#include "param/param.h"
#include "lib/messaging/irpc.h"
#include "librpc/gen_ndr/ndr_irpc.h"
+#include "cldap_server/cldap_server.h"
+#include "lib/tsocket/tsocket.h"
struct netlogon_server_pipe_state {
struct netr_Credential client_challenge;
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
nt_status = schannel_save_creds_state(mem_ctx,
- lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
- lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
creds);
return nt_status;
{
NTSTATUS nt_status;
struct dcerpc_auth *auth_info = dce_call->conn->auth_state.auth_info;
- bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
+ bool schannel_global_required = false; /* Should be lpcfg_schannel_server() == true */
if (schannel_global_required) {
nt_status = schannel_check_required(auth_info,
}
nt_status = schannel_check_creds_state(mem_ctx,
- lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
- lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
computer_name,
received_authenticator,
return_authenticator,
struct netr_SamInfo3 *sam3;
struct netr_SamInfo6 *sam6;
- user_info = talloc(mem_ctx, struct auth_usersupplied_info);
+ user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
NT_STATUS_HAVE_NO_MEMORY(user_info);
- user_info->flags = 0;
- user_info->mapped_state = false;
- user_info->remote_host = NULL;
-
switch (r->in.logon_level) {
case NetlogonInteractiveInformation:
case NetlogonServiceInformation:
nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ switch (r->in.validation_level) {
+ case 2:
+ nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
+ NT_STATUS_HAVE_NO_MEMORY(sam2);
+ sam2->base = *sam;
+
+ /* And put into the talloc tree */
+ talloc_steal(sam2, sam);
+ r->out.validation->sam2 = sam2;
+
+ sam = &sam2->base;
+ break;
+
+ case 3:
+ nt_status = auth_convert_server_info_saminfo3(mem_ctx,
+ server_info,
+ &sam3);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ r->out.validation->sam3 = sam3;
+
+ sam = &sam3->base;
+ break;
+
+ case 6:
+ nt_status = auth_convert_server_info_saminfo3(mem_ctx,
+ server_info,
+ &sam3);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
+ NT_STATUS_HAVE_NO_MEMORY(sam6);
+ sam6->base = sam3->base;
+ sam = &sam6->base;
+ sam6->sidcount = sam3->sidcount;
+ sam6->sids = sam3->sids;
+
+ sam6->dns_domainname.string = lpcfg_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
+ sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
+ sam->account_name.string, sam6->dns_domainname.string);
+ NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
+ /* And put into the talloc tree */
+ talloc_steal(sam6, sam3);
+
+ r->out.validation->sam6 = sam6;
+ break;
+
+ default:
+ break;
+ }
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
/* It appears that level 6 is not individually encrypted */
}
}
- switch (r->in.validation_level) {
- case 2:
- sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
- NT_STATUS_HAVE_NO_MEMORY(sam2);
- sam2->base = *sam;
- r->out.validation->sam2 = sam2;
- break;
-
- case 3:
- sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
- NT_STATUS_HAVE_NO_MEMORY(sam3);
- sam3->base = *sam;
- r->out.validation->sam3 = sam3;
- break;
-
- case 6:
- sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
- NT_STATUS_HAVE_NO_MEMORY(sam6);
- sam6->base = *sam;
- sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
- sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
- sam->account_name.string, sam6->forest.string);
- NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
- r->out.validation->sam6 = sam6;
- break;
-
- default:
- break;
- }
-
*r->out.authoritative = 1;
/* TODO: Describe and deal with these flags */
struct netlogon_creds_CredentialState *creds;
nt_status = schannel_get_creds_state(mem_ctx,
- lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx),
- lp_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
* - check all r->in.* parameters (server_unc is ignored by w2k3!)
