static void get_real_name(TALLOC_CTX *mem_ctx, struct smbcli_state *cli,
char **long_name, char **short_name)
{
const char *mask;
struct masktest_state state;
if (cli->transport->negotiate.protocol <= PROTOCOL_LANMAN1) {
mask = "\\masktest\\*.*";
} else {
mask = "\\masktest\\*";
}
f_info_hit = false;
state.mem_ctx = mem_ctx;
smbcli_list_new(cli->tree, mask,
FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY,
RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,
listfn, &state);
if (f_info_hit) {
*short_name = strlower_talloc(mem_ctx, last_hit.short_name);
*long_name = strlower_talloc(mem_ctx, last_hit.long_name);
}
if (*short_name[0] == '\0') {
*short_name = talloc_strdup(mem_ctx, *long_name);
}
}
static int net_conf_getparm(struct net_context *c, struct smbconf_ctx *conf_ctx,
int argc, const char **argv)
{
int ret = -1;
sbcErr err;
char *service = NULL;
char *param = NULL;
char *valstr = NULL;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_stackframe();
if (argc != 2 || c->display_usage) {
net_conf_getparm_usage(c, argc, argv);
goto done;
}
/*
* NULL service name means "dangling parameters" to libsmbconf.
* We use the empty string from the command line for this purpose.
*/
if (strlen(argv[0]) != 0) {
service = talloc_strdup(mem_ctx, argv[0]);
if (service == NULL) {
d_printf(_("error: out of memory!\n"));
goto done;
}
}
param = strlower_talloc(mem_ctx, argv[1]);
if (param == NULL) {
d_printf(_("error: out of memory!\n"));
goto done;
}
err = smbconf_get_parameter(conf_ctx, mem_ctx, service, param, &valstr);
if (SBC_ERROR_EQUAL(err, SBC_ERR_NO_SUCH_SERVICE)) {
d_fprintf(stderr,
_("Error: given service '%s' does not exist.\n"),
service);
goto done;
} else if (SBC_ERROR_EQUAL(err, SBC_ERR_INVALID_PARAM)) {
d_fprintf(stderr,
_("Error: given parameter '%s' is not set.\n"),
param);
goto done;
} else if (!SBC_ERROR_IS_OK(err)) {
d_fprintf(stderr, _("Error getting value '%s': %s.\n"),
param, sbcErrorString(err));
goto done;
}
d_printf("%s\n", valstr);
ret = 0;
done:
TALLOC_FREE(mem_ctx);
return ret;
}
static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx,
struct cli_credentials *machine_account,
struct smb_krb5_context *smb_krb5_context,
krb5_principal *salt_princ)
{
krb5_error_code ret;
char *machine_username;
char *salt_body;
char *lower_realm;
const char *salt_principal;
struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container);
if (!mem_ctx) {
return ENOMEM;
}
salt_principal = cli_credentials_get_salt_principal(machine_account);
if (salt_principal) {
ret = krb5_parse_name(smb_krb5_context->krb5_context, salt_principal, salt_princ);
} else {
machine_username = talloc_strdup(mem_ctx, cli_credentials_get_username(machine_account));
if (!machine_username) {
talloc_free(mem_ctx);
return ENOMEM;
}
if (machine_username[strlen(machine_username)-1] == '$') {
machine_username[strlen(machine_username)-1] = '\0';
}
lower_realm = strlower_talloc(mem_ctx, cli_credentials_get_realm(machine_account));
if (!lower_realm) {
talloc_free(mem_ctx);
return ENOMEM;
}
salt_body = talloc_asprintf(mem_ctx, "%s.%s", machine_username,
lower_realm);
if (!salt_body) {
talloc_free(mem_ctx);
return ENOMEM;
}
ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ,
cli_credentials_get_realm(machine_account),
"host", salt_body, NULL);
}
if (ret == 0) {
/* This song-and-dance effectivly puts the principal
* into talloc, so we can't loose it. */
mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context);
mem_ctx->principal = *salt_princ;
talloc_set_destructor(mem_ctx, free_principal);
}
return ret;
}
/*
convert a windows path to a unix path - don't do any manging or case sensitive handling
*/
char *cifspsx_unix_path(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, const char *name)
{
struct cifspsx_private *p = ntvfs->private_data;
char *ret;
char *name_lower = strlower_talloc(p, name);
if (*name != '\\') {
ret = talloc_asprintf(req, "%s/%s", p->connectpath, name_lower);
} else {
ret = talloc_asprintf(req, "%s%s", p->connectpath, name_lower);
}
all_string_sub(ret, "\\", "/", 0);
talloc_free(name_lower);
return ret;
}
/**
\details This function replaces network address from the binding
strings returned by Exchange for the PR_EMS_AB_NETWORK_ADDRESS
property and limit the binding strings scope to ncacn_ip_tcp.
\param dce_call pointer to the session context
\param r pointer to the NspiGetProps structure
\return true on success, otherwise false
*/
bool mapiproxy_NspiGetProps(struct dcesrv_call_state *dce_call, struct NspiGetProps *r)
{
uint32_t i;
uint32_t propID = -1;
struct SPropTagArray *SPropTagArray = NULL;
struct PropertyRow_r *Row;
struct StringArray_r *slpstr;
struct PropertyValue_r *lpProp;
/* Sanity checks */
if (!r->out.ppRows) return false;
if (!(*r->out.ppRows)->cValues) return false;
/* Step 1. Find PR_EMS_AB_NETWORK_ADDRESS index */
propID = -1;
SPropTagArray = r->in.pPropTags;
for (i = 0; i < SPropTagArray->cValues; i++) {
if (SPropTagArray->aulPropTag[i] == PR_EMS_AB_NETWORK_ADDRESS) {
propID = i;
break;
}
}
if (propID == -1) return false;
/* Step 2. Retrieve the SLPSTRArray */
Row = *r->out.ppRows;
lpProp = &Row->lpProps[propID];
if (!lpProp) return false;
if (lpProp->ulPropTag != PR_EMS_AB_NETWORK_ADDRESS) return false;
slpstr = &(lpProp->value.MVszA);
/* Step 3. Modify Exchange binding strings and only return ncacn_ip_tcp */
slpstr->cValues = 1;
slpstr->lppszA[0] = talloc_asprintf(dce_call, "ncacn_ip_tcp:%s.%s",
lpcfg_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
lpcfg_realm(dce_call->conn->dce_ctx->lp_ctx));
slpstr->lppszA[0] = strlower_talloc(dce_call, slpstr->lppszA[0]);
return true;
}
static int net_usershare_delete(struct net_context *c, int argc, const char **argv)
{
char *us_path;
char *sharename;
if (argc != 1 || c->display_usage) {
return net_usershare_delete_usage(c, argc, argv);
}
if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) {
d_fprintf(stderr, _("strlower_talloc failed\n"));
return -1;
}
if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
d_fprintf(stderr, _("net usershare delete: share name %s contains "
"invalid characters (any of %s)\n"),
sharename, INVALID_SHARENAME_CHARS);
TALLOC_FREE(sharename);
return -1;
}
us_path = talloc_asprintf(talloc_tos(),
"%s/%s",
lp_usershare_path(talloc_tos()),
sharename);
if (!us_path) {
TALLOC_FREE(sharename);
return -1;
}
if (unlink(us_path) != 0) {
d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. "
"Error was %s\n"),
us_path, strerror(errno));
TALLOC_FREE(sharename);
return -1;
}
TALLOC_FREE(sharename);
return 0;
}
/**
\details exchange_ds_rfr RfrGetNewDSA (0x0) function
\param dce_call pointer to the session context
\param mem_ctx pointer to the memory context
\param r pointer to the RfrGetNewDSA request data
\note We incorrectly assume input pUserDN is correct and available,
but it is OK for now.
