2 Unix SMB/CIFS implementation.
4 Copyright (C) Stefan Metzmacher 2004
5 Copyright (C) Rafal Szczesniak 2005
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "libnet/libnet.h"
24 #include "libcli/libcli.h"
25 #include "libcli/composite/composite.h"
26 #include "librpc/gen_ndr/ndr_lsa_c.h"
29 struct rpc_connect_srv_state {
30 struct libnet_RpcConnect r;
35 static void continue_pipe_connect(struct composite_context *ctx);
39 * Initiates connection to rpc pipe on remote server
41 * @param ctx initialised libnet context
42 * @param mem_ctx memory context of this call
43 * @param r data structure containing necessary parameters and return values
44 * @return composite context of this call
47 static struct composite_context* libnet_RpcConnectSrv_send(struct libnet_context *ctx,
49 struct libnet_RpcConnect *r)
51 struct composite_context *c;
52 struct rpc_connect_srv_state *s;
53 struct composite_context *pipe_connect_req;
55 /* composite context allocation and setup */
56 c = talloc_zero(mem_ctx, struct composite_context);
57 if (c == NULL) return NULL;
59 s = talloc_zero(c, struct rpc_connect_srv_state);
60 if (composite_nomem(s, c)) return c;
62 c->state = COMPOSITE_STATE_IN_PROGRESS;
64 c->event_ctx = ctx->event_ctx;
68 /* prepare binding string */
70 case LIBNET_RPC_CONNECT_DC:
71 case LIBNET_RPC_CONNECT_PDC:
72 case LIBNET_RPC_CONNECT_SERVER:
73 case LIBNET_RPC_CONNECT_DC_INFO:
74 s->binding = talloc_asprintf(s, "ncacn_np:%s", r->in.name);
77 case LIBNET_RPC_CONNECT_BINDING:
78 s->binding = talloc_strdup(s, r->in.binding);
82 /* connect to remote dcerpc pipe */
83 pipe_connect_req = dcerpc_pipe_connect_send(c, &s->r.out.dcerpc_pipe,
84 s->binding, r->in.dcerpc_iface,
85 ctx->cred, c->event_ctx);
86 if (composite_nomem(pipe_connect_req, c)) return c;
88 composite_continue(c, pipe_connect_req, continue_pipe_connect, c);
94 Step 2 of RpcConnectSrv - get rpc connection
96 static void continue_pipe_connect(struct composite_context *ctx)
98 struct composite_context *c;
99 struct rpc_connect_srv_state *s;
101 c = talloc_get_type(ctx->async.private_data, struct composite_context);
102 s = talloc_get_type(c->private_data, struct rpc_connect_srv_state);
104 /* receive result of rpc pipe connection */
105 c->status = dcerpc_pipe_connect_recv(ctx, c, &s->r.out.dcerpc_pipe);
106 if (!composite_is_ok(c)) return;
108 s->r.out.error_string = NULL;
114 * Receives result of connection to rpc pipe on remote server
116 * @param c composite context
117 * @param ctx initialised libnet context
118 * @param mem_ctx memory context of this call
119 * @param r data structure containing necessary parameters and return values
120 * @return nt status of rpc connection
123 static NTSTATUS libnet_RpcConnectSrv_recv(struct composite_context *c,
124 struct libnet_context *ctx,
126 struct libnet_RpcConnect *r)
128 struct rpc_connect_srv_state *s;
129 NTSTATUS status = composite_wait(c);
131 if (NT_STATUS_IS_OK(status) && ctx && mem_ctx && r) {
132 /* move the returned rpc pipe between memory contexts */
133 s = talloc_get_type(c->private_data, struct rpc_connect_srv_state);
134 r->out.dcerpc_pipe = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
135 ctx->pipe = r->out.dcerpc_pipe;
143 struct rpc_connect_dc_state {
144 struct libnet_context *ctx;
145 struct libnet_RpcConnect r;
146 struct libnet_RpcConnect r2;
147 struct libnet_LookupDCs f;
148 const char *connect_name;
152 static void continue_lookup_dc(struct composite_context *ctx);
153 static void continue_rpc_connect(struct composite_context *ctx);
157 * Initiates connection to rpc pipe on domain pdc
159 * @param ctx initialised libnet context
160 * @param mem_ctx memory context of this call
161 * @param r data structure containing necessary parameters and return values
162 * @return composite context of this call
165 static struct composite_context* libnet_RpcConnectDC_send(struct libnet_context *ctx,
167 struct libnet_RpcConnect *r)
169 struct composite_context *c;
170 struct rpc_connect_dc_state *s;
171 struct composite_context *lookup_dc_req;
173 /* composite context allocation and setup */
174 c = talloc_zero(mem_ctx, struct composite_context);
175 if (c == NULL) return NULL;
177 s = talloc_zero(c, struct rpc_connect_dc_state);
178 if (composite_nomem(s, c)) return c;
