source/rpc_server/netlogon/dcerpc_netlogon.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    endpoint server for the netlogon pipe
   5
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "rpc_server/common/common.h"
  25
  26 struct server_pipe_state {
  27         TALLOC_CTX *mem_ctx;
  28         struct netr_Credential client_challenge;
  29         struct netr_Credential server_challenge;
  30         BOOL authenticated;
  31         char *account_name;
  32         char *computer_name;  /* for logging only */
  33         uint32_t acct_flags;
  34         uint16_t sec_chan_type;
  35         struct creds_CredentialState *creds;
  36 };
  37
  38 static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di)
  39 {
  40         dce_call->conn->private = NULL;
  41
  42         return NT_STATUS_OK;
  43 }
  44
  45 /* this function is called when the client disconnects the endpoint */
  46 static void netlogon_unbind(struct dcesrv_connection *conn, const struct dcesrv_interface *di)
  47 {
  48         struct server_pipe_state *pipe_state = conn->private;
  49
  50         if (pipe_state)
  51                 talloc_destroy(pipe_state->mem_ctx);
  52
  53         conn->private = NULL;
  54 }
  55
  56 #define DCESRV_INTERFACE_NETLOGON_BIND netlogon_bind
  57 #define DCESRV_INTERFACE_NETLOGON_UNBIND netlogon_unbind
  58
  59 /*
  60   netr_ServerReqChallenge
  61
  62         NTSTATUS netr_ServerReqChallenge(
  63                 [in]         unistr *server_name,
  64                 [in]         unistr computer_name,
  65                 [in,out,ref] netr_Credential *credentials
  66                 );
  67
  68 */
  69 static NTSTATUS netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
  70                                         struct netr_ServerReqChallenge *r)
  71 {
  72         struct server_pipe_state *pipe_state = dce_call->conn->private;
  73         TALLOC_CTX *pipe_mem_ctx;
  74
  75         ZERO_STRUCTP(r->out.credentials);
  76
  77         /* destroyed on pipe shutdown */
  78
  79         if (pipe_state) {
  80                 talloc_destroy(pipe_state->mem_ctx);
  81                 dce_call->conn->private = NULL;
  82         }
  83
  84         pipe_mem_ctx = talloc_init("internal netlogon pipe state for %s",
  85                                    r->in.computer_name);
  86
  87         if (!pipe_mem_ctx) {
  88                 return NT_STATUS_NO_MEMORY;
  89         }
  90
  91         pipe_state = talloc_p(pipe_mem_ctx, struct server_pipe_state);
  92         if (!pipe_state) {
  93                 talloc_destroy(pipe_mem_ctx);
  94                 return NT_STATUS_NO_MEMORY;
  95         }
  96
  97         pipe_state->mem_ctx = pipe_mem_ctx;
  98         pipe_state->authenticated = False;
  99         pipe_state->creds = NULL;
 100         pipe_state->account_name = NULL;
 101         pipe_state->computer_name = NULL;
 102
 103         pipe_state->client_challenge = *r->in.credentials;
 104
 105         generate_random_buffer(pipe_state->server_challenge.data,
 106                                sizeof(pipe_state->server_challenge.data),
 107                                False);
 108
 109         *r->out.credentials = pipe_state->server_challenge;
 110
 111         dce_call->conn->private = pipe_state;
 112
 113         return NT_STATUS_OK;
 114 }
 115
 116
 117 /*
 118   netr_ServerAuthenticate
 119
 120          secure channel types:
 121
 122         const int SEC_CHAN_WKSTA   = 2;
 123         const int SEC_CHAN_DOMAIN  = 4;
 124         const int SEC_CHAN_BDC     = 6;
 125
 126         NTSTATUS netr_ServerAuthenticate3(
 127                 [in]         unistr *server_name,
 128                 [in]         unistr username,
 129                 [in]         uint16 secure_channel_type,
 130                 [in]         unistr computer_name,
 131                 [in,out,ref] netr_Credential *credentials
 132                 [in,out,ref] uint32 *negotiate_flags,
 133                 [out,ref]    uint32 *rid
 134                 );
 135 */
 136 static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 137                                          struct netr_ServerAuthenticate3 *r)
 138 {
 139         struct server_pipe_state *pipe_state = dce_call->conn->private;
 140         void *sam_ctx;
 141         uint8_t *mach_pwd;
 142         uint16_t acct_flags;
 143         int num_records;
 144         struct ldb_message **msgs;
 145         NTSTATUS nt_status;
 146         const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl",
 147                                "objectSid", NULL};
 148
 149         ZERO_STRUCTP(r->out.credentials);
 150         *r->out.rid = 0;
 151         *r->out.negotiate_flags = *r->in.negotiate_flags;
 152
 153         if (!pipe_state) {
 154                 DEBUG(1, ("No challange requested by client, cannot authenticate\n"));
 155                 return NT_STATUS_ACCESS_DENIED;
 156         }
 157
 158         sam_ctx = samdb_connect();
 159         if (sam_ctx == NULL) {
