r4320: fix locations of new trusting domains and domsin controller
[samba.git] / source4 / rpc_server / netlogon / dcerpc_netlogon.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    endpoint server for the netlogon pipe
5
6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
7    
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 2 of the License, or
11    (at your option) any later version.
12    
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17    
18    You should have received a copy of the GNU General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "librpc/gen_ndr/ndr_netlogon.h"
25 #include "rpc_server/dcerpc_server.h"
26 #include "rpc_server/common/common.h"
27 #include "librpc/gen_ndr/ndr_dcom.h"
28 #include "auth/auth.h"
29 #include "lib/ldb/include/ldb.h"
30
31 struct server_pipe_state {
32         struct netr_Credential client_challenge;
33         struct netr_Credential server_challenge;
34         BOOL authenticated;
35         char *account_name;
36         char *computer_name;  /* for logging only */
37         uint32_t acct_flags;
38         uint16_t sec_chan_type;
39         struct creds_CredentialState *creds;
40 };
41
42
43 /*
44   a client has connected to the netlogon server using schannel, so we need
45   to re-establish the credentials state
46 */
47 static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call) 
48 {
49         struct server_pipe_state *state;
50         NTSTATUS status;
51
52         state = talloc_p(dce_call->conn, struct server_pipe_state);
53         if (state == NULL) {
54                 return NT_STATUS_NO_MEMORY;
55         }
56         ZERO_STRUCTP(state);
57         state->authenticated = True;
58         
59         if (dce_call->conn->auth_state.session_info == NULL) {
60                 talloc_free(state);
61                 smb_panic("No session info provided by schannel level setup!");
62                 return NT_STATUS_NO_USER_SESSION_KEY;
63         }
64         
65         status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security, 
66                                        state, 
67                                        &state->creds);
68
69         if (!NT_STATUS_IS_OK(status)) {
70                 DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status)));
71                 talloc_free(state);
72                 return status;
73         }
74         
75         dce_call->conn->private = state;
76
77         return NT_STATUS_OK;
78 }
79
80 /*
81   a hook for bind on the netlogon pipe
82 */
83 static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di) 
84 {
85         dce_call->conn->private = NULL;
86
87         /* if this is a schannel bind then we need to reconstruct the pipe state */
88         if (dce_call->conn->auth_state.auth_info &&
89             dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
90                 NTSTATUS status;
91
92                 DEBUG(5, ("schannel bind on netlogon\n"));
93
94                 status = netlogon_schannel_setup(dce_call);
95                 if (!NT_STATUS_IS_OK(status)) {
96                         DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status)));
97                         return status;
98                 }
99         }
100
101         return NT_STATUS_OK;
102 }
103
104 /* this function is called when the client disconnects the endpoint */
105 static void netlogon_unbind(struct dcesrv_connection *conn, const struct dcesrv_interface *di) 
106 {
107         struct server_pipe_state *pipe_state = conn->private;
108
109         if (pipe_state) {
110                 talloc_free(pipe_state);
111         }
112
113         conn->private = NULL;
114 }
115
116 #define DCESRV_INTERFACE_NETLOGON_BIND netlogon_bind
117 #define DCESRV_INTERFACE_NETLOGON_UNBIND netlogon_unbind
118
119 static NTSTATUS netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
120                                         struct netr_ServerReqChallenge *r)
121 {
122         struct server_pipe_state *pipe_state = dce_call->conn->private;
123
124         ZERO_STRUCTP(r->out.credentials);
125
126         /* destroyed on pipe shutdown */
127
128         if (pipe_state) {
129                 talloc_free(pipe_state);
130                 dce_call->conn->private = NULL;
131         }
132         
133         pipe_state = talloc_p(dce_call->conn, struct server_pipe_state);
134         if (!pipe_state) {
135                 return NT_STATUS_NO_MEMORY;
136         }
137
138         pipe_state->authenticated = False;
139         pipe_state->creds = NULL;
140         pipe_state->account_name = NULL;
141         pipe_state->computer_name = NULL;
142
143         pipe_state->client_challenge = *r->in.credentials;
144
145         generate_random_buffer(pipe_state->server_challenge.data, 
146                                sizeof(pipe_state->server_challenge.data));
147
148         *r->out.credentials = pipe_state->server_challenge;
149
150         dce_call->conn->private = pipe_state;
151
152         return NT_STATUS_OK;
153 }
154
155 static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
156                                          struct netr_ServerAuthenticate3 *r)
157 {
158         struct server_pipe_state *pipe_state = dce_call->conn->private;
159         void *sam_ctx;
