static void get_real_name(TALLOC_CTX *mem_ctx, struct smbcli_state *cli, char **long_name, char **short_name) { const char *mask; struct masktest_state state; if (cli->transport->negotiate.protocol <= PROTOCOL_LANMAN1) { mask = "\\masktest\\*.*"; } else { mask = "\\masktest\\*"; } f_info_hit = false; state.mem_ctx = mem_ctx; smbcli_list_new(cli->tree, mask, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY, RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO, listfn, &state); if (f_info_hit) { *short_name = strlower_talloc(mem_ctx, last_hit.short_name); *long_name = strlower_talloc(mem_ctx, last_hit.long_name); } if (*short_name[0] == '\0') { *short_name = talloc_strdup(mem_ctx, *long_name); } }
static int net_conf_getparm(struct net_context *c, struct smbconf_ctx *conf_ctx, int argc, const char **argv) { int ret = -1; sbcErr err; char *service = NULL; char *param = NULL; char *valstr = NULL; TALLOC_CTX *mem_ctx; mem_ctx = talloc_stackframe(); if (argc != 2 || c->display_usage) { net_conf_getparm_usage(c, argc, argv); goto done; } /* * NULL service name means "dangling parameters" to libsmbconf. * We use the empty string from the command line for this purpose. */ if (strlen(argv[0]) != 0) { service = talloc_strdup(mem_ctx, argv[0]); if (service == NULL) { d_printf(_("error: out of memory!\n")); goto done; } } param = strlower_talloc(mem_ctx, argv[1]); if (param == NULL) { d_printf(_("error: out of memory!\n")); goto done; } err = smbconf_get_parameter(conf_ctx, mem_ctx, service, param, &valstr); if (SBC_ERROR_EQUAL(err, SBC_ERR_NO_SUCH_SERVICE)) { d_fprintf(stderr, _("Error: given service '%s' does not exist.\n"), service); goto done; } else if (SBC_ERROR_EQUAL(err, SBC_ERR_INVALID_PARAM)) { d_fprintf(stderr, _("Error: given parameter '%s' is not set.\n"), param); goto done; } else if (!SBC_ERROR_IS_OK(err)) { d_fprintf(stderr, _("Error getting value '%s': %s.\n"), param, sbcErrorString(err)); goto done; } d_printf("%s\n", valstr); ret = 0; done: TALLOC_FREE(mem_ctx); return ret; }
static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, krb5_principal *salt_princ) { krb5_error_code ret; char *machine_username; char *salt_body; char *lower_realm; const char *salt_principal; struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container); if (!mem_ctx) { return ENOMEM; } salt_principal = cli_credentials_get_salt_principal(machine_account); if (salt_principal) { ret = krb5_parse_name(smb_krb5_context->krb5_context, salt_principal, salt_princ); } else { machine_username = talloc_strdup(mem_ctx, cli_credentials_get_username(machine_account)); if (!machine_username) { talloc_free(mem_ctx); return ENOMEM; } if (machine_username[strlen(machine_username)-1] == '$') { machine_username[strlen(machine_username)-1] = '\0'; } lower_realm = strlower_talloc(mem_ctx, cli_credentials_get_realm(machine_account)); if (!lower_realm) { talloc_free(mem_ctx); return ENOMEM; } salt_body = talloc_asprintf(mem_ctx, "%s.%s", machine_username, lower_realm); if (!salt_body) { talloc_free(mem_ctx); return ENOMEM; } ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ, cli_credentials_get_realm(machine_account), "host", salt_body, NULL); } if (ret == 0) { /* This song-and-dance effectivly puts the principal * into talloc, so we can't loose it. */ mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context); mem_ctx->principal = *salt_princ; talloc_set_destructor(mem_ctx, free_principal); } return ret; }
/* convert a windows path to a unix path - don't do any manging or case sensitive handling */ char *cifspsx_unix_path(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, const char *name) { struct cifspsx_private *p = ntvfs->private_data; char *ret; char *name_lower = strlower_talloc(p, name); if (*name != '\\') { ret = talloc_asprintf(req, "%s/%s", p->connectpath, name_lower); } else { ret = talloc_asprintf(req, "%s%s", p->connectpath, name_lower); } all_string_sub(ret, "\\", "/", 0); talloc_free(name_lower); return ret; }
/** \details This function replaces network address from the binding strings returned by Exchange for the PR_EMS_AB_NETWORK_ADDRESS property and limit the binding strings scope to ncacn_ip_tcp. \param dce_call pointer to the session context \param r pointer to the NspiGetProps structure \return true on success, otherwise false */ bool mapiproxy_NspiGetProps(struct dcesrv_call_state *dce_call, struct NspiGetProps *r) { uint32_t i; uint32_t propID = -1; struct SPropTagArray *SPropTagArray = NULL; struct PropertyRow_r *Row; struct StringArray_r *slpstr; struct PropertyValue_r *lpProp; /* Sanity checks */ if (!r->out.ppRows) return false; if (!(*r->out.ppRows)->cValues) return false; /* Step 1. Find PR_EMS_AB_NETWORK_ADDRESS index */ propID = -1; SPropTagArray = r->in.pPropTags; for (i = 0; i < SPropTagArray->cValues; i++) { if (SPropTagArray->aulPropTag[i] == PR_EMS_AB_NETWORK_ADDRESS) { propID = i; break; } } if (propID == -1) return false; /* Step 2. Retrieve the SLPSTRArray */ Row = *r->out.ppRows; lpProp = &Row->lpProps[propID]; if (!lpProp) return false; if (lpProp->ulPropTag != PR_EMS_AB_NETWORK_ADDRESS) return false; slpstr = &(lpProp->value.MVszA); /* Step 3. Modify Exchange binding strings and only return ncacn_ip_tcp */ slpstr->cValues = 1; slpstr->lppszA[0] = talloc_asprintf(dce_call, "ncacn_ip_tcp:%s.%s", lpcfg_netbios_name(dce_call->conn->dce_ctx->lp_ctx), lpcfg_realm(dce_call->conn->dce_ctx->lp_ctx)); slpstr->lppszA[0] = strlower_talloc(dce_call, slpstr->lppszA[0]); return true; }
static int net_usershare_delete(struct net_context *c, int argc, const char **argv) { char *us_path; char *sharename; if (argc != 1 || c->display_usage) { return net_usershare_delete_usage(c, argc, argv); } if ((sharename = strlower_talloc(talloc_tos(), argv[0])) == NULL) { d_fprintf(stderr, _("strlower_talloc failed\n")); return -1; } if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) { d_fprintf(stderr, _("net usershare delete: share name %s contains " "invalid characters (any of %s)\n"), sharename, INVALID_SHARENAME_CHARS); TALLOC_FREE(sharename); return -1; } us_path = talloc_asprintf(talloc_tos(), "%s/%s", lp_usershare_path(talloc_tos()), sharename); if (!us_path) { TALLOC_FREE(sharename); return -1; } if (unlink(us_path) != 0) { d_fprintf(stderr, _("net usershare delete: unable to remove usershare %s. " "Error was %s\n"), us_path, strerror(errno)); TALLOC_FREE(sharename); return -1; } TALLOC_FREE(sharename); return 0; }
/** \details exchange_ds_rfr RfrGetNewDSA (0x0) function \param dce_call pointer to the session context \param mem_ctx pointer to the memory context \param r pointer to the RfrGetNewDSA request data \note We incorrectly assume input pUserDN is correct and available, but it is OK for now. \return MAPI_E_SUCCESS on success */ static enum MAPISTATUS dcesrv_RfrGetNewDSA(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct RfrGetNewDSA *r) { const char *netbiosname = NULL; const char *realm = NULL; char *fqdn = NULL; OC_DEBUG(5, "exchange_ds_rfr: RfrGetNewDSA (0x0)"); /* Step 0. Ensure incoming user is authenticated */ if (!dcesrv_call_authenticated(dce_call)) { OC_DEBUG(1, "No challenge requested by client, cannot authenticate"); r->out.ppszUnused = NULL; r->out.ppszServer = NULL; r->out.result = MAPI_E_LOGON_FAILED; return MAPI_E_LOGON_FAILED; } /* Step 1. We don't have load-balancing support yet, just return Samba FQDN name */ netbiosname = lpcfg_netbios_name(dce_call->conn->dce_ctx->lp_ctx); realm = lpcfg_realm(dce_call->conn->dce_ctx->lp_ctx); if (!netbiosname || !realm) { r->out.ppszUnused = NULL; r->out.ppszServer = NULL; r->out.result = MAPI_E_NO_SUPPORT; return MAPI_E_NO_SUPPORT; } fqdn = talloc_asprintf(mem_ctx, "%s.%s", netbiosname, realm); r->out.ppszUnused = NULL; r->out.ppszServer = talloc_array(mem_ctx, const char *, 2); r->out.ppszServer[0] = strlower_talloc(mem_ctx, fqdn); r->out.ppszServer[1] = NULL; r->out.result = MAPI_E_SUCCESS; return MAPI_E_SUCCESS; }
