2 Unix SMB/CIFS implementation.
4 CLDAP server - netlogon handling
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "libcli/ldap/ldap.h"
25 #include "lib/events/events.h"
26 #include "lib/socket/socket.h"
27 #include "smbd/service_task.h"
28 #include "cldap_server/cldap_server.h"
31 fill in the cldap netlogon union for a given version
33 static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd,
36 const char *domain_guid,
38 const char *src_address,
40 union nbt_cldap_netlogon *netlogon)
42 const char *attrs[] = {"realm", "dnsDomain", "objectGUID", "name", NULL};
43 struct ldb_message **res;
45 const char **services = lp_server_services();
48 struct GUID domain_uuid;
50 const char *dns_domain;
51 const char *pdc_dns_name;
53 const char *site_name;
54 const char *site_name2;
57 if (cldapd->samctx == NULL) {
58 cldapd->samctx = samdb_connect(mem_ctx);
59 if (cldapd->samctx == NULL) {
60 DEBUG(2,("Unable to open sam in cldap netlogon reply\n"));
61 return NT_STATUS_INTERNAL_DB_CORRUPTION;
65 /* the domain has an optional trailing . */
66 if (domain && domain[strlen(domain)-1] == '.') {
67 domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
70 /* try and find the domain */
71 ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &res, attrs,
72 "(&(objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s)))",
74 domain_guid?domain_guid:"");
76 DEBUG(2,("Unable to find domain '%s' in sam\n", domain));
77 return NT_STATUS_NO_SUCH_DOMAIN;
81 NBT_SERVER_PDC | NBT_SERVER_GC |
82 NBT_SERVER_DS | NBT_SERVER_TIMESERV |
83 NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
84 NBT_SERVER_GOOD_TIMESERV;
86 if (lp_parm_bool(-1, "krb5", "kdc", True)) {
87 server_type |= NBT_SERVER_KDC;
89 if (str_list_check(services, "ldap")) {
90 server_type |= NBT_SERVER_LDAP;
93 pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
94 domain_uuid = samdb_result_guid(res[0], "objectGUID");
95 realm = samdb_result_string(res[0], "realm", lp_realm());
96 dns_domain = samdb_result_string(res[0], "dnsDomain", lp_realm());
97 pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s",
98 lp_netbios_name(), dns_domain);
99 flatname = samdb_result_string(res[0], "name", lp_workgroup());
100 site_name = "Default-First-Site-Name";
102 pdc_ip = iface_best_ip(src_address);
104 ZERO_STRUCTP(netlogon);
106 switch (version & 0xF) {
109 netlogon->logon1.pdc_name = pdc_name;
110 netlogon->logon1.user_name = user;
111 netlogon->logon1.domain_name = flatname;
112 netlogon->logon1.nt_version = 1;
113 netlogon->logon1.lmnt_token = 0xFFFF;
114 netlogon->logon1.lm20_token = 0xFFFF;
118 netlogon->logon2.pdc_name = pdc_name;
119 netlogon->logon2.user_name = user;
120 netlogon->logon2.domain_name = flatname;
121 netlogon->logon2.domain_uuid = domain_uuid;
122 netlogon->logon2.forest = realm;
123 netlogon->logon2.dns_domain = dns_domain;
124 netlogon->logon2.pdc_dns_name = pdc_dns_name;
125 netlogon->logon2.pdc_ip = pdc_ip;
126 netlogon->logon2.server_type = server_type;
127 netlogon->logon2.nt_version = 3;
128 netlogon->logon2.lmnt_token = 0xFFFF;
129 netlogon->logon2.lm20_token = 0xFFFF;
135 netlogon->logon3.server_type = server_type;
136 netlogon->logon3.domain_uuid = domain_uuid;
137 netlogon->logon3.forest = realm;
138 netlogon->logon3.dns_domain = dns_domain;
139 netlogon->logon3.pdc_dns_name = pdc_dns_name;
140 netlogon->logon3.domain = flatname;
141 netlogon->logon3.pdc_name = pdc_name;
142 netlogon->logon3.user_name = user;
143 netlogon->logon3.site_name = site_name;
144 netlogon->logon3.site_name2 = site_name2;
