sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
samba-mirror/source/rpc_client/cli_samr.c
Günther Deschner c09e619a58 Remove unused marshalling for SAMR_QUERY_DISPINFO. 
Guenther
2008-02-08 00:17:54 +01:00

744 lines
18 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
RPC pipe client
Copyright (C) Tim Potter 2000-2001,
Copyright (C) Andrew Tridgell 1992-1997,2000,
Copyright (C) Rafal Szczesniak 2002.
Copyright (C) Jeremy Allison 2005.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name->string = s;
}
/* Query user info */
NTSTATUS rpccli_samr_query_userinfo(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const POLICY_HND *user_pol,
uint16 switch_value,
SAM_USERINFO_CTR **ctr)
{
prs_struct qbuf, rbuf;
SAMR_Q_QUERY_USERINFO q;
SAMR_R_QUERY_USERINFO r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DEBUG(10,("cli_samr_query_userinfo\n"));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Marshall data and send request */
init_samr_q_query_userinfo(&q, user_pol, switch_value);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERINFO,
q, r,
qbuf, rbuf,
samr_io_q_query_userinfo,
samr_io_r_query_userinfo,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
result = r.status;
*ctr = r.ctr;
return result;
}
/**
* Enumerate domain users
*
* @param cli client state structure
* @param mem_ctx talloc context
* @param pol opened domain policy handle
* @param start_idx starting index of enumeration, returns context for
next enumeration
* @param acb_mask account control bit mask (to enumerate some particular
* kind of accounts)
* @param size max acceptable size of response
* @param dom_users returned array of domain user names
* @param rids returned array of domain user RIDs
* @param num_dom_users numer returned entries
*
* @return NTSTATUS returned in rpc response
**/
NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *pol, uint32 *start_idx, uint32 acb_mask,
uint32 size, char ***dom_users, uint32 **rids,
uint32 *num_dom_users)
{
prs_struct qbuf;
prs_struct rbuf;
SAMR_Q_ENUM_DOM_USERS q;
SAMR_R_ENUM_DOM_USERS r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
int i;
DEBUG(10,("cli_samr_enum_dom_users starting at index %u\n", (unsigned int)*start_idx));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* always init this */
*num_dom_users = 0;
/* Fill query structure with parameters */
init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, size);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_USERS,
q, r,
qbuf, rbuf,
samr_io_q_enum_dom_users,
samr_io_r_enum_dom_users,
NT_STATUS_UNSUCCESSFUL);
result = r.status;
if (!NT_STATUS_IS_OK(result) &&
NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
goto done;
*start_idx = r.next_idx;
*num_dom_users = r.num_entries2;
if (r.num_entries2) {
/* allocate memory needed to return received data */
*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_entries2);
if (!*rids) {
DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
*dom_users = TALLOC_ARRAY(mem_ctx, char*, r.num_entries2);
if (!*dom_users) {
DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
/* fill output buffers with rpc response */
for (i = 0; i < r.num_entries2; i++) {
fstring conv_buf;
(*rids)[i] = r.sam[i].rid;
unistr2_to_ascii(conv_buf, &(r.uni_acct_name[i]), sizeof(conv_buf));
(*dom_users)[i] = talloc_strdup(mem_ctx, conv_buf);
}
}
done:
return result;
}
/* Enumerate domain groups */
NTSTATUS rpccli_samr_enum_dom_groups(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
POLICY_HND *pol, uint32 *start_idx,
uint32 size, struct acct_info **dom_groups,
uint32 *num_dom_groups)
{
prs_struct qbuf, rbuf;
SAMR_Q_ENUM_DOM_GROUPS q;
SAMR_R_ENUM_DOM_GROUPS r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 name_idx, i;
DEBUG(10,("cli_samr_enum_dom_groups starting at index %u\n", (unsigned int)*start_idx));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Marshall data and send request */
init_samr_q_enum_dom_groups(&q, pol, *start_idx, size);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_GROUPS,
q, r,
qbuf, rbuf,
samr_io_q_enum_dom_groups,
samr_io_r_enum_dom_groups,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
result = r.status;
if (!NT_STATUS_IS_OK(result) &&
NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
goto done;
*num_dom_groups = r.num_entries2;
if (*num_dom_groups == 0)
goto done;
if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
memset(*dom_groups, 0, sizeof(struct acct_info) * (*num_dom_groups));
name_idx = 0;
for (i = 0; i < *num_dom_groups; i++) {
(*dom_groups)[i].rid = r.sam[i].rid;
if (r.sam[i].hdr_name.buffer) {
unistr2_to_ascii((*dom_groups)[i].acct_name,
&r.uni_grp_name[name_idx],
sizeof((*dom_groups)[i].acct_name));
name_idx++;
}
*start_idx = r.next_idx;
}
done:
return result;
}
/* Enumerate domain groups */
