_PUBLIC_ NTSTATUS dcerpc_floor_get_lhs_data(const struct epm_floor *epm_floor,
struct ndr_syntax_id *syntax)
{
TALLOC_CTX *mem_ctx = talloc_init("floor_get_lhs_data");
struct ndr_pull *ndr;
enum ndr_err_code ndr_err;
uint16_t if_version=0;
ndr = ndr_pull_init_blob(&epm_floor->lhs.lhs_data, mem_ctx);
if (ndr == NULL) {
talloc_free(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
ndr->flags |= LIBNDR_FLAG_NOALIGN;
ndr_err = ndr_pull_GUID(ndr, NDR_SCALARS | NDR_BUFFERS, &syntax->uuid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(mem_ctx);
return ndr_map_error2ntstatus(ndr_err);
}
ndr_err = ndr_pull_uint16(ndr, NDR_SCALARS, &if_version);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(mem_ctx);
return ndr_map_error2ntstatus(ndr_err);
}
syntax->if_version = if_version;
talloc_free(mem_ctx);
return NT_STATUS_OK;
}
/*
push a ncacn_packet into a blob, potentially with auth info
*/
NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
struct ncacn_packet *pkt,
struct dcerpc_auth *auth_info)
{
struct ndr_push *ndr;
enum ndr_err_code ndr_err;
ndr = ndr_push_init_ctx(mem_ctx);
if (!ndr) {
return NT_STATUS_NO_MEMORY;
}
if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
}
if (auth_info) {
pkt->auth_length = auth_info->credentials.length;
} else {
pkt->auth_length = 0;
}
ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
if (auth_info) {
#if 0
/* the s3 rpc server doesn't handle auth padding in
bind requests. Use zero auth padding to keep us
working with old servers */
uint32_t offset = ndr->offset;
ndr_err = ndr_push_align(ndr, 16);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
auth_info->auth_pad_length = ndr->offset - offset;
#else
auth_info->auth_pad_length = 0;
#endif
ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
}
*blob = ndr_push_blob(ndr);
/* fill in the frag length */
dcerpc_set_frag_length(blob, blob->length);
return NT_STATUS_OK;
}
/*
receive some data on a WREPL connection
*/
static NTSTATUS wreplsrv_process(struct wreplsrv_in_connection *wrepl_conn,
struct wreplsrv_in_call **_call)
{
struct wrepl_wrap packet_out_wrap;
NTSTATUS status;
enum ndr_err_code ndr_err;
struct wreplsrv_in_call *call = *_call;
ndr_err = ndr_pull_struct_blob(&call->in, call,
&call->req_packet,
(ndr_pull_flags_fn_t)ndr_pull_wrepl_packet);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
if (DEBUGLVL(10)) {
DEBUG(10,("Received WINS-Replication packet of length %u\n",
(unsigned int) call->in.length + 4));
NDR_PRINT_DEBUG(wrepl_packet, &call->req_packet);
}
status = wreplsrv_in_call(call);
NT_STATUS_IS_ERR_RETURN(status);
if (!NT_STATUS_IS_OK(status)) {
/* w2k just ignores invalid packets, so we do */
DEBUG(10,("Received WINS-Replication packet was invalid, we just ignore it\n"));
TALLOC_FREE(call);
*_call = NULL;
return NT_STATUS_OK;
}
/* and now encode the reply */
packet_out_wrap.packet = call->rep_packet;
ndr_err = ndr_push_struct_blob(&call->out, call,
&packet_out_wrap,
(ndr_push_flags_fn_t) ndr_push_wrepl_wrap);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
if (DEBUGLVL(10)) {
DEBUG(10,("Sending WINS-Replication packet of length %u\n",
(unsigned int) call->out.length));
NDR_PRINT_DEBUG(wrepl_packet, &call->rep_packet);
}
return NT_STATUS_OK;
}
static WERROR _dsdb_prefixmap_from_ldb_val(const struct ldb_val *pfm_ldb_val,
struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct dsdb_schema_prefixmap **_pfm)
{
WERROR werr;
enum ndr_err_code ndr_err;
struct prefixMapBlob pfm_blob;
TALLOC_CTX *temp_ctx = talloc_new(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(temp_ctx);
ndr_err = ndr_pull_struct_blob(pfm_ldb_val, temp_ctx,
iconv_convenience, &pfm_blob,
(ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