145 netlogon->logon3.nt_version = 3;
146 netlogon->logon3.lmnt_token = 0xFFFF;
147 netlogon->logon3.lm20_token = 0xFFFF;
150 netlogon->logon4.server_type = server_type;
151 netlogon->logon4.domain_uuid = domain_uuid;
152 netlogon->logon4.forest = realm;
153 netlogon->logon4.dns_domain = dns_domain;
154 netlogon->logon4.pdc_dns_name = pdc_dns_name;
155 netlogon->logon4.domain = flatname;
156 netlogon->logon4.pdc_name = lp_netbios_name();
157 netlogon->logon4.user_name = user;
158 netlogon->logon4.site_name = site_name;
159 netlogon->logon4.site_name2 = site_name2;
160 netlogon->logon4.unknown = 10;
161 netlogon->logon4.unknown2 = 2;
162 netlogon->logon4.pdc_ip = pdc_ip;
163 netlogon->logon4.nt_version = 5;
164 netlogon->logon4.lmnt_token = 0xFFFF;
165 netlogon->logon4.lm20_token = 0xFFFF;
174 handle incoming cldap requests
176 void cldapd_netlogon_request(struct cldap_socket *cldap,
179 const char *src_address, int src_port)
181 struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private, struct cldapd_server);
182 struct ldap_parse_tree *tree;
184 const char *domain = NULL;
185 const char *host = NULL;
186 const char *user = "";
187 const char *domain_guid = NULL;
188 const char *domain_sid = NULL;
189 int acct_control = -1;
191 union nbt_cldap_netlogon netlogon;
192 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
194 TALLOC_CTX *tmp_ctx = talloc_new(cldap);
196 DEBUG(5,("cldap filter='%s'\n", filter));
198 tree = ldap_parse_filter_string(tmp_ctx, filter);
199 if (tree == NULL) goto failed;
201 if (tree->operation != LDAP_OP_AND) goto failed;
203 /* extract the query elements */
204 for (i=0;i<tree->u.list.num_elements;i++) {
205 struct ldap_parse_tree *t = tree->u.list.elements[i];
206 if (t->operation != LDAP_OP_SIMPLE) goto failed;
207 if (strcasecmp(t->u.simple.attr, "DnsDomain") == 0) {
208 domain = talloc_strndup(tmp_ctx,
209 t->u.simple.value.data,
210 t->u.simple.value.length);
212 if (strcasecmp(t->u.simple.attr, "Host") == 0) {
213 host = talloc_strndup(tmp_ctx,
214 t->u.simple.value.data,
215 t->u.simple.value.length);
217 if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) {
220 enc_status = ldap_decode_ndr_GUID(tmp_ctx,
221 t->u.simple.value, &guid);
222 if (NT_STATUS_IS_OK(enc_status)) {
223 domain_guid = GUID_string(tmp_ctx, &guid);
226 if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) {
227 domain_sid = talloc_strndup(tmp_ctx,
228 t->u.simple.value.data,
229 t->u.simple.value.length);
231 if (strcasecmp(t->u.simple.attr, "User") == 0) {
232 user = talloc_strndup(tmp_ctx,
233 t->u.simple.value.data,
234 t->u.simple.value.length);
236 if (strcasecmp(t->u.simple.attr, "NtVer") == 0 &&
237 t->u.simple.value.length == 4) {
238 version = IVAL(t->u.simple.value.data, 0);
240 if (strcasecmp(t->u.simple.attr, "AAC") == 0 &&
241 t->u.simple.value.length == 4) {
242 acct_control = IVAL(t->u.simple.value.data, 0);
246 if (domain_guid == NULL && domain == NULL) {
254 DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n",
255 domain, host, user, version, domain_guid));
257 status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid,
260 if (!NT_STATUS_IS_OK(status)) {
264 status = cldap_netlogon_reply(cldap, message_id, src_address, src_port, version,
266 if (!NT_STATUS_IS_OK(status)) {
270 talloc_free(tmp_ctx);
274 DEBUG(0,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n",
275 domain, host, version, nt_errstr(status)));
276 talloc_free(tmp_ctx);
277 cldap_empty_reply(cldap, message_id, src_address, src_port);
git.samba.org / samba.git / blob