| 1 | /*
|
|---|
| 2 | Unix SMB/CIFS implementation.
|
|---|
| 3 |
|
|---|
| 4 | Connect to the LSA pipe, given an smbcli_tree and possibly some
|
|---|
| 5 | credentials. Try ntlmssp, schannel and anon in that order.
|
|---|
| 6 |
|
|---|
| 7 | Copyright (C) Volker Lendecke 2005
|
|---|
| 8 | Copyright (C) Andrew Bartlett <abartlet@samba.org> 2007
|
|---|
| 9 |
|
|---|
| 10 | This program is free software; you can redistribute it and/or modify
|
|---|
| 11 | it under the terms of the GNU General Public License as published by
|
|---|
| 12 | the Free Software Foundation; either version 3 of the License, or
|
|---|
| 13 | (at your option) any later version.
|
|---|
| 14 |
|
|---|
| 15 | This program is distributed in the hope that it will be useful,
|
|---|
| 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 18 | GNU General Public License for more details.
|
|---|
| 19 |
|
|---|
| 20 | You should have received a copy of the GNU General Public License
|
|---|
| 21 | along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|---|
| 22 | */
|
|---|
| 23 |
|
|---|
| 24 | #include "includes.h"
|
|---|
| 25 | #include "libcli/composite/composite.h"
|
|---|
| 26 |
|
|---|
| 27 | #include "libcli/raw/libcliraw.h"
|
|---|
| 28 | #include "librpc/gen_ndr/ndr_lsa_c.h"
|
|---|
| 29 | #include "winbind/wb_server.h"
|
|---|
| 30 |
|
|---|
| 31 | /* Helper to initialize LSA with a specific auth methods. Verify by opening
|
|---|
| 32 | * the LSA policy. */
|
|---|
| 33 |
|
|---|
| 34 | struct init_lsa_state {
|
|---|
| 35 | struct composite_context *ctx;
|
|---|
| 36 | struct dcerpc_pipe *lsa_pipe;
|
|---|
| 37 |
|
|---|
| 38 | uint8_t auth_type;
|
|---|
| 39 | struct cli_credentials *creds;
|
|---|
| 40 |
|
|---|
| 41 | struct lsa_ObjectAttribute objectattr;
|
|---|
| 42 | struct lsa_OpenPolicy2 openpolicy;
|
|---|
| 43 | struct policy_handle *handle;
|
|---|
| 44 | };
|
|---|
| 45 |
|
|---|
| 46 | static void init_lsa_recv_pipe(struct composite_context *ctx);
|
|---|
| 47 | static void init_lsa_recv_openpol(struct rpc_request *req);
|
|---|
| 48 |
|
|---|
| 49 | struct composite_context *wb_init_lsa_send(TALLOC_CTX *mem_ctx,
|
|---|
| 50 | struct wbsrv_domain *domain)
|
|---|
| 51 | {
|
|---|
| 52 | struct composite_context *result, *ctx;
|
|---|
| 53 | struct init_lsa_state *state;
|
|---|
| 54 |
|
|---|
| 55 | result = composite_create(mem_ctx, domain->netlogon_pipe->conn->event_ctx);
|
|---|
| 56 | if (result == NULL) goto failed;
|
|---|
| 57 |
|
|---|
| 58 | state = talloc(result, struct init_lsa_state);
|
|---|
| 59 | if (state == NULL) goto failed;
|
|---|
| 60 | state->ctx = result;
|
|---|
| 61 | result->private_data = state;
|
|---|
| 62 |
|
|---|
| 63 | /* this will make the secondary connection on the same IPC$ share,
|
|---|
| 64 | secured with SPNEGO or NTLMSSP */
|
|---|
| 65 | ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe,
|
|---|
| 66 | domain->lsa_binding,
|
|---|
