2 Unix SMB/CIFS implementation.
4 endpoint server for the netlogon pipe
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "rpc_server/dcerpc_server.h"
25 #include "rpc_server/common/common.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "auth/auth.h"
28 #include "auth/auth_sam_reply.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "dsdb/common/flags.h"
31 #include "rpc_server/samr/proto.h"
32 #include "../lib/util/util_ldb.h"
33 #include "libcli/auth/libcli_auth.h"
34 #include "auth/gensec/schannel_state.h"
35 #include "libcli/security/security.h"
36 #include "param/param.h"
37 #include "lib/messaging/irpc.h"
38 #include "librpc/gen_ndr/ndr_irpc.h"
39 #include "librpc/gen_ndr/ndr_netlogon.h"
41 struct server_pipe_state {
42 struct netr_Credential client_challenge;
43 struct netr_Credential server_challenge;
47 static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
48 struct netr_ServerReqChallenge *r)
50 struct server_pipe_state *pipe_state = dce_call->context->private;
52 ZERO_STRUCTP(r->out.return_credentials);
54 /* destroyed on pipe shutdown */
57 talloc_free(pipe_state);
58 dce_call->context->private = NULL;
61 pipe_state = talloc(dce_call->context, struct server_pipe_state);
62 NT_STATUS_HAVE_NO_MEMORY(pipe_state);
64 pipe_state->client_challenge = *r->in.credentials;
66 generate_random_buffer(pipe_state->server_challenge.data,
67 sizeof(pipe_state->server_challenge.data));
69 *r->out.return_credentials = pipe_state->server_challenge;
71 dce_call->context->private = pipe_state;
76 static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
77 struct netr_ServerAuthenticate3 *r)
79 struct server_pipe_state *pipe_state = dce_call->context->private;
80 struct creds_CredentialState *creds;
82 struct samr_Password *mach_pwd;
83 uint32_t user_account_control;
85 struct ldb_message **msgs;
87 const char *attrs[] = {"unicodePwd", "userAccountControl",
90 const char *trust_dom_attrs[] = {"flatname", NULL};
91 const char *account_name;
93 ZERO_STRUCTP(r->out.return_credentials);
95 *r->out.negotiate_flags = *r->in.negotiate_flags;
98 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
99 return NT_STATUS_ACCESS_DENIED;
102 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
103 system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
104 if (sam_ctx == NULL) {
105 return NT_STATUS_INVALID_SYSTEM_SERVICE;
108 if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
109 char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
110 const char *flatname;
111 if (!encoded_account) {
112 return NT_STATUS_NO_MEMORY;
115 /* Kill the trailing dot */
116 if (encoded_account[strlen(encoded_account)-1] == '.') {
117 encoded_account[strlen(encoded_account)-1] = '\0';
120 /* pull the user attributes */
121 num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, trust_dom_attrs,
122 "(&(trustPartner=%s)(objectclass=trustedDomain))",
125 if (num_records == 0) {
126 DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
128 return NT_STATUS_ACCESS_DENIED;
131 if (num_records > 1) {
132 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
133 return NT_STATUS_INTERNAL_DB_CORRUPTION;
136 flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
138 /* No flatname for this trust - we can't proceed */
139 return NT_STATUS_ACCESS_DENIED;
141 account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
144 return NT_STATUS_NO_MEMORY;
148 account_name = r->in.account_name;
151 /* pull the user attributes */
152 num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
153 "(&(sAMAccountName=%s)(objectclass=user))",
154 ldb_binary_encode_string(mem_ctx, account_name));
156 if (num_records == 0) {
157 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
158 r->in.account_name));
159 return NT_STATUS_ACCESS_DENIED;
162 if (num_records > 1) {
163 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
164 return NT_STATUS_INTERNAL_DB_CORRUPTION;
168 user_account_control = ldb_msg_find_attr_as_uint(msgs[0], "userAccountControl", 0);
170 if (user_account_control & UF_ACCOUNTDISABLE) {
171 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
172 return NT_STATUS_ACCESS_DENIED;
175 if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
176 if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
177 DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
178 return NT_STATUS_ACCESS_DENIED;
180 } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
181 r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