 160                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
 161         }
 162         /* pull the user attributes */
 163         num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 164                                    "(&(sAMAccountName=%s)(objectclass=user))",
 165                                    r->in.username);
 166
 167         if (num_records == 0) {
 168                 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
 169                          r->in.username));
 170                 samdb_close(sam_ctx);
 171                 return NT_STATUS_NO_SUCH_USER;
 172         }
 173
 174         if (num_records > 1) {
 175                 DEBUG(1,("Found %d records matching user [%s]\n", num_records, r->in.username));
 176                 samdb_close(sam_ctx);
 177                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 178         }
 179
 180         acct_flags = samdb_result_acct_flags(msgs[0],
 181                                              "userAccountControl");
 182
 183         if (acct_flags & ACB_DISABLED) {
 184                 DEBUG(1, ("Account [%s] is disabled\n", r->in.username));
 185                 return NT_STATUS_ACCESS_DENIED;
 186         }
 187
 188         if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
 189                 if (!(acct_flags & ACB_WSTRUST)) {
 190                         DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", acct_flags));
 191                         return NT_STATUS_ACCESS_DENIED;
 192                 }
 193         } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
 194                 if (!(acct_flags & ACB_DOMTRUST)) {
 195                         DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", acct_flags));
 196                         return NT_STATUS_ACCESS_DENIED;
 197                 }
 198         } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
 199                 if (!(acct_flags & ACB_SVRTRUST)) {
 200                         DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", acct_flags));
 201                         return NT_STATUS_ACCESS_DENIED;
 202                 }
 203         } else {
 204                 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
 205                           r->in.secure_channel_type));
 206                 return NT_STATUS_ACCESS_DENIED;
 207         }
 208
 209         pipe_state->acct_flags = acct_flags;
 210         pipe_state->sec_chan_type = r->in.secure_channel_type;
 211
 212         *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0);
 213
 214         nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
 215         if (!NT_STATUS_IS_OK(nt_status)) {
 216                 samdb_close(sam_ctx);
 217                 return NT_STATUS_ACCESS_DENIED;
 218         }
 219
 220         samdb_close(sam_ctx);
 221
 222         if (!pipe_state->creds) {
 223                 pipe_state->creds = talloc_p(pipe_state->mem_ctx, struct creds_CredentialState);
 224                 if (!pipe_state->creds) {
 225                         return NT_STATUS_NO_MEMORY;
 226                 }
 227         }
 228
 229         creds_server_init(pipe_state->creds, &pipe_state->client_challenge,
 230                           &pipe_state->server_challenge, mach_pwd,
 231                           r->out.credentials,
 232                           *r->in.negotiate_flags);
 233
 234         if (!creds_server_check(pipe_state->creds, r->in.credentials)) {
 235                 return NT_STATUS_ACCESS_DENIED;
 236         }
 237
 238         pipe_state->authenticated = True;
 239
 240         if (pipe_state->account_name) {
 241                 /* We don't want a memory leak on this long-lived talloc context */
 242                 talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
 243         }
 244
 245         pipe_state->account_name = talloc_strdup(pipe_state->mem_ctx, r->in.username);
 246
 247         if (pipe_state->computer_name) {
 248                 /* We don't want a memory leak on this long-lived talloc context */
 249                 talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
 250         }
 251
 252         pipe_state->computer_name = talloc_strdup(pipe_state->mem_ctx, r->in.computer_name);
 253
 254         return NT_STATUS_OK;
 255 }
 256
 257
 258 static NTSTATUS netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 259                                         struct netr_ServerAuthenticate *r)
 260 {
 261         struct netr_ServerAuthenticate3 r3;
 262         uint32 negotiate_flags, rid;
 263
 264         r3.in.server_name = r->in.server_name;
 265         r3.in.username = r->in.username;
 266         r3.in.secure_channel_type = r->in.secure_channel_type;
 267         r3.in.computer_name = r->in.computer_name;
 268         r3.in.credentials = r->in.credentials;
 269         r3.out.credentials = r->out.credentials;
 270         r3.in.negotiate_flags = &negotiate_flags;
 271         r3.out.negotiate_flags = &negotiate_flags;
 272         r3.out.rid = &rid;
 273
 274         return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