talloc_free(temp_ctx);
return ntstatus_to_werror(nt_status);
}
if (pfm_blob.version != PREFIX_MAP_VERSION_DSDB) {
DEBUG(0,("_dsdb_prefixmap_from_ldb_val: pfm_blob->version incorrect\n"));
talloc_free(temp_ctx);
return WERR_VERSION_PARSE_ERROR;
}
/* call the drsuapi version */
werr = dsdb_schema_pfm_from_drsuapi_pfm(&pfm_blob.ctr.dsdb, false, mem_ctx, _pfm, NULL);
talloc_free(temp_ctx);
return werr;
}
WERROR dsdb_get_oid_mappings_ldb(const struct dsdb_schema *schema,
TALLOC_CTX *mem_ctx,
struct ldb_val *prefixMap,
struct ldb_val *schemaInfo)
{
WERROR status;
enum ndr_err_code ndr_err;
struct drsuapi_DsReplicaOIDMapping_Ctr *ctr;
struct prefixMapBlob pfm;
status = dsdb_get_oid_mappings_drsuapi(schema, false, mem_ctx, &ctr);
W_ERROR_NOT_OK_RETURN(status);
pfm.version = PREFIX_MAP_VERSION_DSDB;
pfm.reserved = 0;
pfm.ctr.dsdb = *ctr;
ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, schema->iconv_convenience, &pfm,
(ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
talloc_free(ctr);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
return ntstatus_to_werror(nt_status);
}
*schemaInfo = strhex_to_data_blob(mem_ctx, schema->schema_info);
W_ERROR_HAVE_NO_MEMORY(schemaInfo->data);
return WERR_OK;
}
/*******************************************************************
Parse a byte stream into a secdesc
********************************************************************/
NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len,
struct security_descriptor **psecdesc)
{
DATA_BLOB blob;
enum ndr_err_code ndr_err;
struct security_descriptor *result;
if ((data == NULL) || (len == 0)) {
return NT_STATUS_INVALID_PARAMETER;
}
result = TALLOC_ZERO_P(mem_ctx, struct security_descriptor);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
blob = data_blob_const(data, len);
ndr_err = ndr_pull_struct_blob(
&blob, result, result,
(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(0, ("ndr_pull_security_descriptor failed: %s\n",
ndr_errstr(ndr_err)));
TALLOC_FREE(result);
return ndr_map_error2ntstatus(ndr_err);;
}
*psecdesc = result;
return NT_STATUS_OK;
}
NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx,
struct lsa_BinaryString *r,
struct netr_AcctLockStr **str_p)
{
struct netr_AcctLockStr *str;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
if (!mem_ctx || !r || !str_p) {
return NT_STATUS_INVALID_PARAMETER;
}
*str_p = NULL;
str = TALLOC_ZERO_P(mem_ctx, struct netr_AcctLockStr);
if (!str) {
return NT_STATUS_NO_MEMORY;
}
blob = data_blob_const(r->array, r->length);
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, str,
(ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
*str_p = str;
return NT_STATUS_OK;
}
/**
* @brief Decodes a ncacn_packet
*
* @param mem_ctx The memory context on which to allocate the packet
* elements
* @param blob The blob of data to decode
* @param r An empty ncacn_packet, must not be NULL
* @param bigendian Whether the packet is bignedian encoded
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
const DATA_BLOB *blob,
struct ncacn_packet *r,
bool bigendian)
{
enum ndr_err_code ndr_err;
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx);
if (!ndr) {
return NT_STATUS_NO_MEMORY;
}
if (bigendian) {
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(ndr);
return ndr_map_error2ntstatus(ndr_err);
}
talloc_free(ndr);
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(ncacn_packet, r);
}
return NT_STATUS_OK;
}
/**
* @brief NDR Encodes a dcerpc_auth structure
*
* @param mem_ctx The memory context the blob will be allocated on
* @param auth_type The DCERPC Authentication Type
* @param auth_level The DCERPC Authentication Level
* @param auth_pad_length The padding added to the packet this blob will be
* appended to.
