NBT datagram netlogon server
Copyright (C) Andrew Tridgell 2005
-
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "lib/ldb/include/ldb.h"
#include "dsdb/samdb/samdb.h"
#include "auth/auth.h"
-#include "db_wrap.h"
-#include "librpc/gen_ndr/ndr_nbt.h"
+#include "../lib/util/util_ldb.h"
+#include "param/param.h"
+#include "smbd/service_task.h"
+#include "cldap_server/cldap_server.h"
+#include "libcli/security/security.h"
/*
reply to a GETDC request
struct nbt_netlogon_packet *netlogon)
{
struct nbt_name *name = &packet->data.msg.dest_name;
- struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, False);
- struct nbt_netlogon_packet reply;
+ struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
struct nbt_netlogon_response_from_pdc *pdc;
const char *ref_attrs[] = {"nETBIOSName", NULL};
struct ldb_message **ref_res;
struct ldb_context *samctx;
+ struct ldb_dn *partitions_basedn;
+ struct nbt_netlogon_response netlogon_response;
int ret;
/* only answer getdc requests on the PDC or LOGON names */
return;
}
- samctx = samdb_connect(packet, anonymous_session(packet));
- if (samctx == NULL) {
- DEBUG(2,("Unable to open sam in getdc reply\n"));
- return;
+ samctx = iface->nbtsrv->sam_ctx;
+
+ if (!samdb_is_pdc(samctx)) {
+ DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n"));
+ return;
}
- ret = gendb_search(samctx, samctx, NULL, &ref_res, ref_attrs,
+ partitions_basedn = samdb_partitions_dn(samctx, packet);
+
+ ret = gendb_search(samctx, packet, partitions_basedn, &ref_res, ref_attrs,
"(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
name->name);
}
/* setup a GETDC reply */
- ZERO_STRUCT(reply);
- reply.command = NETLOGON_RESPONSE_FROM_PDC;
- pdc = &reply.req.response;
+ ZERO_STRUCT(netlogon_response);
+ netlogon_response.response_type = NETLOGON_GET_PDC;
+ pdc = &netlogon_response.data.get_pdc;
- pdc->pdc_name = lp_netbios_name();
+ pdc->command = NETLOGON_RESPONSE_FROM_PDC;
+ pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx);
pdc->unicode_pdc_name = pdc->pdc_name;
pdc->domain_name = samdb_result_string(ref_res[0], "nETBIOSName", name->name);;
pdc->nt_version = 1;
pdc->lmnt_token = 0xFFFF;
pdc->lm20_token = 0xFFFF;
-
- packet->data.msg.dest_name.type = 0;
-
dgram_mailslot_netlogon_reply(reply_iface->dgmsock,
packet,
+ lp_netbios_name(iface->nbtsrv->task->lp_ctx),
netlogon->req.pdc.mailslot_name,
- &reply);
+ &netlogon_response);
}
/*
reply to a ADS style GETDC request
*/
-static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot,
- struct nbtd_interface *iface,
- struct nbt_dgram_packet *packet,
- const struct socket_address *src,
- struct nbt_netlogon_packet *netlogon)
+static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
+ struct nbtd_interface *iface,
+ struct nbt_dgram_packet *packet,
+ const struct socket_address *src,
+ struct nbt_netlogon_packet *netlogon)
{
struct nbt_name *name = &packet->data.msg.dest_name;
- struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, False);
- struct nbt_netlogon_packet reply;
- struct nbt_netlogon_response_from_pdc2 *pdc;
+ struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
struct ldb_context *samctx;
- const char *ref_attrs[] = {"nETBIOSName", "ncName", NULL};
- const char *dom_attrs[] = {"dnsDomain", "objectGUID", NULL};
- struct ldb_message **ref_res, **dom_res;
- int ret;
- const char **services = lp_server_services();
const char *my_ip = reply_iface->ip_address;
- const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(packet, samdb_base_dn(packet), "CN=Partitions,CN=Configuration");
+ struct dom_sid *sid;
+ struct nbt_netlogon_response netlogon_response;
+ NTSTATUS status;
+
if (!my_ip) {
DEBUG(0, ("Could not obtain own IP address for datagram socket\n"));
return;
return;
}
- samctx = samdb_connect(packet, anonymous_session(packet));
- if (samctx == NULL) {
