3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1997,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
8 * Copyright (C) Paul Ashton 1997.
9 * Copyright (C) Jeremy Allison 1998.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 extern int DEBUGLEVEL;
30 extern BOOL sam_logon_in_ssb;
31 extern pstring samlogon_user;
32 extern pstring global_myname;
33 extern DOM_SID global_sam_sid;
35 /*************************************************************************
37 *************************************************************************/
39 static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
40 DOM_CHAL *srv_chal, int status)
42 DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
43 memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
47 /*************************************************************************
49 *************************************************************************/
51 static BOOL net_reply_req_chal(NET_Q_REQ_CHAL *q_c, prs_struct *rdata,
52 DOM_CHAL *srv_chal, uint32 srv_time)
56 DEBUG(6,("net_reply_req_chal: %d\n", __LINE__));
58 /* set up the LSA REQUEST CHALLENGE response */
59 init_net_r_req_chal(&r_c, srv_chal, srv_time);
61 /* store the response in the SMB stream */
62 if(!net_io_r_req_chal("", &r_c, rdata, 0)) {
63 DEBUG(0,("net_reply_req_chal: Failed to marshall NET_R_REQ_CHAL.\n"));
67 DEBUG(6,("net_reply_req_chal: %d\n", __LINE__));
72 /*************************************************************************
73 net_reply_logon_ctrl2:
74 *************************************************************************/
76 static BOOL net_reply_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, prs_struct *rdata,
77 uint32 flags, uint32 pdc_status, uint32 logon_attempts,
78 uint32 tc_status, char *trust_domain_name)
80 NET_R_LOGON_CTRL2 r_l;
82 DEBUG(6,("net_reply_logon_ctrl2: %d\n", __LINE__));
84 /* set up the Logon Control2 response */
85 init_r_logon_ctrl2(&r_l, q_l->query_level,
86 flags, pdc_status, logon_attempts,
87 tc_status, trust_domain_name);
89 /* store the response in the SMB stream */
90 if(!net_io_r_logon_ctrl2("", &r_l, rdata, 0)) {
91 DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n"));
95 DEBUG(6,("net_reply_logon_ctrl2: %d\n", __LINE__));
100 /*************************************************************************
101 net_reply_trust_dom_list:
102 *************************************************************************/
104 static BOOL net_reply_trust_dom_list(NET_Q_TRUST_DOM_LIST *q_t, prs_struct *rdata,
105 uint32 num_trust_domains, char *trust_domain_name)
107 NET_R_TRUST_DOM_LIST r_t;
109 DEBUG(6,("net_reply_trust_dom_list: %d\n", __LINE__));
111 /* set up the Trusted Domain List response */
112 init_r_trust_dom(&r_t, num_trust_domains, trust_domain_name);
114 /* store the response in the SMB stream */
115 if(!net_io_r_trust_dom("", &r_t, rdata, 0)) {
116 DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n"));
120 DEBUG(6,("net_reply_trust_dom_listlogon_ctrl2: %d\n", __LINE__));
125 /*************************************************************************
127 *************************************************************************/
129 static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
130 DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status)
132 memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
133 memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
134 r_a->status = status;
137 /************************************************************************
139 *************************************************************************/
141 static BOOL net_reply_auth_2(NET_Q_AUTH_2 *q_a, prs_struct *rdata,
142 DOM_CHAL *resp_cred, int status)
147 srv_flgs.neg_flags = 0x000001ff;
149 /* set up the LSA AUTH 2 response */
151 init_net_r_auth_2(&r_a, resp_cred, &srv_flgs, status);
153 /* store the response in the SMB stream */
154 if(!net_io_r_auth_2("", &r_a, rdata, 0)) {
155 DEBUG(0,("net_reply_auth_2: Failed to marshall NET_R_AUTH_2.\n"));
