2 Unix SMB/CIFS implementation.
4 endpoint server for the netlogon pipe
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "rpc_server/common/common.h"
26 struct server_pipe_state {
27 struct netr_Credential client_challenge;
28 struct netr_Credential server_challenge;
31 char *computer_name; /* for logging only */
33 uint16_t sec_chan_type;
34 struct creds_CredentialState *creds;
39 a client has connected to the netlogon server using schannel, so we need
40 to re-establish the credentials state
42 static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
44 struct server_pipe_state *state;
47 state = talloc_p(dce_call->conn, struct server_pipe_state);
49 return NT_STATUS_NO_MEMORY;
52 state->authenticated = True;
54 if (dce_call->conn->auth_state.session_info == NULL) {
56 smb_panic("No session info provided by schannel level setup!");
57 return NT_STATUS_NO_USER_SESSION_KEY;
60 status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security,
64 if (!NT_STATUS_IS_OK(status)) {
65 DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status)));
70 dce_call->conn->private = state;
76 a hook for bind on the netlogon pipe
78 static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di)
80 dce_call->conn->private = NULL;
82 /* if this is a schannel bind then we need to reconstruct the pipe state */
83 if (dce_call->conn->auth_state.auth_info &&
84 dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
87 DEBUG(5, ("schannel bind on netlogon\n"));
89 status = netlogon_schannel_setup(dce_call);
90 if (!NT_STATUS_IS_OK(status)) {
91 DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status)));
99 /* this function is called when the client disconnects the endpoint */
100 static void netlogon_unbind(struct dcesrv_connection *conn, const struct dcesrv_interface *di)
102 struct server_pipe_state *pipe_state = conn->private;
105 talloc_free(pipe_state);
108 conn->private = NULL;
111 #define DCESRV_INTERFACE_NETLOGON_BIND netlogon_bind
112 #define DCESRV_INTERFACE_NETLOGON_UNBIND netlogon_unbind
114 static NTSTATUS netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
115 struct netr_ServerReqChallenge *r)
117 struct server_pipe_state *pipe_state = dce_call->conn->private;
119 ZERO_STRUCTP(r->out.credentials);
121 /* destroyed on pipe shutdown */
124 talloc_free(pipe_state);
125 dce_call->conn->private = NULL;
128 pipe_state = talloc_p(dce_call->conn, struct server_pipe_state);
130 return NT_STATUS_NO_MEMORY;
133 pipe_state->authenticated = False;
134 pipe_state->creds = NULL;
135 pipe_state->account_name = NULL;
136 pipe_state->computer_name = NULL;
138 pipe_state->client_challenge = *r->in.credentials;
140 generate_random_buffer(pipe_state->server_challenge.data,
141 sizeof(pipe_state->server_challenge.data));
143 *r->out.credentials = pipe_state->server_challenge;
145 dce_call->conn->private = pipe_state;
150 static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
151 struct netr_ServerAuthenticate3 *r)
153 struct server_pipe_state *pipe_state = dce_call->conn->private;
155 struct samr_Password *mach_pwd;
158 struct ldb_message **msgs;
160 const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl",
163 ZERO_STRUCTP(r->out.credentials);
165 *r->out.negotiate_flags = *r->in.negotiate_flags;
168 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
169 return NT_STATUS_ACCESS_DENIED;
172 sam_ctx = samdb_connect(mem_ctx);
173 if (sam_ctx == NULL) {
174 return NT_STATUS_INVALID_SYSTEM_SERVICE;
176 /* pull the user attributes */
177 num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
178 "(&(sAMAccountName=%s)(objectclass=user))",
181 if (num_records == 0) {
182 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
183 r->in.account_name));
184 return NT_STATUS_NO_SUCH_USER;
187 if (num_records > 1) {
188 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
189 return NT_STATUS_INTERNAL_DB_CORRUPTION;
192 acct_flags = samdb_result_acct_flags(msgs[0],
193 "userAccountControl");
195 if (acct_flags & ACB_DISABLED) {
196 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
197 return NT_STATUS_ACCESS_DENIED;
200 if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
201 if (!(acct_flags & ACB_WSTRUST)) {
202 DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", acct_flags));
203 return NT_STATUS_ACCESS_DENIED;
205 } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
206 if (!(acct_flags & ACB_DOMTRUST)) {
207 DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", acct_flags));
208 return NT_STATUS_ACCESS_DENIED;
210 } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