struct composite_context *libnet_UnbecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_UnbecomeDC *r) { struct composite_context *c; struct libnet_UnbecomeDC_state *s; char *tmp_name; c = composite_create(mem_ctx, ctx->event_ctx); if (c == NULL) return NULL; s = talloc_zero(c, struct libnet_UnbecomeDC_state); if (composite_nomem(s, c)) return c; c->private_data = s; s->creq = c; s->libnet = ctx; /* Domain input */ s->domain.dns_name = talloc_strdup(s, r->in.domain_dns_name); if (composite_nomem(s->domain.dns_name, c)) return c; s->domain.netbios_name = talloc_strdup(s, r->in.domain_netbios_name); if (composite_nomem(s->domain.netbios_name, c)) return c; /* Source DSA input */ s->source_dsa.address = talloc_strdup(s, r->in.source_dsa_address); if (composite_nomem(s->source_dsa.address, c)) return c; /* Destination DSA input */ s->dest_dsa.netbios_name= talloc_strdup(s, r->in.dest_dsa_netbios_name); if (composite_nomem(s->dest_dsa.netbios_name, c)) return c; /* Destination DSA dns_name construction */ tmp_name = strlower_talloc(s, s->dest_dsa.netbios_name); if (composite_nomem(tmp_name, c)) return c; s->dest_dsa.dns_name = talloc_asprintf_append_buffer(tmp_name, ".%s", s->domain.dns_name); if (composite_nomem(s->dest_dsa.dns_name, c)) return c; unbecomeDC_send_cldap(s); return c; }
/** * Start NTLMSSP on the server side * */ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) { NTSTATUS nt_status; struct ntlmssp_state *ntlmssp_state; struct gensec_ntlmssp_context *gensec_ntlmssp; const char *netbios_name; const char *netbios_domain; const char *dns_name; const char *dns_domain; enum server_role role; role = lpcfg_server_role(gensec_security->settings->lp_ctx); nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); ntlmssp_state = talloc_zero(gensec_ntlmssp, struct ntlmssp_state); if (!ntlmssp_state) { return NT_STATUS_NO_MEMORY; } gensec_ntlmssp->ntlmssp_state = ntlmssp_state; ntlmssp_state->role = NTLMSSP_SERVER; ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; ntlmssp_state->allow_lm_response = lpcfg_lanman_auth(gensec_security->settings->lp_ctx); if (ntlmssp_state->allow_lm_response && gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false)) { ntlmssp_state->allow_lm_key = true; } ntlmssp_state->force_old_spnego = false; if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "force_old_spnego", false)) { /* * For testing Windows 2000 mode */ ntlmssp_state->force_old_spnego = true; } ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION; if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } if (ntlmssp_state->allow_lm_key) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; } /* * We always allow NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. * * These will be removed if the client doesn't want them. */ ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) { /* * We need to handle NTLMSSP_NEGOTIATE_SIGN as * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE * is requested. */ ntlmssp_state->force_wrap_seal = true; } } if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } if (role == ROLE_STANDALONE) { ntlmssp_state->server.is_standalone = true; } else { ntlmssp_state->server.is_standalone = false; } if (gensec_security->settings->server_netbios_name) { netbios_name = gensec_security->settings->server_netbios_name; } else { netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx); } if (gensec_security->settings->server_netbios_domain) { netbios_domain = gensec_security->settings->server_netbios_domain; } else { netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx); } if (gensec_security->settings->server_dns_name) { dns_name = gensec_security->settings->server_dns_name; } else { const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); char *lower_netbiosname; lower_netbiosname = strlower_talloc(ntlmssp_state, netbios_name); NT_STATUS_HAVE_NO_MEMORY(lower_netbiosname); /* Find out the DNS host name */ if (dnsdomain && dnsdomain[0] != '\0') { dns_name = talloc_asprintf(ntlmssp_state, "%s.%s", lower_netbiosname, dnsdomain); talloc_free(lower_netbiosname); NT_STATUS_HAVE_NO_MEMORY(dns_name); } else { dns_name = lower_netbiosname; } } if (gensec_security->settings->server_dns_domain) { dns_domain = gensec_security->settings->server_dns_domain; } else { dns_domain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); } ntlmssp_state->server.netbios_name = talloc_strdup(ntlmssp_state, netbios_name); NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_name); ntlmssp_state->server.netbios_domain = talloc_strdup(ntlmssp_state, netbios_domain); NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.netbios_domain); ntlmssp_state->server.dns_name = talloc_strdup(ntlmssp_state, dns_name); NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name); ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, dns_domain); NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain); ntlmssp_state->neg_flags |= ntlmssp_state->required_flags; ntlmssp_state->conf_flags = ntlmssp_state->neg_flags; return NT_STATUS_OK; }
/* fill in the cldap netlogon union for a given version */ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *domain, const char *netbios_domain, struct dom_sid *domain_sid, const char *domain_guid, const char *user, uint32_t acct_control, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, struct netlogon_samlogon_response *netlogon, bool fill_on_blank_request) { const char *dom_attrs[] = {"objectGUID", NULL}; const char *none_attrs[] = {NULL}; struct ldb_result *dom_res = NULL, *user_res = NULL; int ret; const char **services = lpcfg_server_services(lp_ctx); uint32_t server_type; const char *pdc_name; struct GUID domain_uuid; const char *dns_domain; const char *forest_domain; const char *pdc_dns_name; const char *flatname; const char *server_site; const char *client_site; const char *pdc_ip; struct ldb_dn *domain_dn = NULL; struct interface *ifaces; bool user_known, am_rodc; NTSTATUS status; /* the domain parameter could have an optional trailing "." */ if (domain && domain[strlen(domain)-1] == '.') { domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); NT_STATUS_HAVE_NO_MEMORY(domain); } /* Lookup using long or short domainname */ if (domain && (strcasecmp_m(domain, lpcfg_dnsdomain(lp_ctx)) == 0)) { domain_dn = ldb_get_default_basedn(sam_ctx); } if (netbios_domain && (strcasecmp_m(netbios_domain, lpcfg_sam_name(lp_ctx)) == 0)) { domain_dn = ldb_get_default_basedn(sam_ctx); } if (domain_dn) { const char *domain_identifier = domain != NULL ? domain : netbios_domain; ret = ldb_search(sam_ctx, mem_ctx, &dom_res, domain_dn, LDB_SCOPE_BASE, dom_attrs, "objectClass=domain"); if (ret != LDB_SUCCESS) { DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain_identifier, ldb_dn_get_linearized(domain_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } if (dom_res->count != 1) { DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain_identifier, ldb_dn_get_linearized(domain_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } } /* Lookup using GUID or SID */ if ((dom_res == NULL) && (domain_guid || domain_sid)) { if (domain_guid) { struct GUID binary_guid; struct ldb_val guid_val; /* By this means, we ensure we don't have funny stuff in the GUID */ status = GUID_from_string(domain_guid, &binary_guid); if (!NT_STATUS_IS_OK(status)) { return status; } /* And this gets the result into the binary format we want anyway */ status = GUID_to_ndr_blob(&binary_guid, mem_ctx, &guid_val); if (!NT_STATUS_IS_OK(status)) { return status; } ret = ldb_search(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, "(&(objectCategory=DomainDNS)(objectGUID=%s))", ldb_binary_encode(mem_ctx, guid_val)); } else { /* domain_sid case */ ret = ldb_search(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, "(&(objectCategory=DomainDNS)(objectSid=%s))", dom_sid_string(mem_ctx, domain_sid)); } if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam: %s\n", domain_guid, dom_sid_string(mem_ctx, domain_sid), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (dom_res->count == 1) { /* Ok, now just check it is our domain */ if (ldb_dn_compare(ldb_get_default_basedn(sam_ctx), dom_res->msgs[0]->dn) != 0) { DEBUG(2,("The GUID '%s' or SID '%s' doesn't identify our domain\n", domain_guid, dom_sid_string(mem_ctx, domain_sid))); return NT_STATUS_NO_SUCH_DOMAIN; } } else { DEBUG(2,("Unable to find a correct reference to GUID '%s' or SID '%s' in sam\n", domain_guid, dom_sid_string(mem_ctx, domain_sid))); return NT_STATUS_NO_SUCH_DOMAIN; } } if (dom_res == NULL && fill_on_blank_request) { /* blank inputs gives our domain - tested against w2k8r2. Without this ADUC on Win7 won't start */ domain_dn = ldb_get_default_basedn(sam_ctx); ret = ldb_search(sam_ctx, mem_ctx, &dom_res, domain_dn, LDB_SCOPE_BASE, dom_attrs, "objectClass=domain"); if (ret != LDB_SUCCESS) { DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", lpcfg_dnsdomain(lp_ctx), ldb_dn_get_linearized(domain_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } } if (dom_res == NULL) { DEBUG(2,(__location__ ": Unable to get domain information with no inputs\n")); return NT_STATUS_NO_SUCH_DOMAIN; } /* work around different inputs for not-specified users */ if (!user) { user = ""; } /* Enquire about any valid username with just a CLDAP packet - * if kerberos didn't also do this, the security folks would * scream... */ if (user[0]) { \ /* Only allow some bits to be enquired: [MS-ATDS] 7.3.3.2 */ if (acct_control == (uint32_t)-1) { acct_control = 0; } acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST); /* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */ ret = ldb_search(sam_ctx, mem_ctx, &user_res, dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE, none_attrs, "(&(objectClass=user)(samAccountName=%s)" "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))" "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", ldb_binary_encode_string(mem_ctx, user), UF_ACCOUNTDISABLE, ds_acb2uf(acct_control)); if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find reference to user '%s' with ACB 0x%8x under %s: %s\n", user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_USER; } else if (user_res->count == 1) { user_known = true; } else { user_known = false; } } else { user_known = true; } server_type = DS_SERVER_DS | DS_SERVER_TIMESERV | DS_SERVER_GOOD_TIMESERV; if (samdb_is_pdc(sam_ctx)) { server_type |= DS_SERVER_PDC; } if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) { server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6; } if (samdb_is_gc(sam_ctx)) { server_type |= DS_SERVER_GC; } if (str_list_check(services, "ldap")) { server_type |= DS_SERVER_LDAP; } if (str_list_check(services, "kdc")) { server_type |= DS_SERVER_KDC; } if (samdb_rodc(sam_ctx, &am_rodc) == LDB_SUCCESS && !am_rodc) { server_type |= DS_SERVER_WRITABLE; } pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lpcfg_netbios_name(lp_ctx)); NT_STATUS_HAVE_NO_MEMORY(pdc_name); domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID"); dns_domain = lpcfg_dnsdomain(lp_ctx); forest_domain = samdb_forest_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(forest_domain); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lpcfg_netbios_name(lp_ctx)), dns_domain); NT_STATUS_HAVE_NO_MEMORY(pdc_dns_name); flatname = lpcfg_workgroup(lp_ctx); server_site = samdb_server_site_name(sam_ctx, mem_ctx); NT_STATUS_HAVE_NO_MEMORY(server_site); client_site = samdb_client_site_name(sam_ctx, mem_ctx, src_address, NULL); NT_STATUS_HAVE_NO_MEMORY(client_site); if (strcasecmp(server_site, client_site) == 0) { server_type |= DS_SERVER_CLOSEST; } load_interface_list(mem_ctx, lp_ctx, &ifaces); if (src_address) { pdc_ip = iface_list_best_ip(ifaces, src_address); } else { pdc_ip = iface_list_first_v4(ifaces); } if (pdc_ip == NULL || !is_ipaddress_v4(pdc_ip)) { /* this matches windows behaviour */ pdc_ip = "127.0.0.1"; } ZERO_STRUCTP(netlogon); /* check if either of these bits is present */ if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) { uint32_t extra_flags = 0; netlogon->ntver = NETLOGON_NT_VERSION_5EX; /* could check if the user exists */ if (user_known) { netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; } else { netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; } netlogon->data.nt5_ex.pdc_name = pdc_name; netlogon->data.nt5_ex.user_name = user; netlogon->data.nt5_ex.domain_name = flatname; netlogon->data.nt5_ex.domain_uuid = domain_uuid; netlogon->data.nt5_ex.forest = forest_domain; netlogon->data.nt5_ex.dns_domain = dns_domain; netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name; netlogon->data.nt5_ex.server_site = server_site; netlogon->data.nt5_ex.client_site = client_site; if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) { /* note that this is always a IPV4 address */ extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon->data.nt5_ex.sockaddr.sockaddr_family = 2; netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip; netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); } netlogon->data.nt5_ex.server_type = server_type; netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; netlogon->data.nt5_ex.lmnt_token = 0xFFFF; netlogon->data.nt5_ex.lm20_token = 0xFFFF; } else if (version & NETLOGON_NT_VERSION_5) { netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ if (user_known) { netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; } netlogon->data.nt5.pdc_name = pdc_name; netlogon->data.nt5.user_name = user; netlogon->data.nt5.domain_name = flatname; netlogon->data.nt5.domain_uuid = domain_uuid; netlogon->data.nt5.forest = forest_domain; netlogon->data.nt5.dns_domain = dns_domain; netlogon->data.nt5.pdc_dns_name = pdc_dns_name; netlogon->data.nt5.pdc_ip = pdc_ip; netlogon->data.nt5.server_type = server_type; netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; netlogon->data.nt5.lmnt_token = 0xFFFF; netlogon->data.nt5.lm20_token = 0xFFFF; } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ if (user_known) { netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; } netlogon->data.nt4.pdc_name = pdc_name; netlogon->data.nt4.user_name = user; netlogon->data.nt4.domain_name = flatname; netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1; netlogon->data.nt4.lmnt_token = 0xFFFF; netlogon->data.nt4.lm20_token = 0xFFFF; } return NT_STATUS_OK; }
/* format a record for bind9 */ static bool b9_format(struct dlz_bind9_data *state, TALLOC_CTX *mem_ctx, struct dnsp_DnssrvRpcRecord *rec, const char **type, const char **data) { switch (rec->wType) { case DNS_TYPE_A: *type = "a"; *data = rec->data.ipv4; break; case DNS_TYPE_AAAA: *type = "aaaa"; *data = rec->data.ipv6; break; case DNS_TYPE_CNAME: *type = "cname"; *data = rec->data.cname; break; case DNS_TYPE_TXT: *type = "txt"; *data = rec->data.txt; break; case DNS_TYPE_PTR: *type = "ptr"; *data = rec->data.ptr; break; case DNS_TYPE_SRV: *type = "srv"; *data = talloc_asprintf(mem_ctx, "%u %u %u %s", rec->data.srv.wPriority, rec->data.srv.wWeight, rec->data.srv.wPort, rec->data.srv.nameTarget); break; case DNS_TYPE_MX: *type = "mx"; *data = talloc_asprintf(mem_ctx, "%u %s", rec->data.mx.wPriority, rec->data.mx.nameTarget); break; case DNS_TYPE_HINFO: *type = "hinfo"; *data = talloc_asprintf(mem_ctx, "%s %s", rec->data.hinfo.cpu, rec->data.hinfo.os); break; case DNS_TYPE_NS: *type = "ns"; *data = rec->data.ns; break; case DNS_TYPE_SOA: { const char *mname; *type = "soa"; /* we need to fake the authoritative nameserver to * point at ourselves. This is how AD DNS servers * force clients to send updates to the right local DC */ mname = talloc_asprintf(mem_ctx, "%s.%s", lpcfg_netbios_name(state->lp), lpcfg_dnsdomain(state->lp)); if (mname == NULL) { return false; } mname = strlower_talloc(mem_ctx, mname); if (mname == NULL) { return false; } state->soa_serial = rec->data.soa.serial; *data = talloc_asprintf(mem_ctx, "%s %s %u %u %u %u %u", mname, rec->data.soa.rname, rec->data.soa.serial, rec->data.soa.refresh, rec->data.soa.retry, rec->data.soa.expire, rec->data.soa.minimum); break; } default: state->log(ISC_LOG_ERROR, "samba b9_putrr: unhandled record type %u", rec->wType); return false; } return true; }
NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address, struct gensec_security **gensec_security_out) { struct gensec_security *gensec_security; struct auth_context *auth_context; NTSTATUS nt_status; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); NT_STATUS_HAVE_NO_MEMORY(tmp_ctx); nt_status = make_auth_context_subsystem(tmp_ctx, &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(tmp_ctx); return nt_status; } if (auth_context->prepare_gensec) { nt_status = auth_context->prepare_gensec(auth_context, tmp_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(tmp_ctx); return nt_status; } } else { const struct gensec_security_ops **backends = NULL; struct gensec_settings *gensec_settings; struct loadparm_context *lp_ctx; size_t idx = 0; struct cli_credentials *server_credentials; const char *dns_name; const char *dns_domain; struct auth4_context *auth4_context = make_auth4_context_s3(tmp_ctx, auth_context); if (auth4_context == NULL) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_helpers()); if (lp_ctx == NULL) { DEBUG(10, ("loadparm_init_s3 failed\n")); TALLOC_FREE(tmp_ctx); return NT_STATUS_INVALID_SERVER_STATE; } gensec_settings = lpcfg_gensec_settings(tmp_ctx, lp_ctx); if (lp_ctx == NULL) { DEBUG(10, ("lpcfg_gensec_settings failed\n")); TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } /* * This should be a 'netbios domain -> DNS domain' * mapping, and can currently validly return NULL on * poorly configured systems. * * This is used for the NTLMSSP server * */ dns_name = get_mydnsfullname(); if (dns_name == NULL) { dns_name = ""; } dns_domain = get_mydnsdomname(tmp_ctx); if (dns_domain == NULL) { dns_domain = ""; } gensec_settings->server_dns_name = strlower_talloc(gensec_settings, dns_name); if (gensec_settings->server_dns_name == NULL) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } gensec_settings->server_dns_domain = strlower_talloc(gensec_settings, dns_domain); if (gensec_settings->server_dns_domain == NULL) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } backends = talloc_zero_array(gensec_settings, const struct gensec_security_ops *, 6); if (backends == NULL) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } gensec_settings->backends = backends; gensec_init(); /* These need to be in priority order, krb5 before NTLMSSP */ #if defined(HAVE_KRB5) backends[idx++] = &gensec_gse_krb5_security_ops; #endif backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP); backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO); backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL); backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM); /* * This is anonymous for now, because we just use it * to set the kerberos state at the moment */ server_credentials = cli_credentials_init_anon(tmp_ctx); if (!server_credentials) { DEBUG(0, ("auth_generic_prepare: Failed to init server credentials\n")); return NT_STATUS_NO_MEMORY; } cli_credentials_set_conf(server_credentials, lp_ctx); if (lp_security() == SEC_ADS || USE_KERBEROS_KEYTAB) { cli_credentials_set_kerberos_state(server_credentials, CRED_AUTO_USE_KERBEROS); } else { cli_credentials_set_kerberos_state(server_credentials, CRED_DONT_USE_KERBEROS); } nt_status = gensec_server_start(tmp_ctx, gensec_settings, auth4_context, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(tmp_ctx); return nt_status; } gensec_set_credentials(gensec_security, server_credentials); talloc_unlink(tmp_ctx, lp_ctx); talloc_unlink(tmp_ctx, server_credentials); talloc_unlink(tmp_ctx, gensec_settings); talloc_unlink(tmp_ctx, auth4_context); } nt_status = gensec_set_remote_address(gensec_security, remote_address); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(tmp_ctx); return nt_status; } *gensec_security_out = talloc_steal(mem_ctx, gensec_security); TALLOC_FREE(tmp_ctx); return NT_STATUS_OK; }
static krb5_error_code salt_principal(TALLOC_CTX *parent_ctx, const char *samAccountName, const char *realm, const char *saltPrincipal, krb5_context context, krb5_principal *salt_princ, const char **error_string) { krb5_error_code ret; char *machine_username; char *salt_body; char *lower_realm; char *upper_realm; TALLOC_CTX *tmp_ctx; if (saltPrincipal) { ret = krb5_parse_name(context, saltPrincipal, salt_princ); if (ret) { *error_string = smb_get_krb5_error_message( context, ret, parent_ctx); } return ret; } if (!samAccountName) { (*error_string) = "Cannot determine salt principal, no " "saltPrincipal or samAccountName specified"; return EINVAL; } if (!realm) { *error_string = "Cannot make principal without a realm"; return EINVAL; } tmp_ctx = talloc_new(parent_ctx); if (!tmp_ctx) { *error_string = "Cannot allocate tmp_ctx"; return ENOMEM; } machine_username = talloc_strdup(tmp_ctx, samAccountName); if (!machine_username) { *error_string = "Cannot duplicate samAccountName"; talloc_free(tmp_ctx); return ENOMEM; } if (machine_username[strlen(machine_username)-1] == '$') { machine_username[strlen(machine_username)-1] = '\0'; } lower_realm = strlower_talloc(tmp_ctx, realm); if (!lower_realm) { *error_string = "Cannot allocate to lower case realm"; talloc_free(tmp_ctx); return ENOMEM; } upper_realm = strupper_talloc(tmp_ctx, realm); if (!upper_realm) { *error_string = "Cannot allocate to upper case realm"; talloc_free(tmp_ctx); return ENOMEM; } salt_body = talloc_asprintf(tmp_ctx, "%s.%s", machine_username, lower_realm); if (!salt_body) { *error_string = "Cannot form salt principal body"; talloc_free(tmp_ctx); return ENOMEM; } ret = smb_krb5_make_principal(context, salt_princ, upper_realm, "host", salt_body, NULL); if (ret) { *error_string = smb_get_krb5_error_message(context, ret, parent_ctx); } talloc_free(tmp_ctx); return ret; }
static krb5_error_code salt_principal_from_msg(TALLOC_CTX *parent_ctx, struct ldb_message *msg, struct smb_krb5_context *smb_krb5_context, krb5_principal *salt_princ, const char **error_string) { const char *salt_principal = ldb_msg_find_attr_as_string(msg, "saltPrincipal", NULL); const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); const char *realm = ldb_msg_find_attr_as_string(msg, "realm", NULL); if (salt_principal) { return parse_principal(parent_ctx, salt_principal, smb_krb5_context, salt_princ, error_string); } else if (samAccountName) { krb5_error_code ret; char *machine_username; char *salt_body; char *lower_realm; char *upper_realm; TALLOC_CTX *tmp_ctx; struct principal_container *mem_ctx = talloc(parent_ctx, struct principal_container); if (!mem_ctx) { *error_string = "Cannot allocate mem_ctx"; return ENOMEM; } tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { talloc_free(mem_ctx); *error_string = "Cannot allocate tmp_ctx"; return ENOMEM; } if (!realm) { *error_string = "Cannot have a kerberos secret in secrets.ldb without a realm"; return EINVAL; } machine_username = talloc_strdup(tmp_ctx, samAccountName); if (!machine_username) { talloc_free(mem_ctx); *error_string = "Cannot duplicate samAccountName"; return ENOMEM; } if (machine_username[strlen(machine_username)-1] == '$') { machine_username[strlen(machine_username)-1] = '\0'; } lower_realm = strlower_talloc(tmp_ctx, realm); if (!lower_realm) { talloc_free(mem_ctx); *error_string = "Cannot allocate to lower case realm"; return ENOMEM; } upper_realm = strupper_talloc(tmp_ctx, realm); if (!upper_realm) { talloc_free(mem_ctx); *error_string = "Cannot allocate to upper case realm"; return ENOMEM; } salt_body = talloc_asprintf(tmp_ctx, "%s.%s", machine_username, lower_realm); talloc_free(lower_realm); talloc_free(machine_username); if (!salt_body) { talloc_free(mem_ctx); *error_string = "Cannot form salt principal body"; return ENOMEM; } ret = krb5_make_principal(smb_krb5_context->krb5_context, salt_princ, upper_realm, "host", salt_body, NULL); if (ret == 0) { /* This song-and-dance effectivly puts the principal * into talloc, so we can't loose it. */ mem_ctx->smb_krb5_context = talloc_reference(mem_ctx, smb_krb5_context); mem_ctx->principal = *salt_princ; talloc_set_destructor(mem_ctx, free_principal); } else { (*error_string) = smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, parent_ctx); } talloc_free(tmp_ctx); return ret; } else {
static int smb_krb5_create_salt_principal(TALLOC_CTX *mem_ctx, const char *samAccountName, const char *realm, const char **salt_principal, const char **error_string) { char *machine_username; bool is_machine_account = false; char *upper_realm; TALLOC_CTX *tmp_ctx; int rc = -1; if (samAccountName == NULL) { *error_string = "Cannot determine salt principal, no " "saltPrincipal or samAccountName specified"; return rc; } if (realm == NULL) { *error_string = "Cannot make principal without a realm"; return rc; } tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { *error_string = "Cannot allocate talloc context"; return rc; } upper_realm = strupper_talloc(tmp_ctx, realm); if (upper_realm == NULL) { *error_string = "Cannot allocate to upper case realm"; goto out; } machine_username = strlower_talloc(tmp_ctx, samAccountName); if (!machine_username) { *error_string = "Cannot duplicate samAccountName"; goto out; } if (machine_username[strlen(machine_username) - 1] == '$') { machine_username[strlen(machine_username) - 1] = '\0'; is_machine_account = true; } if (is_machine_account) { char *lower_realm; lower_realm = strlower_talloc(tmp_ctx, realm); if (lower_realm == NULL) { *error_string = "Cannot allocate to lower case realm"; goto out; } *salt_principal = talloc_asprintf(mem_ctx, "host/%s.%s@%s", machine_username, lower_realm, upper_realm); } else { *salt_principal = talloc_asprintf(mem_ctx, "%s@%s", machine_username, upper_realm); } if (*salt_principal == NULL) { *error_string = "Cannot create salt principal"; goto out; } rc = 0; out: talloc_free(tmp_ctx); return rc; }