180 c->state = COMPOSITE_STATE_IN_PROGRESS;
182 c->event_ctx = ctx->event_ctx;
188 case LIBNET_RPC_CONNECT_PDC:
189 s->f.in.name_type = NBT_NAME_PDC;
192 case LIBNET_RPC_CONNECT_DC:
193 s->f.in.name_type = NBT_NAME_LOGON;
199 s->f.in.domain_name = r->in.name;
200 s->f.out.num_dcs = 0;
203 /* find the domain pdc first */
204 lookup_dc_req = libnet_LookupDCs_send(ctx, c, &s->f);
205 if (composite_nomem(lookup_dc_req, c)) return c;
207 composite_continue(c, lookup_dc_req, continue_lookup_dc, c);
213 Step 2 of RpcConnectDC: get domain controller name/address and
214 initiate RpcConnect to it
216 static void continue_lookup_dc(struct composite_context *ctx)
218 struct composite_context *c;
219 struct rpc_connect_dc_state *s;
220 struct composite_context *rpc_connect_req;
222 c = talloc_get_type(ctx->async.private_data, struct composite_context);
223 s = talloc_get_type(c->private_data, struct rpc_connect_dc_state);
225 /* receive result of domain controller lookup */
226 c->status = libnet_LookupDCs_recv(ctx, c, &s->f);
227 if (!composite_is_ok(c)) return;
229 /* we might not have got back a name. Fall back to the IP */
230 if (s->f.out.dcs[0].name) {
231 s->connect_name = s->f.out.dcs[0].name;
233 s->connect_name = s->f.out.dcs[0].address;
236 /* ok, pdc has been found so do attempt to rpc connect */
237 s->r2.level = LIBNET_RPC_CONNECT_SERVER;
239 /* this will cause yet another name resolution, but at least
240 * we pass the right name down the stack now */
241 s->r2.in.name = talloc_strdup(c, s->connect_name);
242 s->r2.in.dcerpc_iface = s->r.in.dcerpc_iface;
244 /* send rpc connect request to the server */
245 rpc_connect_req = libnet_RpcConnect_send(s->ctx, c, &s->r2);
246 if (composite_nomem(rpc_connect_req, c)) return;
248 composite_continue(c, rpc_connect_req, continue_rpc_connect, c);
253 Step 3 of RpcConnectDC: get rpc connection to the server
255 static void continue_rpc_connect(struct composite_context *ctx)
257 struct composite_context *c;
258 struct rpc_connect_dc_state *s;
260 c = talloc_get_type(ctx->async.private_data, struct composite_context);
261 s = talloc_get_type(c->private_data, struct rpc_connect_dc_state);
263 c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->r2);
265 /* error string is to be passed anyway */
266 s->r.out.error_string = s->r2.out.error_string;
267 if (!composite_is_ok(c)) return;
269 s->r.out.dcerpc_pipe = s->r2.out.dcerpc_pipe;
276 * Receives result of connection to rpc pipe on domain pdc
278 * @param c composite context
279 * @param ctx initialised libnet context
280 * @param mem_ctx memory context of this call
281 * @param r data structure containing necessary parameters and return values
282 * @return nt status of rpc connection
285 static NTSTATUS libnet_RpcConnectDC_recv(struct composite_context *c,
286 struct libnet_context *ctx,
288 struct libnet_RpcConnect *r)
291 struct rpc_connect_dc_state *s;
293 status = composite_wait(c);
295 if (NT_STATUS_IS_OK(status) && ctx && mem_ctx && r) {
296 /* move connected rpc pipe between memory contexts */
297 s = talloc_get_type(c->private_data, struct rpc_connect_dc_state);
298 r->out.dcerpc_pipe = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
299 ctx->pipe = r->out.dcerpc_pipe;
308 struct rpc_connect_dci_state {
309 struct libnet_context *ctx;
310 struct libnet_RpcConnect r;
311 struct libnet_RpcConnect rpc_conn;
312 struct policy_handle lsa_handle;
313 struct lsa_QosInfo qos;
314 struct lsa_ObjectAttribute attr;
315 struct lsa_OpenPolicy2 lsa_open_policy;
316 struct dcerpc_pipe *lsa_pipe;
317 struct lsa_QueryInfoPolicy2 lsa_query_info2;
318 struct lsa_QueryInfoPolicy lsa_query_info;
319 struct dcerpc_binding *final_binding;
320 struct dcerpc_pipe *final_pipe;
324 static void continue_dci_rpc_connect(struct composite_context *ctx);
325 static void continue_lsa_policy(struct rpc_request *req);
326 static void continue_lsa_query_info(struct rpc_request *req);
327 static void continue_lsa_query_info2(struct rpc_request *req);
328 static void continue_epm_map_binding(struct composite_context *ctx);
329 static void continue_secondary_conn(struct composite_context *ctx);
333 * Initiates connection to rpc pipe on remote server or pdc. Received result
334 * contains info on the domain name, domain sid and realm.
