/* This is the implementation of the netlogon pipe. */
#include "includes.h"
+#include "system/passwd.h" /* uid_wrapper */
+#include "ntdomain.h"
#include "../libcli/auth/schannel.h"
#include "../librpc/gen_ndr/srv_netlogon.h"
-#include "../librpc/gen_ndr/srv_samr.h"
-#include "../librpc/gen_ndr/srv_lsa.h"
#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "../librpc/gen_ndr/ndr_lsa_c.h"
#include "rpc_client/cli_lsarpc.h"
-#include "../lib/crypto/md4.h"
#include "rpc_client/init_lsa.h"
#include "rpc_server/rpc_ncacn_np.h"
#include "../libcli/security/security.h"
#include "passdb.h"
#include "auth.h"
#include "messages.h"
-#include "ntdomain.h"
+#include "../lib/tsocket/tsocket.h"
+#include "lib/param/param.h"
extern userdom_struct current_user_info;
return _netr_LogonControl2Ex(p, &l);
}
-/****************************************************************************
-Send a message to smbd to do a sam synchronisation
-**************************************************************************/
-
-static void send_sync_message(struct messaging_context *msg_ctx)
-{
- DEBUG(3, ("sending sam synchronisation message\n"));
- message_send_all(msg_ctx, MSG_SMB_SAM_SYNC, NULL, 0, NULL);
-}
-
/*************************************************************************
_netr_LogonControl2
*************************************************************************/
struct netr_NETLOGON_INFO_4 *info4;
const char *fn;
uint32_t acct_ctrl;
+ NTSTATUS status;
+ struct netr_DsRGetDCNameInfo *dc_info;
switch (p->opnum) {
case NDR_NETR_LOGONCONTROL:
return WERR_INVALID_PARAM;
}
- acct_ctrl = p->session_info->info3->base.acct_flags;
+ acct_ctrl = p->session_info->info->acct_flags;
switch (r->in.function_code) {
case NETLOGON_CONTROL_TC_VERIFY:
break;
}
- if (!get_dc_name(domain, NULL, dc_name2, &dc_ss)) {
+ status = dsgetdcname(p->mem_ctx, p->msg_ctx, domain, NULL, NULL,
+ DS_FORCE_REDISCOVERY | DS_RETURN_FLAT_NAME,
+ &dc_info);
+ if (!NT_STATUS_IS_OK(status)) {
tc_status = WERR_NO_LOGON_SERVERS;
break;
}
- dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
+ dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_info->dc_unc);
if (!dc_name) {
return WERR_NOMEM;
}
switch (r->in.level) {
case 1:
- info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
+ info1 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_1);
W_ERROR_HAVE_NO_MEMORY(info1);
info1->flags = flags;
r->out.query->info1 = info1;
break;
case 2:
- info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
+ info2 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_2);
W_ERROR_HAVE_NO_MEMORY(info2);
info2->flags = flags;
r->out.query->info2 = info2;
break;
case 3:
- info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
+ info3 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_3);
W_ERROR_HAVE_NO_MEMORY(info3);
info3->flags = flags;
r->out.query->info3 = info3;
break;
case 4:
- info4 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_4);
+ info4 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_4);
W_ERROR_HAVE_NO_MEMORY(info4);
info4->trusted_dc_name = dc_name;
return WERR_UNKNOWN_LEVEL;
}
- if (lp_server_role() == ROLE_DOMAIN_BDC) {
- send_sync_message(p->msg_ctx);
- }
-
return WERR_OK;
}
status = rpcint_binding_handle(p->mem_ctx,
&ndr_table_lsarpc,
- p->client_id,
+ p->remote_address,
p->session_info,
p->msg_ctx,
&h);
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_OK;
- struct policy_handle connect_handle, domain_handle;
+ struct policy_handle connect_handle;
+ struct policy_handle domain_handle = { 0, };
struct lsa_String domain_name;
struct dom_sid2 *domain_sid;
struct lsa_String names;
uint32_t rid;
status = dcerpc_samr_Connect2(b, mem_ctx,
- global_myname(),
+ lp_netbios_name(),
SAMR_ACCESS_CONNECT_TO_SERVER |
SAMR_ACCESS_ENUM_DOMAINS |
SAMR_ACCESS_LOOKUP_DOMAIN,
NTSTATUS result = NT_STATUS_OK;
TALLOC_CTX *mem_ctx;
struct dcerpc_binding_handle *h = NULL;
- static struct client_address client_id;
+ struct tsocket_address *local;
struct policy_handle user_handle;
uint32_t user_rid;
struct dom_sid *domain_sid;
uint32_t acct_ctrl;
union samr_UserInfo *info;
- struct auth_serversupplied_info *session_info;
+ struct auth_session_info *session_info;
+ int rc;
+
#if 0
/*
ZERO_STRUCT(user_handle);
- strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr));
- client_id.name = "127.0.0.1";
+ rc = tsocket_address_inet_from_strings(mem_ctx,
+ "ip",
+ "127.0.0.1",
+ 0,
+ &local);
+ if (rc < 0) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
status = rpcint_binding_handle(mem_ctx,
&ndr_table_samr,
- &client_id,
+ local,
session_info,
msg_ctx,
&h);
* so use a copy to avoid destroying the client values. */
uint32_t in_neg_flags = *r->in.negotiate_flags;
const char *fn;
+ struct loadparm_context *lp_ctx;
struct dom_sid sid;
struct samr_Password mach_pwd;
struct netlogon_creds_CredentialState *creds;
srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
}
+ if (in_neg_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
+ }
+
if (lp_server_schannel() != false) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
+ /*
+ * Support authenticaten of trusted domains.