182 if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
183 DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
185 return NT_STATUS_ACCESS_DENIED;
187 } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
188 if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
189 DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
190 return NT_STATUS_ACCESS_DENIED;
193 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
194 r->in.secure_channel_type));
195 return NT_STATUS_ACCESS_DENIED;
198 *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
201 mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "unicodePwd");
202 if (mach_pwd == NULL) {
203 return NT_STATUS_ACCESS_DENIED;
206 creds = talloc(mem_ctx, struct creds_CredentialState);
207 NT_STATUS_HAVE_NO_MEMORY(creds);
209 creds_server_init(creds, &pipe_state->client_challenge,
210 &pipe_state->server_challenge, mach_pwd,
211 r->out.return_credentials,
212 *r->in.negotiate_flags);
214 if (!creds_server_check(creds, r->in.credentials)) {
216 return NT_STATUS_ACCESS_DENIED;
219 creds->account_name = talloc_steal(creds, r->in.account_name);
221 creds->computer_name = talloc_steal(creds, r->in.computer_name);
222 creds->domain = talloc_strdup(creds, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx));
224 creds->secure_channel_type = r->in.secure_channel_type;
226 creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
229 /* remember this session key state */
230 nt_status = schannel_store_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, creds);
235 static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
236 struct netr_ServerAuthenticate *r)
238 struct netr_ServerAuthenticate3 r3;
241 * negotiate_flags is used as an [in] parameter
242 * so it need to be initialised.
244 * (I think ... = 0; seems wrong here --metze)
246 uint32_t negotiate_flags = 0;
248 r3.in.server_name = r->in.server_name;
249 r3.in.account_name = r->in.account_name;
250 r3.in.secure_channel_type = r->in.secure_channel_type;
251 r3.in.computer_name = r->in.computer_name;
252 r3.in.credentials = r->in.credentials;
253 r3.out.return_credentials = r->out.return_credentials;
254 r3.in.negotiate_flags = &negotiate_flags;
255 r3.out.negotiate_flags = &negotiate_flags;
258 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
261 static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
262 struct netr_ServerAuthenticate2 *r)
264 struct netr_ServerAuthenticate3 r3;
267 r3.in.server_name = r->in.server_name;
268 r3.in.account_name = r->in.account_name;
269 r3.in.secure_channel_type = r->in.secure_channel_type;
270 r3.in.computer_name = r->in.computer_name;
271 r3.in.credentials = r->in.credentials;
272 r3.out.return_credentials = r->out.return_credentials;
273 r3.in.negotiate_flags = r->in.negotiate_flags;
274 r3.out.negotiate_flags = r->out.negotiate_flags;
277 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
281 Validate an incoming authenticator against the credentials for the remote machine.
283 The credentials are (re)read and from the schannel database, and
284 written back after the caclulations are performed.
286 The creds_out parameter (if not NULL) returns the credentials, if
287 the caller needs some of that information.
290 static NTSTATUS dcesrv_netr_creds_server_step_check(struct event_context *event_ctx,
291 struct loadparm_context *lp_ctx,
292 const char *computer_name,
294 struct netr_Authenticator *received_authenticator,
295 struct netr_Authenticator *return_authenticator,
296 struct creds_CredentialState **creds_out)
298 struct creds_CredentialState *creds;
300 struct ldb_context *ldb;
303 ldb = schannel_db_connect(mem_ctx, event_ctx, lp_ctx);
305 return NT_STATUS_ACCESS_DENIED;
308 ret = ldb_transaction_start(ldb);
311 return NT_STATUS_INTERNAL_DB_CORRUPTION;
314 /* Because this is a shared structure (even across
315 * disconnects) we must update the database every time we
316 * update the structure */
318 nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
319 lp_workgroup(lp_ctx),
321 if (NT_STATUS_IS_OK(nt_status)) {
322 nt_status = creds_server_step_check(creds,
323 received_authenticator,
324 return_authenticator);
326 if (NT_STATUS_IS_OK(nt_status)) {
327 nt_status = schannel_store_session_key_ldb(ldb, ldb, creds);
330 if (NT_STATUS_IS_OK(nt_status)) {
331 ldb_transaction_commit(ldb);
334 talloc_steal(mem_ctx, creds);
337 ldb_transaction_cancel(ldb);
344 Change the machine account password for the currently connected
345 client. Supplies only the NT#.