162 /***********************************************************************************
163 init_net_r_srv_pwset:
164 ***********************************************************************************/
166 static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
167 DOM_CRED *srv_cred, int status)
169 DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
171 memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred));
172 r_s->status = status;
174 DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
177 /*************************************************************************
179 *************************************************************************/
181 static BOOL net_reply_srv_pwset(NET_Q_SRV_PWSET *q_s, prs_struct *rdata,
182 DOM_CRED *srv_cred, int status)
186 DEBUG(5,("net_srv_pwset: %d\n", __LINE__));
188 /* set up the LSA Server Password Set response */
189 init_net_r_srv_pwset(&r_s, srv_cred, status);
191 /* store the response in the SMB stream */
192 if(!net_io_r_srv_pwset("", &r_s, rdata, 0)) {
193 DEBUG(0,("net_reply_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n"));
197 DEBUG(5,("net_srv_pwset: %d\n", __LINE__));
202 /*************************************************************************
204 *************************************************************************/
206 static BOOL net_reply_sam_logon(NET_Q_SAM_LOGON *q_s, prs_struct *rdata,
207 DOM_CRED *srv_cred, NET_USER_INFO_3 *user_info,
212 /* XXXX maybe we want to say 'no', reject the client's credentials */
213 r_s.buffer_creds = 1; /* yes, we have valid server credentials */
214 memcpy(&r_s.srv_creds, srv_cred, sizeof(r_s.srv_creds));
216 /* store the user information, if there is any. */
217 r_s.user = user_info;
218 if (status == 0x0 && user_info != NULL && user_info->ptr_user_info != 0)
219 r_s.switch_value = 3; /* indicates type of validation user info */
221 r_s.switch_value = 0; /* indicates no info */
224 r_s.auth_resp = 1; /* authoritative response */
226 /* store the response in the SMB stream */
227 if(!net_io_r_sam_logon("", &r_s, rdata, 0)) {
228 DEBUG(0,("net_reply_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n"));
236 /*************************************************************************
237 net_reply_sam_logoff:
238 *************************************************************************/
240 static BOOL net_reply_sam_logoff(NET_Q_SAM_LOGOFF *q_s, prs_struct *rdata,
244 NET_R_SAM_LOGOFF r_s;
246 /* XXXX maybe we want to say 'no', reject the client's credentials */
247 r_s.buffer_creds = 1; /* yes, we have valid server credentials */
248 memcpy(&r_s.srv_creds, srv_cred, sizeof(r_s.srv_creds));
252 /* store the response in the SMB stream */
253 if(!net_io_r_sam_logoff("", &r_s, rdata, 0)) {
254 DEBUG(0,("net_reply_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n"));
261 /******************************************************************
262 gets a machine password entry. checks access rights of the host.
263 ******************************************************************/
265 static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
267 SAM_ACCOUNT *sampass = NULL;
272 * Currently this code is redundent as we already have a filter
273 * by hostname list. What this code really needs to do is to
274 * get a hosts allowed/hosts denied list from the SAM database
275 * on a per user basis, and make the access decision there.
276 * I will leave this code here for now as a reminder to implement
277 * this at a later date. JRA.
280 if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
281 client_name(), client_addr()))
283 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
289 sampass = pdb_getsampwnam(mach_acct);
292 if ((sampass) != NULL && !(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
293 ((pass=pdb_get_nt_passwd(sampass)) != NULL))
295 memcpy(md4pw, pass, 16);
296 dump_data(5, md4pw, 16);
300 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
304 /*************************************************************************
306 *************************************************************************/
