sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-10-23 11:33:16 +03:00
Code Activity

r1136: - added IDL for netr_LogonGetDomainInfo()

Browse Source 
- added workstation to auth_session_info in rpc servers

- added session key fetch hook in crypto backends in dcesrv

- store and fetch seed as well as a session key in schannel ldb

- when a client uses schannel to setup a netlogon pipe connection we
  also need to setup the credentials from the schannel negotiation so
  credentials chaining works

- added server side netr_LogonGetDomainInfo() call
(This used to be commit a35459387d)
This commit is contained in:
Andrew Tridgell
2004-06-14 08:12:50 +00:00
committed by Gerald (Jerry) Carter
parent 2fcf85920d
commit bccac81d87
11 changed files with 386 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source4/auth/auth.h
View File

@@ -103,6 +103,9 @@ struct auth_session_info
struct auth_serversupplied_info *server_info;
DATA_BLOB session_key;
/* needed to key the schannel credentials */
const char *workstation;
};
struct auth_context {

3
source4/auth/auth_ntlmssp.c
View File

@@ -231,5 +231,8 @@ NTSTATUS auth_ntlmssp_get_session_info(struct auth_ntlmssp_state *auth_ntlmssp_s
auth_ntlmssp_state->ntlmssp_state->session_key.data,
auth_ntlmssp_state->ntlmssp_state->session_key.length);
(*session_info)->workstation = talloc_strdup((*session_info)->mem_ctx,
auth_ntlmssp_state->ntlmssp_state->workstation);
return NT_STATUS_OK;
}

67
source4/librpc/idl/netlogon.idl
View File

@@ -914,7 +914,72 @@ interface netlogon
/****************/
/* Function 0x1d */
WERROR netr_NETRLOGONGETDOMAININFO();
typedef struct {
uint32 length;
[size_is(length)] uint8 *data;
} netr_Blob;
typedef [flag(NDR_PAHEX)] struct {
uint16 length;
uint16 size;
[size_is(size/2),length_is(length/2)] uint16 *data;
} netr_BinaryString;
typedef struct {
netr_Blob blob;
unistr *workstation_domain;
unistr *workstation_site;
unistr *foo2;
unistr *p1;
unistr *p2;
unistr *p3;
netr_BinaryString blob2;
netr_String product;
uint32 i1;
unistr *p4;
uint32 i2;
uint32 pp;
uint32 xx[4];
} netr_DomainQuery1;
typedef union {
[case(1)] netr_DomainQuery1 *query1;
[case(2)] netr_DomainQuery1 *query1;
} netr_DomainQuery;
typedef struct {
netr_String domainname;
netr_String fulldomainname;
netr_String forest;
GUID guid;
dom_sid2 *sid;
netr_BinaryString unknown1[4];
uint32 unknown[4];
} netr_DomainTrustInfo;
typedef struct {
netr_DomainTrustInfo domaininfo;
uint32 num_trusts;
[size_is(num_trusts)] netr_DomainTrustInfo *trusts;
uint32 unknown[14]; /* room for expansion? */
} netr_DomainInfo1;
typedef union {
[case(1)] netr_DomainInfo1 *info1;
[case(2)] netr_DomainInfo1 *info1;
} netr_DomainInfo;
NTSTATUS netr_LogonGetDomainInfo(
[in] unistr server_name,
[in] unistr *computer_name,
[in,out,ref] netr_Authenticator *credential,
[in] uint32 unknown1,
[in] uint32 *i1,
[in] uint32 level,
[in,switch_is(level)] netr_DomainQuery query,
[out,switch_is(level)] netr_DomainInfo info
);
/****************/
/* Function 0x1e */

35
source4/librpc/rpc/dcerpc_util.c
View File

@@ -711,3 +711,38 @@ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
return NT_STATUS_NO_USER_SESSION_KEY;
}
/*
log a rpc packet in a format suitable for ndrdump. This is especially useful
for sealed packets, where ethereal cannot easily see the contents
this triggers on a debug level of >= 10
*/
void dcerpc_log_packet(const struct dcerpc_interface_table *ndr,
uint32_t opnum, uint32_t flags, DATA_BLOB *pkt)
{
const int num_examples = 20;
int i;
if (DEBUGLEVEL < 10) return;
for (i=0;i<num_examples;i++) {
char *name=NULL;
asprintf(&name, "%s/rpclog/%s-%u.%d.%s",
lp_lockdir(), ndr->name, opnum, i,
(flags&NDR_IN)?"in":"out");
if (name == NULL) {
return;
}
if (!file_exist(name, NULL)) {
if (file_save(name, pkt->data, pkt->length)) {
DEBUG(10,("Logged rpc packet to %s\n", name));
}
free(name);
break;
}
free(name);
}
}