348 static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
349 struct netr_ServerPasswordSet *r)
351 struct creds_CredentialState *creds;
352 struct ldb_context *sam_ctx;
355 nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
356 r->in.computer_name, mem_ctx,
357 r->in.credential, r->out.return_authenticator,
359 NT_STATUS_NOT_OK_RETURN(nt_status);
361 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
362 if (sam_ctx == NULL) {
363 return NT_STATUS_INVALID_SYSTEM_SERVICE;
366 creds_des_decrypt(creds, r->in.new_password);
368 /* Using the sid for the account as the key, set the password */
369 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
371 NULL, /* Don't have plaintext */
372 NULL, r->in.new_password,
373 true, /* Password change */
379 Change the machine account password for the currently connected
380 client. Supplies new plaintext.
382 static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
383 struct netr_ServerPasswordSet2 *r)
385 struct creds_CredentialState *creds;
386 struct ldb_context *sam_ctx;
388 DATA_BLOB new_password;
390 struct samr_CryptPassword password_buf;
392 nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
393 r->in.computer_name, mem_ctx,
394 r->in.credential, r->out.return_authenticator,
396 NT_STATUS_NOT_OK_RETURN(nt_status);
398 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
399 if (sam_ctx == NULL) {
400 return NT_STATUS_INVALID_SYSTEM_SERVICE;
403 memcpy(password_buf.data, r->in.new_password->data, 512);
404 SIVAL(password_buf.data, 512, r->in.new_password->length);
405 creds_arcfour_crypt(creds, password_buf.data, 516);
407 if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
408 DEBUG(3,("samr: failed to decode password buffer\n"));
409 return NT_STATUS_WRONG_PASSWORD;
412 /* Using the sid for the account as the key, set the password */
413 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
415 &new_password, /* we have plaintext */
417 true, /* Password change */
426 static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
427 struct netr_LogonUasLogon *r)
429 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
436 static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
437 struct netr_LogonUasLogoff *r)
439 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
444 netr_LogonSamLogon_base
446 This version of the function allows other wrappers to say 'do not check the credentials'
448 We can't do the traditional 'wrapping' format completly, as this function must only run under schannel
450 static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
451 struct netr_LogonSamLogonEx *r, struct creds_CredentialState *creds)
453 struct auth_context *auth_context;
454 struct auth_usersupplied_info *user_info;
455 struct auth_serversupplied_info *server_info;
457 static const char zeros[16];
458 struct netr_SamBaseInfo *sam;
459 struct netr_SamInfo2 *sam2;
460 struct netr_SamInfo3 *sam3;
461 struct netr_SamInfo6 *sam6;
463 user_info = talloc(mem_ctx, struct auth_usersupplied_info);
464 NT_STATUS_HAVE_NO_MEMORY(user_info);
466 user_info->flags = 0;
467 user_info->mapped_state = false;
468 user_info->remote_host = NULL;
470 switch (r->in.logon_level) {
471 case NetlogonInteractiveInformation:
472 case NetlogonServiceInformation:
473 case NetlogonInteractiveTransitiveInformation:
474 case NetlogonServiceTransitiveInformation:
475 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
476 creds_arcfour_crypt(creds,
477 r->in.logon->password->lmpassword.hash,
478 sizeof(r->in.logon->password->lmpassword.hash));
479 creds_arcfour_crypt(creds,
480 r->in.logon->password->ntpassword.hash,
481 sizeof(r->in.logon->password->ntpassword.hash));
483 creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
484 creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
487 /* TODO: we need to deny anonymous access here */
488 nt_status = auth_context_create(mem_ctx,
489 dce_call->event_ctx, dce_call->msg_ctx,
490 dce_call->conn->dce_ctx->lp_ctx,
492 NT_STATUS_NOT_OK_RETURN(nt_status);
494 user_info->logon_parameters = r->in.logon->password->identity_info.parameter_control;
495 user_info->client.account_name = r->in.logon->password->identity_info.account_name.string;
496 user_info->client.domain_name = r->in.logon->password->identity_info.domain_name.string;
497 user_info->workstation_name = r->in.logon->password->identity_info.workstation.string;
499 user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
500 user_info->password_state = AUTH_PASSWORD_HASH;
502 user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
503 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman);