211 if (!(acct_flags & ACB_SVRTRUST)) {
212 DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", acct_flags));
213 return NT_STATUS_ACCESS_DENIED;
216 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
217 r->in.secure_channel_type));
218 return NT_STATUS_ACCESS_DENIED;
221 pipe_state->acct_flags = acct_flags;
222 pipe_state->sec_chan_type = r->in.secure_channel_type;
224 *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0);
226 nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
227 if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
228 return NT_STATUS_ACCESS_DENIED;
231 if (!pipe_state->creds) {
232 pipe_state->creds = talloc_p(pipe_state, struct creds_CredentialState);
233 if (!pipe_state->creds) {
234 return NT_STATUS_NO_MEMORY;
238 creds_server_init(pipe_state->creds, &pipe_state->client_challenge,
239 &pipe_state->server_challenge, mach_pwd,
241 *r->in.negotiate_flags);
243 if (!creds_server_check(pipe_state->creds, r->in.credentials)) {
244 return NT_STATUS_ACCESS_DENIED;
247 pipe_state->authenticated = True;
249 if (pipe_state->account_name) {
250 /* We don't want a memory leak on this long-lived talloc context */
251 talloc_free(pipe_state->account_name);
254 pipe_state->account_name = talloc_strdup(pipe_state, r->in.account_name);
256 if (pipe_state->computer_name) {
257 /* We don't want a memory leak on this long-lived talloc context */
258 talloc_free(pipe_state->account_name);
261 pipe_state->computer_name = talloc_strdup(pipe_state, r->in.computer_name);
263 /* remember this session key state */
264 nt_status = schannel_store_session_key(mem_ctx, pipe_state->computer_name, pipe_state->creds);
269 static NTSTATUS netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
270 struct netr_ServerAuthenticate *r)
272 struct netr_ServerAuthenticate3 r3;
275 * negotiate_flags is used as an [in] parameter
276 * so it need to be initialised.
278 * (I think ... = 0; seems wrong here --metze)
280 uint32 negotiate_flags = 0;
282 r3.in.server_name = r->in.server_name;
283 r3.in.account_name = r->in.account_name;
284 r3.in.secure_channel_type = r->in.secure_channel_type;
285 r3.in.computer_name = r->in.computer_name;
286 r3.in.credentials = r->in.credentials;
287 r3.out.credentials = r->out.credentials;
288 r3.in.negotiate_flags = &negotiate_flags;
289 r3.out.negotiate_flags = &negotiate_flags;
292 return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
295 static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
296 struct netr_ServerAuthenticate2 *r)
298 struct netr_ServerAuthenticate3 r3;
301 r3.in.server_name = r->in.server_name;
302 r3.in.account_name = r->in.account_name;
303 r3.in.secure_channel_type = r->in.secure_channel_type;
304 r3.in.computer_name = r->in.computer_name;
305 r3.in.credentials = r->in.credentials;
306 r3.out.credentials = r->out.credentials;
307 r3.in.negotiate_flags = r->in.negotiate_flags;
308 r3.out.negotiate_flags = r->out.negotiate_flags;
311 return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
315 static BOOL netr_creds_server_step_check(struct server_pipe_state *pipe_state,
316 struct netr_Authenticator *received_authenticator,
317 struct netr_Authenticator *return_authenticator)
319 if (!pipe_state->authenticated) {
322 return creds_server_step_check(pipe_state->creds,
323 received_authenticator,
324 return_authenticator);
328 static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
329 struct netr_ServerPasswordSet *r)
331 struct server_pipe_state *pipe_state = dce_call->conn->private;
335 int num_records_domain;
337 struct ldb_message **msgs;
338 struct ldb_message **msgs_domain;
340 struct ldb_message mod, *msg_set_pw = &mod;
341 const char *domain_dn;
342 const char *domain_sid;
344 const char *attrs[] = {"objectSid", NULL };
346 const char **domain_attrs = attrs;
350 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
351 return NT_STATUS_ACCESS_DENIED;
354 if (!netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator)) {
355 return NT_STATUS_ACCESS_DENIED;
358 sam_ctx = samdb_connect(mem_ctx);
359 if (sam_ctx == NULL) {
360 return NT_STATUS_INVALID_SYSTEM_SERVICE;
362 /* pull the user attributes */
363 num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
364 "(&(sAMAccountName=%s)(objectclass=user))",
365 pipe_state->account_name);
367 if (num_records == 0) {
368 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
369 pipe_state->account_name));
370 return NT_STATUS_NO_SUCH_USER;
373 if (num_records > 1) {
374 DEBUG(0,("Found %d records matching user [%s]\n", num_records,
375 pipe_state->account_name));