160         struct samr_Password *mach_pwd;
161         uint16_t acct_flags;
162         int num_records;
163         struct ldb_message **msgs;
164         NTSTATUS nt_status;
165         const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl", 
166                                "objectSid", NULL};
167
168         ZERO_STRUCTP(r->out.credentials);
169         *r->out.rid = 0;
170         *r->out.negotiate_flags = *r->in.negotiate_flags;
171
172         if (!pipe_state) {
173                 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
174                 return NT_STATUS_ACCESS_DENIED;
175         }
176
177         sam_ctx = samdb_connect(mem_ctx);
178         if (sam_ctx == NULL) {
179                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
180         }
181         /* pull the user attributes */
182         num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
183                                    "(&(sAMAccountName=%s)(objectclass=user))", 
184                                    r->in.account_name);
185
186         if (num_records == 0) {
187                 DEBUG(3,("Couldn't find user [%s] in samdb.\n", 
188                          r->in.account_name));
189                 return NT_STATUS_NO_SUCH_USER;
190         }
191
192         if (num_records > 1) {
193                 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
194                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
195         }
196
197         acct_flags = samdb_result_acct_flags(msgs[0], 
198                                              "userAccountControl");
199
200         if (acct_flags & ACB_DISABLED) {
201                 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
202                 return NT_STATUS_ACCESS_DENIED;
203         }
204
205         if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
206                 if (!(acct_flags & ACB_WSTRUST)) {
207                         DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", acct_flags));
208                         return NT_STATUS_ACCESS_DENIED;
209                 }
210         } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
211                 if (!(acct_flags & ACB_DOMTRUST)) {
212                         DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", acct_flags));
213                         return NT_STATUS_ACCESS_DENIED;
214                 }
215         } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
216                 if (!(acct_flags & ACB_SVRTRUST)) {
217                         DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", acct_flags));
218                         return NT_STATUS_ACCESS_DENIED;
219                 }
220         } else {
221                 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n", 
222                           r->in.secure_channel_type));
223                 return NT_STATUS_ACCESS_DENIED;
224         }
225
226         pipe_state->acct_flags = acct_flags;
227         pipe_state->sec_chan_type = r->in.secure_channel_type;
228
229         *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0);
230
231         nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
232         if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
233                 return NT_STATUS_ACCESS_DENIED;
234         }
235
236         if (!pipe_state->creds) {
237                 pipe_state->creds = talloc_p(pipe_state, struct creds_CredentialState);
238                 if (!pipe_state->creds) {
239                         return NT_STATUS_NO_MEMORY;
240                 }
241         }
242
243         creds_server_init(pipe_state->creds, &pipe_state->client_challenge, 
244                           &pipe_state->server_challenge, mach_pwd,
245                           r->out.credentials,
246                           *r->in.negotiate_flags);
247         
248         if (!creds_server_check(pipe_state->creds, r->in.credentials)) {
249                 return NT_STATUS_ACCESS_DENIED;
250         }
251
252         pipe_state->authenticated = True;
253
254         if (pipe_state->account_name) {
255                 /* We don't want a memory leak on this long-lived talloc context */
256                 talloc_free(pipe_state->account_name);
257         }
258
259         pipe_state->account_name = talloc_strdup(pipe_state, r->in.account_name);
260         
261         if (pipe_state->computer_name) {
262                 /* We don't want a memory leak on this long-lived talloc context */
263                 talloc_free(pipe_state->computer_name);
264         }
265
266         pipe_state->computer_name = talloc_strdup(pipe_state, r->in.computer_name);
267
268         /* remember this session key state */
269         nt_status = schannel_store_session_key(mem_ctx, pipe_state->computer_name, pipe_state->creds);
270
271         return nt_status;
272 }
273                                                  
274 static NTSTATUS netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
275                                         struct netr_ServerAuthenticate *r)
276 {
277         struct netr_ServerAuthenticate3 r3;
278         uint32_t rid = 0;
279         /* TODO: 
280          * negotiate_flags is used as an [in] parameter
281          * so it need to be initialised.
