NBT datagram netlogon server
Copyright (C) Andrew Tridgell 2005
-
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
-#include "dlinklist.h"
#include "nbt_server/nbt_server.h"
-#include "smbd/service_task.h"
#include "lib/socket/socket.h"
#include "lib/ldb/include/ldb.h"
+#include "dsdb/samdb/samdb.h"
+#include "auth/auth.h"
+#include "../lib/util/util_ldb.h"
+#include "param/param.h"
+#include "smbd/service_task.h"
+#include "cldap_server/cldap_server.h"
+#include "libcli/security/security.h"
/*
reply to a GETDC request
*/
static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot,
+ struct nbtd_interface *iface,
struct nbt_dgram_packet *packet,
- const char *src_address, int src_port,
+ const struct socket_address *src,
struct nbt_netlogon_packet *netlogon)
{
struct nbt_name *name = &packet->data.msg.dest_name;
- struct nbt_netlogon_packet reply;
+ struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
struct nbt_netlogon_response_from_pdc *pdc;
const char *ref_attrs[] = {"nETBIOSName", NULL};
struct ldb_message **ref_res;
struct ldb_context *samctx;
+ struct ldb_dn *partitions_basedn;
+ struct nbt_netlogon_response netlogon_response;
int ret;
/* only answer getdc requests on the PDC or LOGON names */
return;
}
- samctx = samdb_connect(packet, anonymous_session(packet));
- if (samctx == NULL) {
- DEBUG(2,("Unable to open sam in getdc reply\n"));
- return;
+ samctx = iface->nbtsrv->sam_ctx;
+
+ if (!samdb_is_pdc(samctx)) {
+ DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n"));
+ return;
}
- ret = gendb_search(samctx, samctx, NULL, &ref_res, ref_attrs,
+ partitions_basedn = samdb_partitions_dn(samctx, packet);
+
+ ret = gendb_search(samctx, packet, partitions_basedn, &ref_res, ref_attrs,
"(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
name->name);
}
/* setup a GETDC reply */
- ZERO_STRUCT(reply);
- reply.command = NETLOGON_RESPONSE_FROM_PDC;
- pdc = &reply.req.response;
+ ZERO_STRUCT(netlogon_response);
+ netlogon_response.response_type = NETLOGON_GET_PDC;
+ pdc = &netlogon_response.data.get_pdc;
- pdc->pdc_name = lp_netbios_name();
+ pdc->command = NETLOGON_RESPONSE_FROM_PDC;
+ pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx);
pdc->unicode_pdc_name = pdc->pdc_name;
pdc->domain_name = samdb_result_string(ref_res[0], "nETBIOSName", name->name);;
pdc->nt_version = 1;
pdc->lmnt_token = 0xFFFF;
pdc->lm20_token = 0xFFFF;
-
- packet->data.msg.dest_name.type = 0;
-
- dgram_mailslot_netlogon_reply(dgmslot->dgmsock,
+ dgram_mailslot_netlogon_reply(reply_iface->dgmsock,
packet,
+ lp_netbios_name(iface->nbtsrv->task->lp_ctx),
netlogon->req.pdc.mailslot_name,
- &reply);
+ &netlogon_response);
}
/*
reply to a ADS style GETDC request
*/
-static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot,
- struct nbt_dgram_packet *packet,
- const char *src_address, int src_port,
- struct nbt_netlogon_packet *netlogon)
+static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
+ struct nbtd_interface *iface,
+ struct nbt_dgram_packet *packet,
+ const struct socket_address *src,
+ struct nbt_netlogon_packet *netlogon)
{
struct nbt_name *name = &packet->data.msg.dest_name;
- struct nbt_netlogon_packet reply;
- struct nbt_netlogon_response_from_pdc2 *pdc;
+ struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
struct ldb_context *samctx;
- const char *ref_attrs[] = {"nETBIOSName", "ncName", NULL};
- const char *dom_attrs[] = {"dnsDomain", "objectGUID", NULL};
- struct ldb_message **ref_res, **dom_res;
- int ret;
- const char **services = lp_server_services();
-
- /* only answer getdc requests on the PDC or LOGON names */
- if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
- return;
- }
+ const char *my_ip = reply_iface->ip_address;
+ struct dom_sid *sid;
+ struct nbt_netlogon_response netlogon_response;
+ NTSTATUS status;
- samctx = samdb_connect(packet, anonymous_session(packet));
- if (samctx == NULL) {
- DEBUG(2,("Unable to open sam in getdc reply\n"));
+ if (!my_ip) {
+ DEBUG(0, ("Could not obtain own IP address for datagram socket\n"));
return;
}
- ret = gendb_search(samctx, samctx, NULL, &ref_res, ref_attrs,
- "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))",
- name->name);
-
- if (ret != 1) {
- DEBUG(2,("Unable to find domain reference '%s' in sam\n", name->name));
+ /* only answer getdc requests on the PDC or LOGON names */
