1da6c28aaSamw /*
2da6c28aaSamw * CDDL HEADER START
3da6c28aaSamw *
4da6c28aaSamw * The contents of this file are subject to the terms of the
5da6c28aaSamw * Common Development and Distribution License (the "License").
6da6c28aaSamw * You may not use this file except in compliance with the License.
7da6c28aaSamw *
8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
10da6c28aaSamw * See the License for the specific language governing permissions
11da6c28aaSamw * and limitations under the License.
12da6c28aaSamw *
13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
18da6c28aaSamw *
19da6c28aaSamw * CDDL HEADER END
20da6c28aaSamw */
21148c5f43SAlan Wright
22da6c28aaSamw /*
23148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24*ce8560eeSMatt Barden * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
25da6c28aaSamw */
26da6c28aaSamw
27da6c28aaSamw /*
28da6c28aaSamw * NetLogon RPC (NETR) interface definition. This module provides
29da6c28aaSamw * the server side NETR RPC interface and the interface registration
30da6c28aaSamw * function.
31da6c28aaSamw */
32da6c28aaSamw
33da6c28aaSamw #include <strings.h>
34da6c28aaSamw
35da6c28aaSamw #include <smbsrv/libsmb.h>
368d7e4166Sjose borrego #include <smbsrv/libmlsvc.h>
37da6c28aaSamw #include <smbsrv/ndl/netlogon.ndl>
38da6c28aaSamw #include <smbsrv/nmpipes.h>
39da6c28aaSamw #include <smbsrv/netrauth.h>
40da6c28aaSamw
418d7e4166Sjose borrego static int netr_s_ServerReqChallenge(void *, ndr_xa_t *);
428d7e4166Sjose borrego static int netr_s_ServerAuthenticate2(void *, ndr_xa_t *);
438d7e4166Sjose borrego static int netr_s_ServerPasswordSet(void *, ndr_xa_t *);
448d7e4166Sjose borrego static int netr_s_SamLogon(void *, ndr_xa_t *);
458d7e4166Sjose borrego static int netr_s_SamLogoff(void *, ndr_xa_t *);
46da6c28aaSamw
478d7e4166Sjose borrego static ndr_stub_table_t netr_stub_table[] = {
48da6c28aaSamw { netr_s_ServerReqChallenge, NETR_OPNUM_ServerReqChallenge },
49da6c28aaSamw { netr_s_ServerAuthenticate2, NETR_OPNUM_ServerAuthenticate2 },
50da6c28aaSamw { netr_s_ServerPasswordSet, NETR_OPNUM_ServerPasswordSet },
51da6c28aaSamw { netr_s_SamLogon, NETR_OPNUM_SamLogon },
52da6c28aaSamw { netr_s_SamLogoff, NETR_OPNUM_SamLogoff },
53da6c28aaSamw {0}
54da6c28aaSamw };
55da6c28aaSamw
568d7e4166Sjose borrego static ndr_service_t netr_service = {
57da6c28aaSamw "NETR", /* name */
58da6c28aaSamw "NetLogon", /* desc */
59da6c28aaSamw "\\netlogon", /* endpoint */
60da6c28aaSamw PIPE_LSASS, /* sec_addr_port */
618d7e4166Sjose borrego "12345678-1234-abcd-ef00-01234567cffb", 1, /* abstract */
628d7e4166Sjose borrego NDR_TRANSFER_SYNTAX_UUID, 2, /* transfer */
63da6c28aaSamw 0, /* no bind_instance_size */
64da6c28aaSamw 0, /* no bind_req() */
65da6c28aaSamw 0, /* no unbind_and_close() */
66da6c28aaSamw 0, /* use generic_call_stub() */
67da6c28aaSamw &TYPEINFO(netr_interface), /* interface ti */
68da6c28aaSamw netr_stub_table /* stub_table */
69da6c28aaSamw };
70da6c28aaSamw
71da6c28aaSamw /*
72da6c28aaSamw * netr_initialize
73da6c28aaSamw *
74da6c28aaSamw * This function registers the NETR RPC interface with the RPC runtime
75da6c28aaSamw * library. It must be called in order to use either the client side
76da6c28aaSamw * or the server side functions.