38
source4/rpc_server/dcerpc_server.c
View File

@@ -547,40 +547,6 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
}
/*
log a rpc packet in a format suitable for ndrdump. This is especially useful
for sealed packets, where ethereal cannot easily see the contents
this triggers on a debug level of >= 10
*/
static void log_rpc_packet(const struct dcesrv_interface *iface,
uint32_t opnum, uint32_t flags, DATA_BLOB *pkt)
{
const int num_examples = 20;
int i;
if (DEBUGLEVEL < 10) return;
for (i=0;i<num_examples;i++) {
char *name=NULL;
asprintf(&name, "%s/rpclog/%s-%u.%d.%s",
lp_lockdir(), iface->ndr->name, opnum, i,
(flags&NDR_IN)?"in":"out");
if (name == NULL) {
return;
}
if (!file_exist(name, NULL)) {
if (file_save(name, pkt->data, pkt->length)) {
DEBUG(10,("Logged rpc packet to %s\n", name));
}
free(name);
break;
}
free(name);
}
}
/*
handle a dcerpc request packet
*/
@@ -622,7 +588,7 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
/* unravel the NDR for the packet */
status = call->conn->iface->ndr->calls[opnum].ndr_pull(pull, NDR_IN, r);
if (!NT_STATUS_IS_OK(status)) {
log_rpc_packet(call->conn->iface, opnum, NDR_IN,
dcerpc_log_packet(call->conn->iface->ndr, opnum, NDR_IN,
&call->pkt.u.request.stub_and_verifier);
return dcesrv_fault(call, DCERPC_FAULT_NDR);
}
@@ -632,7 +598,7 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
/* call the dispatch function */
status = call->conn->iface->dispatch(call, call->mem_ctx, r);
if (!NT_STATUS_IS_OK(status)) {
log_rpc_packet(call->conn->iface, opnum, NDR_IN,
dcerpc_log_packet(call->conn->iface->ndr, opnum, NDR_IN,
&call->pkt.u.request.stub_and_verifier);
return dcesrv_fault(call, call->fault_code);
}

1
source4/rpc_server/dcerpc_server.h
View File

@@ -108,6 +108,7 @@ struct dcesrv_crypto_ops {
const uint8_t *data, size_t length, const DATA_BLOB *sig);
NTSTATUS (*unseal)(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length, DATA_BLOB *sig);
NTSTATUS (*session_key)(struct dcesrv_auth *auth, uint8_t session_key[16]);
void (*end)(struct dcesrv_auth *auth);
};

8
source4/rpc_server/dcesrv_crypto.c
View File

@@ -119,6 +119,14 @@ NTSTATUS dcesrv_crypto_unseal(struct dcesrv_auth *auth, TALLOC_CTX *sig_mem_ctx,
return auth->crypto_ctx.ops->unseal(auth, sig_mem_ctx, data, length, sig);
}
/*
get the negotiated session key
*/
NTSTATUS dcesrv_crypto_session_key(struct dcesrv_auth *auth, uint8_t session_key[16])
{
return auth->crypto_ctx.ops->session_key(auth, session_key);
}
/*
end crypto state
*/

16
source4/rpc_server/dcesrv_crypto_ntlmssp.c
View File

@@ -108,6 +108,21 @@ static NTSTATUS dcesrv_crypto_ntlmssp_unseal(struct dcesrv_auth *auth, TALLOC_CT
return ntlmssp_unseal_packet(auth_ntlmssp_state->ntlmssp_state, sig_mem_ctx, data, length, sig);
}
/*
get the session key
*/
static NTSTATUS dcesrv_crypto_ntlmssp_session_key(struct dcesrv_auth *auth, uint8_t session_key[16])
{
struct auth_ntlmssp_state *auth_ntlmssp_state = auth->crypto_ctx.private_data;
if (auth_ntlmssp_state->ntlmssp_state->session_key.length != 16) {
return NT_STATUS_NO_USER_SESSION_KEY;
}
memcpy(session_key, auth_ntlmssp_state->ntlmssp_state->session_key.data, 16);
return NT_STATUS_OK;
}
/*
end crypto state
*/
@@ -131,6 +146,7 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_ntlmssp_ops = {
.sign = dcesrv_crypto_ntlmssp_sign,
.check_sig = dcesrv_crypto_ntlmssp_check_sig,
.unseal = dcesrv_crypto_ntlmssp_unseal,
.session_key = dcesrv_crypto_ntlmssp_session_key,
.end = dcesrv_crypto_ntlmssp_end
};

