2 Unix SMB/CIFS implementation.
4 endpoint server for the netlogon pipe
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "rpc_server/dcerpc_server.h"
25 #include "rpc_server/common/common.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "auth/auth.h"
28 #include "auth/auth_sam_reply.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "dsdb/common/flags.h"
31 #include "rpc_server/samr/proto.h"
32 #include "../lib/util/util_ldb.h"
33 #include "libcli/auth/libcli_auth.h"
34 #include "auth/gensec/schannel.h"
35 #include "libcli/security/security.h"
36 #include "param/param.h"
37 #include "lib/messaging/irpc.h"
38 #include "librpc/gen_ndr/ndr_irpc.h"
39 #include "librpc/gen_ndr/ndr_netlogon.h"
41 struct netlogon_server_pipe_state {
42 struct netr_Credential client_challenge;
43 struct netr_Credential server_challenge;
47 static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
48 struct netr_ServerReqChallenge *r)
50 struct netlogon_server_pipe_state *pipe_state =
51 talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
53 ZERO_STRUCTP(r->out.return_credentials);
55 /* destroyed on pipe shutdown */
58 talloc_free(pipe_state);
59 dce_call->context->private_data = NULL;
62 pipe_state = talloc(dce_call->context, struct netlogon_server_pipe_state);
63 NT_STATUS_HAVE_NO_MEMORY(pipe_state);
65 pipe_state->client_challenge = *r->in.credentials;
67 generate_random_buffer(pipe_state->server_challenge.data,
68 sizeof(pipe_state->server_challenge.data));
70 *r->out.return_credentials = pipe_state->server_challenge;
72 dce_call->context->private_data = pipe_state;
77 static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
78 struct netr_ServerAuthenticate3 *r)
80 struct netlogon_server_pipe_state *pipe_state =
81 talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
82 struct netlogon_creds_CredentialState *creds;
83 struct ldb_context *schannel_ldb;
84 struct ldb_context *sam_ctx;
85 struct samr_Password *mach_pwd;
86 uint32_t user_account_control;
88 struct ldb_message **msgs;
90 const char *attrs[] = {"unicodePwd", "userAccountControl",
93 const char *trust_dom_attrs[] = {"flatname", NULL};
94 const char *account_name;
96 ZERO_STRUCTP(r->out.return_credentials);
100 * According to Microsoft (see bugid #6099)
101 * Windows 7 looks at the negotiate_flags
102 * returned in this structure *even if the
103 * call fails with access denied!
105 *r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
106 NETLOGON_NEG_PERSISTENT_SAMREPL |
107 NETLOGON_NEG_ARCFOUR |
108 NETLOGON_NEG_PROMOTION_COUNT |
109 NETLOGON_NEG_CHANGELOG_BDC |
110 NETLOGON_NEG_FULL_SYNC_REPL |
111 NETLOGON_NEG_MULTIPLE_SIDS |
113 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
114 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
115 NETLOGON_NEG_GENERIC_PASSTHROUGH |
116 NETLOGON_NEG_CONCURRENT_RPC |
117 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
118 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
119 NETLOGON_NEG_STRONG_KEYS |
120 NETLOGON_NEG_TRANSITIVE_TRUSTS |
121 NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
122 NETLOGON_NEG_PASSWORD_SET2 |
123 NETLOGON_NEG_GETDOMAININFO |
124 NETLOGON_NEG_CROSS_FOREST_TRUSTS |
125 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
126 NETLOGON_NEG_RODC_PASSTHROUGH |
127 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
128 NETLOGON_NEG_AUTHENTICATED_RPC;
131 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
132 return NT_STATUS_ACCESS_DENIED;
135 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
136 system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
137 if (sam_ctx == NULL) {
138 return NT_STATUS_INVALID_SYSTEM_SERVICE;
141 if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
142 char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
143 const char *flatname;
144 if (!encoded_account) {
145 return NT_STATUS_NO_MEMORY;
148 /* Kill the trailing dot */
149 if (encoded_account[strlen(encoded_account)-1] == '.') {
150 encoded_account[strlen(encoded_account)-1] = '\0';
153 /* pull the user attributes */
154 num_records = gendb_search((struct ldb_context *)sam_ctx,
155 mem_ctx, NULL, &msgs,
157 "(&(trustPartner=%s)(objectclass=trustedDomain))",
160 if (num_records == 0) {
161 DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
163 return NT_STATUS_ACCESS_DENIED;
166 if (num_records > 1) {
167 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
168 return NT_STATUS_INTERNAL_DB_CORRUPTION;
171 flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
173 /* No flatname for this trust - we can't proceed */
174 return NT_STATUS_ACCESS_DENIED;
176 account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
179 return NT_STATUS_NO_MEMORY;
183 account_name = r->in.account_name;
186 /* pull the user attributes */
