git.samba.org / bbaumbach / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix include paths to new location of libutil.
[bbaumbach/samba-autobuild/.git] / source4 / nbt_server / dgram / netlogon.c
diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c
index 9a6b8a2887b86db3150f42e66b701bef85dceb37..c5b16fbd7576b5c72fb1dc5b752518aed2f4cb11 100644 (file)
--- a/source4/nbt_server/dgram/netlogon.c
+++ b/source4/nbt_server/dgram/netlogon.c
@@ -4,10 +4,11 @@
    NBT datagram netlogon server
 
    Copyright (C) Andrew Tridgell       2005
-   
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+  
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
@@ -16,8 +17,7 @@
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
@@ -26,8 +26,11 @@
 #include "lib/ldb/include/ldb.h"
 #include "dsdb/samdb/samdb.h"
 #include "auth/auth.h"
-#include "db_wrap.h"
-#include "librpc/gen_ndr/ndr_nbt.h"
+#include "../lib/util/util_ldb.h"
+#include "param/param.h"
+#include "smbd/service_task.h"
+#include "cldap_server/cldap_server.h"
+#include "libcli/security/security.h"
 
 /*
   reply to a GETDC request
@@ -39,12 +42,13 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot,
                                struct nbt_netlogon_packet *netlogon)
 {
        struct nbt_name *name = &packet->data.msg.dest_name;
-       struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, False);
-       struct nbt_netlogon_packet reply;
+       struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
        struct nbt_netlogon_response_from_pdc *pdc;
        const char *ref_attrs[] = {"nETBIOSName", NULL};
        struct ldb_message **ref_res;
        struct ldb_context *samctx;
+       struct ldb_dn *partitions_basedn;
+       struct nbt_netlogon_response netlogon_response;
        int ret;
 
        /* only answer getdc requests on the PDC or LOGON names */
@@ -52,13 +56,16 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot,
                return;
        }
 
-       samctx = samdb_connect(packet, anonymous_session(packet));
-       if (samctx == NULL) {
-               DEBUG(2,("Unable to open sam in getdc reply\n"));
-               return;
+       samctx = iface->nbtsrv->sam_ctx;
+
+       if (!samdb_is_pdc(samctx)) {
+               DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n"));
+               return;         
        }
 
-       ret = gendb_search(samctx, samctx, NULL, &ref_res, ref_attrs,
+       partitions_basedn = samdb_partitions_dn(samctx, packet);
+
+       ret = gendb_search(samctx, packet, partitions_basedn, &ref_res, ref_attrs,
                           "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 
                           name->name);
        
@@ -68,48 +75,43 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot,
        }
 
        /* setup a GETDC reply */
-       ZERO_STRUCT(reply);
-       reply.command = NETLOGON_RESPONSE_FROM_PDC;
-       pdc = &reply.req.response;
+       ZERO_STRUCT(netlogon_response);
+       netlogon_response.response_type = NETLOGON_GET_PDC;
+       pdc = &netlogon_response.data.get_pdc;
 
-       pdc->pdc_name         = lp_netbios_name();
+       pdc->command = NETLOGON_RESPONSE_FROM_PDC;
+       pdc->pdc_name         = lp_netbios_name(iface->nbtsrv->task->lp_ctx);
        pdc->unicode_pdc_name = pdc->pdc_name;
        pdc->domain_name      = samdb_result_string(ref_res[0], "nETBIOSName", name->name);;
        pdc->nt_version       = 1;
        pdc->lmnt_token       = 0xFFFF;
        pdc->lm20_token       = 0xFFFF;
 
-
-       packet->data.msg.dest_name.type = 0;
-
        dgram_mailslot_netlogon_reply(reply_iface->dgmsock, 
                                      packet, 
+                                     lp_netbios_name(iface->nbtsrv->task->lp_ctx),
                                      netlogon->req.pdc.mailslot_name,
-                                     &reply);
+                                     &netlogon_response);
 }
 
 
 /*
   reply to a ADS style GETDC request
  */
-static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot,
-                                struct nbtd_interface *iface,
-                                struct nbt_dgram_packet *packet, 
-                                const struct socket_address *src,
-                                struct nbt_netlogon_packet *netlogon)
+static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
+                                  struct nbtd_interface *iface,
+                                  struct nbt_dgram_packet *packet, 
+                                  const struct socket_address *src,
+                                  struct nbt_netlogon_packet *netlogon)
 {
        struct nbt_name *name = &packet->data.msg.dest_name;
-       struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, False);
-       struct nbt_netlogon_packet reply;
-       struct nbt_netlogon_response_from_pdc2 *pdc;
+       struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
        struct ldb_context *samctx;
-       const char *ref_attrs[] = {"nETBIOSName", "ncName", NULL};
-       const char *dom_attrs[] = {"dnsDomain", "objectGUID", NULL};
-       struct ldb_message **ref_res, **dom_res;
-       int ret;
-       const char **services = lp_server_services();
        const char *my_ip = reply_iface->ip_address; 
-       const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(packet, samdb_base_dn(packet), "CN=Partitions,CN=Configuration");
+       struct dom_sid *sid;
+       struct nbt_netlogon_response netlogon_response;
+       NTSTATUS status;
+
        if (!my_ip) {
                DEBUG(0, ("Could not obtain own IP address for datagram socket\n"));
                return;
@@ -120,90 +122,32 @@ static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot,
                return;
        }
 
