summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source4/libnet/libnet_join.c11
-rw-r--r--source4/libnet/libnet_rpc.c4
-rw-r--r--source4/libnet/libnet_samdump.c71
-rw-r--r--source4/libnet/libnet_samdump_keytab.c42
-rw-r--r--source4/libnet/libnet_samsync_ldb.c45
-rw-r--r--source4/libnet/libnet_vampire.c116
-rw-r--r--source4/libnet/libnet_vampire.h62
-rw-r--r--source4/librpc/rpc/dcerpc.h1
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c11
-rw-r--r--source4/librpc/rpc/dcerpc_connect.c24
-rw-r--r--source4/librpc/rpc/dcerpc_schannel.c17
-rw-r--r--source4/librpc/rpc/dcerpc_util.c18
-rw-r--r--source4/torture/rpc/netlogon.c9
-rw-r--r--source4/torture/rpc/samlogon.c2
-rw-r--r--source4/torture/rpc/schannel.c2
-rw-r--r--source4/utils/net/net_vampire.c23
-rw-r--r--source4/winbind/wb_connect_lsa.c14
-rw-r--r--source4/winbind/wb_connect_sam.c14
-rw-r--r--source4/winbind/wb_init_domain.c3
19 files changed, 242 insertions, 247 deletions
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 616c80b1a4..7a897b1280 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -745,14 +745,11 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
*/
/* Find the original binding string */
- status = dcerpc_parse_binding(tmp_ctx, lsa_pipe->conn->binding_string, &samr_binding);
- if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_asprintf(mem_ctx,
- "Failed to parse lsa binding '%s'",
- lsa_pipe->conn->binding_string);
- talloc_free(tmp_ctx);
- return status;
+ samr_binding = talloc(tmp_ctx, struct dcerpc_binding);
+ if (!samr_binding) {
+ return NT_STATUS_NO_MEMORY;
}
+ *samr_binding = *lsa_pipe->binding;
/* Make binding string for samr, not the other pipe */
status = dcerpc_epm_map_binding(tmp_ctx, samr_binding,
diff --git a/source4/libnet/libnet_rpc.c b/source4/libnet/libnet_rpc.c
index ffed674f1f..1f98e575d1 100644
--- a/source4/libnet/libnet_rpc.c
+++ b/source4/libnet/libnet_rpc.c
@@ -57,8 +57,8 @@ static NTSTATUS libnet_RpcConnectSrv(struct libnet_context *ctx, TALLOC_CTX *mem
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
- "dcerpc_pipe_connect to pipe %s failed with %s\n",
- r->in.dcerpc_iface->name, binding);
+ "dcerpc_pipe_connect to pipe %s[%s] failed with %s\n",
+ r->in.dcerpc_iface->name, binding, nt_errstr(status));
return status;
}
diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c
index 52513fa1b1..e094293916 100644
--- a/source4/libnet/libnet_samdump.c
+++ b/source4/libnet/libnet_samdump.c
@@ -151,7 +151,7 @@ static NTSTATUS libnet_samdump_fn(TALLOC_CTX *mem_ctx,
return nt_status;
}
-static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
+NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
@@ -164,15 +164,16 @@ static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
- samdump_state->secrets = NULL;
+ samdump_state->secrets = NULL;
samdump_state->trusted_domains = NULL;
- r2.error_string = NULL;
- r2.delta_fn = libnet_samdump_fn;
- r2.fn_ctx = samdump_state;
- r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
- nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
- r->error_string = r2.error_string;
+ r2.out.error_string = NULL;
+ r2.in.binding_string = r->in.binding_string;
+ r2.in.delta_fn = libnet_samdump_fn;
+ r2.in.fn_ctx = samdump_state;
+ r2.in.machine_account = r->in.machine_account;
+ nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
+ r->out.error_string = r2.out.error_string;
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(samdump_state);
@@ -183,49 +184,25 @@ static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *
for (t=samdump_state->trusted_domains; t; t=t->next) {
char *secret_name = talloc_asprintf(mem_ctx, "G$$%s", t->name);
for (s=samdump_state->secrets; s; s=s->next) {
- if (strcasecmp_m(s->name, secret_name) == 0) {
- char *secret_string;