+ if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
return;
}
- /* try and find the domain */
- ret = gendb_search_dn(samctx, samctx,
- samdb_result_dn(samctx, ref_res[0], "ncName", NULL),
- &dom_res, dom_attrs);
- if (ret != 1) {
- DEBUG(2,("Unable to find domain from reference '%s' in sam\n",
- ldb_dn_linearize(samctx, ref_res[0]->dn)));
- return;
- }
+ samctx = iface->nbtsrv->sam_ctx;
- /* setup a GETDC reply */
- ZERO_STRUCT(reply);
- if (netlogon->req.pdc2.user_name[0]) {
- reply.command = NETLOGON_RESPONSE_FROM_PDC_USER;
+ if (netlogon->req.logon.sid_size) {
+ sid = &netlogon->req.logon.sid;
} else {
- reply.command = NETLOGON_RESPONSE_FROM_PDC2;
- }
- pdc = &reply.req.response2;
-
- /* TODO: accurately depict which services we are running */
- pdc->server_type =
- NBT_SERVER_PDC | NBT_SERVER_GC |
- NBT_SERVER_DS | NBT_SERVER_TIMESERV |
- NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
- NBT_SERVER_GOOD_TIMESERV;
-
- /* hmm, probably a better way to do this */
- if (str_list_check(services, "ldap")) {
- pdc->server_type |= NBT_SERVER_LDAP;
+ sid = NULL;
}
- if (str_list_check(services, "kdc")) {
- pdc->server_type |= NBT_SERVER_KDC;
+ status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL,
+ netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr,
+ netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
+ name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
+ return;
}
- pdc->domain_uuid = samdb_result_guid(dom_res[0], "objectGUID");
- pdc->forest = samdb_result_string(dom_res[0], "dnsDomain", lp_realm());
- pdc->dns_domain = samdb_result_string(dom_res[0], "dnsDomain", lp_realm());
-
- /* TODO: get our full DNS name from somewhere else */
- pdc->pdc_dns_name = talloc_asprintf(packet, "%s.%s",
- strlower_talloc(packet, lp_netbios_name()),
- pdc->dns_domain);
- pdc->domain = samdb_result_string(dom_res[0], "nETBIOSName", name->name);;
- pdc->pdc_name = lp_netbios_name();
- pdc->user_name = netlogon->req.pdc2.user_name;
- /* TODO: we need to make sure these are in our DNS zone */
- pdc->site_name = "Default-First-Site-Name";
- pdc->site_name2 = "Default-First-Site-Name";
- pdc->unknown = 0x10; /* what is this? */
- pdc->unknown2 = 2; /* and this ... */
- pdc->pdc_ip = socket_get_my_addr(dgmslot->dgmsock->sock, packet);
- pdc->nt_version = 13;
- pdc->lmnt_token = 0xFFFF;
- pdc->lm20_token = 0xFFFF;
+ netlogon_response.response_type = NETLOGON_SAMLOGON;
packet->data.msg.dest_name.type = 0;
- dgram_mailslot_netlogon_reply(dgmslot->dgmsock,
+ dgram_mailslot_netlogon_reply(reply_iface->dgmsock,
packet,
- netlogon->req.pdc2.mailslot_name,
- &reply);
+ lp_netbios_name(iface->nbtsrv->task->lp_ctx),
+ netlogon->req.logon.mailslot_name,
+ &netlogon_response);
}
*/
void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot,
struct nbt_dgram_packet *packet,
- const char *src_address, int src_port)
+ struct socket_address *src)
{
NTSTATUS status = NT_STATUS_NO_MEMORY;
struct nbtd_interface *iface =
}
DEBUG(2,("netlogon request to %s from %s:%d\n",
- nbt_name_string(netlogon, name), src_address, src_port));
- status = dgram_mailslot_netlogon_parse(dgmslot, netlogon, packet, netlogon);
+ nbt_name_string(netlogon, name), src->addr, src->port));
+ status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon);
if (!NT_STATUS_IS_OK(status)) goto failed;
switch (netlogon->command) {
- case NETLOGON_QUERY_FOR_PDC:
- nbtd_netlogon_getdc(dgmslot, packet, src_address, src_port, netlogon);
+ case LOGON_PRIMARY_QUERY:
+ nbtd_netlogon_getdc(dgmslot, iface, packet,
+ src, netlogon);
break;
- case NETLOGON_QUERY_FOR_PDC2:
- nbtd_netlogon_getdc2(dgmslot, packet, src_address, src_port, netlogon);
+ case LOGON_SAM_LOGON_REQUEST:
+ nbtd_netlogon_samlogon(dgmslot, iface, packet,
+ src, netlogon);
break;
default:
DEBUG(2,("unknown netlogon op %d from %s:%d\n",
- netlogon->command, src_address, src_port));
+ netlogon->command, src->addr, src->port));
NDR_PRINT_DEBUG(nbt_netlogon_packet, netlogon);
break;
}
return;
failed:
- DEBUG(2,("nbtd netlogon handler failed from %s:%d - %s\n",
- src_address, src_port, nt_errstr(status)));
+ DEBUG(2,("nbtd netlogon handler failed from %s:%d to %s - %s\n",
+ src->addr, src->port, nbt_name_string(netlogon, name),
+ nt_errstr(status)));
talloc_free(netlogon);
}
git.samba.org / bbaumbach / samba-autobuild / .git / blobdiff