struct tevent_context *ev,
struct rpc_pipe_client *cli,
const char *_server_name /* [in] [unique,charset(UTF16)] */,
- const char *_trusted_domain_name /* [in] [ref,charset(UTF16)] */,
+ const char *_computer_name /* [in] [ref,charset(UTF16)] */,
struct netr_Authenticator *_credential /* [in] [ref] */,
struct netr_Authenticator *_return_authenticator /* [out] [ref] */,
uint32_t _flags /* [in] */,
/* In parameters */
state->orig.in.server_name = _server_name;
- state->orig.in.trusted_domain_name = _trusted_domain_name;
+ state->orig.in.computer_name = _computer_name;
state->orig.in.credential = _credential;
state->orig.in.flags = _flags;
NTSTATUS rpccli_netr_GetForestTrustInformation_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
- WERROR *result)
+ NTSTATUS *result)
{
struct rpccli_netr_GetForestTrustInformation_state *state = tevent_req_data(
req, struct rpccli_netr_GetForestTrustInformation_state);
NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *server_name /* [in] [unique,charset(UTF16)] */,
- const char *trusted_domain_name /* [in] [ref,charset(UTF16)] */,
+ const char *computer_name /* [in] [ref,charset(UTF16)] */,
struct netr_Authenticator *credential /* [in] [ref] */,
struct netr_Authenticator *return_authenticator /* [out] [ref] */,
uint32_t flags /* [in] */,
- struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */,
- WERROR *werror)
+ struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */)
{
struct netr_GetForestTrustInformation r;
NTSTATUS status;
/* In parameters */
r.in.server_name = server_name;
- r.in.trusted_domain_name = trusted_domain_name;
+ r.in.computer_name = computer_name;
r.in.credential = credential;
r.in.flags = flags;
*forest_trust_info = *r.out.forest_trust_info;
/* Return result */
- if (werror) {
- *werror = r.out.result;
- }
-
- return werror_to_ntstatus(r.out.result);
+ return r.out.result;
}
struct rpccli_netr_LogonSamLogonWithFlags_state {
struct tevent_context *ev,
struct rpc_pipe_client *cli,
const char *_server_name /* [in] [unique,charset(UTF16)] */,
- const char *_trusted_domain_name /* [in] [ref,charset(UTF16)] */,
+ const char *_computer_name /* [in] [ref,charset(UTF16)] */,
struct netr_Authenticator *_credential /* [in] [ref] */,
struct netr_Authenticator *_return_authenticator /* [out] [ref] */,
uint32_t _flags /* [in] */,
struct lsa_ForestTrustInformation **_forest_trust_info /* [out] [ref] */);
NTSTATUS rpccli_netr_GetForestTrustInformation_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
- WERROR *result);
+ NTSTATUS *result);
NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
const char *server_name /* [in] [unique,charset(UTF16)] */,
- const char *trusted_domain_name /* [in] [ref,charset(UTF16)] */,
+ const char *computer_name /* [in] [ref,charset(UTF16)] */,
struct netr_Authenticator *credential /* [in] [ref] */,
struct netr_Authenticator *return_authenticator /* [out] [ref] */,
uint32_t flags /* [in] */,
- struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */,
- WERROR *werror);
+ struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */);
struct tevent_req *rpccli_netr_LogonSamLogonWithFlags_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct rpc_pipe_client *cli,
struct lsa_ForestTrustRecord {
uint32_t flags;
enum lsa_ForestTrustRecordType level;
- uint64_t unknown;
+ uint64_t time;
union lsa_ForestTrustData forest_trust_data;/* [switch_is(level)] */
};
NDR_CHECK(ndr_push_align(ndr, 8));
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->flags));
NDR_CHECK(ndr_push_lsa_ForestTrustRecordType(ndr, NDR_SCALARS, r->level));
- NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->unknown));
+ NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->time));
NDR_CHECK(ndr_push_set_switch_value(ndr, &r->forest_trust_data, r->level));
NDR_CHECK(ndr_push_lsa_ForestTrustData(ndr, NDR_SCALARS, &r->forest_trust_data));
NDR_CHECK(ndr_push_trailer_align(ndr, 8));
NDR_CHECK(ndr_pull_align(ndr, 8));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags));
NDR_CHECK(ndr_pull_lsa_ForestTrustRecordType(ndr, NDR_SCALARS, &r->level));
- NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->unknown));
+ NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->time));
NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->forest_trust_data, r->level));
NDR_CHECK(ndr_pull_lsa_ForestTrustData(ndr, NDR_SCALARS, &r->forest_trust_data));
NDR_CHECK(ndr_pull_trailer_align(ndr, 8));
ndr->depth++;
ndr_print_uint32(ndr, "flags", r->flags);
ndr_print_lsa_ForestTrustRecordType(ndr, "level", r->level);
- ndr_print_hyper(ndr, "unknown", r->unknown);
+ ndr_print_hyper(ndr, "time", r->time);
ndr_print_set_switch_value(ndr, &r->forest_trust_data, r->level);
