libmlsvc/common/mlsvc_netr.c

da6c28aaSamw/*
da6c28aaSamw * CDDL HEADER START
da6c28aaSamw *
da6c28aaSamw * The contents of this file are subject to the terms of the
da6c28aaSamw * Common Development and Distribution License (the "License").
da6c28aaSamw * You may not use this file except in compliance with the License.
da6c28aaSamw *
da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da6c28aaSamw * or http://www.opensolaris.org/os/licensing.
da6c28aaSamw * See the License for the specific language governing permissions
da6c28aaSamw * and limitations under the License.
da6c28aaSamw *
da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each
da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the
da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying
da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner]
da6c28aaSamw *
da6c28aaSamw * CDDL HEADER END
da6c28aaSamw */
148c5f43SAlan Wright
da6c28aaSamw/*
148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*ce8560eeSMatt Barden * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * NetLogon RPC (NETR) interface definition. This module provides
da6c28aaSamw * the server side NETR RPC interface and the interface registration
da6c28aaSamw * function.
da6c28aaSamw */
da6c28aaSamw
da6c28aaSamw#include <strings.h>
da6c28aaSamw
da6c28aaSamw#include <smbsrv/libsmb.h>
8d7e4166Sjose borrego#include <smbsrv/libmlsvc.h>
da6c28aaSamw#include <smbsrv/ndl/netlogon.ndl>
da6c28aaSamw#include <smbsrv/nmpipes.h>
da6c28aaSamw#include <smbsrv/netrauth.h>
da6c28aaSamw
8d7e4166Sjose borregostatic int netr_s_ServerReqChallenge(void *, ndr_xa_t *);
8d7e4166Sjose borregostatic int netr_s_ServerAuthenticate2(void *, ndr_xa_t *);
8d7e4166Sjose borregostatic int netr_s_ServerPasswordSet(void *, ndr_xa_t *);
8d7e4166Sjose borregostatic int netr_s_SamLogon(void *, ndr_xa_t *);
8d7e4166Sjose borregostatic int netr_s_SamLogoff(void *, ndr_xa_t *);
da6c28aaSamw
8d7e4166Sjose borregostatic ndr_stub_table_t netr_stub_table[] = {
da6c28aaSamw	{ netr_s_ServerReqChallenge,	NETR_OPNUM_ServerReqChallenge },
da6c28aaSamw	{ netr_s_ServerAuthenticate2,	NETR_OPNUM_ServerAuthenticate2 },
da6c28aaSamw	{ netr_s_ServerPasswordSet,	NETR_OPNUM_ServerPasswordSet },
da6c28aaSamw	{ netr_s_SamLogon,		NETR_OPNUM_SamLogon },
da6c28aaSamw	{ netr_s_SamLogoff,		NETR_OPNUM_SamLogoff },
da6c28aaSamw	{0}
da6c28aaSamw};
da6c28aaSamw
8d7e4166Sjose borregostatic ndr_service_t netr_service = {
da6c28aaSamw	"NETR",				/* name */
da6c28aaSamw	"NetLogon",			/* desc */
da6c28aaSamw	"\\netlogon",			/* endpoint */
da6c28aaSamw	PIPE_LSASS,			/* sec_addr_port */
8d7e4166Sjose borrego	"12345678-1234-abcd-ef00-01234567cffb", 1,	/* abstract */
8d7e4166Sjose borrego	NDR_TRANSFER_SYNTAX_UUID,		2,	/* transfer */
da6c28aaSamw	0,				/* no bind_instance_size */
da6c28aaSamw	0,				/* no bind_req() */
da6c28aaSamw	0,				/* no unbind_and_close() */
da6c28aaSamw	0,				/* use generic_call_stub() */
da6c28aaSamw	&TYPEINFO(netr_interface),	/* interface ti */
da6c28aaSamw	netr_stub_table			/* stub_table */
da6c28aaSamw};
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * netr_initialize
da6c28aaSamw *
da6c28aaSamw * This function registers the NETR RPC interface with the RPC runtime
da6c28aaSamw * library. It must be called in order to use either the client side
da6c28aaSamw * or the server side functions.