- if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
- s->secret.data, s->secret.length,
- (void **)&secret_string) == -1) {
- r->error_string = talloc_asprintf(mem_ctx,
- "Could not convert secret for domain %s to a string\n",
- t->name);
- talloc_free(samdump_state);
- return NT_STATUS_INVALID_PARAMETER;
- }
- printf("%s\t%s\t%s\n",
- t->name, dom_sid_string(mem_ctx, t->sid),
- secret_string);
+ char *secret_string;
+ if (strcasecmp_m(s->name, secret_name) != 0) {
+ continue;
+ }
+ if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
+ s->secret.data, s->secret.length,
+ (void **)&secret_string) == -1) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "Could not convert secret for domain %s to a string\n",
+ t->name);
+ talloc_free(samdump_state);
+ return NT_STATUS_INVALID_PARAMETER;
}
+ printf("%s\t%s\t%s\n",
+ t->name, dom_sid_string(mem_ctx, t->sid),
+ secret_string);
}
}
talloc_free(samdump_state);
return nt_status;
}
-
-
-static NTSTATUS libnet_SamDump_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
-{
- NTSTATUS nt_status;
- struct libnet_SamDump r2;
- r2.level = LIBNET_SAMDUMP_NETLOGON;
- r2.error_string = NULL;
- nt_status = libnet_SamDump(ctx, mem_ctx, &r2);
- r->error_string = r2.error_string;
-
- return nt_status;
-}
-
-NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
-{
- switch (r->level) {
- case LIBNET_SAMDUMP_GENERIC:
- return libnet_SamDump_generic(ctx, mem_ctx, r);
- case LIBNET_SAMDUMP_NETLOGON:
- return libnet_SamDump_netlogon(ctx, mem_ctx, r);
- }
-
- return NT_STATUS_INVALID_LEVEL;
-}
diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c
index e267cfdc2e..f16e0ae383 100644
--- a/source4/libnet/libnet_samdump_keytab.c
+++ b/source4/libnet/libnet_samdump_keytab.c
@@ -94,17 +94,18 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx,
return nt_status;
}
-static NTSTATUS libnet_SamDump_keytab_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
+NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
- r2.error_string = NULL;
- r2.delta_fn = libnet_samdump_keytab_fn;
- r2.fn_ctx = r->keytab_name;
- r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
- nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2);
- r->error_string = r2.error_string;
+ r2.out.error_string = NULL;
+ r2.in.binding_string = r->in.binding_string;
+ r2.in.delta_fn = libnet_samdump_keytab_fn;
+ r2.in.fn_ctx = discard_const(r->in.keytab_name);
+ r2.in.machine_account = r->in.machine_account;
+ nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2);
+ r->out.error_string = r2.out.error_string;
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
@@ -112,30 +113,3 @@ static NTSTATUS libnet_SamDump_keytab_netlogon(struct libnet_context *ctx, TALLO
return nt_status;
}
-
-
-
-static NTSTATUS libnet_SamDump_keytab_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
-{
- NTSTATUS nt_status;
- struct libnet_SamDump_keytab r2;
- r2.level = LIBNET_SAMDUMP_NETLOGON;
- r2.error_string = NULL;
- r2.keytab_name = r->keytab_name;
- nt_status = libnet_SamDump_keytab(ctx, mem_ctx, &r2);
- r->error_string = r2.error_string;
-
- return nt_status;
-}
-
-NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
-{
- switch (r->level) {
- case LIBNET_SAMDUMP_GENERIC:
- return libnet_SamDump_keytab_generic(ctx, mem_ctx, r);
- case LIBNET_SAMDUMP_NETLOGON:
- return libnet_SamDump_keytab_netlogon(ctx, mem_ctx, r);
- }
-
- return NT_STATUS_INVALID_LEVEL;
-}
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index 03c551d2f7..2baab53289 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -1053,7 +1053,7 @@ static NTSTATUS libnet_samsync_ldb_fn(TALLOC_CTX *mem_ctx,
return nt_status;
}
-static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
+NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