 275 }
 276
 277 static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 278                                          struct netr_ServerAuthenticate2 *r)
 279 {
 280         struct netr_ServerAuthenticate3 r3;
 281         uint32 rid;
 282
 283         r3.in.server_name = r->in.server_name;
 284         r3.in.username = r->in.username;
 285         r3.in.secure_channel_type = r->in.secure_channel_type;
 286         r3.in.computer_name = r->in.computer_name;
 287         r3.in.credentials = r->in.credentials;
 288         r3.out.credentials = r->out.credentials;
 289         r3.in.negotiate_flags = r->in.negotiate_flags;
 290         r3.out.negotiate_flags = r->out.negotiate_flags;
 291         r3.out.rid = &rid;
 292
 293         return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
 294 }
 295
 296
 297 static BOOL netr_creds_server_step_check(struct server_pipe_state *pipe_state,
 298                                          struct netr_Authenticator *received_authenticator,
 299                                          struct netr_Authenticator *return_authenticator)
 300 {
 301         if (!pipe_state->authenticated) {
 302                 return False;
 303         }
 304         return creds_server_step_check(pipe_state->creds,
 305                                        received_authenticator,
 306                                        return_authenticator);
 307 }
 308
 309 /*
 310  netr_ServerPasswordSet
 311
 312         NTSTATUS netr_ServerPasswordSet(
 313                 [in]  unistr *server_name,
 314                 [in]  unistr username,
 315                 [in]  uint16 secure_channel_type,
 316                 [in]  unistr computer_name,
 317                 [in]  netr_Authenticator credential,
 318                 [in]  netr_Password new_password,
 319                 [out] netr_Authenticator return_authenticator
 320                 );
 321
 322 */
 323 static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 324                                        struct netr_ServerPasswordSet *r)
 325 {
 326         struct server_pipe_state *pipe_state = dce_call->conn->private;
 327
 328         void *sam_ctx;
 329         int num_records;
 330         int num_records_domain;
 331         int ret;
 332         struct ldb_message **msgs;
 333         struct ldb_message **msgs_domain;
 334         NTSTATUS nt_status;
 335         struct samr_Hash newNtHash;
 336         struct ldb_message mod, *msg_set_pw = &mod;
 337         const char *domain_dn;
 338         const char *domain_sid;
 339
 340         const char *attrs[] = {"objectSid", NULL };
 341
 342         const char **domain_attrs = attrs;
 343         ZERO_STRUCT(mod);
 344
 345         if (!netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator)) {
 346                 return NT_STATUS_ACCESS_DENIED;
 347         }
 348
 349         if (!pipe_state) {
 350                 DEBUG(1, ("No challange requested by client, cannot authenticate\n"));
 351                 return NT_STATUS_ACCESS_DENIED;
 352         }
 353
 354         sam_ctx = samdb_connect();
 355         if (sam_ctx == NULL) {
 356                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
 357         }
 358         /* pull the user attributes */
 359         num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 360                                    "(&(sAMAccountName=%s)(objectclass=user))",
 361                                    pipe_state->account_name);
 362
 363         if (num_records == 0) {
 364                 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
 365                          pipe_state->account_name));
 366                 samdb_close(sam_ctx);
 367                 return NT_STATUS_NO_SUCH_USER;
 368         }
 369
 370         if (num_records > 1) {
 371                 DEBUG(1,("Found %d records matching user [%s]\n", num_records,
 372                          pipe_state->account_name));
 373                 samdb_close(sam_ctx);
 374                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 375         }
 376
 377         domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
 378         if (!domain_sid) {
 379                 samdb_close(sam_ctx);
 380                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 381         }
 382
 383         /* find the domain's DN */
 384         num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL,
 385                                           &msgs_domain, domain_attrs,
 386                                           "(&(objectSid=%s)(objectclass=domain))",
 387                                           domain_sid);
 388
 389         if (num_records_domain == 0) {
 390                 DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
 391                          domain_sid));
 392                 samdb_close(sam_ctx);
 393                 return NT_STATUS_NO_SUCH_USER;
 394         }
 395
 396         if (num_records_domain > 1) {
 397                 DEBUG(1,("Found %d records matching domain [%s]\n",
