diff options
author | Karolin Seeger <kseeger@samba.org> | 2008-02-29 10:44:38 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2008-02-29 10:44:38 +0100 |
commit | c4fbe2846231a6b322c1094c6a1dbf93b7305768 (patch) | |
tree | 09eb77a294f4acda131b41fe4c9bec4ed175eb16 /source3/rpc_client | |
parent | 1a6415fc77c708b87c8e2ce6e7828f486ffc87ac (diff) | |
parent | 695b6662abe64a40061bfa05ede12173fc4b1945 (diff) | |
download | samba-c4fbe2846231a6b322c1094c6a1dbf93b7305768.tar.gz samba-c4fbe2846231a6b322c1094c6a1dbf93b7305768.tar.bz2 samba-c4fbe2846231a6b322c1094c6a1dbf93b7305768.zip |
Merge commit 'origin/v3-2-test' into v3-2-stable
Conflicts:
WHATSNEW.txt
(This used to be commit a390bcf9403df4cf4d5eef42b35ebccbe253882e)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_ds.c | 138 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 1099 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 1175 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 7 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 2071 | ||||
-rw-r--r-- | source3/rpc_client/cli_svcctl.c | 211 | ||||
-rw-r--r-- | source3/rpc_client/init_lsa.c | 126 | ||||
-rw-r--r-- | source3/rpc_client/init_netlogon.c | 220 | ||||
-rw-r--r-- | source3/rpc_client/init_samr.c | 461 |
9 files changed, 1327 insertions, 4181 deletions
diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c deleted file mode 100644 index 71516b89f2..0000000000 --- a/source3/rpc_client/cli_ds.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - Copyright (C) Gerald Carter 2002, - Copyright (C) Jeremy Allison 2005. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -/* implementations of client side DsXXX() functions */ - -/******************************************************************** - Get information about the server and directory services -********************************************************************/ - -NTSTATUS rpccli_ds_getprimarydominfo(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - uint16 level, DS_DOMINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - DS_Q_GETPRIMDOMINFO q; - DS_R_GETPRIMDOMINFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - q.level = level; - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC_DS, DS_GETPRIMDOMINFO, - q, r, - qbuf, rbuf, - ds_io_q_getprimdominfo, - ds_io_r_getprimdominfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return basic info - if we are requesting at info != 1 then - there could be trouble. */ - - result = r.status; - - if ( r.ptr && ctr ) { - ctr->basic = TALLOC_P(mem_ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC); - if (!ctr->basic) - goto done; - memcpy(ctr->basic, r.info.basic, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC)); - } - -done: - - return result; -} - -/******************************************************************** - Enumerate trusted domains in an AD forest -********************************************************************/ - -NTSTATUS rpccli_ds_enum_domain_trusts(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server, uint32 flags, - struct ds_domain_trust **trusts, - uint32 *num_domains) -{ - prs_struct qbuf, rbuf; - DS_Q_ENUM_DOM_TRUSTS q; - DS_R_ENUM_DOM_TRUSTS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_ds_enum_domain_trusts( &q, server, flags ); - - CLI_DO_RPC( cli, mem_ctx, PI_NETLOGON, DS_ENUM_DOM_TRUSTS, - q, r, - qbuf, rbuf, - ds_io_q_enum_domain_trusts, - ds_io_r_enum_domain_trusts, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if ( NT_STATUS_IS_OK(result) ) { - int i; - - *num_domains = r.num_domains; - if (r.num_domains) { - *trusts = TALLOC_ARRAY(mem_ctx, struct ds_domain_trust, r.num_domains); - - if (*trusts == NULL) { - return NT_STATUS_NO_MEMORY; - } - } else { - *trusts = NULL; - } - - for ( i=0; i< *num_domains; i++ ) { - (*trusts)[i].flags = r.domains.trusts[i].flags; - (*trusts)[i].parent_index = r.domains.trusts[i].parent_index; - (*trusts)[i].trust_type = r.domains.trusts[i].trust_type; - (*trusts)[i].trust_attributes = r.domains.trusts[i].trust_attributes; - (*trusts)[i].guid = r.domains.trusts[i].guid; - - if (r.domains.trusts[i].sid_ptr) { - sid_copy(&(*trusts)[i].sid, &r.domains.trusts[i].sid.sid); - } else { - ZERO_STRUCT((*trusts)[i].sid); - } - - if (r.domains.trusts[i].netbios_ptr) { - (*trusts)[i].netbios_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].netbios_domain ); - } else { - (*trusts)[i].netbios_domain = NULL; - } - - if (r.domains.trusts[i].dns_ptr) { - (*trusts)[i].dns_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].dns_domain ); - } else { - (*trusts)[i].dns_domain = NULL; - } - } - } - - return result; -} diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 286cc210e2..2759881dd3 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -6,6 +6,7 @@ Copyright (C) Rafal Szczesniak 2002 Copyright (C) Jeremy Allison 2005. Copyright (C) Michael Adam 2007. + Copyright (C) Guenther Deschner 2008. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -45,42 +46,34 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, bool sec_qos, uint32 des_access, POLICY_HND *pol) { - prs_struct qbuf, rbuf; - LSA_Q_OPEN_POL q; - LSA_R_OPEN_POL r; - LSA_SEC_QOS qos; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; + uint16_t system_name = '\\'; if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol(&q, '\\', 0, des_access, &qos); + init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + &qos); } else { - init_q_open_pol(&q, '\\', 0, des_access, NULL); - } - - /* Marshall data and send request */ - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_open_pol, - lsa_io_r_open_pol, - NT_STATUS_UNSUCCESSFUL ); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *pol = r.pol; - } - - return result; + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + NULL); + } + + return rpccli_lsa_OpenPolicy(cli, mem_ctx, + &system_name, + &attr, + des_access, + pol); } /** Open a LSA policy handle @@ -92,39 +85,34 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, bool sec_qos, uint32 des_access, POLICY_HND *pol) { - prs_struct qbuf, rbuf; - LSA_Q_OPEN_POL2 q; - LSA_R_OPEN_POL2 r; - LSA_SEC_QOS qos; - NTSTATUS result; + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); - ZERO_STRUCT(q); - ZERO_STRUCT(r); - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0); - init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos); + init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + &qos); } else { - init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL); - } - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2, - q, r, - qbuf, rbuf, - lsa_io_q_open_pol2, - lsa_io_r_open_pol2, - NT_STATUS_UNSUCCESSFUL ); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *pol = r.pol; - } - - return result; + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + NULL); + } + + return rpccli_lsa_OpenPolicy2(cli, mem_ctx, + srv_name_slash, + &attr, + des_access, + pol); } /* Lookup a list of sids @@ -141,13 +129,16 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, char **names, enum lsa_SidType *types) { - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_SIDS q; - LSA_R_LOOKUP_SIDS r; - DOM_R_REF ref; NTSTATUS result = NT_STATUS_OK; TALLOC_CTX *tmp_ctx = NULL; int i; + struct lsa_SidArray sid_array; + struct lsa_RefDomainList *ref_domains = NULL; + struct lsa_TransNameArray lsa_names; + uint32_t count = 0; + uint16_t level = 1; + + ZERO_STRUCT(lsa_names); tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -156,38 +147,42 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, goto done; } - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1); - - ZERO_STRUCT(ref); + sid_array.num_sids = num_sids; + sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids); + if (!sid_array.sids) { + return NT_STATUS_NO_MEMORY; + } - r.dom_ref = &ref; + for (i = 0; i<num_sids; i++) { + sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]); + if (!sid_array.sids[i].sid) { + return NT_STATUS_NO_MEMORY; + } + } - CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_sids, - lsa_io_r_lookup_sids, - NT_STATUS_UNSUCCESSFUL ); + result = rpccli_lsa_LookupSids(cli, mem_ctx, + pol, + &sid_array, + &ref_domains, + &lsa_names, + level, + &count); DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n", - nt_errstr(r.status), r.mapped_count)); + nt_errstr(result), count)); - if (!NT_STATUS_IS_OK(r.status) && - !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) && - !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED)) + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && + !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { /* An actual error occured */ - result = r.status; goto done; } /* Return output parameters */ - if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) || - (r.mapped_count == 0)) + if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || + (count == 0)) { for (i = 0; i < num_sids; i++) { (names)[i] = NULL; @@ -199,21 +194,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, } for (i = 0; i < num_sids; i++) { - fstring name, dom_name; - uint32 dom_idx = r.names.name[i].domain_idx; + const char *name, *dom_name; + uint32_t dom_idx = lsa_names.names[i].sid_index; /* Translate optimised name through domain index array */ if (dom_idx != 0xffffffff) { - rpcstr_pull_unistr2_fstring( - dom_name, &ref.ref_dom[dom_idx].uni_dom_name); - rpcstr_pull_unistr2_fstring( - name, &r.names.uni_name[i]); + dom_name = ref_domains->domains[dom_idx].name.string; + name = lsa_names.names[i].name.string; (names)[i] = talloc_strdup(mem_ctx, name); (domains)[i] = talloc_strdup(mem_ctx, dom_name); - (types)[i] = r.names.name[i].sid_name_use; + (types)[i] = lsa_names.names[i].sid_type; if (((names)[i] == NULL) || ((domains)[i] == NULL)) { DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); @@ -361,29 +354,32 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, DOM_SID **sids, enum lsa_SidType **types) { - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_NAMES q; - LSA_R_LOOKUP_NAMES r; - DOM_R_REF ref; NTSTATUS result; int i; + struct lsa_String *lsa_names = NULL; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TransSidArray sid_array; + uint32_t count = 0; - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - ZERO_STRUCT(ref); - r.dom_ref = &ref; + ZERO_STRUCT(sid_array); - init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level); + lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names); + if (!lsa_names) { + return NT_STATUS_NO_MEMORY; + } - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_names, - lsa_io_r_lookup_names, - NT_STATUS_UNSUCCESSFUL); + for (i=0; i<num_names; i++) { + init_lsa_String(&lsa_names[i], names[i]); + } - result = r.status; + result = rpccli_lsa_LookupNames(cli, mem_ctx, + pol, + num_names, + lsa_names, + &domains, + &sid_array, + level, + &count); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) { @@ -395,7 +391,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, /* Return output parameters */ - if (r.mapped_count == 0) { + if (count == 0) { result = NT_STATUS_NONE_MAPPED; goto done; } @@ -430,9 +426,8 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, } for (i = 0; i < num_names; i++) { - DOM_RID *t_rids = r.dom_rid; - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; + uint32_t dom_idx = sid_array.sids[i].sid_index; + uint32_t dom_rid = sid_array.sids[i].rid; DOM_SID *sid = &(*sids)[i]; /* Translate optimised sid through domain index array */ @@ -444,896 +439,26 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, continue; } - sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + sid_copy(sid, domains->domains[dom_idx].sid); if (dom_rid != 0xffffffff) { sid_append_rid(sid, dom_rid); } - (*types)[i] = t_rids[i].type; + (*types)[i] = sid_array.sids[i].sid_type; if (dom_names == NULL) { continue; } - (*dom_names)[i] = rpcstr_pull_unistr2_talloc( - *dom_names, &ref.ref_dom[dom_idx].uni_dom_name); - } - - done: - - return result; -} - -NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO q; - LSA_R_QUERY_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query(&q, pol, info_class); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_query, - lsa_io_r_query, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - done: - - *ctr = r.ctr; - - return result; -} - -NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - LSA_INFO_CTR2 *ctr) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO2 q; - LSA_R_QUERY_INFO2 r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query2(&q, pol, info_class); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, - q, r, - qbuf, rbuf, - lsa_io_q_query_info2, - lsa_io_r_query_info2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - done: - - *ctr = r.ctr; - - return result; -} - - - -/** Query info policy - * - * @param domain_sid - returned remote server's domain sid */ - -NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - const char **domain_name, - DOM_SID **domain_sid) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO q; - LSA_R_QUERY_INFO r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query(&q, pol, info_class); - - CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY, - q, r, - qbuf, rbuf, - lsa_io_q_query, - lsa_io_r_query, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - switch (info_class) { - - case 3: - if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { - *domain_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id3. - uni_domain_name); - if (!*domain_name) { - return NT_STATUS_NO_MEMORY; - } - } - - if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) { - *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (!*domain_sid) { - return NT_STATUS_NO_MEMORY; - } - sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid); - } - - break; - - case 5: - - if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { - *domain_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id5. - uni_domain_name); - if (!*domain_name) { - return NT_STATUS_NO_MEMORY; - } - } - - if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) { - *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (!*domain_sid) { - return NT_STATUS_NO_MEMORY; - } - sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid); - } - break; - - default: - DEBUG(3, ("unknown info class %d\n", info_class)); - break; - } - - done: - - return result; -} - -/** Query info policy2 - * - * @param domain_name - returned remote server's domain name - * @param dns_name - returned remote server's dns domain name - * @param forest_name - returned remote server's forest name - * @param domain_guid - returned remote server's domain guid - * @param domain_sid - returned remote server's domain sid */ - -NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 info_class, - const char **domain_name, - const char **dns_name, - const char **forest_name, - struct GUID **domain_guid, - DOM_SID **domain_sid) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_INFO2 q; - LSA_R_QUERY_INFO2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - if (info_class != 12) - goto done; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_query2(&q, pol, info_class); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2, - q, r, - qbuf, rbuf, - lsa_io_q_query_info2, - lsa_io_r_query_info2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - ZERO_STRUCTP(domain_guid); - - if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { - *domain_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id12 - .uni_nb_dom_name); - if (!