2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1997,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6 * Copyright (C) Paul Ashton 1997.
7 * Copyright (C) Jeremy Allison 1998-2001.
8 * Copyright (C) Andrew Bartlett 2001.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 /* This is the implementation of the netlogon pipe. */
28 extern userdom_struct current_user_info;
31 #define DBGC_CLASS DBGC_RPC_SRV
33 /*************************************************************************
35 *************************************************************************/
37 static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
38 DOM_CHAL *srv_chal, NTSTATUS status)
40 DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
41 memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
45 /*************************************************************************
47 *************************************************************************/
49 WERROR _netr_LogonControl(pipes_struct *p,
50 struct netr_LogonControl *r)
52 struct netr_NETLOGON_INFO_1 *info1;
54 uint32_t pdc_connection_status = W_ERROR_V(WERR_OK);
56 /* Setup the Logon Control response */
58 switch (r->in.level) {
60 info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
65 info1->pdc_connection_status = pdc_connection_status;
67 r->out.info->info1 = info1;
70 return WERR_UNKNOWN_LEVEL;
76 /****************************************************************************
77 Send a message to smbd to do a sam synchronisation
78 **************************************************************************/
80 static void send_sync_message(void)
82 DEBUG(3, ("sending sam synchronisation message\n"));
83 message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
87 /*************************************************************************
88 net_reply_logon_ctrl2:
89 *************************************************************************/
91 NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u)
94 uint32 pdc_connection_status = 0x0;
95 uint32 logon_attempts = 0x0;
97 fstring servername, domain, dc_name, dc_name2;
98 struct sockaddr_storage dc_ss;
100 /* this should be \\global_myname() */
101 unistr2_to_ascii(servername, &q_u->uni_server_name, sizeof(servername));
103 r_u->status = NT_STATUS_OK;
105 tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
106 fstrcpy( dc_name, "" );
108 switch ( q_u->function_code ) {
109 case NETLOGON_CONTROL_TC_QUERY:
110 unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
112 if ( !is_trusted_domain( domain ) )
115 if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
116 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
120 fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
122 tc_status = W_ERROR_V(WERR_OK);
126 case NETLOGON_CONTROL_REDISCOVER:
127 unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
129 if ( !is_trusted_domain( domain ) )
132 if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
133 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
137 fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
139 tc_status = W_ERROR_V(WERR_OK);
144 /* no idea what this should be */
145 DEBUG(0,("_net_logon_ctrl2: unimplemented function level [%d]\n",
146 q_u->function_code));
149 /* prepare the response */
151 init_net_r_logon_ctrl2( r_u, q_u->query_level, flags,
152 pdc_connection_status, logon_attempts, tc_status, dc_name );
154 if (lp_server_role() == ROLE_DOMAIN_BDC)
160 /*************************************************************************
161 _netr_NetrEnumerateTrustedDomains
162 *************************************************************************/
164 WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
165 struct netr_NetrEnumerateTrustedDomains *r)
167 struct netr_Blob trusted_domains_blob;
170 DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
172 /* set up the Trusted Domain List response */
174 blob = data_blob_talloc_zero(p->mem_ctx, 2);
175 trusted_domains_blob.data = blob.data;
176 trusted_domains_blob.length = blob.length;
178 DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
180 *r->out.trusted_domains_blob = trusted_domains_blob;
185 /***********************************************************************************
186 init_net_r_srv_pwset:
187 ***********************************************************************************/
189 static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
190 DOM_CRED *srv_cred, NTSTATUS status)
192 DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
194 memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred));
195 r_s->status = status;
197 DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
200 /******************************************************************
201 gets a machine password entry. checks access rights of the host.
202 ******************************************************************/
204 static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
206 struct samu *sampass = NULL;
212 char addr[INET6_ADDRSTRLEN];
215 * Currently this code is redundent as we already have a filter
216 * by hostname list. What this code really needs to do is to
217 * get a hosts allowed/hosts denied list from the SAM database
218 * on a per user basis, and make the access decision there.
219 * I will leave this code here for now as a reminder to implement
220 * this at a later date. JRA.