308 static BOOL api_net_req_chal(pipes_struct *p)
312 uint16 vuid = p->vuid;
313 prs_struct *data = &p->in_data.data;
314 prs_struct *rdata = &p->out_data.rdata;
321 DEBUG(5,("api_net_req_chal(%d): vuid %d\n", __LINE__, (int)vuid));
323 if ((vuser = get_valid_user_struct(vuid)) == NULL)
326 /* grab the challenge... */
327 if(!net_io_q_req_chal("", &q_r, data, 0)) {
328 DEBUG(0,("api_net_req_chal: Failed to unmarshall NET_Q_REQ_CHAL.\n"));
332 fstrcpy(mach_acct, dos_unistrn2(q_r.uni_logon_clnt.buffer,
333 q_r.uni_logon_clnt.uni_str_len));
335 fstrcpy(mach_name, mach_acct);
338 fstrcat(mach_acct, "$");
340 if (get_md4pw((char *)vuser->dc.md4pw, mach_name, mach_acct)) {
341 /* copy the client credentials */
342 memcpy(vuser->dc.clnt_chal.data , q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data));
343 memcpy(vuser->dc.clnt_cred.challenge.data, q_r.clnt_chal.data, sizeof(q_r.clnt_chal.data));
345 /* create a server challenge for the client */
346 /* Set these to random values. */
347 generate_random_buffer(vuser->dc.srv_chal.data, 8, False);
349 memcpy(vuser->dc.srv_cred.challenge.data, vuser->dc.srv_chal.data, 8);
351 memset((char *)vuser->dc.sess_key, '\0', sizeof(vuser->dc.sess_key));
353 /* from client / server challenges and md4 password, generate sess key */
354 cred_session_key(&(vuser->dc.clnt_chal), &(vuser->dc.srv_chal),
355 (char *)vuser->dc.md4pw, vuser->dc.sess_key);
357 /* lkclXXXX take a guess at a good error message to return :-) */
358 status = NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
361 /* construct reply. */
362 if(!net_reply_req_chal(&q_r, rdata, &vuser->dc.srv_chal, status))
368 /*************************************************************************
370 *************************************************************************/
372 static BOOL api_net_auth_2(pipes_struct *p)
374 uint16 vuid = p->vuid;
377 prs_struct *data = &p->in_data.data;
378 prs_struct *rdata = &p->out_data.rdata;
385 if ((vuser = get_valid_user_struct(vuid)) == NULL)
390 /* grab the challenge... */
391 if(!net_io_q_auth_2("", &q_a, data, 0)) {
392 DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n"));
396 /* check that the client credentials are valid */
397 if (cred_assert(&(q_a.clnt_chal), vuser->dc.sess_key,
398 &(vuser->dc.clnt_cred.challenge), srv_time)) {
400 /* create server challenge for inclusion in the reply */
401 cred_create(vuser->dc.sess_key, &(vuser->dc.srv_cred.challenge), srv_time, &srv_cred);
403 /* copy the received client credentials for use next time */
404 memcpy(vuser->dc.clnt_cred.challenge.data, q_a.clnt_chal.data, sizeof(q_a.clnt_chal.data));
405 memcpy(vuser->dc.srv_cred .challenge.data, q_a.clnt_chal.data, sizeof(q_a.clnt_chal.data));
407 status = NT_STATUS_ACCESS_DENIED;
410 /* construct reply. */
411 if(!net_reply_auth_2(&q_a, rdata, &srv_cred, status))
418 /*************************************************************************
420 *************************************************************************/
422 static BOOL api_net_srv_pwset(pipes_struct *p)
424 uint16 vuid = p->vuid;
426 uint32 status = NT_STATUS_WRONG_PASSWORD;
429 SAM_ACCOUNT *sampass;
432 prs_struct *data = &p->in_data.data;
433 prs_struct *rdata = &p->out_data.rdata;
435 if ((vuser = get_valid_user_struct(vuid)) == NULL)
438 /* grab the challenge and encrypted password ... */
439 if(!net_io_q_srv_pwset("", &q_a, data, 0)) {
440 DEBUG(0,("api_net_srv_pwset: Failed to unmarshall NET_Q_SRV_PWSET.\n"));
444 /* checks and updates credentials. creates reply credentials */
445 if (deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
446 &(q_a.clnt_id.cred), &srv_cred))
448 memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
450 DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
452 pstrcpy(mach_acct, dos_unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
453 q_a.clnt_id.login.uni_acct_name.uni_str_len));
455 DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
458 sampass = pdb_getsampwnam(mach_acct);
461 if (sampass != NULL) {
462 unsigned char pwd[16];