*domain_name) { - return NT_STATUS_NO_MEMORY; - } - } - if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { - *dns_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id12 - .uni_dns_dom_name); - if (!*dns_name) { - return NT_STATUS_NO_MEMORY; - } - } - if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { - *forest_name = unistr2_to_ascii_talloc(mem_ctx, - &r.ctr.info.id12 - .uni_forest_name); - if (!*forest_name) { - return NT_STATUS_NO_MEMORY; - } - } - - if (domain_guid) { - *domain_guid = TALLOC_P(mem_ctx, struct GUID); - if (!*domain_guid) { - return NT_STATUS_NO_MEMORY; - } - memcpy(*domain_guid, - &r.ctr.info.id12.dom_guid, - sizeof(struct GUID)); - } - - if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) { - *domain_sid = TALLOC_P(mem_ctx, DOM_SID); - if (!*domain_sid) { - return NT_STATUS_NO_MEMORY; - } - sid_copy(*domain_sid, - &r.ctr.info.id12.dom_sid.sid); - } - - done: - - return result; -} - -/** - * Enumerate list of trusted domains - * - * @param cli client state (cli_state) structure of the connection - * @param mem_ctx memory context - * @param pol opened lsa policy handle - * @param enum_ctx enumeration context ie. index of first returned domain entry - * @param pref_num_domains preferred max number of entries returned in one response - * @param num_domains total number of trusted domains returned by response - * @param domain_names returned trusted domain names - * @param domain_sids returned trusted domain sids - * - * @return nt status code of response - **/ - -NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, - uint32 *num_domains, - char ***domain_names, DOM_SID **domain_sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_TRUST_DOM in; - LSA_R_ENUM_TRUST_DOM out; - int i; - fstring tmp; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - /* 64k is enough for about 2000 trusted domains */ - - init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, - in, out, - qbuf, rbuf, - lsa_io_q_enum_trust_dom, - lsa_io_r_enum_trust_dom, - NT_STATUS_UNSUCCESSFUL ); - - - /* check for an actual error */ - - if ( !NT_STATUS_IS_OK(out.status) - && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) - && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) ) - { - return out.status; - } - - /* Return output parameters */ - - *num_domains = out.count; - *enum_ctx = out.enum_context; - - if ( out.count ) { - - /* Allocate memory for trusted domain names and sids */ - - if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) { - DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - return NT_STATUS_NO_MEMORY; - } - - if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) { - DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Copy across names and sids */ - - for (i = 0; i < out.count; i++) { - - rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, - sizeof(tmp), out.domlist->domains[i].name.length, 0); - (*domain_names)[i] = talloc_strdup(mem_ctx, tmp); - - sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid ); - } - } - - return out.status; -} - -/** Enumerate privileges*/ - -NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length, - uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_PRIVS q; - LSA_R_ENUM_PRIVS r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_enum_privs(&q, pol, *enum_context, pref_max_length); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS, - q, r, - qbuf, rbuf, - lsa_io_q_enum_privs, - lsa_io_r_enum_privs, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - *enum_context = r.enum_context; - *count = r.count; - - if (r.count) { - if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - } else { - *privs_name = NULL; - *privs_high = NULL; - *privs_low = NULL; - } - - for (i = 0; i < r.count; i++) { - fstring name; - - rpcstr_pull_unistr2_fstring( name, &r.privs[i].name); - - (*privs_name)[i] = talloc_strdup(mem_ctx, name); - - (*privs_high)[i] = r.privs[i].luid_high; - (*privs_low)[i] = r.privs[i].luid_low; - } - - done: - - return result; -} - -/** Get privilege name */ - -NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *name, - uint16 lang_id, uint16 lang_id_sys, - fstring description, uint16 *lang_id_desc) -{ - prs_struct qbuf, rbuf; - LSA_Q_PRIV_GET_DISPNAME q; - LSA_R_PRIV_GET_DISPNAME r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME, - q, r, - qbuf, rbuf, - lsa_io_q_priv_get_dispname, - lsa_io_r_priv_get_dispname, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - rpcstr_pull_unistr2_fstring(description , &r.desc); - *lang_id_desc = r.lang_id; - - done: - - return result; -} - -/** Enumerate list of SIDs */ - -NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, - uint32 *num_sids, DOM_SID **sids) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_ACCOUNTS q; - LSA_R_ENUM_ACCOUNTS r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS, - q, r, - qbuf, rbuf, - lsa_io_q_enum_accounts, - lsa_io_r_enum_accounts, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - if (r.sids.num_entries==0) - goto done; - - /* Return output parameters */ - - *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries); - if (!*sids) { - DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Copy across names and sids */ - - for (i = 0; i < r.sids.num_entries; i++) { - sid_copy(&(*sids)[i], &r.sids.sid[i].sid); - } - - *num_sids= r.sids.num_entries; - *enum_ctx = r.enum_context; - - done: - - return result; -} - -/** Create a LSA user handle - * - * @param cli Handle on an initialised SMB connection - * - * FIXME: The code is actually identical to open account - * TODO: Check and code what the function should exactly do - * - * */ - -NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_CREATEACCOUNT q; - LSA_R_CREATEACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_create_account(&q, dom_pol, sid, desired_access); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT, - q, r, - qbuf, rbuf, - lsa_io_q_create_account, - lsa_io_r_create_account, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *user_pol = r.pol; - } - - return result; -} - -/** Open a LSA user handle - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_OPENACCOUNT q; - LSA_R_OPENACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_open_account(&q, dom_pol, sid, des_access); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT, - q, r, - qbuf, rbuf, - lsa_io_q_open_account, - lsa_io_r_open_account, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *user_pol = r.pol; - } - - return result; -} - -/** Enumerate user privileges - * - * @param cli Handle on an initialised SMB connection */ - -NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *count, LUID_ATTR **set) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUMPRIVSACCOUNT q; - LSA_R_ENUMPRIVSACCOUNT r; - NTSTATUS result; - int i; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - init_lsa_q_enum_privsaccount(&q, pol); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT, - q, r, - qbuf, rbuf, - lsa_io_q_enum_privsaccount, - lsa_io_r_enum_privsaccount, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - if (r.count == 0) - goto done; - - if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i=0; i<r.count; i++) { - (*set)[i].luid.low = r.set.set[i].luid.low; - (*set)[i].luid.high = r.set.set[i].luid.high; - (*set)[i].attr = r.set.set[i].attr; + (*dom_names)[i] = domains->domains[dom_idx].name.string; } - *count=r.count; done: return result; } -/** Get a privilege value given its name */ - -NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, const char *name, LUID *luid) -{ - prs_struct qbuf, rbuf; - LSA_Q_LOOKUP_PRIV_VALUE q; - LSA_R_LOOKUP_PRIV_VALUE r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_lsa_q_lookup_priv_value(&q, pol, name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE, - q, r, - qbuf, rbuf, - lsa_io_q_lookup_priv_value, - lsa_io_r_lookup_priv_value, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - (*luid).low=r.luid.low; - (*luid).high=r.luid.high; - - done: - - return result; -} - -/** Query LSA security object */ - -NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 sec_info, - SEC_DESC_BUF **psdb) -{ - prs_struct qbuf, rbuf; - LSA_Q_QUERY_SEC_OBJ q; - LSA_R_QUERY_SEC_OBJ r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_q_query_sec_obj(&q, pol, sec_info); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ, - q, r, - qbuf, rbuf, - lsa_io_q_query_sec_obj, - lsa_io_r_query_sec_obj, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - /* Return output parameters */ - - if (psdb) - *psdb = r.buf; - - done: - - return result; -} - - -/* Enumerate account rights This is similar to enum_privileges but - takes a SID directly, avoiding the open_account call. -*/ - -NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID *sid, - uint32 *count, char ***priv_names) -{ - prs_struct qbuf, rbuf; - LSA_Q_ENUM_ACCT_RIGHTS q; - LSA_R_ENUM_ACCT_RIGHTS r; - NTSTATUS result; - int i; - fstring *privileges; - char **names; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - init_q_enum_acct_rights(&q, pol, 2, sid); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS, - q, r, - qbuf, rbuf, - lsa_io_q_enum_acct_rights, - lsa_io_r_enum_acct_rights, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } - - *count = r.count; - if (! *count) { - goto done; - } - - - privileges = TALLOC_ARRAY( mem_ctx, fstring, *count ); - names = TALLOC_ARRAY( mem_ctx, char *, *count ); - - if ((privileges == NULL) || (names == NULL)) { - TALLOC_FREE(privileges); - TALLOC_FREE(names); - return NT_STATUS_NO_MEMORY; - } - - for ( i=0; i<*count; i++ ) { - UNISTR4 *uni_string = &r.rights->strings[i]; - - if ( !uni_string->string ) - continue; - - rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE ); - - /* now copy to the return array */ - names[i] = talloc_strdup( mem_ctx, privileges[i] ); - } - - *priv_names = names; - -done: - - return result; -} - - - -/* add account rights to an account. */ - -NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, - uint32 count, const char **privs_name) -{ - prs_struct qbuf, rbuf; - LSA_Q_ADD_ACCT_RIGHTS q; - LSA_R_ADD_ACCT_RIGHTS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - init_q_add_acct_rights(&q, pol, &sid, count, privs_name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS, - q, r, - qbuf, rbuf, - lsa_io_q_add_acct_rights, - lsa_io_r_add_acct_rights, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } -done: - - return result; -} - - -/* remove account rights for an account. */ - -NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, DOM_SID sid, bool removeall, - uint32 count, const char **privs_name) -{ - prs_struct qbuf, rbuf; - LSA_Q_REMOVE_ACCT_RIGHTS q; - LSA_R_REMOVE_ACCT_RIGHTS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name); - - CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS, - q, r, - qbuf, rbuf, - lsa_io_q_remove_acct_rights, - lsa_io_r_remove_acct_rights, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - goto done; - } -done: - - return result; -} - - #if 0 /** An example of how to use the routines in this file. Fetch a DOMAIN diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index e192e4ca26..2af514320e 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -1,20 +1,21 @@ -/* +/* Unix SMB/CIFS implementation. NT Domain Authentication SMB / MSRPC client Copyright (C) Andrew Tridgell 1992-2000 Copyright (C) Jeremy Allison 1998. Largely re-written by Jeremy Allison (C) 2005. + Copyright (C) Guenther Deschner 2008. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -27,57 +28,19 @@ private data. Only call this via rpccli_netlogon_setup_creds(). JRA. */ -static NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *clnt_name, - const DOM_CHAL *clnt_chal_in, - DOM_CHAL *srv_chal_out) -{ - prs_struct qbuf, rbuf; - NET_Q_REQ_CHAL q; - NET_R_REQ_CHAL r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* create and send a MSRPC command with api NET_REQCHAL */ - - DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n", - clnt_name, server_name)); - - /* store the parameters */ - init_q_req_chal(&q, server_name, clnt_name, clnt_chal_in); - - /* Marshall data and send request */ - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_REQCHAL, - q, r, - qbuf, rbuf, - net_io_q_req_chal, - net_io_r_req_chal, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - /* Return result */ - - if (NT_STATUS_IS_OK(result)) { - /* Store the returned server challenge. */ - *srv_chal_out = r.srv_chal; - } - - return result; -} +/* instead of rpccli_net_req_chal() we use rpccli_netr_ServerReqChallenge() now - gd */ #if 0 /**************************************************************************** LSA Authenticate 2 Send the client credential, receive back a server credential. -Ensure that the server credential returned matches the session key +Ensure that the server credential returned matches the session key encrypt of the server challenge originally received. JRA. ****************************************************************************/ - NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, - uint16 sec_chan, + NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, + uint16 sec_chan, uint32 *neg_flags, DOM_CHAL *srv_chal) { prs_struct qbuf, rbuf; @@ -90,7 +53,7 @@ encrypt of the server challenge originally received. JRA. fstr_sprintf( machine_acct, "%s$", lp_workgroup() ); else fstrcpy( machine_acct, cli->mach_acct ); - + /* create and send a MSRPC command with api NET_AUTH2 */ DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", @@ -99,8 +62,8 @@ encrypt of the server challenge originally received. JRA. /* store the parameters */ - init_q_auth_2(&q, cli->srv_name_slash, machine_acct, - sec_chan, global_myname(), &cli->clnt_cred.challenge, + init_q_auth_2(&q, cli->srv_name_slash, machine_acct, + sec_chan, global_myname(), &cli->clnt_cred.challenge, *neg_flags); /* turn parameters into data stream */ @@ -116,7 +79,7 @@ encrypt of the server challenge originally received. JRA. if (NT_STATUS_IS_OK(result)) { UTIME zerotime; - + /* * Check the returned value using the initial * server received challenge. @@ -143,106 +106,12 @@ password ?).