1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Largely rewritten by Jeremy Allison 2005.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../librpc/gen_ndr/ndr_schannel.h"
22 #include "../librpc/gen_ndr/ndr_netlogon.h"
23 #include "../libcli/auth/schannel.h"
24 #include "rpc_client/cli_netlogon.h"
25 #include "rpc_client/cli_pipe.h"
26 #include "librpc/rpc/dcerpc.h"
27 #include "passdb.h"
28 #include "libsmb/libsmb.h"
29 #include "../libcli/smb/smbXcli_base.h"
30 #include "libcli/auth/netlogon_creds_cli.h"
31
32 #undef DBGC_CLASS
33 #define DBGC_CLASS DBGC_RPC_CLI
34
35 /****************************************************************************
36 Open a named pipe to an SMB server and bind using schannel (bind type 68).
37 Fetch the session key ourselves using a temporary netlogon pipe.
38 ****************************************************************************/
39
cli_rpc_pipe_open_schannel(struct cli_state * cli,struct messaging_context * msg_ctx,const struct ndr_interface_table * table,enum dcerpc_transport_t transport,const char * domain,struct rpc_pipe_client ** presult,TALLOC_CTX * mem_ctx,struct netlogon_creds_cli_context ** pcreds)40 NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
41 struct messaging_context *msg_ctx,
42 const struct ndr_interface_table *table,
43 enum dcerpc_transport_t transport,
44 const char *domain,
45 struct rpc_pipe_client **presult,
46 TALLOC_CTX *mem_ctx,
47 struct netlogon_creds_cli_context **pcreds)
48 {
49 TALLOC_CTX *frame = talloc_stackframe();
50 const char *dc_name = smbXcli_conn_remote_name(cli->conn);
51 struct rpc_pipe_client *result = NULL;
52 NTSTATUS status;
53 struct cli_credentials *cli_creds = NULL;
54 struct netlogon_creds_cli_context *netlogon_creds = NULL;
55 struct netlogon_creds_CredentialState *creds = NULL;
56 uint32_t netlogon_flags;
57
58 status = pdb_get_trust_credentials(domain, NULL,
59 frame, &cli_creds);
60 if (!NT_STATUS_IS_OK(status)) {
61 TALLOC_FREE(frame);
62 return status;
63 }
64
65 status = rpccli_create_netlogon_creds_ctx(cli_creds,
66 dc_name,
67 msg_ctx,
68 frame,
69 &netlogon_creds);
70 if (!NT_STATUS_IS_OK(status)) {
71 TALLOC_FREE(frame);
72 return status;
73 }
74
75 status = rpccli_setup_netlogon_creds(cli, transport,
76 netlogon_creds,
77 false, /* force_reauth */
78 cli_creds);
79 if (!NT_STATUS_IS_OK(status)) {
80 TALLOC_FREE(frame);
81 return status;
82 }
83
84 status = netlogon_creds_cli_get(netlogon_creds, frame, &creds);
85 if (!NT_STATUS_IS_OK(status)) {
86 TALLOC_FREE(frame);
87 return status;
88 }
89
90 netlogon_flags = creds->negotiate_flags;
91 TALLOC_FREE(creds);
92
93 if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) {
94 status = cli_rpc_pipe_open_schannel_with_creds(cli, table,
95 transport,
96 netlogon_creds,
97 &result);
98 if (!NT_STATUS_IS_OK(status)) {
99 TALLOC_FREE(frame);
100 return status;
101 }
102 } else {
103 status = cli_rpc_pipe_open_noauth(cli, table, &result);
104 if (!NT_STATUS_IS_OK(status)) {
105 TALLOC_FREE(frame);
106 return status;
107 }
108 }
109
110 *presult = result;
111 if (pcreds != NULL) {
112 *pcreds = talloc_move(mem_ctx, &netlogon_creds);
113 }
114
115 TALLOC_FREE(frame);
116 return NT_STATUS_OK;
117 }
118