504 *user_info->password.hash.lanman = r->in.logon->password->lmpassword;
506 user_info->password.hash.nt = talloc(user_info, struct samr_Password);
507 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt);
508 *user_info->password.hash.nt = r->in.logon->password->ntpassword;
511 case NetlogonNetworkInformation:
512 case NetlogonNetworkTransitiveInformation:
514 /* TODO: we need to deny anonymous access here */
515 nt_status = auth_context_create(mem_ctx,
516 dce_call->event_ctx, dce_call->msg_ctx,
517 dce_call->conn->dce_ctx->lp_ctx,
519 NT_STATUS_NOT_OK_RETURN(nt_status);
521 nt_status = auth_context_set_challenge(auth_context, r->in.logon->network->challenge, "netr_LogonSamLogonWithFlags");
522 NT_STATUS_NOT_OK_RETURN(nt_status);
524 user_info->logon_parameters = r->in.logon->network->identity_info.parameter_control;
525 user_info->client.account_name = r->in.logon->network->identity_info.account_name.string;
526 user_info->client.domain_name = r->in.logon->network->identity_info.domain_name.string;
527 user_info->workstation_name = r->in.logon->network->identity_info.workstation.string;
529 user_info->password_state = AUTH_PASSWORD_RESPONSE;
530 user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length);
531 user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length);
536 case NetlogonGenericInformation:
538 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
539 creds_arcfour_crypt(creds,
540 r->in.logon->generic->data, r->in.logon->generic->length);
542 /* Using DES to verify kerberos tickets makes no sense */
543 return NT_STATUS_INVALID_PARAMETER;
546 if (strcmp(r->in.logon->generic->package_name.string, "Kerberos") == 0) {
548 struct server_id *kdc;
549 struct kdc_check_generic_kerberos check;
550 struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
551 NT_STATUS_HAVE_NO_MEMORY(generic);
552 *r->out.authoritative = 1;
554 /* TODO: Describe and deal with these flags */
557 r->out.validation->generic = generic;
559 kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server");
560 if ((kdc == NULL) || (kdc[0].id == 0)) {
561 return NT_STATUS_NO_LOGON_SERVERS;
564 check.in.generic_request =
565 data_blob_const(r->in.logon->generic->data,
566 r->in.logon->generic->length);
568 status = irpc_call(dce_call->msg_ctx, kdc[0],
569 &ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS,
571 if (!NT_STATUS_IS_OK(status)) {
574 generic->length = check.out.generic_reply.length;
575 generic->data = check.out.generic_reply.data;
579 /* Until we get an implemetnation of these other packages */
580 return NT_STATUS_INVALID_PARAMETER;
583 return NT_STATUS_INVALID_PARAMETER;
586 nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
587 NT_STATUS_NOT_OK_RETURN(nt_status);
589 nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
590 NT_STATUS_NOT_OK_RETURN(nt_status);
592 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
593 /* It appears that level 6 is not individually encrypted */
594 if ((r->in.validation_level != 6) &&
595 memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
596 /* This key is sent unencrypted without the ARCFOUR flag set */
597 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
598 creds_arcfour_crypt(creds,
600 sizeof(sam->key.key));
604 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
605 /* It appears that level 6 is not individually encrypted */
606 if ((r->in.validation_level != 6) &&
607 memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
608 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
609 creds_arcfour_crypt(creds,
611 sizeof(sam->LMSessKey.key));
613 creds_des_encrypt_LMKey(creds,
618 switch (r->in.validation_level) {
620 sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
621 NT_STATUS_HAVE_NO_MEMORY(sam2);
623 r->out.validation->sam2 = sam2;
627 sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
628 NT_STATUS_HAVE_NO_MEMORY(sam3);
630 r->out.validation->sam3 = sam3;
634 sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
635 NT_STATUS_HAVE_NO_MEMORY(sam6);
637 sam6->forest.string = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
638 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
639 sam->account_name.string, sam6->forest.string);
640 NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
641 r->out.validation->sam6 = sam6;
648 *r->out.authoritative = 1;
650 /* TODO: Describe and deal with these flags */
656 static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
657 struct netr_LogonSamLogonEx *r)
660 struct creds_CredentialState *creds;