223 if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
224 client_name(get_client_fd()),
225 client_addr(get_client_fd(),addr,sizeof(addr)))) {
226 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
231 if ( !(sampass = samu_new( NULL )) ) {
232 return NT_STATUS_NO_MEMORY;
235 /* JRA. This is ok as it is only used for generating the challenge. */
237 ret = pdb_getsampwnam(sampass, mach_acct);
241 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
242 TALLOC_FREE(sampass);
243 return NT_STATUS_ACCESS_DENIED;
246 acct_ctrl = pdb_get_acct_ctrl(sampass);
247 if (acct_ctrl & ACB_DISABLED) {
248 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
249 TALLOC_FREE(sampass);
250 return NT_STATUS_ACCOUNT_DISABLED;
253 if (!(acct_ctrl & ACB_SVRTRUST) &&
254 !(acct_ctrl & ACB_WSTRUST) &&
255 !(acct_ctrl & ACB_DOMTRUST))
257 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
258 TALLOC_FREE(sampass);
259 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
262 switch (sec_chan_type) {
264 if (!(acct_ctrl & ACB_SVRTRUST)) {
265 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
266 "but not a server trust account\n", mach_acct));
267 TALLOC_FREE(sampass);
268 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
272 if (!(acct_ctrl & ACB_WSTRUST)) {
273 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
274 "but not a workstation trust account\n", mach_acct));
275 TALLOC_FREE(sampass);
276 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
279 case SEC_CHAN_DOMAIN:
280 if (!(acct_ctrl & ACB_DOMTRUST)) {
281 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
282 "but not a interdomain trust account\n", mach_acct));
283 TALLOC_FREE(sampass);
284 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
291 if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
292 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
293 TALLOC_FREE(sampass);
294 return NT_STATUS_LOGON_FAILURE;
297 memcpy(md4pw, pass, 16);
298 dump_data(5, (uint8 *)md4pw, 16);
300 TALLOC_FREE(sampass);
307 /*************************************************************************
309 *************************************************************************/
311 NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
314 p->dc = TALLOC_ZERO_P(p->pipe_state_mem_ctx, struct dcinfo);
316 return NT_STATUS_NO_MEMORY;
319 DEBUG(10,("_net_req_chal: new challenge requested. Clearing old state.\n"));
323 rpcstr_pull(p->dc->remote_machine,
324 q_u->uni_logon_clnt.buffer,
325 sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
327 /* Save the client challenge to the server. */
328 memcpy(p->dc->clnt_chal.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
330 /* Create a server challenge for the client */
331 /* Set this to a random value. */
332 generate_random_buffer(p->dc->srv_chal.data, 8);
334 /* set up the LSA REQUEST CHALLENGE response */
335 init_net_r_req_chal(r_u, &p->dc->srv_chal, NT_STATUS_OK);
337 p->dc->challenge_sent = True;
342 /*************************************************************************
344 *************************************************************************/
346 static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, NTSTATUS status)
348 memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
349 r_a->status = status;
352 /*************************************************************************
353 _net_auth. Create the initial credentials.
354 *************************************************************************/
356 NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
360 fstring remote_machine;
361 DOM_CHAL srv_chal_out;
363 if (!p->dc || !p->dc->challenge_sent) {
364 return NT_STATUS_ACCESS_DENIED;
367 rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
368 q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
369 rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
370 q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
372 status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
373 if (!NT_STATUS_IS_OK(status)) {
374 DEBUG(0,("_net_auth: creds_server_check failed. Failed to "
375 "get password for machine account %s "
376 "from client %s: %s\n",
377 mach_acct, remote_machine, nt_errstr(status) ));
378 /* always return NT_STATUS_ACCESS_DENIED */
379 return NT_STATUS_ACCESS_DENIED;
382 /* From the client / server challenges and md4 password, generate sess key */
383 creds_server_init(0, /* No neg flags. */
385 &p->dc->clnt_chal, /* Stored client chal. */
386 &p->dc->srv_chal, /* Stored server chal. */
390 /* Check client credentials are valid. */
391 if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
392 DEBUG(0,("_net_auth: creds_server_check failed. Rejecting auth "
393 "request from client %s machine account %s\n",
394 remote_machine, mach_acct ));
395 return NT_STATUS_ACCESS_DENIED;
398 fstrcpy(p->dc->mach_acct, mach_acct);
399 fstrcpy(p->dc->remote_machine, remote_machine);
400 p->dc->authenticated = True;
402 /* set up the LSA AUTH response */
403 /* Return the server credentials. */
404 init_net_r_auth(r_u, &srv_chal_out, NT_STATUS_OK);
409 /*************************************************************************
411 *************************************************************************/