336 * @param ctx initialised libnet context
337 * @param mem_ctx memory context of this call
338 * @param r data structure containing necessary parameters and return values. Must be a talloc context
339 * @return composite context of this call
342 static struct composite_context* libnet_RpcConnectDCInfo_send(struct libnet_context *ctx,
344 struct libnet_RpcConnect *r)
346 struct composite_context *c, *conn_req;
347 struct rpc_connect_dci_state *s;
349 c = talloc_zero(mem_ctx, struct composite_context);
350 if (c == NULL) return NULL;
352 s = talloc_zero(c, struct rpc_connect_dci_state);
353 if (composite_nomem(s, c)) return c;
355 c->state = COMPOSITE_STATE_IN_PROGRESS;
357 c->event_ctx = ctx->event_ctx;
362 /* proceed to pure rpc connection if the binding string is provided,
363 otherwise try to connect domain controller */
364 if (r->in.binding == NULL) {
365 s->rpc_conn.in.name = r->in.name;
366 s->rpc_conn.level = LIBNET_RPC_CONNECT_DC;
368 s->rpc_conn.in.binding = r->in.binding;
369 s->rpc_conn.level = LIBNET_RPC_CONNECT_BINDING;
372 s->rpc_conn.in.dcerpc_iface = &dcerpc_table_lsarpc;
374 /* request connection to the lsa pipe on the pdc */
375 conn_req = libnet_RpcConnect_send(ctx, c, &s->rpc_conn);
376 if (composite_nomem(c, conn_req)) return c;
378 composite_continue(c, conn_req, continue_dci_rpc_connect, c);
385 Step 2 of RpcConnectDCInfo: receive opened rpc pipe and open
388 static void continue_dci_rpc_connect(struct composite_context *ctx)
390 struct composite_context *c;
391 struct rpc_connect_dci_state *s;
392 struct rpc_request *open_pol_req;
394 c = talloc_get_type(ctx->async.private_data, struct composite_context);
395 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
397 c->status = libnet_RpcConnect_recv(ctx, s->ctx, c, &s->rpc_conn);
398 if (!NT_STATUS_IS_OK(c->status)) {
399 composite_error(c, c->status);
403 s->lsa_pipe = s->ctx->pipe;
406 s->qos.impersonation_level = 2;
407 s->qos.context_mode = 1;
408 s->qos.effective_only = 0;
410 s->attr.sec_qos = &s->qos;
412 s->lsa_open_policy.in.attr = &s->attr;
413 s->lsa_open_policy.in.system_name = talloc_asprintf(c, "\\");
414 if (composite_nomem(s->lsa_open_policy.in.system_name, c)) return;
416 s->lsa_open_policy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
417 s->lsa_open_policy.out.handle = &s->lsa_handle;
419 open_pol_req = dcerpc_lsa_OpenPolicy2_send(s->lsa_pipe, c, &s->lsa_open_policy);
420 if (composite_nomem(open_pol_req, c)) return;
422 composite_continue_rpc(c, open_pol_req, continue_lsa_policy, c);
427 Step 3 of RpcConnectDCInfo: Get policy handle and query lsa info
428 for kerberos realm (dns name) and guid. The query may fail.
430 static void continue_lsa_policy(struct rpc_request *req)
432 struct composite_context *c;
433 struct rpc_connect_dci_state *s;
434 struct rpc_request *query_info_req;
436 c = talloc_get_type(req->async.private, struct composite_context);
437 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
439 c->status = dcerpc_ndr_request_recv(req);
440 if (!NT_STATUS_IS_OK(c->status)) {
441 composite_error(c, c->status);
445 s->lsa_query_info2.in.handle = &s->lsa_handle;
446 s->lsa_query_info2.in.level = LSA_POLICY_INFO_DNS;
448 query_info_req = dcerpc_lsa_QueryInfoPolicy2_send(s->lsa_pipe, c, &s->lsa_query_info2);
449 if (composite_nomem(query_info_req, c)) return;
451 composite_continue_rpc(c, query_info_req, continue_lsa_query_info2, c);
456 Step 4 of RpcConnectDCInfo: Get realm and guid if provided (rpc call
457 may result in failure) and query lsa info for domain name and sid.