282          *
283          * (I think ... = 0; seems wrong here --metze)
284          */
285         uint32 negotiate_flags = 0;  
286
287         r3.in.server_name = r->in.server_name;
288         r3.in.account_name = r->in.account_name;
289         r3.in.secure_channel_type = r->in.secure_channel_type;
290         r3.in.computer_name = r->in.computer_name;
291         r3.in.credentials = r->in.credentials;
292         r3.out.credentials = r->out.credentials;
293         r3.in.negotiate_flags = &negotiate_flags;
294         r3.out.negotiate_flags = &negotiate_flags;
295         r3.out.rid = &rid;
296         
297         return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
298 }
299
300 static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
301                                          struct netr_ServerAuthenticate2 *r)
302 {
303         struct netr_ServerAuthenticate3 r3;
304         uint32 rid = 0;
305
306         r3.in.server_name = r->in.server_name;
307         r3.in.account_name = r->in.account_name;
308         r3.in.secure_channel_type = r->in.secure_channel_type;
309         r3.in.computer_name = r->in.computer_name;
310         r3.in.credentials = r->in.credentials;
311         r3.out.credentials = r->out.credentials;
312         r3.in.negotiate_flags = r->in.negotiate_flags;
313         r3.out.negotiate_flags = r->out.negotiate_flags;
314         r3.out.rid = &rid;
315         
316         return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
317 }
318
319
320 static BOOL netr_creds_server_step_check(struct server_pipe_state *pipe_state,
321                                          struct netr_Authenticator *received_authenticator,
322                                          struct netr_Authenticator *return_authenticator) 
323 {
324         if (!pipe_state->authenticated) {
325                 return False;
326         }
327         return creds_server_step_check(pipe_state->creds, 
328                                        received_authenticator, 
329                                        return_authenticator);
330 }
331
332
333 static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
334                                        struct netr_ServerPasswordSet *r)
335 {
336         struct server_pipe_state *pipe_state = dce_call->conn->private;
337
338         void *sam_ctx;
339         int num_records;
340         int num_records_domain;
341         int ret;
342         struct ldb_message **msgs;
343         struct ldb_message **msgs_domain;
344         NTSTATUS nt_status;
345         struct ldb_message mod, *msg_set_pw = &mod;
346         const char *domain_dn;
347         const char *domain_sid;
348
349         const char *attrs[] = {"objectSid", NULL };
350
351         const char **domain_attrs = attrs;
352         ZERO_STRUCT(mod);
353
354         if (!pipe_state) {
355                 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
356                 return NT_STATUS_ACCESS_DENIED;
357         }
358
359         if (!netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator)) {
360                 return NT_STATUS_ACCESS_DENIED;
361         }
362
363         sam_ctx = samdb_connect(mem_ctx);
364         if (sam_ctx == NULL) {
365                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
366         }
367         /* pull the user attributes */
368         num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
369                                    "(&(sAMAccountName=%s)(objectclass=user))", 
370                                    pipe_state->account_name);
371
372         if (num_records == 0) {
373                 DEBUG(3,("Couldn't find user [%s] in samdb.\n", 
374                          pipe_state->account_name));
375                 return NT_STATUS_NO_SUCH_USER;
376         }
377
378         if (num_records > 1) {
379                 DEBUG(0,("Found %d records matching user [%s]\n", num_records, 
380                          pipe_state->account_name));
381                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
382         }
383
384         domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
385         if (!domain_sid) {
386                 DEBUG(0,("no objectSid in user record\n"));
387                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
388         }
389
390         /* find the domain's DN */
391         num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL, 
392                                           &msgs_domain, domain_attrs,
393                                           "(&(objectSid=%s)(objectclass=domain))", 
394                                           domain_sid);
395
396         if (num_records_domain == 0) {
397                 DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", 
398                          domain_sid));
399                 return NT_STATUS_NO_SUCH_USER;
400         }
401
402         if (num_records_domain > 1) {
403                 DEBUG(0,("Found %d records matching domain [%s]\n", 
404                          num_records_domain, domain_sid));
405                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
406         }
407
408         domain_dn = msgs_domain[0]->dn;
409         
410         mod.dn = talloc_strdup(mem_ctx, msgs[0]->dn);
411         if (!mod.dn) {
412                 return NT_STATUS_NO_MEMORY;
413         }
414         
415         creds_des_decrypt(pipe_state->creds, &r->in.new_password);
416
417         /* set the password - samdb needs to know both the domain and user DNs,
418            so the domain password policy can be used */
419         nt_status = samdb_set_password(sam_ctx, mem_ctx,
420                                        msgs[0]->dn, domain_dn,
421                                        msg_set_pw, 
422                                        NULL, /* Don't have plaintext */
423                                        NULL, &r->in.new_password,