+ *
+ * These flags are the minimum required set which works with win2k3
+ * and win2k8.
+ */
+ if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+ srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS |
+ NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
+ NETLOGON_NEG_CROSS_FOREST_TRUSTS |
+ NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION;
+ }
+
switch (p->opnum) {
case NDR_NETR_SERVERAUTHENTICATE:
fn = "_netr_ServerAuthenticate";
&mach_pwd,
r->in.credentials,
r->out.return_credentials,
- *r->in.negotiate_flags);
+ srv_flgs);
if (!creds) {
DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
"request from client %s machine account %s\n",
goto out;
}
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
/* Store off the state so we can continue after client disconnect. */
become_root();
- status = schannel_save_creds_state(p->mem_ctx, lp_private_dir(), creds);
+ status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
unbecome_root();
+ talloc_unlink(p->mem_ctx, lp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
{
NTSTATUS status;
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
+ struct loadparm_context *lp_ctx;
if (schannel_global_required) {
status = schannel_check_required(&p->auth,
}
}
- status = schannel_check_creds_state(mem_ctx, lp_private_dir(),
+ lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = schannel_check_creds_state(mem_ctx, lp_ctx,
computer_name, received_authenticator,
return_authenticator, creds_out);
-
+ talloc_unlink(mem_ctx, lp_ctx);
return status;
}
*************************************************************************/
static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info *session_info,
+ struct auth_session_info *session_info,
struct messaging_context *msg_ctx,
const char *account_name,
struct samr_Password *nt_hash)
NTSTATUS status;
NTSTATUS result = NT_STATUS_OK;
struct dcerpc_binding_handle *h = NULL;
- static struct client_address client_id;
+ struct tsocket_address *local;
struct policy_handle user_handle;
uint32_t acct_ctrl;
union samr_UserInfo *info;
struct samr_UserInfo18 info18;
DATA_BLOB in,out;
+ int rc;
+ DATA_BLOB session_key;
ZERO_STRUCT(user_handle);
- strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr));
- client_id.name = "127.0.0.1";
+ status = session_extract_session_key(session_info,
+ &session_key,
+ KEY_USE_16BYTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ rc = tsocket_address_inet_from_strings(mem_ctx,
+ "ip",
+ "127.0.0.1",
+ 0,
+ &local);
+ if (rc < 0) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
status = rpcint_binding_handle(mem_ctx,
&ndr_table_samr,
- &client_id,
+ local,
session_info,
msg_ctx,
&h);
goto out;
}
+ become_root();
status = samr_find_machine_account(mem_ctx,
h,
account_name,
NULL,
NULL,
&user_handle);
+ unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
in = data_blob_const(nt_hash->hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, &session_info->user_session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, true);
memcpy(info18.nt_pwd.hash, out.data, out.length);
info18.nt_pwd_active = true;
info->info18 = info18;
+ become_root();
status = dcerpc_samr_SetUserInfo2(h,
mem_ctx,
&user_handle,
UserInternal1Information,
info,
&result);
+ unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
struct netr_ServerPasswordSet2 *r)
{
NTSTATUS status;
- struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds = NULL;
DATA_BLOB plaintext;
struct samr_CryptPassword password_buf;
struct samr_Password nt_hash;
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
+ const char *computer_name = "<unknown>";
+
+ if (creds && creds->computer_name) {
+ computer_name = creds->computer_name;
+ }
DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
"failed. Rejecting auth request from client %s machine account %s\n",
- r->in.computer_name, creds->computer_name));
+ r->in.computer_name, computer_name));
TALLOC_FREE(creds);
return status;
}
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
- netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ netlogon_creds_aes_decrypt(creds, password_buf.data, 516);
+ } else {
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+ }
if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
+ TALLOC_FREE(creds);
return NT_STATUS_WRONG_PASSWORD;
}
p->msg_ctx,
creds->account_name,
&nt_hash);
+ TALLOC_FREE(creds);
return status;
}
switch (r->in.validation_level) {