\return MAPI_E_SUCCESS on success
*/
static enum MAPISTATUS dcesrv_RfrGetNewDSA(struct dcesrv_call_state *dce_call,
TALLOC_CTX *mem_ctx,
struct RfrGetNewDSA *r)
{
const char *netbiosname = NULL;
const char *realm = NULL;
char *fqdn = NULL;
OC_DEBUG(5, "exchange_ds_rfr: RfrGetNewDSA (0x0)");
/* Step 0. Ensure incoming user is authenticated */
if (!dcesrv_call_authenticated(dce_call)) {
OC_DEBUG(1, "No challenge requested by client, cannot authenticate");
r->out.ppszUnused = NULL;
r->out.ppszServer = NULL;
r->out.result = MAPI_E_LOGON_FAILED;
return MAPI_E_LOGON_FAILED;
}
/* Step 1. We don't have load-balancing support yet, just return Samba FQDN name */
netbiosname = lpcfg_netbios_name(dce_call->conn->dce_ctx->lp_ctx);
realm = lpcfg_realm(dce_call->conn->dce_ctx->lp_ctx);
if (!netbiosname || !realm) {
r->out.ppszUnused = NULL;
r->out.ppszServer = NULL;
r->out.result = MAPI_E_NO_SUPPORT;
return MAPI_E_NO_SUPPORT;
}
fqdn = talloc_asprintf(mem_ctx, "%s.%s", netbiosname, realm);
r->out.ppszUnused = NULL;
r->out.ppszServer = talloc_array(mem_ctx, const char *, 2);
r->out.ppszServer[0] = strlower_talloc(mem_ctx, fqdn);
r->out.ppszServer[1] = NULL;
r->out.result = MAPI_E_SUCCESS;
return MAPI_E_SUCCESS;
}
struct composite_context *libnet_UnbecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r)
{
struct composite_context *c;
struct libnet_UnbecomeDC_state *s;
char *tmp_name;
c = composite_create(mem_ctx, ctx->event_ctx);
if (c == NULL) return NULL;
s = talloc_zero(c, struct libnet_UnbecomeDC_state);
if (composite_nomem(s, c)) return c;
c->private_data = s;
s->creq = c;
s->libnet = ctx;
/* Domain input */
s->domain.dns_name = talloc_strdup(s, r->in.domain_dns_name);
if (composite_nomem(s->domain.dns_name, c)) return c;
s->domain.netbios_name = talloc_strdup(s, r->in.domain_netbios_name);
if (composite_nomem(s->domain.netbios_name, c)) return c;
/* Source DSA input */
s->source_dsa.address = talloc_strdup(s, r->in.source_dsa_address);
if (composite_nomem(s->source_dsa.address, c)) return c;
/* Destination DSA input */
s->dest_dsa.netbios_name= talloc_strdup(s, r->in.dest_dsa_netbios_name);
if (composite_nomem(s->dest_dsa.netbios_name, c)) return c;
/* Destination DSA dns_name construction */
tmp_name = strlower_talloc(s, s->dest_dsa.netbios_name);
if (composite_nomem(tmp_name, c)) return c;
s->dest_dsa.dns_name = talloc_asprintf_append_buffer(tmp_name, ".%s",
s->domain.dns_name);
if (composite_nomem(s->dest_dsa.dns_name, c)) return c;
unbecomeDC_send_cldap(s);
return c;
}
/**
* Start NTLMSSP on the server side
*
*/
NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
struct ntlmssp_state *ntlmssp_state;
struct gensec_ntlmssp_context *gensec_ntlmssp;
const char *netbios_name;
const char *netbios_domain;
const char *dns_name;
const char *dns_domain;
enum server_role role;
role = lpcfg_server_role(gensec_security->settings->lp_ctx);
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
ntlmssp_state = talloc_zero(gensec_ntlmssp,
struct ntlmssp_state);
if (!ntlmssp_state) {
return NT_STATUS_NO_MEMORY;
}
gensec_ntlmssp->ntlmssp_state = ntlmssp_state;
ntlmssp_state->role = NTLMSSP_SERVER;
ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
ntlmssp_state->allow_lm_response =
lpcfg_lanman_auth(gensec_security->settings->lp_ctx);
if (ntlmssp_state->allow_lm_response &&
gensec_setting_bool(gensec_security->settings,
"ntlmssp_server", "allow_lm_key", false))
{
ntlmssp_state->allow_lm_key = true;
}
ntlmssp_state->force_old_spnego = false;
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "force_old_spnego", false)) {
/*
* For testing Windows 2000 mode
*/
ntlmssp_state->force_old_spnego = true;
}
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
if (ntlmssp_state->allow_lm_key) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
/*
* We always allow NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
*
* These will be removed if the client doesn't want them.
*/
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
/*
* We need to handle NTLMSSP_NEGOTIATE_SIGN as
* NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
}
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
if (role == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
} else {
ntlmssp_state->server.is_standalone = false;
}
if (gensec_security->settings->server_netbios_name) {
netbios_name = gensec_security->settings->server_netbios_name;
} else {
netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
}
if (gensec_security->settings->server_netbios_domain) {
netbios_domain = gensec_security->settings->server_netbios_domain;
} else {
netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
}
if (gensec_security->settings->server_dns_name) {
dns_name = gensec_security->settings->server_dns_name;
} else {
const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
char *lower_netbiosname;
lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name);
NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname);
/* Find out the DNS host name */
if (dnsdomain && dnsdomain[0] != '\0') {
dns_name = talloc_asprintf(ntlmssp_state, "%s.%s",
lower_netbiosname,
dnsdomain);
talloc_free(lower_netbiosname);
NT_STATUS_HAVE_NO_MEMORY(dns_name);
} else {
dns_name = lower_netbiosname;
}
}
if (gensec_security->settings->server_dns_domain) {
dns_domain = gensec_security->settings->server_dns_domain;
} else {
dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
}
ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name);
ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain);
ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain);
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
ntlmssp_state->neg_flags |= ntlmssp_state->required_flags;
ntlmssp_state->conf_flags = ntlmssp_state->neg_flags;
return NT_STATUS_OK;
}
/*
fill in the cldap netlogon union for a given version
*/
NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
const char *domain,
const char *netbios_domain,
struct dom_sid *domain_sid,
const char *domain_guid,
const char *user,
uint32_t acct_control,
const char *src_address,
uint32_t version,
struct loadparm_context *lp_ctx,
struct netlogon_samlogon_response *netlogon,
bool fill_on_blank_request)
{
const char *dom_attrs[] = {"objectGUID", NULL};
const char *none_attrs[] = {NULL};
struct ldb_result *dom_res = NULL, *user_res = NULL;
int ret;
const char **services = lpcfg_server_services(lp_ctx);
uint32_t server_type;
const char *pdc_name;
struct GUID domain_uuid;
const char *dns_domain;
const char *forest_domain;
const char *pdc_dns_name;
const char *flatname;
const char *server_site;
const char *client_site;
const char *pdc_ip;
struct ldb_dn *domain_dn = NULL;
struct interface *ifaces;
bool user_known, am_rodc;
NTSTATUS status;
/* the domain parameter could have an optional trailing "." */
if (domain && domain[strlen(domain)-1] == '.') {
domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
NT_STATUS_HAVE_NO_MEMORY(domain);
}
/* Lookup using long or short domainname */
if (domain && (strcasecmp_m(domain, lpcfg_dnsdomain(lp_ctx)) == 0)) {
domain_dn = ldb_get_default_basedn(sam_ctx);
}
if (netbios_domain && (strcasecmp_m(netbios_domain, lpcfg_sam_name(lp_ctx)) == 0)) {
domain_dn = ldb_get_default_basedn(sam_ctx);
}
if (domain_dn) {
const char *domain_identifier = domain != NULL ? domain
: netbios_domain;
ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
domain_dn, LDB_SCOPE_BASE, dom_attrs,
"objectClass=domain");
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n",
domain_identifier,
ldb_dn_get_linearized(domain_dn),
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
if (dom_res->count != 1) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam\n",
domain_identifier,
ldb_dn_get_linearized(domain_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
/* Lookup using GUID or SID */
if ((dom_res == NULL) && (domain_guid || domain_sid)) {
if (domain_guid) {
struct GUID binary_guid;
struct ldb_val guid_val;
/* By this means, we ensure we don't have funny stuff in the GUID */
status = GUID_from_string(domain_guid, &binary_guid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* And this gets the result into the binary format we want anyway */
status = GUID_to_ndr_blob(&binary_guid, mem_ctx, &guid_val);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
NULL, LDB_SCOPE_SUBTREE,
dom_attrs,
"(&(objectCategory=DomainDNS)(objectGUID=%s))",
ldb_binary_encode(mem_ctx, guid_val));
} else { /* domain_sid case */
ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
NULL, LDB_SCOPE_SUBTREE,
dom_attrs,
"(&(objectCategory=DomainDNS)(objectSid=%s))",
dom_sid_string(mem_ctx, domain_sid));
}
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam: %s\n",
domain_guid, dom_sid_string(mem_ctx, domain_sid),
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
} else if (dom_res->count == 1) {
/* Ok, now just check it is our domain */
if (ldb_dn_compare(ldb_get_default_basedn(sam_ctx),
dom_res->msgs[0]->dn) != 0) {
DEBUG(2,("The GUID '%s' or SID '%s' doesn't identify our domain\n",
domain_guid,
dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
} else {
DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam\n",
domain_guid, dom_sid_string(mem_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
if (dom_res == NULL && fill_on_blank_request) {