NTSTATUS rpccli_samr_enum_als_groups(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
POLICY_HND *pol, uint32 *start_idx,
uint32 size, struct acct_info **dom_aliases,
uint32 *num_dom_aliases)
{
prs_struct qbuf, rbuf;
SAMR_Q_ENUM_DOM_ALIASES q;
SAMR_R_ENUM_DOM_ALIASES r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 name_idx, i;
DEBUG(10,("cli_samr_enum_als_groups starting at index %u\n", (unsigned int)*start_idx));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Marshall data and send request */
init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_ALIASES,
q, r,
qbuf, rbuf,
samr_io_q_enum_dom_aliases,
samr_io_r_enum_dom_aliases,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
result = r.status;
if (!NT_STATUS_IS_OK(result) &&
NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
goto done;
}
*num_dom_aliases = r.num_entries2;
if (*num_dom_aliases == 0)
goto done;
if (!((*dom_aliases) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_aliases))) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
memset(*dom_aliases, 0, sizeof(struct acct_info) * *num_dom_aliases);
name_idx = 0;
for (i = 0; i < *num_dom_aliases; i++) {
(*dom_aliases)[i].rid = r.sam[i].rid;
if (r.sam[i].hdr_name.buffer) {
unistr2_to_ascii((*dom_aliases)[i].acct_name,
&r.uni_grp_name[name_idx],
sizeof((*dom_aliases)[i].acct_name));
name_idx++;
}
*start_idx = r.next_idx;
}
done:
return result;
}
/* User change password */
NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uchar old_nt_hash[16];
uchar old_lanman_hash[16];
uchar new_nt_hash[16];
uchar new_lanman_hash[16];
struct lsa_String server, account;
char *srv_name_slash = NULL;
DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
if (!srv_name_slash) {
return NT_STATUS_NO_MEMORY;
}
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
SamOEMhash(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
SamOEMhash(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc);
return result;
}
/* User change password given blobs */
NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
DATA_BLOB new_nt_password_blob,
DATA_BLOB old_nt_hash_enc_blob,
DATA_BLOB new_lm_password_blob,
DATA_BLOB old_lm_hash_enc_blob)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lm_hash_enc;
struct lsa_String server, account;
char *srv_name_slash = NULL;
DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
if (!srv_name_slash) {
return NT_STATUS_NO_MEMORY;
}
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lm_hash_enc);
return result;
}
/* change password 3 */
NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *username,
const char *newpassword,
const char *oldpassword,
struct samr_DomInfo1 **dominfo1,
struct samr_ChangeReject **reject)
{
NTSTATUS status;
struct samr_CryptPassword new_nt_password;
struct samr_CryptPassword new_lm_password;
struct samr_Password old_nt_hash_enc;
struct samr_Password old_lanman_hash_enc;
uchar old_nt_hash[16];
uchar old_lanman_hash[16];
uchar new_nt_hash[16];
uchar new_lanman_hash[16];
struct lsa_String server, account;
char *srv_name_slash = NULL;
DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
if (!srv_name_slash) {
return NT_STATUS_NO_MEMORY;
}
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
/* Calculate the MD4 hash (NT compatible) of the password */
E_md4hash(oldpassword, old_nt_hash);
E_md4hash(newpassword, new_nt_hash);
if (lp_client_lanman_auth() &&
E_deshash(newpassword, new_lanman_hash) &&
E_deshash(oldpassword, old_lanman_hash)) {
/* E_deshash returns false for 'long' passwords (> 14
DOS chars). This allows us to match Win2k, which
does not store a LM hash for these passwords (which
would reduce the effective password length to 14) */
encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
SamOEMhash(new_lm_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
} else {
ZERO_STRUCT(new_lm_password);
ZERO_STRUCT(old_lanman_hash_enc);
}
encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
SamOEMhash(new_nt_password.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
&server,
&account,
&new_nt_password,
&old_nt_hash_enc,
true,
&new_lm_password,
&old_lanman_hash_enc,
NULL,
dominfo1,
reject);
return status;
}
/* This function returns the bizzare set of (max_entries, max_size) required
for the QueryDisplayInfo RPC to actually work against a domain controller
with large (10k and higher) numbers of users. These values were
obtained by inspection using ethereal and NT4 running User Manager. */
void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
uint32 *max_size)
{
switch(loop_count) {
case 0:
*max_entries = 512;
*max_size = 16383;
break;
case 1:
*max_entries = 1024;
*max_size = 32766;
break;
case 2:
*max_entries = 2048;
*max_size = 65532;
break;
case 3:
*max_entries = 4096;
*max_size = 131064;
