talloc_free(libnetctx);
return 0;
}
static bool test_userinfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle,
struct dom_sid2 *domain_sid, const char* user_name,
uint32_t *rid)
{
const uint16_t level = 10;
NTSTATUS status;
struct composite_context *c;
struct libnet_rpc_userinfo user;
struct dom_sid *user_sid;
user_sid = dom_sid_add_rid(mem_ctx, domain_sid, *rid);
user.in.domain_handle = *domain_handle;
user.in.sid = dom_sid_string(mem_ctx, user_sid);
user.in.level = level; /* this should be extended */
printf("Testing async libnet_rpc_userinfo (SID argument)\n");
c = libnet_rpc_userinfo_send(p, &user, msg_handler);
if (!c) {
printf("Failed to call sync libnet_rpc_userinfo_send\n");
return false;
}
status = libnet_rpc_userinfo_recv(c, mem_ctx, &user);
if (!NT_STATUS_IS_OK(status)) {
printf("Calling async libnet_rpc_userinfo failed - %s\n", nt_errstr(status));
return false;
}
ZERO_STRUCT(user);
user.in.domain_handle = *domain_handle;
user.in.sid = NULL;
user.in.username = TEST_USERNAME;
user.in.level = level;
printf("Testing async libnet_rpc_userinfo (username argument)\n");
c = libnet_rpc_userinfo_send(p, &user, msg_handler);
if (!c) {
printf("Failed to call sync libnet_rpc_userinfo_send\n");
return false;
}
status = libnet_rpc_userinfo_recv(c, mem_ctx, &user);
if (!NT_STATUS_IS_OK(status)) {
printf("Calling async libnet_rpc_userinfo failed - %s\n", nt_errstr(status));
return false;
}
return true;
}
/**
find an internal handle given a wire handle. If the wire handle is NULL then
allocate a new handle
*/
_PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch(
struct dcesrv_connection_context *context,
struct policy_handle *p,
uint8_t handle_type)
{
struct dcesrv_handle *h;
struct dom_sid *sid;
sid = context->conn->auth_state.session_info->security_token->user_sid;
if (policy_handle_empty(p)) {
/* TODO: we should probably return a NULL handle here */
return dcesrv_handle_new(context, handle_type);
}
for (h=context->assoc_group->handles; h; h=h->next) {
if (h->wire_handle.handle_type == p->handle_type &&
GUID_equal(&p->uuid, &h->wire_handle.uuid)) {
if (handle_type != DCESRV_HANDLE_ANY &&
p->handle_type != handle_type) {
DEBUG(0,("client gave us the wrong handle type (%d should be %d)\n",
p->handle_type, handle_type));
return NULL;
}
if (!dom_sid_equal(h->sid, sid)) {
DEBUG(0,(__location__ ": Attempt to use invalid sid %s - %s\n",
dom_sid_string(context, h->sid),
dom_sid_string(context, sid)));
return NULL;
}
if (h->iface != context->iface) {
DEBUG(0,(__location__ ": Attempt to use invalid iface\n"));
return NULL;
}
return h;
}
}
return NULL;
}
static bool test_connect_service(struct torture_context *tctx,
struct libnet_context *ctx,
const struct ndr_interface_table *iface,
const char *binding_string,
const char *hostname,
const enum libnet_RpcConnect_level level,
bool badcreds, NTSTATUS expected_status)
{
NTSTATUS status;
struct libnet_RpcConnect connect_r;
ZERO_STRUCT(connect_r);
connect_r.level = level;
connect_r.in.binding = binding_string;
connect_r.in.name = hostname;
connect_r.in.dcerpc_iface = iface;
/* if bad credentials are needed, set baduser%badpassword instead
of default commandline-passed credentials */
if (badcreds) {
cli_credentials_set_username(ctx->cred, "baduser", CRED_SPECIFIED);
cli_credentials_set_password(ctx->cred, "badpassword", CRED_SPECIFIED);
}
status = libnet_RpcConnect(ctx, ctx, &connect_r);
if (!NT_STATUS_EQUAL(status, expected_status)) {
torture_comment(tctx, "Connecting to rpc service %s on %s.\n\tFAILED. Expected: %s."