187 num_records = gendb_search((struct ldb_context *)sam_ctx, mem_ctx,
189 "(&(sAMAccountName=%s)(objectclass=user))",
190 ldb_binary_encode_string(mem_ctx, account_name));
192 if (num_records == 0) {
193 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
194 r->in.account_name));
195 return NT_STATUS_ACCESS_DENIED;
198 if (num_records > 1) {
199 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
200 return NT_STATUS_INTERNAL_DB_CORRUPTION;
204 user_account_control = ldb_msg_find_attr_as_uint(msgs[0], "userAccountControl", 0);
206 if (user_account_control & UF_ACCOUNTDISABLE) {
207 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
208 return NT_STATUS_ACCESS_DENIED;
211 if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
212 if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
213 DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
214 return NT_STATUS_ACCESS_DENIED;
216 } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
217 r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
218 if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
219 DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
221 return NT_STATUS_ACCESS_DENIED;
223 } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
224 if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
225 DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
226 return NT_STATUS_ACCESS_DENIED;
229 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
230 r->in.secure_channel_type));
231 return NT_STATUS_ACCESS_DENIED;
234 *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
237 mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "unicodePwd");
238 if (mach_pwd == NULL) {
239 return NT_STATUS_ACCESS_DENIED;
242 creds = netlogon_creds_server_init(mem_ctx,
245 r->in.secure_channel_type,
246 &pipe_state->client_challenge,
247 &pipe_state->server_challenge,
250 r->out.return_credentials,
251 *r->in.negotiate_flags);
254 return NT_STATUS_ACCESS_DENIED;
257 creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
259 schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
261 return NT_STATUS_ACCESS_DENIED;
264 nt_status = schannel_store_session_key(schannel_ldb, mem_ctx, creds);
265 talloc_free(schannel_ldb);
270 static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
271 struct netr_ServerAuthenticate *r)
273 struct netr_ServerAuthenticate3 a;
276 * negotiate_flags is used as an [in] parameter
277 * so it need to be initialised.
279 * (I think ... = 0; seems wrong here --metze)
281 uint32_t negotiate_flags_in = 0;
282 uint32_t negotiate_flags_out = 0;
284 a.in.server_name = r->in.server_name;
285 a.in.account_name = r->in.account_name;
286 a.in.secure_channel_type = r->in.secure_channel_type;
287 a.in.computer_name = r->in.computer_name;
288 a.in.credentials = r->in.credentials;
289 a.in.negotiate_flags = &negotiate_flags_in;
291 a.out.return_credentials = r->out.return_credentials;
293 a.out.negotiate_flags = &negotiate_flags_out;
295 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &a);
298 static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
299 struct netr_ServerAuthenticate2 *r)
301 struct netr_ServerAuthenticate3 r3;
304 r3.in.server_name = r->in.server_name;
305 r3.in.account_name = r->in.account_name;
306 r3.in.secure_channel_type = r->in.secure_channel_type;
307 r3.in.computer_name = r->in.computer_name;
308 r3.in.credentials = r->in.credentials;
309 r3.out.return_credentials = r->out.return_credentials;
310 r3.in.negotiate_flags = r->in.negotiate_flags;
311 r3.out.negotiate_flags = r->out.negotiate_flags;
314 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
318 Validate an incoming authenticator against the credentials for the remote machine.
320 The credentials are (re)read and from the schannel database, and
321 written back after the caclulations are performed.
323 The creds_out parameter (if not NULL) returns the credentials, if
324 the caller needs some of that information.
327 static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
328 const char *computer_name,
330 struct netr_Authenticator *received_authenticator,
331 struct netr_Authenticator *return_authenticator,
332 struct netlogon_creds_CredentialState **creds_out)
335 struct ldb_context *ldb;
336 bool schannel_in_use = dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
337 && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
338 || dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
340 ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
342 return NT_STATUS_ACCESS_DENIED;
345 nt_status = schannel_creds_server_step_check(ldb, mem_ctx,
348 received_authenticator,
349 return_authenticator, creds_out);
355 Change the machine account password for the currently connected
356 client. Supplies only the NT#.
