sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

r12865: Upgrade the librpc and libnet code.

Browse Source 
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous.  This should better
function with servers that set restrict anonymous.

There are too many parts of Samba that get, parse and modify the
binding parameters.  Avoid the extra work, and add a binding element
to the struct dcerpc_pipe

The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern.  Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.

To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2006-01-12 09:33:49 +00:00 committed by Gerald (Jerry) Carter
parent 21f87f87a9
commit d65b354959
19 changed files with 244 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source/libnet/libnet_join.c
View File

@ -745,14 +745,11 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
*/
/* Find the original binding string */
status = dcerpc_parse_binding(tmp_ctx, lsa_pipe->conn->binding_string, &samr_binding);
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Failed to parse lsa binding '%s'",
lsa_pipe->conn->binding_string);
talloc_free(tmp_ctx);
return status;
samr_binding = talloc(tmp_ctx, struct dcerpc_binding);
if (!samr_binding) {
return NT_STATUS_NO_MEMORY;
}
*samr_binding = *lsa_pipe->binding;
/* Make binding string for samr, not the other pipe */
status = dcerpc_epm_map_binding(tmp_ctx, samr_binding,

4
source/libnet/libnet_rpc.c
View File

@ -57,8 +57,8 @@ static NTSTATUS libnet_RpcConnectSrv(struct libnet_context *ctx, TALLOC_CTX *mem
if (!NT_STATUS_IS_OK(status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"dcerpc_pipe_connect to pipe %s failed with %s\n",
r->in.dcerpc_iface->name, binding);
"dcerpc_pipe_connect to pipe %s[%s] failed with %s\n",
r->in.dcerpc_iface->name, binding, nt_errstr(status));
return status;
}

71
source/libnet/libnet_samdump.c
View File

@ -151,7 +151,7 @@ static NTSTATUS libnet_samdump_fn(TALLOC_CTX *mem_ctx,
return nt_status;
}
static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
@ -164,15 +164,16 @@ static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *
return NT_STATUS_NO_MEMORY;
}
samdump_state->secrets = NULL;
samdump_state->secrets = NULL;
samdump_state->trusted_domains = NULL;
r2.error_string = NULL;
r2.delta_fn = libnet_samdump_fn;
r2.fn_ctx = samdump_state;
r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
r->error_string = r2.error_string;
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
r2.in.delta_fn = libnet_samdump_fn;
r2.in.fn_ctx = samdump_state;
r2.in.machine_account = r->in.machine_account;
nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
r->out.error_string = r2.out.error_string;
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(samdump_state);
@ -183,49 +184,25 @@ static NTSTATUS libnet_SamDump_netlogon(struct libnet_context *ctx, TALLOC_CTX *
for (t=samdump_state->trusted_domains; t; t=t->next) {
char *secret_name = talloc_asprintf(mem_ctx, "G$$%s", t->name);
for (s=samdump_state->secrets; s; s=s->next) {
if (strcasecmp_m(s->name, secret_name) == 0) {
char *secret_string;
if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
s->secret.data, s->secret.length,
(void **)&secret_string) == -1) {
r->error_string = talloc_asprintf(mem_ctx,
"Could not convert secret for domain %s to a string\n",
t->name);
talloc_free(samdump_state);
return NT_STATUS_INVALID_PARAMETER;
}
printf("%s\t%s\t%s\n",
t->name, dom_sid_string(mem_ctx, t->sid),
secret_string);
char *secret_string;
if (strcasecmp_m(s->name, secret_name) != 0) {
continue;
}
if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
s->secret.data, s->secret.length,
(void **)&secret_string) == -1) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Could not convert secret for domain %s to a string\n",
t->name);
talloc_free(samdump_state);
return NT_STATUS_INVALID_PARAMETER;
}
printf("%s\t%s\t%s\n",
t->name, dom_sid_string(mem_ctx, t->sid),
secret_string);
}
}
talloc_free(samdump_state);
return nt_status;
}
static NTSTATUS libnet_SamDump_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
{
NTSTATUS nt_status;
struct libnet_SamDump r2;
r2.level = LIBNET_SAMDUMP_NETLOGON;
r2.error_string = NULL;
nt_status = libnet_SamDump(ctx, mem_ctx, &r2);
r->error_string = r2.error_string;
return nt_status;
}
NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump *r)
{
switch (r->level) {
case LIBNET_SAMDUMP_GENERIC:
return libnet_SamDump_generic(ctx, mem_ctx, r);
case LIBNET_SAMDUMP_NETLOGON:
return libnet_SamDump_netlogon(ctx, mem_ctx, r);
}
return NT_STATUS_INVALID_LEVEL;
}

