#include "rpc_server/common/common.h"
#include "lib/ldb/include/ldb.h"
#include "auth/auth.h"
-#include "auth/auth_sam.h"
+#include "auth/auth_sam_reply.h"
#include "dsdb/samdb/samdb.h"
#include "rpc_server/samr/proto.h"
-#include "db_wrap.h"
+#include "util/util_ldb.h"
#include "libcli/auth/libcli_auth.h"
#include "auth/gensec/schannel_state.h"
#include "libcli/security/security.h"
+#include "param/param.h"
struct server_pipe_state {
struct netr_Credential client_challenge;
return NT_STATUS_ACCESS_DENIED;
}
- sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx,
+ system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
creds->account_name = talloc_steal(creds, r->in.account_name);
creds->computer_name = talloc_steal(creds, r->in.computer_name);
- creds->domain = talloc_strdup(creds, lp_workgroup());
+ creds->domain = talloc_strdup(creds, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx));
creds->secure_channel_type = r->in.secure_channel_type;
/* remember this session key state */
- nt_status = schannel_store_session_key(mem_ctx, creds);
+ nt_status = schannel_store_session_key(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, creds);
return nt_status;
}
the caller needs some of that information.
*/
-static NTSTATUS dcesrv_netr_creds_server_step_check(const char *computer_name,
+static NTSTATUS dcesrv_netr_creds_server_step_check(struct loadparm_context *lp_ctx,
+ const char *computer_name,
TALLOC_CTX *mem_ctx,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator,
struct ldb_context *ldb;
int ret;
- ldb = schannel_db_connect(mem_ctx);
+ ldb = schannel_db_connect(mem_ctx, lp_ctx);
if (!ldb) {
return NT_STATUS_ACCESS_DENIED;
}
* disconnects) we must update the database every time we
* update the structure */
- nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name, lp_workgroup(),
+ nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
+ lp_workgroup(lp_ctx),
&creds);
if (NT_STATUS_IS_OK(nt_status)) {
nt_status = creds_server_step_check(creds,
struct ldb_context *sam_ctx;
NTSTATUS nt_status;
- nt_status = dcesrv_netr_creds_server_step_check(r->in.computer_name, mem_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call->conn->dce_ctx->lp_ctx,
+ r->in.computer_name, mem_ctx,
&r->in.credential, &r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
creds->sid,
NULL, /* Don't have plaintext */
NULL, &r->in.new_password,
- False, /* This is not considered a password change */
+ false, /* This is not considered a password change */
NULL, NULL);
return nt_status;
}
NTSTATUS nt_status;
char new_pass[512];
uint32_t new_pass_len;
- BOOL ret;
+ bool ret;
struct samr_CryptPassword password_buf;
- nt_status = dcesrv_netr_creds_server_step_check(r->in.computer_name, mem_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call->conn->dce_ctx->lp_ctx,
+ r->in.computer_name, mem_ctx,
&r->in.credential, &r->out.return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
creds->sid,
new_pass, /* we have plaintext */
NULL, NULL,
- False, /* This is not considered a password change */
+ false, /* This is not considered a password change */
NULL, NULL);
return nt_status;
}
NT_STATUS_HAVE_NO_MEMORY(user_info);
user_info->flags = 0;
- user_info->mapped_state = False;
+ user_info->mapped_state = false;
user_info->remote_host = NULL;
switch (r->in.logon_level) {
/* TODO: we need to deny anonymous access here */
nt_status = auth_context_create(mem_ctx,
dce_call->event_ctx, dce_call->msg_ctx,
+ dce_call->conn->dce_ctx->lp_ctx,
&auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
/* TODO: we need to deny anonymous access here */
nt_status = auth_context_create(mem_ctx,
dce_call->event_ctx, dce_call->msg_ctx,
+ dce_call->conn->dce_ctx->lp_ctx,
&auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
NT_STATUS_HAVE_NO_MEMORY(sam6);
sam6->base = *sam;
- sam6->forest.string = lp_realm();
+ sam6->forest.string = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
sam->account_name.string, sam6->forest.string);
NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
{
NTSTATUS nt_status;
struct creds_CredentialState *creds;
- nt_status = schannel_fetch_session_key(mem_ctx, r->in.computer_name, lp_workgroup(), &creds);
+ nt_status = schannel_fetch_session_key(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx), &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
- nt_status = dcesrv_netr_creds_server_step_check(r->in.computer_name, mem_ctx,
+ nt_status = dcesrv_netr_creds_server_step_check(dce_call->conn->dce_ctx->lp_ctx,
+ r->in.computer_name, mem_ctx,
r->in.credential, return_authenticator,
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
static NTSTATUS dcesrv_netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DatabaseSync *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
+ return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS dcesrv_netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DatabaseSync2 *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
+ return NT_STATUS_NOT_IMPLEMENTED;
}
/*
- netr_NETRENUMERATETRUSTEDDOMAINS
+ netr_NetrEnumerateTurstedDomains
*/
-static WERROR dcesrv_netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
+static WERROR dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NetrEnumerateTrustedDomains *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
struct ldb_message *res,
struct ldb_message *ref_res,
struct netr_DomainTrustInfo *info,
- BOOL is_local)
+ bool is_local)
{
ZERO_STRUCTP(info);
/*
netr_LogonGetDomainInfo
this is called as part of the ADS domain logon procedure.