424                                        False /* This is not considered a password change */,
425                                        NULL);
426         
427         if (!NT_STATUS_IS_OK(nt_status)) {
428                 return nt_status;
429         }
430
431         ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
432         if (ret != 0) {
433                 /* we really need samdb.c to return NTSTATUS */
434                 return NT_STATUS_UNSUCCESSFUL;
435         }
436
437         return NT_STATUS_OK;
438 }
439
440
441 /* 
442   netr_LogonUasLogon 
443 */
444 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
445                                  struct netr_LogonUasLogon *r)
446 {
447         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
448 }
449
450
451 /* 
452   netr_LogonUasLogoff 
453 */
454 static WERROR netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
455                        struct netr_LogonUasLogoff *r)
456 {
457         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
458 }
459
460
461 /* 
462   netr_LogonSamLogonWithFlags
463
464 */
465 static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
466                                             struct netr_LogonSamLogonWithFlags *r)
467 {
468         struct server_pipe_state *pipe_state = dce_call->conn->private;
469
470         struct auth_context *auth_context;
471         struct auth_usersupplied_info *user_info;
472         struct auth_serversupplied_info *server_info;
473         NTSTATUS nt_status;
474         const uint8_t *chal;
475         static const char zeros[16];
476         struct netr_SamBaseInfo *sam;
477         struct netr_SamInfo2 *sam2;
478         struct netr_SamInfo3 *sam3;
479         struct netr_SamInfo6 *sam6;
480         
481         if (!pipe_state) {
482                 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
483                 return NT_STATUS_ACCESS_DENIED;
484         }
485
486         r->out.return_authenticator = talloc_p(mem_ctx, struct netr_Authenticator);
487         if (!r->out.return_authenticator) {
488                 return NT_STATUS_NO_MEMORY;
489         }
490
491         if (!netr_creds_server_step_check(pipe_state, r->in.credential, r->out.return_authenticator)) {
492                 return NT_STATUS_ACCESS_DENIED;
493         }
494
495         switch (r->in.logon_level) {
496         case 1:
497         case 3:
498         case 5:
499                 creds_arcfour_crypt(pipe_state->creds, 
500                                     r->in.logon.password->lmpassword.hash, 
501                                     sizeof(r->in.logon.password->lmpassword.hash));
502                 creds_arcfour_crypt(pipe_state->creds, 
503                                     r->in.logon.password->ntpassword.hash, 
504                                     sizeof(r->in.logon.password->ntpassword.hash));
505
506                 nt_status = make_auth_context_subsystem(pipe_state, &auth_context);
507                 if (!NT_STATUS_IS_OK(nt_status)) {
508                         return nt_status;
509                 }
510
511                 chal = auth_context->get_ntlm_challenge(auth_context);
512                 nt_status = make_user_info_netlogon_interactive(auth_context, 
513                                                                 &user_info,
514                                                                 r->in.logon.password->identity_info.account_name.string,
515                                                                 r->in.logon.password->identity_info.domain_name.string,
516                                                                 r->in.logon.password->identity_info.workstation.string,
517                                                                 chal,
518                                                                 &r->in.logon.password->lmpassword,
519                                                                 &r->in.logon.password->ntpassword);
520                 break;
521                 
522         case 2:
523         case 6:
524                 nt_status = make_auth_context_fixed(pipe_state,
525                                                     &auth_context, r->in.logon.network->challenge);
526                 if (!NT_STATUS_IS_OK(nt_status)) {
527                         return nt_status;
528                 }
529
530                 nt_status = make_user_info_netlogon_network(auth_context,
531                                                             &user_info,
532                                                             r->in.logon.network->identity_info.account_name.string,
533                                                             r->in.logon.network->identity_info.domain_name.string,
534                                                             r->in.logon.network->identity_info.workstation.string,
535                                                             r->in.logon.network->lm.data, r->in.logon.network->lm.length,
536                                                             r->in.logon.network->nt.data, r->in.logon.network->nt.length);
537                 break;
538         default:
539                 free_auth_context(&auth_context);
540                 return NT_STATUS_INVALID_PARAMETER;
541         }
542         
543         if (!NT_STATUS_IS_OK(nt_status)) {
544                 return nt_status;
545         }
546
547         nt_status = auth_context->check_ntlm_password(auth_context,
548                                                       user_info, 
549                                                       mem_ctx,
550                                                       &server_info);
551
552         /* keep the auth_context for the life of this call */
553         talloc_steal(dce_call, auth_context);
554
555         if (!NT_STATUS_IS_OK(nt_status)) {
556                 return nt_status;
557         }
558
559         sam = talloc_p(mem_ctx, struct netr_SamBaseInfo);
560
561         ZERO_STRUCTP(sam);