413 static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
414 DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status)
416 memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
417 memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
418 r_a->status = status;
421 /*************************************************************************
423 *************************************************************************/
425 NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
430 fstring remote_machine;
431 DOM_CHAL srv_chal_out;
433 rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
434 q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
436 /* We use this as the key to store the creds. */
437 rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
438 q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
440 if (!p->dc || !p->dc->challenge_sent) {
441 DEBUG(0,("_net_auth2: no challenge sent to client %s\n",
443 return NT_STATUS_ACCESS_DENIED;
446 if ( (lp_server_schannel() == True) &&
447 ((q_u->clnt_flgs.neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
449 /* schannel must be used, but client did not offer it. */
450 DEBUG(0,("_net_auth2: schannel required but client failed "
451 "to offer it. Client was %s\n",
453 return NT_STATUS_ACCESS_DENIED;
456 status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
457 if (!NT_STATUS_IS_OK(status)) {
458 DEBUG(0,("_net_auth2: failed to get machine password for "
460 mach_acct, nt_errstr(status) ));
461 /* always return NT_STATUS_ACCESS_DENIED */
462 return NT_STATUS_ACCESS_DENIED;
465 /* From the client / server challenges and md4 password, generate sess key */
466 creds_server_init(q_u->clnt_flgs.neg_flags,
468 &p->dc->clnt_chal, /* Stored client chal. */
469 &p->dc->srv_chal, /* Stored server chal. */
473 /* Check client credentials are valid. */
474 if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
475 DEBUG(0,("_net_auth2: creds_server_check failed. Rejecting auth "
476 "request from client %s machine account %s\n",
477 remote_machine, mach_acct ));
478 return NT_STATUS_ACCESS_DENIED;
481 srv_flgs.neg_flags = 0x000001ff;
483 if (lp_server_schannel() != False) {
484 srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
487 /* set up the LSA AUTH 2 response */
488 init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);
490 fstrcpy(p->dc->mach_acct, mach_acct);
491 fstrcpy(p->dc->remote_machine, remote_machine);
492 fstrcpy(p->dc->domain, lp_workgroup() );
494 p->dc->authenticated = True;
496 /* Store off the state so we can continue after client disconnect. */
498 secrets_store_schannel_session_info(p->mem_ctx,
506 /*************************************************************************
508 *************************************************************************/
510 NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
512 fstring remote_machine;
513 struct samu *sampass=NULL;
515 unsigned char pwd[16];
521 DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
523 /* We need the remote machine name for the creds lookup. */
524 rpcstr_pull(remote_machine,q_u->clnt_id.login.uni_comp_name.buffer,
525 sizeof(remote_machine),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0);
527 if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
528 /* 'server schannel = yes' should enforce use of
529 schannel, the client did offer it in auth2, but
530 obviously did not use it. */
531 DEBUG(0,("_net_srv_pwset: client %s not using schannel for netlogon\n",
533 return NT_STATUS_ACCESS_DENIED;
537 /* Restore the saved state of the netlogon creds. */
539 ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
544 return NT_STATUS_INVALID_HANDLE;
548 if (!p->dc || !p->dc->authenticated) {
549 return NT_STATUS_INVALID_HANDLE;
552 DEBUG(3,("_net_srv_pwset: Server Password Set by remote machine:[%s] on account [%s]\n",
553 remote_machine, p->dc->mach_acct));
555 /* Step the creds chain forward. */
556 if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
557 DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
558 "request from client %s machine account %s\n",
559 remote_machine, p->dc->mach_acct ));
560 return NT_STATUS_INVALID_PARAMETER;
563 /* We must store the creds state after an update. */
564 sampass = samu_new( NULL );
566 return NT_STATUS_NO_MEMORY;
570 secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
573 ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
577 TALLOC_FREE(sampass);
578 return NT_STATUS_ACCESS_DENIED;
581 /* Ensure the account exists and is a machine account. */
583 acct_ctrl = pdb_get_acct_ctrl(sampass);
585 if (!(acct_ctrl & ACB_WSTRUST ||
586 acct_ctrl & ACB_SVRTRUST ||
587 acct_ctrl & ACB_DOMTRUST)) {
588 TALLOC_FREE(sampass);
589 return NT_STATUS_NO_SUCH_USER;
592 if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
593 TALLOC_FREE(sampass);
594 return NT_STATUS_ACCOUNT_DISABLED;
597 /* Woah - what does this to to the credential chain ? JRA */
598 cred_hash3( pwd, q_u->pwd, p->dc->sess_key, 0);
600 DEBUG(100,("Server password set : new given value was :\n"));
601 for(i = 0; i < sizeof(pwd); i++)
602 DEBUG(100,("%02X ", pwd[i]));