*/
dcname = talloc_asprintf(mem_ctx, "\\\\%s",
- lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx));
+ lpcfg_netbios_name(dce_call->conn->dce_ctx->lp_ctx));
W_ERROR_HAVE_NO_MEMORY(dcname);
*r->out.dcname = dcname;
return werr;
}
+static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ struct netr_DomainTrustList *trusts,
+ uint32_t trust_flags);
/*
netr_GetAnyDCName
static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_GetAnyDCName *r)
{
- struct netr_GetDcName r2;
+ struct netr_DomainTrustList *trusts;
+ struct ldb_context *sam_ctx;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ uint32_t i;
WERROR werr;
- ZERO_STRUCT(r2);
+ *r->out.dcname = NULL;
- r2.in.logon_server = r->in.logon_server;
- r2.in.domainname = r->in.domainname;
- r2.out.dcname = r->out.dcname;
+ if ((r->in.domainname == NULL) || (r->in.domainname[0] == '\0')) {
+ /* if the domainname parameter wasn't set assume our domain */
+ r->in.domainname = lpcfg_workgroup(lp_ctx);
+ }
- werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, &r2);
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
- return werr;
+ if (strcasecmp(r->in.domainname, lpcfg_workgroup(lp_ctx)) == 0) {
+ /* well we asked for a DC of our own domain */
+ if (samdb_is_pdc(sam_ctx)) {
+ /* we are the PDC of the specified domain */
+ return WERR_NO_SUCH_DOMAIN;
+ }
+
+ *r->out.dcname = talloc_asprintf(mem_ctx, "\\%s",
+ lpcfg_netbios_name(lp_ctx));
+ W_ERROR_HAVE_NO_MEMORY(*r->out.dcname);
+
+ return WERR_OK;
+ }
+
+ /* Okay, now we have to consider the trusted domains */
+
+ trusts = talloc_zero(mem_ctx, struct netr_DomainTrustList);
+ W_ERROR_HAVE_NO_MEMORY(trusts);
+
+ trusts->count = 0;
+
+ werr = fill_trusted_domains_array(mem_ctx, sam_ctx, trusts,
+ NETR_TRUST_FLAG_INBOUND
+ | NETR_TRUST_FLAG_OUTBOUND);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ for (i = 0; i < trusts->count; i++) {
+ if (strcasecmp(r->in.domainname, trusts->array[i].netbios_name) == 0) {
+ /* FIXME: Here we need to find a DC for the specified
+ * trusted domain. */
+
+ /* return WERR_OK; */
+ return WERR_NO_SUCH_DOMAIN;
+ }
+ }
+
+ return WERR_NO_SUCH_DOMAIN;
}
/*
- netr_NetrEnumerateTurstedDomains
+ netr_NetrEnumerateTrustedDomains
*/
-static WERROR dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+static NTSTATUS dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_NetrEnumerateTrustedDomains *r)
{
DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DsRGetSiteName *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct ldb_context *sam_ctx;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ *r->out.site = samdb_server_site_name(sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(*r->out.site);
+
+ return WERR_OK;
}
/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
info->dns_forestname.string = NULL;
} else {
- char *p;
- /* TODO: we need a common function for pulling the forest */
- info->dns_forestname.string = ldb_dn_canonical_string(info, ldb_get_root_basedn(sam_ctx));
- if (!info->dns_forestname.string) {
- return NT_STATUS_NO_SUCH_DOMAIN;
- }
- p = strchr(info->dns_forestname.string, '/');
- if (p) {
- *p = '\0';
- }
+ info->dns_forestname.string = samdb_forest_name(sam_ctx, mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(info->dns_forestname.string);
info->dns_forestname.string = talloc_asprintf(mem_ctx, "%s.", info->dns_forestname.string);
-
+ NT_STATUS_HAVE_NO_MEMORY(info->dns_forestname.string);
}
if (is_local) {
- info->domainname.string = lp_sam_name(lp_ctx);
- info->dns_domainname.string = lp_dnsdomain(lp_ctx);
+ info->domainname.string = lpcfg_workgroup(lp_ctx);
+ info->dns_domainname.string = lpcfg_dnsdomain(lp_ctx);
info->domain_guid = samdb_result_guid(res, "objectGUID");
info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
} else {
"securityIdentifier", "trustPartner", NULL };
const char * const attrs2[] = { "dNSHostName",
"msDS-SupportedEncryptionTypes", NULL };
- const char *temp_str;
+ const char *temp_str, *temp_str2;
const char *old_dns_hostname;
struct ldb_context *sam_ctx;
struct ldb_message **res1, **res2, **res3, *new_msg;
struct netr_LsaPolicyInformation *lsa_policy_info;
struct netr_OsVersionInfoEx *os_version;
uint32_t default_supported_enc_types = 0xFFFFFFFF;
- int ret1, ret2, ret3, i;
+ bool update_dns_hostname = true;
+ int ret, ret3, i;
NTSTATUS status;
status = dcesrv_netr_creds_server_step_check(dce_call,
NT_STATUS_NOT_OK_RETURN(status);
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
- dce_call->conn->dce_ctx->lp_ctx,
- system_session(dce_call->conn->dce_ctx->lp_ctx));
+ dce_call->conn->dce_ctx->lp_ctx,
+ system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
switch (r->in.level) {
case 1: /* Domain information */
- /* TODO: check NTSTATUS results - and fail also on SAMDB
- * errors (needs some testing against Windows Server 2008) */
+ if (r->in.query->workstation_info == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
/*
- * Check that the computer name parameter matches as prefix with
- * the DNS hostname in the workstation info structure.