ndr_print_lsa_ForestTrustData(ndr, "forest_trust_data", &r->forest_trust_data);
ndr->depth--;
NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
}
- if (r->in.trusted_domain_name == NULL) {
+ if (r->in.computer_name == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
- NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16)));
+ NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, 0));
- NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16)));
- NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.trusted_domain_name, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+ NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
+ NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
if (r->in.credential == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
if (*r->out.forest_trust_info) {
NDR_CHECK(ndr_push_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
}
- NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+ NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
}
return NDR_ERR_SUCCESS;
}
NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
}
- NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name));
- NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name));
- if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) {
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name));
+ NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name));
+ NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name));
+ if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) {
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name));
}
- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t)));
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16));
+ NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->in.credential);
}
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_1, 0);
}
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_0, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+ NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
}
return NDR_ERR_SUCCESS;
}
ndr_print_string(ndr, "server_name", r->in.server_name);
}
ndr->depth--;
- ndr_print_ptr(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+ ndr_print_ptr(ndr, "computer_name", r->in.computer_name);
ndr->depth++;
- ndr_print_string(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+ ndr_print_string(ndr, "computer_name", r->in.computer_name);
ndr->depth--;
ndr_print_ptr(ndr, "credential", r->in.credential);
ndr->depth++;
}
ndr->depth--;
ndr->depth--;
- ndr_print_WERROR(ndr, "result", r->out.result);
+ ndr_print_NTSTATUS(ndr, "result", r->out.result);
ndr->depth--;
}
ndr->depth--;
struct netr_GetForestTrustInformation {
struct {
const char *server_name;/* [unique,charset(UTF16)] */
- const char *trusted_domain_name;/* [ref,charset(UTF16)] */
+ const char *computer_name;/* [ref,charset(UTF16)] */
struct netr_Authenticator *credential;/* [ref] */
uint32_t flags;
} in;
struct {
struct netr_Authenticator *return_authenticator;/* [ref] */
struct lsa_ForestTrustInformation **forest_trust_info;/* [ref] */
- WERROR result;
+ NTSTATUS result;
} out;
};
WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, struct netr_DsrDeregisterDNSHostRecords *r);
NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustPasswordsGet *r);
WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r);
-WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r);
+NTSTATUS _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r);
NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r);
NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, struct netr_ServerGetTrustInfo *r);
void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns);
WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, struct netr_DsrDeregisterDNSHostRecords *r);
NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustPasswordsGet *r);
WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r);
-WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r);
+NTSTATUS _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r);
NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r);
NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, struct netr_ServerGetTrustInfo *r);
NTSTATUS rpc_netlogon_init(void);
typedef struct {
uint32 flags;
lsa_ForestTrustRecordType level;
- hyper unknown;
+ hyper time;
[switch_is(level)] lsa_ForestTrustData forest_trust_data;
} lsa_ForestTrustRecord;
/****************/
/* Function 0x2c */
- WERROR netr_GetForestTrustInformation(
+ NTSTATUS netr_GetForestTrustInformation(
[in,unique] [string,charset(UTF16)] uint16 *server_name,
- [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name,
+ [in,ref] [string,charset(UTF16)] uint16 *computer_name,
[in,ref] netr_Authenticator *credential,