605 old_pw = pdb_get_nt_passwd(sampass);
607 if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
608 /* Avoid backend modificiations and other fun if the
609 client changed the password to the *same thing* */
614 /* LM password should be NULL for machines */
615 if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
616 TALLOC_FREE(sampass);
617 return NT_STATUS_NO_MEMORY;
620 if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
621 TALLOC_FREE(sampass);
622 return NT_STATUS_NO_MEMORY;
625 if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
626 TALLOC_FREE(sampass);
627 /* Not quite sure what this one qualifies as, but this will do */
628 return NT_STATUS_UNSUCCESSFUL;
632 r_u->status = pdb_update_sam_account(sampass);
636 /* set up the LSA Server Password Set response */
637 init_net_r_srv_pwset(r_u, &cred_out, r_u->status);
639 TALLOC_FREE(sampass);
643 /*************************************************************************
645 *************************************************************************/
647 NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u)
649 fstring remote_machine;
651 if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
652 /* 'server schannel = yes' should enforce use of
653 schannel, the client did offer it in auth2, but
654 obviously did not use it. */
655 DEBUG(0,("_net_sam_logoff: client %s not using schannel for netlogon\n",
656 get_remote_machine_name() ));
657 return NT_STATUS_ACCESS_DENIED;
661 if (!get_valid_user_struct(p->vuid))
662 return NT_STATUS_NO_SUCH_USER;
664 /* Get the remote machine name for the creds store. */
665 rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
666 sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
669 /* Restore the saved state of the netlogon creds. */
673 ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
678 return NT_STATUS_INVALID_HANDLE;
682 if (!p->dc || !p->dc->authenticated) {
683 return NT_STATUS_INVALID_HANDLE;
686 r_u->buffer_creds = 1; /* yes, we have valid server credentials */
688 /* checks and updates credentials. creates reply credentials */
689 if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
690 DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
691 "request from client %s machine account %s\n",
692 remote_machine, p->dc->mach_acct ));
693 return NT_STATUS_INVALID_PARAMETER;
696 /* We must store the creds state after an update. */
698 secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
703 r_u->status = NT_STATUS_OK;
707 /*******************************************************************
708 gets a domain user's groups from their already-calculated NT_USER_TOKEN
709 ********************************************************************/
711 static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
712 const DOM_SID *domain_sid,
715 int *numgroups, DOM_GID **pgids)
722 for (i=0; i<num_sids; i++) {
724 if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.g_rid)) {
727 gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
729 ADD_TO_ARRAY(mem_ctx, DOM_GID, gid, pgids, numgroups);
730 if (*pgids == NULL) {
731 return NT_STATUS_NO_MEMORY;
737 /*************************************************************************
739 *************************************************************************/
741 static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
742 NET_Q_SAM_LOGON *q_u,
743 NET_R_SAM_LOGON *r_u,
746 NTSTATUS status = NT_STATUS_OK;
747 NET_USER_INFO_3 *usr_info = NULL;
748 NET_ID_INFO_CTR *ctr = q_u->sam_id.ctr;
749 UNISTR2 *uni_samlogon_user = NULL;
750 UNISTR2 *uni_samlogon_domain = NULL;
751 UNISTR2 *uni_samlogon_workstation = NULL;
752 fstring nt_username, nt_domain, nt_workstation;
753 auth_usersupplied_info *user_info = NULL;
754 auth_serversupplied_info *server_info = NULL;
756 struct auth_context *auth_context = NULL;
758 if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
759 /* 'server schannel = yes' should enforce use of
760 schannel, the client did offer it in auth2, but
761 obviously did not use it. */
762 DEBUG(0,("_net_sam_logon_internal: client %s not using schannel for netlogon\n",
763 get_remote_machine_name() ));
764 return NT_STATUS_ACCESS_DENIED;
767 usr_info = TALLOC_P(p->mem_ctx, NET_USER_INFO_3);
769 return NT_STATUS_NO_MEMORY;
772 ZERO_STRUCTP(usr_info);
774 /* store the user information, if there is any. */
775 r_u->user = usr_info;
776 r_u->auth_resp = 1; /* authoritative response */
777 if (q_u->validation_level != 2 && q_u->validation_level != 3) {
778 DEBUG(0,("_net_sam_logon: bad validation_level value %d.\n", (int)q_u->validation_level ));
779 return NT_STATUS_ACCESS_DENIED;
781 /* We handle the return of USER_INFO_2 instead of 3 in the parse return. Sucks, I know... */
782 r_u->switch_value = q_u->validation_level; /* indicates type of validation user info */
783 r_u->buffer_creds = 1; /* Ensure we always return server creds. */
785 if (!get_valid_user_struct(p->vuid))
786 return NT_STATUS_NO_SUCH_USER;
789 fstring remote_machine;
791 /* Get the remote machine name for the creds store. */
792 /* Note this is the remote machine this request is coming from (member server),
793 not neccessarily the workstation name the user is logging onto.