+ * Checks that the computer name parameter without possible "$"
+ * matches as prefix with the DNS hostname in the workstation
+ * info structure.
*/
- temp_str = strndup(r->in.query->workstation_info->dns_hostname,
- strcspn(r->in.query->workstation_info->dns_hostname,
- "."));
- if (strcasecmp(r->in.computer_name, temp_str) != 0)
- return NT_STATUS_INVALID_PARAMETER;
+ temp_str = talloc_strndup(mem_ctx,
+ r->in.computer_name,
+ strcspn(r->in.computer_name, "$"));
+ NT_STATUS_HAVE_NO_MEMORY(temp_str);
+ temp_str2 = talloc_strndup(mem_ctx,
+ r->in.query->workstation_info->dns_hostname,
+ strcspn(r->in.query->workstation_info->dns_hostname, "."));
+ NT_STATUS_HAVE_NO_MEMORY(temp_str2);
+ if (strcasecmp(temp_str, temp_str2) != 0) {
+ update_dns_hostname = false;
+ }
+ /* Prepare the workstation DN */
workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
dom_sid_string(mem_ctx, creds->sid));
NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
/* Lookup for attributes in workstation object */
- ret1 = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
+ ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
&res1, attrs2);
- if (ret1 != 1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
old_dns_hostname = samdb_result_string(res1[0], "dNSHostName",
NULL);
- /* Gets host informations and put them in our directory */
- new_msg = ldb_msg_new(mem_ctx);
- NT_STATUS_HAVE_NO_MEMORY(new_msg);
-
- new_msg->dn = workstation_dn;
-
- /* Deletes old OS version values */
- samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
- "operatingSystemServicePack");
- samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
- "operatingSystemVersion");
-
- if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) {
- DEBUG(3,("Impossible to update samdb: %s\n",
- ldb_errstring(sam_ctx)));
+ /*
+ * Updates the DNS hostname when the client wishes that the
+ * server should handle this for him
+ * ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set). And this is
+ * obviously only checked when we do already have a
+ * "dNSHostName".
+ * See MS-NRPC section 3.5.4.3.9
+ */
+ if ((old_dns_hostname != NULL) &&
+ (r->in.query->workstation_info->workstation_flags
+ & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+ update_dns_hostname = false;
}
- talloc_free(new_msg);
+ /* Gets host informations and put them into our directory */
new_msg = ldb_msg_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(new_msg);
r->in.query->workstation_info->os_name.string);
/*
- * Sets informations from "os_version". On a empty structure
+ * Sets informations from "os_version". On an empty structure
* the values are cleared.
*/
if (r->in.query->workstation_info->os_version.os != NULL) {
os_version->BuildNumber
)
);
+ } else {
+ samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+ "operatingSystemServicePack");
+
+ samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+ "operatingSystemVersion");
}
/*
- * Updates the "dNSHostname" and the "servicePrincipalName"s
- * since the client wishes that the server should handle this
- * for him ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
- * See MS-NRPC section 3.5.4.3.9
+ * If the boolean "update_dns_hostname" remained true, then we
+ * are fine to start the update.