 398                          num_records_domain, domain_sid));
 399                 samdb_close(sam_ctx);
 400                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 401         }
 402
 403         domain_dn = msgs_domain[0]->dn;
 404
 405         mod.dn = talloc_strdup(mem_ctx, msgs[0]->dn);
 406         if (!mod.dn) {
 407                 samdb_close(sam_ctx);
 408                 return NT_STATUS_NO_MEMORY;
 409         }
 410
 411         creds_des_decrypt(pipe_state->creds, &r->in.new_password);
 412
 413         memcpy(newNtHash.hash, r->in.new_password.data, sizeof(newNtHash.hash));
 414
 415         /* set the password - samdb needs to know both the domain and user DNs,
 416            so the domain password policy can be used */
 417         nt_status = samdb_set_password(sam_ctx, mem_ctx,
 418                                        msgs[0]->dn, domain_dn,
 419                                        msg_set_pw,
 420                                        NULL, /* Don't have plaintext */
 421                                        NULL, &newNtHash,
 422                                        False /* This is not considered a password change */,
 423                                        NULL);
 424
 425         if (!NT_STATUS_IS_OK(nt_status)) {
 426                 samdb_close(sam_ctx);
 427                 return nt_status;
 428         }
 429
 430         ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
 431         if (ret != 0) {
 432                 /* we really need samdb.c to return NTSTATUS */
 433
 434                 samdb_close(sam_ctx);
 435                 return NT_STATUS_UNSUCCESSFUL;
 436         }
 437
 438         samdb_close(sam_ctx);
 439         return NT_STATUS_OK;
 440 }
 441
 442
 443 /*
 444   netr_LogonUasLogon
 445 */
 446 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 447                                  struct netr_LogonUasLogon *r)
 448 {
 449         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 450 }
 451
 452
 453 /*
 454   netr_LogonUasLogoff
 455 */
 456 static WERROR netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 457                        struct netr_LogonUasLogoff *r)
 458 {
 459         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 460 }
 461
 462
 463 /*
 464   netr_LogonSamLogon
 465
 466
 467
 468 */
 469 static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 470                        struct netr_LogonSamLogon *r)
 471 {
 472         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 473 }
 474
 475
 476 /*
 477   netr_LogonSamLogoff
 478 */
 479 static NTSTATUS netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 480                        struct netr_LogonSamLogoff *r)
 481 {
 482         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 483 }
 484
 485
 486
 487 /*
 488   netr_DatabaseDeltas
 489 */
 490 static NTSTATUS netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 491                        struct netr_DatabaseDeltas *r)
 492 {
 493         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 494 }
 495
 496
 497 /*
 498   netr_DatabaseSync
 499 */
 500 static NTSTATUS netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 501                        struct netr_DatabaseSync *r)
 502 {
 503         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 504 }
 505
 506
 507 /*
 508   netr_AccountDeltas
 509 */
 510 static NTSTATUS netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 511                        struct netr_AccountDeltas *r)
 512 {
 513         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 514 }
 515
 516
 517 /*
 518   netr_AccountSync
 519 */
 520 static NTSTATUS netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 521                        struct netr_AccountSync *r)
 522 {
 523         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 524 }
 525
 526
 527 /*
 528   netr_GetDcName
 529 */
 530 static NTSTATUS netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 531                        struct netr_GetDcName *r)
 532 {
 533         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 534 }
 535
 536
 537 /*
 538   netr_LogonControl
 539 */
 540 static WERROR netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 541                        struct netr_LogonControl *r)
 542 {
 543         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 544 }
 545
 546
 547 /*
 548   netr_GetAnyDCName
 549 */
 550 static WERROR netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 551                        struct netr_GetAnyDCName *r)
 552 {
 553         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 554 }
 555
 556
 557 /*
 558   netr_LogonControl2
 559 */
 560 static WERROR netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 561                        struct netr_LogonControl2 *r)
 562 {
 563         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 564 }
 565
 566
 567 /*
 568   netr_DatabaseSync2
 569 */