[out,ref] netr_Authenticator *return_authenticator,
[in] uint32 flags,
}
+static WERROR fill_forest_trust_array(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ struct loadparm_context *lp_ctx,
+ struct lsa_ForestTrustInformation *info)
+{
+ struct lsa_ForestTrustDomainInfo *domain_info;
+ struct lsa_ForestTrustRecord *e;
+ struct ldb_message **dom_res;
+ const char * const dom_attrs[] = { "objectSid", NULL };
+ int ret;
+
+ /* we need to provide 2 entries:
+ * 1. the Root Forest name
+ * 2. the Domain Information
+ */
+
+ info->count = 2;
+ info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, 2);
+ W_ERROR_HAVE_NO_MEMORY(info->entries);
+
+ /* Forest root info */
+ e = talloc(info, struct lsa_ForestTrustRecord);
+ W_ERROR_HAVE_NO_MEMORY(e);
+
+ e->flags = 0;
+ e->level = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+ e->time = 0; /* so far always 0 in trces. */
+ e->forest_trust_data.top_level_name.string = lp_dnsdomain(lp_ctx);
+
+ info->entries[0] = e;
+
+ /* Domain info */
+ e = talloc(info, struct lsa_ForestTrustRecord);
+ W_ERROR_HAVE_NO_MEMORY(e);
+
+ /* get our own domain info */
+ ret = gendb_search_dn(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs);
+ if (ret != 1) {
+ return WERR_GENERAL_FAILURE;
+ }
+
+ /* TODO: check if disabled and set flags accordingly */
+ e->flags = 0;
+ e->level = LSA_FOREST_TRUST_DOMAIN_INFO;
+ e->time = 0; /* so far always 0 in traces. */
+
+ domain_info = &e->forest_trust_data.domain_info;
+ domain_info->domain_sid = samdb_result_dom_sid(info, dom_res[0],
+ "objectSid");
+ domain_info->dns_domain_name.string = lp_dnsdomain(lp_ctx);
+ domain_info->netbios_domain_name.string = lp_workgroup(lp_ctx);
+
+ info->entries[1] = e;
+
+ talloc_free(dom_res);
+
+ return WERR_OK;
+}
+
/*
netr_DsRGetForestTrustInformation
*/
-static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_DsRGetForestTrustInformation *r)
+static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct netr_DsRGetForestTrustInformation *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ struct lsa_ForestTrustInformation *info, **info_ptr;
+ struct ldb_context *sam_ctx;
+ WERROR werr;
+
+ ZERO_STRUCT(r->out);
+
+ if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
+ return WERR_CALL_NOT_IMPLEMENTED;
+ }
+
+ if (r->in.flags & 0xFFFFFFFE) {
+ return WERR_INVALID_FLAGS;
+ }
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_GENERAL_FAILURE;
+ }
+
+ if (r->in.flags & DS_GFTI_UPDATE_TDO) {
+ if (!samdb_is_pdc(sam_ctx)) {
+ return WERR_NERR_NOTPRIMARY;
+ }
+
+ if (r->in.trusted_domain_name == NULL) {
+ return WERR_INVALID_FLAGS;
+ }
+
+ /* TODO: establish an schannel connection with
+ * r->in.trusted_domain_name and perform a
+ * netr_GetForestTrustInformation call against it */
+
+ /* for now return not implementd */
+ return WERR_CALL_NOT_IMPLEMENTED;
+ }
+
+ /* TODO: check r->in.server_name is our name */
+
+ info_ptr = talloc(mem_ctx, struct lsa_ForestTrustInformation *);
+ W_ERROR_HAVE_NO_MEMORY(info_ptr);
+
+ info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation);
+ W_ERROR_HAVE_NO_MEMORY(info);
+
+ werr = fill_forest_trust_array(mem_ctx, sam_ctx, lp_ctx, info);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ *info_ptr = info;
+ r->out.forest_trust_info = info_ptr;
+
+ return WERR_OK;
}
/*
netr_GetForestTrustInformation
*/
-static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_GetForestTrustInformation *r)
+static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct netr_GetForestTrustInformation *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ struct netlogon_creds_CredentialState *creds;
+ struct lsa_ForestTrustInformation *info, **info_ptr;
+ struct ldb_context *sam_ctx;
+ NTSTATUS status;
+ WERROR werr;
+
+ if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ ZERO_STRUCT(r->out);
+
+ status = dcesrv_netr_creds_server_step_check(dce_call,
+ mem_ctx,
+ r->in.computer_name,
+ r->in.credential,
+ r->out.return_authenticator,
+ &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if ((creds->secure_channel_type != SEC_CHAN_DNS_DOMAIN) &&
+ (creds->secure_channel_type != SEC_CHAN_DOMAIN)) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* TODO: check r->in.server_name is our name */
+
+ info_ptr = talloc(mem_ctx, struct lsa_ForestTrustInformation *);
+ if (!info_ptr) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation);
+ if (!info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ werr = fill_forest_trust_array(mem_ctx, sam_ctx, lp_ctx, info);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werror_to_ntstatus(werr);
+ }
+
+ *info_ptr = info;
+ r->out.forest_trust_info = info_ptr;
+
+ return NT_STATUS_OK;
}
git.samba.org / kai / samba-autobuild / .git / commitdiff