break;
default: /* loop_count >= 4 */
*max_entries = 4096;
*max_size = 131071;
break;
}
}
/* Lookup rids. Note that NT4 seems to crash if more than ~1000 rids are
looked up in one packet. */
NTSTATUS rpccli_samr_lookup_rids(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
POLICY_HND *domain_pol,
uint32 num_rids, uint32 *rids,
uint32 *num_names, char ***names,
uint32 **name_types)
{
prs_struct qbuf, rbuf;
SAMR_Q_LOOKUP_RIDS q;
SAMR_R_LOOKUP_RIDS r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 i;
DEBUG(10,("cli_samr_lookup_rids\n"));
if (num_rids > 1000) {
DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if "
"more than ~1000 rids are looked up at once.\n"));
}
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Marshall data and send request */
init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, 1000, num_rids, rids);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_RIDS,
q, r,
qbuf, rbuf,
samr_io_q_lookup_rids,
samr_io_r_lookup_rids,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
result = r.status;
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
goto done;
if (r.num_names1 == 0) {
*num_names = 0;
*names = NULL;
goto done;
}
*num_names = r.num_names1;
*names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1);
*name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);
if ((*names == NULL) || (*name_types == NULL)) {
TALLOC_FREE(*names);
TALLOC_FREE(*name_types);
return NT_STATUS_NO_MEMORY;
}
for (i = 0; i < r.num_names1; i++) {
fstring tmp;
unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp));
(*names)[i] = talloc_strdup(mem_ctx, tmp);
(*name_types)[i] = r.type[i];
}
done:
return result;
}
/* Lookup names */
NTSTATUS rpccli_samr_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *domain_pol, uint32 flags,
uint32 num_names, const char **names,
uint32 *num_rids, uint32 **rids,
uint32 **rid_types)
{
prs_struct qbuf, rbuf;
SAMR_Q_LOOKUP_NAMES q;
SAMR_R_LOOKUP_NAMES r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 i;
DEBUG(10,("cli_samr_lookup_names\n"));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Marshall data and send request */
init_samr_q_lookup_names(mem_ctx, &q, domain_pol, flags,
num_names, names);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_NAMES,
q, r,
qbuf, rbuf,
samr_io_q_lookup_names,
samr_io_r_lookup_names,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
if (!NT_STATUS_IS_OK(result = r.status)) {
goto done;
}
if (r.num_rids1 == 0) {
*num_rids = 0;
goto done;
}
*num_rids = r.num_rids1;
*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
*rid_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
if ((*rids == NULL) || (*rid_types == NULL)) {
TALLOC_FREE(*rids);
TALLOC_FREE(*rid_types);
return NT_STATUS_NO_MEMORY;
}
for (i = 0; i < r.num_rids1; i++) {
(*rids)[i] = r.rids[i];
(*rid_types)[i] = r.types[i];
}
done:
return result;
}
/* Set userinfo */
NTSTATUS rpccli_samr_set_userinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
const POLICY_HND *user_pol, uint16 switch_value,
DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
{
prs_struct qbuf, rbuf;
SAMR_Q_SET_USERINFO q;
SAMR_R_SET_USERINFO r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DEBUG(10,("cli_samr_set_userinfo\n"));
ZERO_STRUCT(q);
ZERO_STRUCT(r);
if (!sess_key->length) {
DEBUG(1, ("No user session key\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
}
/* Initialise parse structures */
prs_init(&qbuf, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
/* Marshall data and send request */
q.ctr = ctr;
init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value,
ctr->info.id);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO,
q, r,
qbuf, rbuf,
samr_io_q_set_userinfo,
samr_io_r_set_userinfo,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
if (!NT_STATUS_IS_OK(result = r.status)) {
goto done;
}
done:
return result;
}
/* Set userinfo2 */
NTSTATUS rpccli_samr_set_userinfo2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
const POLICY_HND *user_pol, uint16 switch_value,
DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
{
prs_struct qbuf, rbuf;
SAMR_Q_SET_USERINFO2 q;
SAMR_R_SET_USERINFO2 r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DEBUG(10,("cli_samr_set_userinfo2\n"));
if (!sess_key->length) {
DEBUG(1, ("No user session key\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
}
ZERO_STRUCT(q);
ZERO_STRUCT(r);
/* Marshall data and send request */
init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr);
CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO2,
q, r,
qbuf, rbuf,
samr_io_q_set_userinfo2,
samr_io_r_set_userinfo2,
NT_STATUS_UNSUCCESSFUL);
/* Return output parameters */
if (!NT_STATUS_IS_OK(result = r.status)) {
goto done;
}
done:
return result;
}
View Git Blame Copy Permalink