* @param auth_context_id The context id
* @param credentials The authentication credentials blob (signature)
* @param blob [out] The encoded blob if successful
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthType auth_type,
enum dcerpc_AuthLevel auth_level,
uint8_t auth_pad_length,
uint32_t auth_context_id,
const DATA_BLOB *credentials,
DATA_BLOB *blob)
{
struct dcerpc_auth r;
enum ndr_err_code ndr_err;
r.auth_type = auth_type;
r.auth_level = auth_level;
r.auth_pad_length = auth_pad_length;
r.auth_reserved = 0;
r.auth_context_id = auth_context_id;
r.credentials = *credentials;
ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
(ndr_push_flags_fn_t)ndr_push_dcerpc_auth);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(dcerpc_auth, &r);
}
return NT_STATUS_OK;
}
/**
build a NDR blob from a GUID
*/
_PUBLIC_ NTSTATUS GUID_to_ndr_blob(const struct GUID *guid, TALLOC_CTX *mem_ctx, DATA_BLOB *b)
{
enum ndr_err_code ndr_err;
ndr_err = ndr_push_struct_blob(b, mem_ctx, NULL, guid,
(ndr_push_flags_fn_t)ndr_push_GUID);
return ndr_map_error2ntstatus(ndr_err);
}
/*
queue a datagram for send
*/
NTSTATUS nbt_dgram_send(struct nbt_dgram_socket *dgmsock,
struct nbt_dgram_packet *packet,
struct socket_address *dest)
{
struct nbt_dgram_request *req;
NTSTATUS status = NT_STATUS_NO_MEMORY;
enum ndr_err_code ndr_err;
req = talloc(dgmsock, struct nbt_dgram_request);
if (req == NULL) goto failed;
req->dest = dest;
if (talloc_reference(req, dest) == NULL) goto failed;
ndr_err = ndr_push_struct_blob(&req->encoded, req, packet,
(ndr_push_flags_fn_t)ndr_push_nbt_dgram_packet);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
goto failed;
}
DLIST_ADD_END(dgmsock->send_queue, req);
TEVENT_FD_WRITEABLE(dgmsock->fde);
return NT_STATUS_OK;
failed:
talloc_free(req);
return status;
}
static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob)
{
struct xattr_NTACL xacl;
struct security_descriptor_hash sd_hs;
enum ndr_err_code ndr_err;
TALLOC_CTX *ctx = talloc_tos();
ZERO_STRUCT(xacl);
ZERO_STRUCT(sd_hs);
xacl.version = 2;
xacl.info.sd_hs = &sd_hs;
xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd);
memset(&xacl.info.sd_hs->hash[0], '\0', 16);
ndr_err = ndr_push_struct_blob(
pblob, ctx, NULL, &xacl,
(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
ndr_errstr(ndr_err)));
return ndr_map_error2ntstatus(ndr_err);;
}
return NT_STATUS_OK;
}
static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
DATA_BLOB *pblob,
uint16_t hash_type,
uint8_t hash[XATTR_SD_HASH_SIZE])
{
struct xattr_NTACL xacl;
struct security_descriptor_hash_v3 sd_hs3;
enum ndr_err_code ndr_err;
TALLOC_CTX *ctx = talloc_tos();
ZERO_STRUCT(xacl);
ZERO_STRUCT(sd_hs3);
xacl.version = 3;
xacl.info.sd_hs3 = &sd_hs3;
xacl.info.sd_hs3->sd = discard_const_p(struct security_descriptor, psd);
xacl.info.sd_hs3->hash_type = hash_type;
memcpy(&xacl.info.sd_hs3->hash[0], hash, XATTR_SD_HASH_SIZE);
ndr_err = ndr_push_struct_blob(
pblob, ctx, &xacl,
(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
ndr_errstr(ndr_err)));
return ndr_map_error2ntstatus(ndr_err);
}
return NT_STATUS_OK;
}
static NTSTATUS lsa_secret_get_common(TALLOC_CTX *mem_ctx,
const char *secret_name,
struct lsa_secret *secret)
{
char *key;
DATA_BLOB blob;
enum ndr_err_code ndr_err;
ZERO_STRUCTP(secret);
key = lsa_secret_key(mem_ctx, secret_name);
if (!key) {
return NT_STATUS_NO_MEMORY;
}