562         
563         sam->last_logon = server_info->last_logon;
564         sam->last_logoff = server_info->last_logoff;
565         sam->acct_expiry = server_info->acct_expiry;
566         sam->last_password_change = server_info->last_password_change;
567         sam->allow_password_change = server_info->allow_password_change;
568         sam->force_password_change = server_info->force_password_change;
569         
570         sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
571         sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
572         sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script);
573         sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
574         sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
575         sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
576         
577         sam->logon_count = server_info->logon_count;
578         sam->bad_password_count = sam->bad_password_count;
579         sam->rid = server_info->user_sid->sub_auths[server_info->user_sid->num_auths-1];
580         sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
581         sam->group_count = 0;
582         sam->groupids = NULL;
583         sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
584         sam->acct_flags = server_info->acct_flags;      
585         sam->logon_server.string = lp_netbios_name();
586         
587         sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
588         
589         sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
590         sam->domain_sid->num_auths--;
591
592         if (server_info->user_session_key.length == sizeof(sam->key.key)) {
593                 memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
594         } else {
595                 ZERO_STRUCT(sam->key.key);
596         }
597         
598         /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
599         /* It appears that level 6 is not individually encrypted */
600         if ((r->in.validation_level != 6) 
601             && memcmp(sam->key.key, zeros,  
602                       sizeof(sam->key.key)) != 0) {
603                 creds_arcfour_crypt(pipe_state->creds, 
604                                     sam->key.key, 
605                                     sizeof(sam->key.key));
606         }
607         
608         if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
609                 memcpy(sam->LMSessKey.key, server_info->lm_session_key.data, 
610                        sizeof(sam->LMSessKey.key));
611         } else {
612                 ZERO_STRUCT(sam->LMSessKey.key);
613         }
614         
615         /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
616         /* It appears that level 6 is not individually encrypted */
617         if ((r->in.validation_level != 6) 
618             && memcmp(sam->LMSessKey.key, zeros,  
619                       sizeof(sam->LMSessKey.key)) != 0) {
620                 creds_arcfour_crypt(pipe_state->creds, 
621                                     sam->LMSessKey.key, 
622                                     sizeof(sam->LMSessKey.key));
623         }
624
625         switch (r->in.validation_level) {
626         case 2:
627                 sam2 = talloc_p(mem_ctx, struct netr_SamInfo2);
628                 ZERO_STRUCTP(sam2);
629                 sam2->base = *sam;
630                 r->out.validation.sam2 = sam2;
631                 break;
632
633         case 3:
634                 sam3 = talloc_p(mem_ctx, struct netr_SamInfo3);
635                 ZERO_STRUCTP(sam3);
636                 sam3->base = *sam;
637                 r->out.validation.sam3 = sam3;
638                 break;
639
640         case 6:
641                 sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
642                 ZERO_STRUCTP(sam6);
643                 sam6->base = *sam;
644                 sam6->forest.string = lp_realm();
645                 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", 
646                                                          sam->account_name.string, sam6->forest.string);
647                 r->out.validation.sam6 = sam6;
648                 break;
649
650         default:
651                 break;
652         }
653
654         r->out.authoritative = 1;
655
656         return NT_STATUS_OK;
657 }
658
659 /* 
660   netr_LogonSamLogon
661 */
662 static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
663                                    struct netr_LogonSamLogon *r)
664 {
665         struct netr_LogonSamLogonWithFlags r2;
666         NTSTATUS status;
667
668         ZERO_STRUCT(r2);
669
670         r2.in.server_name = r->in.server_name;
671         r2.in.workstation = r->in.workstation;
672         r2.in.credential  = r->in.credential;
673         r2.in.return_authenticator = r->in.return_authenticator;
674         r2.in.logon_level = r->in.logon_level;
675         r2.in.logon = r->in.logon;
676         r2.in.validation_level = r->in.validation_level;
677         r2.in.flags = 0;
678
679         status = netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
680
681         r->out.return_authenticator = r2.out.return_authenticator;
682         r->out.validation = r2.out.validation;
683         r->out.authoritative = r2.out.authoritative;
684
685         return status;
686 }
687
688
689 /* 
690   netr_LogonSamLogoff 
691 */
692 static NTSTATUS netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
693                        struct netr_LogonSamLogoff *r)
694 {
695         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
696 }
697
698
699
700 /* 
701   netr_DatabaseDeltas 
702 */
703 static NTSTATUS netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
704                        struct netr_DatabaseDeltas *r)
705 {
706         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
707 }
708
709
710 /* 
711   netr_DatabaseSync 
712 */
713 static NTSTATUS netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