/* blank inputs gives our domain - tested against
w2k8r2. Without this ADUC on Win7 won't start */
domain_dn = ldb_get_default_basedn(sam_ctx);
ret = ldb_search(sam_ctx, mem_ctx, &dom_res,
domain_dn, LDB_SCOPE_BASE, dom_attrs,
"objectClass=domain");
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n",
lpcfg_dnsdomain(lp_ctx),
ldb_dn_get_linearized(domain_dn),
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
if (dom_res == NULL) {
DEBUG(2,(__location__ ": Unable to get domain information with no inputs\n"));
return NT_STATUS_NO_SUCH_DOMAIN;
}
/* work around different inputs for not-specified users */
if (!user) {
user = "";
}
/* Enquire about any valid username with just a CLDAP packet -
* if kerberos didn't also do this, the security folks would
* scream... */
if (user[0]) { \
/* Only allow some bits to be enquired: [MS-ATDS] 7.3.3.2 */
if (acct_control == (uint32_t)-1) {
acct_control = 0;
}
acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST);
/* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */
ret = ldb_search(sam_ctx, mem_ctx, &user_res,
dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE,
none_attrs,
"(&(objectClass=user)(samAccountName=%s)"
"(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))"
"(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))",
ldb_binary_encode_string(mem_ctx, user),
UF_ACCOUNTDISABLE, ds_acb2uf(acct_control));
if (ret != LDB_SUCCESS) {
DEBUG(2,("Unable to find reference to user '%s' with ACB 0x%8x under %s: %s\n",
user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn),
ldb_errstring(sam_ctx)));
return NT_STATUS_NO_SUCH_USER;
} else if (user_res->count == 1) {
user_known = true;
} else {
user_known = false;
}
} else {
user_known = true;
}
server_type =
DS_SERVER_DS | DS_SERVER_TIMESERV |
DS_SERVER_GOOD_TIMESERV;
if (samdb_is_pdc(sam_ctx)) {
server_type |= DS_SERVER_PDC;
}
if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
}
if (samdb_is_gc(sam_ctx)) {
server_type |= DS_SERVER_GC;
}
if (str_list_check(services, "ldap")) {
server_type |= DS_SERVER_LDAP;
}
if (str_list_check(services, "kdc")) {
server_type |= DS_SERVER_KDC;
}
if (samdb_rodc(sam_ctx, &am_rodc) == LDB_SUCCESS && !am_rodc) {
server_type |= DS_SERVER_WRITABLE;
}
pdc_name = talloc_asprintf(mem_ctx, "\\\\%s",
lpcfg_netbios_name(lp_ctx));
NT_STATUS_HAVE_NO_MEMORY(pdc_name);
domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID");
dns_domain = lpcfg_dnsdomain(lp_ctx);
forest_domain = samdb_forest_name(sam_ctx, mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(forest_domain);
pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s",
strlower_talloc(mem_ctx,
lpcfg_netbios_name(lp_ctx)),
dns_domain);
NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name);
flatname = lpcfg_workgroup(lp_ctx);
server_site = samdb_server_site_name(sam_ctx, mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(server_site);
client_site = samdb_client_site_name(sam_ctx, mem_ctx,
src_address, NULL);
NT_STATUS_HAVE_NO_MEMORY(client_site);
if (strcasecmp(server_site, client_site) == 0) {
server_type |= DS_SERVER_CLOSEST;
}
load_interface_list(mem_ctx, lp_ctx, &ifaces);
if (src_address) {
pdc_ip = iface_list_best_ip(ifaces, src_address);
} else {
pdc_ip = iface_list_first_v4(ifaces);
}
if (pdc_ip == NULL || !is_ipaddress_v4(pdc_ip)) {
/* this matches windows behaviour */
pdc_ip = "127.0.0.1";
}
ZERO_STRUCTP(netlogon);
/* check if either of these bits is present */
if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) {
uint32_t extra_flags = 0;
netlogon->ntver = NETLOGON_NT_VERSION_5EX;
/* could check if the user exists */
if (user_known) {
netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX;
} else {
netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX;
}
netlogon->data.nt5_ex.pdc_name = pdc_name;
netlogon->data.nt5_ex.user_name = user;
netlogon->data.nt5_ex.domain_name = flatname;
netlogon->data.nt5_ex.domain_uuid = domain_uuid;
netlogon->data.nt5_ex.forest = forest_domain;
netlogon->data.nt5_ex.dns_domain = dns_domain;
netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name;
netlogon->data.nt5_ex.server_site = server_site;
netlogon->data.nt5_ex.client_site = client_site;
if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
/* note that this is always a IPV4 address */
extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
netlogon->data.nt5_ex.sockaddr.sockaddr_family = 2;
netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip;
netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
}
netlogon->data.nt5_ex.server_type = server_type;
netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags;
netlogon->data.nt5_ex.lmnt_token = 0xFFFF;
netlogon->data.nt5_ex.lm20_token = 0xFFFF;
} else if (version & NETLOGON_NT_VERSION_5) {
netlogon->ntver = NETLOGON_NT_VERSION_5;
/* could check if the user exists */
if (user_known) {
netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE;
} else {
netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
netlogon->data.nt5.pdc_name = pdc_name;
netlogon->data.nt5.user_name = user;
netlogon->data.nt5.domain_name = flatname;
netlogon->data.nt5.domain_uuid = domain_uuid;
netlogon->data.nt5.forest = forest_domain;
netlogon->data.nt5.dns_domain = dns_domain;
netlogon->data.nt5.pdc_dns_name = pdc_dns_name;
netlogon->data.nt5.pdc_ip = pdc_ip;
netlogon->data.nt5.server_type = server_type;
netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5;
netlogon->data.nt5.lmnt_token = 0xFFFF;
netlogon->data.nt5.lm20_token = 0xFFFF;
} else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
netlogon->ntver = NETLOGON_NT_VERSION_1;
/* could check if the user exists */
if (user_known) {
netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE;
} else {
netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN;
}
netlogon->data.nt4.pdc_name = pdc_name;
netlogon->data.nt4.user_name = user;
netlogon->data.nt4.domain_name = flatname;
netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1;
netlogon->data.nt4.lmnt_token = 0xFFFF;
netlogon->data.nt4.lm20_token = 0xFFFF;
}
return NT_STATUS_OK;
}
/*
format a record for bind9
*/
static bool b9_format(struct dlz_bind9_data *state,
TALLOC_CTX *mem_ctx,
struct dnsp_DnssrvRpcRecord *rec,
const char **type, const char **data)
{
switch (rec->wType) {
case DNS_TYPE_A:
*type = "a";
*data = rec->data.ipv4;
break;
case DNS_TYPE_AAAA:
*type = "aaaa";
*data = rec->data.ipv6;
break;
case DNS_TYPE_CNAME:
*type = "cname";
*data = rec->data.cname;
break;
case DNS_TYPE_TXT:
*type = "txt";
*data = rec->data.txt;
break;
case DNS_TYPE_PTR:
*type = "ptr";
*data = rec->data.ptr;
break;
case DNS_TYPE_SRV:
*type = "srv";
*data = talloc_asprintf(mem_ctx, "%u %u %u %s",
rec->data.srv.wPriority,
rec->data.srv.wWeight,
rec->data.srv.wPort,
rec->data.srv.nameTarget);
break;
case DNS_TYPE_MX:
*type = "mx";
*data = talloc_asprintf(mem_ctx, "%u %s",
rec->data.mx.wPriority,
rec->data.mx.nameTarget);
break;
case DNS_TYPE_HINFO:
*type = "hinfo";
*data = talloc_asprintf(mem_ctx, "%s %s",
rec->data.hinfo.cpu,
rec->data.hinfo.os);
break;
case DNS_TYPE_NS:
*type = "ns";
*data = rec->data.ns;
break;
case DNS_TYPE_SOA: {
const char *mname;
*type = "soa";
/* we need to fake the authoritative nameserver to
* point at ourselves. This is how AD DNS servers
* force clients to send updates to the right local DC
*/
mname = talloc_asprintf(mem_ctx, "%s.%s",
lpcfg_netbios_name(state->lp), lpcfg_dnsdomain(state->lp));
if (mname == NULL) {
return false;
}
mname = strlower_talloc(mem_ctx, mname);
if (mname == NULL) {
return false;
}
state->soa_serial = rec->data.soa.serial;
*data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u",
mname,
rec->data.soa.rname,
rec->data.soa.serial,
rec->data.soa.refresh,
rec->data.soa.retry,
rec->data.soa.expire,
rec->data.soa.minimum);
break;
}
default:
state->log(ISC_LOG_ERROR, "samba b9_putrr: unhandled record type %u",
rec->wType);
return false;
}
return true;
}
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
const struct tsocket_address *remote_address,
struct gensec_security **gensec_security_out)
{
struct gensec_security *gensec_security;
struct auth_context *auth_context;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
nt_status = make_auth_context_subsystem(tmp_ctx, &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
}
if (auth_context->prepare_gensec) {
nt_status = auth_context->prepare_gensec(auth_context, tmp_ctx,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
}
} else {
const struct gensec_security_ops **backends = NULL;
struct gensec_settings *gensec_settings;
struct loadparm_context *lp_ctx;
size_t idx = 0;
struct cli_credentials *server_credentials;
const char *dns_name;
const char *dns_domain;
struct auth4_context *auth4_context = make_auth4_context_s3(tmp_ctx, auth_context);
if (auth4_context == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(10, ("loadparm_init_s3 failed\n"));
TALLOC_FREE(tmp_ctx);
return NT_STATUS_INVALID_SERVER_STATE;
}
gensec_settings = lpcfg_gensec_settings(tmp_ctx, lp_ctx);
if (lp_ctx == NULL) {
DEBUG(10, ("lpcfg_gensec_settings failed\n"));
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
/*
* This should be a 'netbios domain -> DNS domain'
* mapping, and can currently validly return NULL on
* poorly configured systems.
