s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()

author Stefan Metzmacher <metze@samba.org>

Wed, 7 Aug 2013 09:27:25 +0000 (11:27 +0200)

committer Stefan Metzmacher <metze@samba.org>

Tue, 7 Jan 2014 11:47:07 +0000 (12:47 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 7 Aug 2013 09:27:25 +0000 (11:27 +0200)
committer Stefan Metzmacher <metze@samba.org>
Tue, 7 Jan 2014 11:47:07 +0000 (12:47 +0100)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c

index fcd24d6f4cc92f4bd06ae1f92cb7ed91600c1e2a..89aec37d67d3f586ca072e9a6b027e9e10f3d79e 100644 (file)
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -21,15 +21,19 @@
  */
  
  #include "includes.h"
+#include "libsmb/libsmb.h"
  #include "rpc_client/rpc_client.h"
+#include "rpc_client/cli_pipe.h"
  #include "../libcli/auth/libcli_auth.h"
  #include "../libcli/auth/netlogon_creds_cli.h"
  #include "../librpc/gen_ndr/ndr_netlogon_c.h"
+#include "../librpc/gen_ndr/schannel.h"
  #include "rpc_client/cli_netlogon.h"
  #include "rpc_client/init_netlogon.h"
  #include "rpc_client/util_netlogon.h"
  #include "../libcli/security/security.h"
  #include "lib/param/param.h"
+#include "libcli/smb/smbXcli_base.h"
  
  /****************************************************************************
   Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
@@ -124,6 +128,107 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
         return NT_STATUS_OK;
  }
  
+NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
+                                     const char *server_netbios_domain,
+                                     const char *client_account,
+                                     enum netr_SchannelType sec_chan_type,
+                                     struct messaging_context *msg_ctx,
+                                     TALLOC_CTX *mem_ctx,
+                                     struct netlogon_creds_cli_context **netlogon_creds)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct loadparm_context *lp_ctx;
+       NTSTATUS status;
+
+       lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
+       if (lp_ctx == NULL) {
+               TALLOC_FREE(frame);
+               return NT_STATUS_NO_MEMORY;
+       }
+       status = netlogon_creds_cli_context_global(lp_ctx,
+                                                  msg_ctx,
+                                                  client_account,
+                                                  sec_chan_type,
+                                                  server_computer,
+                                                  server_netbios_domain,
+                                                  mem_ctx, netlogon_creds);
+       TALLOC_FREE(frame);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
+       return NT_STATUS_OK;
+}
+
+NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
+                                    struct netlogon_creds_cli_context *netlogon_creds,
+                                    bool force_reauth,
+                                    struct samr_Password current_nt_hash,
+                                    const struct samr_Password *previous_nt_hash)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct rpc_pipe_client *netlogon_pipe = NULL;
+       struct netlogon_creds_CredentialState *creds = NULL;
+       NTSTATUS status;
+
+       status = netlogon_creds_cli_get(netlogon_creds,
+                                       frame, &creds);
+       if (NT_STATUS_IS_OK(status)) {
+               const char *action = "using";
+
+               if (force_reauth) {
+                       action = "overwrite";
+               }
+
+               DEBUG(5,("%s: %s cached netlogon_creds cli[%s/%s] to %s\n",
+                        __FUNCTION__, action,
+                        creds->account_name, creds->computer_name,
+                        smbXcli_conn_remote_name(cli->conn)));
+               if (!force_reauth) {
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_OK;
+               }
+               TALLOC_FREE(creds);
+       }
+
+       status = cli_rpc_pipe_open_noauth(cli,
+                                         &ndr_table_netlogon,
+                                         &netlogon_pipe);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(5,("%s: failed to open noauth netlogon connection to %s - %s\n",
+                        __FUNCTION__,
+                        smbXcli_conn_remote_name(cli->conn),
+                        nt_errstr(status)));
+               TALLOC_FREE(frame);
+               return status;
+       }
+       talloc_steal(frame, netlogon_pipe);
+
+       status = netlogon_creds_cli_auth(netlogon_creds,
+                                        netlogon_pipe->binding_handle,
+                                        current_nt_hash,
+                                        previous_nt_hash);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
+               return status;
+       }
+
+       status = netlogon_creds_cli_get(netlogon_creds,
+                                       frame, &creds);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(frame);
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
+       DEBUG(5,("%s: using new netlogon_creds cli[%s/%s] to %s\n",
+                __FUNCTION__,
+                creds->account_name, creds->computer_name,
+                smbXcli_conn_remote_name(cli->conn)));
+
+       TALLOC_FREE(frame);
+       return NT_STATUS_OK;
+}
+
  /* Logon domain user */
  
  NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h

index ad59d5b2039539aa389a73f8b001222ecfcb5b8a..82e0923039863afd535d3292882820a5a7f447ad 100644 (file)
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -23,6 +23,10 @@
  #ifndef _RPC_CLIENT_CLI_NETLOGON_H_
  #define _RPC_CLIENT_CLI_NETLOGON_H_
  
+struct cli_state;
+struct messaging_context;
+struct netlogon_creds_cli_context;
+
  /* The following definitions come from rpc_client/cli_netlogon.c  */
  
  NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
@@ -33,6 +37,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
                                      const unsigned char machine_pwd[16],
                                      enum netr_SchannelType sec_chan_type,
                                      uint32_t *neg_flags_inout);
+NTSTATUS rpccli_create_netlogon_creds(const char *server_computer,
+                                     const char *server_netbios_domain,
+                                     const char *client_account,
+                                     enum netr_SchannelType sec_chan_type,
+                                     struct messaging_context *msg_ctx,
+                                     TALLOC_CTX *mem_ctx,
+                                     struct netlogon_creds_cli_context **netlogon_creds);
+NTSTATUS rpccli_setup_netlogon_creds(struct cli_state *cli,
+                                    struct netlogon_creds_cli_context *netlogon_creds,
+                                    bool force_reauth,
+                                    struct samr_Password current_nt_hash,
+                                    const struct samr_Password *previous_nt_hash);
  NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
                                    TALLOC_CTX *mem_ctx,
                                    uint32 logon_parameters,
author	Stefan Metzmacher <metze@samba.org>
	Wed, 7 Aug 2013 09:27:25 +0000 (11:27 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 7 Jan 2014 11:47:07 +0000 (12:47 +0100)
source3/rpc_client/cli_netlogon.c		patch \| blob \| history
source3/rpc_client/cli_netlogon.h		patch \| blob \| history