714                        struct netr_DatabaseSync *r)
715 {
716         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
717 }
718
719
720 /* 
721   netr_AccountDeltas 
722 */
723 static NTSTATUS netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
724                        struct netr_AccountDeltas *r)
725 {
726         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
727 }
728
729
730 /* 
731   netr_AccountSync 
732 */
733 static NTSTATUS netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
734                        struct netr_AccountSync *r)
735 {
736         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
737 }
738
739
740 /* 
741   netr_GetDcName 
742 */
743 static NTSTATUS netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
744                        struct netr_GetDcName *r)
745 {
746         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
747 }
748
749
750 /* 
751   netr_LogonControl 
752 */
753 static WERROR netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
754                        struct netr_LogonControl *r)
755 {
756         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
757 }
758
759
760 /* 
761   netr_GetAnyDCName 
762 */
763 static WERROR netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
764                        struct netr_GetAnyDCName *r)
765 {
766         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
767 }
768
769
770 /* 
771   netr_LogonControl2 
772 */
773 static WERROR netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
774                        struct netr_LogonControl2 *r)
775 {
776         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
777 }
778
779
780 /* 
781   netr_DatabaseSync2 
782 */
783 static NTSTATUS netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
784                        struct netr_DatabaseSync2 *r)
785 {
786         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
787 }
788
789
790 /* 
791   netr_DatabaseRedo 
792 */
793 static NTSTATUS netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
794                        struct netr_DatabaseRedo *r)
795 {
796         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
797 }
798
799
800 /* 
801   netr_LogonControl2Ex 
802 */
803 static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
804                        struct netr_LogonControl2Ex *r)
805 {
806         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
807 }
808
809
810 /* 
811   netr_NETRENUMERATETRUSTEDDOMAINS 
812 */
813 static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
814                        struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
815 {
816         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
817 }
818
819
820 /* 
821   netr_DSRGETDCNAME 
822 */
823 static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
824                        struct netr_DSRGETDCNAME *r)
825 {
826         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
827 }
828
829
830 /* 
831   netr_NETRLOGONDUMMYROUTINE1 
832 */
833 static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
834                        struct netr_NETRLOGONDUMMYROUTINE1 *r)
835 {
836         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
837 }
838
839
840 /* 
841   netr_NETRLOGONSETSERVICEBITS 
842 */
843 static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
844                        struct netr_NETRLOGONSETSERVICEBITS *r)
845 {
846         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
847 }
848
849
850 /* 
851   netr_NETRLOGONGETTRUSTRID 
852 */
853 static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
854                        struct netr_NETRLOGONGETTRUSTRID *r)
855 {
856         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
857 }
858
859
860 /* 
861   netr_NETRLOGONCOMPUTESERVERDIGEST 
862 */
863 static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
864                        struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
865 {
866         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
867 }
868
869
870 /* 
871   netr_NETRLOGONCOMPUTECLIENTDIGEST 
872 */
873 static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
874                        struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
875 {
876         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
877 }
878
879
880 /* 
881   netr_DSRGETDCNAMEX 
882 */
883 static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
884                        struct netr_DSRGETDCNAMEX *r)
885 {
886         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
887 }
888
889
890 /* 
891   netr_DSRGETSITENAME 
892 */
893 static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
894                        struct netr_DSRGETSITENAME *r)
895 {
896         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
897 }
898
899
900 /*
901   fill in a netr_DomainTrustInfo from a ldb search result
902 */
903 static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res,
904                                        struct netr_DomainTrustInfo *info)
905 {
906         ZERO_STRUCTP(info);
907         
908         info->domainname.string = samdb_result_string(res, "flatName", NULL);
909         if (info->domainname.string == NULL) {
910                 info->domainname.string = samdb_result_string(res, "name", NULL);
911                 info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL);
912         } else {
913                 info->fulldomainname.string = samdb_result_string(res, "name", NULL);
914         }
915
916         /* TODO: we need proper forest support */
917         info->forest.string = info->fulldomainname.string;
918
919         info->guid = samdb_result_guid(res, "objectGUID");
920         info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
921
922         return NT_STATUS_OK;
923 }
924
925 /* 
926   netr_LogonGetDomainInfo
927   this is called as part of the ADS domain logon procedure.