*
* This is used for the NTLMSSP server
*
*/
dns_name = get_mydnsfullname();
if (dns_name == NULL) {
dns_name = "";
}
dns_domain = get_mydnsdomname(tmp_ctx);
if (dns_domain == NULL) {
dns_domain = "";
}
gensec_settings->server_dns_name = strlower_talloc(gensec_settings, dns_name);
if (gensec_settings->server_dns_name == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->server_dns_domain = strlower_talloc(gensec_settings, dns_domain);
if (gensec_settings->server_dns_domain == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
backends = talloc_zero_array(gensec_settings,
const struct gensec_security_ops *, 6);
if (backends == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
gensec_settings->backends = backends;
gensec_init();
/* These need to be in priority order, krb5 before NTLMSSP */
#if defined(HAVE_KRB5)
backends[idx++] = &gensec_gse_krb5_security_ops;
#endif
backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
/*
* This is anonymous for now, because we just use it
* to set the kerberos state at the moment
*/
server_credentials = cli_credentials_init_anon(tmp_ctx);
if (!server_credentials) {
DEBUG(0, ("auth_generic_prepare: Failed to init server credentials\n"));
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(server_credentials, lp_ctx);
if (lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) {
cli_credentials_set_kerberos_state(server_credentials, CRED_AUTO_USE_KERBEROS);
} else {
cli_credentials_set_kerberos_state(server_credentials, CRED_DONT_USE_KERBEROS);
}
nt_status = gensec_server_start(tmp_ctx, gensec_settings,
auth4_context, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
}
gensec_set_credentials(gensec_security, server_credentials);
talloc_unlink(tmp_ctx, lp_ctx);
talloc_unlink(tmp_ctx, server_credentials);
talloc_unlink(tmp_ctx, gensec_settings);
talloc_unlink(tmp_ctx, auth4_context);
}
nt_status = gensec_set_remote_address(gensec_security,
remote_address);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
}
*gensec_security_out = talloc_steal(mem_ctx, gensec_security);
TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
static krb5_error_code salt_principal(TALLOC_CTX *parent_ctx,
const char *samAccountName,
const char *realm,
const char *saltPrincipal,
krb5_context context,
krb5_principal *salt_princ,
const char **error_string)
{
krb5_error_code ret;
char *machine_username;
char *salt_body;
char *lower_realm;
char *upper_realm;
TALLOC_CTX *tmp_ctx;
if (saltPrincipal) {
ret = krb5_parse_name(context, saltPrincipal, salt_princ);
if (ret) {
*error_string = smb_get_krb5_error_message(
context, ret, parent_ctx);
}
return ret;
}
if (!samAccountName) {
(*error_string) = "Cannot determine salt principal, no "
"saltPrincipal or samAccountName specified";
return EINVAL;
}
if (!realm) {
*error_string = "Cannot make principal without a realm";
return EINVAL;
}
tmp_ctx = talloc_new(parent_ctx);
if (!tmp_ctx) {
*error_string = "Cannot allocate tmp_ctx";
return ENOMEM;
}
machine_username = talloc_strdup(tmp_ctx, samAccountName);
if (!machine_username) {
*error_string = "Cannot duplicate samAccountName";
talloc_free(tmp_ctx);
return ENOMEM;
}
if (machine_username[strlen(machine_username)-1] == '$') {
machine_username[strlen(machine_username)-1] = '\0';
}
lower_realm = strlower_talloc(tmp_ctx, realm);
if (!lower_realm) {
*error_string = "Cannot allocate to lower case realm";
talloc_free(tmp_ctx);
return ENOMEM;
}
upper_realm = strupper_talloc(tmp_ctx, realm);
if (!upper_realm) {
*error_string = "Cannot allocate to upper case realm";
talloc_free(tmp_ctx);
return ENOMEM;
}
salt_body = talloc_asprintf(tmp_ctx, "%s.%s",
machine_username, lower_realm);
if (!salt_body) {
*error_string = "Cannot form salt principal body";
talloc_free(tmp_ctx);
return ENOMEM;
}
ret = smb_krb5_make_principal(context, salt_princ, upper_realm,
"host", salt_body, NULL);
if (ret) {
*error_string = smb_get_krb5_error_message(context,
ret, parent_ctx);
}
talloc_free(tmp_ctx);
return ret;
}
static krb5_error_code salt_principal_from_msg(TALLOC_CTX *parent_ctx,
struct ldb_message *msg,
struct smb_krb5_context *smb_krb5_context,
krb5_principal *salt_princ,
const char **error_string)
{
const char *salt_principal = ldb_msg_find_attr_as_string(msg, "saltPrincipal", NULL);
const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL);
const char *realm = ldb_msg_find_attr_as_string(msg, "realm", NULL);
if (salt_principal) {
return parse_principal(parent_ctx, salt_principal, smb_krb5_context, salt_princ, error_string);
} else if (samAccountName) {
krb5_error_code ret;
char *machine_username;
char *salt_body;
char *lower_realm;
char *upper_realm;
TALLOC_CTX *tmp_ctx;
struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container);
if (!mem_ctx) {
*error_string = "Cannot allocate mem_ctx";
return ENOMEM;
}
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
talloc_free(mem_ctx);
*error_string = "Cannot allocate tmp_ctx";
return ENOMEM;
}
if (!realm) {
*error_string = "Cannot have a kerberos secret in secrets.ldb without a realm";
return EINVAL;
}
machine_username = talloc_strdup(tmp_ctx, samAccountName);
if (!machine_username) {
talloc_free(mem_ctx);
*error_string = "Cannot duplicate samAccountName";
return ENOMEM;
}
if (machine_username[strlen(machine_username)-1] == '$') {
machine_username[strlen(machine_username)-1] = '\0';
}
lower_realm = strlower_talloc(tmp_ctx, realm);
if (!lower_realm) {
talloc_free(mem_ctx);
*error_string = "Cannot allocate to lower case realm";
return ENOMEM;
}
upper_realm = strupper_talloc(tmp_ctx, realm);
if (!upper_realm) {
talloc_free(mem_ctx);
*error_string = "Cannot allocate to upper case realm";
return ENOMEM;
}
salt_body = talloc_asprintf(tmp_ctx, "%s.%s", machine_username,
lower_realm);
talloc_free(lower_realm);
talloc_free(machine_username);
if (!salt_body) {
talloc_free(mem_ctx);
*error_string = "Cannot form salt principal body";
return ENOMEM;
}
ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ,
upper_realm,
"host", salt_body, NULL);
if (ret == 0) {
/* This song-and-dance effectivly puts the principal
* into talloc, so we can't loose it. */
mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context);
mem_ctx->principal = *salt_princ;
talloc_set_destructor(mem_ctx, free_principal);
} else {
(*error_string) = smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, parent_ctx);
}
talloc_free(tmp_ctx);
return ret;
} else {
static int smb_krb5_create_salt_principal(TALLOC_CTX *mem_ctx,
const char *samAccountName,
const char *realm,
const char **salt_principal,
const char **error_string)
{
char *machine_username;
bool is_machine_account = false;
char *upper_realm;
TALLOC_CTX *tmp_ctx;
int rc = -1;
if (samAccountName == NULL) {
*error_string = "Cannot determine salt principal, no "
"saltPrincipal or samAccountName specified";
return rc;
}
if (realm == NULL) {
*error_string = "Cannot make principal without a realm";
return rc;
}
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
*error_string = "Cannot allocate talloc context";
return rc;
}
upper_realm = strupper_talloc(tmp_ctx, realm);
if (upper_realm == NULL) {
*error_string = "Cannot allocate to upper case realm";
goto out;
}
machine_username = strlower_talloc(tmp_ctx, samAccountName);
if (!machine_username) {
*error_string = "Cannot duplicate samAccountName";
goto out;
}
if (machine_username[strlen(machine_username) - 1] == '$') {
machine_username[strlen(machine_username) - 1] = '\0';
is_machine_account = true;
}
if (is_machine_account) {
char *lower_realm;
lower_realm = strlower_talloc(tmp_ctx, realm);
if (lower_realm == NULL) {
*error_string = "Cannot allocate to lower case realm";
goto out;
}
*salt_principal = talloc_asprintf(mem_ctx,
"host/%s.%s@%s",
machine_username,
lower_realm,
upper_realm);
} else {
*salt_principal = talloc_asprintf(mem_ctx,
"%s@%s",
machine_username,
upper_realm);
}
if (*salt_principal == NULL) {
*error_string = "Cannot create salt principal";
goto out;
}
rc = 0;
out:
talloc_free(tmp_ctx);
return rc;
}
/*
* complete a domain join, when joining to a AD domain:
* 1.) connect and bind to the DRSUAPI pipe
* 2.) do a DsCrackNames() to find the machine account dn
* 3.) connect to LDAP
* 4.) do an ldap search to find the "msDS-KeyVersionNumber" of the machine account
* 5.) set the servicePrincipalName's of the machine account via LDAP, (maybe we should use DsWriteAccountSpn()...)