42
source/libnet/libnet_samdump_keytab.c
View File

@ -94,17 +94,18 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx,
return nt_status;
}
static NTSTATUS libnet_SamDump_keytab_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
r2.error_string = NULL;
r2.delta_fn = libnet_samdump_keytab_fn;
r2.fn_ctx = r->keytab_name;
r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2);
r->error_string = r2.error_string;
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
r2.in.delta_fn = libnet_samdump_keytab_fn;
r2.in.fn_ctx = discard_const(r->in.keytab_name);
r2.in.machine_account = r->in.machine_account;
nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2);
r->out.error_string = r2.out.error_string;
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
@ -112,30 +113,3 @@ static NTSTATUS libnet_SamDump_keytab_netlogon(struct libnet_context *ctx, TALLO
return nt_status;
}
static NTSTATUS libnet_SamDump_keytab_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
{
NTSTATUS nt_status;
struct libnet_SamDump_keytab r2;
r2.level = LIBNET_SAMDUMP_NETLOGON;
r2.error_string = NULL;
r2.keytab_name = r->keytab_name;
nt_status = libnet_SamDump_keytab(ctx, mem_ctx, &r2);
r->error_string = r2.error_string;
return nt_status;
}
NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r)
{
switch (r->level) {
case LIBNET_SAMDUMP_GENERIC:
return libnet_SamDump_keytab_generic(ctx, mem_ctx, r);
case LIBNET_SAMDUMP_NETLOGON:
return libnet_SamDump_keytab_netlogon(ctx, mem_ctx, r);
}
return NT_STATUS_INVALID_LEVEL;
}

45
source/libnet/libnet_samsync_ldb.c
View File

@ -1053,7 +1053,7 @@ static NTSTATUS libnet_samsync_ldb_fn(TALLOC_CTX *mem_ctx,
return nt_status;
}
static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
@ -1063,17 +1063,18 @@ static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_C
return NT_STATUS_NO_MEMORY;
}
state->secrets = NULL;
state->secrets = NULL;
state->trusted_domains = NULL;
state->sam_ldb = samdb_connect(state, system_session(state));
state->sam_ldb = samdb_connect(state, system_session(state));
r2.error_string = NULL;
r2.delta_fn = libnet_samsync_ldb_fn;
r2.fn_ctx = state;
r2.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
nt_status = libnet_SamSync_netlogon(ctx, state, &r2);
r->error_string = r2.error_string;
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
r2.in.delta_fn = libnet_samsync_ldb_fn;
r2.in.fn_ctx = state;
r2.in.machine_account = NULL; /* TODO: Create a machine account, fill this in, and the delete it */
nt_status = libnet_SamSync_netlogon(ctx, state, &r2);
r->out.error_string = r2.out.error_string;
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(state);
@ -1082,29 +1083,3 @@ static NTSTATUS libnet_samsync_ldb_netlogon(struct libnet_context *ctx, TALLOC_C
talloc_free(state);
return nt_status;
}
static NTSTATUS libnet_samsync_ldb_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
{
NTSTATUS nt_status;
struct libnet_samsync_ldb r2;
r2.level = LIBNET_SAMSYNC_LDB_NETLOGON;
r2.error_string = NULL;
nt_status = libnet_samsync_ldb(ctx, mem_ctx, &r2);
r->error_string = r2.error_string;
return nt_status;
}
NTSTATUS libnet_samsync_ldb(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_samsync_ldb *r)
{
switch (r->level) {
case LIBNET_SAMSYNC_LDB_GENERIC:
return libnet_samsync_ldb_generic(ctx, mem_ctx, r);
case LIBNET_SAMSYNC_LDB_NETLOGON:
return libnet_samsync_ldb_netlogon(ctx, mem_ctx, r);
}
return NT_STATUS_INVALID_LEVEL;
}