 570 static NTSTATUS netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 571                        struct netr_DatabaseSync2 *r)
 572 {
 573         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 574 }
 575
 576
 577 /*
 578   netr_DatabaseRedo
 579 */
 580 static NTSTATUS netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 581                        struct netr_DatabaseRedo *r)
 582 {
 583         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 584 }
 585
 586
 587 /*
 588   netr_LogonControl2Ex
 589 */
 590 static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 591                        struct netr_LogonControl2Ex *r)
 592 {
 593         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 594 }
 595
 596
 597 /*
 598   netr_NETRENUMERATETRUSTEDDOMAINS
 599 */
 600 static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 601                        struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
 602 {
 603         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 604 }
 605
 606
 607 /*
 608   netr_DSRGETDCNAME
 609 */
 610 static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 611                        struct netr_DSRGETDCNAME *r)
 612 {
 613         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 614 }
 615
 616
 617 /*
 618   netr_NETRLOGONDUMMYROUTINE1
 619 */
 620 static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 621                        struct netr_NETRLOGONDUMMYROUTINE1 *r)
 622 {
 623         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 624 }
 625
 626
 627 /*
 628   netr_NETRLOGONSETSERVICEBITS
 629 */
 630 static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 631                        struct netr_NETRLOGONSETSERVICEBITS *r)
 632 {
 633         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 634 }
 635
 636
 637 /*
 638   netr_NETRLOGONGETTRUSTRID
 639 */
 640 static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 641                        struct netr_NETRLOGONGETTRUSTRID *r)
 642 {
 643         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 644 }
 645
 646
 647 /*
 648   netr_NETRLOGONCOMPUTESERVERDIGEST
 649 */
 650 static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 651                        struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
 652 {
 653         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 654 }
 655
 656
 657 /*
 658   netr_NETRLOGONCOMPUTECLIENTDIGEST
 659 */
 660 static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 661                        struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
 662 {
 663         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 664 }
 665
 666
 667 /*
 668   netr_DSRGETDCNAMEX
 669 */
 670 static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 671                        struct netr_DSRGETDCNAMEX *r)
 672 {
 673         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 674 }
 675
 676
 677 /*
 678   netr_DSRGETSITENAME
 679 */
 680 static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 681                        struct netr_DSRGETSITENAME *r)
 682 {
 683         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 684 }
 685
 686
 687 /*
 688   netr_NETRLOGONGETDOMAININFO
 689 */
 690 static WERROR netr_NETRLOGONGETDOMAININFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 691                        struct netr_NETRLOGONGETDOMAININFO *r)
 692 {
 693         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 694 }
 695
 696
 697 /*
 698   netr_NETRSERVERPASSWORDSET2
 699 */
 700 static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 701                        struct netr_NETRSERVERPASSWORDSET2 *r)
 702 {
 703         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 704 }
 705
 706
 707 /*
 708   netr_NETRSERVERPASSWORDGET
 709 */
 710 static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 711                        struct netr_NETRSERVERPASSWORDGET *r)
 712 {
 713         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 714 }
 715
 716
 717 /*
 718   netr_NETRLOGONSENDTOSAM
 719 */
 720 static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 721                        struct netr_NETRLOGONSENDTOSAM *r)
 722 {
 723         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 724 }
 725
 726
 727 /*
 728   netr_DSRADDRESSTOSITENAMESW
 729 */
 730 static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 731                        struct netr_DSRADDRESSTOSITENAMESW *r)
 732 {
 733         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 734 }
 735
 736
 737 /*
 738   netr_DSRGETDCNAMEEX2
 739 */
 740 static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 741                        struct netr_DSRGETDCNAMEEX2 *r)
 742 {
 743         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 744 }
 745
 746
 747 /*
 748   netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
 749 */
 750 static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 751                        struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
 752 {
 753         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 754 }