case 2:
- r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
+ r->out.validation->sam2 = talloc_zero(p->mem_ctx, struct netr_SamInfo2);
if (!r->out.validation->sam2) {
return NT_STATUS_NO_MEMORY;
}
break;
case 3:
- r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
+ r->out.validation->sam3 = talloc_zero(p->mem_ctx, struct netr_SamInfo3);
if (!r->out.validation->sam3) {
return NT_STATUS_NO_MEMORY;
}
break;
case 6:
- r->out.validation->sam6 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo6);
+ r->out.validation->sam6 = talloc_zero(p->mem_ctx, struct netr_SamInfo6);
if (!r->out.validation->sam6) {
return NT_STATUS_NO_MEMORY;
}
if (!make_user_info_netlogon_network(&user_info,
nt_username, nt_domain,
wksname,
+ p->remote_address,
logon->network->identity_info.parameter_control,
logon->network->lm.data,
logon->network->lm.length,
{
uint8_t chal[8];
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm owf password:"));
+ dump_data(100, logon->password->lmpassword.hash, 16);
+
+ DEBUG(100,("nt owf password:"));
+ dump_data(100, logon->password->ntpassword.hash, 16);
+#endif
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ netlogon_creds_aes_decrypt(creds,
+ logon->password->lmpassword.hash,
+ 16);
+ netlogon_creds_aes_decrypt(creds,
+ logon->password->ntpassword.hash,
+ 16);
+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ netlogon_creds_arcfour_crypt(creds,
+ logon->password->lmpassword.hash,
+ 16);
+ netlogon_creds_arcfour_crypt(creds,
+ logon->password->ntpassword.hash,
+ 16);
+ } else {
+ netlogon_creds_des_decrypt(creds, &logon->password->lmpassword);
+ netlogon_creds_des_decrypt(creds, &logon->password->ntpassword);
+ }
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("decrypt of lm owf password:"));
+ dump_data(100, logon->password->lmpassword.hash, 16);
+
+ DEBUG(100,("decrypt of nt owf password:"));
+ dump_data(100, logon->password->ntpassword.hash, 16);
+#endif
status = make_auth_context_subsystem(talloc_tos(),
&auth_context);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- auth_context->get_ntlm_challenge(auth_context, chal);
+ auth_get_ntlm_challenge(auth_context, chal);
if (!make_user_info_netlogon_interactive(&user_info,
nt_username, nt_domain,
nt_workstation,
+ p->remote_address,
logon->password->identity_info.parameter_control,
chal,
logon->password->lmpassword.hash,
- logon->password->ntpassword.hash,
- creds->session_key)) {
+ logon->password->ntpassword.hash)) {
status = NT_STATUS_NO_MEMORY;
}
break;
} /* end switch */
if ( NT_STATUS_IS_OK(status) ) {
- status = auth_context->check_ntlm_password(auth_context,
+ status = auth_check_ntlm_password(auth_context,
user_info, &server_info);
}
{
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
+ struct loadparm_context *lp_ctx;
*r->out.authoritative = true;
return NT_STATUS_INVALID_PARAMETER;
}
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
become_root();
- status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
+ status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name, &creds);
unbecome_root();
+ talloc_unlink(p->mem_ctx, lp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
WERROR _netr_LogonUasLogon(struct pipes_struct *p,
struct netr_LogonUasLogon *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_LogonUasLogoff(struct pipes_struct *p,
struct netr_LogonUasLogoff *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_DatabaseDeltas(struct pipes_struct *p,
struct netr_DatabaseDeltas *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DatabaseSync(struct pipes_struct *p,
struct netr_DatabaseSync *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_AccountDeltas(struct pipes_struct *p,
struct netr_AccountDeltas *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_AccountSync(struct pipes_struct *p,
struct netr_AccountSync *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DatabaseSync2(struct pipes_struct *p,
struct netr_DatabaseSync2 *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DatabaseRedo(struct pipes_struct *p,
struct netr_DatabaseRedo *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
WERROR _netr_DsRGetDCName(struct pipes_struct *p,
struct netr_DsRGetDCName *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
struct netr_LogonGetCapabilities *r)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct netlogon_creds_CredentialState *creds;
+ NTSTATUS status;
+