359 static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
360 struct netr_ServerPasswordSet *r)
362 struct netlogon_creds_CredentialState *creds;
363 struct ldb_context *sam_ctx;
366 nt_status = dcesrv_netr_creds_server_step_check(dce_call,
367 r->in.computer_name, mem_ctx,
368 r->in.credential, r->out.return_authenticator,
370 NT_STATUS_NOT_OK_RETURN(nt_status);
372 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
373 if (sam_ctx == NULL) {
374 return NT_STATUS_INVALID_SYSTEM_SERVICE;
377 netlogon_creds_des_decrypt(creds, r->in.new_password);
379 /* Using the sid for the account as the key, set the password */
380 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
382 NULL, /* Don't have plaintext */
383 NULL, r->in.new_password,
384 true, /* Password change */
390 Change the machine account password for the currently connected
391 client. Supplies new plaintext.
393 static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
394 struct netr_ServerPasswordSet2 *r)
396 struct netlogon_creds_CredentialState *creds;
397 struct ldb_context *sam_ctx;
399 DATA_BLOB new_password;
401 struct samr_CryptPassword password_buf;
403 nt_status = dcesrv_netr_creds_server_step_check(dce_call,
404 r->in.computer_name, mem_ctx,
405 r->in.credential, r->out.return_authenticator,
407 NT_STATUS_NOT_OK_RETURN(nt_status);
409 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
410 if (sam_ctx == NULL) {
411 return NT_STATUS_INVALID_SYSTEM_SERVICE;
414 memcpy(password_buf.data, r->in.new_password->data, 512);
415 SIVAL(password_buf.data, 512, r->in.new_password->length);
416 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
418 if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
419 DEBUG(3,("samr: failed to decode password buffer\n"));
420 return NT_STATUS_WRONG_PASSWORD;
423 /* Using the sid for the account as the key, set the password */
424 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
426 &new_password, /* we have plaintext */
428 true, /* Password change */
437 static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
438 struct netr_LogonUasLogon *r)
440 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
447 static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
448 struct netr_LogonUasLogoff *r)
450 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
455 netr_LogonSamLogon_base
457 This version of the function allows other wrappers to say 'do not check the credentials'
459 We can't do the traditional 'wrapping' format completly, as this function must only run under schannel
461 static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
462 struct netr_LogonSamLogonEx *r, struct netlogon_creds_CredentialState *creds)
464 struct auth_context *auth_context;
465 struct auth_usersupplied_info *user_info;
466 struct auth_serversupplied_info *server_info;
468 static const char zeros[16];
469 struct netr_SamBaseInfo *sam;
470 struct netr_SamInfo2 *sam2;
471 struct netr_SamInfo3 *sam3;
472 struct netr_SamInfo6 *sam6;
474 user_info = talloc(mem_ctx, struct auth_usersupplied_info);
475 NT_STATUS_HAVE_NO_MEMORY(user_info);
477 user_info->flags = 0;
478 user_info->mapped_state = false;
479 user_info->remote_host = NULL;
481 switch (r->in.logon_level) {
482 case NetlogonInteractiveInformation:
483 case NetlogonServiceInformation:
484 case NetlogonInteractiveTransitiveInformation:
485 case NetlogonServiceTransitiveInformation:
486 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
487 netlogon_creds_arcfour_crypt(creds,
488 r->in.logon->password->lmpassword.hash,
489 sizeof(r->in.logon->password->lmpassword.hash));
490 netlogon_creds_arcfour_crypt(creds,
491 r->in.logon->password->ntpassword.hash,
492 sizeof(r->in.logon->password->ntpassword.hash));
494 netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
495 netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
498 /* TODO: we need to deny anonymous access here */
499 nt_status = auth_context_create(mem_ctx,
500 dce_call->event_ctx, dce_call->msg_ctx,
501 dce_call->conn->dce_ctx->lp_ctx,
503 NT_STATUS_NOT_OK_RETURN(nt_status);
505 user_info->logon_parameters = r->in.logon->password->identity_info.parameter_control;
506 user_info->client.account_name = r->in.logon->password->identity_info.account_name.string;
507 user_info->client.domain_name = r->in.logon->password->identity_info.domain_name.string;
508 user_info->workstation_name = r->in.logon->password->identity_info.workstation.string;
510 user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
511 user_info->password_state = AUTH_PASSWORD_HASH;
513 user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
514 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman);
515 *user_info->password.hash.lanman = r->in.logon->password->lmpassword;
