diff options
Diffstat (limited to 'source3/rpc_client/cli_netlogon.c')
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 180 |
1 files changed, 160 insertions, 20 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 08b52fa718..1474c94513 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -75,6 +75,55 @@ NTSTATUS cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, return result; } +NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli, + const char *server_name, + const char *computer_name, + DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal) +{ + prs_struct qbuf, rbuf; + NET_Q_REQ_CHAL q; + NET_R_REQ_CHAL r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, cli->cli->mem_ctx, UNMARSHALL); + + /* create and send a MSRPC command with api NET_REQCHAL */ + + DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n", + computer_name, server_name)); + + /* store the parameters */ + init_q_req_chal(&q, server_name, computer_name, clnt_chal); + + /* Marshall data and send request */ + + if (!net_io_q_req_chal("", &q, &qbuf, 0) || + !rpc_api_pipe_req_int(cli, NET_REQCHAL, &qbuf, &rbuf)) { + goto done; + } + + /* Unmarhall response */ + + if (!net_io_r_req_chal("", &r, &rbuf, 0)) { + goto done; + } + + result = r.status; + + /* Return result */ + + if (NT_STATUS_IS_OK(result)) { + memcpy(srv_chal, r.srv_chal.data, sizeof(srv_chal->data)); + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /**************************************************************************** LSA Authenticate 2 @@ -158,6 +207,61 @@ password ?).\n", cli->desthost )); return result; } +NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, + const char *server_name, + const char *account_name, + uint16 sec_chan_type, + const char *computer_name, + const DOM_CHAL *credentials, + uint32 *neg_flags, + DOM_CHAL *srv_chal) +{ + prs_struct qbuf, rbuf; + NET_Q_AUTH_2 q; + NET_R_AUTH_2 r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); + + /* create and send a MSRPC command with api NET_AUTH2 */ + + DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n", + server_name, account_name, sec_chan_type, computer_name, + *neg_flags)); + + /* store the parameters */ + + init_q_auth_2(&q, server_name, account_name, sec_chan_type, + computer_name, credentials, *neg_flags); + + /* turn parameters into data stream */ + + if (!net_io_q_auth_2("", &q, &qbuf, 0) || + !rpc_api_pipe_req_int(cli, NET_AUTH2, &qbuf, &rbuf)) { + goto done; + } + + /* Unmarshall response */ + + if (!net_io_r_auth_2("", &r, &rbuf, 0)) { + goto done; + } + + result = r.status; + + if (NT_STATUS_IS_OK(result)) { + *srv_chal = r.srv_chal; + *neg_flags = r.srv_flgs.neg_flags; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /**************************************************************************** LSA Authenticate 3 @@ -340,8 +444,9 @@ NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* GetDCName */ -NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx, - const char *domainname, fstring dcname) +NTSTATUS rpccli_netlogon_getdcname(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, const char *mydcname, + const char *domainname, fstring newdcname) { prs_struct qbuf, rbuf; NET_Q_GETDCNAME q; @@ -358,12 +463,12 @@ NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Initialise input parameters */ - init_net_q_getdcname(&q, cli->srv_name_slash, domainname); + init_net_q_getdcname(&q, mydcname, domainname); /* Marshall data and send request */ if (!net_io_q_getdcname("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_NETLOGON, NET_GETDCNAME, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, NET_GETDCNAME, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -378,7 +483,7 @@ NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx, result = r.status; if (NT_STATUS_IS_OK(result)) - rpcstr_pull_unistr2_fstring(dcname, &r.uni_dcname); + rpcstr_pull_unistr2_fstring(newdcname, &r.uni_dcname); done: prs_mem_free(&qbuf); @@ -387,6 +492,14 @@ NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +NTSTATUS cli_netlogon_getdcname(struct cli_state *cli, TALLOC_CTX *mem_ctx, + const char *domainname, fstring dcname) +{ + return rpccli_netlogon_getdcname(&cli->pipes[PI_NETLOGON], mem_ctx, + cli->srv_name_slash, domainname, + dcname); +} + /**************************************************************************** Generate the next creds to use. ****************************************************************************/ @@ -636,19 +749,25 @@ NTSTATUS cli_netlogon_sam_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller. **/ -NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_ctx, - DOM_CRED *ret_creds, - const char *username, const char *domain, const char *workstation, - const uint8 chal[8], - DATA_BLOB lm_response, DATA_BLOB nt_response, - NET_USER_INFO_3 *info3) - +NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *server_name_slash, + DOM_CRED *clnt_creds, + DOM_CRED *ret_creds, + const char *username, + const char *domain, + const char *workstation, + const uint8 chal[8], + DATA_BLOB lm_response, + DATA_BLOB nt_response, + NET_USER_INFO_3 *info3, + const uint8 *session_key) { prs_struct qbuf, rbuf; NET_Q_SAM_LOGON q; NET_R_SAM_LOGON r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED clnt_creds, dummy_rtn_creds; + DOM_CRED dummy_rtn_creds; NET_ID_INFO_CTR ctr; int validation_level = 3; char *workstation_name_slash; @@ -661,7 +780,6 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c ZERO_STRUCT(dummy_rtn_creds); workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation); - if (!workstation_name_slash) { DEBUG(0, ("talloc_asprintf failed!\n")); return NT_STATUS_NO_MEMORY; @@ -674,8 +792,6 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c /* Initialise input parameters */ - gen_next_creds(cli, &clnt_creds); - q.validation_level = validation_level; if (ret_creds == NULL) @@ -689,14 +805,14 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c username, workstation_name_slash, (const uchar*)chal, lm_response.data, lm_response.length, nt_response.data, nt_response.length); - init_sam_info(&q.sam_id, cli->srv_name_slash, global_myname(), - &clnt_creds, ret_creds, NET_LOGON_TYPE, + init_sam_info(&q.sam_id, server_name_slash, global_myname(), + clnt_creds, ret_creds, NET_LOGON_TYPE, &ctr); /* Marshall data and send request */ if (!net_io_q_sam_logon("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, PI_NETLOGON, NET_SAMLOGON, &qbuf, &rbuf)) { + !rpc_api_pipe_req_int(cli, NET_SAMLOGON, &qbuf, &rbuf)) { goto done; } @@ -709,7 +825,7 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c } ZERO_STRUCT(netlogon_sess_key); - memcpy(netlogon_sess_key, cli->sess_key, 8); + memcpy(netlogon_sess_key, session_key, 8); if (memcmp(zeros, info3->user_sess_key, 16) != 0) { SamOEMhash(info3->user_sess_key, netlogon_sess_key, 16); @@ -740,6 +856,30 @@ NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, TALLOC_CTX *mem_c return result; } +NTSTATUS cli_netlogon_sam_network_logon(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + DOM_CRED *ret_creds, + const char *username, + const char *domain, + const char *workstation, + const uint8 chal[8], + DATA_BLOB lm_response, + DATA_BLOB nt_response, + NET_USER_INFO_3 *info3) +{ + DOM_CRED clnt_creds; + + gen_next_creds(cli, &clnt_creds); + + return rpccli_netlogon_sam_network_logon(&cli->pipes[PI_NETLOGON], + mem_ctx, cli->srv_name_slash, + &clnt_creds, + ret_creds, username, + domain, workstation, chal, + lm_response, nt_response, + info3, cli->sess_key); +} + /*************************************************************************** LSA Server Password Set. ****************************************************************************/ |