\n", cli->cli->desthost )); LSA Authenticate 2 Send the client credential, receive back a server credential. - The caller *must* ensure that the server credential returned matches the session key - encrypt of the server challenge originally received. JRA. -****************************************************************************/ - -static NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *account_name, - uint16 sec_chan_type, - const char *computer_name, - uint32 *neg_flags_inout, - const DOM_CHAL *clnt_chal_in, - DOM_CHAL *srv_chal_out) -{ - prs_struct qbuf, rbuf; - NET_Q_AUTH_2 q; - NET_R_AUTH_2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* create and send a MSRPC command with api NET_AUTH2 */ - - DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", - server_name, account_name, sec_chan_type, computer_name, - *neg_flags_inout)); - - /* store the parameters */ - - init_q_auth_2(&q, server_name, account_name, sec_chan_type, - computer_name, clnt_chal_in, *neg_flags_inout); - - /* turn parameters into data stream */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2, - q, r, - qbuf, rbuf, - net_io_q_auth_2, - net_io_r_auth_2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - *srv_chal_out = r.srv_chal; - *neg_flags_inout = r.srv_flgs.neg_flags; - } - - return result; -} - -#if 0 /* not currebntly used */ -/**************************************************************************** - LSA Authenticate 3 - - Send the client credential, receive back a server credential. - The caller *must* ensure that the server credential returned matches the session key + The caller *must* ensure that the server credential returned matches the session key encrypt of the server challenge originally received. JRA. ****************************************************************************/ -static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *account_name, - uint16 sec_chan_type, - const char *computer_name, - uint32 *neg_flags_inout, - const DOM_CHAL *clnt_chal_in, - DOM_CHAL *srv_chal_out) -{ - prs_struct qbuf, rbuf; - NET_Q_AUTH_3 q; - NET_R_AUTH_3 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - /* create and send a MSRPC command with api NET_AUTH2 */ - - DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n", - server_name, account_name, sec_chan_type, computer_name, - credstr(clnt_chal_in->data), *neg_flags_inout)); - - /* store the parameters */ - init_q_auth_3(&q, server_name, account_name, sec_chan_type, - computer_name, clnt_chal_in, *neg_flags_inout); - - /* turn parameters into data stream */ +/* instead of rpccli_net_auth2() we use rpccli_netr_ServerAuthenticate2() now - gd */ - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH3, - q, r, - qbuf, rbuf, - net_io_q_auth_3, - net_io_r_auth_3, - NT_STATUS_UNSUCCESSFUL); - - if (NT_STATUS_IS_OK(result)) { - *srv_chal_out = r.srv_chal; - *neg_flags_inout = r.srv_flgs.neg_flags; - } - - return result; -} -#endif /* not currebntly used */ /**************************************************************************** Wrapper function that uses the auth and auth2 calls to set up a NETLOGON @@ -251,17 +120,17 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, ****************************************************************************/ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, - const char *server_name, - const char *domain, - const char *clnt_name, - const char *machine_account, - const unsigned char machine_pwd[16], - uint32 sec_chan_type, - uint32 *neg_flags_inout) + const char *server_name, + const char *domain, + const char *clnt_name, + const char *machine_account, + const unsigned char machine_pwd[16], + enum netr_SchannelType sec_chan_type, + uint32_t *neg_flags_inout) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CHAL clnt_chal_send; - DOM_CHAL srv_chal_recv; + struct netr_Credential clnt_chal_send; + struct netr_Credential srv_chal_recv; struct dcinfo *dc; SMB_ASSERT(cli->pipe_idx == PI_NETLOGON); @@ -288,13 +157,11 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, generate_random_buffer(clnt_chal_send.data, 8); /* Get the server challenge. */ - result = rpccli_net_req_chal(cli, - cli->mem_ctx, - dc->remote_machine, - clnt_name, - &clnt_chal_send, - &srv_chal_recv); - + result = rpccli_netr_ServerReqChallenge(cli, cli->mem_ctx, + dc->remote_machine, + clnt_name, + &clnt_chal_send, + &srv_chal_recv); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -307,20 +174,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, machine_pwd, &clnt_chal_send); - /* - * Send client auth-2 challenge and receive server repy. - */ - - result = rpccli_net_auth2(cli, - cli->mem_ctx, - dc->remote_machine, - dc->mach_acct, - sec_chan_type, - clnt_name, - neg_flags_inout, - &clnt_chal_send, /* input. */ - &srv_chal_recv); /* output */ + /* + * Send client auth-2 challenge and receive server repy. + */ + result = rpccli_netr_ServerAuthenticate2(cli, cli->mem_ctx, + dc->remote_machine, + dc->mach_acct, + sec_chan_type, + clnt_name, + &clnt_chal_send, /* input. */ + &srv_chal_recv, /* output. */ + neg_flags_inout); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -330,7 +195,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, * server received challenge. */ - if (!creds_client_check(dc, &srv_chal_recv)) { + if (!netlogon_creds_client_check(dc, &srv_chal_recv)) { /* * Server replied with bad credential. Fail. */ @@ -347,502 +212,6 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, return NT_STATUS_OK; } -/* Logon Control 2 */ - -NTSTATUS rpccli_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 query_level) -{ - prs_struct qbuf, rbuf; - NET_Q_LOGON_CTRL2 q; - NET_R_LOGON_CTRL2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - fstring server; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost); - init_net_q_logon_ctrl2(&q, server, query_level); - - /* Marshall data and send request */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_LOGON_CTRL2, - q, r, - qbuf, rbuf, - net_io_q_logon_ctrl2, - net_io_r_logon_ctrl2, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - return result; -} - -/* GetAnyDCName */ - -WERROR rpccli_netlogon_getanydcname(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, const char *mydcname, - const char *domainname, char **newdcname) -{ - prs_struct qbuf, rbuf; - NET_Q_GETANYDCNAME q; - NET_R_GETANYDCNAME r; - WERROR result; - fstring mydcname_slash; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - slprintf(mydcname_slash, sizeof(fstring)-1, "\\\\%s", mydcname); - init_net_q_getanydcname(&q, mydcname_slash, domainname); - - /* Marshall data and send request */ - - CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_GETANYDCNAME, - q, r, - qbuf, rbuf, - net_io_q_getanydcname, - net_io_r_getanydcname, - WERR_GENERAL_FAILURE); - - result = r.status; - - if (W_ERROR_IS_OK(result) && newdcname) { - *newdcname = rpcstr_pull_unistr2_talloc(mem_ctx, &r.uni_dcname); - W_ERROR_HAVE_NO_MEMORY(*newdcname); - } - - return result; -} - -/* GetDCName */ - -WERROR rpccli_netlogon_getdcname(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, const char *mydcname, - const char *domainname, char **newdcname) -{ - prs_struct qbuf, rbuf; - NET_Q_GETDCNAME q; - NET_R_GETDCNAME r; - WERROR result; - fstring mydcname_slash; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - slprintf(mydcname_slash, sizeof(fstring)-1, "\\\\%s", mydcname); - init_net_q_getdcname(&q, mydcname_slash, domainname); - - /* Marshall data and send request */ - - CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_GETDCNAME, - q, r, - qbuf, rbuf, - net_io_q_getdcname, - net_io_r_getdcname, - WERR_GENERAL_FAILURE); - - result = r.status; - - if (W_ERROR_IS_OK(result) && newdcname) { - *newdcname = rpcstr_pull_unistr2_talloc(mem_ctx, &r.uni_dcname); - W_ERROR_HAVE_NO_MEMORY(*newdcname); - } - - return result; -} - -static WERROR pull_domain_controller_info_from_getdcname_reply(TALLOC_CTX *mem_ctx, - struct DS_DOMAIN_CONTROLLER_INFO **info_out, - NET_R_DSR_GETDCNAME *r) -{ - struct DS_DOMAIN_CONTROLLER_INFO *info; - - info = TALLOC_ZERO_P(mem_ctx, struct DS_DOMAIN_CONTROLLER_INFO); - if (!info) { - return WERR_NOMEM; - } - - if (&r->uni_dc_unc) { - - char *tmp; - tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_unc); - if (tmp == NULL) { - return WERR_GENERAL_FAILURE; - } - if (*tmp == '\\') tmp += 1; - if (*tmp == '\\') tmp += 1; - - info->domain_controller_name = talloc_strdup(mem_ctx, tmp); - if (info->domain_controller_name == NULL) { - return WERR_GENERAL_FAILURE; - } - } - - if (&r->uni_dc_address) { - - char *tmp; - tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_address); - if (tmp == NULL) { - return WERR_GENERAL_FAILURE; - } - if (*tmp == '\\') tmp += 1; - if (*tmp == '\\') tmp += 1; - - info->domain_controller_address = talloc_strdup(mem_ctx, tmp); - if (info->domain_controller_address == NULL) { - return WERR_GENERAL_FAILURE; - } - } - - info->domain_controller_address_type = r->dc_address_type; - - info->domain_guid = (struct GUID *)talloc_memdup( - mem_ctx, &r->domain_guid, sizeof(struct GUID)); - if (!info->domain_guid) { - return WERR_GENERAL_FAILURE; - } - - if (&r->uni_domain_name) { - info->domain_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_domain_name); - if (!info->domain_name) { - return WERR_GENERAL_FAILURE; - } - } - - if (&r->uni_forest_name) { - info->dns_forest_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_forest_name); - if (!info->dns_forest_name) { - return WERR_GENERAL_FAILURE; - } - } - - info->flags = r->dc_flags; - - if (&r->uni_dc_site_name) { - info->dc_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_site_name); - if (!info->dc_site_name) { - return WERR_GENERAL_FAILURE; - } - } - - if (&r->uni_client_site_name) { - info->client_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_client_site_name); - if (!info->client_site_name) { - return WERR_GENERAL_FAILURE; - } - } - - *info_out = info; - - return WERR_OK; -} - -/* Dsr_GetDCName */ - -WERROR rpccli_netlogon_dsr_getdcname(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *domain_name, - struct GUID *domain_guid, - struct GUID *site_guid, - uint32_t flags, - struct DS_DOMAIN_CONTROLLER_INFO **info_out) -{ - prs_struct qbuf, rbuf; - NET_Q_DSR_GETDCNAME q; - NET_R_DSR_GETDCNAME r; - char *tmp_str; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialize input parameters */ - - tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name); - if (tmp_str == NULL) { - return WERR_NOMEM; - } - - init_net_q_dsr_getdcname(&q, tmp_str, domain_name, domain_guid, - site_guid, flags); - - /* Marshall data and send request */ - - CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAME, - q, r, - qbuf, rbuf, - net_io_q_dsr_getdcname, - net_io_r_dsr_getdcname, - WERR_GENERAL_FAILURE); - - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r); - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - return WERR_OK; -} - -/* Dsr_GetDCNameEx */ - -WERROR rpccli_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *domain_name, - struct GUID *domain_guid, - const char *site_name, - uint32_t flags, - struct DS_DOMAIN_CONTROLLER_INFO **info_out) -{ - prs_struct qbuf, rbuf; - NET_Q_DSR_GETDCNAMEEX q; - NET_R_DSR_GETDCNAME r; - char *tmp_str; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialize input parameters */ - - tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name); - if (tmp_str == NULL) { - return WERR_NOMEM; - } - - init_net_q_dsr_getdcnameex(&q, server_name, domain_name, domain_guid, - site_name, flags); - - /* Marshall data and send request */ - - CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAMEEX, - q, r, - qbuf, rbuf, - net_io_q_dsr_getdcnameex, - net_io_r_dsr_getdcname, - WERR_GENERAL_FAILURE); - - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r); - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - return WERR_OK; -} - -/* Dsr_GetDCNameEx */ - -WERROR rpccli_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server_name, - const char *client_account, - uint32 mask, - const char *domain_name, - struct GUID *domain_guid, - const char *site_name, - uint32_t flags, - struct DS_DOMAIN_CONTROLLER_INFO **info_out) -{ - prs_struct qbuf, rbuf; - NET_Q_DSR_GETDCNAMEEX2 q; - NET_R_DSR_GETDCNAME r; - char *tmp_str; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialize input parameters */ - - tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name); - if (tmp_str == NULL) { - return WERR_NOMEM; - } - - init_net_q_dsr_getdcnameex2(&q, server_name, domain_name, client_account, - mask, domain_guid, site_name, flags); - - /* Marshall data and send request */ - - CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAMEEX2, - q, r, - qbuf, rbuf, - net_io_q_dsr_getdcnameex2, - net_io_r_dsr_getdcname, - WERR_GENERAL_FAILURE); - - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r); - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - return WERR_OK; -} - - -/* Dsr_GetSiteName */ - -WERROR rpccli_netlogon_dsr_getsitename(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *computer_name, - char **site_name) -{ - prs_struct qbuf, rbuf; - NET_Q_DSR_GETSITENAME q; - NET_R_DSR_GETSITENAME r; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialize input parameters */ - - init_net_q_dsr_getsitename(&q, computer_name); - - /* Marshall data and send request */ - - CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETSITENAME, - q, r, - qbuf, rbuf, - net_io_q_dsr_getsitename, - net_io_r_dsr_getsitename, - WERR_GENERAL_FAILURE); - - if (!W_ERROR_IS_OK(r.result)) { - return r.result; - } - - if ((site_name != NULL) && - ((*site_name = rpcstr_pull_unistr2_talloc( - mem_ctx, &r.uni_site_name)) == NULL)) { - return WERR_GENERAL_FAILURE; - } - - return WERR_OK; -} - - - -/* Sam synchronisation */ - -NTSTATUS rpccli_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 database_id, uint32 next_rid, uint32 *num_deltas, - SAM_DELTA_HDR **hdr_deltas, - SAM_DELTA_CTR **deltas) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_SYNC q; - NET_R_SAM_SYNC r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - DOM_CRED ret_creds; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - ZERO_STRUCT(ret_creds); - - /* Initialise input parameters */ - - creds_client_step(cli->dc, &clnt_creds); - - init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(), - &clnt_creds, &ret_creds, database_id, next_rid); - - /* Marshall data and send request */ - - CLI_DO_RPC_COPY_SESS_KEY(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC, - q, r, - qbuf, rbuf, - net_io_q_sam_sync, - net_io_r_sam_sync, - NT_STATUS_UNSUCCESSFUL); - - /* Return results */ - - result = r.status; - *num_deltas = r.num_deltas2; - *hdr_deltas = r.hdr_deltas; - *deltas = r.deltas; - - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { - DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - } - - return result; -} - -/* Sam synchronisation */ - -NTSTATUS rpccli_netlogon_sam_deltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 database_id, uint64 seqnum, - uint32 *num_deltas, - SAM_DELTA_HDR **hdr_deltas, - SAM_DELTA_CTR **deltas) -{ - prs_struct qbuf, rbuf; - NET_Q_SAM_DELTAS q; - NET_R_SAM_DELTAS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise input parameters */ - - creds_client_step(cli->dc, &clnt_creds); - - init_net_q_sam_deltas(&q, cli->dc->remote_machine, - global_myname(), &clnt_creds, - database_id, seqnum); - - /* Marshall data and send request */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAM_DELTAS, - q, r, - qbuf, rbuf, - net_io_q_sam_deltas, - net_io_r_sam_deltas, - NT_STATUS_UNSUCCESSFUL); - - /* Return results */ - - result = r.status; - *num_deltas = r.num_deltas2; - *hdr_deltas = r.hdr_deltas; - *deltas = r.deltas; - - if (!NT_STATUS_IS_ERR(result)) { - /* Check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { - DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - } - - return result; -} - /* Logon domain user */ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, @@ -854,20 +223,23 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, const char *workstation, int logon_type) { - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON q; - NET_R_SAM_LOGON r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds; - DOM_CRED ret_creds; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 user; - int validation_level = 3; + struct netr_Authenticator clnt_creds; + struct netr_Authenticator ret_creds; + union netr_LogonLevel *logon; + union netr_Validation validation; + uint8_t authoritative; + int validation_level = 3; fstring clnt_name_slash; + uint8 