795 rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
796 sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
799 /* Restore the saved state of the netlogon creds. */
803 ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
808 return NT_STATUS_INVALID_HANDLE;
812 if (!p->dc || !p->dc->authenticated) {
813 return NT_STATUS_INVALID_HANDLE;
816 /* checks and updates credentials. creates reply credentials */
817 if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
818 DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth "
819 "request from client %s machine account %s\n",
820 remote_machine, p->dc->mach_acct ));
821 return NT_STATUS_INVALID_PARAMETER;
824 /* We must store the creds state after an update. */
826 secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
832 switch (q_u->sam_id.logon_level) {
833 case INTERACTIVE_LOGON_TYPE:
834 uni_samlogon_user = &ctr->auth.id1.uni_user_name;
835 uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
837 uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
839 DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
842 uni_samlogon_user = &ctr->auth.id2.uni_user_name;
843 uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
844 uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
846 DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
849 DEBUG(2,("SAM Logon: unsupported switch value\n"));
850 return NT_STATUS_INVALID_INFO_CLASS;
853 rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
854 rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
855 rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
857 DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
858 fstrcpy(current_user_info.smb_name, nt_username);
859 sub_set_smb_name(nt_username);
861 DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username));
863 status = NT_STATUS_OK;
865 switch (ctr->switch_value) {
868 const char *wksname = nt_workstation;
870 if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
874 /* For a network logon, the workstation name comes in with two
875 * backslashes in the front. Strip them if they are there. */
877 if (*wksname == '\\') wksname++;
878 if (*wksname == '\\') wksname++;
880 /* Standard challenge/response authenticaion */
881 if (!make_user_info_netlogon_network(&user_info,
882 nt_username, nt_domain,
884 ctr->auth.id2.param_ctrl,
885 ctr->auth.id2.lm_chal_resp.buffer,
886 ctr->auth.id2.lm_chal_resp.str_str_len,
887 ctr->auth.id2.nt_chal_resp.buffer,
888 ctr->auth.id2.nt_chal_resp.str_str_len)) {
889 status = NT_STATUS_NO_MEMORY;
893 case INTERACTIVE_LOGON_TYPE:
894 /* 'Interactive' authentication, supplies the password in its
895 MD4 form, encrypted with the session key. We will convert
896 this to challenge/response for the auth subsystem to chew
901 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
905 chal = auth_context->get_ntlm_challenge(auth_context);
907 if (!make_user_info_netlogon_interactive(&user_info,
908 nt_username, nt_domain,
910 ctr->auth.id1.param_ctrl,
912 ctr->auth.id1.lm_owf.data,
913 ctr->auth.id1.nt_owf.data,
915 status = NT_STATUS_NO_MEMORY;
920 DEBUG(2,("SAM Logon: unsupported switch value\n"));
921 return NT_STATUS_INVALID_INFO_CLASS;
924 if ( NT_STATUS_IS_OK(status) ) {
925 status = auth_context->check_ntlm_password(auth_context,
926 user_info, &server_info);
929 (auth_context->free)(&auth_context);
930 free_user_info(&user_info);
932 DEBUG(5, ("_net_sam_logon: check_password returned status %s\n",
935 /* Check account and password */
937 if (!NT_STATUS_IS_OK(status)) {
938 /* If we don't know what this domain is, we need to
939 indicate that we are not authoritative. This
940 allows the client to decide if it needs to try
941 a local user. Fix by jpjanosi@us.ibm.com, #2976 */
942 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
943 && !strequal(nt_domain, get_global_sam_name())
944 && !is_trusted_domain(nt_domain) )
945 r_u->auth_resp = 0; /* We are not authoritative */
947 TALLOC_FREE(server_info);
951 if (server_info->guest) {
952 /* We don't like guest domain logons... */
953 DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST "
955 TALLOC_FREE(server_info);
956 return NT_STATUS_LOGON_FAILURE;
959 /* This is the point at which, if the login was successful, that
960 the SAM Local Security Authority should record that the user is
961 logged in to the domain. */
964 DOM_GID *gids = NULL;
965 const DOM_SID *user_sid = NULL;
966 const DOM_SID *group_sid = NULL;
968 uint32 user_rid, group_rid;
972 unsigned char user_session_key[16];
973 unsigned char lm_session_key[16];
974 unsigned char pipe_session_key[16];
976 sampw = server_info->sam_account;
978 /* set up pointer indicating user/password failed to be
980 usr_info->ptr_user_info = 0;
982 user_sid = pdb_get_user_sid(sampw);
983 group_sid = pdb_get_group_sid(sampw);
985 if ((user_sid == NULL) || (group_sid == NULL)) {
986 DEBUG(1, ("_net_sam_logon: User without group or user SID\n"));
987 return NT_STATUS_UNSUCCESSFUL;
990 sid_copy(&domain_sid, user_sid);
991 sid_split_rid(&domain_sid, &user_rid);
993 if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
994 DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid "
995 "%s\n but group sid %s.\n"
996 "The conflicting domain portions are not "
997 "supported for NETLOGON calls\n",
998 pdb_get_domain(sampw),
999 pdb_get_username(sampw),
1000 sid_string_dbg(user_sid),
1001 sid_string_dbg(group_sid)));
1002 return NT_STATUS_UNSUCCESSFUL;
1005 if(server_info->login_server) {
1006 my_name = server_info->login_server;
1008 my_name = global_myname();
1011 status = nt_token_to_group_list(p->mem_ctx, &domain_sid,
1012 server_info->num_sids,
1016 if (!NT_STATUS_IS_OK(status)) {
1020 if (server_info->user_session_key.length) {
1021 memcpy(user_session_key,
1022 server_info->user_session_key.data,
1023 MIN(sizeof(user_session_key),
1024 server_info->user_session_key.length));
1025 if (process_creds) {
