diff options
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_ds.c | 68 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 3 | ||||
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 3 | ||||
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 72 | ||||
-rw-r--r-- | source3/rpc_client/cli_srvsvc.c | 2 |
5 files changed, 127 insertions, 21 deletions
diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c index f0edeca000..a7a093328c 100644 --- a/source3/rpc_client/cli_ds.c +++ b/source3/rpc_client/cli_ds.c @@ -22,6 +22,10 @@ /* implementations of client side DsXXX() functions */ +/******************************************************************** + Get information about the server and directory services +********************************************************************/ + NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, uint16 level, DS_DOMINFO_CTR *ctr) { @@ -40,7 +44,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, q.level = level; - if (!ds_io_q_getprimdominfo("", &q, &qbuf, 0) + if (!ds_io_q_getprimdominfo("", &qbuf, 0, &q) || !rpc_api_pipe_req(cli, DS_GETPRIMDOMINFO, &qbuf, &rbuf)) { result = NT_STATUS_UNSUCCESSFUL; goto done; @@ -48,7 +52,7 @@ NTSTATUS cli_ds_getprimarydominfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, /* Unmarshall response */ - if (!ds_io_r_getprimdominfo("", &r, &rbuf, 0)) { + if (!ds_io_r_getprimdominfo("", &rbuf, 0, &r)) { result = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -71,3 +75,63 @@ done: return result; } + +/******************************************************************** + Enumerate trusted domains in an AD forest +********************************************************************/ + +NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx, + const char *server, uint32 flags, + DS_DOMAIN_TRUSTS **trusts, uint32 *num_domains) +{ + prs_struct qbuf, rbuf; + DS_Q_ENUM_DOM_TRUSTS q; + DS_R_ENUM_DOM_TRUSTS r; + NTSTATUS result; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + init_q_ds_enum_domain_trusts( &q, server, flags ); + + if (!ds_io_q_enum_domain_trusts("", &qbuf, 0, &q) + || !rpc_api_pipe_req(cli, DS_ENUM_DOM_TRUSTS, &qbuf, &rbuf)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Unmarshall response */ + + if (!ds_io_r_enum_domain_trusts("", &rbuf, 0, &r)) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + result = r.status; + + if ( NT_STATUS_IS_OK(result) ) { + int i; + + *num_domains = r.num_domains; + *trusts = (DS_DOMAIN_TRUSTS*)smb_xmalloc(r.num_domains*sizeof(DS_DOMAIN_TRUSTS)); + + memcpy( *trusts, r.domains.trusts, r.num_domains*sizeof(DS_DOMAIN_TRUSTS) ); + for ( i=0; i<r.num_domains; i++ ) { + copy_unistr2( &(*trusts)[i].netbios_domain, &r.domains.trusts[i].netbios_domain ); + copy_unistr2( &(*trusts)[i].dns_domain, &r.domains.trusts[i].dns_domain ); + } + } + +done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + + diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index b01cf8ed4a..db873236e4 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1257,7 +1257,6 @@ NTSTATUS cli_lsa_remove_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ct POLICY_HND *pol, DOM_SID sid, BOOL removeall, uint32 count, const char **privs_name) { -#if 0 prs_struct qbuf, rbuf; LSA_Q_REMOVE_ACCT_RIGHTS q; LSA_R_REMOVE_ACCT_RIGHTS r; @@ -1291,8 +1290,6 @@ NTSTATUS cli_lsa_remove_account_rights(struct cli_state *cli, TALLOC_CTX *mem_ct done: return result; -#endif - return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 831101ed81..7b8cd19174 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -332,8 +332,7 @@ NTSTATUS cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx, } /**************************************************************************** -Generate the next creds to use. Yuck - this is a cut&paste from another -file. They should be combined at some stage. )-: +Generate the next creds to use. ****************************************************************************/ static void gen_next_creds( struct cli_state *cli, DOM_CRED *new_clnt_cred) diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index d6307ddb46..ebe54c2c06 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -5,6 +5,7 @@ * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * Copyright (C) Paul Ashton 1998. * Copyright (C) Jeremy Allison 1999. + * Copyright (C) Andrew Bartlett 2003. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -637,7 +638,7 @@ static NTSTATUS create_rpc_bind_req(struct cli_state *cli, prs_struct *rpc_out, RPC_HDR_AUTH hdr_auth; int auth_len = 0; int auth_type, auth_level; - size_t saved_hdr_offset; + size_t saved_hdr_offset = 0; prs_struct auth_info; prs_init(&auth_info, RPC_HDR_AUTH_LEN, /* we will need at least this much */ @@ -690,14 +691,15 @@ static NTSTATUS create_rpc_bind_req(struct cli_state *cli, prs_struct *rpc_out, data_blob_free(&request); - } - else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { + } else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) { RPC_AUTH_NETSEC_NEG netsec_neg; /* Use lp_workgroup() if domain not specified */ - if (!domain || !domain[0]) + if (!domain || !domain[0]) { + DEBUG(10,("create_rpc_bind_req: no domain; assuming my own\n")); domain = lp_workgroup(); + } init_rpc_auth_netsec_neg(&netsec_neg, domain, my_name); @@ -715,7 +717,8 @@ static NTSTATUS create_rpc_bind_req(struct cli_state *cli, prs_struct *rpc_out, /* Auth len in the rpc header doesn't include auth_header. */ auth_len = prs_offset(&auth_info) - saved_hdr_offset; } - /* create the request RPC_HDR */ + + /* Create the request RPC_HDR */ init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id, RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info), auth_len); @@ -1021,11 +1024,6 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, static const uchar netsec_sig[8] = NETSEC_SIGNATURE; static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 }; size_t parse_offset_marker; - if ((cli->auth_info.seq_num & 1) != 0) { - DEBUG(0,("SCHANNEL ERROR: seq_num must be even in client (seq_num=%d)\n", - cli->auth_info.seq_num)); - } - DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num)); init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, @@ -1573,9 +1571,6 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan, } } - /* doing schannel, not per-user auth */ - cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL; - if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname())) { DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON)); cli_close(cli, cli->nt_pipe_fnum); @@ -1586,6 +1581,57 @@ NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan, } +NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, + const uchar trust_password[16]) +{ + NTSTATUS result; + uint32 neg_flags = 0x000001ff; + cli->pipe_auth_flags = 0; + + if (lp_client_schannel() == False) { + return NT_STATUS_OK; + } + + if (!cli_nt_session_open(cli, PI_NETLOGON)) { + DEBUG(0, ("Could not initialise %s\n", + get_pipe_name_from_index(PI_NETLOGON))); + return NT_STATUS_UNSUCCESSFUL; + } + + if (lp_client_schannel() != False) + neg_flags |= NETLOGON_NEG_SCHANNEL; + + neg_flags |= NETLOGON_NEG_SCHANNEL; + + result = cli_nt_setup_creds(cli, sec_chan, trust_password, + &neg_flags, 2); + + if (!(neg_flags & NETLOGON_NEG_SCHANNEL) + && lp_client_schannel() == True) { + DEBUG(1, ("Could not negotiate SCHANNEL with the DC!\n")); + result = NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(result)) { + ZERO_STRUCT(cli->auth_info.sess_key); + ZERO_STRUCT(cli->sess_key); + cli->pipe_auth_flags = 0; + cli_nt_session_close(cli); + return result; + } + + memcpy(cli->auth_info.sess_key, cli->sess_key, + sizeof(cli->auth_info.sess_key)); + + cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum; + cli->nt_pipe_fnum = 0; + + /* doing schannel, not per-user auth */ + cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL; + + return NT_STATUS_OK; +} + const char *cli_pipe_get_name(struct cli_state *cli) { return cli->pipe_name; diff --git a/source3/rpc_client/cli_srvsvc.c b/source3/rpc_client/cli_srvsvc.c index 6cd18f2e43..27349b7295 100644 --- a/source3/rpc_client/cli_srvsvc.c +++ b/source3/rpc_client/cli_srvsvc.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Tridgell 1994-2000 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Tim Potter 2001 - Copyright (C) Jim McDonough 2002 + Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by |