465 DEBUG(100,("Server password set : new given value was :\n"));
466 for(i = 0; i < 16; i++)
467 DEBUG(100,("%02X ", q_a.pwd[i]));
470 cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
472 /* lies! nt and lm passwords are _not_ the same: don't care */
473 pdb_set_lanman_passwd (sampass, pwd);
474 pdb_set_nt_passwd (sampass, pwd);
475 pdb_set_acct_ctrl (sampass, ACB_WSTRUST);
478 ret = pdb_update_sam_account (sampass,False);
487 DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
490 /* lkclXXXX take a guess at a sensible error code to return... */
491 status = NT_STATUS_NETWORK_CREDENTIAL_CONFLICT;
494 /* Construct reply. */
495 if(!net_reply_srv_pwset(&q_a, rdata, &srv_cred, status))
502 /*************************************************************************
504 *************************************************************************/
506 static BOOL api_net_sam_logoff(pipes_struct *p)
508 uint16 vuid = p->vuid;
509 NET_Q_SAM_LOGOFF q_l;
512 prs_struct *data = &p->in_data.data;
513 prs_struct *rdata = &p->out_data.rdata;
517 if ((vuser = get_valid_user_struct(vuid)) == NULL)
520 /* the DOM_ID_INFO_1 structure is a bit big. plus we might want to
521 dynamically allocate it inside net_io_q_sam_logon, at some point */
522 q_l.sam_id.ctr = &ctr;
524 /* grab the challenge... */
525 if(!net_io_q_sam_logoff("", &q_l, data, 0)) {
526 DEBUG(0,("api_net_sam_logoff: Failed to unmarshall NET_Q_SAM_LOGOFF.\n"));
530 /* checks and updates credentials. creates reply credentials */
531 deal_with_creds(vuser->dc.sess_key, &vuser->dc.clnt_cred,
532 &q_l.sam_id.client.cred, &srv_cred);
533 memcpy(&vuser->dc.srv_cred, &vuser->dc.clnt_cred, sizeof(vuser->dc.clnt_cred));
535 /* construct reply. always indicate success */
536 if(!net_reply_sam_logoff(&q_l, rdata, &srv_cred, 0x0))
542 /*************************************************************************
543 net_login_interactive:
544 *************************************************************************/
546 static uint32 net_login_interactive(NET_ID_INFO_1 *id1, SAM_ACCOUNT *sampass,
553 unsigned char key[16];
556 memcpy(key, vuser->dc.sess_key, 8);
558 memcpy(lm_pwd, id1->lm_owf.data, 16);
559 memcpy(nt_pwd, id1->nt_owf.data, 16);
561 #ifdef DEBUG_PASSWORD
563 dump_data(100, (char *)key, 16);
565 DEBUG(100,("lm owf password:"));
566 dump_data(100, lm_pwd, 16);
568 DEBUG(100,("nt owf password:"));
569 dump_data(100, nt_pwd, 16);
572 SamOEMhash((uchar *)lm_pwd, key, False);
573 SamOEMhash((uchar *)nt_pwd, key, False);
575 #ifdef DEBUG_PASSWORD
576 DEBUG(100,("decrypt of lm owf password:"));
577 dump_data(100, lm_pwd, 16);
579 DEBUG(100,("decrypt of nt owf password:"));
580 dump_data(100, nt_pwd, 16);
583 if (memcmp(pdb_get_lanman_passwd(sampass) ,lm_pwd, 16) != 0 ||
584 memcmp(pdb_get_nt_passwd(sampass) ,nt_pwd, 16) != 0)
586 status = NT_STATUS_WRONG_PASSWORD;
592 /*************************************************************************
594 *************************************************************************/
596 static uint32 net_login_network(NET_ID_INFO_2 *id2, SAM_ACCOUNT *sampass)
598 BYTE *nt_pwd, *lanman_pwd;
600 DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
601 id2->hdr_lm_chal_resp.str_str_len,
602 id2->hdr_nt_chal_resp.str_str_len));
604 /* JRA. Check the NT password first if it exists - this is a higher quality
605 password, if it exists and it doesn't match - fail. */
607 nt_pwd = pdb_get_nt_passwd (sampass);
608 lanman_pwd = pdb_get_lanman_passwd (sampass);
609 if (id2->hdr_nt_chal_resp.str_str_len == 24 &&
612 if(smb_password_check((char *)id2->nt_chal_resp.buffer, nt_pwd,
616 return NT_STATUS_WRONG_PASSWORD;
619 /* lkclXXXX this is not a good place to put disabling of LM hashes in.
620 if that is to be done, first move this entire function into a
621 library routine that calls the two smb_password_check() functions.
622 if disabling LM hashes (which nt can do for security reasons) then
623 an attempt should be made to disable them everywhere (which nt does
624 not do, for various security-hole reasons).