*/
- if ((r->in.query->workstation_info->workstation_flags
- & NETR_WS_FLAG_HANDLES_SPN_UPDATE) == 0) {
+ if (update_dns_hostname) {
samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
"dNSHostname",
r->in.query->workstation_info->dns_hostname);
primary domain is also a "trusted" domain, so we need to
put the primary domain into the lists of returned trusts as
well. */
- ret2 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
+ ret = gendb_search_dn(sam_ctx, mem_ctx, ldb_get_default_basedn(sam_ctx),
&res2, attrs);
- if (ret2 != 1) {
+ if (ret != 1) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
domain_info->lsa_policy = *lsa_policy_info;
- domain_info->dns_hostname.string = old_dns_hostname;
+ /* The DNS hostname is only returned back when there is a chance
+ * for a change. */
+ if ((r->in.query->workstation_info->workstation_flags
+ & NETR_WS_FLAG_HANDLES_SPN_UPDATE) != 0) {
+ domain_info->dns_hostname.string = old_dns_hostname;
+ } else {
+ domain_info->dns_hostname.string = NULL;
+ }
+
domain_info->workstation_flags =
r->in.query->workstation_info->workstation_flags;
}
-/*
- netr_DsRAddressToSitenamesW
-*/
-static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct netr_DsRAddressToSitenamesW *r)
-{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
-}
-
-
/*
netr_DsRGetDCNameEx2
*/
TALLOC_CTX *mem_ctx,
struct netr_DsRGetDCNameEx2 *r)
{
- const char * const attrs[] = { "objectGUID", NULL };
struct ldb_context *sam_ctx;
- struct ldb_message **res;
- struct ldb_dn *domain_dn;
- int ret;
struct netr_DsRGetDCNameInfo *info;
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ const struct tsocket_address *remote_address;
+ char *addr = NULL;
+ const char *server_site_name;
+ char *guid_str;
+ struct netlogon_samlogon_response response;
+ NTSTATUS status;
ZERO_STRUCTP(r->out.info);
return WERR_DS_UNAVAILABLE;
}
- /* Windows 7 sends the domain name in the form the user typed, so we
- * have to cope with both the short and long form here */
- if (r->in.domain_name != NULL &&
- !lp_is_my_domain_or_realm(lp_ctx, r->in.domain_name)) {
- return WERR_NO_SUCH_DOMAIN;
+ remote_address = dcesrv_connection_get_remote_address(dce_call->conn);
+ if (tsocket_address_is_inet(remote_address, "ip")) {
+ addr = tsocket_address_inet_addr_string(remote_address, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(addr);
}
- domain_dn = ldb_get_default_basedn(sam_ctx);
- if (domain_dn == NULL) {
- return WERR_DS_UNAVAILABLE;
+ /* "server_unc" is ignored by w2k3 */
+
+ /* Proof server site parameter "site_name" if it was specified */
+ server_site_name = samdb_server_site_name(sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(server_site_name);
+ if ((r->in.site_name != NULL) && (strcasecmp(r->in.site_name,
+ server_site_name) != 0)) {
+ return WERR_NO_SUCH_DOMAIN;
}
- ret = gendb_search_dn(sam_ctx, mem_ctx,
- domain_dn, &res, attrs);
- if (ret != 1) {
- return WERR_GENERAL_FAILURE;
+ /* TODO: the flags are ignored for now */
+
+ guid_str = r->in.domain_guid != NULL ?
+ GUID_string(mem_ctx, r->in.domain_guid) : NULL;
+
+ status = fill_netlogon_samlogon_response(sam_ctx, mem_ctx,
+ r->in.domain_name,
+ r->in.domain_name,
+ NULL, guid_str,
+ r->in.client_account,
+ r->in.mask, addr,
+ NETLOGON_NT_VERSION_5EX_WITH_IP,
+ lp_ctx, &response, true);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
}
info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
W_ERROR_HAVE_NO_MEMORY(info);
-
- /* TODO: - return real IP address
- * - check all r->in.* parameters
- * (server_unc is ignored by w2k3!)