* 6.) do a DsCrackNames() to find the domain dn
* 7.) find out Site specific stuff, look at libnet_JoinSite() for details
*/
static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_JoinDomain *r)
{
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
const char *realm = r->out.realm;
struct dcerpc_binding *samr_binding = r->out.samr_binding;
struct dcerpc_pipe *drsuapi_pipe;
struct dcerpc_binding *drsuapi_binding;
struct drsuapi_DsBind r_drsuapi_bind;
struct drsuapi_DsCrackNames r_crack_names;
struct drsuapi_DsNameString names[1];
struct policy_handle drsuapi_bind_handle;
struct GUID drsuapi_bind_guid;
struct ldb_context *remote_ldb;
struct ldb_dn *account_dn;
const char *account_dn_str;
const char *remote_ldb_url;
struct ldb_result *res;
struct ldb_message *msg;
int ret, rtn;
unsigned int kvno;
const char * const attrs[] = {
"msDS-KeyVersionNumber",
"servicePrincipalName",
"dNSHostName",
NULL,
};
r->out.error_string = NULL;
/* We need to convert between a samAccountName and domain to a
* DN in the directory. The correct way to do this is with
* DRSUAPI CrackNames */
/* Fiddle with the bindings, so get to DRSUAPI on
* NCACN_IP_TCP, sealed */
tmp_ctx = talloc_named(r, 0, "libnet_JoinADSDomain temp context");
if (!tmp_ctx) {
r->out.error_string = NULL;
return NT_STATUS_NO_MEMORY;
}
drsuapi_binding = talloc(tmp_ctx, struct dcerpc_binding);
if (!drsuapi_binding) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
*drsuapi_binding = *samr_binding;
/* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */
if (drsuapi_binding->transport != NCALRPC) {
drsuapi_binding->transport = NCACN_IP_TCP;
}
drsuapi_binding->endpoint = NULL;
drsuapi_binding->flags |= DCERPC_SEAL;
status = dcerpc_pipe_connect_b(tmp_ctx,
&drsuapi_pipe,
drsuapi_binding,
&dcerpc_table_drsuapi,
ctx->cred,
ctx->event_ctx);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(r,
"Connection to DRSUAPI pipe of PDC of domain '%s' failed: %s",
r->in.domain_name,
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
/* get a DRSUAPI pipe handle */
GUID_from_string(DRSUAPI_DS_BIND_GUID, &drsuapi_bind_guid);
r_drsuapi_bind.in.bind_guid = &drsuapi_bind_guid;
r_drsuapi_bind.in.bind_info = NULL;
r_drsuapi_bind.out.bind_handle = &drsuapi_bind_handle;
status = dcerpc_drsuapi_DsBind(drsuapi_pipe, tmp_ctx, &r_drsuapi_bind);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsBind failed - %s",
dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code));
talloc_free(tmp_ctx);
return status;
} else {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsBind failed - %s",
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
} else if (!W_ERROR_IS_OK(r_drsuapi_bind.out.result)) {
r->out.error_string
= talloc_asprintf(r,
"DsBind failed - %s",
win_errstr(r_drsuapi_bind.out.result));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* Actually 'crack' the names */
ZERO_STRUCT(r_crack_names);
r_crack_names.in.bind_handle = &drsuapi_bind_handle;
r_crack_names.in.level = 1;
r_crack_names.in.req.req1.unknown1 = 0x000004e4;
r_crack_names.in.req.req1.unknown2 = 0x00000407;
r_crack_names.in.req.req1.count = 1;
r_crack_names.in.req.req1.names = names;
r_crack_names.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
r_crack_names.in.req.req1.format_offered= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
r_crack_names.in.req.req1.format_desired= DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = dom_sid_string(tmp_ctx, r->out.account_sid);
if (!names[0].str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
status = dcerpc_drsuapi_DsCrackNames(drsuapi_pipe, tmp_ctx, &r_crack_names);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
names[0].str,
dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code));
talloc_free(tmp_ctx);
return status;
} else {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
names[0].str,
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
r->out.error_string
= talloc_asprintf(r,
"DsCrackNames failed - %s", win_errstr(r_crack_names.out.result));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
} else if (r_crack_names.out.level != 1
|| !r_crack_names.out.ctr.ctr1
|| r_crack_names.out.ctr.ctr1->count != 1) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed");
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_PARAMETER;
} else if (r_crack_names.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: %d", r_crack_names.out.ctr.ctr1->array[0].status);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
} else if (r_crack_names.out.ctr.ctr1->array[0].result_name == NULL) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: no result name");
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_PARAMETER;
}
/* Store the DN of our machine account. */
account_dn_str = r_crack_names.out.ctr.ctr1->array[0].result_name;
account_dn = ldb_dn_new(tmp_ctx, remote_ldb, account_dn_str);
if (! ldb_dn_validate(account_dn)) {
r->out.error_string = talloc_asprintf(r, "Invalid account dn: %s",
account_dn_str);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* Now we know the user's DN, open with LDAP, read and modify a few things */
remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s",
drsuapi_binding->target_hostname);
if (!remote_ldb_url) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
remote_ldb = ldb_wrap_connect(tmp_ctx, remote_ldb_url,
NULL, ctx->cred, 0, NULL);
if (!remote_ldb) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* search for the user's record */
ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE,
NULL, attrs, &res);
if (ret != LDB_SUCCESS) {
r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s",
account_dn_str, ldb_errstring(remote_ldb));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
talloc_steal(tmp_ctx, res);
if (res->count != 1) {
r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - found %d entries",
account_dn_str, res->count);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* If we have a kvno recorded in AD, we need it locally as well */
kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0);
/* Prepare a new message, for the modify */
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
msg->dn = res->msgs[0]->dn;
{
int i;
const char *service_principal_name[6];
const char *dns_host_name = strlower_talloc(tmp_ctx,
talloc_asprintf(tmp_ctx,
"%s.%s",
r->in.netbios_name,
realm));
if (!dns_host_name) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
service_principal_name[0] = talloc_asprintf(tmp_ctx, "host/%s", dns_host_name);
service_principal_name[1] = talloc_asprintf(tmp_ctx, "host/%s", strlower_talloc(tmp_ctx, r->in.netbios_name));
service_principal_name[2] = talloc_asprintf(tmp_ctx, "host/%s/%s", dns_host_name, realm);
service_principal_name[3] = talloc_asprintf(tmp_ctx, "host/%s/%s", strlower_talloc(tmp_ctx, r->in.netbios_name), realm);
service_principal_name[4] = talloc_asprintf(tmp_ctx, "host/%s/%s", dns_host_name, r->out.domain_name);
service_principal_name[5] = talloc_asprintf(tmp_ctx, "host/%s/%s", strlower_talloc(tmp_ctx, r->in.netbios_name), r->out.domain_name);
for (i=0; i < ARRAY_SIZE(service_principal_name); i++) {
if (!service_principal_name[i]) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "servicePrincipalName", service_principal_name[i]);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
}
rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "dNSHostName", dns_host_name);
if (rtn == -1) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = samdb_replace(remote_ldb, tmp_ctx, msg);
if (rtn != 0) {
r->out.error_string
= talloc_asprintf(r,
"Failed to replace entries on %s",
ldb_dn_get_linearized(msg->dn));
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
/* DsCrackNames to find out the DN of the domain. */
r_crack_names.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r_crack_names.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = talloc_asprintf(tmp_ctx, "%s\\", r->out.domain_name);
if (!names[0].str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
status = dcerpc_drsuapi_DsCrackNames(drsuapi_pipe, tmp_ctx, &r_crack_names);
if (!NT_STATUS_IS_OK(status)) {
if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
r->in.domain_name,
dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code));
talloc_free(tmp_ctx);
return status;
} else {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
r->in.domain_name,
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
r->out.error_string
= talloc_asprintf(r,
"DsCrackNames failed - %s", win_errstr(r_crack_names.out.result));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
} else if (r_crack_names.out.level != 1
|| !r_crack_names.out.ctr.ctr1
|| r_crack_names.out.ctr.ctr1->count != 1
|| !r_crack_names.out.ctr.ctr1->array[0].result_name
|| r_crack_names.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed");
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* Store the account DN. */
r->out.account_dn_str = account_dn_str;
talloc_steal(r, account_dn_str);
/* Store the domain DN. */
r->out.domain_dn_str = r_crack_names.out.ctr.ctr1->array[0].result_name;
talloc_steal(r, r_crack_names.out.ctr.ctr1->array[0].result_name);
r->out.kvno = kvno;
if (r->in.acct_type == ACB_SVRTRUST) {
status = libnet_JoinSite(remote_ldb, r);
}
talloc_free(tmp_ctx);
return status;
}
NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx,
struct tevent_context *event_context,
struct loadparm_context *lp_ctx,
const struct model_ops *model_ops,
const struct stream_server_ops *stream_ops,
const char *pipe_name,
void *private_data,
void *process_context)
{