blob.data = (uint8_t *)secrets_fetch(key, &blob.length);
talloc_free(key);
if (!blob.data) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, secret,
(ndr_pull_flags_fn_t)ndr_pull_lsa_secret);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
SAFE_FREE(blob.data);
return ndr_map_error2ntstatus(ndr_err);
}
SAFE_FREE(blob.data);
return NT_STATUS_OK;
}
/*
Receive a bind reply from the transport
*/
static void dcerpc_bind_recv_handler(struct rpc_request *req,
DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
{
struct composite_context *c;
struct dcerpc_connection *conn;
c = talloc_get_type(req->async.private_data, struct composite_context);
if (pkt->ptype == DCERPC_PKT_BIND_NAK) {
DEBUG(2,("dcerpc: bind_nak reason %d\n",
pkt->u.bind_nak.reject_reason));
composite_error(c, dcerpc_map_reason(pkt->u.bind_nak.
reject_reason));
return;
}
if ((pkt->ptype != DCERPC_PKT_BIND_ACK) ||
(pkt->u.bind_ack.num_results == 0) ||
(pkt->u.bind_ack.ctx_list[0].result != 0)) {
composite_error(c, NT_STATUS_NET_WRITE_FAULT);
return;
}
conn = req->p->conn;
conn->srv_max_xmit_frag = pkt->u.bind_ack.max_xmit_frag;
conn->srv_max_recv_frag = pkt->u.bind_ack.max_recv_frag;
if ((req->p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) &&
(pkt->pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
conn->flags |= DCERPC_CONCURRENT_MULTIPLEX;
}
if ((req->p->binding->flags & DCERPC_HEADER_SIGNING) &&
(pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) {
conn->flags |= DCERPC_HEADER_SIGNING;
}
/* the bind_ack might contain a reply set of credentials */
if (conn->security_state.auth_info &&
pkt->u.bind_ack.auth_info.length) {
enum ndr_err_code ndr_err;
ndr_err = ndr_pull_struct_blob(
&pkt->u.bind_ack.auth_info, conn,
NULL,
conn->security_state.auth_info,
(ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
c->status = ndr_map_error2ntstatus(ndr_err);
if (!composite_is_ok(c)) return;
}
}
req->p->assoc_group_id = pkt->u.bind_ack.assoc_group_id;
composite_done(c);
}
static WERROR dsdb_syntax_DN_BINARY_drsuapi_to_ldb(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_attribute *attr,
const struct drsuapi_DsReplicaAttribute *in,
TALLOC_CTX *mem_ctx,
struct ldb_message_element *out)
{
uint32_t i;
out->flags = 0;
out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
W_ERROR_HAVE_NO_MEMORY(out->name);
out->num_values = in->value_ctr.num_values;
out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
W_ERROR_HAVE_NO_MEMORY(out->values);
for (i=0; i < out->num_values; i++) {
struct drsuapi_DsReplicaObjectIdentifier3Binary id3b;
char *binary;
char *str;
enum ndr_err_code ndr_err;
if (in->value_ctr.values[i].blob == NULL) {
return WERR_FOOBAR;
}
if (in->value_ctr.values[i].blob->length == 0) {
return WERR_FOOBAR;
}
ndr_err = ndr_pull_struct_blob_all(in->value_ctr.values[i].blob,
out->values, schema->iconv_convenience, &id3b,
(ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3Binary);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
return ntstatus_to_werror(status);
}
/* TODO: handle id3.guid and id3.sid */
binary = data_blob_hex_string(out->values, &id3b.binary);
W_ERROR_HAVE_NO_MEMORY(binary);
str = talloc_asprintf(out->values, "B:%u:%s:%s",
(unsigned int)(id3b.binary.length * 2), /* because of 2 hex chars per byte */
binary,
id3b.dn);
W_ERROR_HAVE_NO_MEMORY(str);
/* TODO: handle id3.guid and id3.sid */