376 return NT_STATUS_INTERNAL_DB_CORRUPTION;
379 domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
381 DEBUG(0,("no objectSid in user record\n"));
382 return NT_STATUS_INTERNAL_DB_CORRUPTION;
385 /* find the domain's DN */
386 num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL,
387 &msgs_domain, domain_attrs,
388 "(&(objectSid=%s)(objectclass=domain))",
391 if (num_records_domain == 0) {
392 DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
394 return NT_STATUS_NO_SUCH_USER;
397 if (num_records_domain > 1) {
398 DEBUG(0,("Found %d records matching domain [%s]\n",
399 num_records_domain, domain_sid));
400 return NT_STATUS_INTERNAL_DB_CORRUPTION;
403 domain_dn = msgs_domain[0]->dn;
405 mod.dn = talloc_strdup(mem_ctx, msgs[0]->dn);
407 return NT_STATUS_NO_MEMORY;
410 creds_des_decrypt(pipe_state->creds, &r->in.new_password);
412 /* set the password - samdb needs to know both the domain and user DNs,
413 so the domain password policy can be used */
414 nt_status = samdb_set_password(sam_ctx, mem_ctx,
415 msgs[0]->dn, domain_dn,
417 NULL, /* Don't have plaintext */
418 NULL, &r->in.new_password,
419 False /* This is not considered a password change */,
422 if (!NT_STATUS_IS_OK(nt_status)) {
426 ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
428 /* we really need samdb.c to return NTSTATUS */
429 return NT_STATUS_UNSUCCESSFUL;
439 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
440 struct netr_LogonUasLogon *r)
442 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
449 static WERROR netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
450 struct netr_LogonUasLogoff *r)
452 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
457 netr_LogonSamLogonWithFlags
460 static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
461 struct netr_LogonSamLogonWithFlags *r)
463 struct server_pipe_state *pipe_state = dce_call->conn->private;
465 struct auth_context *auth_context;
466 struct auth_usersupplied_info *user_info;
467 struct auth_serversupplied_info *server_info;
470 static const char zeros[16];
471 struct netr_SamBaseInfo *sam;
472 struct netr_SamInfo2 *sam2;
473 struct netr_SamInfo3 *sam3;
474 struct netr_SamInfo6 *sam6;
477 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
478 return NT_STATUS_ACCESS_DENIED;
481 r->out.return_authenticator = talloc_p(mem_ctx, struct netr_Authenticator);
482 if (!r->out.return_authenticator) {
483 return NT_STATUS_NO_MEMORY;
486 if (!netr_creds_server_step_check(pipe_state, r->in.credential, r->out.return_authenticator)) {
487 return NT_STATUS_ACCESS_DENIED;
490 switch (r->in.logon_level) {
494 creds_arcfour_crypt(pipe_state->creds,
495 r->in.logon.password->lmpassword.hash,
496 sizeof(r->in.logon.password->lmpassword.hash));
497 creds_arcfour_crypt(pipe_state->creds,
498 r->in.logon.password->ntpassword.hash,
499 sizeof(r->in.logon.password->ntpassword.hash));
501 nt_status = make_auth_context_subsystem(&auth_context);
502 if (!NT_STATUS_IS_OK(nt_status)) {
506 chal = auth_context->get_ntlm_challenge(auth_context);
507 nt_status = make_user_info_netlogon_interactive(&user_info,
508 r->in.logon.password->identity_info.account_name.string,
509 r->in.logon.password->identity_info.domain_name.string,
510 r->in.logon.password->identity_info.workstation.string,
512 &r->in.logon.password->lmpassword,
513 &r->in.logon.password->ntpassword);
518 nt_status = make_auth_context_fixed(&auth_context, r->in.logon.network->challenge);
519 if (!NT_STATUS_IS_OK(nt_status)) {
523 nt_status = make_user_info_netlogon_network(&user_info,
524 r->in.logon.network->identity_info.account_name.string,
525 r->in.logon.network->identity_info.domain_name.string,
526 r->in.logon.network->identity_info.workstation.string,
527 r->in.logon.network->lm.data, r->in.logon.network->lm.length,
528 r->in.logon.network->nt.data, r->in.logon.network->nt.length);
531 free_auth_context(&auth_context);
532 return NT_STATUS_INVALID_PARAMETER;
535 if (!NT_STATUS_IS_OK(nt_status)) {
539 nt_status = auth_context->check_ntlm_password(auth_context,
543 if (!NT_STATUS_IS_OK(nt_status)) {
544 free_auth_context(&auth_context);
547 free_auth_context(&auth_context);
549 sam = talloc_p(mem_ctx, struct netr_SamBaseInfo);
553 sam->last_logon = server_info->last_logon;
554 sam->last_logoff = server_info->last_logoff;
555 sam->acct_expiry = server_info->acct_expiry;
556 sam->last_password_change = server_info->last_password_change;
557 sam->allow_password_change = server_info->allow_password_change;
558 sam->force_password_change = server_info->force_password_change;