120
source/libnet/libnet_vampire.c
View File

@ -150,24 +150,15 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
struct creds_CredentialState *creds;
struct netr_DatabaseSync dbsync;
struct cli_credentials *machine_account;
struct dcerpc_binding *b;
struct dcerpc_pipe *p;
struct libnet_context *machine_net_ctx;
struct libnet_RpcConnect *c;
const enum netr_SamDatabaseID database_ids[] = {SAM_DATABASE_DOMAIN, SAM_DATABASE_BUILTIN, SAM_DATABASE_PRIVS};
int i;
/* TODO: This is bogus */
const char **bindings = lp_passwordserver();
const char *binding;
if (bindings && bindings[0]) {
binding = bindings[0];
} else {
return NT_STATUS_INVALID_PARAMETER;
}
samsync_ctx = talloc_named(mem_ctx, 0, "SamSync top context");
if (!r->machine_account) {
if (!r->in.machine_account) {
machine_account = cli_credentials_init(samsync_ctx);
if (!machine_account) {
talloc_free(samsync_ctx);
@ -176,16 +167,17 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
cli_credentials_set_conf(machine_account);
nt_status = cli_credentials_set_machine_account(machine_account);
if (!NT_STATUS_IS_OK(nt_status)) {
r->error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
talloc_free(samsync_ctx);
return nt_status;
}
} else {
machine_account = r->machine_account;
machine_account = r->in.machine_account;
}
/* We cannot do this unless we are a BDC. Check, before we get odd errors later */
if (cli_credentials_get_secure_channel_type(machine_account) != SEC_CHAN_BDC) {
r->error_string
r->out.error_string
= talloc_asprintf(mem_ctx,
"Our join to domain %s is not as a BDC (%d), please rejoin as a BDC",
@ -195,25 +187,67 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
/* Connect to DC (take a binding string for now) */
nt_status = dcerpc_parse_binding(samsync_ctx, binding, &b);
if (!NT_STATUS_IS_OK(nt_status)) {
r->error_string = talloc_asprintf(mem_ctx, "Bad binding string %s\n", binding);
c = talloc(samsync_ctx, struct libnet_RpcConnect);
if (!c) {
r->out.error_string = NULL;
talloc_free(samsync_ctx);
return NT_STATUS_INVALID_PARAMETER;
return NT_STATUS_NO_MEMORY;
}
/* We like schannel */
b->flags &= ~DCERPC_AUTH_OPTIONS;
b->flags |= DCERPC_SCHANNEL | DCERPC_SEAL /* | DCERPC_SCHANNEL_128 */;
if (r->in.binding_string) {
c->level = LIBNET_RPC_CONNECT_BINDING;
c->in.binding = r->in.binding_string;
} else {
/* prepare connect to the NETLOGON pipe of PDC */
c->level = LIBNET_RPC_CONNECT_PDC;
c->in.name = cli_credentials_get_domain(machine_account);
}
c->in.dcerpc_iface = &dcerpc_table_netlogon;
/* Setup schannel */
nt_status = dcerpc_pipe_connect_b(samsync_ctx, &p, b,
&dcerpc_table_netlogon,
machine_account, ctx->event_ctx);
/* We must do this as the machine, not as any command-line
* user. So we override the credentials in the
* libnet_context */
machine_net_ctx = talloc(samsync_ctx, struct libnet_context);
if (!machine_net_ctx) {
r->out.error_string = NULL;
talloc_free(samsync_ctx);
return NT_STATUS_NO_MEMORY;
}
*machine_net_ctx = *ctx;
machine_net_ctx->cred = machine_account;
/* connect to the NETLOGON pipe of the PDC */
nt_status = libnet_RpcConnect(machine_net_ctx, c, c);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Connection to NETLOGON pipe of DC failed: %s",
c->out.error_string);
talloc_free(samsync_ctx);
return nt_status;
}
/* This makes a new pipe, on which we can do schannel. We
* should do this in the RpcConnect code, but the abstaction
* layers do not suit yet */
nt_status = dcerpc_secondary_connection(c->out.dcerpc_pipe, &p,
c->out.dcerpc_pipe->binding);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Secondary connection to NETLOGON pipe of DC %s failed: %s",
dcerpc_server_name(p), nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
nt_status = dcerpc_bind_auth_schannel(samsync_ctx, p, &dcerpc_table_netlogon,
machine_account, DCERPC_AUTH_LEVEL_PRIVACY);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"SCHANNEL authentication to NETLOGON pipe of DC %s failed: %s",
dcerpc_server_name(p), nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
@ -222,11 +256,12 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
nt_status = dcerpc_schannel_creds(p->conn->security_state.generic_state, samsync_ctx, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
r->error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer");
r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain NETLOGON credentials from DCERPC/GENSEC layer");
talloc_free(samsync_ctx);
return nt_status;
}
/* Setup details for the syncronisation */
dbsync.in.logon_server = talloc_asprintf(samsync_ctx, "\\\\%s", dcerpc_server_name(p));
dbsync.in.computername = cli_credentials_get_workstation(machine_account);
dbsync.in.preferredmaximumlength = (uint32_t)-1;
@ -244,40 +279,47 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx
dbsync_nt_status = dcerpc_netr_DatabaseSync(p, loop_ctx, &dbsync);
if (!NT_STATUS_IS_OK(dbsync_nt_status) &&
!NT_STATUS_EQUAL(dbsync_nt_status, STATUS_MORE_ENTRIES)) {
r->error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status));
r->out.error_string = talloc_asprintf(samsync_ctx, "DatabaseSync failed - %s", nt_errstr(nt_status));
talloc_free(samsync_ctx);
return nt_status;
}
if (!creds_client_check(creds, &dbsync.out.return_authenticator.cred)) {
r->error_string = talloc_strdup(samsync_ctx, "Credential chaining failed");
r->out.error_string = talloc_strdup(samsync_ctx, "Credential chaining failed");
talloc_free(samsync_ctx);
return NT_STATUS_ACCESS_DENIED;
}
dbsync.in.sync_context = dbsync.out.sync_context;
/* For every single remote 'delta' entry: */
for (d=0; d < dbsync.out.delta_enum_array->num_deltas; d++) {
char *error_string = NULL;
delta_ctx = talloc_named(loop_ctx, 0, "DatabaseSync delta context");
/* 'Fix' elements, by decrypting and
* de-obfustiating the data */
nt_status = fix_delta(delta_ctx,
creds,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->error_string = talloc_steal(samsync_ctx, error_string);
r->out.error_string = talloc_steal(samsync_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}
nt_status = r->delta_fn(delta_ctx,
r->fn_ctx,
creds,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&error_string);
/* Now call the callback. This will
* do something like print the data or
* write to an ldb */
nt_status = r->in.delta_fn(delta_ctx,
r->in.fn_ctx,
creds,
dbsync.in.database_id,
&dbsync.out.delta_enum_array->delta_enum[d],
&error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
r->error_string = talloc_steal(samsync_ctx, error_string);
r->out.error_string = talloc_steal(samsync_ctx, error_string);
talloc_free(samsync_ctx);
return nt_status;
}