"Received: %s\n",
connect_r.in.dcerpc_iface->name, connect_r.in.binding, nt_errstr(expected_status),
nt_errstr(status));
return false;
}
torture_comment(tctx, "PASSED. Expected: %s, received: %s\n", nt_errstr(expected_status),
nt_errstr(status));
if (connect_r.level == LIBNET_RPC_CONNECT_DC_INFO && NT_STATUS_IS_OK(status)) {
torture_comment(tctx, "Domain Controller Info:\n");
torture_comment(tctx, "\tDomain Name:\t %s\n", connect_r.out.domain_name);
torture_comment(tctx, "\tDomain SID:\t %s\n", dom_sid_string(ctx, connect_r.out.domain_sid));
torture_comment(tctx, "\tRealm:\t\t %s\n", connect_r.out.realm);
torture_comment(tctx, "\tGUID:\t\t %s\n", GUID_string(ctx, connect_r.out.guid));
} else if (!NT_STATUS_IS_OK(status)) {
torture_comment(tctx, "Error string: %s\n", connect_r.out.error_string);
}
return true;
}
/*
reply to a ADS style GETDC request
*/
static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
struct nbtd_interface *iface,
struct nbt_dgram_packet *packet,
const struct socket_address *src,
struct nbt_netlogon_packet *netlogon)
{
struct nbt_name *name = &packet->data.msg.dest_name;
struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
struct ldb_context *samctx;
const char *my_ip = reply_iface->ip_address;
struct dom_sid *sid;
struct nbt_netlogon_response netlogon_response;
NTSTATUS status;
if (!my_ip) {
DEBUG(0, ("Could not obtain own IP address for datagram socket\n"));
return;
}
/* only answer getdc requests on the PDC or LOGON names */
if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
return;
}
samctx = iface->nbtsrv->sam_ctx;
if (netlogon->req.logon.sid_size) {
sid = &netlogon->req.logon.sid;
} else {
sid = NULL;
}
status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL,
netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr,
netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon, false);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
return;
}
netlogon_response.response_type = NETLOGON_SAMLOGON;
packet->data.msg.dest_name.type = 0;
dgram_mailslot_netlogon_reply(reply_iface->dgmsock,
packet,
lpcfg_netbios_name(iface->nbtsrv->task->lp_ctx),
netlogon->req.logon.mailslot_name,
&netlogon_response);
}
/****************************************************************************
display sec_ace structure
****************************************************************************/
void display_sec_ace(struct security_ace *ace)
{
char *sid_str;
printf("\tACE\n\t\ttype: ");
switch (ace->type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED:
printf("ACCESS ALLOWED");
break;
case SEC_ACE_TYPE_ACCESS_DENIED:
printf("ACCESS DENIED");
break;
case SEC_ACE_TYPE_SYSTEM_AUDIT:
printf("SYSTEM AUDIT");
break;
case SEC_ACE_TYPE_SYSTEM_ALARM:
printf("SYSTEM ALARM");
break;
case SEC_ACE_TYPE_ALLOWED_COMPOUND:
printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
break;
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
break;
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
break;
case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
break;
case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
break;
default:
printf("????");
break;
}
printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
display_sec_ace_flags(ace->flags);
display_sec_access(&ace->access_mask);
sid_str = dom_sid_string(NULL, &ace->trustee);
printf("\t\tSID: %s\n\n", sid_str);
talloc_free(sid_str);
if (sec_ace_object(ace->type)) {
disp_sec_ace_object(&ace->object.object);
}
}
static void usersids_recv_sids(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
int i, num_sids;
struct dom_sid **sids;
char *sids_string;
NTSTATUS status;
status = wb_cmd_usersids_recv(ctx, s3call, &num_sids, &sids);
if (!NT_STATUS_IS_OK(status)) goto done;
sids_string = talloc_strdup(s3call, "");
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i<num_sids; i++) {
sids_string = talloc_asprintf_append_buffer(
sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
}
s3call->response.result = WINBINDD_OK;
s3call->response.extra_data.data = sids_string;
s3call->response.length += strlen(sids_string);
s3call->response.data.num_entries = num_sids;
/* Hmmmm. Nasty protocol -- who invented the zeros between the
* SIDs? Hmmm. Could have been me -- vl */
while (*sids_string != '\0') {
if ((*sids_string) == '\n') {
*sids_string = '\0';
}
sids_string += 1;
}
done:
wbsrv_samba3_async_epilogue(status, s3call);
}
static bool test_userinfo_async(struct torture_context *tctx,
struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle,
struct dom_sid2 *domain_sid, const char* user_name,
uint32_t *rid)
{
const uint16_t level = 10;
NTSTATUS status;
struct composite_context *c;
struct libnet_rpc_userinfo user;
struct dom_sid *user_sid;
user_sid = dom_sid_add_rid(mem_ctx, domain_sid, *rid);
ZERO_STRUCT(user);
user.in.domain_handle = *domain_handle;
user.in.sid = dom_sid_string(mem_ctx, user_sid);
user.in.level = level; /* this should be extended */
torture_comment(tctx, "Testing async libnet_rpc_userinfo (SID argument)\n");
c = libnet_rpc_userinfo_send(mem_ctx, tctx->ev, p->binding_handle, &user, msg_handler);
torture_assert(tctx, c != NULL, "Failed to call async libnet_rpc_userinfo_send");
status = libnet_rpc_userinfo_recv(c, mem_ctx, &user);
torture_assert_ntstatus_ok(tctx, status, "Calling async libnet_rpc_userinfo_recv failed");
ZERO_STRUCT(user);
user.in.domain_handle = *domain_handle;
user.in.sid = NULL;
user.in.username = user_name;
user.in.level = level;
torture_comment(tctx, "Testing async libnet_rpc_userinfo (username argument)\n");
c = libnet_rpc_userinfo_send(mem_ctx, tctx->ev, p->binding_handle, &user, msg_handler);
torture_assert(tctx, c != NULL, "Failed to call async libnet_rpc_userinfo_send");
status = libnet_rpc_userinfo_recv(c, mem_ctx, &user);
torture_assert_ntstatus_ok(tctx, status, "Calling async libnet_rpc_userinfo_recv failed");
return true;
}
static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
const struct security_token *token)
{
char *sid_str;
if (gpo_sd_check_agp_object(ace) &&
gpo_sd_check_agp_access_bits(ace->access_mask) &&
nt_token_check_sid(&ace->trustee, token)) {
sid_str = dom_sid_string(NULL, &ace->trustee);
DEBUG(10,("gpo_sd_check_ace_denied_object: "
"Access denied as of ace for %s\n",
sid_str));
talloc_free(sid_str);
return NT_STATUS_ACCESS_DENIED;
}
return STATUS_MORE_ENTRIES;
}
static void lookupname_recv_sid(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
struct wb_sid_object *sid;
NTSTATUS status;
status = wb_cmd_lookupname_recv(ctx, s3call, &sid);
if (!NT_STATUS_IS_OK(status)) goto done;
s3call->response.result = WINBINDD_OK;
s3call->response.data.sid.type = sid->type;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.sid.sid,
dom_sid_string(s3call, sid->sid));
done:
wbsrv_samba3_async_epilogue(status, s3call);
}
static void list_trustdom_recv_doms(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
int i, num_domains;
struct wb_dom_info **domains;
NTSTATUS status;
char *result;
status = wb_cmd_list_trustdoms_recv(ctx, s3call, &num_domains,
&domains);
if (!NT_STATUS_IS_OK(status)) goto done;
result = talloc_strdup(s3call, "");
if (result == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i<num_domains; i++) {
result = talloc_asprintf_append_buffer(
result, "%s\\%s\\%s",
domains[i]->name, domains[i]->name,
dom_sid_string(s3call, domains[i]->sid));
}
if (result == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
s3call->response.result = WINBINDD_OK;
if (num_domains > 0) {
s3call->response.extra_data.data = result;
s3call->response.length += strlen(result)+1;
}
done:
wbsrv_samba3_async_epilogue(status, s3call);
}
static bool test_groupinfo(struct torture_context *tctx,
struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *domain_handle,
struct dom_sid2 *domain_sid, const char* group_name,
uint32_t *rid)
{
const uint16_t level = 5;
NTSTATUS status;
struct libnet_rpc_groupinfo group;
struct dom_sid *group_sid;
group_sid = dom_sid_add_rid(mem_ctx, domain_sid, *rid);
group.in.domain_handle = *domain_handle;
group.in.sid = dom_sid_string(mem_ctx, group_sid);
group.in.level = level; /* this should be extended */
torture_comment(tctx, "Testing sync libnet_rpc_groupinfo (SID argument)\n");
status = libnet_rpc_groupinfo(p, mem_ctx, &group);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(tctx, "Failed to call sync libnet_rpc_userinfo - %s\n", nt_errstr(status));
return false;
}
ZERO_STRUCT(group);
group.in.domain_handle = *domain_handle;
group.in.sid = NULL;
group.in.groupname = TEST_GROUPNAME;
group.in.level = level;
printf("Testing sync libnet_rpc_groupinfo (groupname argument)\n");
status = libnet_rpc_groupinfo(p, mem_ctx, &group);
if (!NT_STATUS_IS_OK(status)) {