out->values[i] = data_blob_string_const(str);
}
return WERR_OK;
}
static
NTSTATUS schannel_store_session_key_tdb(struct tdb_wrap *tdb_sc,
TALLOC_CTX *mem_ctx,
struct netlogon_creds_CredentialState *creds)
{
enum ndr_err_code ndr_err;
DATA_BLOB blob;
TDB_DATA value;
int ret;
char *keystr;
char *name_upper;
name_upper = strupper_talloc(mem_ctx, creds->computer_name);
if (!name_upper) {
return NT_STATUS_NO_MEMORY;
}
keystr = talloc_asprintf(mem_ctx, "%s/%s",
SECRETS_SCHANNEL_STATE, name_upper);
TALLOC_FREE(name_upper);
if (!keystr) {
return NT_STATUS_NO_MEMORY;
}
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, creds,
(ndr_push_flags_fn_t)ndr_push_netlogon_creds_CredentialState);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(keystr);
return ndr_map_error2ntstatus(ndr_err);
}
value.dptr = blob.data;
value.dsize = blob.length;
ret = tdb_store_bystring(tdb_sc->tdb, keystr, value, TDB_REPLACE);
if (ret != TDB_SUCCESS) {
DEBUG(0,("Unable to add %s to session key db - %s\n",
keystr, tdb_errorstr_compat(tdb_sc->tdb)));
talloc_free(keystr);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
DEBUG(3,("schannel_store_session_key_tdb: stored schannel info with key %s\n",
keystr));
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(netlogon_creds_CredentialState, creds);
}
talloc_free(keystr);
return NT_STATUS_OK;
}
static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
struct replUpToDateVectorBlob *new_utdv)
{
NTSTATUS status = NT_STATUS_OK;
krb5_error_code ret = 0;
struct libnet_keytab_context *keytab_ctx =
(struct libnet_keytab_context *)ctx->private_data;
if (new_utdv) {
enum ndr_err_code ndr_err;
DATA_BLOB blob;
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv);
}
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, new_utdv,
(ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
ctx->error_message = talloc_asprintf(ctx,
"Failed to push UpToDateVector: %s",
nt_errstr(status));
goto done;
}
status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0,
ctx->nc_dn, "UTDV",
ENCTYPE_NULL,
blob);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
}
ret = libnet_keytab_add(keytab_ctx);
if (ret) {
status = krb5_to_nt_status(ret);
ctx->error_message = talloc_asprintf(ctx,
"Failed to add entries to keytab %s: %s",
keytab_ctx->keytab_name, error_message(ret));
goto done;
}
ctx->result_message = talloc_asprintf(ctx,
"Vampired %d accounts to keytab %s",
keytab_ctx->count,
keytab_ctx->keytab_name);
done:
TALLOC_FREE(keytab_ctx);
return status;
}
static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
struct security_descriptor **ppdesc,
uint16_t *p_hash_type,
uint8_t hash[XATTR_SD_HASH_SIZE])
{
TALLOC_CTX *ctx = talloc_tos();
struct xattr_NTACL xacl;
enum ndr_err_code ndr_err;
size_t sd_size;
ndr_err = ndr_pull_struct_blob(pblob, ctx, NULL, &xacl,
(ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
ndr_errstr(ndr_err)));
return ndr_map_error2ntstatus(ndr_err);;
}
switch (xacl.version) {
case 2:
*ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION,
xacl.info.sd_hs2->sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd_hs2->sd->owner_sid,
xacl.info.sd_hs2->sd->group_sid,
xacl.info.sd_hs2->sd->sacl,
xacl.info.sd_hs2->sd->dacl,
&sd_size);
/* No hash - null out. */
*p_hash_type = XATTR_SD_HASH_TYPE_NONE;
memset(hash, '\0', XATTR_SD_HASH_SIZE);
break;
case 3:
*ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION,