 755
 756
 757 /*
 758   netr_NETRENUMERATETRUSTEDDOMAINSEX
 759 */
 760 static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 761                        struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
 762 {
 763         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 764 }
 765
 766
 767 /*
 768   netr_DSRADDRESSTOSITENAMESEXW
 769 */
 770 static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 771                        struct netr_DSRADDRESSTOSITENAMESEXW *r)
 772 {
 773         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 774 }
 775
 776
 777 /*
 778   netr_DSRGETDCSITECOVERAGEW
 779 */
 780 static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 781                        struct netr_DSRGETDCSITECOVERAGEW *r)
 782 {
 783         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 784 }
 785
 786
 787 /*
 788   netr_NETRLOGONSAMLOGONEX
 789 */
 790 static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 791                        struct netr_NETRLOGONSAMLOGONEX *r)
 792 {
 793         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 794 }
 795
 796
 797 /*
 798   netr_DsrEnumerateDomainTrusts
 799 */
 800 static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 801                                               struct netr_DsrEnumerateDomainTrusts *r)
 802 {
 803         struct netr_DomainTrust *trusts;
 804         void *sam_ctx;
 805         int ret, i;
 806         struct ldb_message **res;
 807         const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL };
 808
 809         ZERO_STRUCT(r->out);
 810
 811         sam_ctx = samdb_connect();
 812         if (sam_ctx == NULL) {
 813                 return WERR_GENERAL_FAILURE;
 814         }
 815
 816         ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
 817         if (ret == -1) {
 818                 samdb_close(sam_ctx);
 819                 return WERR_GENERAL_FAILURE;
 820         }
 821
 822         if (ret == 0) {
 823                 return WERR_OK;
 824         }
 825
 826         trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret);
 827         if (trusts == NULL) {
 828                 return WERR_NOMEM;
 829         }
 830
 831         r->out.count = ret;
 832         r->out.trusts = trusts;
 833
 834         /* TODO: add filtering by trust_flags, and correct trust_type
 835            and attributes */
 836         for (i=0;i<ret;i++) {
 837                 trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL);
 838                 trusts[i].dns_name     = samdb_result_string(res[i], "dnsDomain", NULL);
 839                 trusts[i].trust_flags =
 840                         NETR_TRUST_FLAG_TREEROOT |
 841                         NETR_TRUST_FLAG_IN_FOREST |
 842                         NETR_TRUST_FLAG_PRIMARY;
 843                 trusts[i].parent_index = 0;
 844                 trusts[i].trust_type = 2;
 845                 trusts[i].trust_attributes = 0;
 846                 trusts[i].sid  = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
 847                 trusts[i].guid = samdb_result_guid(res[i], "objectGUID");
 848         }
 849
 850
 851         return WERR_OK;
 852 }
 853
 854
 855 /*
 856   netr_DSRDEREGISTERDNSHOSTRECORDS
 857 */
 858 static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 859                        struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
 860 {
 861         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 862 }
 863
 864
 865 /*
 866   netr_NETRSERVERTRUSTPASSWORDSGET
 867 */
 868 static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 869                        struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
 870 {
 871         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 872 }
 873
 874
 875 /*
 876   netr_DSRGETFORESTTRUSTINFORMATION
 877 */
 878 static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 879                        struct netr_DSRGETFORESTTRUSTINFORMATION *r)
 880 {
 881         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 882 }
 883
 884
 885 /*
 886   netr_NETRGETFORESTTRUSTINFORMATION
 887 */
 888 static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 889                        struct netr_NETRGETFORESTTRUSTINFORMATION *r)
 890 {
 891         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 892 }
 893
 894
 895 /*
 896   netr_NETRLOGONSAMLOGONWITHFLAGS
 897 */
 898 static WERROR netr_NETRLOGONSAMLOGONWITHFLAGS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 899                        struct netr_NETRLOGONSAMLOGONWITHFLAGS *r)
 900 {
 901         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 902 }
 903
 904
 905 /*
 906   netr_NETRSERVERGETTRUSTINFO
 907 */
 908 static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 909                        struct netr_NETRSERVERGETTRUSTINFO *r)
 910 {
 911         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 912 }
 913
 914
 915 /* include the generated boilerplate */
 916 #include "librpc/gen_ndr/ndr_netlogon_s.c"