517 user_info->password.hash.nt = talloc(user_info, struct samr_Password);
518 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt);
519 *user_info->password.hash.nt = r->in.logon->password->ntpassword;
522 case NetlogonNetworkInformation:
523 case NetlogonNetworkTransitiveInformation:
525 /* TODO: we need to deny anonymous access here */
526 nt_status = auth_context_create(mem_ctx,
527 dce_call->event_ctx, dce_call->msg_ctx,
528 dce_call->conn->dce_ctx->lp_ctx,
530 NT_STATUS_NOT_OK_RETURN(nt_status);
532 nt_status = auth_context_set_challenge(auth_context, r->in.logon->network->challenge, "netr_LogonSamLogonWithFlags");
533 NT_STATUS_NOT_OK_RETURN(nt_status);
535 user_info->logon_parameters = r->in.logon->network->identity_info.parameter_control;
536 user_info->client.account_name = r->in.logon->network->identity_info.account_name.string;
537 user_info->client.domain_name = r->in.logon->network->identity_info.domain_name.string;
538 user_info->workstation_name = r->in.logon->network->identity_info.workstation.string;
540 user_info->password_state = AUTH_PASSWORD_RESPONSE;
541 user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length);
542 user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length);
547 case NetlogonGenericInformation:
549 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
550 netlogon_creds_arcfour_crypt(creds,
551 r->in.logon->generic->data, r->in.logon->generic->length);
553 /* Using DES to verify kerberos tickets makes no sense */
554 return NT_STATUS_INVALID_PARAMETER;
557 if (strcmp(r->in.logon->generic->package_name.string, "Kerberos") == 0) {
559 struct server_id *kdc;
560 struct kdc_check_generic_kerberos check;
561 struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
562 NT_STATUS_HAVE_NO_MEMORY(generic);
563 *r->out.authoritative = 1;
565 /* TODO: Describe and deal with these flags */
568 r->out.validation->generic = generic;
570 kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server");
571 if ((kdc == NULL) || (kdc[0].id == 0)) {
572 return NT_STATUS_NO_LOGON_SERVERS;
575 check.in.generic_request =
576 data_blob_const(r->in.logon->generic->data,
577 r->in.logon->generic->length);
579 status = irpc_call(dce_call->msg_ctx, kdc[0],
580 &ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS,
582 if (!NT_STATUS_IS_OK(status)) {
585 generic->length = check.out.generic_reply.length;
586 generic->data = check.out.generic_reply.data;
590 /* Until we get an implemetnation of these other packages */
591 return NT_STATUS_INVALID_PARAMETER;
594 return NT_STATUS_INVALID_PARAMETER;
597 nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
598 NT_STATUS_NOT_OK_RETURN(nt_status);
600 nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
601 NT_STATUS_NOT_OK_RETURN(nt_status);
603 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
604 /* It appears that level 6 is not individually encrypted */
605 if ((r->in.validation_level != 6) &&
606 memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
607 /* This key is sent unencrypted without the ARCFOUR flag set */
608 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
609 netlogon_creds_arcfour_crypt(creds,
611 sizeof(sam->key.key));
615 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
616 /* It appears that level 6 is not individually encrypted */
617 if ((r->in.validation_level != 6) &&
618 memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
619 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
620 netlogon_creds_arcfour_crypt(creds,
622 sizeof(sam->LMSessKey.key));
624 netlogon_creds_des_encrypt_LMKey(creds,
629 switch (r->in.validation_level) {
631 sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
632 NT_STATUS_HAVE_NO_MEMORY(sam2);
634 r->out.validation->sam2 = sam2;
638 sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
639 NT_STATUS_HAVE_NO_MEMORY(sam3);
641 r->out.validation->sam3 = sam3;
645 sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
646 NT_STATUS_HAVE_NO_MEMORY(sam6);
648 sam6->forest.string = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
649 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
650 sam->account_name.string, sam6->forest.string);
651 NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
652 r->out.validation->sam6 = sam6;
659 *r->out.authoritative = 1;
661 /* TODO: Describe and deal with these flags */
667 static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
668 struct netr_LogonSamLogonEx *r)
671 struct netlogon_creds_CredentialState *creds;
672 struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
674 return NT_STATUS_ACCESS_DENIED;
677 nt_status = schannel_fetch_session_key(ldb, mem_ctx, r->in.computer_name, &creds);
678 if (!NT_STATUS_IS_OK(nt_status)) {
