From bccac81d8792f85ae37d4a6617a92e2fae75aa50 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 14 Jun 2004 08:12:50 +0000
Subject: r1136: - added IDL for netr_LogonGetDomainInfo()

- added workstation to auth_session_info in rpc servers

- added session key fetch hook in crypto backends in dcesrv

- store and fetch seed as well as a session key in schannel ldb

- when a client uses schannel to setup a netlogon pipe connection we
  also need to setup the credentials from the schannel negotiation so
  credentials chaining works

- added server side netr_LogonGetDomainInfo() call
(This used to be commit a35459387de3b6a422c5af6f658338fc7e4314b0)
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 172 +++++++++++++++++++++++++-
 source4/rpc_server/netlogon/schannel_state.c  |  26 +++-
 2 files changed, 189 insertions(+), 9 deletions(-)

(limited to 'source4/rpc_server/netlogon')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 301f2ed041..8d7b97802f 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -35,10 +35,72 @@ struct server_pipe_state {
 	struct creds_CredentialState *creds;
 };
 
+
+/*
+  a client has connected to the netlogon server using schannel, so we need
+  to re-establish the credentials state
+*/
+static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call) 
+{
+	struct server_pipe_state *state;
+	NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init("netlogon_bind");
+	if (!mem_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	state = talloc_p(mem_ctx, struct server_pipe_state);
+	if (state == NULL) {
+		talloc_destroy(mem_ctx);
+	}
+	ZERO_STRUCTP(state);
+	state->mem_ctx = mem_ctx;
+	state->authenticated = True;
+	
+	state->creds = talloc_p(mem_ctx, struct creds_CredentialState);
+	if (state->creds == NULL) {
+		talloc_destroy(mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+	ZERO_STRUCTP(state->creds);
+	
+	if (dce_call->conn->auth_state.session_info == NULL) {
+		talloc_destroy(mem_ctx);
+		return NT_STATUS_NO_USER_SESSION_KEY;
+	}
+	
+	status = schannel_fetch_session_key(mem_ctx, 
+					    dce_call->conn->auth_state.session_info->workstation, 
+					    state->creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_destroy(mem_ctx);
+		return status;
+	}
+	
+	dce_call->conn->private = state;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  a hook for bind on the netlogon pipe
+*/
 static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di) 
 {
 	dce_call->conn->private = NULL;
 
+	/* if this is a schannel bind then we need to reconstruct the pipe state */
+	if (dce_call->conn->auth_state.auth_info &&
+	    dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
+		NTSTATUS status;
+
+		status = netlogon_schannel_setup(dce_call);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
 	return NT_STATUS_OK;
 }
 
@@ -861,13 +923,115 @@ static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX
 }
 