/* * complete a domain join, when joining to a AD domain: * 1.) connect and bind to the DRSUAPI pipe * 2.) do a DsCrackNames() to find the machine account dn * 3.) connect to LDAP * 4.) do an ldap search to find the "msDS-KeyVersionNumber" of the machine account * 5.) set the servicePrincipalName's of the machine account via LDAP, (maybe we should use DsWriteAccountSpn()...) * 6.) do a DsCrackNames() to find the domain dn * 7.) find out Site specific stuff, look at libnet_JoinSite() for details */ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_JoinDomain *r) { NTSTATUS status; TALLOC_CTX *tmp_ctx; const char *realm = r->out.realm; struct dcerpc_binding *samr_binding = r->out.samr_binding; struct dcerpc_pipe *drsuapi_pipe; struct dcerpc_binding *drsuapi_binding; struct drsuapi_DsBind r_drsuapi_bind; struct drsuapi_DsCrackNames r_crack_names; struct drsuapi_DsNameString names[1]; struct policy_handle drsuapi_bind_handle; struct GUID drsuapi_bind_guid; struct ldb_context *remote_ldb; struct ldb_dn *account_dn; const char *account_dn_str; const char *remote_ldb_url; struct ldb_result *res; struct ldb_message *msg; int ret, rtn; unsigned int kvno; const char * const attrs[] = { "msDS-KeyVersionNumber", "servicePrincipalName", "dNSHostName", NULL, }; r->out.error_string = NULL; /* We need to convert between a samAccountName and domain to a * DN in the directory. The correct way to do this is with * DRSUAPI CrackNames */ /* Fiddle with the bindings, so get to DRSUAPI on * NCACN_IP_TCP, sealed */ tmp_ctx = talloc_named(r, 0, "libnet_JoinADSDomain temp context"); if (!tmp_ctx) { r->out.error_string = NULL; return NT_STATUS_NO_MEMORY; } drsuapi_binding = talloc(tmp_ctx, struct dcerpc_binding); if (!drsuapi_binding) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } *drsuapi_binding = *samr_binding; /* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */ if (drsuapi_binding->transport != NCALRPC) { drsuapi_binding->transport = NCACN_IP_TCP; } drsuapi_binding->endpoint = NULL; drsuapi_binding->flags |= DCERPC_SEAL; status = dcerpc_pipe_connect_b(tmp_ctx, &drsuapi_pipe, drsuapi_binding, &dcerpc_table_drsuapi, ctx->cred, ctx->event_ctx); if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(r, "Connection to DRSUAPI pipe of PDC of domain '%s' failed: %s", r->in.domain_name, nt_errstr(status)); talloc_free(tmp_ctx); return status; } /* get a DRSUAPI pipe handle */ GUID_from_string(DRSUAPI_DS_BIND_GUID, &drsuapi_bind_guid); r_drsuapi_bind.in.bind_guid = &drsuapi_bind_guid; r_drsuapi_bind.in.bind_info = NULL; r_drsuapi_bind.out.bind_handle = &drsuapi_bind_handle; status = dcerpc_drsuapi_DsBind(drsuapi_pipe, tmp_ctx, &r_drsuapi_bind); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsBind failed - %s", dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code)); talloc_free(tmp_ctx); return status; } else { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsBind failed - %s", nt_errstr(status)); talloc_free(tmp_ctx); return status; } } else if (!W_ERROR_IS_OK(r_drsuapi_bind.out.result)) { r->out.error_string = talloc_asprintf(r, "DsBind failed - %s", win_errstr(r_drsuapi_bind.out.result)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* Actually 'crack' the names */ ZERO_STRUCT(r_crack_names); r_crack_names.in.bind_handle = &drsuapi_bind_handle; r_crack_names.in.level = 1; r_crack_names.in.req.req1.unknown1 = 0x000004e4; r_crack_names.in.req.req1.unknown2 = 0x00000407; r_crack_names.in.req.req1.count = 1; r_crack_names.in.req.req1.names = names; r_crack_names.in.req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS; r_crack_names.in.req.req1.format_offered= DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY; r_crack_names.in.req.req1.format_desired= DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = dom_sid_string(tmp_ctx, r->out.account_sid); if (!names[0].str) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } status = dcerpc_drsuapi_DsCrackNames(drsuapi_pipe, tmp_ctx, &r_crack_names); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s", names[0].str, dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code)); talloc_free(tmp_ctx); return status; } else { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s", names[0].str, nt_errstr(status)); talloc_free(tmp_ctx); return status; } } else if (!W_ERROR_IS_OK(r_crack_names.out.result)) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed - %s", win_errstr(r_crack_names.out.result)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } else if (r_crack_names.out.level != 1 || !r_crack_names.out.ctr.ctr1 || r_crack_names.out.ctr.ctr1->count != 1) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed"); talloc_free(tmp_ctx); return NT_STATUS_INVALID_PARAMETER; } else if (r_crack_names.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: %d", r_crack_names.out.ctr.ctr1->array[0].status); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } else if (r_crack_names.out.ctr.ctr1->array[0].result_name == NULL) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: no result name"); talloc_free(tmp_ctx); return NT_STATUS_INVALID_PARAMETER; } /* Store the DN of our machine account. */ account_dn_str = r_crack_names.out.ctr.ctr1->array[0].result_name; account_dn = ldb_dn_new(tmp_ctx, remote_ldb, account_dn_str); if (! ldb_dn_validate(account_dn)) { r->out.error_string = talloc_asprintf(r, "Invalid account dn: %s", account_dn_str); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* Now we know the user's DN, open with LDAP, read and modify a few things */ remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", drsuapi_binding->target_hostname); if (!remote_ldb_url) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } remote_ldb = ldb_wrap_connect(tmp_ctx, remote_ldb_url, NULL, ctx->cred, 0, NULL); if (!remote_ldb) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* search for the user's record */ ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE, NULL, attrs, &res); if (ret != LDB_SUCCESS) { r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s", account_dn_str, ldb_errstring(remote_ldb)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } talloc_steal(tmp_ctx, res); if (res->count != 1) { r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - found %d entries", account_dn_str, res->count); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* If we have a kvno recorded in AD, we need it locally as well */ kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0); /* Prepare a new message, for the modify */ msg = ldb_msg_new(tmp_ctx); if (!msg) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } msg->dn = res->msgs[0]->dn; { int i; const char *service_principal_name[6]; const char *dns_host_name = strlower_talloc(tmp_ctx, talloc_asprintf(tmp_ctx, "%s.%s", r->in.netbios_name, realm)); if (!dns_host_name) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } service_principal_name[0] = talloc_asprintf(tmp_ctx, "host/%s", dns_host_name); service_principal_name[1] = talloc_asprintf(tmp_ctx, "host/%s", strlower_talloc(tmp_ctx, r->in.netbios_name)); service_principal_name[2] = talloc_asprintf(tmp_ctx, "host/%s/%s", dns_host_name, realm); service_principal_name[3] = talloc_asprintf(tmp_ctx, "host/%s/%s", strlower_talloc(tmp_ctx, r->in.netbios_name), realm); service_principal_name[4] = talloc_asprintf(tmp_ctx, "host/%s/%s", dns_host_name, r->out.domain_name); service_principal_name[5] = talloc_asprintf(tmp_ctx, "host/%s/%s", strlower_talloc(tmp_ctx, r->in.netbios_name), r->out.domain_name); for (i=0; i < ARRAY_SIZE(service_principal_name); i++) { if (!service_principal_name[i]) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "servicePrincipalName", service_principal_name[i]); if (rtn == -1) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } } rtn = samdb_msg_add_string(remote_ldb, tmp_ctx, msg, "dNSHostName", dns_host_name); if (rtn == -1) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } rtn = samdb_replace(remote_ldb, tmp_ctx, msg); if (rtn != 0) { r->out.error_string = talloc_asprintf(r, "Failed to replace entries on %s", ldb_dn_get_linearized(msg->dn)); talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } /* DsCrackNames to find out the DN of the domain. */ r_crack_names.in.req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r_crack_names.in.req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = talloc_asprintf(tmp_ctx, "%s\\", r->out.domain_name); if (!names[0].str) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } status = dcerpc_drsuapi_DsCrackNames(drsuapi_pipe, tmp_ctx, &r_crack_names); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s", r->in.domain_name, dcerpc_errstr(tmp_ctx, drsuapi_pipe->last_fault_code)); talloc_free(tmp_ctx); return status; } else { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s", r->in.domain_name, nt_errstr(status)); talloc_free(tmp_ctx); return status; } } else if (!W_ERROR_IS_OK(r_crack_names.out.result)) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed - %s", win_errstr(r_crack_names.out.result)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } else if (r_crack_names.out.level != 1 || !r_crack_names.out.ctr.ctr1 || r_crack_names.out.ctr.ctr1->count != 1 || !r_crack_names.out.ctr.ctr1->array[0].result_name || r_crack_names.out.ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed"); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* Store the account DN. */ r->out.account_dn_str = account_dn_str; talloc_steal(r, account_dn_str); /* Store the domain DN. */ r->out.domain_dn_str = r_crack_names.out.ctr.ctr1->array[0].result_name; talloc_steal(r, r_crack_names.out.ctr.ctr1->array[0].result_name); r->out.kvno = kvno; if (r->in.acct_type == ACB_SVRTRUST) { status = libnet_JoinSite(remote_ldb, r); } talloc_free(tmp_ctx); return status; }
NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx, struct tevent_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const struct stream_server_ops *stream_ops, const char *pipe_name, void *private_data, void *process_context) { char *dirname; struct named_pipe_socket *pipe_sock; NTSTATUS status = NT_STATUS_NO_MEMORY;; pipe_sock = talloc(mem_ctx, struct named_pipe_socket); if (pipe_sock == NULL) { goto fail; } /* remember the details about the pipe */ pipe_sock->pipe_name = strlower_talloc(pipe_sock, pipe_name); if (pipe_sock->pipe_name == NULL) { goto fail; } if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), 0755)) { status = map_nt_error_from_unix_common(errno); DBG_ERR("Failed to create ncalrpc pipe directory '%s' - %s\n", lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status)); goto fail; } dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx)); if (dirname == NULL) { goto fail; } if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) { status = map_nt_error_from_unix_common(errno); DBG_ERR("Failed to create stream pipe directory '%s' - %s\n", dirname, nt_errstr(status)); goto fail; } if (strncmp(pipe_name, "\\pipe\\", 6) == 0) { pipe_name += 6; } pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname, pipe_name); if (pipe_sock->pipe_path == NULL) { goto fail; } talloc_free(dirname); pipe_sock->ops = stream_ops; pipe_sock->private_data = private_data; status = stream_setup_socket(pipe_sock, event_context, lp_ctx, model_ops, &named_pipe_stream_ops, "unix", pipe_sock->pipe_path, NULL, NULL, pipe_sock, process_context); if (!NT_STATUS_IS_OK(status)) { goto fail; } return NT_STATUS_OK; fail: talloc_free(pipe_sock); return status; }
/** * Start NTLMSSP on the server side * */ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) { NTSTATUS nt_status; struct ntlmssp_state *ntlmssp_state; struct gensec_ntlmssp_context *gensec_ntlmssp; nt_status = gensec_ntlmssp_start(gensec_security); NT_STATUS_NOT_OK_RETURN(nt_status); gensec_ntlmssp = talloc_get_type_abort(gensec_security->private_data, struct gensec_ntlmssp_context); ntlmssp_state = gensec_ntlmssp->ntlmssp_state; ntlmssp_state->role = NTLMSSP_SERVER; ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; ntlmssp_state->allow_lm_key = (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) && gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false)); ntlmssp_state->neg_flags = NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_VERSION; ntlmssp_state->lm_resp = data_blob(NULL, 0); ntlmssp_state->nt_resp = data_blob(NULL, 0); if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; } if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge; ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; ntlmssp_state->check_password = auth_ntlmssp_check_password; if (lpcfg_server_role(gensec_security->settings->lp_ctx) == ROLE_STANDALONE) { ntlmssp_state->server.is_standalone = true; } else { ntlmssp_state->server.is_standalone = false; } ntlmssp_state->server.netbios_name = lpcfg_netbios_name(gensec_security->settings->lp_ctx); ntlmssp_state->server.netbios_domain = lpcfg_workgroup(gensec_security->settings->lp_ctx); { const char *dnsdomain = lpcfg_dnsdomain(gensec_security->settings->lp_ctx); char *dnsname, *lower_netbiosname; lower_netbiosname = strlower_talloc(ntlmssp_state, ntlmssp_state->server.netbios_name); /* Find out the DNS host name */ if (dnsdomain && dnsdomain[0] != '\0') { dnsname = talloc_asprintf(ntlmssp_state, "%s.%s", lower_netbiosname, dnsdomain); talloc_free(lower_netbiosname); ntlmssp_state->server.dns_name = dnsname; } else { ntlmssp_state->server.dns_name = lower_netbiosname; } NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_name); ntlmssp_state->server.dns_domain = talloc_strdup(ntlmssp_state, lpcfg_dnsdomain(gensec_security->settings->lp_ctx)); NT_STATUS_HAVE_NO_MEMORY(ntlmssp_state->server.dns_domain); } return NT_STATUS_OK; }
static char *get_dns_domain(struct torture_context *tctx) { return strlower_talloc(tctx, getenv("REALM")); }
/* fill in the cldap netlogon union for a given version */ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, TALLOC_CTX *mem_ctx, const char *domain, const char *domain_guid, const char *user, const char *src_address, uint32_t version, union nbt_cldap_netlogon *netlogon) { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; struct ldb_message **ref_res, **dom_res; int ret, count = 0; const char **services = lp_server_services(); uint32_t server_type; const char *pdc_name; struct GUID domain_uuid; const char *realm; const char *dns_domain; const char *pdc_dns_name; const char *flatname; const char *server_site; const char *client_site; const char *pdc_ip; struct ldb_dn *partitions_basedn; partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); /* the domain has an optional trailing . */ if (domain && domain[strlen(domain)-1] == '.') { domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); } if (domain) { struct ldb_result *dom_ldb_result; struct ldb_dn *dom_dn; /* try and find the domain */ count = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", domain); if (count == 1) { dom_dn = samdb_result_dn(cldapd->samctx, mem_ctx, ref_res[0], "ncName", NULL); if (!dom_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } ret = ldb_search(cldapd->samctx, dom_dn, LDB_SCOPE_BASE, "objectClass=domain", dom_attrs, &dom_ldb_result); if (ret != LDB_SUCCESS) { DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx))); return NT_STATUS_NO_SUCH_DOMAIN; } talloc_steal(mem_ctx, dom_ldb_result); if (dom_ldb_result->count != 1) { DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } dom_res = dom_ldb_result->msgs; } } if (count == 0 && domain_guid) { /* OK, so no dice with the name, try and find the domain with the GUID */ count = gendb_search(cldapd->samctx, mem_ctx, NULL, &dom_res, dom_attrs, "(&(objectClass=domainDNS)(objectGUID=%s))", domain_guid); if (count == 1) { /* try and find the domain */ ret = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", ldb_dn_get_linearized(dom_res[0]->dn)); if (ret != 1) { DEBUG(2,("Unable to find referece to '%s' in sam\n", ldb_dn_get_linearized(dom_res[0]->dn))); return NT_STATUS_NO_SUCH_DOMAIN; } } } if (count == 0) { DEBUG(2,("Unable to find domain with name %s or GUID {%s}\n", domain, domain_guid)); return NT_STATUS_NO_SUCH_DOMAIN; } server_type = NBT_SERVER_PDC | NBT_SERVER_GC | NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; if (str_list_check(services, "ldap")) { server_type |= NBT_SERVER_LDAP; } if (str_list_check(services, "kdc")) { server_type |= NBT_SERVER_KDC; } pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); domain_uuid = samdb_result_guid(dom_res[0], "objectGUID"); realm = samdb_result_string(ref_res[0], "dnsRoot", lp_realm()); dns_domain = samdb_result_string(ref_res[0], "dnsRoot", lp_realm()); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lp_netbios_name()), dns_domain); flatname = samdb_result_string(ref_res[0], "nETBIOSName", lp_workgroup()); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; pdc_ip = iface_best_ip(src_address); ZERO_STRUCTP(netlogon); switch (version & 0xF) { case 0: case 1: netlogon->logon1.type = (user?19+2:19); netlogon->logon1.pdc_name = pdc_name; netlogon->logon1.user_name = user; netlogon->logon1.domain_name = flatname; netlogon->logon1.nt_version = 1; netlogon->logon1.lmnt_token = 0xFFFF; netlogon->logon1.lm20_token = 0xFFFF; break; case 2: case 3: netlogon->logon3.type = (user?19+2:19); netlogon->logon3.pdc_name = pdc_name; netlogon->logon3.user_name = user; netlogon->logon3.domain_name = flatname; netlogon->logon3.domain_uuid = domain_uuid; netlogon->logon3.forest = realm; netlogon->logon3.dns_domain = dns_domain; netlogon->logon3.pdc_dns_name = pdc_dns_name; netlogon->logon3.pdc_ip = pdc_ip; netlogon->logon3.server_type = server_type; netlogon->logon3.lmnt_token = 0xFFFF; netlogon->logon3.lm20_token = 0xFFFF; break; case 4: case 5: case 6: case 7: netlogon->logon5.type = (user?23+2:23); netlogon->logon5.server_type = server_type; netlogon->logon5.domain_uuid = domain_uuid; netlogon->logon5.forest = realm; netlogon->logon5.dns_domain = dns_domain; netlogon->logon5.pdc_dns_name = pdc_dns_name; netlogon->logon5.domain = flatname; netlogon->logon5.pdc_name = lp_netbios_name(); netlogon->logon5.user_name = user; netlogon->logon5.server_site = server_site; netlogon->logon5.client_site = client_site; netlogon->logon5.lmnt_token = 0xFFFF; netlogon->logon5.lm20_token = 0xFFFF; break; default: netlogon->logon13.type = (user?23+2:23); netlogon->logon13.server_type = server_type; netlogon->logon13.domain_uuid = domain_uuid; netlogon->logon13.forest = realm; netlogon->logon13.dns_domain = dns_domain; netlogon->logon13.pdc_dns_name = pdc_dns_name; netlogon->logon13.domain = flatname; netlogon->logon13.pdc_name = lp_netbios_name(); netlogon->logon13.user_name = user; netlogon->logon13.server_site = server_site; netlogon->logon13.client_site = client_site; netlogon->logon13.unknown = 10; netlogon->logon13.unknown2 = 2; netlogon->logon13.pdc_ip = pdc_ip; netlogon->logon13.lmnt_token = 0xFFFF; netlogon->logon13.lm20_token = 0xFFFF; break; } return NT_STATUS_OK; }
static ADS_STATUS ads_guess_target(ADS_STRUCT *ads, char **service, char **hostname, char **principal) { ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY); char *princ = NULL; TALLOC_CTX *frame; char *server = NULL; char *realm = NULL; int rc; frame = talloc_stackframe(); if (frame == NULL) { return ADS_ERROR(LDAP_NO_MEMORY); } if (ads->server.realm && ads->server.ldap_server) { server = strlower_talloc(frame, ads->server.ldap_server); if (server == NULL) { goto out; } realm = strupper_talloc(frame, ads->server.realm); if (realm == NULL) { goto out; } /* * If we got a name which is bigger than a NetBIOS name, * but isn't a FQDN, create one. */ if (strlen(server) > 15 && strstr(server, ".") == NULL) { char *dnsdomain; dnsdomain = strlower_talloc(frame, ads->server.realm); if (dnsdomain == NULL) { goto out; } server = talloc_asprintf(frame, "%s.%s", server, dnsdomain); if (server == NULL) { goto out; } } } else if (ads->config.realm && ads->config.ldap_server_name) { server = strlower_talloc(frame, ads->config.ldap_server_name); if (server == NULL) { goto out; } realm = strupper_talloc(frame, ads->config.realm); if (realm == NULL) { goto out; } /* * If we got a name which is bigger than a NetBIOS name, * but isn't a FQDN, create one. */ if (strlen(server) > 15 && strstr(server, ".") == NULL) { char *dnsdomain; dnsdomain = strlower_talloc(frame, ads->server.realm); if (dnsdomain == NULL) { goto out; } server = talloc_asprintf(frame, "%s.%s", server, dnsdomain); if (server == NULL) { goto out; } } } if (server == NULL || realm == NULL) { goto out; } *service = SMB_STRDUP("ldap"); if (*service == NULL) { status = ADS_ERROR(LDAP_PARAM_ERROR); goto out; } *hostname = SMB_STRDUP(server); if (*hostname == NULL) { SAFE_FREE(*service); status = ADS_ERROR(LDAP_PARAM_ERROR); goto out; } rc = asprintf(&princ, "ldap/%s@%s", server, realm); if (rc == -1 || princ == NULL) { SAFE_FREE(*service); SAFE_FREE(*hostname); status = ADS_ERROR(LDAP_PARAM_ERROR); goto out; } *principal = princ; status = ADS_SUCCESS; out: TALLOC_FREE(frame); return status; }
/* * complete a domain join, when joining to a AD domain: * 1.) connect and bind to the DRSUAPI pipe * 2.) do a DsCrackNames() to find the machine account dn * 3.) connect to LDAP * 4.) do an ldap search to find the "msDS-KeyVersionNumber" of the machine account * 5.) set the servicePrincipalName's of the machine account via LDAP, (maybe we should use DsWriteAccountSpn()...) * 6.) do a DsCrackNames() to find the domain dn * 7.) find out Site specific stuff, look at libnet_JoinSite() for details */ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_JoinDomain *r) { NTSTATUS status; TALLOC_CTX *tmp_ctx; const char *realm = r->out.realm; struct dcerpc_binding *samr_binding = r->out.samr_binding; struct dcerpc_pipe *drsuapi_pipe; struct dcerpc_binding *drsuapi_binding; struct drsuapi_DsBind r_drsuapi_bind; struct drsuapi_DsCrackNames r_crack_names; struct drsuapi_DsNameString names[1]; struct policy_handle drsuapi_bind_handle; struct GUID drsuapi_bind_guid; struct ldb_context *remote_ldb; struct ldb_dn *account_dn; const char *account_dn_str; const char *remote_ldb_url; struct ldb_result *res; struct ldb_message *msg; int ret, rtn; const char * const attrs[] = { "msDS-KeyVersionNumber", "servicePrincipalName", "dNSHostName", "objectGUID", NULL, }; r->out.error_string = NULL; /* We need to convert between a samAccountName and domain to a * DN in the directory. The correct way to do this is with * DRSUAPI CrackNames */ /* Fiddle with the bindings, so get to DRSUAPI on * NCACN_IP_TCP, sealed */ tmp_ctx = talloc_named(r, 0, "libnet_JoinADSDomain temp context"); if (!tmp_ctx) { r->out.error_string = NULL; return NT_STATUS_NO_MEMORY; } drsuapi_binding = talloc_zero(tmp_ctx, struct dcerpc_binding); if (!drsuapi_binding) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } *drsuapi_binding = *samr_binding; /* DRSUAPI is only available on IP_TCP, and locally on NCALRPC */ if (drsuapi_binding->transport != NCALRPC) { drsuapi_binding->transport = NCACN_IP_TCP; } drsuapi_binding->endpoint = NULL; drsuapi_binding->flags |= DCERPC_SEAL; status = dcerpc_pipe_connect_b(tmp_ctx, &drsuapi_pipe, drsuapi_binding, &ndr_table_drsuapi, ctx->cred, ctx->event_ctx, ctx->lp_ctx); if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(r, "Connection to DRSUAPI pipe of PDC of domain '%s' failed: %s", r->out.domain_name, nt_errstr(status)); talloc_free(tmp_ctx); return status; } /* get a DRSUAPI pipe handle */ GUID_from_string(DRSUAPI_DS_BIND_GUID, &drsuapi_bind_guid); r_drsuapi_bind.in.bind_guid = &drsuapi_bind_guid; r_drsuapi_bind.in.bind_info = NULL; r_drsuapi_bind.out.bind_handle = &drsuapi_bind_handle; status = dcerpc_drsuapi_DsBind_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_drsuapi_bind); if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsBind failed - %s", nt_errstr(status)); talloc_free(tmp_ctx); return status; } else if (!W_ERROR_IS_OK(r_drsuapi_bind.out.result)) { r->out.error_string = talloc_asprintf(r, "DsBind failed - %s", win_errstr(r_drsuapi_bind.out.result)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* Actually 'crack' the names */ ZERO_STRUCT(r_crack_names); r_crack_names.in.bind_handle = &drsuapi_bind_handle; r_crack_names.in.level = 1; r_crack_names.in.req = talloc(r, union drsuapi_DsNameRequest); if (!r_crack_names.in.req) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } r_crack_names.in.req->req1.codepage = 1252; /* western european */ r_crack_names.in.req->req1.language = 0x00000407; /* german */ r_crack_names.in.req->req1.count = 1; r_crack_names.in.req->req1.names = names; r_crack_names.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS; r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY; r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = dom_sid_string(tmp_ctx, r->out.account_sid); if (!names[0].str) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } r_crack_names.out.ctr = talloc(r, union drsuapi_DsNameCtr); r_crack_names.out.level_out = talloc(r, uint32_t); if (!r_crack_names.out.ctr || !r_crack_names.out.level_out) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } status = dcerpc_drsuapi_DsCrackNames_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_crack_names); if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s", names[0].str, nt_errstr(status)); talloc_free(tmp_ctx); return status; } else if (!W_ERROR_IS_OK(r_crack_names.out.result)) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed - %s", win_errstr(r_crack_names.out.result)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } else if (*r_crack_names.out.level_out != 1 || !r_crack_names.out.ctr->ctr1 || r_crack_names.out.ctr->ctr1->count != 1) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed"); talloc_free(tmp_ctx); return NT_STATUS_INVALID_PARAMETER; } else if (r_crack_names.