459 static void continue_lsa_query_info2(struct rpc_request *req)
461 struct composite_context *c;
462 struct rpc_connect_dci_state *s;
463 struct rpc_request *query_info_req;
465 c = talloc_get_type(req->async.private, struct composite_context);
466 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
468 c->status = dcerpc_ndr_request_recv(req);
469 if (NT_STATUS_EQUAL(c->status, NT_STATUS_NET_WRITE_FAULT)) {
470 s->r.out.realm = NULL;
471 s->r.out.guid = NULL;
474 if (!NT_STATUS_IS_OK(c->status)) {
475 s->r.out.error_string = talloc_asprintf(c,
476 "lsa_QueryInfoPolicy2 failed: %s",
477 nt_errstr(c->status));
478 composite_error(c, c->status);
482 /* this should actually be a conversion from lsa_StringLarge */
483 s->r.out.realm = s->lsa_query_info2.out.info->dns.dns_domain.string;
484 s->r.out.guid = talloc(c, struct GUID);
485 if (composite_nomem(s->r.out.guid, c)) {
486 s->r.out.error_string = NULL;
489 *s->r.out.guid = s->lsa_query_info2.out.info->dns.domain_guid;
492 s->lsa_query_info.in.handle = &s->lsa_handle;
493 s->lsa_query_info.in.level = LSA_POLICY_INFO_DOMAIN;
495 query_info_req = dcerpc_lsa_QueryInfoPolicy_send(s->lsa_pipe, c, &s->lsa_query_info);
496 if (composite_nomem(query_info_req, c)) return;
498 composite_continue_rpc(c, query_info_req, continue_lsa_query_info, c);
503 Step 5 of RpcConnectDCInfo: Get domain name and sid and request endpoint
506 static void continue_lsa_query_info(struct rpc_request *req)
508 struct composite_context *c, *epm_map_req;
509 struct rpc_connect_dci_state *s;
511 c = talloc_get_type(req->async.private, struct composite_context);
512 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
514 c->status = dcerpc_ndr_request_recv(req);
515 if (!NT_STATUS_IS_OK(c->status)) {
516 s->r.out.error_string = talloc_asprintf(c,
517 "lsa_QueryInfoPolicy failed: %s",
518 nt_errstr(c->status));
519 composite_error(c, c->status);
523 s->r.out.domain_sid = s->lsa_query_info.out.info->domain.sid;
524 s->r.out.domain_name = s->lsa_query_info.out.info->domain.name.string;
526 s->final_binding = talloc(s, struct dcerpc_binding);
527 if (composite_nomem(s->final_binding, c)) return;
529 *s->final_binding = *s->lsa_pipe->binding;
530 /* Ensure we keep hold of the member elements */
531 talloc_reference(s->final_binding, s->lsa_pipe->binding);
533 epm_map_req = dcerpc_epm_map_binding_send(c, s->final_binding, s->r.in.dcerpc_iface,
534 s->lsa_pipe->conn->event_ctx);
535 if (composite_nomem(epm_map_req, c)) return;
537 composite_continue(c, epm_map_req, continue_epm_map_binding, c);
542 Step 6 of RpcConnectDCInfo: Receive endpoint mapping and create secondary
543 lsa pipe connection derived from already used pipe
545 static void continue_epm_map_binding(struct composite_context *ctx)
547 struct composite_context *c, *sec_conn_req;
548 struct rpc_connect_dci_state *s;
550 c = talloc_get_type(ctx->async.private_data, struct composite_context);
551 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
553 c->status = dcerpc_epm_map_binding_recv(ctx);
554 if (!NT_STATUS_IS_OK(c->status)) {
555 s->r.out.error_string = talloc_asprintf(c,
556 "failed to map pipe with endpoint mapper - %s",
557 nt_errstr(c->status));
558 composite_error(c, c->status);
562 sec_conn_req = dcerpc_secondary_connection_send(s->lsa_pipe, s->final_binding);
563 if (composite_nomem(sec_conn_req, c)) return;
565 composite_continue(c, sec_conn_req, continue_secondary_conn, c);
570 Step 7 of RpcConnectDCInfo: Get actual lsa pipe to be returned
571 and complete this composite call
573 static void continue_secondary_conn(struct composite_context *ctx)
575 struct composite_context *c;
576 struct rpc_connect_dci_state *s;
578 c = talloc_get_type(ctx->async.private_data, struct composite_context);