1026 /* Get the pipe session key from the creds. */
1027 memcpy(pipe_session_key, p->dc->sess_key, 16);
1029 /* Get the pipe session key from the schannel. */
1030 if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL || p->auth.a_u.schannel_auth == NULL) {
1031 return NT_STATUS_INVALID_HANDLE;
1033 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1035 SamOEMhash(user_session_key, pipe_session_key, 16);
1036 memset(pipe_session_key, '\0', 16);
1038 if (server_info->lm_session_key.length) {
1039 memcpy(lm_session_key,
1040 server_info->lm_session_key.data,
1041 MIN(sizeof(lm_session_key),
1042 server_info->lm_session_key.length));
1043 if (process_creds) {
1044 /* Get the pipe session key from the creds. */
1045 memcpy(pipe_session_key, p->dc->sess_key, 16);
1047 /* Get the pipe session key from the schannel. */
1048 if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL || p->auth.a_u.schannel_auth == NULL) {
1049 return NT_STATUS_INVALID_HANDLE;
1051 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1053 SamOEMhash(lm_session_key, pipe_session_key, 16);
1054 memset(pipe_session_key, '\0', 16);
1057 init_net_user_info3(p->mem_ctx, usr_info,
1060 pdb_get_username(sampw),
1061 pdb_get_fullname(sampw),
1062 pdb_get_homedir(sampw),
1063 pdb_get_dir_drive(sampw),
1064 pdb_get_logon_script(sampw),
1065 pdb_get_profile_path(sampw),
1066 pdb_get_logon_time(sampw),
1069 pdb_get_pass_last_set_time(sampw),
1070 pdb_get_pass_can_change_time(sampw),
1071 pdb_get_pass_must_change_time(sampw),
1072 0, /* logon_count */
1073 0, /* bad_pw_count */
1074 num_gids, /* uint32 num_groups */
1075 gids , /* DOM_GID *gids */
1076 NETLOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
1077 pdb_get_acct_ctrl(sampw),
1078 server_info->user_session_key.length ? user_session_key : NULL,
1079 server_info->lm_session_key.length ? lm_session_key : NULL,
1080 my_name , /* char *logon_srv */
1081 pdb_get_domain(sampw),
1082 &domain_sid); /* DOM_SID *dom_sid */
1083 ZERO_STRUCT(user_session_key);
1084 ZERO_STRUCT(lm_session_key);
1086 TALLOC_FREE(server_info);
1090 /*************************************************************************
1092 *************************************************************************/
1094 NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
1096 return _net_sam_logon_internal(p, q_u, r_u, True);
1099 /*************************************************************************
1100 _net_sam_logon_ex - no credential chaining. Map into net sam logon.
1101 *************************************************************************/
1103 NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u)
1111 /* Only allow this if the pipe is protected. */
1112 if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1113 DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n",
1114 get_remote_machine_name() ));
1115 return NT_STATUS_INVALID_PARAMETER;
1118 /* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */
1119 q.validation_level = q_u->validation_level;
1121 /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
1122 q.sam_id.client.login = q_u->sam_id.client;
1123 q.sam_id.logon_level = q_u->sam_id.logon_level;
1124 q.sam_id.ctr = q_u->sam_id.ctr;
1126 r_u->status = _net_sam_logon_internal(p, &q, &r, False);
1128 if (!NT_STATUS_IS_OK(r_u->status)) {
1132 /* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */
1133 r_u->switch_value = r.switch_value;
1135 r_u->auth_resp = r.auth_resp;
1136 r_u->flags = 0; /* FIXME ! */
1140 /*************************************************************************
1142 *************************************************************************/
1143 #if 0 /* JERRY -- not correct */
1144 NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
1145 DS_R_ENUM_DOM_TRUSTS *r_u)
1147 NTSTATUS status = NT_STATUS_OK;
1149 /* TODO: According to MSDN, the can only be executed against a
1150 DC or domain member running Windows 2000 or later. Need
1151 to test against a standalone 2k server and see what it
1152 does. A windows 2000 DC includes its own domain in the
1160 /****************************************************************
1161 ****************************************************************/
1163 WERROR _netr_LogonUasLogon(pipes_struct *p,
1164 struct netr_LogonUasLogon *r)
1166 p->rng_fault_state = true;
1167 return WERR_NOT_SUPPORTED;
1170 /****************************************************************
1171 ****************************************************************/
1173 WERROR _netr_LogonUasLogoff(pipes_struct *p,
1174 struct netr_LogonUasLogoff *r)
1176 p->rng_fault_state = true;
1177 return WERR_NOT_SUPPORTED;
1180 /****************************************************************
1181 ****************************************************************/
1183 NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
1184 struct netr_LogonSamLogon *r)
1186 p->rng_fault_state = true;
1187 return NT_STATUS_NOT_IMPLEMENTED;
1190 /****************************************************************
1191 ****************************************************************/
1193 NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
1194 struct netr_LogonSamLogoff *r)
1196 p->rng_fault_state = true;
1197 return NT_STATUS_NOT_IMPLEMENTED;
1200 /****************************************************************
1201 ****************************************************************/
1203 NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
1204 struct netr_ServerReqChallenge *r)
1206 p->rng_fault_state = true;
1207 return NT_STATUS_NOT_IMPLEMENTED;
1210 /****************************************************************
1211 ****************************************************************/
1213 NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
1214 struct netr_ServerAuthenticate *r)
1216 p->rng_fault_state = true;
1217 return NT_STATUS_NOT_IMPLEMENTED;
1220 /****************************************************************