661 nt_status = schannel_fetch_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx), &creds);
662 if (!NT_STATUS_IS_OK(nt_status)) {
666 if (!dce_call->conn->auth_state.auth_info ||
667 dce_call->conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
668 return NT_STATUS_INTERNAL_ERROR;
670 return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
674 netr_LogonSamLogonWithFlags
677 static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
678 struct netr_LogonSamLogonWithFlags *r)
681 struct creds_CredentialState *creds;
682 struct netr_LogonSamLogonEx r2;
684 struct netr_Authenticator *return_authenticator;
686 return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
687 NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
689 nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
690 r->in.computer_name, mem_ctx,
691 r->in.credential, return_authenticator,
693 NT_STATUS_NOT_OK_RETURN(nt_status);
697 r2.in.server_name = r->in.server_name;
698 r2.in.computer_name = r->in.computer_name;
699 r2.in.logon_level = r->in.logon_level;
700 r2.in.logon = r->in.logon;
701 r2.in.validation_level = r->in.validation_level;
702 r2.in.flags = r->in.flags;
703 r2.out.validation = r->out.validation;
704 r2.out.authoritative = r->out.authoritative;
705 r2.out.flags = r->out.flags;
707 nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
709 r->out.return_authenticator = return_authenticator;
717 static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
718 struct netr_LogonSamLogon *r)
720 struct netr_LogonSamLogonWithFlags r2;
726 r2.in.server_name = r->in.server_name;
727 r2.in.computer_name = r->in.computer_name;
728 r2.in.credential = r->in.credential;
729 r2.in.return_authenticator = r->in.return_authenticator;
730 r2.in.logon_level = r->in.logon_level;
731 r2.in.logon = r->in.logon;
732 r2.in.validation_level = r->in.validation_level;
733 r2.in.flags = &flags;
734 r2.out.validation = r->out.validation;
735 r2.out.authoritative = r->out.authoritative;
736 r2.out.flags = &flags;
738 status = dcesrv_netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
740 r->out.return_authenticator = r2.out.return_authenticator;
749 static NTSTATUS dcesrv_netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
750 struct netr_LogonSamLogoff *r)
752 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
760 static NTSTATUS dcesrv_netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
761 struct netr_DatabaseDeltas *r)
763 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
770 static NTSTATUS dcesrv_netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
771 struct netr_DatabaseSync *r)
773 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
774 return NT_STATUS_NOT_IMPLEMENTED;
781 static NTSTATUS dcesrv_netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
782 struct netr_AccountDeltas *r)
784 /* w2k3 returns "NOT IMPLEMENTED" for this call */
785 return NT_STATUS_NOT_IMPLEMENTED;
792 static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
793 struct netr_AccountSync *r)
795 /* w2k3 returns "NOT IMPLEMENTED" for this call */
796 return NT_STATUS_NOT_IMPLEMENTED;
803 static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
804 struct netr_GetDcName *r)
806 const char * const attrs[] = { NULL };
808 struct ldb_message **res;
809 struct ldb_dn *domain_dn;
813 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
814 dce_call->conn->dce_ctx->lp_ctx,
815 dce_call->conn->auth_state.session_info);
816 if (sam_ctx == NULL) {
817 return WERR_DS_SERVICE_UNAVAILABLE;
820 domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx,
822 if (domain_dn == NULL) {
823 return WERR_DS_SERVICE_UNAVAILABLE;
826 ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
828 return WERR_NO_SUCH_DOMAIN;
831 /* TODO: - return real IP address
832 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
834 dcname = talloc_asprintf(mem_ctx, "\\\\%s",
835 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx));
836 W_ERROR_HAVE_NO_MEMORY(dcname);
838 *r->out.dcname = dcname;
846 static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
847 struct netr_LogonControl *r)
849 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
856 static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
857 struct netr_GetAnyDCName *r)
859 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
866 static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
867 struct netr_LogonControl2 *r)
869 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
876 static NTSTATUS dcesrv_netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
877 struct netr_DatabaseSync2 *r)