@@ -1063,17 +1063,18 @@ static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_C
return NT_STATUS_NO_MEMORY;
}
- state->secrets = NULL;
+ state->secrets = NULL;
state->trusted_domains = NULL;
- state->sam_ldb = samdb_connect(state, system_session(state));
+ state->sam_ldb = samdb_connect(state, system_session(state));
- r2.error_string = NULL;
- r2.delta_fn = libnet_samsync_ldb_fn;
- r2.fn_ctx = state;
- r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
- nt_status = libnet_SamSync_netlogon(ctx, state, &r2);
- r->error_string = r2.error_string;
+ r2.out.error_string = NULL;
+ r2.in.binding_string = r->in.binding_string;
+ r2.in.delta_fn = libnet_samsync_ldb_fn;
+ r2.in.fn_ctx = state;
+ r2.in.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
+ nt_status = libnet_SamSync_netlogon(ctx, state, &r2);
+ r->out.error_string = r2.out.error_string;
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(state);
@@ -1082,29 +1083,3 @@ static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_C
talloc_free(state);
return nt_status;
}
-
-
-
-static NTSTATUS libnet_samsync_ldb_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
-{
- NTSTATUS nt_status;
- struct libnet_samsync_ldb r2;
- r2.level = LIBNET_SAMSYNC_LDB_NETLOGON;
- r2.error_string = NULL;
- nt_status = libnet_samsync_ldb(ctx, mem_ctx, &r2);
- r->error_string = r2.error_string;
-
- return nt_status;
-}
-
-NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
-{
- switch (r->level) {
- case LIBNET_SAMSYNC_LDB_GENERIC:
- return libnet_samsync_ldb_generic(ctx, mem_ctx, r);
- case LIBNET_SAMSYNC_LDB_NETLOGON:
- return libnet_samsync_ldb_netlogon(ctx, mem_ctx, r);
- }
-
- return NT_STATUS_INVALID_LEVEL;
-}
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index dc271ba577..26e3939205 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -150,24 +150,15 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
struct creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
struct cli_credentials *machine_account;
- struct dcerpc_binding *b;
struct dcerpc_pipe *p;
+ struct libnet_context *machine_net_ctx;
+ struct libnet_RpcConnect *c;
const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
- /* TODO: This is bogus */
- const char **bindings = lp_passwordserver();
- const char *binding;
-
- if (bindings && bindings[0]) {
- binding = bindings[0];
- } else {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context");
- if (!r->machine_account) {
+ if (!r->in.machine_account) {
machine_account = cli_credentials_init(samsync_ctx);
if (!machine_account) {
talloc_free(samsync_ctx);
@@ -176,16 +167,17 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
cli_credentials_set_conf(machine_account);
nt_status = cli_credentials_set_machine_account(machine_account);
if (!NT_STATUS_IS_OK(nt_status)) {
- r->error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
+ r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
talloc_free(samsync_ctx);
return nt_status;
}
} else {
- machine_account = r->machine_account;
+ machine_account = r->in.machine_account;
}
+ /* We cannot do this unless we are a BDC. Check, before we get odd errors later */
if (cli_credentials_get_secure_channel_type(machine_account) != SEC_CHAN_BDC) {
- r->error_string
+ r->out.error_string
= talloc_asprintf(mem_ctx,
"Our join to domain %s is not as a BDC (%d), please rejoin as a BDC",
@@ -195,25 +187,67 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- /* Connect to DC (take a binding string for now) */
+ c = talloc(samsync_ctx, struct libnet_RpcConnect);
+ if (!c) {
+ r->out.error_string = NULL;
+ talloc_free(samsync_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (r->in.binding_string) {
+ c->level = LIBNET_RPC_CONNECT_BINDING;
+ c->in.binding = r->in.binding_string;
+ } else {
+ /* prepare connect to the NETLOGON pipe of PDC */