torture_comment(tctx, "Failed to call sync libnet_rpc_groupinfo - %s\n", nt_errstr(status));
return false;
}
return true;
}
/*
A user password change
Return true if there is a valid error packet (or sucess) formed in
the error_blob
*/
static bool kpasswdd_change_password(struct kdc_server *kdc,
TALLOC_CTX *mem_ctx,
struct auth_session_info *session_info,
const DATA_BLOB *password,
DATA_BLOB *reply)
{
NTSTATUS status;
enum samPwdChangeReason reject_reason;
struct samr_DomInfo1 *dominfo;
struct ldb_context *samdb;
samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(kdc->task->lp_ctx));
if (!samdb) {
return kpasswdd_make_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,
"Failed to open samdb",
reply);
}
DEBUG(3, ("Changing password of %s\\%s (%s)\n",
session_info->server_info->domain_name,
session_info->server_info->account_name,
dom_sid_string(mem_ctx, session_info->security_token->user_sid)));
/* User password change */
status = samdb_set_password_sid(samdb, mem_ctx,
session_info->security_token->user_sid,
password, NULL, NULL,
true, /* this is a user password change */
&reject_reason,
&dominfo);
return kpasswd_make_pwchange_reply(kdc, mem_ctx,
status,
reject_reason,
dominfo,
reply);
}
static bool test_lookupsids(struct torture_context *tctx,
struct dcerpc_binding_handle *b,
struct policy_handle *handle,
struct dom_sid **sids, uint32_t num_sids,
int level, NTSTATUS expected_result,
enum lsa_SidType *types)
{
struct lsa_TransNameArray names;
NTSTATUS status;
uint32_t i;
bool ret = true;
status = lookup_sids(tctx, level, b, handle, sids, num_sids,
&names);
if (!NT_STATUS_EQUAL(status, expected_result)) {
printf("For level %d expected %s, got %s\n",
level, nt_errstr(expected_result),
nt_errstr(status));
return false;
}
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK) &&
!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
return true;
}
for (i=0; i<num_sids; i++) {
if (names.names[i].sid_type != types[i]) {
printf("In level %d, for sid %s expected %s, "
"got %s\n", level,
dom_sid_string(tctx, sids[i]),
sid_type_lookup(types[i]),
sid_type_lookup(names.names[i].sid_type));
ret = false;
}
}
return ret;
}
/*
convert a NDR formatted blob to a ldif formatted objectSid
*/
int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
{
struct dom_sid *sid;
enum ndr_err_code ndr_err;
sid = talloc(mem_ctx, struct dom_sid);
if (sid == NULL) {
return -1;
}
ndr_err = ndr_pull_struct_blob_all(in, sid, sid,
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(sid);
return -1;
}
*out = data_blob_string_const(dom_sid_string(mem_ctx, sid));
talloc_free(sid);
if (out->data == NULL) {
return -1;
}
return 0;
}
static void userdomgroups_recv_groups(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
int i, num_sids;
struct dom_sid **sids;
char *sids_string;
NTSTATUS status;
status = wb_cmd_userdomgroups_recv(ctx, s3call, &num_sids, &sids);
if (!NT_STATUS_IS_OK(status)) goto done;
sids_string = talloc_strdup(s3call, "");
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
for (i=0; i<num_sids; i++) {
sids_string = talloc_asprintf_append_buffer(
sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
}
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
s3call->response.result = WINBINDD_OK;
s3call->response.extra_data.data = sids_string;
s3call->response.length += strlen(sids_string)+1;
s3call->response.data.num_entries = num_sids;
done:
wbsrv_samba3_async_epilogue(status, s3call);
}
static BOOL test_lookupsids(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
struct policy_handle *handle,
struct dom_sid **sids, uint32_t num_sids,
int level, NTSTATUS expected_result,
enum lsa_SidType *types)
{
struct lsa_TransNameArray names;
NTSTATUS status;
uint32_t i;
BOOL ret = True;
status = lookup_sids(mem_ctx, level, p, handle, sids, num_sids,
&names);
if (!NT_STATUS_EQUAL(status, expected_result)) {
printf("For level %d expected %s, got %s\n",
level, nt_errstr(expected_result),
nt_errstr(status));
return False;
}
if (!NT_STATUS_EQUAL(status, NT_STATUS_OK) &&
!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
return True;
}
for (i=0; i<num_sids; i++) {
if (names.names[i].sid_type != types[i]) {
printf("In level %d, for sid %s expected %s, "
"got %s\n", level,
dom_sid_string(mem_ctx, sids[i]),
sid_type_lookup(types[i]),
sid_type_lookup(names.names[i].sid_type));
ret = False;
}
}
return ret;
}