579 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
581 c->status = dcerpc_secondary_connection_recv(ctx, &s->final_pipe);
582 if (!NT_STATUS_IS_OK(c->status)) {
583 s->r.out.error_string = talloc_asprintf(c,
584 "secondary connection failed: %s",
585 nt_errstr(c->status));
587 composite_error(c, c->status);
591 s->r.out.dcerpc_pipe = s->final_pipe;
597 * Receives result of connection to rpc pipe and gets basic
598 * domain info (name, sid, realm, guid)
600 * @param c composite context
601 * @param ctx initialised libnet context
602 * @param mem_ctx memory context of this call
603 * @param r data structure containing return values
604 * @return nt status of rpc connection
607 static NTSTATUS libnet_RpcConnectDCInfo_recv(struct composite_context *c, struct libnet_context *ctx,
608 TALLOC_CTX *mem_ctx, struct libnet_RpcConnect *r)
611 struct rpc_connect_dci_state *s;
613 status = composite_wait(c);
614 if (NT_STATUS_IS_OK(status)) {
615 s = talloc_get_type(c->private_data, struct rpc_connect_dci_state);
617 r->out.realm = talloc_steal(mem_ctx, s->r.out.realm);
618 r->out.guid = talloc_steal(mem_ctx, s->r.out.guid);
619 r->out.domain_name = talloc_steal(mem_ctx, s->r.out.domain_name);
620 r->out.domain_sid = talloc_steal(mem_ctx, s->r.out.domain_sid);
621 r->out.dcerpc_pipe = talloc_steal(mem_ctx, s->r.out.dcerpc_pipe);
623 r->out.error_string = NULL;
632 * Initiates connection to rpc pipe on remote server or pdc, optionally
633 * providing domain info
635 * @param ctx initialised libnet context
636 * @param mem_ctx memory context of this call
637 * @param r data structure containing necessary parameters and return values
638 * @return composite context of this call
641 struct composite_context* libnet_RpcConnect_send(struct libnet_context *ctx,
643 struct libnet_RpcConnect *r)
645 struct composite_context *c;
648 case LIBNET_RPC_CONNECT_SERVER:
649 c = libnet_RpcConnectSrv_send(ctx, mem_ctx, r);
652 case LIBNET_RPC_CONNECT_BINDING:
653 c = libnet_RpcConnectSrv_send(ctx, mem_ctx, r);
656 case LIBNET_RPC_CONNECT_PDC:
657 case LIBNET_RPC_CONNECT_DC:
658 c = libnet_RpcConnectDC_send(ctx, mem_ctx, r);
661 case LIBNET_RPC_CONNECT_DC_INFO:
662 c = libnet_RpcConnectDCInfo_send(ctx, mem_ctx, r);
666 c = talloc_zero(mem_ctx, struct composite_context);
667 composite_error(c, NT_STATUS_INVALID_LEVEL);
675 * Receives result of connection to rpc pipe on remote server or pdc
677 * @param c composite context
678 * @param ctx initialised libnet context
679 * @param mem_ctx memory context of this call
680 * @param r data structure containing necessary parameters and return values
681 * @return nt status of rpc connection
684 NTSTATUS libnet_RpcConnect_recv(struct composite_context *c, struct libnet_context *ctx,
685 TALLOC_CTX *mem_ctx, struct libnet_RpcConnect *r)
688 case LIBNET_RPC_CONNECT_SERVER:
689 case LIBNET_RPC_CONNECT_BINDING:
690 return libnet_RpcConnectSrv_recv(c, ctx, mem_ctx, r);
692 case LIBNET_RPC_CONNECT_PDC:
693 case LIBNET_RPC_CONNECT_DC:
694 return libnet_RpcConnectDC_recv(c, ctx, mem_ctx, r);
696 case LIBNET_RPC_CONNECT_DC_INFO:
697 return libnet_RpcConnectDCInfo_recv(c, ctx, mem_ctx, r);
700 return NT_STATUS_INVALID_LEVEL;
706 * Connect to a rpc pipe on a remote server - sync version
708 * @param ctx initialised libnet context
709 * @param mem_ctx memory context of this call
710 * @param r data structure containing necessary parameters and return values
711 * @return nt status of rpc connection
714 NTSTATUS libnet_RpcConnect(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
715 struct libnet_RpcConnect *r)
717 struct composite_context *c;
719 c = libnet_RpcConnect_send(ctx, mem_ctx, r);
720 return libnet_RpcConnect_recv(c, ctx, mem_ctx, r);