+ c->level = LIBNET_RPC_CONNECT_PDC;
+ c->in.name = cli_credentials_get_domain(machine_account);
+ }
+ c->in.dcerpc_iface = &dcerpc_table_netlogon;
+
+ /* We must do this as the machine, not as any command-line
+ * user. So we override the credentials in the
+ * libnet_context */
+ machine_net_ctx = talloc(samsync_ctx, struct libnet_context);
+ if (!machine_net_ctx) {
+ r->out.error_string = NULL;
+ talloc_free(samsync_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ *machine_net_ctx = *ctx;
+ machine_net_ctx->cred = machine_account;
- nt_status = dcerpc_parse_binding(samsync_ctx, binding, &b);
+ /* connect to the NETLOGON pipe of the PDC */
+ nt_status = libnet_RpcConnect(machine_net_ctx, c, c);
if (!NT_STATUS_IS_OK(nt_status)) {
- r->error_string = talloc_asprintf(mem_ctx, "Bad binding string %s\n", binding);
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "Connection to NETLOGON pipe of DC failed: %s",
+ c->out.error_string);
talloc_free(samsync_ctx);
- return NT_STATUS_INVALID_PARAMETER;
+ return nt_status;
}
- /* We like schannel */
- b->flags &= ~DCERPC_AUTH_OPTIONS;
- b->flags |= DCERPC_SCHANNEL | DCERPC_SEAL /* | DCERPC_SCHANNEL_128 */;
+ /* This makes a new pipe, on which we can do schannel. We
+ * should do this in the RpcConnect code, but the abstaction
+ * layers do not suit yet */
+
+ nt_status = dcerpc_secondary_connection(c->out.dcerpc_pipe, &p,
+ c->out.dcerpc_pipe->binding);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "Secondary connection to NETLOGON pipe of DC %s failed: %s",
+ dcerpc_server_name(p), nt_errstr(nt_status));
+ talloc_free(samsync_ctx);
+ return nt_status;
+ }
- /* Setup schannel */
- nt_status = dcerpc_pipe_connect_b(samsync_ctx, &p, b,
- &dcerpc_table_netlogon,
- machine_account, ctx->event_ctx);
+ nt_status = dcerpc_bind_auth_schannel(samsync_ctx, p, &dcerpc_table_netlogon,
+ machine_account, DCERPC_AUTH_LEVEL_PRIVACY);
if (!NT_STATUS_IS_OK(nt_status)) {
+ r->out.error_string = talloc_asprintf(mem_ctx,
+ "SCHANNEL authentication to NETLOGON pipe of DC %s failed: %s",
+ dcerpc_server_name(p), nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
@@ -222,11 +256,12 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
nt_status = dcerpc_schannel_creds(p->conn->security_state.generic_state, samsync_ctx, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
- r->error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer");
+ r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer");
talloc_free(samsync_ctx);
return nt_status;
}
+ /* Setup details for the syncronisation */
dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
dbsync.in.computername = cli_credentials_get_workstation(machine_account);
dbsync.in.preferredmaximumlength = (uint32_t)-1;
@@ -244,40 +279,47 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync);
if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
!NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)) {
- r->error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status));
+ r->out.error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) {
- r->error_string = talloc_strdup(samsync_ctx, "Credential chaining failed");
+ r->out.error_string = talloc_strdup(samsync_ctx, "Credential chaining failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
}
dbsync.in.sync_context = dbsync.out.sync_context;
+ /* For every single remote 'delta' entry: */
for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) {
char *error_string = NULL;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
+ /* 'Fix' elements, by decrypting and
+ * de-obfustiating the data */
nt_status = fix_delta(delta_ctx,
creds,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
- r->error_string = talloc_steal(samsync_ctx, error_string);