da6c28aaSamw */
da6c28aaSamwvoid
da6c28aaSamwnetr_initialize(void)
da6c28aaSamw{
*ce8560eeSMatt Barden	uint32_t flags;
*ce8560eeSMatt Barden
8d7e4166Sjose borrego	(void) ndr_svc_register(&netr_service);
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden	flags = smb_get_netlogon_flags();
*ce8560eeSMatt Barden	netlogon_init_global(flags);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * netr_s_ServerReqChallenge
da6c28aaSamw */
da6c28aaSamw/*ARGSUSED*/
da6c28aaSamwstatic int
8d7e4166Sjose borregonetr_s_ServerReqChallenge(void *arg, ndr_xa_t *mxa)
da6c28aaSamw{
da6c28aaSamw	struct netr_ServerReqChallenge *param = arg;
da6c28aaSamw
da6c28aaSamw	bzero(param, sizeof (struct netr_ServerReqChallenge));
da6c28aaSamw	param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
8d7e4166Sjose borrego	return (NDR_DRC_OK);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * netr_s_ServerAuthenticate2
da6c28aaSamw */
da6c28aaSamw/*ARGSUSED*/
da6c28aaSamwstatic int
8d7e4166Sjose borregonetr_s_ServerAuthenticate2(void *arg, ndr_xa_t *mxa)
da6c28aaSamw{
da6c28aaSamw	struct netr_ServerAuthenticate2 *param = arg;
da6c28aaSamw
da6c28aaSamw	bzero(param, sizeof (struct netr_ServerAuthenticate2));
da6c28aaSamw	param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
8d7e4166Sjose borrego	return (NDR_DRC_OK);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * netr_s_ServerPasswordSet
da6c28aaSamw */
da6c28aaSamw/*ARGSUSED*/
da6c28aaSamwstatic int
8d7e4166Sjose borregonetr_s_ServerPasswordSet(void *arg, ndr_xa_t *mxa)
da6c28aaSamw{
da6c28aaSamw	struct netr_PasswordSet *param = arg;
da6c28aaSamw
da6c28aaSamw	bzero(param, sizeof (struct netr_PasswordSet));
da6c28aaSamw	param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
8d7e4166Sjose borrego	return (NDR_DRC_OK);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * netr_s_SamLogon
da6c28aaSamw */
da6c28aaSamw/*ARGSUSED*/
da6c28aaSamwstatic int
8d7e4166Sjose borregonetr_s_SamLogon(void *arg, ndr_xa_t *mxa)
da6c28aaSamw{
da6c28aaSamw	struct netr_SamLogon *param = arg;
da6c28aaSamw
da6c28aaSamw	bzero(param, sizeof (struct netr_SamLogon));
da6c28aaSamw	param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
8d7e4166Sjose borrego	return (NDR_DRC_OK);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * netr_s_SamLogoff
da6c28aaSamw */
da6c28aaSamw/*ARGSUSED*/
da6c28aaSamwstatic int
8d7e4166Sjose borregonetr_s_SamLogoff(void *arg, ndr_xa_t *mxa)
da6c28aaSamw{
da6c28aaSamw	struct netr_SamLogoff *param = arg;
da6c28aaSamw
da6c28aaSamw	bzero(param, sizeof (struct netr_SamLogoff));
da6c28aaSamw	param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
8d7e4166Sjose borrego	return (NDR_DRC_OK);
da6c28aaSamw}
da6c28aaSamw
da6c28aaSamw/*
da6c28aaSamw * Declare extern references.
da6c28aaSamw */
da6c28aaSamwDECL_FIXUP_STRUCT(netr_validation_u);
da6c28aaSamwDECL_FIXUP_STRUCT(netr_validation_info);
da6c28aaSamwDECL_FIXUP_STRUCT(netr_SamLogon);
*ce8560eeSMatt BardenDECL_FIXUP_STRUCT(netr_SamLogonEx);
da6c28aaSamw
da6c28aaSamw/*
*ce8560eeSMatt Barden * Patch the netr_validation_info union.