- */
- info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s",
- lp_netbios_name(lp_ctx),
- lp_dnsdomain(lp_ctx));
+ info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s",
+ response.data.nt5_ex.pdc_dns_name);
W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
-
- info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
+ info->dc_address = talloc_asprintf(mem_ctx, "\\\\%s",
+ response.data.nt5_ex.sockaddr.pdc_ip);
W_ERROR_HAVE_NO_MEMORY(info->dc_address);
-
- info->dc_address_type = DS_ADDRESS_TYPE_INET;
- info->domain_guid = samdb_result_guid(res[0], "objectGUID");
- info->domain_name = lp_dnsdomain(lp_ctx);
- info->forest_name = lp_dnsdomain(lp_ctx);
- info->dc_flags = DS_DNS_FOREST_ROOT |
- DS_DNS_DOMAIN |
- DS_DNS_CONTROLLER |
- DS_SERVER_WRITABLE |
- DS_SERVER_CLOSEST |
- DS_SERVER_TIMESERV |
- DS_SERVER_KDC |
- DS_SERVER_DS |
- DS_SERVER_LDAP |
- DS_SERVER_GC |
- DS_SERVER_PDC;
-
- info->dc_site_name = samdb_server_site_name(sam_ctx, mem_ctx);
- W_ERROR_HAVE_NO_MEMORY(info->dc_site_name);
-
- /* FIXME: Hardcoded site name */
- info->client_site_name = talloc_strdup(mem_ctx,
- "Default-First-Site-Name");
- W_ERROR_HAVE_NO_MEMORY(info->client_site_name);
+ info->dc_address_type = DS_ADDRESS_TYPE_INET; /* TODO: make this dynamic? for ipv6 */
+ info->domain_guid = response.data.nt5_ex.domain_uuid;
+ info->domain_name = response.data.nt5_ex.dns_domain;
+ info->forest_name = response.data.nt5_ex.forest;
+ info->dc_flags = response.data.nt5_ex.server_type;
+ info->dc_site_name = response.data.nt5_ex.server_site;
+ info->client_site_name = response.data.nt5_ex.client_site;
*r->out.info = info;
static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DsRAddressToSitenamesExW *r)
{
+ struct ldb_context *sam_ctx;
struct netr_DsRAddressToSitenamesExWCtr *ctr;
- int i;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+ sa_family_t sin_family;
+ struct sockaddr_in *addr;
+#ifdef HAVE_IPV6
+ struct sockaddr_in6 *addr6;
+ char addr_str[INET6_ADDRSTRLEN];
+#else
+ char addr_str[INET_ADDRSTRLEN];
+#endif
+ char *subnet_name;
+ const char *res;
+ uint32_t i;
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
- /* we should map the provided IPs to site names, once we have
- * sites support
- */
ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr);
W_ERROR_HAVE_NO_MEMORY(ctr);
W_ERROR_HAVE_NO_MEMORY(ctr->subnetname);
for (i=0; i<ctr->count; i++) {
- /* FIXME: Hardcoded site name */
- ctr->sitename[i].string = "Default-First-Site-Name";
+ ctr->sitename[i].string = NULL;
ctr->subnetname[i].string = NULL;
+
+ if (r->in.addresses[i].size < sizeof(sa_family_t)) {
+ continue;
+ }
+ /* The first two byte of the buffer are reserved for the
+ * "sin_family" but for now only the first one is used. */
+ sin_family = r->in.addresses[i].buffer[0];
+
+ switch (sin_family) {
+ case AF_INET:
+ if (r->in.addresses[i].size < sizeof(struct sockaddr_in)) {
+ continue;
+ }
+ addr = (struct sockaddr_in *) r->in.addresses[i].buffer;
+ res = inet_ntop(AF_INET, &addr->sin_addr,
+ addr_str, sizeof(addr_str));
+ break;
+#ifdef HAVE_IPV6
+ case AF_INET6:
+ if (r->in.addresses[i].size < sizeof(struct sockaddr_in6)) {
+ continue;
+ }
+ addr6 = (struct sockaddr_in6 *) r->in.addresses[i].buffer;
+ res = inet_ntop(AF_INET6, &addr6->sin6_addr,
+ addr_str, sizeof(addr_str));
+ break;
+#endif
+ default:
+ continue;
+ }
+
+ if (res == NULL) {
+ continue;
+ }
+
+ ctr->sitename[i].string = samdb_client_site_name(sam_ctx,
+ mem_ctx,
+ addr_str,
+ &subnet_name);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sitename[i].string);
+ ctr->subnetname[i].string = subnet_name;
}
return WERR_OK;
}
+/*
+ netr_DsRAddressToSitenamesW
+*/
+static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct netr_DsRAddressToSitenamesW *r)
+{
+ struct netr_DsRAddressToSitenamesExW r2;
+ struct netr_DsRAddressToSitenamesWCtr *ctr;
+ uint32_t i;
+ WERROR werr;
+
+ ZERO_STRUCT(r2);
+
+ r2.in.server_name = r->in.server_name;
+ r2.in.count = r->in.count;
+ r2.in.addresses = r->in.addresses;
+
