2 Unix SMB/CIFS implementation.
4 endpoint server for the netlogon pipe
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "librpc/gen_ndr/ndr_netlogon.h"
25 #include "rpc_server/common/common.h"
26 #include "librpc/gen_ndr/ndr_dcom.h"
27 #include "auth/auth.h"
29 struct server_pipe_state {
30 struct netr_Credential client_challenge;
31 struct netr_Credential server_challenge;
34 char *computer_name; /* for logging only */
36 uint16_t sec_chan_type;
37 struct creds_CredentialState *creds;
42 a client has connected to the netlogon server using schannel, so we need
43 to re-establish the credentials state
45 static NTSTATUS netlogon_schannel_setup(struct dcesrv_call_state *dce_call)
47 struct server_pipe_state *state;
50 state = talloc_p(dce_call->conn, struct server_pipe_state);
52 return NT_STATUS_NO_MEMORY;
55 state->authenticated = True;
57 if (dce_call->conn->auth_state.session_info == NULL) {
59 smb_panic("No session info provided by schannel level setup!");
60 return NT_STATUS_NO_USER_SESSION_KEY;
63 status = dcerpc_schannel_creds(dce_call->conn->auth_state.gensec_security,
67 if (!NT_STATUS_IS_OK(status)) {
68 DEBUG(3, ("getting schannel credentials failed with %s\n", nt_errstr(status)));
73 dce_call->conn->private = state;
79 a hook for bind on the netlogon pipe
81 static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di)
83 dce_call->conn->private = NULL;
85 /* if this is a schannel bind then we need to reconstruct the pipe state */
86 if (dce_call->conn->auth_state.auth_info &&
87 dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
90 DEBUG(5, ("schannel bind on netlogon\n"));
92 status = netlogon_schannel_setup(dce_call);
93 if (!NT_STATUS_IS_OK(status)) {
94 DEBUG(3, ("schannel bind on netlogon failed with %s\n", nt_errstr(status)));
102 /* this function is called when the client disconnects the endpoint */
103 static void netlogon_unbind(struct dcesrv_connection *conn, const struct dcesrv_interface *di)
105 struct server_pipe_state *pipe_state = conn->private;
108 talloc_free(pipe_state);
111 conn->private = NULL;
114 #define DCESRV_INTERFACE_NETLOGON_BIND netlogon_bind
115 #define DCESRV_INTERFACE_NETLOGON_UNBIND netlogon_unbind
117 static NTSTATUS netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
118 struct netr_ServerReqChallenge *r)
120 struct server_pipe_state *pipe_state = dce_call->conn->private;
122 ZERO_STRUCTP(r->out.credentials);
124 /* destroyed on pipe shutdown */
127 talloc_free(pipe_state);
128 dce_call->conn->private = NULL;
131 pipe_state = talloc_p(dce_call->conn, struct server_pipe_state);
133 return NT_STATUS_NO_MEMORY;
136 pipe_state->authenticated = False;
137 pipe_state->creds = NULL;
138 pipe_state->account_name = NULL;
139 pipe_state->computer_name = NULL;
141 pipe_state->client_challenge = *r->in.credentials;
143 generate_random_buffer(pipe_state->server_challenge.data,
144 sizeof(pipe_state->server_challenge.data));
146 *r->out.credentials = pipe_state->server_challenge;
148 dce_call->conn->private = pipe_state;
153 static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
154 struct netr_ServerAuthenticate3 *r)
156 struct server_pipe_state *pipe_state = dce_call->conn->private;
158 struct samr_Password *mach_pwd;
161 struct ldb_message **msgs;
163 const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl",
166 ZERO_STRUCTP(r->out.credentials);
168 *r->out.negotiate_flags = *r->in.negotiate_flags;
171 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
172 return NT_STATUS_ACCESS_DENIED;
175 sam_ctx = samdb_connect(mem_ctx);
176 if (sam_ctx == NULL) {
177 return NT_STATUS_INVALID_SYSTEM_SERVICE;
179 /* pull the user attributes */
180 num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
181 "(&(sAMAccountName=%s)(objectclass=user))",
184 if (num_records == 0) {
185 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
186 r->in.account_name));
187 return NT_STATUS_NO_SUCH_USER;
190 if (num_records > 1) {
191 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
192 return NT_STATUS_INTERNAL_DB_CORRUPTION;
195 acct_flags = samdb_result_acct_flags(msgs[0],
196 "userAccountControl");
198 if (acct_flags & ACB_DISABLED) {
199 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
200 return NT_STATUS_ACCESS_DENIED;
203 if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
204 if (!(acct_flags & ACB_WSTRUST)) {
205 DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", acct_flags));
206 return NT_STATUS_ACCESS_DENIED;
208 } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
209 if (!(acct_flags & ACB_DOMTRUST)) {
210 DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", acct_flags));
211 return NT_STATUS_ACCESS_DENIED;
213 } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
214 if (!(acct_flags & ACB_SVRTRUST)) {
215 DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", acct_flags));
216 return NT_STATUS_ACCESS_DENIED;
219 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
220 r->in.secure_channel_type));
221 return NT_STATUS_ACCESS_DENIED;
224 pipe_state->acct_flags = acct_flags;
225 pipe_state->sec_chan_type = r->in.secure_channel_type;
227 *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0);
229 nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
230 if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
231 return NT_STATUS_ACCESS_DENIED;
234 if (!pipe_state->creds) {
235 pipe_state->creds = talloc_p(pipe_state, struct creds_CredentialState);
236 if (!pipe_state->creds) {
237 return NT_STATUS_NO_MEMORY;
241 creds_server_init(pipe_state->creds, &pipe_state->client_challenge,
242 &pipe_state->server_challenge, mach_pwd,
244 *r->in.negotiate_flags);
246 if (!creds_server_check(pipe_state->creds, r->in.credentials)) {
247 return NT_STATUS_ACCESS_DENIED;
250 pipe_state->authenticated = True;
252 if (pipe_state->account_name) {
253 /* We don't want a memory leak on this long-lived talloc context */
254 talloc_free(pipe_state->account_name);
257 pipe_state->account_name = talloc_strdup(pipe_state, r->in.account_name);
259 if (pipe_state->computer_name) {
260 /* We don't want a memory leak on this long-lived talloc context */
261 talloc_free(pipe_state->account_name);
264 pipe_state->computer_name = talloc_strdup(pipe_state, r->in.computer_name);
266 /* remember this session key state */
267 nt_status = schannel_store_session_key(mem_ctx, pipe_state->computer_name, pipe_state->creds);
272 static NTSTATUS netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
273 struct netr_ServerAuthenticate *r)
275 struct netr_ServerAuthenticate3 r3;
278 * negotiate_flags is used as an [in] parameter
279 * so it need to be initialised.