 
+/*
+  fill in a netr_DomainTrustInfo from a ldb search result
+*/
+static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res,
+				       struct netr_DomainTrustInfo *info)
+{
+	ZERO_STRUCTP(info);
+	
+	info->domainname.string = samdb_result_string(res, "flatName", NULL);
+	if (info->domainname.string == NULL) {
+		info->domainname.string = samdb_result_string(res, "name", NULL);
+		info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL);
+	} else {
+		info->fulldomainname.string = samdb_result_string(res, "name", NULL);
+	}
+
+	/* TODO: we need proper forest support */
+	info->forest.string = info->fulldomainname.string;
+
+	info->guid = samdb_result_guid(res, "objectGUID");
+	info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
+
+	return NT_STATUS_OK;
+}
+
 /* 
-  netr_NETRLOGONGETDOMAININFO 
+  netr_LogonGetDomainInfo
+  this is called as part of the ADS domain logon procedure.
 */
-static WERROR netr_NETRLOGONGETDOMAININFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-		       struct netr_NETRLOGONGETDOMAININFO *r)
+static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+					struct netr_LogonGetDomainInfo *r)
 {
-	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+	struct server_pipe_state *pipe_state = dce_call->conn->private;
+	const char * const attrs[] = { "name", "dnsDomain", "objectSid", 
+				       "objectGUID", "flatName", NULL };
+	void *sam_ctx;
+	struct ldb_message **res1, **res2;
+	struct netr_DomainInfo1 *info1;
+	int ret1, ret2, i;
+	NTSTATUS status;
+
+	if (!pipe_state) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (!netr_creds_server_step_check(pipe_state, 
+					  r->in.credential, r->out.credential)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	sam_ctx = samdb_connect();
+	if (sam_ctx == NULL) {
+		return NT_STATUS_INVALID_SYSTEM_SERVICE;
+	}
+
+	/* we need to do two searches. The first will pull our primary
+	   domain and the second will pull any trusted domains. Our
+	   primary domain is also a "trusted" domain, so we need to
+	   put the primary domain into the lists of returned trusts as
+	   well */
+	ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
+	if (ret1 != 1) {
+		samdb_close(sam_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
+	if (ret2 == -1) {
+		samdb_close(sam_ctx);
+		return NT_STATUS_INTERNAL_DB_CORRUPTION;
+	}
+
+	/* we don't need the db link any more */
+	samdb_close(sam_ctx);
+
+	info1 = talloc_p(mem_ctx, struct netr_DomainInfo1);
+	if (info1 == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(info1);
+
+	info1->num_trusts = ret2 + 1;
+	info1->trusts = talloc_array_p(mem_ctx, struct netr_DomainTrustInfo, 
+				       info1->num_trusts);
+	if (info1->trusts == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0]);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	for (i=0;i<ret2;i++) {
+		status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1]);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+	}
+
+	r->out.info.info1 = info1;
+
+	return NT_STATUS_OK;
 }
 
 
diff --git a/source4/rpc_server/netlogon/schannel_state.c b/source4/rpc_server/netlogon/schannel_state.c
index eaa5013572..43134fd437 100644
--- a/source4/rpc_server/netlogon/schannel_state.c
+++ b/source4/rpc_server/netlogon/schannel_state.c
@@ -53,11 +53,12 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx)
   use a simple ldb structure
 */
 NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
-				    const char *computer_name, struct creds_CredentialState *creds)
+				    const char *computer_name, 
+				    struct creds_CredentialState *creds)
 {
 	struct ldb_context *ldb;
 	struct ldb_message msg;
-	struct ldb_val val;
+	struct ldb_val val, seed;
 	char *s = NULL;
 	time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY;
 	int ret;
@@ -85,7 +86,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
 	val.data = creds->session_key;
 	val.length = sizeof(creds->session_key);
 
+	seed.data = creds->seed.data;
+	seed.length = sizeof(creds->seed.data);
+
 	ldb_msg_add_value(ldb, &msg, "sessionKey", &val);
+	ldb_msg_add_value(ldb, &msg, "seed", &seed);
 	ldb_msg_add_string(ldb, &msg, "expiry", s);
 
 	ldb_delete(ldb, msg.dn);
@@ -104,10 +109,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
 
 
 /*
-  read back a session key for a computer
+  read back a credentials back for a computer
 */
 NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
-				    const char *computer_name, uint8_t session_key[16])
+				    const char *computer_name, 
+				    struct creds_CredentialState *creds)
 {
 	struct ldb_context *ldb;
 	time_t expiry;
@@ -116,6 +122,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
 	const struct ldb_val *val;
 	char *expr=NULL;
 
+	ZERO_STRUCTP(creds);
+
 	ldb = schannel_db_connect(mem_ctx);
 	if (ldb == NULL) {
 		return NT_STATUS_NO_MEMORY;
@@ -146,7 +154,15 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	memcpy(session_key, val->data, 16);
+	memcpy(creds->session_key, val->data, 16);
+
+	val = ldb_msg_find_ldb_val(res[0], "seed");
+	if (val == NULL || val->length != 8) {
+		ldb_close(ldb);
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	memcpy(creds->seed.data, val->data, 8);
 
 	ldb_close(ldb);
 
-- 
cgit