560 sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
561 sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
562 sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script);
563 sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
564 sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
565 sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
567 sam->logon_count = server_info->logon_count;
568 sam->bad_password_count = sam->bad_password_count;
569 sam->rid = server_info->user_sid->sub_auths[server_info->user_sid->num_auths-1];
570 sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
571 sam->group_count = 0;
572 sam->groupids = NULL;
573 sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
574 sam->acct_flags = server_info->acct_flags;
575 sam->logon_server.string = lp_netbios_name();
577 sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
579 sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
580 sam->domain_sid->num_auths--;
582 if (server_info->user_session_key.length == sizeof(sam->key.key)) {
583 memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
585 ZERO_STRUCT(sam->key.key);
588 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
589 /* It appears that level 6 is not individually encrypted */
590 if ((r->in.validation_level != 6)
591 && memcmp(sam->key.key, zeros,
592 sizeof(sam->key.key)) != 0) {
593 creds_arcfour_crypt(pipe_state->creds,
595 sizeof(sam->key.key));
598 if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
599 memcpy(sam->LMSessKey.key, server_info->lm_session_key.data,
600 sizeof(sam->LMSessKey.key));
602 ZERO_STRUCT(sam->LMSessKey.key);
605 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
606 /* It appears that level 6 is not individually encrypted */
607 if ((r->in.validation_level != 6)
608 && memcmp(sam->LMSessKey.key, zeros,
609 sizeof(sam->LMSessKey.key)) != 0) {
610 creds_arcfour_crypt(pipe_state->creds,
612 sizeof(sam->LMSessKey.key));
615 switch (r->in.validation_level) {
617 sam2 = talloc_p(mem_ctx, struct netr_SamInfo2);
620 r->out.validation.sam2 = sam2;
624 sam3 = talloc_p(mem_ctx, struct netr_SamInfo3);
627 r->out.validation.sam3 = sam3;
631 sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
634 sam6->forest.string = lp_realm();
635 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
636 sam->account_name.string, sam6->forest.string);
637 r->out.validation.sam6 = sam6;
644 r->out.authoritative = 1;
652 static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
653 struct netr_LogonSamLogon *r)
655 struct netr_LogonSamLogonWithFlags r2;
660 r2.in.server_name = r->in.server_name;
661 r2.in.workstation = r->in.workstation;
662 r2.in.credential = r->in.credential;
663 r2.in.return_authenticator = r->in.return_authenticator;
664 r2.in.logon_level = r->in.logon_level;
665 r2.in.logon = r->in.logon;
666 r2.in.validation_level = r->in.validation_level;
669 status = netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
671 r->out.return_authenticator = r2.out.return_authenticator;
672 r->out.validation = r2.out.validation;
673 r->out.authoritative = r2.out.authoritative;
682 static NTSTATUS netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
683 struct netr_LogonSamLogoff *r)
685 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
693 static NTSTATUS netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
694 struct netr_DatabaseDeltas *r)
696 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
703 static NTSTATUS netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
704 struct netr_DatabaseSync *r)
706 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
713 static NTSTATUS netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
714 struct netr_AccountDeltas *r)
716 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
723 static NTSTATUS netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
724 struct netr_AccountSync *r)
726 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
733 static NTSTATUS netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
734 struct netr_GetDcName *r)
736 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
743 static WERROR netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
744 struct netr_LogonControl *r)
746 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
753 static WERROR netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
754 struct netr_GetAnyDCName *r)
756 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
763 static WERROR netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
764 struct netr_LogonControl2 *r)
766 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