+ r->out.error_string = talloc_steal(samsync_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}
- nt_status = r->delta_fn(delta_ctx,
- r->fn_ctx,
- creds,
- dbsync.in.database_id,
- &dbsync.out.delta_enum_array->delta_enum[d],
- &error_string);
+
+ /* Now call the callback. This will
+ * do something like print the data or
+ * write to an ldb */
+ nt_status = r->in.delta_fn(delta_ctx,
+ r->in.fn_ctx,
+ creds,
+ dbsync.in.database_id,
+ &dbsync.out.delta_enum_array->delta_enum[d],
+ &error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
- r->error_string = talloc_steal(samsync_ctx, error_string);
+ r->out.error_string = talloc_steal(samsync_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}
diff --git a/source4/libnet/libnet_vampire.h b/source4/libnet/libnet_vampire.h
index ed1b3ea828..4bbdf2733a 100644
--- a/source4/libnet/libnet_vampire.h
+++ b/source4/libnet/libnet_vampire.h
@@ -22,40 +22,50 @@
/* struct and enum for doing a remote domain vampire dump */
struct libnet_SamSync {
- NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx,
- void *private,
- struct creds_CredentialState *creds,
- enum netr_SamDatabaseID database,
- struct netr_DELTA_ENUM *delta,
- char **error_string);
- void *fn_ctx;
- const char *error_string;
- struct cli_credentials *machine_account;
-};
-
-enum libnet_SamDump_level {
- LIBNET_SAMDUMP_GENERIC,
- LIBNET_SAMDUMP_NETLOGON,
+ struct {
+ const char *binding_string;
+ NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx,
+ void *private,
+ struct creds_CredentialState *creds,
+ enum netr_SamDatabaseID database,
+ struct netr_DELTA_ENUM *delta,
+ char **error_string);
+ void *fn_ctx;
+ struct cli_credentials *machine_account;
+ } in;
+ struct {
+ const char *error_string;
+ } out;
};
struct libnet_SamDump {
- enum libnet_SamDump_level level;
- const char *error_string;
+ struct {
+ const char *binding_string;
+ struct cli_credentials *machine_account;
+ } in;
+ struct {
+ const char *error_string;
+ } out;
};
struct libnet_SamDump_keytab {
- enum libnet_SamDump_level level;
- const char *keytab_name;
- const char *error_string;
-};
-
-enum libnet_samsync_ldb_level {
- LIBNET_SAMSYNC_LDB_GENERIC,
- LIBNET_SAMSYNC_LDB_NETLOGON,
+ struct {
+ const char *binding_string;
+ const char *keytab_name;
+ struct cli_credentials *machine_account;
+ } in;
+ struct {
+ const char *error_string;
+ } out;
};
struct libnet_samsync_ldb {
- enum libnet_samsync_ldb_level level;
- const char *error_string;
+ struct {
+ const char *binding_string;
+ struct cli_credentials *machine_account;
+ } in;
+ struct {
+ const char *error_string;
+ } out;
};
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index cbfe8478b2..df70580db3 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -100,6 +100,7 @@ struct dcerpc_pipe {
struct dcerpc_syntax_id transfer_syntax;
struct dcerpc_connection *conn;
+ struct dcerpc_binding *binding;
/* the last fault code from a DCERPC fault */
uint32_t last_fault_code;
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index bffa994abe..f0a7dc8ffe 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -168,7 +168,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
struct cli_credentials *credentials,
- uint8_t auth_type,
+ uint8_t auth_type, uint8_t auth_level,
const char *service)
{
struct composite_context *c, *creq;
@@ -233,8 +233,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
}
c->status = gensec_start_mech_by_authtype(sec->generic_state,
- auth_type,
- dcerpc_auth_level(p->conn));
+ auth_type, auth_level);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
gensec_get_name_by_authtype(auth_type),
@@ -249,7 +248,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
}
sec->auth_info->auth_type = auth_type;
- sec->auth_info->auth_level = dcerpc_auth_level(p->conn);