65
source4/rpc_server/dcesrv_crypto_schannel.c
View File

@@ -28,6 +28,36 @@ struct srv_schannel_state {
struct schannel_state *state;
};
static NTSTATUS schannel_setup_session_info(struct srv_schannel_state *schannel,
const char *account_name,
struct auth_session_info **session_info)
{
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("schannel_setup");
if (mem_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
(*session_info) = talloc_p(mem_ctx, struct auth_session_info);
if (*session_info == NULL) {
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*session_info);
(*session_info)->workstation = talloc_strdup(mem_ctx, account_name);
if ((*session_info)->workstation == NULL) {
return NT_STATUS_NO_MEMORY;
}
/* TODO: fill in the rest of the session_info structure */
return NT_STATUS_OK;
}
/*
start crypto state
*/
@@ -36,9 +66,9 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB
struct srv_schannel_state *schannel = NULL;
NTSTATUS status;
TALLOC_CTX *mem_ctx;
uint8_t session_key[16];
const char *account_name;
struct schannel_bind_ack ack;
struct creds_CredentialState creds;
mem_ctx = talloc_init("schannel_start");
if (!mem_ctx) {
@@ -58,7 +88,7 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB
(ndr_pull_flags_fn_t)ndr_pull_schannel_bind);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return NT_STATUS_INVALID_PARAMETER;
return status;
}
if (schannel->bind_info.bind_type == 23) {
@@ -68,23 +98,25 @@ static NTSTATUS dcesrv_crypto_schannel_start(struct dcesrv_auth *auth, DATA_BLOB
}
/* pull the session key for this client */
status = schannel_fetch_session_key(mem_ctx, account_name, session_key);
status = schannel_fetch_session_key(mem_ctx, account_name, &creds);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return NT_STATUS_INVALID_HANDLE;
return status;
}
/* start up the schannel server code */
status = schannel_start(&schannel->state, session_key, False);
status = schannel_start(&schannel->state, creds.session_key, False);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return NT_STATUS_INVALID_HANDLE;
return status;
}
/* TODO: here we need to set the session_info
* what should happen when te session_info is already set
*/
auth->session_info = NULL;
status = schannel_setup_session_info(schannel, account_name,
&auth->session_info);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return status;
}
auth->crypto_ctx.private_data = schannel;
@@ -155,6 +187,18 @@ static NTSTATUS dcesrv_crypto_schannel_unseal(struct dcesrv_auth *auth, TALLOC_C
return schannel_unseal_packet(srv_schannel_state->state, sig_mem_ctx, data, length, sig);
}
/*
get the session key
*/
static NTSTATUS dcesrv_crypto_schannel_session_key(struct dcesrv_auth *auth, uint8_t session_key[16])
{
struct srv_schannel_state *srv_schannel_state = auth->crypto_ctx.private_data;
memcpy(session_key, srv_schannel_state->state->session_key, 16);
return NT_STATUS_OK;
}
/*
end crypto state
*/
@@ -182,6 +226,7 @@ static const struct dcesrv_crypto_ops dcesrv_crypto_schannel_ops = {
.sign = dcesrv_crypto_schannel_sign,
.check_sig = dcesrv_crypto_schannel_check_sig,
.unseal = dcesrv_crypto_schannel_unseal,
.session_key = dcesrv_crypto_schannel_session_key,
.end = dcesrv_crypto_schannel_end
};