1221 ****************************************************************/
1223 NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
1224 struct netr_ServerPasswordSet *r)
1226 p->rng_fault_state = true;
1227 return NT_STATUS_NOT_IMPLEMENTED;
1230 /****************************************************************
1231 ****************************************************************/
1233 NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1234 struct netr_DatabaseDeltas *r)
1236 p->rng_fault_state = true;
1237 return NT_STATUS_NOT_IMPLEMENTED;
1240 /****************************************************************
1241 ****************************************************************/
1243 NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1244 struct netr_DatabaseSync *r)
1246 p->rng_fault_state = true;
1247 return NT_STATUS_NOT_IMPLEMENTED;
1250 /****************************************************************
1251 ****************************************************************/
1253 NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1254 struct netr_AccountDeltas *r)
1256 p->rng_fault_state = true;
1257 return NT_STATUS_NOT_IMPLEMENTED;
1260 /****************************************************************
1261 ****************************************************************/
1263 NTSTATUS _netr_AccountSync(pipes_struct *p,
1264 struct netr_AccountSync *r)
1266 p->rng_fault_state = true;
1267 return NT_STATUS_NOT_IMPLEMENTED;
1270 /****************************************************************
1271 ****************************************************************/
1273 WERROR _netr_GetDcName(pipes_struct *p,
1274 struct netr_GetDcName *r)
1276 p->rng_fault_state = true;
1277 return WERR_NOT_SUPPORTED;
1280 /****************************************************************
1281 ****************************************************************/
1283 WERROR _netr_GetAnyDCName(pipes_struct *p,
1284 struct netr_GetAnyDCName *r)
1286 p->rng_fault_state = true;
1287 return WERR_NOT_SUPPORTED;
1290 /****************************************************************
1291 ****************************************************************/
1293 WERROR _netr_LogonControl2(pipes_struct *p,
1294 struct netr_LogonControl2 *r)
1296 p->rng_fault_state = true;
1297 return WERR_NOT_SUPPORTED;
1300 /****************************************************************
1301 ****************************************************************/
1303 NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
1304 struct netr_ServerAuthenticate2 *r)
1306 p->rng_fault_state = true;
1307 return NT_STATUS_NOT_IMPLEMENTED;
1310 /****************************************************************
1311 ****************************************************************/
1313 NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1314 struct netr_DatabaseSync2 *r)
1316 p->rng_fault_state = true;
1317 return NT_STATUS_NOT_IMPLEMENTED;
1320 /****************************************************************
1321 ****************************************************************/
1323 NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1324 struct netr_DatabaseRedo *r)
1326 p->rng_fault_state = true;
1327 return NT_STATUS_NOT_IMPLEMENTED;
1330 /****************************************************************
1331 ****************************************************************/
1333 WERROR _netr_LogonControl2Ex(pipes_struct *p,
1334 struct netr_LogonControl2Ex *r)
1336 p->rng_fault_state = true;
1337 return WERR_NOT_SUPPORTED;
1340 /****************************************************************
1341 ****************************************************************/
1343 WERROR _netr_DsRGetDCName(pipes_struct *p,
1344 struct netr_DsRGetDCName *r)
1346 p->rng_fault_state = true;
1347 return WERR_NOT_SUPPORTED;
1350 /****************************************************************
1351 ****************************************************************/
1353 WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p,
1354 struct netr_NETRLOGONDUMMYROUTINE1 *r)
1356 p->rng_fault_state = true;
1357 return WERR_NOT_SUPPORTED;
1360 /****************************************************************
1361 ****************************************************************/
1363 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1364 struct netr_NETRLOGONSETSERVICEBITS *r)
1366 p->rng_fault_state = true;
1367 return WERR_NOT_SUPPORTED;
1370 /****************************************************************
1371 ****************************************************************/
1373 WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1374 struct netr_LogonGetTrustRid *r)
1376 p->rng_fault_state = true;
1377 return WERR_NOT_SUPPORTED;
1380 /****************************************************************
1381 ****************************************************************/
1383 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1384 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1386 p->rng_fault_state = true;
1387 return WERR_NOT_SUPPORTED;
1390 /****************************************************************
1391 ****************************************************************/
1393 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1394 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1396 p->rng_fault_state = true;
1397 return WERR_NOT_SUPPORTED;
1400 /****************************************************************
1401 ****************************************************************/
1403 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
1404 struct netr_ServerAuthenticate3 *r)
1406 p->rng_fault_state = true;
1407 return NT_STATUS_NOT_IMPLEMENTED;
1410 /****************************************************************
1411 ****************************************************************/
1413 WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1414 struct netr_DsRGetDCNameEx *r)