62
source/libnet/libnet_vampire.h
View File

@ -22,40 +22,50 @@
/* struct and enum for doing a remote domain vampire dump */
struct libnet_SamSync {
NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx,
void *private,
struct creds_CredentialState *creds,
enum netr_SamDatabaseID database,
struct netr_DELTA_ENUM *delta,
char **error_string);
void *fn_ctx;
const char *error_string;
struct cli_credentials *machine_account;
};
enum libnet_SamDump_level {
LIBNET_SAMDUMP_GENERIC,
LIBNET_SAMDUMP_NETLOGON,
struct {
const char *binding_string;
NTSTATUS (*delta_fn)(TALLOC_CTX *mem_ctx,
void *private,
struct creds_CredentialState *creds,
enum netr_SamDatabaseID database,
struct netr_DELTA_ENUM *delta,
char **error_string);
void *fn_ctx;
struct cli_credentials *machine_account;
} in;
struct {
const char *error_string;
} out;
};
struct libnet_SamDump {
enum libnet_SamDump_level level;
const char *error_string;
struct {
const char *binding_string;
struct cli_credentials *machine_account;
} in;
struct {
const char *error_string;
} out;
};
struct libnet_SamDump_keytab {
enum libnet_SamDump_level level;
const char *keytab_name;
const char *error_string;
};
enum libnet_samsync_ldb_level {
LIBNET_SAMSYNC_LDB_GENERIC,
LIBNET_SAMSYNC_LDB_NETLOGON,
struct {
const char *binding_string;
const char *keytab_name;
struct cli_credentials *machine_account;
} in;
struct {
const char *error_string;
} out;
};
struct libnet_samsync_ldb {
enum libnet_samsync_ldb_level level;
const char *error_string;
struct {
const char *binding_string;
struct cli_credentials *machine_account;
} in;
struct {
const char *error_string;
} out;
};