172
source4/rpc_server/netlogon/dcerpc_netlogon.c
View File

@@ -35,10 +35,72 @@ struct server_pipe_state {
struct creds_CredentialState *creds;
};
/*
a client has connected to the netlogon server using schannel, so we need
to re-establish the credentials state
*/
static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
{
struct server_pipe_state *state;
NTSTATUS status;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_init("netlogon_bind");
if (!mem_ctx) {
return NT_STATUS_NO_MEMORY;
}
state = talloc_p(mem_ctx, struct server_pipe_state);
if (state == NULL) {
talloc_destroy(mem_ctx);
}
ZERO_STRUCTP(state);
state->mem_ctx = mem_ctx;
state->authenticated = True;
state->creds = talloc_p(mem_ctx, struct creds_CredentialState);
if (state->creds == NULL) {
talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(state->creds);
if (dce_call->conn->auth_state.session_info == NULL) {
talloc_destroy(mem_ctx);
return NT_STATUS_NO_USER_SESSION_KEY;
}
status = schannel_fetch_session_key(mem_ctx,
dce_call->conn->auth_state.session_info->workstation,
state->creds);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
return status;
}
dce_call->conn->private = state;
return NT_STATUS_OK;
}
/*
a hook for bind on the netlogon pipe
*/
static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di)
{
dce_call->conn->private = NULL;
/* if this is a schannel bind then we need to reconstruct the pipe state */
if (dce_call->conn->auth_state.auth_info &&
dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
NTSTATUS status;
status = netlogon_schannel_setup(dce_call);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
return NT_STATUS_OK;
}
@@ -862,12 +924,114 @@ static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX
/*
netr_NETRLOGONGETDOMAININFO
fill in a netr_DomainTrustInfo from a ldb search result
*/
static WERROR netr_NETRLOGONGETDOMAININFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_NETRLOGONGETDOMAININFO *r)
static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res,
struct netr_DomainTrustInfo *info)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
ZERO_STRUCTP(info);
info->domainname.string = samdb_result_string(res, "flatName", NULL);
if (info->domainname.string == NULL) {
info->domainname.string = samdb_result_string(res, "name", NULL);
info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL);
} else {
info->fulldomainname.string = samdb_result_string(res, "name", NULL);
}
/* TODO: we need proper forest support */
info->forest.string = info->fulldomainname.string;
info->guid = samdb_result_guid(res, "objectGUID");
info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
return NT_STATUS_OK;
}
/*
netr_LogonGetDomainInfo
this is called as part of the ADS domain logon procedure.
*/
static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_LogonGetDomainInfo *r)
{
struct server_pipe_state *pipe_state = dce_call->conn->private;
const char * const attrs[] = { "name", "dnsDomain", "objectSid",
"objectGUID", "flatName", NULL };
void *sam_ctx;
struct ldb_message **res1, **res2;
struct netr_DomainInfo1 *info1;
int ret1, ret2, i;
NTSTATUS status;
if (!pipe_state) {
return NT_STATUS_ACCESS_DENIED;
}
if (!netr_creds_server_step_check(pipe_state,
r->in.credential, r->out.credential)) {
return NT_STATUS_ACCESS_DENIED;
}
sam_ctx = samdb_connect();
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
/* we need to do two searches. The first will pull our primary
domain and the second will pull any trusted domains. Our
primary domain is also a "trusted" domain, so we need to
put the primary domain into the lists of returned trusts as
well */
ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
if (ret1 != 1) {
samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
if (ret2 == -1) {
samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* we don't need the db link any more */
samdb_close(sam_ctx);
info1 = talloc_p(mem_ctx, struct netr_DomainInfo1);
if (info1 == NULL) {
return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(info1);
info1->num_trusts = ret2 + 1;
info1->trusts = talloc_array_p(mem_ctx, struct netr_DomainTrustInfo,
info1->num_trusts);
if (info1->trusts == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0]);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
for (i=0;i<ret2;i++) {
status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1]);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
r->out.info.info1 = info1;
return NT_STATUS_OK;
}

26
source4/rpc_server/netlogon/schannel_state.c
View File

@@ -53,11 +53,12 @@ static struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx)
use a simple ldb structure
*/
NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
const char *computer_name, struct creds_CredentialState *creds)
const char *computer_name,
struct creds_CredentialState *creds)
{
struct ldb_context *ldb;
struct ldb_message msg;
struct ldb_val val;
struct ldb_val val, seed;
char *s = NULL;
time_t expiry = time(NULL) + SCHANNEL_CREDENTIALS_EXPIRY;
int ret;
@@ -85,7 +86,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
val.data = creds->session_key;
val.length = sizeof(creds->session_key);
seed.data = creds->seed.data;
seed.length = sizeof(creds->seed.data);
ldb_msg_add_value(ldb, &msg, "sessionKey", &val);
ldb_msg_add_value(ldb, &msg, "seed", &seed);
ldb_msg_add_string(ldb, &msg, "expiry", s);
ldb_delete(ldb, msg.dn);
@@ -104,10 +109,11 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
/*
read back a session key for a computer
read back a credentials back for a computer
*/
NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
const char *computer_name, uint8_t session_key[16])
const char *computer_name,
struct creds_CredentialState *creds)
{
struct ldb_context *ldb;
time_t expiry;
@@ -116,6 +122,8 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
const struct ldb_val *val;
char *expr=NULL;
ZERO_STRUCTP(creds);
ldb = schannel_db_connect(mem_ctx);
if (ldb == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -146,7 +154,15 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_HANDLE;
}
memcpy(session_key, val->data, 16);
memcpy(creds->session_key, val->data, 16);
val = ldb_msg_find_ldb_val(res[0], "seed");
if (val == NULL || val->length != 8) {
ldb_close(ldb);
return NT_STATUS_INVALID_HANDLE;
}
memcpy(creds->seed.data, val->data, 8);
ldb_close(ldb);