char *dirname;
struct named_pipe_socket *pipe_sock;
NTSTATUS status = NT_STATUS_NO_MEMORY;;
pipe_sock = talloc(mem_ctx, struct named_pipe_socket);
if (pipe_sock == NULL) {
goto fail;
}
/* remember the details about the pipe */
pipe_sock->pipe_name = strlower_talloc(pipe_sock, pipe_name);
if (pipe_sock->pipe_name == NULL) {
goto fail;
}
if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), 0755)) {
status = map_nt_error_from_unix_common(errno);
DBG_ERR("Failed to create ncalrpc pipe directory '%s' - %s\n",
lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status));
goto fail;
}
dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx));
if (dirname == NULL) {
goto fail;
}
if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) {
status = map_nt_error_from_unix_common(errno);
DBG_ERR("Failed to create stream pipe directory '%s' - %s\n",
dirname, nt_errstr(status));
goto fail;
}
if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
pipe_name += 6;
}
pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
pipe_name);
if (pipe_sock->pipe_path == NULL) {
goto fail;
}
talloc_free(dirname);
pipe_sock->ops = stream_ops;
pipe_sock->private_data = private_data;
status = stream_setup_socket(pipe_sock,
event_context,
lp_ctx,
model_ops,
&named_pipe_stream_ops,
"unix",
pipe_sock->pipe_path,
NULL,
NULL,
pipe_sock,
process_context);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
return NT_STATUS_OK;
fail:
talloc_free(pipe_sock);
return status;
}
/**
* Start NTLMSSP on the server side
*
*/
NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
struct ntlmssp_state *ntlmssp_state;
struct gensec_ntlmssp_context *gensec_ntlmssp;
nt_status = gensec_ntlmssp_start(gensec_security);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
ntlmssp_state = gensec_ntlmssp->ntlmssp_state;
ntlmssp_state->role = NTLMSSP_SERVER;
ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
ntlmssp_state->allow_lm_key = (lpcfg_lanman_auth(gensec_security->settings->lp_ctx)
&& gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false));
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION;
ntlmssp_state->lm_resp = data_blob(NULL, 0);
ntlmssp_state->nt_resp = data_blob(NULL, 0);
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;
ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
ntlmssp_state->check_password = auth_ntlmssp_check_password;
if (lpcfg_server_role(gensec_security->settings->lp_ctx) == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
} else {
ntlmssp_state->server.is_standalone = false;
}
ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx);
ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx);
{
const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx);
char *dnsname, *lower_netbiosname;
lower_netbiosname = strlower_talloc(ntlmssp_state, ntlmssp_state->server.netbios_name);
/* Find out the DNS host name */
if (dnsdomain && dnsdomain[0] != '\0') {
dnsname = talloc_asprintf(ntlmssp_state, "%s.%s",
lower_netbiosname,
dnsdomain);
talloc_free(lower_netbiosname);
ntlmssp_state->server.dns_name = dnsname;
} else {
ntlmssp_state->server.dns_name = lower_netbiosname;
}
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name);
ntlmssp_state->server.dns_domain
= talloc_strdup(ntlmssp_state,
lpcfg_dnsdomain(gensec_security->settings->lp_ctx));
NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain);
}
return NT_STATUS_OK;
}
static char *get_dns_domain(struct torture_context *tctx)
{
return strlower_talloc(tctx, getenv("REALM"));
}
/*
fill in the cldap netlogon union for a given version
*/
static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
TALLOC_CTX *mem_ctx,
const char *domain,
const char *domain_guid,
const char *user,
const char *src_address,
uint32_t version,
union nbt_cldap_netlogon *netlogon)
{
const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL};
const char *dom_attrs[] = {"objectGUID", NULL};
struct ldb_message **ref_res, **dom_res;
int ret, count = 0;
const char **services = lp_server_services();
uint32_t server_type;
const char *pdc_name;
struct GUID domain_uuid;
const char *realm;
const char *dns_domain;
const char *pdc_dns_name;
const char *flatname;
const char *server_site;
const char *client_site;
const char *pdc_ip;
struct ldb_dn *partitions_basedn;
partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx);
/* the domain has an optional trailing . */
if (domain && domain[strlen(domain)-1] == '.') {
domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
}
if (domain) {
struct ldb_result *dom_ldb_result;
struct ldb_dn *dom_dn;
/* try and find the domain */
count = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs,
"(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))",
domain);
if (count == 1) {
dom_dn = samdb_result_dn(cldapd->samctx, mem_ctx, ref_res[0], "ncName", NULL);
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
ret = ldb_search(cldapd->samctx, dom_dn,
LDB_SCOPE_BASE, "objectClass=domain",
dom_attrs, &dom_ldb_result);
if (ret != LDB_SUCCESS) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
talloc_steal(mem_ctx, dom_ldb_result);
if (dom_ldb_result->count != 1) {
DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
dom_res = dom_ldb_result->msgs;
}
}
if (count == 0 && domain_guid) {
/* OK, so no dice with the name, try and find the domain with the GUID */
count = gendb_search(cldapd->samctx, mem_ctx, NULL, &dom_res, dom_attrs,
"(&(objectClass=domainDNS)(objectGUID=%s))",
domain_guid);
if (count == 1) {
/* try and find the domain */
ret = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs,
"(&(objectClass=crossRef)(ncName=%s))",
ldb_dn_get_linearized(dom_res[0]->dn));
if (ret != 1) {
DEBUG(2,("Unable to find referece to '%s' in sam\n",
ldb_dn_get_linearized(dom_res[0]->dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
}
}
if (count == 0) {
DEBUG(2,("Unable to find domain with name %s or GUID {%s}\n", domain, domain_guid));
return NT_STATUS_NO_SUCH_DOMAIN;
}
server_type =
NBT_SERVER_PDC | NBT_SERVER_GC |
NBT_SERVER_DS | NBT_SERVER_TIMESERV |
NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
NBT_SERVER_GOOD_TIMESERV;
if (str_list_check(services, "ldap")) {
server_type |= NBT_SERVER_LDAP;
}
if (str_list_check(services, "kdc")) {
server_type |= NBT_SERVER_KDC;
}
pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
domain_uuid = samdb_result_guid(dom_res[0], "objectGUID");
realm = samdb_result_string(ref_res[0], "dnsRoot", lp_realm());
dns_domain = samdb_result_string(ref_res[0], "dnsRoot", lp_realm());
pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s",
strlower_talloc(mem_ctx, lp_netbios_name()),
dns_domain);
flatname = samdb_result_string(ref_res[0], "nETBIOSName", lp_workgroup());
server_site = "Default-First-Site-Name";
client_site = "Default-First-Site-Name";
pdc_ip = iface_best_ip(src_address);
ZERO_STRUCTP(netlogon);
switch (version & 0xF) {
case 0:
case 1:
netlogon->logon1.type = (user?19+2:19);
netlogon->logon1.pdc_name = pdc_name;
netlogon->logon1.user_name = user;
netlogon->logon1.domain_name = flatname;
netlogon->logon1.nt_version = 1;
netlogon->logon1.lmnt_token = 0xFFFF;
netlogon->logon1.lm20_token = 0xFFFF;
break;
case 2:
case 3:
netlogon->logon3.type = (user?19+2:19);
netlogon->logon3.pdc_name = pdc_name;
netlogon->logon3.user_name = user;
netlogon->logon3.domain_name = flatname;
netlogon->logon3.domain_uuid = domain_uuid;
netlogon->logon3.forest = realm;
netlogon->logon3.dns_domain = dns_domain;
netlogon->logon3.pdc_dns_name = pdc_dns_name;
netlogon->logon3.pdc_ip = pdc_ip;
netlogon->logon3.server_type = server_type;
netlogon->logon3.lmnt_token = 0xFFFF;
netlogon->logon3.lm20_token = 0xFFFF;
break;
case 4:
case 5:
case 6:
case 7:
netlogon->logon5.type = (user?23+2:23);
netlogon->logon5.server_type = server_type;
netlogon->logon5.domain_uuid = domain_uuid;
netlogon->logon5.forest = realm;
netlogon->logon5.dns_domain = dns_domain;
netlogon->logon5.pdc_dns_name = pdc_dns_name;
netlogon->logon5.domain = flatname;
netlogon->logon5.pdc_name = lp_netbios_name();
netlogon->logon5.user_name = user;
netlogon->logon5.server_site = server_site;
netlogon->logon5.client_site = client_site;
netlogon->logon5.lmnt_token = 0xFFFF;
netlogon->logon5.lm20_token = 0xFFFF;
break;
default:
netlogon->logon13.type = (user?23+2:23);
netlogon->logon13.server_type = server_type;
netlogon->logon13.domain_uuid = domain_uuid;
netlogon->logon13.forest = realm;
netlogon->logon13.dns_domain = dns_domain;
netlogon->logon13.pdc_dns_name = pdc_dns_name;
netlogon->logon13.domain = flatname;
netlogon->logon13.pdc_name = lp_netbios_name();
netlogon->logon13.user_name = user;
netlogon->logon13.server_site = server_site;
netlogon->logon13.client_site = client_site;
netlogon->logon13.unknown = 10;
netlogon->logon13.unknown2 = 2;
netlogon->logon13.pdc_ip = pdc_ip;
netlogon->logon13.lmnt_token = 0xFFFF;
netlogon->logon13.lm20_token = 0xFFFF;
break;
}
return NT_STATUS_OK;
}
static ADS_STATUS ads_guess_target(ADS_STRUCT *ads,
char **service,
char **hostname,
char **principal)
{
ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
char *princ = NULL;
TALLOC_CTX *frame;
char *server = NULL;
char *realm = NULL;
int rc;
frame = talloc_stackframe();
if (frame == NULL) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (ads->server.realm && ads->server.ldap_server) {
server = strlower_talloc(frame, ads->server.ldap_server);
if (server == NULL) {
goto out;
}
realm = strupper_talloc(frame, ads->server.realm);
if (realm == NULL) {
goto out;
}
/*
* If we got a name which is bigger than a NetBIOS name,
* but isn't a FQDN, create one.