627 if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
628 smb_password_check((char *)id2->lm_chal_resp.buffer,
629 lanman_pwd, id2->lm_chal))
635 /* oops! neither password check succeeded */
637 return NT_STATUS_WRONG_PASSWORD;
640 /*************************************************************************
642 *************************************************************************/
644 static BOOL api_net_sam_logon(pipes_struct *p)
646 uint16 vuid = p->vuid;
649 NET_USER_INFO_3 usr_info;
652 SAM_ACCOUNT *sampass = NULL;
654 UNISTR2 *uni_samlogon_user = NULL;
656 prs_struct *data = &p->in_data.data;
657 prs_struct *rdata = &p->out_data.rdata;
658 user_struct *vuser = NULL;
660 if ((vuser = get_valid_user_struct(vuid)) == NULL)
665 ZERO_STRUCT(usr_info);
667 q_l.sam_id.ctr = &ctr;
669 if(!net_io_q_sam_logon("", &q_l, data, 0)) {
670 DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n"));
674 /* checks and updates credentials. creates reply credentials */
675 if (!deal_with_creds(vuser->dc.sess_key, &vuser->dc.clnt_cred, &q_l.sam_id.client.cred, &srv_cred))
676 status = NT_STATUS_INVALID_HANDLE;
678 memcpy(&vuser->dc.srv_cred, &vuser->dc.clnt_cred, sizeof(vuser->dc.clnt_cred));
680 /* find the username */
683 switch (q_l.sam_id.logon_level) {
684 case INTERACTIVE_LOGON_TYPE:
685 uni_samlogon_user = &q_l.sam_id.ctr->auth.id1.uni_user_name;
687 DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
690 uni_samlogon_user = &q_l.sam_id.ctr->auth.id2.uni_user_name;
692 DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
695 DEBUG(2,("SAM Logon: unsupported switch value\n"));
696 status = NT_STATUS_INVALID_INFO_CLASS;
699 } /* end if status == 0 */
701 /* check username exists */
705 pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer,
706 uni_samlogon_user->uni_str_len));
708 DEBUG(3,("User:[%s]\n", nt_username));
711 * Convert to a UNIX username.
713 map_username(nt_username);
715 /* get the account information */
717 sampass = pdb_getsampwnam(nt_username);
720 acct_ctrl = pdb_get_acct_ctrl(sampass);
722 status = NT_STATUS_NO_SUCH_USER;
723 else if (acct_ctrl & ACB_PWNOTREQ)
725 else if (acct_ctrl & ACB_DISABLED)
726 status = NT_STATUS_ACCOUNT_DISABLED;
729 /* Validate password - if required. */
731 if ((status == 0) && !(acct_ctrl & ACB_PWNOTREQ)) {
732 switch (q_l.sam_id.logon_level) {
733 case INTERACTIVE_LOGON_TYPE:
734 /* interactive login. */
735 status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
739 /* network login. lm challenge and 24 byte responses */
740 status = net_login_network(&q_l.sam_id.ctr->auth.id2, sampass);
745 /* lkclXXXX this is the point at which, if the login was
746 successful, that the SAM Local Security Authority should
747 record that the user is logged in to the domain.
750 /* return the profile plus other bits :-) */
753 DOM_GID *gids = NULL;
756 pstring my_workgroup;
757 pstring domain_groups;
759 /* set up pointer indicating user/password failed to be found */
760 usr_info.ptr_user_info = 0;
762 /* XXXX hack to get standard_sub_basic() to use sam logon username */
763 /* possibly a better way would be to do a become_user() call */
766 * All this information should be filled in from the
769 sam_logon_in_ssb = True;
770 pstrcpy(samlogon_user, nt_username);
773 gid = pdb_get_gid(sampass);
775 pstrcpy(str, pdb_get_logon_script(sampass));
776 standard_sub_advanced(-1, nt_username, "", gid, str);
777 pdb_set_logon_script(sampass, str);
779 pstrcpy(str, pdb_get_profile_path(sampass));
780 standard_sub_advanced(-1, nt_username, "", gid, str);
781 pdb_set_profile_path(sampass, str);
783 pstrcpy(str, pdb_get_homedir(sampass));
784 standard_sub_advanced(-1, nt_username, "", gid, str);
785 pdb_set_homedir(sampass, str);
787 fstrcpy(full_name, "<Full Name>");
788 if (lp_unix_realname())
789 fstrcpy(full_name, pdb_get_fullname(sampass));
792 pstrcpy(my_workgroup, lp_workgroup());
793 pstrcpy(my_name, global_myname);
798 * This is the point at which we get the group
799 * database - we should be getting the gid_t list
800 * from /etc/group and then turning the uids into
801 * rids and then into machine sids for this user.