xacl.info.sd_hs3->sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd_hs3->sd->owner_sid,
xacl.info.sd_hs3->sd->group_sid,
xacl.info.sd_hs3->sd->sacl,
xacl.info.sd_hs3->sd->dacl,
&sd_size);
*p_hash_type = xacl.info.sd_hs3->hash_type;
/* Current version 3. */
memcpy(hash, xacl.info.sd_hs3->hash, XATTR_SD_HASH_SIZE);
break;
default:
return NT_STATUS_REVISION_MISMATCH;
}
TALLOC_FREE(xacl.info.sd);
return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
}
/**
build a GUID from a NDR data blob
*/
_PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
{
enum ndr_err_code ndr_err;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_new(NULL);
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
ndr_err = ndr_pull_struct_blob_all(b, mem_ctx, NULL, guid,
(ndr_pull_flags_fn_t)ndr_pull_GUID);
talloc_free(mem_ctx);
return ndr_map_error2ntstatus(ndr_err);
}
/*
load the notify array
*/
static NTSTATUS notify_load(struct notify_context *notify, struct db_record *rec)
{
TDB_DATA dbuf;
DATA_BLOB blob;
NTSTATUS status;
int seqnum;
seqnum = notify->db->get_seqnum(notify->db);
if (seqnum == notify->seqnum && notify->array != NULL) {
return NT_STATUS_OK;
}
notify->seqnum = seqnum;
talloc_free(notify->array);
notify->array = TALLOC_ZERO_P(notify, struct notify_array);
NT_STATUS_HAVE_NO_MEMORY(notify->array);
if (!rec) {
if (notify->db->fetch(notify->db, notify, notify->key, &dbuf) != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else {
dbuf = rec->value;
}
blob.data = (uint8 *)dbuf.dptr;
blob.length = dbuf.dsize;
status = NT_STATUS_OK;
if (blob.length > 0) {
enum ndr_err_code ndr_err;
ndr_err = ndr_pull_struct_blob(&blob, notify->array, notify->array,
(ndr_pull_flags_fn_t)ndr_pull_notify_array);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);
}
}
if (DEBUGLEVEL >= 10) {
DEBUG(10, ("notify_load:\n"));
NDR_PRINT_DEBUG(notify_array, notify->array);
}
if (!rec) {
talloc_free(dbuf.dptr);
}
return status;
}
static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct sockaddr_storage *ss,
uint32_t nt_version,
struct NETLOGON_SAM_LOGON_RESPONSE_EX *r)
{
DATA_BLOB blob;
enum ndr_err_code ndr_err;
NTSTATUS status;
char addr[INET6_ADDRSTRLEN];
print_sockaddr(addr, sizeof(addr), ss);
/* FIXME */
r->sockaddr_size = 0x10; /* the w32 winsock addr size */
r->sockaddr.sockaddr_family = 2; /* AF_INET */
r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, r,
(ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
if (r->domain) {
status = dsgetdcname_cache_store(mem_ctx, r->domain, &blob);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (r->client_site) {
sitename_store(r->domain, r->client_site);
}
}
if (r->dns_domain) {
status = dsgetdcname_cache_store(mem_ctx, r->dns_domain, &blob);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (r->client_site) {
sitename_store(r->dns_domain, r->client_site);
}
}
status = NT_STATUS_OK;
done:
data_blob_free(&blob);
return status;
}
static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
struct replUpToDateVectorBlob **pold_utdv)
{
krb5_error_code ret = 0;
struct libnet_keytab_context *keytab_ctx;
struct libnet_keytab_entry *entry;
struct replUpToDateVectorBlob *old_utdv = NULL;
char *principal;
ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx);
if (ret) {
return krb5_to_nt_status(ret);
}
keytab_ctx->dns_domain_name = ctx->dns_domain_name;