1416 p->rng_fault_state = true;
1417 return WERR_NOT_SUPPORTED;
1420 /****************************************************************
1421 ****************************************************************/
1423 WERROR _netr_DsRGetSiteName(pipes_struct *p,
1424 struct netr_DsRGetSiteName *r)
1426 p->rng_fault_state = true;
1427 return WERR_NOT_SUPPORTED;
1430 /****************************************************************
1431 ****************************************************************/
1433 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1434 struct netr_LogonGetDomainInfo *r)
1436 p->rng_fault_state = true;
1437 return NT_STATUS_NOT_IMPLEMENTED;
1440 /****************************************************************
1441 ****************************************************************/
1443 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
1444 struct netr_ServerPasswordSet2 *r)
1446 p->rng_fault_state = true;
1447 return NT_STATUS_NOT_IMPLEMENTED;
1450 /****************************************************************
1451 ****************************************************************/
1453 WERROR _netr_ServerPasswordGet(pipes_struct *p,
1454 struct netr_ServerPasswordGet *r)
1456 p->rng_fault_state = true;
1457 return WERR_NOT_SUPPORTED;
1460 /****************************************************************
1461 ****************************************************************/
1463 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1464 struct netr_NETRLOGONSENDTOSAM *r)
1466 p->rng_fault_state = true;
1467 return WERR_NOT_SUPPORTED;
1470 /****************************************************************
1471 ****************************************************************/
1473 WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1474 struct netr_DsRAddressToSitenamesW *r)
1476 p->rng_fault_state = true;
1477 return WERR_NOT_SUPPORTED;
1480 /****************************************************************
1481 ****************************************************************/
1483 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1484 struct netr_DsRGetDCNameEx2 *r)
1486 p->rng_fault_state = true;
1487 return WERR_NOT_SUPPORTED;
1490 /****************************************************************
1491 ****************************************************************/
1493 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1494 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1496 p->rng_fault_state = true;
1497 return WERR_NOT_SUPPORTED;
1500 /****************************************************************
1501 ****************************************************************/
1503 WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1504 struct netr_NetrEnumerateTrustedDomainsEx *r)
1506 p->rng_fault_state = true;
1507 return WERR_NOT_SUPPORTED;
1510 /****************************************************************
1511 ****************************************************************/
1513 WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1514 struct netr_DsRAddressToSitenamesExW *r)
1516 p->rng_fault_state = true;
1517 return WERR_NOT_SUPPORTED;
1520 /****************************************************************
1521 ****************************************************************/
1523 WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1524 struct netr_DsrGetDcSiteCoverageW *r)
1526 p->rng_fault_state = true;
1527 return WERR_NOT_SUPPORTED;
1530 /****************************************************************
1531 ****************************************************************/
1533 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1534 struct netr_LogonSamLogonEx *r)
1536 p->rng_fault_state = true;
1537 return NT_STATUS_NOT_IMPLEMENTED;
1540 /****************************************************************
1541 ****************************************************************/
1543 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1544 struct netr_DsrEnumerateDomainTrusts *r)
1546 p->rng_fault_state = true;
1547 return WERR_NOT_SUPPORTED;
1550 /****************************************************************
1551 ****************************************************************/
1553 WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1554 struct netr_DsrDeregisterDNSHostRecords *r)
1556 p->rng_fault_state = true;
1557 return WERR_NOT_SUPPORTED;
1560 /****************************************************************
1561 ****************************************************************/
1563 NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1564 struct netr_ServerTrustPasswordsGet *r)
1566 p->rng_fault_state = true;
1567 return NT_STATUS_NOT_IMPLEMENTED;
1570 /****************************************************************
1571 ****************************************************************/
1573 WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1574 struct netr_DsRGetForestTrustInformation *r)
1576 p->rng_fault_state = true;
1577 return WERR_NOT_SUPPORTED;
1580 /****************************************************************
1581 ****************************************************************/
1583 WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1584 struct netr_GetForestTrustInformation *r)
1586 p->rng_fault_state = true;
1587 return WERR_NOT_SUPPORTED;
1590 /****************************************************************
1591 ****************************************************************/
1593 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1594 struct netr_LogonSamLogonWithFlags *r)
1596 p->rng_fault_state = true;
1597 return NT_STATUS_NOT_IMPLEMENTED;
1600 /****************************************************************
1601 ****************************************************************/
1603 WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p,
1604 struct netr_NETRSERVERGETTRUSTINFO *r)
1606 p->rng_fault_state = true;
1607 return WERR_NOT_SUPPORTED;