805 get_domain_user_groups(domain_groups, nt_username);
808 * make_dom_gids allocates the gids array. JRA.
811 num_gids = make_dom_gids(domain_groups, &gids);
813 sam_logon_in_ssb = False;
816 * This next call is where the 'domain admin users' parameter
817 * gets mapped. I'm leaving it out for now. The user and group rid
818 * has already been mapped into the SAM_ACCOUNT struct. I don't
819 * think this should be overridden here. The correct solution
820 * is proper group memberships and mapping. --jerry
823 if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
825 init_net_user_info3(&usr_info, sampass,
827 0, /* bad_pw_count */
828 num_gids, /* uint32 num_groups */
829 gids , /* DOM_GID *gids */
830 0x20 , /* uint32 user_flgs (?) */
831 NULL, /* char sess_key[16] */
832 my_name , /* char *logon_srv */
833 my_workgroup, /* char *logon_dom */
834 &global_sam_sid, /* DOM_SID *dom_sid */
835 NULL); /* char *other_sids */
839 status = NT_STATUS_NO_SUCH_USER;
842 /* Free any allocated groups array. */
847 if(!net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status)) {
848 free_user_info3(&usr_info);
852 free_user_info3(&usr_info);
858 /*************************************************************************
859 api_net_trust_dom_list:
860 *************************************************************************/
862 static BOOL api_net_trust_dom_list(pipes_struct *p)
864 NET_Q_TRUST_DOM_LIST q_t;
865 prs_struct *data = &p->in_data.data;
866 prs_struct *rdata = &p->out_data.rdata;
868 char *trusted_domain = "test_domain";
870 DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__));
872 /* grab the lsa trusted domain list query... */
873 if(!net_io_q_trust_dom("", &q_t, data, 0)) {
874 DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n"));
878 /* construct reply. */
879 if(!net_reply_trust_dom_list(&q_t, rdata, 1, trusted_domain))
882 DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__));
888 /*************************************************************************
889 error messages cropping up when using nltest.exe...
890 *************************************************************************/
891 #define ERROR_NO_SUCH_DOMAIN 0x54b
892 #define ERROR_NO_LOGON_SERVERS 0x51f
894 /*************************************************************************
896 *************************************************************************/
898 static BOOL api_net_logon_ctrl2(pipes_struct *p)
900 NET_Q_LOGON_CTRL2 q_l;
901 prs_struct *data = &p->in_data.data;
902 prs_struct *rdata = &p->out_data.rdata;
904 /* lkclXXXX - guess what - absolutely no idea what these are! */
906 uint32 pdc_connection_status = 0x0;
907 uint32 logon_attempts = 0x0;
908 uint32 tc_status = ERROR_NO_LOGON_SERVERS;
909 char *trusted_domain = "test_domain";
911 DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
913 /* grab the lsa netlogon ctrl2 query... */
914 if(!net_io_q_logon_ctrl2("", &q_l, data, 0)) {
915 DEBUG(0,("api_net_logon_ctrl2: Failed to unmarshall NET_Q_LOGON_CTRL2.\n"));
919 /* construct reply. */
920 if(!net_reply_logon_ctrl2(&q_l, rdata,
921 flags, pdc_connection_status, logon_attempts,
922 tc_status, trusted_domain))
925 DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
930 /*******************************************************************
931 array of \PIPE\NETLOGON operations
932 ********************************************************************/
933 static struct api_struct api_net_cmds [] =
935 { "NET_REQCHAL" , NET_REQCHAL , api_net_req_chal },
936 { "NET_AUTH2" , NET_AUTH2 , api_net_auth_2 },
937 { "NET_SRVPWSET" , NET_SRVPWSET , api_net_srv_pwset },
938 { "NET_SAMLOGON" , NET_SAMLOGON , api_net_sam_logon },
939 { "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff },
940 { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 },
941 { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list },
945 /*******************************************************************
946 receives a netlogon pipe and responds.
947 ********************************************************************/
949 BOOL api_netlog_rpc(pipes_struct *p)
951 return api_rpcTNP(p, "api_netlog_rpc", api_net_cmds);
git.samba.org / mimir / samba.git / blob