+
+ It has an important role in convaying details about the client, such
+ as Operating System, Version, Service Pack etc.
*/
static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_LogonGetDomainInfo *r)
const char *local_domain;
- status = dcesrv_netr_creds_server_step_check(r->in.computer_name, mem_ctx,
+ status = dcesrv_netr_creds_server_step_check(dce_call->conn->dce_ctx->lp_ctx,
+ r->in.computer_name, mem_ctx,
r->in.credential,
r->out.return_authenticator,
NULL);
NT_STATUS_NOT_OK_RETURN(status);
- sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
info1->num_trusts);
NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
- status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, True);
+ status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true);
NT_STATUS_NOT_OK_RETURN(status);
for (i=0;i<ret2;i++) {
- status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], False);
+ status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], false);
NT_STATUS_NOT_OK_RETURN(status);
}
- status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], True);
+ status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true);
NT_STATUS_NOT_OK_RETURN(status);
r->out.info.info1 = info1;
-/*
- netr_NETRSERVERPASSWORDGET
+/*
+ netr_ServerPasswordGet
*/
-static WERROR dcesrv_netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_NETRSERVERPASSWORDGET *r)
+static WERROR dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_ServerPasswordGet *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
- netr_DSRADDRESSTOSITENAMESW
+ netr_DsRAddressToSitenamesW
*/
-static WERROR dcesrv_netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_DSRADDRESSTOSITENAMESW *r)
+static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DsRAddressToSitenamesW *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
void *sam_ctx;
struct ldb_message **res;
+ struct ldb_dn *domain_dn;
int ret;
ZERO_STRUCT(r->out);
- sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return WERR_DS_SERVICE_UNAVAILABLE;
}
- ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs,
- "(&(objectClass=domainDNS)(dnsDomain=%s))",
- r->in.domain_name);
+ domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
+ r->in.domain_name);
+ if (domain_dn == NULL) {
+ return WERR_DS_SERVICE_UNAVAILABLE;
+ }
+
+ ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
if (ret != 1) {
return WERR_NO_SUCH_DOMAIN;
}
/* TODO: - return real IP address
* - check all r->in.* parameters (server_unc is ignored by w2k3!)
*/
- r->out.info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s", lp_netbios_name(),lp_realm());
+ r->out.info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s",
+ lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
+ lp_realm(dce_call->conn->dce_ctx->lp_ctx));
W_ERROR_HAVE_NO_MEMORY(r->out.info->dc_unc);
r->out.info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
W_ERROR_HAVE_NO_MEMORY(r->out.info->dc_address);
}
-/*
- netr_NETRENUMERATETRUSTEDDOMAINSEX
+/*
+ netr_NetrEnumerateTrustedDomainsEx
*/
-static WERROR dcesrv_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
+static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_NetrEnumerateTrustedDomainsEx *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
/*
- netr_DSRADDRESSTOSITENAMESEXW
+ netr_DsRAddressToSitenamesExW
*/
-static WERROR dcesrv_netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_DSRADDRESSTOSITENAMESEXW *r)
+static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DsRAddressToSitenamesExW *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
ZERO_STRUCT(r->out);
- sam_ctx = samdb_connect(mem_ctx, dce_call->conn->auth_state.session_info);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
if (sam_ctx == NULL) {
return WERR_GENERAL_FAILURE;
}
}
-/*
- netr_NETRSERVERTRUSTPASSWORDSGET
+/*
+ netr_ServerTrustPasswordsGet
*/
-static WERROR dcesrv_netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
+static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_ServerTrustPasswordsGet *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}
}
-/*
- netr_NETRGETFORESTTRUSTINFORMATION
+/*
+ netr_GetForestTrustInformation
*/
-static WERROR dcesrv_netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_NETRGETFORESTTRUSTINFORMATION *r)
+static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_GetForestTrustInformation *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
}