*/
if (strlen(server) > 15 && strstr(server, ".") == NULL) {
char *dnsdomain;
dnsdomain = strlower_talloc(frame, ads->server.realm);
if (dnsdomain == NULL) {
goto out;
}
server = talloc_asprintf(frame,
"%s.%s",
server, dnsdomain);
if (server == NULL) {
goto out;
}
}
} else if (ads->config.realm && ads->config.ldap_server_name) {
server = strlower_talloc(frame, ads->config.ldap_server_name);
if (server == NULL) {
goto out;
}
realm = strupper_talloc(frame, ads->config.realm);
if (realm == NULL) {
goto out;
}
/*
* If we got a name which is bigger than a NetBIOS name,
* but isn't a FQDN, create one.
*/
if (strlen(server) > 15 && strstr(server, ".") == NULL) {
char *dnsdomain;
dnsdomain = strlower_talloc(frame, ads->server.realm);
if (dnsdomain == NULL) {
goto out;
}
server = talloc_asprintf(frame,
"%s.%s",
server, dnsdomain);
if (server == NULL) {
goto out;
}
}
}
if (server == NULL || realm == NULL) {
goto out;
}
*service = SMB_STRDUP("ldap");
if (*service == NULL) {
status = ADS_ERROR(LDAP_PARAM_ERROR);
goto out;
}
*hostname = SMB_STRDUP(server);
if (*hostname == NULL) {
SAFE_FREE(*service);
status = ADS_ERROR(LDAP_PARAM_ERROR);
goto out;
}
rc = asprintf(&princ, "ldap/%s@%s", server, realm);
if (rc == -1 || princ == NULL) {
SAFE_FREE(*service);
SAFE_FREE(*hostname);
status = ADS_ERROR(LDAP_PARAM_ERROR);
goto out;
}
*principal = princ;
status = ADS_SUCCESS;
out:
TALLOC_FREE(frame);
return status;
}
/*
* complete a domain join, when joining to a AD domain:
* 1.) connect and bind to the DRSUAPI pipe
* 2.) do a DsCrackNames() to find the machine account dn
* 3.) connect to LDAP
* 4.) do an ldap search to find the "msDS-KeyVersionNumber" of the machine account
* 5.) set the servicePrincipalName's of the machine account via LDAP, (maybe we should use DsWriteAccountSpn()...)
* 6.) do a DsCrackNames() to find the domain dn
* 7.) find out Site specific stuff, look at libnet_JoinSite() for details
*/
static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_JoinDomain *r)
{
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
const char *realm = r->out.realm;
struct dcerpc_binding *samr_binding = r->out.samr_binding;
struct dcerpc_pipe *drsuapi_pipe;
struct dcerpc_binding *drsuapi_binding;
struct drsuapi_DsBind r_drsuapi_bind;
struct drsuapi_DsCrackNames r_crack_names;
struct drsuapi_DsNameString names[1];
struct policy_handle drsuapi_bind_handle;
struct GUID drsuapi_bind_guid;
struct ldb_context *remote_ldb;
struct ldb_dn *account_dn;
const char *account_dn_str;
const char *remote_ldb_url;
struct ldb_result *res;
struct ldb_message *msg;
int ret, rtn;
const char * const attrs[] = {
"msDS-KeyVersionNumber",
"servicePrincipalName",
"dNSHostName",
"objectGUID",
NULL,
};
r->out.error_string = NULL;
/* We need to convert between a samAccountName and domain to a
* DN in the directory. The correct way to do this is with
* DRSUAPI CrackNames */
/* Fiddle with the bindings, so get to DRSUAPI on
* NCACN_IP_TCP, sealed */
tmp_ctx = talloc_named(r, 0, "libnet_JoinADSDomain temp context");
if (!tmp_ctx) {
r->out.error_string = NULL;
return NT_STATUS_NO_MEMORY;
}
drsuapi_binding = talloc_zero(tmp_ctx, struct dcerpc_binding);
if (!drsuapi_binding) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
*drsuapi_binding = *samr_binding;
/* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */
if (drsuapi_binding->transport != NCALRPC) {
drsuapi_binding->transport = NCACN_IP_TCP;
}
drsuapi_binding->endpoint = NULL;
drsuapi_binding->flags |= DCERPC_SEAL;
status = dcerpc_pipe_connect_b(tmp_ctx,
&drsuapi_pipe,
drsuapi_binding,
&ndr_table_drsuapi,
ctx->cred,
ctx->event_ctx,
ctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(r,
"Connection to DRSUAPI pipe of PDC of domain '%s' failed: %s",
r->out.domain_name,
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
/* get a DRSUAPI pipe handle */
GUID_from_string(DRSUAPI_DS_BIND_GUID, &drsuapi_bind_guid);
r_drsuapi_bind.in.bind_guid = &drsuapi_bind_guid;
r_drsuapi_bind.in.bind_info = NULL;
r_drsuapi_bind.out.bind_handle = &drsuapi_bind_handle;
status = dcerpc_drsuapi_DsBind_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_drsuapi_bind);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsBind failed - %s",
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
} else if (!W_ERROR_IS_OK(r_drsuapi_bind.out.result)) {
r->out.error_string
= talloc_asprintf(r,
"DsBind failed - %s",
win_errstr(r_drsuapi_bind.out.result));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* Actually 'crack' the names */
ZERO_STRUCT(r_crack_names);
r_crack_names.in.bind_handle = &drsuapi_bind_handle;
r_crack_names.in.level = 1;
r_crack_names.in.req = talloc(r, union drsuapi_DsNameRequest);
if (!r_crack_names.in.req) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
r_crack_names.in.req->req1.codepage = 1252; /* western european */
r_crack_names.in.req->req1.language = 0x00000407; /* german */
r_crack_names.in.req->req1.count = 1;
r_crack_names.in.req->req1.names = names;
r_crack_names.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = dom_sid_string(tmp_ctx, r->out.account_sid);
if (!names[0].str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
r_crack_names.out.ctr = talloc(r, union drsuapi_DsNameCtr);
r_crack_names.out.level_out = talloc(r, uint32_t);
if (!r_crack_names.out.ctr || !r_crack_names.out.level_out) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
status = dcerpc_drsuapi_DsCrackNames_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_crack_names);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
names[0].str,
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
r->out.error_string
= talloc_asprintf(r,
"DsCrackNames failed - %s", win_errstr(r_crack_names.out.result));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
} else if (*r_crack_names.out.level_out != 1
|| !r_crack_names.out.ctr->ctr1
|| r_crack_names.out.ctr->ctr1->count != 1) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed");
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_PARAMETER;
} else if (r_crack_names.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: %d", r_crack_names.out.ctr->ctr1->array[0].status);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
} else if (r_crack_names.out.ctr->ctr1->array[0].result_name == NULL) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: no result name");
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_PARAMETER;
}
/* Store the DN of our machine account. */
account_dn_str = r_crack_names.out.ctr->ctr1->array[0].result_name;
/* Now we know the user's DN, open with LDAP, read and modify a few things */
remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s",
drsuapi_binding->target_hostname);
if (!remote_ldb_url) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
remote_ldb = ldb_wrap_connect(tmp_ctx, ctx->event_ctx, ctx->lp_ctx,
remote_ldb_url,
NULL, ctx->cred, 0);
if (!remote_ldb) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
account_dn = ldb_dn_new(tmp_ctx, remote_ldb, account_dn_str);
if (account_dn == NULL) {
r->out.error_string = talloc_asprintf(r, "Invalid account dn: %s",
account_dn_str);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* search for the user's record */
ret = ldb_search(remote_ldb, tmp_ctx, &res,
account_dn, LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s",
account_dn_str, ldb_errstring(remote_ldb));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