1
source/librpc/rpc/dcerpc.h
View File

@ -100,6 +100,7 @@ struct dcerpc_pipe {
struct dcerpc_syntax_id transfer_syntax;
struct dcerpc_connection *conn;
struct dcerpc_binding *binding;
/* the last fault code from a DCERPC fault */
uint32_t last_fault_code;

11
source/librpc/rpc/dcerpc_auth.c
View File

@ -168,7 +168,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
struct cli_credentials *credentials,
uint8_t auth_type,
uint8_t auth_type, uint8_t auth_level,
const char *service)
{
struct composite_context *c, *creq;
@ -233,8 +233,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
}
c->status = gensec_start_mech_by_authtype(sec->generic_state,
auth_type,
dcerpc_auth_level(p->conn));
auth_type, auth_level);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
gensec_get_name_by_authtype(auth_type),
@ -249,7 +248,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
}
sec->auth_info->auth_type = auth_type;
sec->auth_info->auth_level = dcerpc_auth_level(p->conn);
sec->auth_info->auth_level = auth_level,
sec->auth_info->auth_pad_length = 0;
sec->auth_info->auth_reserved = 0;
sec->auth_info->auth_context_id = random();
@ -323,11 +322,11 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
struct cli_credentials *credentials,
uint8_t auth_type,
uint8_t auth_type, uint8_t auth_level,
const char *service)
{
struct composite_context *creq;
creq = dcerpc_bind_auth_send(p, p, table, credentials,
auth_type, service);
auth_type, auth_level, service);
return dcerpc_bind_auth_recv(creq);
}

24
source/librpc/rpc/dcerpc_connect.c
View File

@ -131,29 +131,19 @@ struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CTX *mem_
conn->in.called_name = strupper_talloc(mem_ctx, s->io.binding->host);
conn->in.service = "IPC$";
conn->in.service_type = NULL;
conn->in.fallback_to_anonymous = False;
conn->in.workgroup = lp_workgroup();
/*
* provide proper credentials - user supplied or anonymous in case this is
* schannel connection
* provide proper credentials - user supplied, but allow a
* fallback to anonymous if this is an schannel connection
* (might be NT4 not allowing machine logins at session
* setup).
*/
s->conn.in.credentials = s->io.creds;
if (s->io.binding->flags & DCERPC_SCHANNEL) {
struct cli_credentials *anon_creds;
anon_creds = cli_credentials_init(mem_ctx);
if (!anon_creds) {
composite_error(c, NT_STATUS_NO_MEMORY);
goto done;
}
cli_credentials_set_anonymous(anon_creds);
cli_credentials_guess(anon_creds);
s->conn.in.credentials = anon_creds;
conn->in.fallback_to_anonymous = True;
} else {
s->conn.in.credentials = s->io.creds;
conn->in.fallback_to_anonymous = False;
}
/* send smb connect request */

17
source/librpc/rpc/dcerpc_schannel.c
View File

@ -55,16 +55,15 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx,
step 1 - establish a netlogon connection, with no authentication
*/
/* Find the original binding string */
status = dcerpc_parse_binding(tmp_ctx, p->conn->binding_string, &b);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string));
return status;
b = talloc(tmp_ctx, struct dcerpc_binding);
if (!b) {
return NT_STATUS_NO_MEMORY;
}
*b = *p->binding;
/* Make binding string for netlogon, not the other pipe */
status = dcerpc_epm_map_binding(tmp_ctx, b,
&dcerpc_table_netlogon,
&dcerpc_table_netlogon,
p->conn->event_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to map DCERPC/TCP NCACN_NP pipe for '%s' - %s\n",
@ -141,7 +140,8 @@ static NTSTATUS dcerpc_schannel_key(TALLOC_CTX *tmp_ctx,
NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx,
struct dcerpc_pipe *p,
const struct dcerpc_interface_table *table,
struct cli_credentials *credentials)
struct cli_credentials *credentials,
uint8_t auth_level)
{
NTSTATUS status;
@ -156,7 +156,8 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx,
return status;
}
return dcerpc_bind_auth(p, table, credentials, DCERPC_AUTH_TYPE_SCHANNEL,
return dcerpc_bind_auth(p, table, credentials,
DCERPC_AUTH_TYPE_SCHANNEL, auth_level,
NULL);
}