773 static NTSTATUS netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
774 struct netr_DatabaseSync2 *r)
776 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
783 static NTSTATUS netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
784 struct netr_DatabaseRedo *r)
786 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
793 static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
794 struct netr_LogonControl2Ex *r)
796 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
801 netr_NETRENUMERATETRUSTEDDOMAINS
803 static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
804 struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
806 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
813 static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
814 struct netr_DSRGETDCNAME *r)
816 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
821 netr_NETRLOGONDUMMYROUTINE1
823 static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
824 struct netr_NETRLOGONDUMMYROUTINE1 *r)
826 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
831 netr_NETRLOGONSETSERVICEBITS
833 static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
834 struct netr_NETRLOGONSETSERVICEBITS *r)
836 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
841 netr_NETRLOGONGETTRUSTRID
843 static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
844 struct netr_NETRLOGONGETTRUSTRID *r)
846 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
851 netr_NETRLOGONCOMPUTESERVERDIGEST
853 static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
854 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
856 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
861 netr_NETRLOGONCOMPUTECLIENTDIGEST
863 static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
864 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
866 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
873 static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
874 struct netr_DSRGETDCNAMEX *r)
876 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
883 static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
884 struct netr_DSRGETSITENAME *r)
886 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
891 fill in a netr_DomainTrustInfo from a ldb search result
893 static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res,
894 struct netr_DomainTrustInfo *info)
898 info->domainname.string = samdb_result_string(res, "flatName", NULL);
899 if (info->domainname.string == NULL) {
900 info->domainname.string = samdb_result_string(res, "name", NULL);
901 info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL);
903 info->fulldomainname.string = samdb_result_string(res, "name", NULL);
906 /* TODO: we need proper forest support */
907 info->forest.string = info->fulldomainname.string;
909 info->guid = samdb_result_guid(res, "objectGUID");
910 info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
916 netr_LogonGetDomainInfo
917 this is called as part of the ADS domain logon procedure.
919 static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
920 struct netr_LogonGetDomainInfo *r)
922 struct server_pipe_state *pipe_state = dce_call->conn->private;
923 const char * const attrs[] = { "name", "dnsDomain", "objectSid",
924 "objectGUID", "flatName", NULL };
926 struct ldb_message **res1, **res2;
927 struct netr_DomainInfo1 *info1;
932 return NT_STATUS_ACCESS_DENIED;
935 if (!netr_creds_server_step_check(pipe_state,
936 r->in.credential, r->out.credential)) {
937 return NT_STATUS_ACCESS_DENIED;
940 sam_ctx = samdb_connect(mem_ctx);
941 if (sam_ctx == NULL) {
942 return NT_STATUS_INVALID_SYSTEM_SERVICE;
945 /* we need to do two searches. The first will pull our primary
946 domain and the second will pull any trusted domains. Our
947 primary domain is also a "trusted" domain, so we need to
948 put the primary domain into the lists of returned trusts as
950 ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
952 return NT_STATUS_INTERNAL_DB_CORRUPTION;
955 ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
957 return NT_STATUS_INTERNAL_DB_CORRUPTION;
960 info1 = talloc_p(mem_ctx, struct netr_DomainInfo1);
962 return NT_STATUS_NO_MEMORY;
967 info1->num_trusts = ret2 + 1;
968 info1->trusts = talloc_array_p(mem_ctx, struct netr_DomainTrustInfo,
970 if (info1->trusts == NULL) {
971 return NT_STATUS_NO_MEMORY;
974 status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo);
975 if (!NT_STATUS_IS_OK(status)) {
979 status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0]);
980 if (!NT_STATUS_IS_OK(status)) {