zeros[16]; - ZERO_STRUCT(q); - ZERO_STRUCT(r); ZERO_STRUCT(ret_creds); + ZERO_STRUCT(zeros); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } if (workstation) { fstr_sprintf( clnt_name_slash, "\\\\%s", workstation ); @@ -875,85 +247,143 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() ); } - /* Initialise input parameters */ + /* Initialise input parameters */ - creds_client_step(cli->dc, &clnt_creds); + netlogon_creds_client_step(cli->dc, &clnt_creds); - q.validation_level = validation_level; + switch (logon_type) { + case INTERACTIVE_LOGON_TYPE: { - ctr.switch_value = logon_type; + struct netr_PasswordInfo *password_info; - switch (logon_type) { - case INTERACTIVE_LOGON_TYPE: { - unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16]; + struct samr_Password lmpassword; + struct samr_Password ntpassword; - nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); + unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16]; - init_id_info1(&ctr.auth.id1, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, clnt_name_slash, - (const char *)cli->dc->sess_key, lm_owf_user_pwd, - nt_owf_user_pwd); + unsigned char lm_owf[16]; + unsigned char nt_owf[16]; + unsigned char key[16]; - break; - } - case NET_LOGON_TYPE: { - uint8 chal[8]; - unsigned char local_lm_response[24]; - unsigned char local_nt_response[24]; - - generate_random_buffer(chal, 8); - - SMBencrypt(password, chal, local_lm_response); - SMBNTencrypt(password, chal, local_nt_response); - - init_id_info2(&ctr.auth.id2, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, clnt_name_slash, chal, - local_lm_response, 24, local_nt_response, 24); - break; - } - default: - DEBUG(0, ("switch value %d not supported\n", - ctr.switch_value)); - return NT_STATUS_INVALID_INFO_CLASS; - } + password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo); + if (!password_info) { + return NT_STATUS_NO_MEMORY; + } - r.user = &user; + nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); - init_sam_info(&q.sam_id, cli->dc->remote_machine, global_myname(), - &clnt_creds, &ret_creds, logon_type, - &ctr); +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm cypher:")); + dump_data(100, lm_owf_user_pwd, 16); - /* Marshall data and send request */ + DEBUG(100,("nt cypher:")); + dump_data(100, nt_owf_user_pwd, 16); +#endif + memset(key, 0, 16); + memcpy(key, cli->dc->sess_key, 8); - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON, - q, r, - qbuf, rbuf, - net_io_q_sam_logon, - net_io_r_sam_logon, - NT_STATUS_UNSUCCESSFUL); + memcpy(lm_owf, lm_owf_user_pwd, 16); + SamOEMhash(lm_owf, key, 16); + memcpy(nt_owf, nt_owf_user_pwd, 16); + SamOEMhash(nt_owf, key, 16); - /* Return results */ +#ifdef DEBUG_PASSWORD + DEBUG(100,("encrypt of lm owf password:")); + dump_data(100, lm_owf, 16); - result = r.status; + DEBUG(100,("encrypt of nt owf password:")); + dump_data(100, nt_owf, 16); +#endif + memcpy(lmpassword.hash, lm_owf, 16); + memcpy(ntpassword.hash, nt_owf, 16); + + init_netr_PasswordInfo(password_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + clnt_name_slash, + lmpassword, + ntpassword); + + logon->password = password_info; + + break; + } + case NET_LOGON_TYPE: { + struct netr_NetworkInfo *network_info; + uint8 chal[8]; + unsigned char local_lm_response[24]; + unsigned char local_nt_response[24]; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } - if (r.buffer_creds) { + generate_random_buffer(chal, 8); + + SMBencrypt(password, chal, local_lm_response); + SMBNTencrypt(password, chal, local_nt_response); + + lm.length = 24; + lm.data = local_lm_response; + + nt.length = 24; + nt.data = local_nt_response; + + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + clnt_name_slash, + chal, + nt, + lm); + + logon->network = network_info; + + break; + } + default: + DEBUG(0, ("switch value %d not supported\n", + logon_type)); + return NT_STATUS_INVALID_INFO_CLASS; + } + + result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + cli->dc->remote_machine, + global_myname(), + &clnt_creds, + &ret_creds, + logon_type, + logon, + validation_level, + &validation, + &authoritative); + + if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) { /* Check returned credentials if present. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { + if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; } } - return result; + return result; } -/** - * Logon domain user with an 'network' SAM logon +/** + * Logon domain user with an 'network' SAM logon * * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller. **/ @@ -964,31 +394,47 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, const char *server, const char *username, const char *domain, - const char *workstation, - const uint8 chal[8], + const char *workstation, + const uint8 chal[8], DATA_BLOB lm_response, DATA_BLOB nt_response, - NET_USER_INFO_3 *info3) + struct netr_SamInfo3 **info3) { - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON q; - NET_R_SAM_LOGON r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - NET_ID_INFO_CTR ctr; int validation_level = 3; const char *workstation_name_slash; const char *server_name_slash; uint8 zeros[16]; - DOM_CRED clnt_creds; - DOM_CRED ret_creds; - int i; + struct netr_Authenticator clnt_creds; + struct netr_Authenticator ret_creds; + union netr_LogonLevel *logon = NULL; + struct netr_NetworkInfo *network_info; + uint8_t authoritative; + union netr_Validation validation; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lmsesskey; + + *info3 = NULL; ZERO_STRUCT(zeros); - ZERO_STRUCT(q); - ZERO_STRUCT(r); ZERO_STRUCT(ret_creds); - creds_client_step(cli->dc, &clnt_creds); + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } + + netlogon_creds_client_step(cli->dc, &clnt_creds); if (server[0] != '\\' && server[1] != '\\') { server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server); @@ -1009,60 +455,62 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, /* Initialise input parameters */ - q.validation_level = validation_level; - - ctr.switch_value = NET_LOGON_TYPE; + lm.data = lm_response.data; + lm.length = lm_response.length; + nt.data = nt_response.data; + nt.length = nt_response.length; - init_id_info2(&ctr.auth.id2, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, workstation_name_slash, (const uchar*)chal, - lm_response.data, lm_response.length, nt_response.data, nt_response.length); - - init_sam_info(&q.sam_id, server_name_slash, global_myname(), - &clnt_creds, &ret_creds, NET_LOGON_TYPE, - &ctr); + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + workstation_name_slash, + (uint8_t *) chal, + nt, + lm); - r.user = info3; + logon->network = network_info; - /* Marshall data and send request */ - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON, - q, r, - qbuf, rbuf, - net_io_q_sam_logon, - net_io_r_sam_logon, - NT_STATUS_UNSUCCESSFUL); + /* Marshall data and send request */ - if (memcmp(zeros, info3->user_sess_key, 16) != 0) { - SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16); - } else { - memset(info3->user_sess_key, '\0', 16); + result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + server_name_slash, + global_myname(), + &clnt_creds, + &ret_creds, + NET_LOGON_TYPE, + logon, + validation_level, + &validation, + &authoritative); + if (!NT_STATUS_IS_OK(result)) { + return result; } - if (memcmp(zeros, info3->lm_sess_key, 8) != 0) { - SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8); - } else { - memset(info3->lm_sess_key, '\0', 8); - } + user_session_key = validation.sam3->base.key; + lmsesskey = validation.sam3->base.LMSessKey; - for (i=0; i < 7; i++) { - memset(&info3->unknown[i], '\0', 4); + if (memcmp(zeros, user_session_key.key, 16) != 0) { + SamOEMhash(user_session_key.key, cli->dc->sess_key, 16); } - /* Return results */ - - result = r.status; + if (memcmp(zeros, lmsesskey.key, 8) != 0) { + SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8); + } - if (r.buffer_creds) { + if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) { /* Check returned credentials if present. */ - if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) { + if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; } } - return result; + *info3 = validation.sam3; + + return result; } NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, @@ -1071,26 +519,43 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, const char *server, const char *username, const char *domain, - const char *workstation, - const uint8 chal[8], + const char *workstation, + const uint8 chal[8], DATA_BLOB lm_response, DATA_BLOB nt_response, - NET_USER_INFO_3 *info3) + struct netr_SamInfo3 **info3) { - prs_struct qbuf, rbuf; - NET_Q_SAM_LOGON_EX q; - NET_R_SAM_LOGON_EX r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - NET_ID_INFO_CTR ctr; int validation_level = 3; const char *workstation_name_slash; const char *server_name_slash; uint8 zeros[16]; - int i; + union netr_LogonLevel *logon = NULL; + struct netr_NetworkInfo *network_info; + uint8_t authoritative; + union netr_Validation validation; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lmsesskey; + uint32_t flags = 0; + + *info3 = NULL; ZERO_STRUCT(zeros); - ZERO_STRUCT(q); - ZERO_STRUCT(r); + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } if (server[0] != '\\' && server[1] != '\\') { server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server); @@ -1111,97 +576,53 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, /* Initialise input parameters */ - q.validation_level = validation_level; - - ctr.switch_value = NET_LOGON_TYPE; + lm.data = lm_response.data; + lm.length = lm_response.length; + nt.data = nt_response.data; + nt.length = nt_response.length; - init_id_info2(&ctr.auth.id2, domain, - logon_parameters, /* param_ctrl */ - 0xdead, 0xbeef, /* LUID? */ - username, workstation_name_slash, (const uchar*)chal, - lm_response.data, lm_response.length, nt_response.data, - nt_response.length); - - init_sam_info_ex(&q.sam_id, server_name_slash, global_myname(), - NET_LOGON_TYPE, &ctr); + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + workstation_name_slash, + (uint8_t *) chal, + nt, + lm); - r.user = info3; + logon->network = network_info; /* Marshall data and send request */ - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON_EX, - q, r, qbuf, rbuf, - net_io_q_sam_logon_ex, - net_io_r_sam_logon_ex, - NT_STATUS_UNSUCCESSFUL); - - if (memcmp(zeros, info3->user_sess_key, 16) != 0) { - SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16); - } else { - memset(info3->user_sess_key, '\0', 16); + result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx, + server_name_slash, + global_myname(), + NET_LOGON_TYPE, + logon, + validation_level, + &validation, + &authoritative, + &flags); + if (!NT_STATUS_IS_OK(result)) { + return result; } - if (memcmp(zeros, info3->lm_sess_key, 8) != 0) { - SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8); - } else { - memset(info3->lm_sess_key, '\0', 8); - } + user_session_key = validation.sam3->base.key; + lmsesskey = validation.sam3->base.LMSessKey; - for (i=0; i < 7; i++) { - memset(&info3->unknown[i], '\0', 4); + if (memcmp(zeros, user_session_key.key, 16) != 0) { + SamOEMhash(user_session_key.key, cli->dc->sess_key, 16); } - /* Return results */ - - result = r.status; - - return result; -} - -/*************************************************************************** -LSA Server Password Set. -****************************************************************************/ - -NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - const char *machine_name, const uint8 hashed_mach_pwd[16]) -{ - prs_struct rbuf; - prs_struct qbuf; - DOM_CRED clnt_creds; - NET_Q_SRV_PWSET q; - NET_R_SRV_PWSET r; - uint16 sec_chan_type = 2; - NTSTATUS result; - - creds_client_step(cli->dc, &clnt_creds); - - DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n", - cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name)); - - /* store the parameters */ - init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key, - cli->dc->mach_acct, sec_chan_type, machine_name, - &clnt_creds, hashed_mach_pwd); - - CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET, - q, r, - qbuf, rbuf, - net_io_q_srv_pwset, - net_io_r_srv_pwset, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result)) { - /* report error code */ - DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result))); + if (memcmp(zeros, lmsesskey.key, 8) != 0) { + SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8); } - /* Always check returned credentials. */ - if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) { - DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } + *info3 = validation.sam3; return result; + + return result; } diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index f4cb424527..c89c5531d7 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1807,6 +1807,7 @@ static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n")); + data_blob_free(&server_response); return nt_status; } @@ -2263,7 +2264,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_noauth(struct cli_state *cli, int pipe *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_NONE, PIPE_AUTH_LEVEL_NONE); if (!NT_STATUS_IS_OK(*perr)) { int lvl = 0; - if (pipe_idx == PI_LSARPC_DS) { + if (pipe_idx == PI_DSSETUP) { /* non AD domains just don't have this pipe, avoid * level 0 statement in that case - gd */ lvl = 3; @@ -2596,7 +2597,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state const char *password, NTSTATUS *perr) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; struct rpc_pipe_client *result = NULL; @@ -2630,7 +2631,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli, const char *domain, NTSTATUS *perr) { - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; struct rpc_pipe_client *netlogon_pipe = NULL; struct rpc_pipe_client *result = NULL; diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index bf8313816c..62a5c72d81 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -5,6 +5,7 @@ Copyright (C) Andrew Tridgell 1992-1997,2000, Copyright (C) Rafal Szczesniak 2002. Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,1272 +23,71 @@ #include "includes.h" -/* Connect to SAMR database */ - -NTSTATUS rpccli_samr_connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 access_mask, POLICY_HND *connect_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CONNECT q; - SAMR_R_CONNECT r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_connect to %s\n", cli->cli->desthost)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_connect(&q, cli->cli->desthost, access_mask); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CONNECT, - q, r, - qbuf, rbuf, - samr_io_q_connect, - samr_io_r_connect, - NT_STATUS_UNSUCCESSFUL); - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *connect_pol = r.connect_pol; -#ifdef __INSURE__ - connect_pol->marker = malloc(1); -#endif - } - - return result; -} - -/* Connect to SAMR database */ - -NTSTATUS rpccli_samr_connect4(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32 access_mask, POLICY_HND *connect_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CONNECT4 q; - SAMR_R_CONNECT4 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_connect4(&q, cli->cli->desthost, access_mask); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CONNECT4, - q, r, - qbuf, rbuf, - samr_io_q_connect4, - samr_io_r_connect4, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *connect_pol = r.connect_pol; -#ifdef __INSURE__ - connect_pol->marker = malloc(1); -#endif - } - - return result; -} - -/* Close SAMR handle */ - -NTSTATUS rpccli_samr_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *connect_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CLOSE_HND q; - SAMR_R_CLOSE_HND r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_close\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_close_hnd(&q, connect_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CLOSE_HND, - q, r, - qbuf, rbuf, - samr_io_q_close_hnd, - samr_io_r_close_hnd, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { -#ifdef __INSURE__ - SAFE_FREE(connect_pol->marker); -#endif - *connect_pol = r.pol; - } - - return result; -} - -/* Open handle on a domain */ - -NTSTATUS rpccli_samr_open_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *connect_pol, uint32 access_mask, - const DOM_SID *domain_sid, - POLICY_HND *domain_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_DOMAIN q; - SAMR_R_OPEN_DOMAIN r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_open_domain with sid %s\n", - sid_string_dbg(domain_sid) )); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_open_domain(&q, connect_pol, access_mask, domain_sid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_DOMAIN, - q, r, - qbuf, rbuf, - samr_io_q_open_domain, - samr_io_r_open_domain, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *domain_pol = r.domain_pol; -#ifdef __INSURE__ - domain_pol->marker = malloc(1); -#endif - } - - return result; -} - -NTSTATUS rpccli_samr_open_user(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 access_mask, - uint32 user_rid, POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_USER q; - SAMR_R_OPEN_USER r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_open_user with rid 0x%x\n", user_rid )); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_open_user(&q, domain_pol, access_mask, user_rid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_USER, - q, r, - qbuf, rbuf, - samr_io_q_open_user, - samr_io_r_open_user, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *user_pol = r.user_pol; -#ifdef __INSURE__ - user_pol->marker = malloc(1); -#endif - } - - return result; -} - -/* Open handle on a group */ - -NTSTATUS rpccli_samr_open_group(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 access_mask, - uint32 group_rid, POLICY_HND *group_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_GROUP q; - SAMR_R_OPEN_GROUP r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_open_group with rid 0x%x\n", group_rid )); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_open_group(&q, domain_pol, access_mask, group_rid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_GROUP, - q, r, - qbuf, rbuf, - samr_io_q_open_group, - samr_io_r_open_group, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *group_pol = r.pol; -#ifdef __INSURE__ - group_pol->marker = malloc(1); -#endif - } - - return result; -} - -/* Create domain group */ - -NTSTATUS rpccli_samr_create_dom_group(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, - const char *group_name, - uint32 access_mask, POLICY_HND *group_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CREATE_DOM_GROUP q; - SAMR_R_CREATE_DOM_GROUP r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_create_dom_group\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_create_dom_group(&q, domain_pol, group_name, access_mask); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_DOM_GROUP, - q, r, - qbuf, rbuf, - samr_io_q_create_dom_group, - samr_io_r_create_dom_group, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) - *group_pol = r.pol; - - return result; -} - -/* Add a domain group member */ - -NTSTATUS rpccli_samr_add_groupmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, uint32 rid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_ADD_GROUPMEM q; - SAMR_R_ADD_GROUPMEM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_add_groupmem\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_add_groupmem(&q, group_pol, rid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ADD_GROUPMEM, - q, r, - qbuf, rbuf, - samr_io_q_add_groupmem, - samr_io_r_add_groupmem, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Delete a domain group member */ - -NTSTATUS rpccli_samr_del_groupmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, uint32 rid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_DEL_GROUPMEM q; - SAMR_R_DEL_GROUPMEM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_del_groupmem\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_del_groupmem(&q, group_pol, rid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DEL_GROUPMEM, - q, r, - qbuf, rbuf, - samr_io_q_del_groupmem, - samr_io_r_del_groupmem, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Query user info */ - -NTSTATUS rpccli_samr_query_userinfo(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const POLICY_HND *user_pol, - uint16 switch_value, - SAM_USERINFO_CTR **ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_USERINFO q; - SAMR_R_QUERY_USERINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_userinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_userinfo(&q, user_pol, switch_value); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERINFO, - q, r, - qbuf, rbuf, - samr_io_q_query_userinfo, - samr_io_r_query_userinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - *ctr = r.ctr; - - return result; -} - -/* Set group info */ - -NTSTATUS rpccli_samr_set_groupinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, GROUP_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_GROUPINFO q; - SAMR_R_SET_GROUPINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_set_groupinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_set_groupinfo(&q, group_pol, ctr); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_GROUPINFO, - q, r, - qbuf, rbuf, - samr_io_q_set_groupinfo, - samr_io_r_set_groupinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Query group info */ - -NTSTATUS rpccli_samr_query_groupinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, uint32 info_level, - GROUP_INFO_CTR **ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_GROUPINFO q; - SAMR_R_QUERY_GROUPINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_groupinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_groupinfo(&q, group_pol, info_level); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_GROUPINFO, - q, r, - qbuf, rbuf, - samr_io_q_query_groupinfo, - samr_io_r_query_groupinfo, - NT_STATUS_UNSUCCESSFUL); - - *ctr = r.ctr; - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Query user groups */ - -NTSTATUS rpccli_samr_query_usergroups(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, - uint32 *num_groups, - DOM_GID **gid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_USERGROUPS q; - SAMR_R_QUERY_USERGROUPS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_usergroups\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_usergroups(&q, user_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERGROUPS, - q, r, - qbuf, rbuf, - samr_io_q_query_usergroups, - samr_io_r_query_usergroups, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *num_groups = r.num_entries; - *gid = r.gid; - } - - return result; -} - -/* Set alias info */ - -NTSTATUS rpccli_samr_set_aliasinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol, ALIAS_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_ALIASINFO q; - SAMR_R_SET_ALIASINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_set_aliasinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_set_aliasinfo(&q, alias_pol, ctr); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_ALIASINFO, - q, r, - qbuf, rbuf, - samr_io_q_set_aliasinfo, - samr_io_r_set_aliasinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Query user aliases */ - -NTSTATUS rpccli_samr_query_useraliases(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, uint32 num_sids, - DOM_SID2 *sid, - uint32 *num_aliases, uint32 **als_rids) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_USERALIASES q; - SAMR_R_QUERY_USERALIASES r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - int i; - uint32 *sid_ptrs; - - DEBUG(10,("cli_samr_query_useraliases\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - if (num_sids) { - sid_ptrs = TALLOC_ARRAY(mem_ctx, uint32, num_sids); - if (sid_ptrs == NULL) - return NT_STATUS_NO_MEMORY; - } else { - sid_ptrs = NULL; - } - - for (i=0; i<num_sids; i++) - sid_ptrs[i] = 1; - - /* Marshall data and send request */ - - init_samr_q_query_useraliases(&q, dom_pol, num_sids, sid_ptrs, sid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERALIASES, - q, r, - qbuf, rbuf, - samr_io_q_query_useraliases, - samr_io_r_query_useraliases, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *num_aliases = r.num_entries; - *als_rids = r.rid; - } - - return result; -} - -/* Query user groups */ - -NTSTATUS rpccli_samr_query_groupmem(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol, uint32 *num_mem, - uint32 **rid, uint32 **attr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_GROUPMEM q; - SAMR_R_QUERY_GROUPMEM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_groupmem\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_groupmem(&q, group_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_GROUPMEM, - q, r, - qbuf, rbuf, - samr_io_q_query_groupmem, - samr_io_r_query_groupmem, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *num_mem = r.num_entries; - *rid = r.rid; - *attr = r.attr; - } - - return result; -} - -/** - * Enumerate domain users - * - * @param cli client state structure - * @param mem_ctx talloc context - * @param pol opened domain policy handle - * @param start_idx starting index of enumeration, returns context for - next enumeration - * @param acb_mask account control bit mask (to enumerate some particular - * kind of accounts) - * @param size max acceptable size of response - * @param dom_users returned array of domain user names - * @param rids returned array of domain user RIDs - * @param num_dom_users numer returned entries - * - * @return NTSTATUS returned in rpc response - **/ - -NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *start_idx, uint32 acb_mask, - uint32 size, char ***dom_users, uint32 **rids, - uint32 *num_dom_users) -{ - prs_struct qbuf; - prs_struct rbuf; - SAMR_Q_ENUM_DOM_USERS q; - SAMR_R_ENUM_DOM_USERS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - int i; - - DEBUG(10,("cli_samr_enum_dom_users starting at index %u\n", (unsigned int)*start_idx)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* always init this */ - *num_dom_users = 0; - - /* Fill query structure with parameters */ - - init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, size); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_USERS, - q, r, - qbuf, rbuf, - samr_io_q_enum_dom_users, - samr_io_r_enum_dom_users, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) - goto done; - - *start_idx = r.next_idx; - *num_dom_users = r.num_entries2; - - if (r.num_entries2) { - /* allocate memory needed to return received data */ - *rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_entries2); - if (!*rids) { - DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n")); - return NT_STATUS_NO_MEMORY; - } - - *dom_users = TALLOC_ARRAY(mem_ctx, char*, r.num_entries2); - if (!*dom_users) { - DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n")); - return NT_STATUS_NO_MEMORY; - } - - /* fill output buffers with rpc response */ - for (i = 0; i < r.num_entries2; i++) { - fstring conv_buf; - - (*rids)[i] = r.sam[i].rid; - unistr2_to_ascii(conv_buf, &(r.uni_acct_name[i]), sizeof(conv_buf)); - (*dom_users)[i] = talloc_strdup(mem_ctx, conv_buf); - } - } - -done: - return result; -} - -/* Enumerate domain groups */ - -NTSTATUS rpccli_samr_enum_dom_groups(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *start_idx, - uint32 size, struct acct_info **dom_groups, - uint32 *num_dom_groups) -{ - prs_struct qbuf, rbuf; - SAMR_Q_ENUM_DOM_GROUPS q; - SAMR_R_ENUM_DOM_GROUPS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 name_idx, i; - - DEBUG(10,("cli_samr_enum_dom_groups starting at index %u\n", (unsigned int)*start_idx)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_enum_dom_groups(&q, pol, *start_idx, size); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_GROUPS, - q, r, - qbuf, rbuf, - samr_io_q_enum_dom_groups, - samr_io_r_enum_dom_groups, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) - goto done; - - *num_dom_groups = r.num_entries2; - - if (*num_dom_groups == 0) - goto done; - - if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - - memset(*dom_groups, 0, sizeof(struct acct_info) * (*num_dom_groups)); - - name_idx = 0; - - for (i = 0; i < *num_dom_groups; i++) { - - (*dom_groups)[i].rid = r.sam[i].rid; - - if (r.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*dom_groups)[i].acct_name, - &r.uni_grp_name[name_idx], - sizeof((*dom_groups)[i].acct_name)); - name_idx++; - } - - *start_idx = r.next_idx; - } - - done: - return result; -} - -/* Enumerate domain groups */ - -NTSTATUS rpccli_samr_enum_als_groups(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint32 *start_idx, - uint32 size, struct acct_info **dom_aliases, - uint32 *num_dom_aliases) -{ - prs_struct qbuf, rbuf; - SAMR_Q_ENUM_DOM_ALIASES q; - SAMR_R_ENUM_DOM_ALIASES r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 name_idx, i; - - DEBUG(10,("cli_samr_enum_als_groups starting at index %u\n", (unsigned int)*start_idx)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_ALIASES, - q, r, - qbuf, rbuf, - samr_io_q_enum_dom_aliases, - samr_io_r_enum_dom_aliases, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) { - goto done; - } - - *num_dom_aliases = r.num_entries2; - - if (*num_dom_aliases == 0) - goto done; - - if (!((*dom_aliases) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_aliases))) { - result = NT_STATUS_NO_MEMORY; - goto done; - } - - memset(*dom_aliases, 0, sizeof(struct acct_info) * *num_dom_aliases); - - name_idx = 0; - - for (i = 0; i < *num_dom_aliases; i++) { - - (*dom_aliases)[i].rid = r.sam[i].rid; - - if (r.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*dom_aliases)[i].acct_name, - &r.uni_grp_name[name_idx], - sizeof((*dom_aliases)[i].acct_name)); - name_idx++; - } - - *start_idx = r.next_idx; - } - - done: - return result; -} - -/* Query alias members */ - -NTSTATUS rpccli_samr_query_aliasmem(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol, uint32 *num_mem, - DOM_SID **sids) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_ALIASMEM q; - SAMR_R_QUERY_ALIASMEM r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i; - - DEBUG(10,("cli_samr_query_aliasmem\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_aliasmem(&q, alias_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_ALIASMEM, - q, r, - qbuf, rbuf, - samr_io_q_query_aliasmem, - samr_io_r_query_aliasmem, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - *num_mem = r.num_sids; - - if (*num_mem == 0) { - *sids = NULL; - result = NT_STATUS_OK; - goto done; - } - - if (!