keytab_ctx->clean_old_entries = ctx->clean_old_entries;
ctx->private_data = keytab_ctx;
principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s",
ctx->nc_dn, ctx->dns_domain_name);
NT_STATUS_HAVE_NO_MEMORY(principal);
entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
mem_ctx);
if (entry) {
enum ndr_err_code ndr_err;
old_utdv = talloc(mem_ctx, struct replUpToDateVectorBlob);
ndr_err = ndr_pull_struct_blob(&entry->password, old_utdv, old_utdv,
(ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ctx->error_message = talloc_asprintf(ctx,
"Failed to pull UpToDateVector: %s",
nt_errstr(status));
return status;
}
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv);
}
}
if (pold_utdv) {
*pold_utdv = old_utdv;
}
return NT_STATUS_OK;
}
/*
decode a NDR GUID from a ldap filter element
*/
NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldb_val val, struct GUID *guid)
{
DATA_BLOB blob;
enum ndr_err_code ndr_err;
blob.data = val.data;
blob.length = val.length;
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, guid,
(ndr_pull_flags_fn_t)ndr_pull_GUID);
talloc_free(val.data);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
return NT_STATUS_OK;
}
static WERROR dsdb_syntax_DN_BINARY_ldb_to_drsuapi(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_attribute *attr,
const struct ldb_message_element *in,
TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaAttribute *out)
{
uint32_t i;
DATA_BLOB *blobs;
if (attr->attributeID_id == 0xFFFFFFFF) {
return WERR_FOOBAR;
}
out->attid = attr->attributeID_id;
out->value_ctr.num_values = in->num_values;
out->value_ctr.values = talloc_array(mem_ctx,
struct drsuapi_DsAttributeValue,
in->num_values);
W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
W_ERROR_HAVE_NO_MEMORY(blobs);
for (i=0; i < in->num_values; i++) {
struct drsuapi_DsReplicaObjectIdentifier3Binary id3b;
enum ndr_err_code ndr_err;
out->value_ctr.values[i].blob = &blobs[i];
/* TODO: handle id3b.guid and id3b.sid, id3.binary */
ZERO_STRUCT(id3b);
id3b.dn = (const char *)in->values[i].data;
id3b.binary = data_blob(NULL, 0);
ndr_err = ndr_push_struct_blob(&blobs[i], blobs, schema->iconv_convenience, &id3b,
(ndr_push_flags_fn_t)ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
return ntstatus_to_werror(status);
}
}
return WERR_OK;
}
/**
* @brief NDR Encodes a NL_AUTH_MESSAGE
*
* @param mem_ctx The memory context the blob will be allocated on
* @param r The NL_AUTH_MESSAGE to encode
* @param blob [out] The encoded blob if successful
*
* @return a NTSTATUS error code
*/
NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
struct NL_AUTH_MESSAGE *r,
DATA_BLOB *blob)
{
enum ndr_err_code ndr_err;
ndr_err = ndr_push_struct_blob(blob, mem_ctx, r,
(ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return ndr_map_error2ntstatus(ndr_err);
}
if (DEBUGLEVEL >= 10) {
NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r);
}
return NT_STATUS_OK;
}
WERROR dsdb_get_drsuapi_prefixmap_as_blob(const struct drsuapi_DsReplicaOIDMapping_Ctr *ctr,
TALLOC_CTX *mem_ctx,
struct ldb_val *prefixMap)
{
struct prefixMapBlob pfm;
enum ndr_err_code ndr_err;
pfm.version = PREFIX_MAP_VERSION_DSDB;
pfm.reserved = 0;
pfm.ctr.dsdb = *ctr;
ndr_err = ndr_push_struct_blob(prefixMap, mem_ctx, &pfm,
(ndr_push_flags_fn_t)ndr_push_prefixMapBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
return ntstatus_to_werror(nt_status);
}
return WERR_OK;