+ sec->auth_info->auth_level = auth_level,
sec->auth_info->auth_pad_length = 0;
sec->auth_info->auth_reserved = 0;
sec->auth_info->auth_context_id = random();
@@ -323,11 +322,11 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
struct cli_credentials *credentials,
- uint8_t auth_type,
+ uint8_t auth_type, uint8_t auth_level,
const char *service)
{
struct composite_context *creq;
creq = dcerpc_bind_auth_send(p, p, table, credentials,
- auth_type, service);
+ auth_type, auth_level, service);
return dcerpc_bind_auth_recv(creq);
}
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 1c9ab8c0ed..67dfda6d7a 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -131,29 +131,19 @@ struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CTX *mem_
conn->in.called_name = strupper_talloc(mem_ctx, s->io.binding->host);
conn->in.service = "IPC$";
conn->in.service_type = NULL;
- conn->in.fallback_to_anonymous = False;
conn->in.workgroup = lp_workgroup();
/*
- * provide proper credentials - user supplied or anonymous in case this is
- * schannel connection
+ * provide proper credentials - user supplied, but allow a
+ * fallback to anonymous if this is an schannel connection
+ * (might be NT4 not allowing machine logins at session
+ * setup).
*/
+ s->conn.in.credentials = s->io.creds;
if (s->io.binding->flags & DCERPC_SCHANNEL) {
- struct cli_credentials *anon_creds;
-
- anon_creds = cli_credentials_init(mem_ctx);
- if (!anon_creds) {
- composite_error(c, NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- cli_credentials_set_anonymous(anon_creds);
- cli_credentials_guess(anon_creds);
-
- s->conn.in.credentials = anon_creds;
-
+ conn->in.fallback_to_anonymous = True;
} else {
- s->conn.in.credentials = s->io.creds;
+ conn->in.fallback_to_anonymous = False;
}
/* send smb connect request */
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 108b678188..64cf6748e8 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -55,16 +55,15 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx,
step 1 - establish a netlogon connection, with no authentication
*/
- /* Find the original binding string */
- status = dcerpc_parse_binding(tmp_ctx, p->conn->binding_string, &b);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string));
- return status;
+ b = talloc(tmp_ctx, struct dcerpc_binding);
+ if (!b) {
+ return NT_STATUS_NO_MEMORY;
}
+ *b = *p->binding;
/* Make binding string for netlogon, not the other pipe */
status = dcerpc_epm_map_binding(tmp_ctx, b,
- &dcerpc_table_netlogon,
+ &dcerpc_table_netlogon,
p->conn->event_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n",
@@ -141,7 +140,8 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx,
NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx,
struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
- struct cli_credentials *credentials)
+ struct cli_credentials *credentials,
+ uint8_t auth_level)
{
NTSTATUS status;
@@ -156,7 +156,8 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx,
return status;
}
- return dcerpc_bind_auth(p, table, credentials, DCERPC_AUTH_TYPE_SCHANNEL,
+ return dcerpc_bind_auth(p, table, credentials,
+ DCERPC_AUTH_TYPE_SCHANNEL, auth_level,
NULL);
}
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 15a45ed3f0..6ef91b87b0 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -889,9 +889,10 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
/* If we don't already have netlogon credentials for
* the schannel bind, then we have to get these
* first */
- status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials);
+ status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials,
+ dcerpc_auth_level(p->conn));
} else if (!cli_credentials_is_anonymous(credentials) &&
- !(binding->transport == NCACN_NP &&
+ !(p->conn->transport.transport == NCACN_NP &&