da6c28aaSamw */
*ce8560eeSMatt Bardenstatic unsigned short
*ce8560eeSMatt Bardenfixup_netr_validation_info(WORD level)
da6c28aaSamw{
da6c28aaSamw	unsigned short size1 = 0;
da6c28aaSamw	unsigned short size2 = 0;
da6c28aaSamw
da6c28aaSamw	switch (level) {
da6c28aaSamw	case 3:
da6c28aaSamw		/*
da6c28aaSamw		 * The netr_validation_u union contains a pointer, which
da6c28aaSamw		 * is a DWORD in NDR. So we need to set size1 to ensure
da6c28aaSamw		 * that we can correctly decode the remaining parameters.
da6c28aaSamw		 */
da6c28aaSamw		size1 = sizeof (DWORD);
da6c28aaSamw		break;
da6c28aaSamw
da6c28aaSamw	default:
da6c28aaSamw		/*
da6c28aaSamw		 * If the request is badly formed or the level is invalid,
da6c28aaSamw		 * the server returns NT_STATUS_INVALID_INFO_CLASS. Size1
da6c28aaSamw		 * must be zero to correctly decode the status.
da6c28aaSamw		 */
da6c28aaSamw		size1 = 0;
da6c28aaSamw		break;
da6c28aaSamw	};
da6c28aaSamw
da6c28aaSamw	size2 = size1 + (2 * sizeof (DWORD));
da6c28aaSamw
da6c28aaSamw	FIXUP_PDU_SIZE(netr_validation_u, size1);
da6c28aaSamw	FIXUP_PDU_SIZE(netr_validation_info, size2);
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden	return (size2);
*ce8560eeSMatt Barden}
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden/*
*ce8560eeSMatt Barden * Patch the netr_SamLogon union.
*ce8560eeSMatt Barden * This function is called from mlsvc_netr_ndr.c
*ce8560eeSMatt Barden */
*ce8560eeSMatt Bardenvoid
*ce8560eeSMatt Bardenfixup_netr_SamLogon(struct netr_SamLogon *arg)
*ce8560eeSMatt Barden{
*ce8560eeSMatt Barden	unsigned short size2 = 0;
*ce8560eeSMatt Barden	unsigned short size3 = 0;
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden	size2 = fixup_netr_validation_info(arg->validation_level);
*ce8560eeSMatt Barden	/* netr_valid ENC-UNION + hdr + ret_auth PTR + authoritative + status */
*ce8560eeSMatt Barden	size3 = size2 + sizeof (ndr_request_hdr_t) + 3 * sizeof (DWORD);
da6c28aaSamw	FIXUP_PDU_SIZE(netr_SamLogon, size3);
da6c28aaSamw}
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden/*
*ce8560eeSMatt Barden * Patch the netr_SamLogonEx union.
*ce8560eeSMatt Barden * This function is called from mlsvc_netr_ndr.c
*ce8560eeSMatt Barden */
*ce8560eeSMatt Bardenvoid
*ce8560eeSMatt Bardenfixup_netr_SamLogonEx(struct netr_SamLogonEx *arg)
*ce8560eeSMatt Barden{
*ce8560eeSMatt Barden	unsigned short size2 = 0;
*ce8560eeSMatt Barden	unsigned short size3 = 0;
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden	size2 = fixup_netr_validation_info(arg->validation_level);
*ce8560eeSMatt Barden	/* netr_valid ENC-UNION + hdr + authoritative + flags + status */
*ce8560eeSMatt Barden	size3 = size2 + sizeof (ndr_request_hdr_t) + 3 * sizeof (DWORD);
*ce8560eeSMatt Barden
*ce8560eeSMatt Barden	FIXUP_PDU_SIZE(netr_SamLogonEx, size3);
*ce8560eeSMatt Barden}