s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source3/rpc_client/cli_netlogon.c

@@ -21,15 +21,19 @@
 */
 
 #include "includes.h"
+#include "libsmb/libsmb.h"
 #include "rpc_client/rpc_client.h"
+#include "rpc_client/cli_pipe.h"
 #include "../libcli/auth/libcli_auth.h"
 #include "../libcli/auth/netlogon_creds_cli.h"
 #include "../librpc/gen_ndr/ndr_netlogon_c.h"
+#include "../librpc/gen_ndr/schannel.h"
 #include "rpc_client/cli_netlogon.h"
 #include "rpc_client/init_netlogon.h"
 #include "rpc_client/util_netlogon.h"
 #include "../libcli/security/security.h"
 #include "lib/param/param.h"
+#include "libcli/smb/smbXcli_base.h"
 
 /****************************************************************************
  Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
@@ -124,6 +128,107 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	return NT_STATUS_OK;
 }
 
+NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
+				      const char *server_netbios_domain,
+				      const char *client_account,
+				      enum netr_SchannelType sec_chan_type,
+				      struct messaging_context *msg_ctx,
+				      TALLOC_CTX *mem_ctx,
+				      struct netlogon_creds_cli_context **netlogon_creds)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct loadparm_context *lp_ctx;
+	NTSTATUS status;
+
+	lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
+	if (lp_ctx == NULL) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = netlogon_creds_cli_context_global(lp_ctx,
+						   msg_ctx,
+						   client_account,
+						   sec_chan_type,
+						   server_computer,
+						   server_netbios_domain,
+						   mem_ctx, netlogon_creds);
+	TALLOC_FREE(frame);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
+				     struct netlogon_creds_cli_context *netlogon_creds,
+				     bool force_reauth,
+				     struct samr_Password current_nt_hash,
+				     const struct samr_Password *previous_nt_hash)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct rpc_pipe_client *netlogon_pipe = NULL;
+	struct netlogon_creds_CredentialState *creds = NULL;
+	NTSTATUS status;
+
+	status = netlogon_creds_cli_get(netlogon_creds,
+					frame, &creds);
+	if (NT_STATUS_IS_OK(status)) {
+		const char *action = "using";
+
+		if (force_reauth) {
+			action = "overwrite";
+		}
+
+		DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n",
+			 __FUNCTION__, action,
+			 creds->account_name, creds->computer_name,
+			 smbXcli_conn_remote_name(cli->conn)));
+		if (!force_reauth) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_OK;
+		}
+		TALLOC_FREE(creds);
+	}
+
+	status = cli_rpc_pipe_open_noauth(cli,
+					  &ndr_table_netlogon,
+					  &netlogon_pipe);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n",
+			 __FUNCTION__,
+			 smbXcli_conn_remote_name(cli->conn),
+			 nt_errstr(status)));
+		TALLOC_FREE(frame);
+		return status;
+	}
+	talloc_steal(frame, netlogon_pipe);
+
+	status = netlogon_creds_cli_auth(netlogon_creds,
+					 netlogon_pipe->binding_handle,
+					 current_nt_hash,
+					 previous_nt_hash);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return status;
+	}
+
+	status = netlogon_creds_cli_get(netlogon_creds,
+					frame, &creds);
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n",
+		 __FUNCTION__,
+		 creds->account_name, creds->computer_name,
+		 smbXcli_conn_remote_name(cli->conn)));
+
+	TALLOC_FREE(frame);
+	return NT_STATUS_OK;
+}
+
 /* Logon domain user */
 
 NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,

source3/rpc_client/cli_netlogon.h

@@ -23,6 +23,10 @@
 #ifndef _RPC_CLIENT_CLI_NETLOGON_H_
 #define _RPC_CLIENT_CLI_NETLOGON_H_
 
+struct cli_state;
+struct messaging_context;
+struct netlogon_creds_cli_context;
+
 /* The following definitions come from rpc_client/cli_netlogon.c  */
 
 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
@@ -33,6 +37,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 				     const unsigned char machine_pwd[16],
 				     enum netr_SchannelType sec_chan_type,
 				     uint32_t *neg_flags_inout);
+NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
+				      const char *server_netbios_domain,
+				      const char *client_account,
+				      enum netr_SchannelType sec_chan_type,
+				      struct messaging_context *msg_ctx,
+				      TALLOC_CTX *mem_ctx,
+				      struct netlogon_creds_cli_context **netlogon_creds);
+NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
+				     struct netlogon_creds_cli_context *netlogon_creds,
+				     bool force_reauth,
+				     struct samr_Password current_nt_hash,
+				     const struct samr_Password *previous_nt_hash);
 NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 				   TALLOC_CTX *mem_ctx,
 				   uint32 logon_parameters,