+ become_root();
+ status = netr_creds_server_step_check(p, p->mem_ctx,
+ r->in.computer_name,
+ r->in.credential,
+ r->out.return_authenticator,
+ &creds);
+ unbecome_root();
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.query_level != 1) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ r->out.capabilities->server_capabilities = creds->negotiate_flags;
+
+ return NT_STATUS_OK;
}
/****************************************************************
WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p,
struct netr_NETRLOGONSETSERVICEBITS *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_LogonGetTrustRid(struct pipes_struct *p,
struct netr_LogonGetTrustRid *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p,
struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p,
struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p,
struct netr_DsRGetDCNameEx *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRGetSiteName(struct pipes_struct *p,
struct netr_DsRGetSiteName *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p,
struct netr_LogonGetDomainInfo *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
WERROR _netr_ServerPasswordGet(struct pipes_struct *p,
struct netr_ServerPasswordGet *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p,
struct netr_NETRLOGONSENDTOSAM *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p,
struct netr_DsRAddressToSitenamesW *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p,
struct netr_DsRGetDCNameEx2 *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p,
struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p,
struct netr_NetrEnumerateTrustedDomainsEx *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p,
struct netr_DsRAddressToSitenamesExW *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p,
struct netr_DsrGetDcSiteCoverageW *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p,
struct netr_DsrEnumerateDomainTrusts *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p,
struct netr_DsrDeregisterDNSHostRecords *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p,
struct netr_ServerTrustPasswordsGet *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
struct netr_DsRGetForestTrustInformation *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
struct lsa_ForestTrustInformation *info, **info_ptr;
+ struct loadparm_context *lp_ctx;
/* TODO: check server name */
- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = schannel_check_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name,
r->in.credential,
r->out.return_authenticator,
&creds);
+ talloc_unlink(p->mem_ctx, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
static NTSTATUS get_password_from_trustAuth(TALLOC_CTX *mem_ctx,
const DATA_BLOB *trustAuth_blob,
- const DATA_BLOB *session_key,
+ struct netlogon_creds_CredentialState *creds,
struct samr_Password *current_pw_enc,
struct samr_Password *previous_pw_enc)
{
return NT_STATUS_UNSUCCESSFUL;
}
- arcfour_crypt_blob(current_pw_enc->hash, sizeof(current_pw_enc->hash),
- session_key);
+ netlogon_creds_des_encrypt(creds, current_pw_enc);
if (trustAuth.previous.count != 0 &&
trustAuth.previous.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
} else {
mdfour(previous_pw_enc->hash, NULL, 0);
}
- arcfour_crypt_blob(previous_pw_enc->hash, sizeof(previous_pw_enc->hash),
- session_key);
+
+ netlogon_creds_des_encrypt(creds, previous_pw_enc);
return NT_STATUS_OK;
}
DATA_BLOB trustAuth_blob;
struct samr_Password *new_owf_enc;
struct samr_Password *old_owf_enc;
- DATA_BLOB session_key;
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
/* TODO: check server name */
- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
+ status = schannel_check_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name,
r->in.credential,
r->out.return_authenticator,
&creds);
+ talloc_unlink(p->mem_ctx, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
trustAuth_blob = td->trust_auth_outgoing;
}
- session_key.data = creds->session_key;
- session_key.length = sizeof(creds->session_key);
status = get_password_from_trustAuth(p->mem_ctx, &trustAuth_blob,
- &session_key,
+ creds,
new_owf_enc, old_owf_enc);
if (!NT_STATUS_IS_OK(status)) {
NTSTATUS _netr_Unused47(struct pipes_struct *p,
struct netr_Unused47 *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p,
struct netr_DsrUpdateReadOnlyServerDnsRecords *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}