- DEBUG(2,("Unable to open sam in getdc reply\n"));
- return;
- }
+ samctx = iface->nbtsrv->sam_ctx;
- ret = gendb_search(samctx, samctx, partitions_basedn, &ref_res, ref_attrs,
- "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
- name->name);
-
- if (ret != 1) {
- DEBUG(2,("Unable to find domain reference '%s' in sam\n", name->name));
- return;
+ if (netlogon->req.logon.sid_size) {
+ sid = &netlogon->req.logon.sid;
+ } else {
+ sid = NULL;
}
- /* try and find the domain */
- ret = gendb_search_dn(samctx, samctx,
- samdb_result_dn(samctx, ref_res[0], "ncName", NULL),
- &dom_res, dom_attrs);
- if (ret != 1) {
- DEBUG(2,("Unable to find domain from reference '%s' in sam\n",
- ldb_dn_linearize(samctx, ref_res[0]->dn)));
+ status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL,
+ netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr,
+ netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
+ name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
return;
}
- /* setup a GETDC reply */
- ZERO_STRUCT(reply);
- reply.command = NETLOGON_RESPONSE_FROM_PDC2;
-
-#if 0
- /* newer testing shows that the reply command type is not
- changed based on whether a username is given in the
- reply. This was what was causing the w2k join to be so
- slow */
- if (netlogon->req.pdc2.user_name[0]) {
- reply.command = NETLOGON_RESPONSE_FROM_PDC_USER;
- }
-#endif
-
- pdc = &reply.req.response2;
-
- /* TODO: accurately depict which services we are running */
- pdc->server_type =
- NBT_SERVER_PDC | NBT_SERVER_GC |
- NBT_SERVER_DS | NBT_SERVER_TIMESERV |
- NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
- NBT_SERVER_GOOD_TIMESERV;
-
- /* hmm, probably a better way to do this */
- if (str_list_check(services, "ldap")) {
- pdc->server_type |= NBT_SERVER_LDAP;
- }
-
- if (str_list_check(services, "kdc")) {
- pdc->server_type |= NBT_SERVER_KDC;
- }
-
- pdc->domain_uuid = samdb_result_guid(dom_res[0], "objectGUID");
- pdc->forest = samdb_result_string(dom_res[0], "dnsDomain", lp_realm());
- pdc->dns_domain = samdb_result_string(dom_res[0], "dnsDomain", lp_realm());
-
- /* TODO: get our full DNS name from somewhere else */
- pdc->pdc_dns_name = talloc_asprintf(packet, "%s.%s",
- strlower_talloc(packet, lp_netbios_name()),
- pdc->dns_domain);
- pdc->domain = samdb_result_string(dom_res[0], "nETBIOSName", name->name);;
- pdc->pdc_name = lp_netbios_name();
- pdc->user_name = netlogon->req.pdc2.user_name;
- /* TODO: we need to make sure these are in our DNS zone */
- pdc->site_name = "Default-First-Site-Name";
- pdc->site_name2 = "Default-First-Site-Name";
- pdc->unknown = 0x10; /* what is this? */
- pdc->unknown2 = 2; /* and this ... */
- pdc->pdc_ip = my_ip;
- pdc->nt_version = 13;
- pdc->lmnt_token = 0xFFFF;
- pdc->lm20_token = 0xFFFF;
+ netlogon_response.response_type = NETLOGON_SAMLOGON;
packet->data.msg.dest_name.type = 0;
dgram_mailslot_netlogon_reply(reply_iface->dgmsock,
packet,
- netlogon->req.pdc2.mailslot_name,
- &reply);
+ lp_netbios_name(iface->nbtsrv->task->lp_ctx),
+ netlogon->req.logon.mailslot_name,
+ &netlogon_response);
}
DEBUG(2,("netlogon request to %s from %s:%d\n",
nbt_name_string(netlogon, name), src->addr, src->port));
- status = dgram_mailslot_netlogon_parse(dgmslot, netlogon, packet, netlogon);
+ status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon);
if (!NT_STATUS_IS_OK(status)) goto failed;
switch (netlogon->command) {
- case NETLOGON_QUERY_FOR_PDC:
- nbtd_netlogon_getdc(dgmslot, iface, packet, src, netlogon);
+ case LOGON_PRIMARY_QUERY:
+ nbtd_netlogon_getdc(dgmslot, iface, packet,
+ src, netlogon);
break;
- case NETLOGON_QUERY_FOR_PDC2:
- nbtd_netlogon_getdc2(dgmslot, iface, packet, src, netlogon);
+ case LOGON_SAM_LOGON_REQUEST:
+ nbtd_netlogon_samlogon(dgmslot, iface, packet,
+ src, netlogon);
break;
default:
DEBUG(2,("unknown netlogon op %d from %s:%d\n",