879 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
880 return NT_STATUS_NOT_IMPLEMENTED;
887 static NTSTATUS dcesrv_netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
888 struct netr_DatabaseRedo *r)
890 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
897 static WERROR dcesrv_netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
898 struct netr_LogonControl2Ex *r)
900 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
905 netr_NetrEnumerateTurstedDomains
907 static WERROR dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
908 struct netr_NetrEnumerateTrustedDomains *r)
910 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
915 netr_NETRLOGONDUMMYROUTINE1
917 static WERROR dcesrv_netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
918 struct netr_NETRLOGONDUMMYROUTINE1 *r)
920 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
925 netr_NETRLOGONSETSERVICEBITS
927 static WERROR dcesrv_netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
928 struct netr_NETRLOGONSETSERVICEBITS *r)
930 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
935 netr_LogonGetTrustRid
937 static WERROR dcesrv_netr_LogonGetTrustRid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
938 struct netr_LogonGetTrustRid *r)
940 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
945 netr_NETRLOGONCOMPUTESERVERDIGEST
947 static WERROR dcesrv_netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
948 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
950 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
955 netr_NETRLOGONCOMPUTECLIENTDIGEST
957 static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
958 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
960 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
968 static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
969 struct netr_DsRGetSiteName *r)
971 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
976 fill in a netr_DomainTrustInfo from a ldb search result
978 static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
979 struct ldb_message *res,
980 struct ldb_message *ref_res,
981 struct netr_DomainTrustInfo *info,
982 bool is_local, bool is_trust_list)
986 info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
987 info->trust_extension.length = 16;
988 info->trust_extension.info->flags =
989 NETR_TRUST_FLAG_TREEROOT |
990 NETR_TRUST_FLAG_IN_FOREST |
991 NETR_TRUST_FLAG_PRIMARY;
992 info->trust_extension.info->parent_index = 0; /* should be index into array
994 info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
995 info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */
998 /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
999 info->forest.string = NULL;
1001 /* TODO: we need a common function for pulling the forest */
1002 info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL);
1006 info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL);
1007 info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL);
1008 info->guid = samdb_result_guid(res, "objectGUID");
1009 info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
1011 info->domainname.string = samdb_result_string(res, "flatName", NULL);
1012 info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL);
1013 info->guid = samdb_result_guid(res, "objectGUID");
1014 info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
1017 return NT_STATUS_OK;
1021 netr_LogonGetDomainInfo
1022 this is called as part of the ADS domain logon procedure.
1024 It has an important role in convaying details about the client, such
1025 as Operating System, Version, Service Pack etc.
1027 static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1028 struct netr_LogonGetDomainInfo *r)
1030 const char * const attrs[] = { "objectSid",
1031 "objectGUID", "flatName", "securityIdentifier",
1032 "trustPartner", NULL };
1033 const char * const ref_attrs[] = { "nETBIOSName", "dnsRoot", NULL };
1034 struct ldb_context *sam_ctx;
1035 struct ldb_message **res1, **res2, **ref_res;
1036 struct netr_DomainInfo1 *info1;
1037 int ret, ret1, ret2, i;
1039 struct ldb_dn *partitions_basedn;
1041 const char *local_domain;
1043 status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
1044 r->in.computer_name, mem_ctx,
1046 r->out.return_authenticator,
1048 if (!NT_STATUS_IS_OK(status)) {
1049 DEBUG(0,(__location__ " Bad credentials - error\n"));
1051 NT_STATUS_NOT_OK_RETURN(status);
1053 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1054 if (sam_ctx == NULL) {
1055 return NT_STATUS_INVALID_SYSTEM_SERVICE;
1058 partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