| 67 | &ndr_table_lsarpc,
|
|---|
| 68 | domain->libnet_ctx->cred,
|
|---|
| 69 | domain->libnet_ctx->lp_ctx);
|
|---|
| 70 | composite_continue(state->ctx, ctx, init_lsa_recv_pipe, state);
|
|---|
| 71 | return result;
|
|---|
| 72 |
|
|---|
| 73 | failed:
|
|---|
| 74 | talloc_free(result);
|
|---|
| 75 | return NULL;
|
|---|
| 76 | }
|
|---|
| 77 |
|
|---|
| 78 | static void init_lsa_recv_pipe(struct composite_context *ctx)
|
|---|
| 79 | {
|
|---|
| 80 | struct rpc_request *req;
|
|---|
| 81 | struct init_lsa_state *state =
|
|---|
| 82 | talloc_get_type(ctx->async.private_data,
|
|---|
| 83 | struct init_lsa_state);
|
|---|
| 84 |
|
|---|
| 85 | state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state,
|
|---|
| 86 | &state->lsa_pipe);
|
|---|
| 87 | if (!composite_is_ok(state->ctx)) return;
|
|---|
| 88 |
|
|---|
| 89 | state->handle = talloc(state, struct policy_handle);
|
|---|
| 90 | if (composite_nomem(state->handle, state->ctx)) return;
|
|---|
| 91 |
|
|---|
| 92 | state->openpolicy.in.system_name =
|
|---|
| 93 | talloc_asprintf(state, "\\\\%s",
|
|---|
| 94 | dcerpc_server_name(state->lsa_pipe));
|
|---|
| 95 | ZERO_STRUCT(state->objectattr);
|
|---|
| 96 | state->openpolicy.in.attr = &state->objectattr;
|
|---|
| 97 | state->openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
|
|---|
| 98 | state->openpolicy.out.handle = state->handle;
|
|---|
| 99 |
|
|---|
| 100 | req = dcerpc_lsa_OpenPolicy2_send(state->lsa_pipe, state,
|
|---|
| 101 | &state->openpolicy);
|
|---|
| 102 | composite_continue_rpc(state->ctx, req, init_lsa_recv_openpol, state);
|
|---|
| 103 | }
|
|---|
| 104 |
|
|---|
| 105 | static void init_lsa_recv_openpol(struct rpc_request *req)
|
|---|
| 106 | {
|
|---|
| 107 | struct init_lsa_state *state =
|
|---|
| 108 | talloc_get_type(req->async.private_data,
|
|---|
| 109 | struct init_lsa_state);
|
|---|
| 110 |
|
|---|
| 111 | state->ctx->status = dcerpc_ndr_request_recv(req);
|
|---|
| 112 | if (!composite_is_ok(state->ctx)) return;
|
|---|
| 113 | state->ctx->status = state->openpolicy.out.result;
|
|---|
| 114 | if (!composite_is_ok(state->ctx)) return;
|
|---|
| 115 |
|
|---|
| 116 | composite_done(state->ctx);
|
|---|
| 117 | }
|
|---|
| 118 |
|
|---|
| 119 | NTSTATUS wb_init_lsa_recv(struct composite_context *c,
|
|---|
| 120 | TALLOC_CTX *mem_ctx,
|
|---|
| 121 | struct dcerpc_pipe **lsa_pipe,
|
|---|
| 122 | struct policy_handle **lsa_policy)
|
|---|
| 123 | {
|
|---|
| 124 | NTSTATUS status = composite_wait(c);
|
|---|
| 125 | if (NT_STATUS_IS_OK(status)) {
|
|---|
| 126 | struct init_lsa_state *state =
|
|---|
| 127 | talloc_get_type(c->private_data,
|
|---|
| 128 | struct init_lsa_state);
|
|---|
| 129 | *lsa_pipe = talloc_steal(mem_ctx, state->lsa_pipe);
|
|---|
| 130 | *lsa_policy = talloc_steal(mem_ctx, state->handle);
|
|---|
| 131 | }
|
|---|
| 132 | talloc_free(c);
|
|---|
| 133 | return status;
|
|---|
| 134 | }
|
|---|
| 135 |
|
|---|