682 if (!dce_call->conn->auth_state.auth_info ||
683 dce_call->conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
684 return NT_STATUS_ACCESS_DENIED;
686 return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
690 netr_LogonSamLogonWithFlags
693 static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
694 struct netr_LogonSamLogonWithFlags *r)
697 struct netlogon_creds_CredentialState *creds;
698 struct netr_LogonSamLogonEx r2;
700 struct netr_Authenticator *return_authenticator;
702 return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
703 NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
705 nt_status = dcesrv_netr_creds_server_step_check(dce_call,
706 r->in.computer_name, mem_ctx,
707 r->in.credential, return_authenticator,
709 NT_STATUS_NOT_OK_RETURN(nt_status);
713 r2.in.server_name = r->in.server_name;
714 r2.in.computer_name = r->in.computer_name;
715 r2.in.logon_level = r->in.logon_level;
716 r2.in.logon = r->in.logon;
717 r2.in.validation_level = r->in.validation_level;
718 r2.in.flags = r->in.flags;
719 r2.out.validation = r->out.validation;
720 r2.out.authoritative = r->out.authoritative;
721 r2.out.flags = r->out.flags;
723 nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
725 r->out.return_authenticator = return_authenticator;
733 static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
734 struct netr_LogonSamLogon *r)
736 struct netr_LogonSamLogonWithFlags r2;
742 r2.in.server_name = r->in.server_name;
743 r2.in.computer_name = r->in.computer_name;
744 r2.in.credential = r->in.credential;
745 r2.in.return_authenticator = r->in.return_authenticator;
746 r2.in.logon_level = r->in.logon_level;
747 r2.in.logon = r->in.logon;
748 r2.in.validation_level = r->in.validation_level;
749 r2.in.flags = &flags;
750 r2.out.validation = r->out.validation;
751 r2.out.authoritative = r->out.authoritative;
752 r2.out.flags = &flags;
754 status = dcesrv_netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
756 r->out.return_authenticator = r2.out.return_authenticator;
765 static NTSTATUS dcesrv_netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
766 struct netr_LogonSamLogoff *r)
768 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
776 static NTSTATUS dcesrv_netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
777 struct netr_DatabaseDeltas *r)
779 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
786 static NTSTATUS dcesrv_netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
787 struct netr_DatabaseSync *r)
789 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
790 return NT_STATUS_NOT_IMPLEMENTED;
797 static NTSTATUS dcesrv_netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
798 struct netr_AccountDeltas *r)
800 /* w2k3 returns "NOT IMPLEMENTED" for this call */
801 return NT_STATUS_NOT_IMPLEMENTED;
808 static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
809 struct netr_AccountSync *r)
811 /* w2k3 returns "NOT IMPLEMENTED" for this call */
812 return NT_STATUS_NOT_IMPLEMENTED;
819 static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
820 struct netr_GetDcName *r)
822 const char * const attrs[] = { NULL };
824 struct ldb_message **res;
825 struct ldb_dn *domain_dn;
829 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
830 dce_call->conn->dce_ctx->lp_ctx,
831 dce_call->conn->auth_state.session_info);
832 if (sam_ctx == NULL) {
833 return WERR_DS_SERVICE_UNAVAILABLE;
836 domain_dn = samdb_domain_to_dn((struct ldb_context *)sam_ctx, mem_ctx,
838 if (domain_dn == NULL) {
839 return WERR_DS_SERVICE_UNAVAILABLE;
842 ret = gendb_search_dn((struct ldb_context *)sam_ctx, mem_ctx,
843 domain_dn, &res, attrs);
845 return WERR_NO_SUCH_DOMAIN;
848 /* TODO: - return real IP address
849 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
851 dcname = talloc_asprintf(mem_ctx, "\\\\%s",
852 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx));
853 W_ERROR_HAVE_NO_MEMORY(dcname);
855 *r->out.dcname = dcname;
863 static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
864 struct netr_LogonControl *r)
866 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
873 static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
874 struct netr_GetAnyDCName *r)
876 struct netr_GetDcName r2;
881 r2.in.logon_server = r->in.logon_server;
882 r2.in.domainname = r->in.domainname;
883 r2.out.dcname = r->out.dcname;
885 werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, &r2);
894 static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
895 struct netr_LogonControl2 *r)
897 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
904 static NTSTATUS dcesrv_netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
905 struct netr_DatabaseSync2 *r)
907 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