1060 /* we need to do two searches. The first will pull our primary
1061 domain and the second will pull any trusted domains. Our
1062 primary domain is also a "trusted" domain, so we need to
1063 put the primary domain into the lists of returned trusts as
1065 ret1 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx), &res1, attrs);
1067 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1070 /* try and find the domain */
1071 ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn,
1072 &ref_res, ref_attrs,
1073 "(&(objectClass=crossRef)(ncName=%s))",
1074 ldb_dn_get_linearized(res1[0]->dn));
1076 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1079 local_domain = samdb_result_string(ref_res[0], "nETBIOSName", NULL);
1081 ret2 = gendb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
1083 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1086 info1 = talloc(mem_ctx, struct netr_DomainInfo1);
1087 NT_STATUS_HAVE_NO_MEMORY(info1);
1089 ZERO_STRUCTP(info1);
1091 info1->num_trusts = ret2 + 1;
1092 info1->trusts = talloc_array(mem_ctx, struct netr_DomainTrustInfo,
1094 NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
1096 status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo,
1098 NT_STATUS_NOT_OK_RETURN(status);
1100 for (i=0;i<ret2;i++) {
1101 status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i],
1103 NT_STATUS_NOT_OK_RETURN(status);
1106 status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i],
1108 NT_STATUS_NOT_OK_RETURN(status);
1110 info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL);
1111 info1->workstation_flags =
1112 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
1113 info1->supported_enc_types = 0; /* w2008 gives this 0 */
1115 r->out.info->info1 = info1;
1117 return NT_STATUS_OK;
1123 netr_ServerPasswordGet
1125 static WERROR dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1126 struct netr_ServerPasswordGet *r)
1128 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1133 netr_NETRLOGONSENDTOSAM
1135 static WERROR dcesrv_netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1136 struct netr_NETRLOGONSENDTOSAM *r)
1138 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1143 netr_DsRAddressToSitenamesW
1145 static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1146 struct netr_DsRAddressToSitenamesW *r)
1148 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1153 netr_DsRGetDCNameEx2
1155 static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1156 struct netr_DsRGetDCNameEx2 *r)
1158 const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
1160 struct ldb_message **res;
1161 struct ldb_dn *domain_dn;
1163 struct netr_DsRGetDCNameInfo *info;
1165 ZERO_STRUCTP(r->out.info);
1167 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1168 if (sam_ctx == NULL) {
1169 return WERR_DS_SERVICE_UNAVAILABLE;
1172 domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
1174 if (domain_dn == NULL) {
1175 return WERR_DS_SERVICE_UNAVAILABLE;
1178 ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
1180 return WERR_NO_SUCH_DOMAIN;
1183 info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
1184 W_ERROR_HAVE_NO_MEMORY(info);
1186 /* TODO: - return real IP address
1187 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
1189 info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s",
1190 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
1191 lp_realm(dce_call->conn->dce_ctx->lp_ctx));
1192 W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
1193 info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
1194 W_ERROR_HAVE_NO_MEMORY(info->dc_address);
1195 info->dc_address_type = DS_ADDRESS_TYPE_INET;
1196 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
1197 info->domain_name = samdb_result_string(res[0], "dnsDomain", NULL);
1198 info->forest_name = samdb_result_string(res[0], "dnsDomain", NULL);
1199 info->dc_flags = DS_DNS_FOREST |
1202 DS_SERVER_WRITABLE |
1204 DS_SERVER_TIMESERV |
1210 info->dc_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1211 W_ERROR_HAVE_NO_MEMORY(info->dc_site_name);
1212 info->client_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1213 W_ERROR_HAVE_NO_MEMORY(info->client_site_name);
1215 *r->out.info = info;
1223 static WERROR dcesrv_netr_DsRGetDCNameEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1224 struct netr_DsRGetDCNameEx *r)
1226 struct netr_DsRGetDCNameEx2 r2;
1231 r2.in.server_unc = r->in.server_unc;
1232 r2.in.client_account = NULL;
1234 r2.in.domain_guid = r->in.domain_guid;
1235 r2.in.domain_name = r->in.domain_name;
1236 r2.in.site_name = r->in.site_name;
1237 r2.in.flags = r->in.flags;