!(binding->flags & DCERPC_SIGN) &&
!(binding->flags & DCERPC_SEAL))) {
@@ -925,7 +926,9 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
}
status = dcerpc_bind_auth(p, table,
- credentials, auth_type, table->authservices->names[0]);
+ credentials, auth_type,
+ dcerpc_auth_level(p->conn),
+ table->authservices->names[0]);
} else {
status = dcerpc_bind_auth_none(p, table);
}
@@ -1099,6 +1102,11 @@ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
return status;
}
+ p->binding = binding;
+ if (!talloc_reference(p, binding)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
status = dcerpc_pipe_auth(p, binding, table, credentials);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(p);
@@ -1195,6 +1203,10 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe *
}
(*p2)->conn->flags = p->conn->flags;
+ (*p2)->binding = b;
+ if (!talloc_reference(*p2, b)) {
+ return NT_STATUS_NO_MEMORY;
+ }
return NT_STATUS_OK;
}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index ab12362759..6dc3158a9f 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -1404,7 +1404,6 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
- struct dcerpc_binding *b;
struct dcerpc_pipe *p2;
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
@@ -1425,13 +1424,7 @@ static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
printf("Torturing GetDCName\n");
- status = dcerpc_parse_binding(mem_ctx, p->conn->binding_string, &b);
- if (!NT_STATUS_IS_OK(status)) {
- printf("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string);
- return False;
- }
-
- status = dcerpc_secondary_connection(p, &p2, b);
+ status = dcerpc_secondary_connection(p, &p2, p->binding);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to create secondary connection\n");
return False;
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index 996d78d25f..af29d44347 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -1742,6 +1742,8 @@ BOOL torture_rpc_samlogon(void)
* session key encryption) */
for (i=0; i < ARRAY_SIZE(credential_flags); i++) {
+ /* TODO: Somehow we lost setting up the different credential flags here! */
+
if (!test_InteractiveLogon(p, mem_ctx, creds,
usercreds[0].comment,
TEST_MACHINE_NAME,
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index bab0ffc4e8..eba9affce0 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -210,6 +210,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
status = dcerpc_bind_auth(p_netlogon, &dcerpc_table_netlogon,
credentials, DCERPC_AUTH_TYPE_SCHANNEL,
+ dcerpc_auth_level(p->conn),
NULL);
if (!NT_STATUS_IS_OK(status)) {
@@ -242,6 +243,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
status = dcerpc_bind_auth(p_lsa, &dcerpc_table_lsarpc,
credentials, DCERPC_AUTH_TYPE_SCHANNEL,
+ dcerpc_auth_level(p->conn),
NULL);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/utils/net/net_vampire.c b/source4/utils/net/net_vampire.c
index 75ad175c66..f89739225d 100644
--- a/source4/utils/net/net_vampire.c
+++ b/source4/utils/net/net_vampire.c
@@ -48,7 +48,7 @@ static int net_samdump_keytab(struct net_context *ctx, int argc, const char **ar
return net_samdump_keytab_usage(ctx, argc, argv);
break;
case 1:
- r.keytab_name = argv[0];
+ r.in.keytab_name = argv[0];
break;
}
@@ -58,14 +58,15 @@ static int net_samdump_keytab(struct net_context *ctx, int argc, const char **ar
}
libnetctx->cred = ctx->credentials;
- r.level = LIBNET_SAMDUMP_GENERIC;
- r.error_string = NULL;
+ r.out.error_string = NULL;
+ r.in.machine_account = NULL;
+ r.in.binding_string = NULL;
status = libnet_SamDump_keytab(libnetctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
- r.error_string));
+ r.out.error_string));
return -1;
}
@@ -103,14 +104,15 @@ int net_samdump(struct net_context *ctx, int argc, const char **argv)
}