908 return NT_STATUS_NOT_IMPLEMENTED;
915 static NTSTATUS dcesrv_netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
916 struct netr_DatabaseRedo *r)
918 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
925 static WERROR dcesrv_netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
926 struct netr_LogonControl2Ex *r)
928 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
933 netr_NetrEnumerateTurstedDomains
935 static WERROR dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
936 struct netr_NetrEnumerateTrustedDomains *r)
938 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
943 netr_LogonGetCapabilities
945 static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
946 struct netr_LogonGetCapabilities *r)
948 /* we don't support AES yet */
949 return NT_STATUS_NOT_IMPLEMENTED;
954 netr_NETRLOGONSETSERVICEBITS
956 static WERROR dcesrv_netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
957 struct netr_NETRLOGONSETSERVICEBITS *r)
959 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
964 netr_LogonGetTrustRid
966 static WERROR dcesrv_netr_LogonGetTrustRid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
967 struct netr_LogonGetTrustRid *r)
969 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
974 netr_NETRLOGONCOMPUTESERVERDIGEST
976 static WERROR dcesrv_netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
977 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
979 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
984 netr_NETRLOGONCOMPUTECLIENTDIGEST
986 static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
987 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
989 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
997 static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
998 struct netr_DsRGetSiteName *r)
1000 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1005 fill in a netr_DomainTrustInfo from a ldb search result
1007 static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
1008 struct ldb_message *res,
1009 struct ldb_message *ref_res,
1010 struct netr_DomainTrustInfo *info,
1011 bool is_local, bool is_trust_list)
1015 info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
1016 info->trust_extension.length = 16;
1017 info->trust_extension.info->flags =
1018 NETR_TRUST_FLAG_TREEROOT |
1019 NETR_TRUST_FLAG_IN_FOREST |
1020 NETR_TRUST_FLAG_PRIMARY;
1021 info->trust_extension.info->parent_index = 0; /* should be index into array
1023 info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
1024 info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */
1026 if (is_trust_list) {
1027 /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
1028 info->forest.string = NULL;
1030 /* TODO: we need a common function for pulling the forest */
1031 info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL);
1035 info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL);
1036 info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL);
1037 info->guid = samdb_result_guid(res, "objectGUID");
1038 info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
1040 info->domainname.string = samdb_result_string(res, "flatName", NULL);
1041 info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL);
1042 info->guid = samdb_result_guid(res, "objectGUID");
1043 info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
1046 return NT_STATUS_OK;
1050 netr_LogonGetDomainInfo
1051 this is called as part of the ADS domain logon procedure.
1053 It has an important role in convaying details about the client, such
1054 as Operating System, Version, Service Pack etc.
1056 static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1057 struct netr_LogonGetDomainInfo *r)
1059 const char * const attrs[] = { "objectSid",
1060 "objectGUID", "flatName", "securityIdentifier",
1061 "trustPartner", NULL };
1062 const char * const ref_attrs[] = { "nETBIOSName", "dnsRoot", NULL };
1063 struct ldb_context *sam_ctx;
1064 struct ldb_message **res1, **res2, **ref_res;
1065 struct netr_DomainInfo1 *info1;
1066 int ret, ret1, ret2, i;
1068 struct ldb_dn *partitions_basedn;
1070 const char *local_domain;
1072 status = dcesrv_netr_creds_server_step_check(dce_call,
1073 r->in.computer_name, mem_ctx,
1075 r->out.return_authenticator,
1077 if (!NT_STATUS_IS_OK(status)) {
1078 DEBUG(0,(__location__ " Bad credentials - error\n"));
1080 NT_STATUS_NOT_OK_RETURN(status);
1082 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1083 if (sam_ctx == NULL) {
1084 return NT_STATUS_INVALID_SYSTEM_SERVICE;
1087 partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
1089 /* we need to do two searches. The first will pull our primary
1090 domain and the second will pull any trusted domains. Our
1091 primary domain is also a "trusted" domain, so we need to