18
source/librpc/rpc/dcerpc_util.c
View File

@ -889,9 +889,10 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
/* If we don't already have netlogon credentials for
* the schannel bind, then we have to get these
* first */
status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials);
status = dcerpc_bind_auth_schannel(tmp_ctx, p, table, credentials,
dcerpc_auth_level(p->conn));
} else if (!cli_credentials_is_anonymous(credentials) &&
!(binding->transport == NCACN_NP &&
!(p->conn->transport.transport == NCACN_NP &&
!(binding->flags & DCERPC_SIGN) &&
!(binding->flags & DCERPC_SEAL))) {
@ -925,7 +926,9 @@ NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe *p,
}
status = dcerpc_bind_auth(p, table,
credentials, auth_type, table->authservices->names[0]);
credentials, auth_type,
dcerpc_auth_level(p->conn),
table->authservices->names[0]);
} else {
status = dcerpc_bind_auth_none(p, table);
}
@ -1099,6 +1102,11 @@ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
return status;
}
p->binding = binding;
if (!talloc_reference(p, binding)) {
return NT_STATUS_NO_MEMORY;
}
status = dcerpc_pipe_auth(p, binding, table, credentials);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(p);
@ -1195,6 +1203,10 @@ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p, struct dcerpc_pipe *
}
(*p2)->conn->flags = p->conn->flags;
(*p2)->binding = b;
if (!talloc_reference(*p2, b)) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}

9
source/torture/rpc/netlogon.c
View File

@ -1404,7 +1404,6 @@ static BOOL test_GetDomainInfo_async(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
NTSTATUS status;
struct dcerpc_binding *b;
struct dcerpc_pipe *p2;
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
@ -1425,13 +1424,7 @@ static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
printf("Torturing GetDCName\n");
status = dcerpc_parse_binding(mem_ctx, p->conn->binding_string, &b);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to parse dcerpc binding '%s'\n", p->conn->binding_string);
return False;
}
status = dcerpc_secondary_connection(p, &p2, b);
status = dcerpc_secondary_connection(p, &p2, p->binding);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to create secondary connection\n");
return False;

2
source/torture/rpc/samlogon.c
View File

@ -1742,6 +1742,8 @@ BOOL torture_rpc_samlogon(void)
* session key encryption) */
for (i=0; i < ARRAY_SIZE(credential_flags); i++) {
/* TODO: Somehow we lost setting up the different credential flags here! */
if (!test_InteractiveLogon(p, mem_ctx, creds,
usercreds[0].comment,
TEST_MACHINE_NAME,

2
source/torture/rpc/schannel.c
View File

@ -210,6 +210,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
status = dcerpc_bind_auth(p_netlogon, &dcerpc_table_netlogon,
credentials, DCERPC_AUTH_TYPE_SCHANNEL,
dcerpc_auth_level(p->conn),
NULL);
if (!NT_STATUS_IS_OK(status)) {
@ -242,6 +243,7 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx,
status = dcerpc_bind_auth(p_lsa, &dcerpc_table_lsarpc,
credentials, DCERPC_AUTH_TYPE_SCHANNEL,
dcerpc_auth_level(p->conn),
NULL);
if (!NT_STATUS_IS_OK(status)) {