if (res->count != 1) {
r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - found %d entries",
account_dn_str, res->count);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* Prepare a new message, for the modify */
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
msg->dn = res->msgs[0]->dn;
{
unsigned int i;
const char *service_principal_name[2];
const char *dns_host_name = strlower_talloc(msg,
talloc_asprintf(msg,
"%s.%s",
r->in.netbios_name,
realm));
if (!dns_host_name) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
service_principal_name[0] = talloc_asprintf(msg, "HOST/%s",
dns_host_name);
service_principal_name[1] = talloc_asprintf(msg, "HOST/%s",
r->in.netbios_name);
for (i=0; i < ARRAY_SIZE(service_principal_name); i++) {
if (!service_principal_name[i]) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = ldb_msg_add_string(msg, "servicePrincipalName",
service_principal_name[i]);
if (rtn != LDB_SUCCESS) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
}
rtn = ldb_msg_add_string(msg, "dNSHostName", dns_host_name);
if (rtn != LDB_SUCCESS) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = dsdb_replace(remote_ldb, msg, 0);
if (rtn != LDB_SUCCESS) {
r->out.error_string
= talloc_asprintf(r,
"Failed to replace entries on %s",
ldb_dn_get_linearized(msg->dn));
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
}
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
msg->dn = res->msgs[0]->dn;
rtn = samdb_msg_add_uint(remote_ldb, msg, msg,
"msDS-SupportedEncryptionTypes", ENC_ALL_TYPES);
if (rtn != LDB_SUCCESS) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = dsdb_replace(remote_ldb, msg, 0);
/* The remote server may not support this attribute, if it
* isn't a modern schema */
if (rtn != LDB_SUCCESS && rtn != LDB_ERR_NO_SUCH_ATTRIBUTE) {
r->out.error_string
= talloc_asprintf(r,
"Failed to replace msDS-SupportedEncryptionTypes on %s",
ldb_dn_get_linearized(msg->dn));
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* DsCrackNames to find out the DN of the domain. */
r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = talloc_asprintf(tmp_ctx, "%s\\", r->out.domain_name);
if (!names[0].str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
status = dcerpc_drsuapi_DsCrackNames_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_crack_names);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string
= talloc_asprintf(r,
"dcerpc_drsuapi_DsCrackNames for [%s] failed - %s",
r->in.domain_name,
nt_errstr(status));
talloc_free(tmp_ctx);
return status;
} else if (!W_ERROR_IS_OK(r_crack_names.out.result)) {
r->out.error_string
= talloc_asprintf(r,
"DsCrackNames failed - %s", win_errstr(r_crack_names.out.result));
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
} else if (*r_crack_names.out.level_out != 1
|| !r_crack_names.out.ctr->ctr1
|| r_crack_names.out.ctr->ctr1->count != 1
|| !r_crack_names.out.ctr->ctr1->array[0].result_name
|| r_crack_names.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
r->out.error_string = talloc_asprintf(r, "DsCrackNames failed");
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
/* Store the account DN. */
r->out.account_dn_str = account_dn_str;
talloc_steal(r, account_dn_str);
/* Store the domain DN. */
r->out.domain_dn_str = r_crack_names.out.ctr->ctr1->array[0].result_name;
talloc_steal(r, r_crack_names.out.ctr->ctr1->array[0].result_name);
/* Store the KVNO of the account, critical for some kerberos
* operations */
r->out.kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0);
/* Store the account GUID. */
r->out.account_guid = samdb_result_guid(res->msgs[0], "objectGUID");
if (r->in.acct_type == ACB_SVRTRUST) {
status = libnet_JoinSite(ctx, remote_ldb, r);
}
talloc_free(tmp_ctx);
return status;
}
/*
read a directory and find all matching file names and stat info
returned names are separate unix and DOS names. The returned names
are relative to the directory
*/
struct cifspsx_dir *cifspsx_list_unix(TALLOC_CTX *mem_ctx, struct ntvfs_request *req, const char *unix_path)
{
char *p, *mask;
struct cifspsx_dir *dir;
DIR *odir;
struct dirent *dent;
unsigned int allocated = 0;
char *low_mask;
dir = talloc(mem_ctx, struct cifspsx_dir);
if (!dir) { return NULL; }
dir->count = 0;
dir->files = 0;
/* find the base directory */
p = strrchr(unix_path, '/');
if (!p) { return NULL; }
dir->unix_dir = talloc_strndup(mem_ctx, unix_path, PTR_DIFF(p, unix_path));
if (!dir->unix_dir) { return NULL; }
/* the wildcard pattern is the last part */
mask = p+1;
low_mask = strlower_talloc(mem_ctx, mask);
if (!low_mask) { return NULL; }
odir = opendir(dir->unix_dir);
if (!odir) { return NULL; }
while ((dent = readdir(odir))) {
unsigned int i = dir->count;
char *full_name;
char *low_name;
int ret;
if (strchr(dent->d_name, ':') && !strchr(unix_path, ':')) {
/* don't show streams in dir listing */
continue;
}
low_name = strlower_talloc(mem_ctx, dent->d_name);
if (!low_name) { continue; }
/* check it matches the wildcard pattern */
if (ms_fnmatch_protocol(low_mask, low_name, PROTOCOL_NT1) != 0) {
continue;
}
if (dir->count >= allocated) {
allocated = (allocated + 100) * 1.2;
dir->files = talloc_realloc(dir, dir->files, struct cifspsx_dirfile, allocated);
if (!dir->files) {
closedir(odir);
return NULL;
}
}
dir->files[i].name = low_name;
if (!dir->files[i].name) { continue; }
ret = asprintf(&full_name, "%s/%s", dir->unix_dir, dir->files[i].name);
if (ret == -1) {
continue;
}
if (!full_name) { continue; }
if (stat(full_name, &dir->files[i].st) == 0) {
dir->count++;
}
free(full_name);
}
static int net_conf_setparm(struct net_context *c, struct smbconf_ctx *conf_ctx,
int argc, const char **argv)
{
int ret = -1;
sbcErr err;
char *service = NULL;
char *param = NULL;
const char *value_str = NULL;
TALLOC_CTX *mem_ctx = talloc_stackframe();
if (argc != 3 || c->display_usage) {
net_conf_setparm_usage(c, argc, argv);
goto done;
}
/*
* NULL service name means "dangling parameters" to libsmbconf.
* We use the empty string from the command line for this purpose.
*/
if (strlen(argv[0]) != 0) {
service = talloc_strdup(mem_ctx, argv[0]);
if (service == NULL) {
d_printf(_("error: out of memory!\n"));
goto done;
}
}
param = strlower_talloc(mem_ctx, argv[1]);
if (param == NULL) {
d_printf(_("error: out of memory!\n"));
goto done;
}
value_str = argv[2];
if (!net_conf_param_valid(service,param, value_str)) {
goto done;
}
err = smbconf_transaction_start(conf_ctx);
if (!SBC_ERROR_IS_OK(err)) {
d_printf(_("error starting transaction: %s\n"),
sbcErrorString(err));
goto done;
}
if (!smbconf_share_exists(conf_ctx, service)) {
err = smbconf_create_share(conf_ctx, service);
if (!SBC_ERROR_IS_OK(err)) {
d_fprintf(stderr, _("Error creating share '%s': %s\n"),
service, sbcErrorString(err));
goto cancel;
}
}
err = smbconf_set_parameter(conf_ctx, service, param, value_str);
if (!SBC_ERROR_IS_OK(err)) {
d_fprintf(stderr, _("Error setting value '%s': %s\n"),
param, sbcErrorString(err));
goto cancel;
}
err = smbconf_transaction_commit(conf_ctx);
if (!SBC_ERROR_IS_OK(err)) {
d_printf(_("error committing transaction: %s\n"),
sbcErrorString(err));
} else {
ret = 0;
}
goto done;
cancel:
err = smbconf_transaction_cancel(conf_ctx);
if (!SBC_ERROR_IS_OK(err)) {
d_printf(_("error cancelling transaction: %s\n"),
sbcErrorString(err));
}
done:
TALLOC_FREE(mem_ctx);
return ret;
}