1092 put the primary domain into the lists of returned trusts as
1094 ret1 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx), &res1, attrs);
1096 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1099 /* try and find the domain */
1100 ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn,
1101 &ref_res, ref_attrs,
1102 "(&(objectClass=crossRef)(ncName=%s))",
1103 ldb_dn_get_linearized(res1[0]->dn));
1105 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1108 local_domain = samdb_result_string(ref_res[0], "nETBIOSName", NULL);
1110 ret2 = gendb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
1112 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1115 info1 = talloc(mem_ctx, struct netr_DomainInfo1);
1116 NT_STATUS_HAVE_NO_MEMORY(info1);
1118 ZERO_STRUCTP(info1);
1120 info1->num_trusts = ret2 + 1;
1121 info1->trusts = talloc_array(mem_ctx, struct netr_DomainTrustInfo,
1123 NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
1125 status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo,
1127 NT_STATUS_NOT_OK_RETURN(status);
1129 for (i=0;i<ret2;i++) {
1130 status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i],
1132 NT_STATUS_NOT_OK_RETURN(status);
1135 status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i],
1137 NT_STATUS_NOT_OK_RETURN(status);
1139 info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL);
1140 info1->workstation_flags =
1141 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
1142 info1->supported_enc_types = 0; /* w2008 gives this 0 */
1144 r->out.info->info1 = info1;
1146 return NT_STATUS_OK;
1152 netr_ServerPasswordGet
1154 static WERROR dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1155 struct netr_ServerPasswordGet *r)
1157 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1162 netr_NETRLOGONSENDTOSAM
1164 static WERROR dcesrv_netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1165 struct netr_NETRLOGONSENDTOSAM *r)
1167 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1172 netr_DsRAddressToSitenamesW
1174 static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1175 struct netr_DsRAddressToSitenamesW *r)
1177 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1182 netr_DsRGetDCNameEx2
1184 static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1185 struct netr_DsRGetDCNameEx2 *r)
1187 const char * const attrs[] = { "objectGUID", NULL };
1189 struct ldb_message **res;
1190 struct ldb_dn *domain_dn;
1192 struct netr_DsRGetDCNameInfo *info;
1194 ZERO_STRUCTP(r->out.info);
1196 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1197 if (sam_ctx == NULL) {
1198 return WERR_DS_SERVICE_UNAVAILABLE;
1201 /* Win7-beta will send the domain name in the form the user typed, so we have to cope
1202 with both the short and long form here */
1203 if (r->in.domain_name == NULL || strcasecmp(r->in.domain_name, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx)) == 0) {
1204 r->in.domain_name = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
1207 domain_dn = samdb_dns_domain_to_dn((struct ldb_context *)sam_ctx,
1210 if (domain_dn == NULL) {
1211 return WERR_DS_SERVICE_UNAVAILABLE;
1214 ret = gendb_search_dn((struct ldb_context *)sam_ctx, mem_ctx,
1215 domain_dn, &res, attrs);
1217 return WERR_NO_SUCH_DOMAIN;
1220 info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
1221 W_ERROR_HAVE_NO_MEMORY(info);
1223 /* TODO: - return real IP address
1224 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
1226 info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s",
1227 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
1228 lp_realm(dce_call->conn->dce_ctx->lp_ctx));
1229 W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
1230 info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
1231 W_ERROR_HAVE_NO_MEMORY(info->dc_address);
1232 info->dc_address_type = DS_ADDRESS_TYPE_INET;
1233 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
1234 info->domain_name = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
1235 info->forest_name = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
1236 info->dc_flags = DS_DNS_FOREST |
1239 DS_SERVER_WRITABLE |
1241 DS_SERVER_TIMESERV |
1247 info->dc_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1248 W_ERROR_HAVE_NO_MEMORY(info->dc_site_name);
1249 info->client_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1250 W_ERROR_HAVE_NO_MEMORY(info->client_site_name);
1252 *r->out.info = info;
1260 static WERROR dcesrv_netr_DsRGetDCNameEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1261 struct netr_DsRGetDCNameEx *r)
1263 struct netr_DsRGetDCNameEx2 r2;
1268 r2.in.server_unc = r->in.server_unc;
1269 r2.in.client_account = NULL;
1271 r2.in.domain_guid = r->in.domain_guid;