984 for (i=0;i<ret2;i++) {
985 status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1]);
986 if (!NT_STATUS_IS_OK(status)) {
991 r->out.info.info1 = info1;
998 netr_NETRSERVERPASSWORDSET2
1000 static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1001 struct netr_NETRSERVERPASSWORDSET2 *r)
1003 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1008 netr_NETRSERVERPASSWORDGET
1010 static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1011 struct netr_NETRSERVERPASSWORDGET *r)
1013 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1018 netr_NETRLOGONSENDTOSAM
1020 static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1021 struct netr_NETRLOGONSENDTOSAM *r)
1023 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1028 netr_DSRADDRESSTOSITENAMESW
1030 static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1031 struct netr_DSRADDRESSTOSITENAMESW *r)
1033 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1038 netr_DSRGETDCNAMEEX2
1040 static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1041 struct netr_DSRGETDCNAMEEX2 *r)
1043 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1048 netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
1050 static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1051 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1053 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1058 netr_NETRENUMERATETRUSTEDDOMAINSEX
1060 static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1061 struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
1063 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1068 netr_DSRADDRESSTOSITENAMESEXW
1070 static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1071 struct netr_DSRADDRESSTOSITENAMESEXW *r)
1073 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1078 netr_DSRGETDCSITECOVERAGEW
1080 static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1081 struct netr_DSRGETDCSITECOVERAGEW *r)
1083 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1088 netr_NETRLOGONSAMLOGONEX
1090 static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1091 struct netr_NETRLOGONSAMLOGONEX *r)
1093 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1098 netr_DsrEnumerateDomainTrusts
1100 static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1101 struct netr_DsrEnumerateDomainTrusts *r)
1103 struct netr_DomainTrust *trusts;
1106 struct ldb_message **res;
1107 const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL };
1109 ZERO_STRUCT(r->out);
1111 sam_ctx = samdb_connect(mem_ctx);
1112 if (sam_ctx == NULL) {
1113 return WERR_GENERAL_FAILURE;
1116 ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
1118 return WERR_GENERAL_FAILURE;
1125 trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret);
1126 if (trusts == NULL) {
1131 r->out.trusts = trusts;
1133 /* TODO: add filtering by trust_flags, and correct trust_type
1135 for (i=0;i<ret;i++) {
1136 trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL);
1137 trusts[i].dns_name = samdb_result_string(res[i], "dnsDomain", NULL);
1138 trusts[i].trust_flags =
1139 NETR_TRUST_FLAG_TREEROOT |
1140 NETR_TRUST_FLAG_IN_FOREST |
1141 NETR_TRUST_FLAG_PRIMARY;
1142 trusts[i].parent_index = 0;
1143 trusts[i].trust_type = 2;
1144 trusts[i].trust_attributes = 0;
1145 trusts[i].sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
1146 trusts[i].guid = samdb_result_guid(res[i], "objectGUID");
1155 netr_DSRDEREGISTERDNSHOSTRECORDS
1157 static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1158 struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
1160 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1165 netr_NETRSERVERTRUSTPASSWORDSGET
1167 static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1168 struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
1170 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1175 netr_DSRGETFORESTTRUSTINFORMATION
1177 static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1178 struct netr_DSRGETFORESTTRUSTINFORMATION *r)
1180 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1185 netr_NETRGETFORESTTRUSTINFORMATION
1187 static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1188 struct netr_NETRGETFORESTTRUSTINFORMATION *r)
1190 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1195 netr_NETRSERVERGETTRUSTINFO
1197 static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1198 struct netr_NETRSERVERGETTRUSTINFO *r)
1200 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1204 /* include the generated boilerplate */
1205 #include "librpc/gen_ndr/ndr_netlogon_s.c"