77da6c28aaSamw */
78da6c28aaSamw void
netr_initialize(void)79da6c28aaSamw netr_initialize(void)
80da6c28aaSamw {
81*ce8560eeSMatt Barden uint32_t flags;
82*ce8560eeSMatt Barden
838d7e4166Sjose borrego (void) ndr_svc_register(&netr_service);
84*ce8560eeSMatt Barden
85*ce8560eeSMatt Barden flags = smb_get_netlogon_flags();
86*ce8560eeSMatt Barden netlogon_init_global(flags);
87da6c28aaSamw }
88da6c28aaSamw
89da6c28aaSamw /*
90da6c28aaSamw * netr_s_ServerReqChallenge
91da6c28aaSamw */
92da6c28aaSamw /*ARGSUSED*/
93da6c28aaSamw static int
netr_s_ServerReqChallenge(void * arg,ndr_xa_t * mxa)948d7e4166Sjose borrego netr_s_ServerReqChallenge(void *arg, ndr_xa_t *mxa)
95da6c28aaSamw {
96da6c28aaSamw struct netr_ServerReqChallenge *param = arg;
97da6c28aaSamw
98da6c28aaSamw bzero(param, sizeof (struct netr_ServerReqChallenge));
99da6c28aaSamw param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1008d7e4166Sjose borrego return (NDR_DRC_OK);
101da6c28aaSamw }
102da6c28aaSamw
103da6c28aaSamw /*
104da6c28aaSamw * netr_s_ServerAuthenticate2
105da6c28aaSamw */
106da6c28aaSamw /*ARGSUSED*/
107da6c28aaSamw static int
netr_s_ServerAuthenticate2(void * arg,ndr_xa_t * mxa)1088d7e4166Sjose borrego netr_s_ServerAuthenticate2(void *arg, ndr_xa_t *mxa)
109da6c28aaSamw {
110da6c28aaSamw struct netr_ServerAuthenticate2 *param = arg;
111da6c28aaSamw
112da6c28aaSamw bzero(param, sizeof (struct netr_ServerAuthenticate2));
113da6c28aaSamw param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1148d7e4166Sjose borrego return (NDR_DRC_OK);
115da6c28aaSamw }
116da6c28aaSamw
117da6c28aaSamw /*
118da6c28aaSamw * netr_s_ServerPasswordSet
119da6c28aaSamw */
120da6c28aaSamw /*ARGSUSED*/
121da6c28aaSamw static int
netr_s_ServerPasswordSet(void * arg,ndr_xa_t * mxa)1228d7e4166Sjose borrego netr_s_ServerPasswordSet(void *arg, ndr_xa_t *mxa)
123da6c28aaSamw {
124da6c28aaSamw struct netr_PasswordSet *param = arg;
125da6c28aaSamw
126da6c28aaSamw bzero(param, sizeof (struct netr_PasswordSet));
127da6c28aaSamw param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1288d7e4166Sjose borrego return (NDR_DRC_OK);
129da6c28aaSamw }
130da6c28aaSamw
131da6c28aaSamw /*
132da6c28aaSamw * netr_s_SamLogon
133da6c28aaSamw */
134da6c28aaSamw /*ARGSUSED*/
135da6c28aaSamw static int
netr_s_SamLogon(void * arg,ndr_xa_t * mxa)1368d7e4166Sjose borrego netr_s_SamLogon(void *arg, ndr_xa_t *mxa)
137da6c28aaSamw {
138da6c28aaSamw struct netr_SamLogon *param = arg;
139da6c28aaSamw
140da6c28aaSamw bzero(param, sizeof (struct netr_SamLogon));
141da6c28aaSamw param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1428d7e4166Sjose borrego return (NDR_DRC_OK);
143da6c28aaSamw }
144da6c28aaSamw
145da6c28aaSamw /*
146da6c28aaSamw * netr_s_SamLogoff
147da6c28aaSamw */
148da6c28aaSamw /*ARGSUSED*/
149da6c28aaSamw static int
netr_s_SamLogoff(void * arg,ndr_xa_t * mxa)1508d7e4166Sjose borrego netr_s_SamLogoff(void *arg, ndr_xa_t *mxa)
151da6c28aaSamw {
152da6c28aaSamw struct netr_SamLogoff *param = arg;
153da6c28aaSamw
154da6c28aaSamw bzero(param, sizeof (struct netr_SamLogoff));
155da6c28aaSamw param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
1568d7e4166Sjose borrego return (NDR_DRC_OK);
157da6c28aaSamw }
158da6c28aaSamw
159da6c28aaSamw /*
160da6c28aaSamw * Declare extern references.
161da6c28aaSamw */
162da6c28aaSamw DECL_FIXUP_STRUCT(netr_validation_u);
163da6c28aaSamw DECL_FIXUP_STRUCT(netr_validation_info);
164da6c28aaSamw DECL_FIXUP_STRUCT(netr_SamLogon);
165*ce8560eeSMatt Barden DECL_FIXUP_STRUCT(netr_SamLogonEx);
166da6c28aaSamw
167da6c28aaSamw /*
168*ce8560eeSMatt Barden * Patch the netr_validation_info union.