1272 r2.in.domain_name = r->in.domain_name;
1273 r2.in.site_name = r->in.site_name;
1274 r2.in.flags = r->in.flags;
1275 r2.out.info = r->out.info;
1277 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1285 static WERROR dcesrv_netr_DsRGetDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1286 struct netr_DsRGetDCName *r)
1288 struct netr_DsRGetDCNameEx2 r2;
1293 r2.in.server_unc = r->in.server_unc;
1294 r2.in.client_account = NULL;
1296 r2.in.domain_name = r->in.domain_name;
1297 r2.in.domain_guid = r->in.domain_guid;
1299 r2.in.site_name = NULL; /* should fill in from site GUID */
1300 r2.in.flags = r->in.flags;
1301 r2.out.info = r->out.info;
1303 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1308 netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
1310 static WERROR dcesrv_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1311 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1313 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1318 netr_NetrEnumerateTrustedDomainsEx
1320 static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1321 struct netr_NetrEnumerateTrustedDomainsEx *r)
1323 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1328 netr_DsRAddressToSitenamesExW
1330 static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1331 struct netr_DsRAddressToSitenamesExW *r)
1333 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1338 netr_DsrGetDcSiteCoverageW
1340 static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1341 struct netr_DsrGetDcSiteCoverageW *r)
1343 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1348 netr_DsrEnumerateDomainTrusts
1350 static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1351 struct netr_DsrEnumerateDomainTrusts *r)
1353 struct netr_DomainTrustList *trusts;
1356 struct ldb_message **dom_res, **ref_res;
1357 const char * const dom_attrs[] = { "objectSid", "objectGUID", NULL };
1358 const char * const ref_attrs[] = { "nETBIOSName", "dnsRoot", NULL };
1359 struct ldb_dn *partitions_basedn;
1361 ZERO_STRUCT(r->out);
1363 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1364 if (sam_ctx == NULL) {
1365 return WERR_GENERAL_FAILURE;
1368 partitions_basedn = samdb_partitions_dn((struct ldb_context *)sam_ctx,
1371 ret = gendb_search_dn((struct ldb_context *)sam_ctx, mem_ctx, NULL,
1372 &dom_res, dom_attrs);
1374 return WERR_GENERAL_FAILURE;
1377 return WERR_GENERAL_FAILURE;
1380 ret = gendb_search((struct ldb_context *)sam_ctx, mem_ctx,
1381 partitions_basedn, &ref_res, ref_attrs,
1382 "(&(objectClass=crossRef)(ncName=%s))",
1383 ldb_dn_get_linearized(dom_res[0]->dn));
1385 return WERR_GENERAL_FAILURE;
1388 return WERR_GENERAL_FAILURE;
1391 trusts = talloc(mem_ctx, struct netr_DomainTrustList);
1392 W_ERROR_HAVE_NO_MEMORY(trusts);
1394 trusts->array = talloc_array(trusts, struct netr_DomainTrust, ret);
1395 W_ERROR_HAVE_NO_MEMORY(trusts->array);
1397 trusts->count = 1; /* ?? */
1399 r->out.trusts = trusts;
1401 /* TODO: add filtering by trust_flags, and correct trust_type
1403 trusts->array[0].netbios_name = samdb_result_string(ref_res[0], "nETBIOSName", NULL);
1404 trusts->array[0].dns_name = samdb_result_string(ref_res[0], "dnsRoot", NULL);
1405 trusts->array[0].trust_flags =
1406 NETR_TRUST_FLAG_TREEROOT |
1407 NETR_TRUST_FLAG_IN_FOREST |
1408 NETR_TRUST_FLAG_PRIMARY;
1409 trusts->array[0].parent_index = 0;
1410 trusts->array[0].trust_type = 2;
1411 trusts->array[0].trust_attributes = 0;
1412 trusts->array[0].sid = samdb_result_dom_sid(mem_ctx, dom_res[0], "objectSid");
1413 trusts->array[0].guid = samdb_result_guid(dom_res[0], "objectGUID");
1420 netr_DsrDeregisterDNSHostRecords
1422 static WERROR dcesrv_netr_DsrDeregisterDNSHostRecords(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1423 struct netr_DsrDeregisterDNSHostRecords *r)
1425 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1430 netr_ServerTrustPasswordsGet
1432 static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1433 struct netr_ServerTrustPasswordsGet *r)
1435 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1440 netr_DsRGetForestTrustInformation
1442 static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1443 struct netr_DsRGetForestTrustInformation *r)
1445 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1450 netr_GetForestTrustInformation
1452 static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1453 struct netr_GetForestTrustInformation *r)
1455 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1460 netr_ServerGetTrustInfo
1462 static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1463 struct netr_ServerGetTrustInfo *r)
1465 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1469 /* include the generated boilerplate */
1470 #include "librpc/gen_ndr/ndr_netlogon_s.c"