23
source/utils/net/net_vampire.c
View File

@ -48,7 +48,7 @@ static int net_samdump_keytab(struct net_context *ctx, int argc, const char **ar
return net_samdump_keytab_usage(ctx, argc, argv);
break;
case 1:
r.keytab_name = argv[0];
r.in.keytab_name = argv[0];
break;
}
@ -58,14 +58,15 @@ static int net_samdump_keytab(struct net_context *ctx, int argc, const char **ar
}
libnetctx->cred = ctx->credentials;
r.level = LIBNET_SAMDUMP_GENERIC;
r.error_string = NULL;
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
status = libnet_SamDump_keytab(libnetctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
r.error_string));
r.out.error_string));
return -1;
}
@ -103,14 +104,15 @@ int net_samdump(struct net_context *ctx, int argc, const char **argv)
}
libnetctx->cred = ctx->credentials;
r.level = LIBNET_SAMDUMP_GENERIC;
r.error_string = NULL;
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
status = libnet_SamDump(libnetctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_SamDump returned %s: %s\n",
nt_errstr(status),
r.error_string));
r.out.error_string));
return -1;
}
@ -144,14 +146,15 @@ int net_samsync_ldb(struct net_context *ctx, int argc, const char **argv)
}
libnetctx->cred = ctx->credentials;
r.level = LIBNET_SAMSYNC_LDB_GENERIC;
r.error_string = NULL;
r.out.error_string = NULL;
r.in.machine_account = NULL;
r.in.binding_string = NULL;
status = libnet_samsync_ldb(libnetctx, ctx->mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("libnet_samsync_ldb returned %s: %s\n",
nt_errstr(status),
r.error_string));
r.out.error_string));
return -1;
}

14
source/winbind/wb_connect_lsa.c
View File

@ -95,24 +95,32 @@ static void init_lsa_recv_pipe(struct composite_context *ctx)
switch (state->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
ctx = dcerpc_bind_auth_none_send(state, state->lsa_pipe,
&dcerpc_table_lsarpc);
&dcerpc_table_lsarpc);
composite_continue(state->ctx, ctx, init_lsa_recv_anon_bind,
state);
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_SCHANNEL:
{
uint8_t auth_type;
if (lp_winbind_sealed_pipes()) {
auth_type = DCERPC_AUTH_LEVEL_PRIVACY;
} else {
auth_type = DCERPC_AUTH_LEVEL_INTEGRITY;
}
if (state->creds == NULL) {
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
return;
}
state->lsa_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
ctx = dcerpc_bind_auth_send(state, state->lsa_pipe,
&dcerpc_table_lsarpc,
&dcerpc_table_lsarpc,
state->creds, state->auth_type,
auth_type,
NULL);
composite_continue(state->ctx, ctx, init_lsa_recv_auth_bind,
state);
break;
}
default:
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
}

14
source/winbind/wb_connect_sam.c
View File

@ -102,24 +102,32 @@ static void connect_samr_recv_pipe(struct composite_context *ctx)
switch (state->auth_type) {
case DCERPC_AUTH_TYPE_NONE:
ctx = dcerpc_bind_auth_none_send(state, state->samr_pipe,
&dcerpc_table_samr);
&dcerpc_table_samr);
composite_continue(state->ctx, ctx,
connect_samr_recv_anon_bind, state);
break;
case DCERPC_AUTH_TYPE_NTLMSSP:
case DCERPC_AUTH_TYPE_SCHANNEL:
{
uint8_t auth_type;
if (lp_winbind_sealed_pipes()) {
auth_type = DCERPC_AUTH_LEVEL_PRIVACY;
} else {
auth_type = DCERPC_AUTH_LEVEL_INTEGRITY;
}
if (state->creds == NULL) {
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
return;
}
state->samr_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
ctx = dcerpc_bind_auth_send(state, state->samr_pipe,
&dcerpc_table_samr,
&dcerpc_table_samr,
state->creds, state->auth_type,
auth_type,
NULL);
composite_continue(state->ctx, ctx,
connect_samr_recv_auth_bind, state);
break;
}
default:
composite_error(state->ctx, NT_STATUS_INTERNAL_ERROR);
}

3
source/winbind/wb_init_domain.c
View File

@ -205,9 +205,10 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx)
state->domain->netlogon_pipe->conn->flags |=
(DCERPC_SIGN | DCERPC_SEAL);
ctx = dcerpc_bind_auth_send(state, state->domain->netlogon_pipe,
&dcerpc_table_netlogon,
&dcerpc_table_netlogon,
state->domain->schannel_creds,
DCERPC_AUTH_TYPE_SCHANNEL,
DCERPC_AUTH_LEVEL_PRIVACY,
NULL);
composite_continue(state->ctx, ctx, init_domain_recv_schannel, state);
}