(*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_mem))) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - for (i = 0; i < *num_mem; i++) { - (*sids)[i] = r.sid[i].sid; - } - - done: - return result; -} - -/* Open handle on an alias */ - -NTSTATUS rpccli_samr_open_alias(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 access_mask, - uint32 alias_rid, POLICY_HND *alias_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_OPEN_ALIAS q; - SAMR_R_OPEN_ALIAS r; - NTSTATUS result; - - DEBUG(10,("cli_samr_open_alias with rid 0x%x\n", alias_rid)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_open_alias(&q, domain_pol, access_mask, alias_rid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_ALIAS, - q, r, - qbuf, rbuf, - samr_io_q_open_alias, - samr_io_r_open_alias, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *alias_pol = r.pol; -#ifdef __INSURE__ - alias_pol->marker = malloc(1); -#endif - } - - return result; -} - -/* Create an alias */ - -NTSTATUS rpccli_samr_create_dom_alias(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, const char *name, - POLICY_HND *alias_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CREATE_DOM_ALIAS q; - SAMR_R_CREATE_DOM_ALIAS r; - NTSTATUS result; - - DEBUG(10,("cli_samr_create_dom_alias named %s\n", name)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_create_dom_alias(&q, domain_pol, name); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_DOM_ALIAS, - q, r, - qbuf, rbuf, - samr_io_q_create_dom_alias, - samr_io_r_create_dom_alias, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *alias_pol = r.alias_pol; - } - - return result; -} - -/* Add an alias member */ - -NTSTATUS rpccli_samr_add_aliasmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol, DOM_SID *member) -{ - prs_struct qbuf, rbuf; - SAMR_Q_ADD_ALIASMEM q; - SAMR_R_ADD_ALIASMEM r; - NTSTATUS result; - - DEBUG(10,("cli_samr_add_aliasmem")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_add_aliasmem(&q, alias_pol, member); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ADD_ALIASMEM, - q, r, - qbuf, rbuf, - samr_io_q_add_aliasmem, - samr_io_r_add_aliasmem, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - return result; -} - -/* Delete an alias member */ - -NTSTATUS rpccli_samr_del_aliasmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol, DOM_SID *member) -{ - prs_struct qbuf, rbuf; - SAMR_Q_DEL_ALIASMEM q; - SAMR_R_DEL_ALIASMEM r; - NTSTATUS result; - - DEBUG(10,("cli_samr_del_aliasmem")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_del_aliasmem(&q, alias_pol, member); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DEL_ALIASMEM, - q, r, - qbuf, rbuf, - samr_io_q_del_aliasmem, - samr_io_r_del_aliasmem, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - return result; -} - -/* Query alias info */ - -NTSTATUS rpccli_samr_query_alias_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol, uint16 switch_value, - ALIAS_INFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_ALIASINFO q; - SAMR_R_QUERY_ALIASINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_alias_info\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_aliasinfo(&q, alias_pol, switch_value); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_ALIASINFO, - q, r, - qbuf, rbuf, - samr_io_q_query_aliasinfo, - samr_io_r_query_aliasinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - *ctr = *r.ctr; - - done: - - return result; -} - -/* Query domain info */ - -NTSTATUS rpccli_samr_query_dom_info(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, - uint16 switch_value, - SAM_UNK_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_DOMAIN_INFO q; - SAMR_R_QUERY_DOMAIN_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_dom_info\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_domain_info(&q, domain_pol, switch_value); - - r.ctr = ctr; - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_DOMAIN_INFO, - q, r, - qbuf, rbuf, - samr_io_q_query_domain_info, - samr_io_r_query_domain_info, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - - return result; -} - -/* Query domain info2 */ - -NTSTATUS rpccli_samr_query_dom_info2(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, - uint16 switch_value, - SAM_UNK_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_DOMAIN_INFO2 q; - SAMR_R_QUERY_DOMAIN_INFO2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_dom_info2\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_domain_info2(&q, domain_pol, switch_value); - - r.ctr = ctr; - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_DOMAIN_INFO2, - q, r, - qbuf, rbuf, - samr_io_q_query_domain_info2, - samr_io_r_query_domain_info2, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - - return result; -} - -/* Set domain info */ - -NTSTATUS rpccli_samr_set_domain_info(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, - uint16 switch_value, - SAM_UNK_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_DOMAIN_INFO q; - SAMR_R_SET_DOMAIN_INFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_set_domain_info\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_set_domain_info(&q, domain_pol, switch_value, ctr); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_DOMAIN_INFO, - q, r, - qbuf, rbuf, - samr_io_q_set_domain_info, - samr_io_r_set_domain_info, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - - return result; -} - /* User change password */ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, - const char *oldpassword ) + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword) { - prs_struct qbuf, rbuf; - SAMR_Q_CHGPASSWD_USER q; - SAMR_R_CHGPASSWD_USER r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lanman_hash_enc; - uchar new_nt_password[516]; - uchar new_lm_password[516]; uchar old_nt_hash[16]; uchar old_lanman_hash[16]; - uchar old_nt_hash_enc[16]; - uchar old_lanman_hash_enc[16]; - uchar new_nt_hash[16]; uchar new_lanman_hash[16]; - - char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + struct lsa_String server, account; + char *srv_name_slash = NULL; DEBUG(10,("rpccli_samr_chgpasswd_user\n")); - ZERO_STRUCT(q); - ZERO_STRUCT(r); + init_lsa_String(&server, srv_name_slash); + init_lsa_String(&account, username); + + srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + if (!srv_name_slash) { + return NT_STATUS_NO_MEMORY; + } /* Calculate the MD4 hash (NT compatible) of the password */ E_md4hash(oldpassword, old_nt_hash); E_md4hash(newpassword, new_nt_hash); - if (lp_client_lanman_auth() - && E_deshash(newpassword, new_lanman_hash) - && E_deshash(oldpassword, old_lanman_hash)) { + if (lp_client_lanman_auth() && + E_deshash(newpassword, new_lanman_hash) && + E_deshash(oldpassword, old_lanman_hash)) { /* E_deshash returns false for 'long' passwords (> 14 DOS chars). This allows us to match Win2k, which does not store a LM hash for these passwords (which would reduce the effective password length to 14) */ - encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE); + encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); - SamOEMhash( new_lm_password, old_nt_hash, 516); - E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc); + SamOEMhash(new_lm_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); } else { ZERO_STRUCT(new_lm_password); ZERO_STRUCT(old_lanman_hash_enc); } - encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE); - - SamOEMhash( new_nt_password, old_nt_hash, 516); - E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc); - - /* Marshall data and send request */ - - init_samr_q_chgpasswd_user(&q, srv_name_slash, username, - new_nt_password, - old_nt_hash_enc, - new_lm_password, - old_lanman_hash_enc); + encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER, - q, r, - qbuf, rbuf, - samr_io_q_chgpasswd_user, - samr_io_r_chgpasswd_user, - NT_STATUS_UNSUCCESSFUL); + SamOEMhash(new_nt_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: + result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lanman_hash_enc); return result; } @@ -1295,48 +95,44 @@ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, /* User change password given blobs */ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - DATA_BLOB new_nt_password, - DATA_BLOB old_nt_hash_enc, - DATA_BLOB new_lm_password, - DATA_BLOB old_lm_hash_enc) + TALLOC_CTX *mem_ctx, + const char *username, + DATA_BLOB new_nt_password_blob, + DATA_BLOB old_nt_hash_enc_blob, + DATA_BLOB new_lm_password_blob, + DATA_BLOB old_lm_hash_enc_blob) { - prs_struct qbuf, rbuf; - SAMR_Q_CHGPASSWD_USER q; - SAMR_R_CHGPASSWD_USER r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lm_hash_enc; + struct lsa_String server, account; + char *srv_name_slash = NULL; DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n")); - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_chgpasswd_user(&q, srv_name_slash, username, - new_nt_password.data, - old_nt_hash_enc.data, - new_lm_password.data, - old_lm_hash_enc.data); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER, - q, r, - qbuf, rbuf, - samr_io_q_chgpasswd_user, - samr_io_r_chgpasswd_user, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; + srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + if (!srv_name_slash) { + return NT_STATUS_NO_MEMORY; } - done: + init_lsa_String(&server, srv_name_slash); + init_lsa_String(&account, username); + + memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); + memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); + memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); + memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); + result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lm_hash_enc); return result; } @@ -1344,80 +140,76 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, /* change password 3 */ NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *username, - const char *newpassword, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, const char *oldpassword, - SAM_UNK_INFO_1 *info, - SAMR_CHANGE_REJECT *reject) + struct samr_DomInfo1 **dominfo1, + struct samr_ChangeReject **reject) { - prs_struct qbuf, rbuf; - SAMR_Q_CHGPASSWD_USER3 q; - SAMR_R_CHGPASSWD_USER3 r; + NTSTATUS status; + + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lanman_hash_enc; - uchar new_nt_password[516]; - uchar new_lm_password[516]; uchar old_nt_hash[16]; uchar old_lanman_hash[16]; - uchar old_nt_hash_enc[16]; - uchar old_lanman_hash_enc[16]; - uchar new_nt_hash[16]; uchar new_lanman_hash[16]; - char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + struct lsa_String server, account; + char *srv_name_slash = NULL; DEBUG(10,("rpccli_samr_chgpasswd_user3\n")); - ZERO_STRUCT(q); - ZERO_STRUCT(r); + srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost); + if (!srv_name_slash) { + return NT_STATUS_NO_MEMORY; + } + + init_lsa_String(&server, srv_name_slash); + init_lsa_String(&account, username); /* Calculate the MD4 hash (NT compatible) of the password */ E_md4hash(oldpassword, old_nt_hash); E_md4hash(newpassword, new_nt_hash); - if (lp_client_lanman_auth() - && E_deshash(newpassword, new_lanman_hash) - && E_deshash(oldpassword, old_lanman_hash)) { + if (lp_client_lanman_auth() && + E_deshash(newpassword, new_lanman_hash) && + E_deshash(oldpassword, old_lanman_hash)) { /* E_deshash returns false for 'long' passwords (> 14 DOS chars). This allows us to match Win2k, which does not store a LM hash for these passwords (which would reduce the effective password length to 14) */ - encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE); + encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); - SamOEMhash( new_lm_password, old_nt_hash, 516); - E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc); + SamOEMhash(new_lm_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); } else { ZERO_STRUCT(new_lm_password); ZERO_STRUCT(old_lanman_hash_enc); } - encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE); - - SamOEMhash( new_nt_password, old_nt_hash, 516); - E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc); - - /* Marshall data and send request */ + encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); - init_samr_q_chgpasswd_user3(&q, srv_name_slash, username, - new_nt_password, - old_nt_hash_enc, - new_lm_password, - old_lanman_hash_enc); - r.info = info; - r.reject = reject; + SamOEMhash(new_nt_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER3, - q, r, - qbuf, rbuf, - samr_io_q_chgpasswd_user3, - samr_io_r_chgpasswd_user3, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - return r.status; + status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lanman_hash_enc, + NULL, + dominfo1, + reject); + return status; } /* This function returns the bizzare set of (max_entries, max_size) required @@ -1450,655 +242,4 @@ void get_query_dispinfo_params(int loop_count, uint32 *max_entries, *max_size = 131071; break; } -} - -/* Query display info */ - -NTSTATUS rpccli_samr_query_dispinfo(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 *start_idx, - uint16 switch_value, uint32 *num_entries, - uint32 max_entries, uint32 max_size, - SAM_DISPINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_DISPINFO q; - SAMR_R_QUERY_DISPINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_dispinfo for start_idx = %u\n", *start_idx)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - *num_entries = 0; - - /* Marshall data and send request */ - - init_samr_q_query_dispinfo(&q, domain_pol, switch_value, - *start_idx, max_entries, max_size); - - r.ctr = ctr; - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_DISPINFO, - q, r, - qbuf, rbuf, - samr_io_q_query_dispinfo, - samr_io_r_query_dispinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) { - goto done; - } - - *num_entries = r.num_entries; - *start_idx += r.num_entries; /* No next_idx in this structure! */ - - done: - return result; -} - -/* Lookup rids. Note that NT4 seems to crash if more than ~1000 rids are - looked up in one packet. */ - -NTSTATUS rpccli_samr_lookup_rids(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, - uint32 num_rids, uint32 *rids, - uint32 *num_names, char ***names, - uint32 **name_types) -{ - prs_struct qbuf, rbuf; - SAMR_Q_LOOKUP_RIDS q; - SAMR_R_LOOKUP_RIDS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i; - - DEBUG(10,("cli_samr_lookup_rids\n")); - - if (num_rids > 1000) { - DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if " - "more than ~1000 rids are looked up at once.