-       samctx = samdb_connect(packet, anonymous_session(packet));
-       if (samctx == NULL) {
-               DEBUG(2,("Unable to open sam in getdc reply\n"));
-               return;
-       }
+       samctx = iface->nbtsrv->sam_ctx;
 
-       ret = gendb_search(samctx, samctx, partitions_basedn, &ref_res, ref_attrs,
-                                 "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 
-                                 name->name);
-       
-       if (ret != 1) {
-               DEBUG(2,("Unable to find domain reference '%s' in sam\n", name->name));
-               return;
+       if (netlogon->req.logon.sid_size) {
+               sid = &netlogon->req.logon.sid;
+       } else {
+               sid = NULL;
        }
 
-       /* try and find the domain */
-       ret = gendb_search_dn(samctx, samctx, 
-                             samdb_result_dn(samctx, ref_res[0], "ncName", NULL), 
-                             &dom_res, dom_attrs);
-       if (ret != 1) {
-               DEBUG(2,("Unable to find domain from reference '%s' in sam\n",
-                        ldb_dn_linearize(samctx, ref_res[0]->dn)));
+       status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, 
+                                                netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, 
+                                                netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
+                        name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
                return;
        }
 
-       /* setup a GETDC reply */
-       ZERO_STRUCT(reply);
-       reply.command = NETLOGON_RESPONSE_FROM_PDC2;
-
-#if 0
-       /* newer testing shows that the reply command type is not
-          changed based on whether a username is given in the
-          reply. This was what was causing the w2k join to be so
-          slow */
-       if (netlogon->req.pdc2.user_name[0]) {
-               reply.command = NETLOGON_RESPONSE_FROM_PDC_USER;
-       }
-#endif
-
-       pdc = &reply.req.response2;
-
-       /* TODO: accurately depict which services we are running */
-       pdc->server_type      = 
-               NBT_SERVER_PDC | NBT_SERVER_GC | 
-               NBT_SERVER_DS | NBT_SERVER_TIMESERV |
-               NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | 
-               NBT_SERVER_GOOD_TIMESERV;
-
-       /* hmm, probably a better way to do this */
-       if (str_list_check(services, "ldap")) {
-               pdc->server_type |= NBT_SERVER_LDAP;
-       }
-
-       if (str_list_check(services, "kdc")) {
-               pdc->server_type |= NBT_SERVER_KDC;
-       }
-
-       pdc->domain_uuid      = samdb_result_guid(dom_res[0], "objectGUID");
-       pdc->forest           = samdb_result_string(dom_res[0], "dnsDomain", lp_realm());
-       pdc->dns_domain       = samdb_result_string(dom_res[0], "dnsDomain", lp_realm());
-
-       /* TODO: get our full DNS name from somewhere else */
-       pdc->pdc_dns_name     = talloc_asprintf(packet, "%s.%s", 
-                                               strlower_talloc(packet, lp_netbios_name()), 
-                                               pdc->dns_domain);
-       pdc->domain           = samdb_result_string(dom_res[0], "nETBIOSName", name->name);;
-       pdc->pdc_name         = lp_netbios_name();
-       pdc->user_name        = netlogon->req.pdc2.user_name;
-       /* TODO: we need to make sure these are in our DNS zone */
-       pdc->site_name        = "Default-First-Site-Name";
-       pdc->site_name2       = "Default-First-Site-Name";
-       pdc->unknown          = 0x10; /* what is this? */
-       pdc->unknown2         = 2; /* and this ... */
-       pdc->pdc_ip           = my_ip;
-       pdc->nt_version       = 13;
-       pdc->lmnt_token       = 0xFFFF;
-       pdc->lm20_token       = 0xFFFF;
+       netlogon_response.response_type = NETLOGON_SAMLOGON;
 
        packet->data.msg.dest_name.type = 0;
 
        dgram_mailslot_netlogon_reply(reply_iface->dgmsock, 
                                      packet, 
-                                     netlogon->req.pdc2.mailslot_name,
-                                     &reply);
+                                     lp_netbios_name(iface->nbtsrv->task->lp_ctx),
+                                     netlogon->req.logon.mailslot_name,
+                                     &netlogon_response);
 }
 
 
@@ -235,15 +179,17 @@ void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot,
 
        DEBUG(2,("netlogon request to %s from %s:%d\n", 
                 nbt_name_string(netlogon, name), src->addr, src->port));
-       status = dgram_mailslot_netlogon_parse(dgmslot, netlogon, packet, netlogon);
+       status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon);
        if (!NT_STATUS_IS_OK(status)) goto failed;
 
        switch (netlogon->command) {
-       case NETLOGON_QUERY_FOR_PDC:
-               nbtd_netlogon_getdc(dgmslot, iface, packet, src, netlogon);
+       case LOGON_PRIMARY_QUERY:
+               nbtd_netlogon_getdc(dgmslot, iface, packet, 
+                                   src, netlogon);
                break;
-       case NETLOGON_QUERY_FOR_PDC2:
-               nbtd_netlogon_getdc2(dgmslot, iface, packet, src, netlogon);
+       case LOGON_SAM_LOGON_REQUEST:
+               nbtd_netlogon_samlogon(dgmslot, iface, packet, 
+                                      src, netlogon);
                break;
        default:
                DEBUG(2,("unknown netlogon op %d from %s:%d\n", 
Unnamed repository; edit this file 'description' to name the repository.