}
/*
save the notify array
*/
static NTSTATUS notify_save(struct notify_context *notify)
{
TDB_DATA dbuf;
DATA_BLOB blob;
enum ndr_err_code ndr_err;
int ret;
TALLOC_CTX *tmp_ctx;
/* if possible, remove some depth arrays */
while (notify->array->num_depths > 0 &&
notify->array->depth[notify->array->num_depths-1].num_entries == 0) {
notify->array->num_depths--;
}
/* we might just be able to delete the record */
if (notify->array->num_depths == 0) {
ret = tdb_delete_bystring(notify->w->tdb, NOTIFY_KEY);
if (ret != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_OK;
}
tmp_ctx = talloc_new(notify);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, notify->array,
(ndr_push_flags_fn_t)ndr_push_notify_array);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(tmp_ctx);
return ndr_map_error2ntstatus(ndr_err);
}
dbuf.dptr = blob.data;
dbuf.dsize = blob.length;
ret = tdb_store_bystring(notify->w->tdb, NOTIFY_KEY, dbuf, TDB_REPLACE);
talloc_free(tmp_ctx);
if (ret != 0) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return NT_STATUS_OK;
}
/*
Receive an alter reply from the transport
*/
static void dcerpc_alter_recv_handler(struct rpc_request *req,
DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
{
struct composite_context *c;
struct dcerpc_pipe *recv_pipe;
c = talloc_get_type(req->async.private_data, struct composite_context);
recv_pipe = talloc_get_type(c->private_data, struct dcerpc_pipe);
if (pkt->ptype == DCERPC_PKT_ALTER_RESP &&
pkt->u.alter_resp.num_results == 1 &&
pkt->u.alter_resp.ctx_list[0].result != 0) {
DEBUG(2,("dcerpc: alter_resp failed - reason %d\n",
pkt->u.alter_resp.ctx_list[0].reason));
composite_error(c, dcerpc_map_reason(pkt->u.alter_resp.ctx_list[0].reason));
return;
}
if (pkt->ptype != DCERPC_PKT_ALTER_RESP ||
pkt->u.alter_resp.num_results == 0 ||
pkt->u.alter_resp.ctx_list[0].result != 0) {
composite_error(c, NT_STATUS_NET_WRITE_FAULT);
return;
}
/* the alter_resp might contain a reply set of credentials */
if (recv_pipe->conn->security_state.auth_info &&
pkt->u.alter_resp.auth_info.length) {
enum ndr_err_code ndr_err;
ndr_err = ndr_pull_struct_blob(
&pkt->u.alter_resp.auth_info, recv_pipe,
NULL,
recv_pipe->conn->security_state.auth_info,
(ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
c->status = ndr_map_error2ntstatus(ndr_err);
if (!composite_is_ok(c)) return;
}
}
composite_done(c);
}
/*
save the notify array
*/
static NTSTATUS notify_save(struct notify_context *notify, struct db_record *rec)
{
TDB_DATA dbuf;
DATA_BLOB blob;
NTSTATUS status;
enum ndr_err_code ndr_err;
TALLOC_CTX *tmp_ctx;
/* if possible, remove some depth arrays */
while (notify->array->num_depths > 0 &&
notify->array->depth[notify->array->num_depths-1].num_entries == 0) {
notify->array->num_depths--;
}
/* we might just be able to delete the record */
if (notify->array->num_depths == 0) {
return rec->delete_rec(rec);
}
tmp_ctx = talloc_new(notify);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, notify->array,
(ndr_push_flags_fn_t)ndr_push_notify_array);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(tmp_ctx);
return ndr_map_error2ntstatus(ndr_err);
}
if (DEBUGLEVEL >= 10) {
DEBUG(10, ("notify_save:\n"));
NDR_PRINT_DEBUG(notify_array, notify->array);
}
dbuf.dptr = blob.data;
dbuf.dsize = blob.length;
status = rec->store(rec, dbuf, TDB_REPLACE);
talloc_free(tmp_ctx);
return status;
}