1238 r2.out.info = r->out.info;
1240 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1248 static WERROR dcesrv_netr_DsRGetDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1249 struct netr_DsRGetDCName *r)
1251 struct netr_DsRGetDCNameEx2 r2;
1256 r2.in.server_unc = r->in.server_unc;
1257 r2.in.client_account = NULL;
1259 r2.in.domain_name = r->in.domain_name;
1260 r2.in.domain_guid = r->in.domain_guid;
1262 r2.in.site_name = NULL; /* should fill in from site GUID */
1263 r2.in.flags = r->in.flags;
1264 r2.out.info = r->out.info;
1266 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1271 netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
1273 static WERROR dcesrv_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1274 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1276 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1281 netr_NetrEnumerateTrustedDomainsEx
1283 static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1284 struct netr_NetrEnumerateTrustedDomainsEx *r)
1286 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1291 netr_DsRAddressToSitenamesExW
1293 static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1294 struct netr_DsRAddressToSitenamesExW *r)
1296 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1301 netr_DsrGetDcSiteCoverageW
1303 static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1304 struct netr_DsrGetDcSiteCoverageW *r)
1306 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1311 netr_DsrEnumerateDomainTrusts
1313 static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1314 struct netr_DsrEnumerateDomainTrusts *r)
1316 struct netr_DomainTrustList *trusts;
1319 struct ldb_message **dom_res, **ref_res;
1320 const char * const dom_attrs[] = { "objectSid", "objectGUID", NULL };
1321 const char * const ref_attrs[] = { "nETBIOSName", "dnsRoot", NULL };
1322 struct ldb_dn *partitions_basedn;
1324 ZERO_STRUCT(r->out);
1326 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1327 if (sam_ctx == NULL) {
1328 return WERR_GENERAL_FAILURE;
1331 partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
1333 ret = gendb_search_dn(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs);
1335 return WERR_GENERAL_FAILURE;
1338 return WERR_GENERAL_FAILURE;
1341 ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs,
1342 "(&(objectClass=crossRef)(ncName=%s))",
1343 ldb_dn_get_linearized(dom_res[0]->dn));
1345 return WERR_GENERAL_FAILURE;
1348 return WERR_GENERAL_FAILURE;
1351 trusts = talloc(mem_ctx, struct netr_DomainTrustList);
1352 W_ERROR_HAVE_NO_MEMORY(trusts);
1354 trusts->array = talloc_array(trusts, struct netr_DomainTrust, ret);
1355 W_ERROR_HAVE_NO_MEMORY(trusts->array);
1357 trusts->count = 1; /* ?? */
1359 r->out.trusts = trusts;
1361 /* TODO: add filtering by trust_flags, and correct trust_type
1363 trusts->array[0].netbios_name = samdb_result_string(ref_res[0], "nETBIOSName", NULL);
1364 trusts->array[0].dns_name = samdb_result_string(ref_res[0], "dnsRoot", NULL);
1365 trusts->array[0].trust_flags =
1366 NETR_TRUST_FLAG_TREEROOT |
1367 NETR_TRUST_FLAG_IN_FOREST |
1368 NETR_TRUST_FLAG_PRIMARY;
1369 trusts->array[0].parent_index = 0;
1370 trusts->array[0].trust_type = 2;
1371 trusts->array[0].trust_attributes = 0;
1372 trusts->array[0].sid = samdb_result_dom_sid(mem_ctx, dom_res[0], "objectSid");
1373 trusts->array[0].guid = samdb_result_guid(dom_res[0], "objectGUID");
1380 netr_DsrDeregisterDNSHostRecords
1382 static WERROR dcesrv_netr_DsrDeregisterDNSHostRecords(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1383 struct netr_DsrDeregisterDNSHostRecords *r)
1385 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1390 netr_ServerTrustPasswordsGet
1392 static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1393 struct netr_ServerTrustPasswordsGet *r)
1395 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1400 netr_DsRGetForestTrustInformation
1402 static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1403 struct netr_DsRGetForestTrustInformation *r)
1405 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1410 netr_GetForestTrustInformation
1412 static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1413 struct netr_GetForestTrustInformation *r)
1415 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1420 netr_NETRSERVERGETTRUSTINFO
1422 static WERROR dcesrv_netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1423 struct netr_NETRSERVERGETTRUSTINFO *r)
1425 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1429 /* include the generated boilerplate */
1430 #include "librpc/gen_ndr/ndr_netlogon_s.c"