\n")); - } - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, 1000, num_rids, rids); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_RIDS, - q, r, - qbuf, rbuf, - samr_io_q_lookup_rids, - samr_io_r_lookup_rids, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) - goto done; - - if (r.num_names1 == 0) { - *num_names = 0; - *names = NULL; - goto done; - } - - *num_names = r.num_names1; - *names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1); - *name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1); - - if ((*names == NULL) || (*name_types == NULL)) { - TALLOC_FREE(*names); - TALLOC_FREE(*name_types); - return NT_STATUS_NO_MEMORY; - } - - for (i = 0; i < r.num_names1; i++) { - fstring tmp; - - unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp)); - (*names)[i] = talloc_strdup(mem_ctx, tmp); - (*name_types)[i] = r.type[i]; - } - - done: - - return result; -} - -/* Lookup names */ - -NTSTATUS rpccli_samr_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, uint32 flags, - uint32 num_names, const char **names, - uint32 *num_rids, uint32 **rids, - uint32 **rid_types) -{ - prs_struct qbuf, rbuf; - SAMR_Q_LOOKUP_NAMES q; - SAMR_R_LOOKUP_NAMES r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 i; - - DEBUG(10,("cli_samr_lookup_names\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_lookup_names(mem_ctx, &q, domain_pol, flags, - num_names, names); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_NAMES, - q, r, - qbuf, rbuf, - samr_io_q_lookup_names, - samr_io_r_lookup_names, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (r.num_rids1 == 0) { - *num_rids = 0; - goto done; - } - - *num_rids = r.num_rids1; - *rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1); - *rid_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1); - - if ((*rids == NULL) || (*rid_types == NULL)) { - TALLOC_FREE(*rids); - TALLOC_FREE(*rid_types); - return NT_STATUS_NO_MEMORY; - } - - for (i = 0; i < r.num_rids1; i++) { - (*rids)[i] = r.rids[i]; - (*rid_types)[i] = r.types[i]; - } - - done: - - return result; -} - -/* Create a domain user */ - -NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *domain_pol, const char *acct_name, - uint32 acb_info, uint32 access_mask, - POLICY_HND *user_pol, uint32 *rid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_CREATE_USER q; - SAMR_R_CREATE_USER r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_create_dom_user %s\n", acct_name)); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, access_mask); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_USER, - q, r, - qbuf, rbuf, - samr_io_q_create_user, - samr_io_r_create_user, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - if (user_pol) - *user_pol = r.user_pol; - - if (rid) - *rid = r.user_rid; - - done: - - return result; -} - -/* Set userinfo */ - -NTSTATUS rpccli_samr_set_userinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - const POLICY_HND *user_pol, uint16 switch_value, - DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_USERINFO q; - SAMR_R_SET_USERINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_set_userinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - if (!sess_key->length) { - DEBUG(1, ("No user session key\n")); - return NT_STATUS_NO_USER_SESSION_KEY; - } - - /* Initialise parse structures */ - - prs_init(&qbuf, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - q.ctr = ctr; - - init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value, - ctr->info.id); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO, - q, r, - qbuf, rbuf, - samr_io_q_set_userinfo, - samr_io_r_set_userinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - - return result; -} - -/* Set userinfo2 */ - -NTSTATUS rpccli_samr_set_userinfo2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - const POLICY_HND *user_pol, uint16 switch_value, - DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_USERINFO2 q; - SAMR_R_SET_USERINFO2 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_set_userinfo2\n")); - - if (!sess_key->length) { - DEBUG(1, ("No user session key\n")); - return NT_STATUS_NO_USER_SESSION_KEY; - } - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO2, - q, r, - qbuf, rbuf, - samr_io_q_set_userinfo2, - samr_io_r_set_userinfo2, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - if (!NT_STATUS_IS_OK(result = r.status)) { - goto done; - } - - done: - - return result; -} - -/* Delete domain group */ - -NTSTATUS rpccli_samr_delete_dom_group(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *group_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_DELETE_DOM_GROUP q; - SAMR_R_DELETE_DOM_GROUP r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_delete_dom_group\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_delete_dom_group(&q, group_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DELETE_DOM_GROUP, - q, r, - qbuf, rbuf, - samr_io_q_delete_dom_group, - samr_io_r_delete_dom_group, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Delete domain alias */ - -NTSTATUS rpccli_samr_delete_dom_alias(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *alias_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_DELETE_DOM_ALIAS q; - SAMR_R_DELETE_DOM_ALIAS r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_delete_dom_alias\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_delete_dom_alias(&q, alias_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DELETE_DOM_ALIAS, - q, r, - qbuf, rbuf, - samr_io_q_delete_dom_alias, - samr_io_r_delete_dom_alias, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Delete domain user */ - -NTSTATUS rpccli_samr_delete_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - SAMR_Q_DELETE_DOM_USER q; - SAMR_R_DELETE_DOM_USER r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_delete_dom_user\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_delete_dom_user(&q, user_pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DELETE_DOM_USER, - q, r, - qbuf, rbuf, - samr_io_q_delete_dom_user, - samr_io_r_delete_dom_user, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Remove foreign SID */ - -NTSTATUS rpccli_samr_remove_sid_foreign_domain(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, - DOM_SID *sid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN q; - SAMR_R_REMOVE_SID_FOREIGN_DOMAIN r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_remove_sid_foreign_domain\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_remove_sid_foreign_domain(&q, user_pol, sid); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_REMOVE_SID_FOREIGN_DOMAIN, - q, r, - qbuf, rbuf, - samr_io_q_remove_sid_foreign_domain, - samr_io_r_remove_sid_foreign_domain, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - -/* Query user security object */ - -NTSTATUS rpccli_samr_query_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint32 sec_info, - TALLOC_CTX *ctx, SEC_DESC_BUF **sec_desc_buf) -{ - prs_struct qbuf, rbuf; - SAMR_Q_QUERY_SEC_OBJ q; - SAMR_R_QUERY_SEC_OBJ r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_query_sec_obj\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_query_sec_obj(&q, user_pol, sec_info); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_SEC_OBJECT, - q, r, - qbuf, rbuf, - samr_io_q_query_sec_obj, - samr_io_r_query_sec_obj, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - *sec_desc_buf=dup_sec_desc_buf(ctx, r.buf); - - return result; -} - -/* Set user security object */ - -NTSTATUS rpccli_samr_set_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, uint32 sec_info, - SEC_DESC_BUF *sec_desc_buf) -{ - prs_struct qbuf, rbuf; - SAMR_Q_SET_SEC_OBJ q; - SAMR_R_SET_SEC_OBJ r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_set_sec_obj\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_set_sec_obj(&q, user_pol, sec_info, sec_desc_buf); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_SEC_OBJECT, - q, r, - qbuf, rbuf, - samr_io_q_set_sec_obj, - samr_io_r_set_sec_obj, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - return result; -} - - -/* Get domain password info */ - -NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint16 *min_pwd_length, uint32 *password_properties) -{ - prs_struct qbuf, rbuf; - SAMR_Q_GET_DOM_PWINFO q; - SAMR_R_GET_DOM_PWINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_get_dom_pwinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_get_dom_pwinfo(&q, cli->cli->desthost); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_GET_DOM_PWINFO, - q, r, - qbuf, rbuf, - samr_io_q_get_dom_pwinfo, - samr_io_r_get_dom_pwinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - if (min_pwd_length) - *min_pwd_length = r.min_pwd_length; - if (password_properties) - *password_properties = r.password_properties; - } - - return result; -} - -/* Get domain password info */ - -NTSTATUS rpccli_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *pol, uint16 *min_pwd_length, - uint32 *password_properties, uint32 *unknown1) -{ - prs_struct qbuf, rbuf; - SAMR_Q_GET_USRDOM_PWINFO q; - SAMR_R_GET_USRDOM_PWINFO r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_get_usrdom_pwinfo\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_get_usrdom_pwinfo(&q, pol); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_GET_USRDOM_PWINFO, - q, r, - qbuf, rbuf, - samr_io_q_get_usrdom_pwinfo, - samr_io_r_get_usrdom_pwinfo, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) { - if (min_pwd_length) - *min_pwd_length = r.min_pwd_length; - if (password_properties) - *password_properties = r.password_properties; - if (unknown1) - *unknown1 = r.unknown_1; - } - - return result; -} - - -/* Lookup Domain Name */ - -NTSTATUS rpccli_samr_lookup_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *user_pol, char *domain_name, - DOM_SID *sid) -{ - prs_struct qbuf, rbuf; - SAMR_Q_LOOKUP_DOMAIN q; - SAMR_R_LOOKUP_DOMAIN r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - - DEBUG(10,("cli_samr_lookup_domain\n")); - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Marshall data and send request */ - - init_samr_q_lookup_domain(&q, user_pol, domain_name); - - CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_DOMAIN, - q, r, - qbuf, rbuf, - samr_io_q_lookup_domain, - samr_io_r_lookup_domain, - NT_STATUS_UNSUCCESSFUL); - - /* Return output parameters */ - - result = r.status; - - if (NT_STATUS_IS_OK(result)) - sid_copy(sid, &r.dom_sid.sid); - - return result; } diff --git a/source3/rpc_client/cli_svcctl.c b/source3/rpc_client/cli_svcctl.c index 95673c1565..b21909fd03 100644 --- a/source3/rpc_client/cli_svcctl.c +++ b/source3/rpc_client/cli_svcctl.c @@ -57,81 +57,6 @@ const char* svc_status_string( uint32 state ) return talloc_strdup(talloc_tos(), msg); } -/******************************************************************** -********************************************************************/ - -WERROR rpccli_svcctl_open_scm(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hSCM, uint32 access_desired ) -{ - SVCCTL_Q_OPEN_SCMANAGER in; - SVCCTL_R_OPEN_SCMANAGER out; - prs_struct qbuf, rbuf; - fstring server; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - /* leave the database name NULL to get the default service db */ - - in.database = NULL; - - /* set the server name */ - - if ( !(in.servername = TALLOC_P( mem_ctx, UNISTR2 )) ) - return WERR_NOMEM; - fstr_sprintf( server, "\\\\%s", cli->cli->desthost ); - init_unistr2( in.servername, server, UNI_STR_TERMINATE ); - - in.access = access_desired; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SCMANAGER_W, - in, out, - qbuf, rbuf, - svcctl_io_q_open_scmanager, - svcctl_io_r_open_scmanager, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( hSCM, &out.handle, sizeof(POLICY_HND) ); - - return out.status; -} - -/******************************************************************** -********************************************************************/ - -WERROR rpccli_svcctl_open_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hSCM, POLICY_HND *hService, - const char *servicename, uint32 access_desired ) -{ - SVCCTL_Q_OPEN_SERVICE in; - SVCCTL_R_OPEN_SERVICE out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hSCM, sizeof(POLICY_HND) ); - init_unistr2( &in.servicename, servicename, UNI_STR_TERMINATE ); - in.access = access_desired; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SERVICE_W, - in, out, - qbuf, rbuf, - svcctl_io_q_open_service, - svcctl_io_r_open_service, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( hService, &out.handle, sizeof(POLICY_HND) ); - - return out.status; -} - /******************************************************************* *******************************************************************/ @@ -204,36 +129,6 @@ WERROR rpccli_svcctl_enumerate_services( struct rpc_pipe_client *cli, TALLOC_CTX /******************************************************************* *******************************************************************/ -WERROR rpccli_svcctl_query_status( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, SERVICE_STATUS *status ) -{ - SVCCTL_Q_QUERY_STATUS in; - SVCCTL_R_QUERY_STATUS out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_QUERY_STATUS, - in, out, - qbuf, rbuf, - svcctl_io_q_query_status, - svcctl_io_r_query_status, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) ); - - return out.status; -} - -/******************************************************************* -*******************************************************************/ - WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *hService, SERVICE_CONFIG *config ) { @@ -304,109 +199,3 @@ WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c return out.status; } - -/******************************************************************* -*******************************************************************/ - -WERROR rpccli_svcctl_start_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, - const char **parm_array, uint32 parmcount ) -{ - SVCCTL_Q_START_SERVICE in; - SVCCTL_R_START_SERVICE out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - - in.parmcount = 0; - in.parameters = NULL; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_START_SERVICE_W, - in, out, - qbuf, rbuf, - svcctl_io_q_start_service, - svcctl_io_r_start_service, - WERR_GENERAL_FAILURE ); - - return out.status; -} - -/******************************************************************* -*******************************************************************/ - -WERROR rpccli_svcctl_control_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, uint32 control, - SERVICE_STATUS *status ) -{ - SVCCTL_Q_CONTROL_SERVICE in; - SVCCTL_R_CONTROL_SERVICE out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - in.control = control; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_CONTROL_SERVICE, - in, out, - qbuf, rbuf, - svcctl_io_q_control_service, - svcctl_io_r_control_service, - WERR_GENERAL_FAILURE ); - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) ); - - return out.status; -} - - -/******************************************************************* -*******************************************************************/ - -WERROR rpccli_svcctl_get_dispname( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, fstring displayname ) -{ - SVCCTL_Q_GET_DISPLAY_NAME in; - SVCCTL_R_GET_DISPLAY_NAME out; - prs_struct qbuf, rbuf; - - ZERO_STRUCT(in); - ZERO_STRUCT(out); - - memcpy( &in.handle, hService, sizeof(POLICY_HND) ); - in.display_name_len = 0; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME, - in, out, - qbuf, rbuf, - svcctl_io_q_get_display_name, - svcctl_io_r_get_display_name, - WERR_GENERAL_FAILURE ); - - /* second time with correct buffer size...should be ok */ - - if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { - in.display_name_len = out.display_name_len; - - CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME, - in, out, - qbuf, rbuf, - svcctl_io_q_get_display_name, - svcctl_io_r_get_display_name, - WERR_GENERAL_FAILURE ); - } - - if ( !W_ERROR_IS_OK( out.status ) ) - return out.status; - - rpcstr_pull( displayname, out.displayname.buffer, sizeof(displayname), -1, STR_TERMINATE ); - - return out.status; -} diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c new file mode 100644 index 0000000000..2637158fd0 --- /dev/null +++ b/source3/rpc_client/init_lsa.c @@ -0,0 +1,126 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_AsciiString(struct lsa_AsciiString *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_AsciiStringLarge(struct lsa_AsciiStringLarge *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + Inits an lsa_QosInfo structure. +********************************************************************/ + +void init_lsa_sec_qos(struct lsa_QosInfo *r, + uint32_t len, + uint16_t impersonation_level, + uint8_t context_mode, + uint8_t effective_only) +{ + DEBUG(5, ("init_lsa_sec_qos\n")); + + r->len = len; + r->impersonation_level = impersonation_level; + r->context_mode = context_mode; + r->effective_only = effective_only; +} + +/******************************************************************* + Inits an lsa_ObjectAttribute structure. +********************************************************************/ + +void init_lsa_obj_attr(struct lsa_ObjectAttribute *r, + uint32_t len, + uint8_t *root_dir, + const char *object_name, + uint32_t attributes, + struct security_descriptor *sec_desc, + struct lsa_QosInfo *sec_qos) +{ + DEBUG(5,("init_lsa_obj_attr\n")); + + r->len = len; + r->root_dir = root_dir; + r->object_name = object_name; + r->attributes = attributes; + r->sec_desc = sec_desc; + r->sec_qos = sec_qos; +} + +/******************************************************************* + Inits a lsa_TranslatedSid structure. +********************************************************************/ + +void init_lsa_translated_sid(struct lsa_TranslatedSid *r, + enum lsa_SidType sid_type, + uint32_t rid, + uint32_t sid_index) +{ + r->sid_type = sid_type; + r->rid = rid; + r->sid_index = sid_index; +} + +/******************************************************************* + Inits a lsa_TranslatedName2 structure. +********************************************************************/ + +void init_lsa_translated_name2(struct lsa_TranslatedName2 *r, + enum lsa_SidType sid_type, + const char *name, + uint32_t sid_index, + uint32_t unknown) +{ + r->sid_type = sid_type; + init_lsa_String(&r->name, name); + r->sid_index = sid_index; + r->unknown = unknown; +} diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c new file mode 100644 index 0000000000..62f1fac626 --- /dev/null +++ b/source3/rpc_client/init_netlogon.c @@ -0,0 +1,220 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_SamBaseInfo(struct netr_SamBaseInfo *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags) +{ + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->acct_expiry = acct_expiry; + r->last_password_change = last_password_change; + r->allow_password_change = allow_password_change; + r->force_password_change = force_password_change; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + r->logon_count = logon_count; + r->bad_password_count = bad_password_count; + r->rid = rid; + r->primary_gid = primary_gid; + r->groups = groups; + r->user_flags = user_flags; + r->key = key; + init_lsa_StringLarge(&r->logon_server, logon_server); + init_lsa_StringLarge(&r->domain, domain); + r->domain_sid = domain_sid; + r->LMSessKey = LMSessKey; + r->acct_flags = acct_flags; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_SamInfo3(struct netr_SamInfo3 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags, + uint32_t sidcount, + struct netr_SidAttr *sids) +{ + init_netr_SamBaseInfo(&r->base, + last_logon, + last_logoff, + acct_expiry, + last_password_change, + allow_password_change, + force_password_change, + account_name, + full_name, + logon_script, + profile_path, + home_directory, + home_drive, + logon_count, + bad_password_count, + rid, + primary_gid, + groups, + user_flags, + key, + logon_server, + domain, + domain_sid, + LMSessKey, + acct_flags); + r->sidcount = sidcount; + r->sids = sids; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_IdentityInfo(struct netr_IdentityInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation) +{ + init_lsa_String(&r->domain_name, domain_name); + r->parameter_control = parameter_control; + r->logon_id_low = logon_id_low; + r->logon_id_high = logon_id_high; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->workstation, workstation); +} + +/******************************************************************* + inits a structure. + This is a network logon packet. The log_id parameters + are what an NT server would generate for LUID once the + user is logged on. I don't think we care about them. + + Note that this has no access to the NT and LM hashed passwords, + so it forwards the challenge, and the NT and LM responses (24 + bytes each) over the secure channel to the Domain controller + for it to say yea or nay. This is the preferred method of + checking for a logon as it doesn't export the password + hashes to anyone who has compromised the secure channel. JRA. + +********************************************************************/ + +void init_netr_NetworkInfo(struct netr_NetworkInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation, + uint8_t challenge[8], + struct netr_ChallengeResponse nt, + struct netr_ChallengeResponse lm) +{ + init_netr_IdentityInfo(&r->identity_info, + domain_name, + parameter_control, + logon_id_low, + logon_id_high, + account_name, + workstation); + memcpy(r->challenge, challenge, 8); + r->nt = nt; + r->lm = lm; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_PasswordInfo(struct netr_PasswordInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation, + struct samr_Password lmpassword, + struct samr_Password ntpassword) +{ + init_netr_IdentityInfo(&r->identity_info, + domain_name, + parameter_control, + logon_id_low, + logon_id_high, + account_name, + workstation); + r->lmpassword = lmpassword; + r->ntpassword = ntpassword; +} diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c new file mode 100644 index 0000000000..1275fc834b --- /dev/null +++ b/source3/rpc_client/init_samr.c @@ -0,0 +1,461 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo1(struct samr_DomInfo1 *r, + uint16_t min_password_length, + uint16_t password_history_length, + uint32_t password_properties, + int64_t max_password_age, + int64_t min_password_age) +{ + r->min_password_length = min_password_length; + r->password_history_length = password_history_length; + r->password_properties = password_properties; + r->max_password_age = max_password_age; + r->min_password_age = min_password_age; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo2(struct samr_DomInfo2 *r, + NTTIME force_logoff_time, + const char *comment, + const char *domain_name, + const char *primary, + uint64_t sequence_num, + uint32_t unknown2, + enum samr_Role role, + uint32_t unknown3, + uint32_t num_users, + uint32_t num_groups, + uint32_t num_aliases) +{ + r->force_logoff_time = force_logoff_time; + init_lsa_String(&r->comment, comment); + init_lsa_String(&r->domain_name, domain_name); + init_lsa_String(&r->primary, primary); + r->sequence_num = sequence_num; + r->unknown2 = unknown2; + r->role = role; + r->unknown3 = unknown3; + r->num_users = num_users; + r->num_groups = num_groups; + r->num_aliases = num_aliases; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo3(struct samr_DomInfo3 *r, + NTTIME force_logoff_time) +{ + r->force_logoff_time = force_logoff_time; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo4(struct samr_DomInfo4 *r, + const char *comment) +{ + init_lsa_String(&r->comment, comment); +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo5(struct samr_DomInfo5 *r, + const char *domain_name) +{ + init_lsa_String(&r->domain_name, domain_name); +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo6(struct samr_DomInfo6 *r, + const char *primary) +{ + init_lsa_String(&r->primary, primary); +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo7(struct samr_DomInfo7 *r, + enum samr_Role role) +{ + r->role = role; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo8(struct samr_DomInfo8 *r, + uint64_t sequence_num, + NTTIME domain_create_time) +{ + r->sequence_num = sequence_num; + r->domain_create_time = domain_create_time; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo9(struct samr_DomInfo9 *r, + uint32_t unknown) +{ + r->unknown = unknown; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo12(struct samr_DomInfo12 *r, + uint64_t lockout_duration, + uint64_t lockout_window, + uint16_t lockout_threshold) +{ + r->lockout_duration = lockout_duration; + r->lockout_window = lockout_window; + r->lockout_threshold = lockout_threshold; +} + +/******************************************************************* + inits a samr_GroupInfoAll structure. +********************************************************************/ + +void init_samr_group_info1(struct samr_GroupInfoAll *r, + const char *name, + uint32_t attributes, + uint32_t num_members, + const char *description) +{ + DEBUG(5, ("init_samr_group_info1\n")); + + init_lsa_String(&r->name, name); + r->attributes = attributes; + r->num_members = num_members; + init_lsa_String(&r->description, description); +} + +/******************************************************************* + inits a lsa_String structure +********************************************************************/ + +void init_samr_group_info2(struct lsa_String *r, const char *group_name) +{ + DEBUG(5, ("init_samr_group_info2\n")); + + init_lsa_String(r, group_name); +} + +/******************************************************************* + inits a samr_GroupInfoAttributes structure. +********************************************************************/ + +void init_samr_group_info3(struct samr_GroupInfoAttributes *r, + uint32_t attributes) +{ + DEBUG(5, ("init_samr_group_info3\n")); + + r->attributes = attributes; +} + +/******************************************************************* + inits a lsa_String structure +********************************************************************/ + +void init_samr_group_info4(struct lsa_String *r, const char *description) +{ + DEBUG(5, ("init_samr_group_info4\n")); + + init_lsa_String(r, description); +} + +/******************************************************************* + inits a samr_GroupInfoAll structure. +********************************************************************/ + +void init_samr_group_info5(struct samr_GroupInfoAll *r, + const char *name, + uint32_t attributes, + uint32_t num_members, + const char *description) +{ + DEBUG(5, ("init_samr_group_info5\n")); + + init_lsa_String(&r->name, name); + r->attributes = attributes; + r->num_members = num_members; + init_lsa_String(&r->description, description); +} + +/******************************************************************* + inits a samr_AliasInfoAll structure. +********************************************************************/ + +void init_samr_alias_info1(struct samr_AliasInfoAll *r, + const char *name, + uint32_t num_members, + const char *description) +{ + DEBUG(5, ("init_samr_alias_info1\n")); + + init_lsa_String(&r->name, name); + r->num_members = num_members; + init_lsa_String(&r->description, description); +} + +/******************************************************************* +inits a lsa_String structure. +********************************************************************/ + +void init_samr_alias_info3(struct lsa_String *r, + const char *description) +{ + DEBUG(5, ("init_samr_alias_info3\n")); + + init_lsa_String(r, description); +} + +/******************************************************************* + inits a samr_UserInfo7 structure. +********************************************************************/ + +void init_samr_user_info7(struct samr_UserInfo7 *r, + const char *account_name) +{ + DEBUG(5, ("init_samr_user_info7\n")); + + init_lsa_String(&r->account_name, account_name); +} + +/******************************************************************* + inits a samr_UserInfo9 structure. +********************************************************************/ + +void init_samr_user_info9(struct samr_UserInfo9 *r, + uint32_t primary_gid) +{ + DEBUG(5, ("init_samr_user_info9\n")); + + r->primary_gid = primary_gid; +} + +/******************************************************************* + inits a SAM_USER_INFO_16 structure. +********************************************************************/ + +void init_samr_user_info16(struct samr_UserInfo16 *r, + uint32_t acct_flags) +{ + DEBUG(5, ("init_samr_user_info16\n")); + + r->acct_flags = acct_flags; +} + +/******************************************************************* + inits a samr_UserInfo18 structure. +********************************************************************/ + +void init_samr_user_info18(struct samr_UserInfo18 *r, + const uint8 lm_pwd[16], + const uint8 nt_pwd[16]) +{ + DEBUG(5, ("init_samr_user_info18\n")); + + r->lm_pwd_active = + memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false; + r->nt_pwd_active = + memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false; +} + +/******************************************************************* + inits a samr_UserInfo20 structure. +********************************************************************/ + +void init_samr_user_info20(struct samr_UserInfo20 *r, + const char *munged_dial) +{ + init_lsa_String(&r->parameters, munged_dial); +} + +/************************************************************************* + inits a samr_UserInfo21 structure + *************************************************************************/ + +void init_samr_user_info21(struct samr_UserInfo21 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + const char *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired) +{ + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->last_password_change = last_password_change; + r->acct_expiry = acct_expiry; + r->allow_password_change = allow_password_change; + r->force_password_change = force_password_change; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->description, description); + init_lsa_String(&r->workstations, workstations); + init_lsa_String(&r->comment, comment); + init_lsa_String(&r->parameters, parameters); + r->rid = rid; + r->primary_gid = primary_gid; + r->acct_flags = acct_flags; + r->fields_present = fields_present; + r->logon_hours = logon_hours; + r->bad_password_count = bad_password_count; + r->logon_count = logon_count; + r->country_code = country_code; + r->code_page = code_page; + r->nt_password_set = nt_password_set; + r->lm_password_set = lm_password_set; + r->password_expired = password_expired; +} + +/************************************************************************* + init_samr_user_info23 + *************************************************************************/ + +void init_samr_user_info23(struct samr_UserInfo23 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + const char *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + uint8_t data[516], + uint8_t pw_len) +{ + init_samr_user_info21(&r->info, + last_logon, + last_logoff, + last_password_change, + acct_expiry, + allow_password_change, + force_password_change, + account_name, + full_name, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + comment, + parameters, + rid, + primary_gid, + acct_flags, + fields_present, + logon_hours, + bad_password_count, + logon_count, + country_code, + code_page, + nt_password_set, + lm_password_set, + password_expired); + + memcpy(r->password.data, data, sizeof(r->password.data)); +} + +/************************************************************************* + init_samr_user_info24 + *************************************************************************/ + +void init_samr_user_info24(struct samr_UserInfo24 *r, + uint8_t data[516], + uint8_t pw_len) +{ + DEBUG(10, ("init_samr_user_info24:\n")); + + memcpy(r->password.data, data, sizeof(r->password.data)); + r->pw_len = pw_len; +} |