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: %d", r_crack_names.out.ctr->ctr1->array[0].status); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } else if (r_crack_names.out.ctr->ctr1->array[0].result_name == NULL) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed: no result name"); talloc_free(tmp_ctx); return NT_STATUS_INVALID_PARAMETER; } /* Store the DN of our machine account. */ account_dn_str = r_crack_names.out.ctr->ctr1->array[0].result_name; /* Now we know the user's DN, open with LDAP, read and modify a few things */ remote_ldb_url = talloc_asprintf(tmp_ctx, "ldap://%s", drsuapi_binding->target_hostname); if (!remote_ldb_url) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } remote_ldb = ldb_wrap_connect(tmp_ctx, ctx->event_ctx, ctx->lp_ctx, remote_ldb_url, NULL, ctx->cred, 0); if (!remote_ldb) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } account_dn = ldb_dn_new(tmp_ctx, remote_ldb, account_dn_str); if (account_dn == NULL) { r->out.error_string = talloc_asprintf(r, "Invalid account dn: %s", account_dn_str); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* search for the user's record */ ret = ldb_search(remote_ldb, tmp_ctx, &res, account_dn, LDB_SCOPE_BASE, attrs, NULL); if (ret != LDB_SUCCESS) { r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s", account_dn_str, ldb_errstring(remote_ldb)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } if (res->count != 1) { r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - found %d entries", account_dn_str, res->count); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* Prepare a new message, for the modify */ msg = ldb_msg_new(tmp_ctx); if (!msg) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } msg->dn = res->msgs[0]->dn; { unsigned int i; const char *service_principal_name[2]; const char *dns_host_name = strlower_talloc(msg, talloc_asprintf(msg, "%s.%s", r->in.netbios_name, realm)); if (!dns_host_name) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } service_principal_name[0] = talloc_asprintf(msg, "HOST/%s", dns_host_name); service_principal_name[1] = talloc_asprintf(msg, "HOST/%s", r->in.netbios_name); for (i=0; i < ARRAY_SIZE(service_principal_name); i++) { if (!service_principal_name[i]) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } rtn = ldb_msg_add_string(msg, "servicePrincipalName", service_principal_name[i]); if (rtn != LDB_SUCCESS) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } } rtn = ldb_msg_add_string(msg, "dNSHostName", dns_host_name); if (rtn != LDB_SUCCESS) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } rtn = dsdb_replace(remote_ldb, msg, 0); if (rtn != LDB_SUCCESS) { r->out.error_string = talloc_asprintf(r, "Failed to replace entries on %s", ldb_dn_get_linearized(msg->dn)); talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } } msg = ldb_msg_new(tmp_ctx); if (!msg) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } msg->dn = res->msgs[0]->dn; rtn = samdb_msg_add_uint(remote_ldb, msg, msg, "msDS-SupportedEncryptionTypes", ENC_ALL_TYPES); if (rtn != LDB_SUCCESS) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } rtn = dsdb_replace(remote_ldb, msg, 0); /* The remote server may not support this attribute, if it * isn't a modern schema */ if (rtn != LDB_SUCCESS && rtn != LDB_ERR_NO_SUCH_ATTRIBUTE) { r->out.error_string = talloc_asprintf(r, "Failed to replace msDS-SupportedEncryptionTypes on %s", ldb_dn_get_linearized(msg->dn)); talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } /* DsCrackNames to find out the DN of the domain. */ r_crack_names.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r_crack_names.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = talloc_asprintf(tmp_ctx, "%s\\", r->out.domain_name); if (!names[0].str) { r->out.error_string = NULL; talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } status = dcerpc_drsuapi_DsCrackNames_r(drsuapi_pipe->binding_handle, tmp_ctx, &r_crack_names); if (!NT_STATUS_IS_OK(status)) { r->out.error_string = talloc_asprintf(r, "dcerpc_drsuapi_DsCrackNames for [%s] failed - %s", r->in.domain_name, nt_errstr(status)); talloc_free(tmp_ctx); return status; } else if (!W_ERROR_IS_OK(r_crack_names.out.result)) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed - %s", win_errstr(r_crack_names.out.result)); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } else if (*r_crack_names.out.level_out != 1 || !r_crack_names.out.ctr->ctr1 || r_crack_names.out.ctr->ctr1->count != 1 || !r_crack_names.out.ctr->ctr1->array[0].result_name || r_crack_names.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { r->out.error_string = talloc_asprintf(r, "DsCrackNames failed"); talloc_free(tmp_ctx); return NT_STATUS_UNSUCCESSFUL; } /* Store the account DN. */ r->out.account_dn_str = account_dn_str; talloc_steal(r, account_dn_str); /* Store the domain DN. */ r->out.domain_dn_str = r_crack_names.out.ctr->ctr1->array[0].result_name; talloc_steal(r, r_crack_names.out.ctr->ctr1->array[0].result_name); /* Store the KVNO of the account, critical for some kerberos * operations */ r->out.kvno = ldb_msg_find_attr_as_uint(res->msgs[0], "msDS-KeyVersionNumber", 0); /* Store the account GUID. */ r->out.account_guid = samdb_result_guid(res->msgs[0], "objectGUID"); if (r->in.acct_type == ACB_SVRTRUST) { status = libnet_JoinSite(ctx, remote_ldb, r); } talloc_free(tmp_ctx); return status; }
/* read a directory and find all matching file names and stat info returned names are separate unix and DOS names. The returned names are relative to the directory */ struct cifspsx_dir *cifspsx_list_unix(TALLOC_CTX *mem_ctx, struct ntvfs_request *req, const char *unix_path) { char *p, *mask; struct cifspsx_dir *dir; DIR *odir; struct dirent *dent; unsigned int allocated = 0; char *low_mask; dir = talloc(mem_ctx, struct cifspsx_dir); if (!dir) { return NULL; } dir->count = 0; dir->files = 0; /* find the base directory */ p = strrchr(unix_path, '/'); if (!p) { return NULL; } dir->unix_dir = talloc_strndup(mem_ctx, unix_path, PTR_DIFF(p, unix_path)); if (!dir->unix_dir) { return NULL; } /* the wildcard pattern is the last part */ mask = p+1; low_mask = strlower_talloc(mem_ctx, mask); if (!low_mask) { return NULL; } odir = opendir(dir->unix_dir); if (!odir) { return NULL; } while ((dent = readdir(odir))) { unsigned int i = dir->count; char *full_name; char *low_name; int ret; if (strchr(dent->d_name, ':') && !strchr(unix_path, ':')) { /* don't show streams in dir listing */ continue; } low_name = strlower_talloc(mem_ctx, dent->d_name); if (!low_name) { continue; } /* check it matches the wildcard pattern */ if (ms_fnmatch_protocol(low_mask, low_name, PROTOCOL_NT1) != 0) { continue; } if (dir->count >= allocated) { allocated = (allocated + 100) * 1.2; dir->files = talloc_realloc(dir, dir->files, struct cifspsx_dirfile, allocated); if (!dir->files) { closedir(odir); return NULL; } } dir->files[i].name = low_name; if (!dir->files[i].name) { continue; } ret = asprintf(&full_name, "%s/%s", dir->unix_dir, dir->files[i].name); if (ret == -1) { continue; } if (!full_name) { continue; } if (stat(full_name, &dir->files[i].st) == 0) { dir->count++; } free(full_name); }
static int net_conf_setparm(struct net_context *c, struct smbconf_ctx *conf_ctx, int argc, const char **argv) { int ret = -1; sbcErr err; char *service = NULL; char *param = NULL; const char *value_str = NULL; TALLOC_CTX *mem_ctx = talloc_stackframe(); if (argc != 3 || c->display_usage) { net_conf_setparm_usage(c, argc, argv); goto done; } /* * NULL service name means "dangling parameters" to libsmbconf. * We use the empty string from the command line for this purpose. */ if (strlen(argv[0]) != 0) { service = talloc_strdup(mem_ctx, argv[0]); if (service == NULL) { d_printf(_("error: out of memory!\n")); goto done; } } param = strlower_talloc(mem_ctx, argv[1]); if (param == NULL) { d_printf(_("error: out of memory!\n")); goto done; } value_str = argv[2]; if (!net_conf_param_valid(service,param, value_str)) { goto done; } err = smbconf_transaction_start(conf_ctx); if (!SBC_ERROR_IS_OK(err)) { d_printf(_("error starting transaction: %s\n"), sbcErrorString(err)); goto done; } if (!smbconf_share_exists(conf_ctx, service)) { err = smbconf_create_share(conf_ctx, service); if (!SBC_ERROR_IS_OK(err)) { d_fprintf(stderr, _("Error creating share '%s': %s\n"), service, sbcErrorString(err)); goto cancel; } } err = smbconf_set_parameter(conf_ctx, service, param, value_str); if (!SBC_ERROR_IS_OK(err)) { d_fprintf(stderr, _("Error setting value '%s': %s\n"), param, sbcErrorString(err)); goto cancel; } err = smbconf_transaction_commit(conf_ctx); if (!SBC_ERROR_IS_OK(err)) { d_printf(_("error committing transaction: %s\n"), sbcErrorString(err)); } else { ret = 0; } goto done; cancel: err = smbconf_transaction_cancel(conf_ctx); if (!SBC_ERROR_IS_OK(err)) { d_printf(_("error cancelling transaction: %s\n"), sbcErrorString(err)); } done: TALLOC_FREE(mem_ctx); return ret; }