+ r2.out.ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr *);
+ W_ERROR_HAVE_NO_MEMORY(r2.out.ctr);
+
+ ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesWCtr);
+ W_ERROR_HAVE_NO_MEMORY(ctr);
+
+ *r->out.ctr = ctr;
+
+ ctr->count = r->in.count;
+ ctr->sitename = talloc_array(ctr, struct lsa_String, ctr->count);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sitename);
+
+ werr = dcesrv_netr_DsRAddressToSitenamesExW(dce_call, mem_ctx, &r2);
+
+ for (i=0; i<ctr->count; i++) {
+ ctr->sitename[i].string = (*r2.out.ctr)->sitename[i].string;
+ }
+
+ return werr;
+}
+
+
/*
netr_DsrGetDcSiteCoverageW
*/
static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct netr_DsrGetDcSiteCoverageW *r)
{
- DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+ struct ldb_context *sam_ctx;
+ struct DcSitesCtr *ctr;
+ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
+
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
+ dce_call->conn->auth_state.session_info);
+ if (sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ ctr = talloc(mem_ctx, struct DcSitesCtr);
+ W_ERROR_HAVE_NO_MEMORY(ctr);
+
+ *r->out.ctr = ctr;
+
+ /* For now only return our default site */
+ ctr->num_sites = 1;
+ ctr->sites = talloc_array(ctr, struct lsa_String, ctr->num_sites);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sites);
+ ctr->sites[0].string = samdb_server_site_name(sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(ctr->sites[0].string);
+
+ return WERR_OK;
}
const char *trust_attrs[] = { "flatname", "trustPartner",
"securityIdentifier", "trustDirection",
"trustType", "trustAttributes", NULL };
- int i, n;
+ uint32_t n;
+ int i;
int ret;
if (!(trust_flags & (NETR_TRUST_FLAG_INBOUND |
struct ldb_message **dom_res;
const char * const dom_attrs[] = { "objectSid", "objectGUID", NULL };
struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
- const char *dnsdomain = lp_dnsdomain(lp_ctx);
+ const char *dnsdomain = lpcfg_dnsdomain(lp_ctx);
const char *p;
WERROR werr;
/* NOTE: we currently are always the root of the forest */
if (r->in.trust_flags & NETR_TRUST_FLAG_IN_FOREST) {
- int n = trusts->count;
+ uint32_t n = trusts->count;
ret = gendb_search_dn(sam_ctx, mem_ctx, NULL,
&dom_res, dom_attrs);
trusts->count);
W_ERROR_HAVE_NO_MEMORY(trusts->array);
- trusts->array[n].netbios_name = lp_workgroup(lp_ctx);
- trusts->array[n].dns_name = lp_dnsdomain(lp_ctx);
+ trusts->array[n].netbios_name = lpcfg_workgroup(lp_ctx);
+ trusts->array[n].dns_name = lpcfg_dnsdomain(lp_ctx);
trusts->array[n].trust_flags =
NETR_TRUST_FLAG_NATIVE |
NETR_TRUST_FLAG_TREEROOT |
W_ERROR_HAVE_NO_MEMORY(e);
e->flags = 0;
- e->level = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
+ e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME;
e->time = 0; /* so far always 0 in trces. */
- e->forest_trust_data.top_level_name.string = lp_dnsdomain(lp_ctx);
+ e->forest_trust_data.top_level_name.string = samdb_forest_name(sam_ctx,
+ mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(e->forest_trust_data.top_level_name.string);
info->entries[0] = e;
/* TODO: check if disabled and set flags accordingly */
e->flags = 0;
- e->level = LSA_FOREST_TRUST_DOMAIN_INFO;
+ e->type = LSA_FOREST_TRUST_DOMAIN_INFO;
e->time = 0; /* so far always 0 in traces. */
domain_info = &e->forest_trust_data.domain_info;
domain_info->domain_sid = samdb_result_dom_sid(info, dom_res[0],
"objectSid");
- domain_info->dns_domain_name.string = lp_dnsdomain(lp_ctx);
- domain_info->netbios_domain_name.string = lp_workgroup(lp_ctx);
+ domain_info->dns_domain_name.string = lpcfg_dnsdomain(lp_ctx);
+ domain_info->netbios_domain_name.string = lpcfg_workgroup(lp_ctx);
info->entries[1] = e;
struct ldb_context *sam_ctx;
WERROR werr;
- if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
- return WERR_CALL_NOT_IMPLEMENTED;
- }
-
if (r->in.flags & 0xFFFFFFFE) {
return WERR_INVALID_FLAGS;
}
NTSTATUS status;
WERROR werr;
- if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
status = dcesrv_netr_creds_server_step_check(dce_call,
mem_ctx,
r->in.computer_name,