169da6c28aaSamw */
170*ce8560eeSMatt Barden static unsigned short
fixup_netr_validation_info(WORD level)171*ce8560eeSMatt Barden fixup_netr_validation_info(WORD level)
172da6c28aaSamw {
173da6c28aaSamw unsigned short size1 = 0;
174da6c28aaSamw unsigned short size2 = 0;
175da6c28aaSamw
176da6c28aaSamw switch (level) {
177da6c28aaSamw case 3:
178da6c28aaSamw /*
179da6c28aaSamw * The netr_validation_u union contains a pointer, which
180da6c28aaSamw * is a DWORD in NDR. So we need to set size1 to ensure
181da6c28aaSamw * that we can correctly decode the remaining parameters.
182da6c28aaSamw */
183da6c28aaSamw size1 = sizeof (DWORD);
184da6c28aaSamw break;
185da6c28aaSamw
186da6c28aaSamw default:
187da6c28aaSamw /*
188da6c28aaSamw * If the request is badly formed or the level is invalid,
189da6c28aaSamw * the server returns NT_STATUS_INVALID_INFO_CLASS. Size1
190da6c28aaSamw * must be zero to correctly decode the status.
191da6c28aaSamw */
192da6c28aaSamw size1 = 0;
193da6c28aaSamw break;
194da6c28aaSamw };
195da6c28aaSamw
196da6c28aaSamw size2 = size1 + (2 * sizeof (DWORD));
197da6c28aaSamw
198da6c28aaSamw FIXUP_PDU_SIZE(netr_validation_u, size1);
199da6c28aaSamw FIXUP_PDU_SIZE(netr_validation_info, size2);
200*ce8560eeSMatt Barden
201*ce8560eeSMatt Barden return (size2);
202*ce8560eeSMatt Barden }
203*ce8560eeSMatt Barden
204*ce8560eeSMatt Barden
205*ce8560eeSMatt Barden /*
206*ce8560eeSMatt Barden * Patch the netr_SamLogon union.
207*ce8560eeSMatt Barden * This function is called from mlsvc_netr_ndr.c
208*ce8560eeSMatt Barden */
209*ce8560eeSMatt Barden void
fixup_netr_SamLogon(struct netr_SamLogon * arg)210*ce8560eeSMatt Barden fixup_netr_SamLogon(struct netr_SamLogon *arg)
211*ce8560eeSMatt Barden {
212*ce8560eeSMatt Barden unsigned short size2 = 0;
213*ce8560eeSMatt Barden unsigned short size3 = 0;
214*ce8560eeSMatt Barden
215*ce8560eeSMatt Barden size2 = fixup_netr_validation_info(arg->validation_level);
216*ce8560eeSMatt Barden /* netr_valid ENC-UNION + hdr + ret_auth PTR + authoritative + status */
217*ce8560eeSMatt Barden size3 = size2 + sizeof (ndr_request_hdr_t) + 3 * sizeof (DWORD);
218da6c28aaSamw FIXUP_PDU_SIZE(netr_SamLogon, size3);
219da6c28aaSamw }
220*ce8560eeSMatt Barden
221*ce8560eeSMatt Barden /*
222*ce8560eeSMatt Barden * Patch the netr_SamLogonEx union.
223*ce8560eeSMatt Barden * This function is called from mlsvc_netr_ndr.c
224*ce8560eeSMatt Barden */
225*ce8560eeSMatt Barden void
fixup_netr_SamLogonEx(struct netr_SamLogonEx * arg)226*ce8560eeSMatt Barden fixup_netr_SamLogonEx(struct netr_SamLogonEx *arg)
227*ce8560eeSMatt Barden {
228*ce8560eeSMatt Barden unsigned short size2 = 0;
229*ce8560eeSMatt Barden unsigned short size3 = 0;
230*ce8560eeSMatt Barden
231*ce8560eeSMatt Barden size2 = fixup_netr_validation_info(arg->validation_level);
232*ce8560eeSMatt Barden /* netr_valid ENC-UNION + hdr + authoritative + flags + status */
233*ce8560eeSMatt Barden size3 = size2 + sizeof (ndr_request_hdr_t) + 3 * sizeof (DWORD);
234*ce8560eeSMatt Barden
235*ce8560eeSMatt Barden FIXUP_PDU_SIZE(netr_SamLogonEx, size3);
236*ce8560eeSMatt Barden }
237