libnetctx->cred = ctx->credentials;
- r.level = LIBNET_SAMDUMP_GENERIC;
- r.error_string = NULL;
+ r.out.error_string = NULL;
+ r.in.machine_account = NULL;
+ r.in.binding_string = NULL;
status = libnet_SamDump(libnetctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
- r.error_string));
+ r.out.error_string));
return -1;
}
@@ -144,14 +146,15 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
}
libnetctx->cred = ctx->credentials;
- r.level = LIBNET_SAMSYNC_LDB_GENERIC;
- r.error_string = NULL;
+ r.out.error_string = NULL;
+ r.in.machine_account = NULL;
+ r.in.binding_string = NULL;
status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_samsync_ldb returned %s: %s\n",
nt_errstr(status),
- r.error_string));
+ r.out.error_string));
return -1;
}
diff --git a/source4/winbind/wb_connect_lsa.c b/source4/winbind/wb_connect_lsa.c
index 76f75eb0a4..1c9cb5f39a 100644
--- a/source4/winbind/wb_connect_lsa.c
+++ b/source4/winbind/wb_connect_lsa.c
@@ -95,24 +95,32 @@ static void init_lsa_recv_pipe(struct composite_context *ctx)
switch (state->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
ctx = dcerpc_bind_auth_none_send(state, state->lsa_pipe,
- &dcerpc_table_lsarpc);
+ &dcerpc_table_lsarpc);
composite_continue(state->ctx, ctx, init_lsa_recv_anon_bind,
state);
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_SCHANNEL:
+ {
+ uint8_t auth_type;
+ if (lp_winbind_sealed_pipes()) {
+ auth_type = DCERPC_AUTH_LEVEL_PRIVACY;
+ } else {
+ auth_type = DCERPC_AUTH_LEVEL_INTEGRITY;
+ }
if (state->creds == NULL) {
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
return;
}
- state->lsa_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
ctx = dcerpc_bind_auth_send(state, state->lsa_pipe,
- &dcerpc_table_lsarpc,
+ &dcerpc_table_lsarpc,
state->creds, state->auth_type,
+ auth_type,
NULL);
composite_continue(state->ctx, ctx, init_lsa_recv_auth_bind,
state);
break;
+ }
default:
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
}
diff --git a/source4/winbind/wb_connect_sam.c b/source4/winbind/wb_connect_sam.c
index e3b9c82310..1817785508 100644
--- a/source4/winbind/wb_connect_sam.c
+++ b/source4/winbind/wb_connect_sam.c
@@ -102,24 +102,32 @@ static void connect_samr_recv_pipe(struct composite_context *ctx)
switch (state->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
ctx = dcerpc_bind_auth_none_send(state, state->samr_pipe,
- &dcerpc_table_samr);
+ &dcerpc_table_samr);
composite_continue(state->ctx, ctx,
connect_samr_recv_anon_bind, state);
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_SCHANNEL:
+ {
+ uint8_t auth_type;
+ if (lp_winbind_sealed_pipes()) {
+ auth_type = DCERPC_AUTH_LEVEL_PRIVACY;
+ } else {
+ auth_type = DCERPC_AUTH_LEVEL_INTEGRITY;
+ }
if (state->creds == NULL) {
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
return;
}
- state->samr_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
ctx = dcerpc_bind_auth_send(state, state->samr_pipe,
- &dcerpc_table_samr,
+ &dcerpc_table_samr,
state->creds, state->auth_type,
+ auth_type,
NULL);
composite_continue(state->ctx, ctx,
connect_samr_recv_auth_bind, state);
break;
+ }
default:
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
}
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index c9d99ff0b9..b10b5458ba 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -205,9 +205,10 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx)
state->domain->netlogon_pipe->conn->flags |=
(DCERPC_SIGN | DCERPC_SEAL);
ctx = dcerpc_bind_auth_send(state, state->domain->netlogon_pipe,
- &dcerpc_table_netlogon,
+ &dcerpc_table_netlogon,
state->domain->schannel_creds,
DCERPC_AUTH_TYPE_SCHANNEL,
+ DCERPC_AUTH_LEVEL_PRIVACY,
NULL);
composite_continue(state->ctx, ctx, init_domain_recv_schannel, state);
}
generated by cgit (git 2.34.1) at 2024-07-03 11:42:03 +0000