928 */
929 static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
930                                         struct netr_LogonGetDomainInfo *r)
931 {
932         struct server_pipe_state *pipe_state = dce_call->conn->private;
933         const char * const attrs[] = { "name", "dnsDomain", "objectSid", 
934                                        "objectGUID", "flatName", NULL };
935         void *sam_ctx;
936         struct ldb_message **res1, **res2;
937         struct netr_DomainInfo1 *info1;
938         int ret1, ret2, i;
939         NTSTATUS status;
940
941         if (!pipe_state) {
942                 return NT_STATUS_ACCESS_DENIED;
943         }
944
945         if (!netr_creds_server_step_check(pipe_state, 
946                                           r->in.credential, r->out.credential)) {
947                 return NT_STATUS_ACCESS_DENIED;
948         }
949
950         sam_ctx = samdb_connect(mem_ctx);
951         if (sam_ctx == NULL) {
952                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
953         }
954
955         /* we need to do two searches. The first will pull our primary
956            domain and the second will pull any trusted domains. Our
957            primary domain is also a "trusted" domain, so we need to
958            put the primary domain into the lists of returned trusts as
959            well */
960         ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
961         if (ret1 != 1) {
962                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
963         }
964
965         ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
966         if (ret2 == -1) {
967                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
968         }
969
970         info1 = talloc_p(mem_ctx, struct netr_DomainInfo1);
971         if (info1 == NULL) {
972                 return NT_STATUS_NO_MEMORY;
973         }
974
975         ZERO_STRUCTP(info1);
976
977         info1->num_trusts = ret2 + 1;
978         info1->trusts = talloc_array_p(mem_ctx, struct netr_DomainTrustInfo, 
979                                        info1->num_trusts);
980         if (info1->trusts == NULL) {
981                 return NT_STATUS_NO_MEMORY;
982         }
983
984         status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo);
985         if (!NT_STATUS_IS_OK(status)) {
986                 return status;
987         }
988
989         status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0]);
990         if (!NT_STATUS_IS_OK(status)) {
991                 return status;
992         }
993
994         for (i=0;i<ret2;i++) {
995                 status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1]);
996                 if (!NT_STATUS_IS_OK(status)) {
997                         return status;
998                 }
999         }
1000
1001         r->out.info.info1 = info1;
1002
1003         return NT_STATUS_OK;
1004 }
1005
1006
1007 /* 
1008   netr_NETRSERVERPASSWORDSET2 
1009 */
1010 static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1011                        struct netr_NETRSERVERPASSWORDSET2 *r)
1012 {
1013         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1014 }
1015
1016
1017 /* 
1018   netr_NETRSERVERPASSWORDGET 
1019 */
1020 static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1021                        struct netr_NETRSERVERPASSWORDGET *r)
1022 {
1023         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1024 }
1025
1026
1027 /* 
1028   netr_NETRLOGONSENDTOSAM 
1029 */
1030 static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1031                        struct netr_NETRLOGONSENDTOSAM *r)
1032 {
1033         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1034 }
1035
1036
1037 /* 
1038   netr_DSRADDRESSTOSITENAMESW 
1039 */
1040 static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1041                        struct netr_DSRADDRESSTOSITENAMESW *r)
1042 {
1043         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1044 }
1045
1046
1047 /* 
1048   netr_DrsGetDCNameEx2
1049 */
1050 static WERROR netr_DrsGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1051                        struct netr_DrsGetDCNameEx2 *r)
1052 {
1053         const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
1054         void *sam_ctx;
1055         struct ldb_message **res;
1056         int ret;
1057
1058         ZERO_STRUCT(r->out);
1059
1060         sam_ctx = samdb_connect(mem_ctx);
1061         if (sam_ctx == NULL) {
1062                 return WERR_DS_SERVICE_UNAVAILABLE;
1063         }
1064
1065         ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
1066                                 "(&(objectClass=domainDNS)(dnsDomain=%s))",
1067                                 r->in.domain_name);
1068         if (ret != 1) {
1069                 return WERR_NO_SUCH_DOMAIN;
1070         }
1071
1072         r->out.info = talloc_p(mem_ctx, struct netr_DrsGetDCNameEx2Info);
1073         if (!r->out.info) {
1074                 return WERR_NOMEM;
1075         }
1076
1077         /* TODO: - return real IP address
1078          *       - check all r->in.* parameters (server_unc is ignored by w2k3!)
1079          */
1080         r->out.info->dc_unc             = talloc_asprintf(mem_ctx, "\\\\%s.%s", lp_netbios_name(),lp_realm());
1081         r->out.info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
1082         r->out.info->dc_address_type    = 1;
1083         r->out.info->domain_guid        = samdb_result_guid(res[0], "objectGUID");
1084         r->out.info->domain_name        = samdb_result_string(res[0], "dnsDomain", NULL);
1085         r->out.info->forest_name        = samdb_result_string(res[0], "dnsDomain", NULL);
1086         r->out.info->dc_flags           = 0xE00001FD;
1087         r->out.info->dc_site_name       = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1088         r->out.info->client_site_name   = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1089
1090         return WERR_OK;
1091 }
1092
1093
1094 /* 
1095   netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN 
1096 */
1097 static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1098                        struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1099 {
1100         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1101 }
1102
1103
1104 /* 
1105   netr_NETRENUMERATETRUSTEDDOMAINSEX 
1106 */
1107 static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1108                        struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
1109 {
1110         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1111 }
1112
1113
1114 /* 
1115   netr_DSRADDRESSTOSITENAMESEXW 
1116 */
1117 static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1118                        struct netr_DSRADDRESSTOSITENAMESEXW *r)
1119 {
1120         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1121 }
1122
1123
1124 /* 
1125   netr_DSRGETDCSITECOVERAGEW 
1126 */
1127 static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1128                        struct netr_DSRGETDCSITECOVERAGEW *r)
1129 {
1130         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1131 }
1132
1133
1134 /* 
1135   netr_LogonSamLogonEx
1136 */
1137 static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1138                        struct netr_LogonSamLogonEx *r)
1139 {
1140         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1141 }
1142
1143
1144 /* 
1145   netr_DsrEnumerateDomainTrusts 
1146 */
1147 static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1148                                               struct netr_DsrEnumerateDomainTrusts *r)
1149 {
1150         struct netr_DomainTrust *trusts;
1151         void *sam_ctx;
1152         int ret, i;
1153         struct ldb_message **res;
1154         const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL };
1155
1156         ZERO_STRUCT(r->out);
1157
1158         sam_ctx = samdb_connect(mem_ctx);
1159         if (sam_ctx == NULL) {
1160                 return WERR_GENERAL_FAILURE;
1161         }
1162
1163         ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
1164         if (ret == -1) {
1165                 return WERR_GENERAL_FAILURE;            
1166         }
1167
1168         if (ret == 0) {
1169                 return WERR_OK;
1170         }
1171
1172         trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret);
1173         if (trusts == NULL) {
1174                 return WERR_NOMEM;
1175         }
1176         
1177         r->out.count = ret;
1178         r->out.trusts = trusts;
1179
1180         /* TODO: add filtering by trust_flags, and correct trust_type
1181            and attributes */
1182         for (i=0;i<ret;i++) {
1183                 trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL);
1184                 trusts[i].dns_name     = samdb_result_string(res[i], "dnsDomain", NULL);
1185                 trusts[i].trust_flags = 
1186                         NETR_TRUST_FLAG_TREEROOT | 
1187                         NETR_TRUST_FLAG_IN_FOREST | 
1188                         NETR_TRUST_FLAG_PRIMARY;
1189                 trusts[i].parent_index = 0;
1190                 trusts[i].trust_type = 2;
1191                 trusts[i].trust_attributes = 0;
1192                 trusts[i].sid  = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
1193                 trusts[i].guid = samdb_result_guid(res[i], "objectGUID");
1194         }
1195         
1196
1197         return WERR_OK;
1198 }
1199
1200
1201 /* 
1202   netr_DSRDEREGISTERDNSHOSTRECORDS 
1203 */
1204 static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1205                        struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
1206 {
1207         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1208 }
1209
1210
1211 /* 
1212   netr_NETRSERVERTRUSTPASSWORDSGET 
1213 */
1214 static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1215                        struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
1216 {
1217         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1218 }
1219
1220
1221 /* 
1222   netr_DSRGETFORESTTRUSTINFORMATION 
1223 */
1224 static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1225                        struct netr_DSRGETFORESTTRUSTINFORMATION *r)
1226 {
1227         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1228 }
1229
1230
1231 /* 
1232   netr_NETRGETFORESTTRUSTINFORMATION 
1233 */
1234 static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1235                        struct netr_NETRGETFORESTTRUSTINFORMATION *r)
1236 {
1237         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1238 }
1239
1240
1241 /* 
1242   netr_NETRSERVERGETTRUSTINFO 
1243 */
1244 static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1245                        struct netr_NETRSERVERGETTRUSTINFO *r)
1246 {
1247         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1248 }
1249
1250
1251 /* include the generated boilerplate */
1252 #include "librpc/gen_ndr/ndr_netlogon_s.c"