281 * (I think ... = 0; seems wrong here --metze)
283 uint32 negotiate_flags = 0;
285 r3.in.server_name = r->in.server_name;
286 r3.in.account_name = r->in.account_name;
287 r3.in.secure_channel_type = r->in.secure_channel_type;
288 r3.in.computer_name = r->in.computer_name;
289 r3.in.credentials = r->in.credentials;
290 r3.out.credentials = r->out.credentials;
291 r3.in.negotiate_flags = &negotiate_flags;
292 r3.out.negotiate_flags = &negotiate_flags;
295 return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
298 static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
299 struct netr_ServerAuthenticate2 *r)
301 struct netr_ServerAuthenticate3 r3;
304 r3.in.server_name = r->in.server_name;
305 r3.in.account_name = r->in.account_name;
306 r3.in.secure_channel_type = r->in.secure_channel_type;
307 r3.in.computer_name = r->in.computer_name;
308 r3.in.credentials = r->in.credentials;
309 r3.out.credentials = r->out.credentials;
310 r3.in.negotiate_flags = r->in.negotiate_flags;
311 r3.out.negotiate_flags = r->out.negotiate_flags;
314 return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
318 static BOOL netr_creds_server_step_check(struct server_pipe_state *pipe_state,
319 struct netr_Authenticator *received_authenticator,
320 struct netr_Authenticator *return_authenticator)
322 if (!pipe_state->authenticated) {
325 return creds_server_step_check(pipe_state->creds,
326 received_authenticator,
327 return_authenticator);
331 static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
332 struct netr_ServerPasswordSet *r)
334 struct server_pipe_state *pipe_state = dce_call->conn->private;
338 int num_records_domain;
340 struct ldb_message **msgs;
341 struct ldb_message **msgs_domain;
343 struct ldb_message mod, *msg_set_pw = &mod;
344 const char *domain_dn;
345 const char *domain_sid;
347 const char *attrs[] = {"objectSid", NULL };
349 const char **domain_attrs = attrs;
353 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
354 return NT_STATUS_ACCESS_DENIED;
357 if (!netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator)) {
358 return NT_STATUS_ACCESS_DENIED;
361 sam_ctx = samdb_connect(mem_ctx);
362 if (sam_ctx == NULL) {
363 return NT_STATUS_INVALID_SYSTEM_SERVICE;
365 /* pull the user attributes */
366 num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
367 "(&(sAMAccountName=%s)(objectclass=user))",
368 pipe_state->account_name);
370 if (num_records == 0) {
371 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
372 pipe_state->account_name));
373 return NT_STATUS_NO_SUCH_USER;
376 if (num_records > 1) {
377 DEBUG(0,("Found %d records matching user [%s]\n", num_records,
378 pipe_state->account_name));
379 return NT_STATUS_INTERNAL_DB_CORRUPTION;
382 domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
384 DEBUG(0,("no objectSid in user record\n"));
385 return NT_STATUS_INTERNAL_DB_CORRUPTION;
388 /* find the domain's DN */
389 num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL,
390 &msgs_domain, domain_attrs,
391 "(&(objectSid=%s)(objectclass=domain))",
394 if (num_records_domain == 0) {
395 DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
397 return NT_STATUS_NO_SUCH_USER;
400 if (num_records_domain > 1) {
401 DEBUG(0,("Found %d records matching domain [%s]\n",
402 num_records_domain, domain_sid));
403 return NT_STATUS_INTERNAL_DB_CORRUPTION;
406 domain_dn = msgs_domain[0]->dn;
408 mod.dn = talloc_strdup(mem_ctx, msgs[0]->dn);
410 return NT_STATUS_NO_MEMORY;
413 creds_des_decrypt(pipe_state->creds, &r->in.new_password);
415 /* set the password - samdb needs to know both the domain and user DNs,
416 so the domain password policy can be used */
417 nt_status = samdb_set_password(sam_ctx, mem_ctx,
418 msgs[0]->dn, domain_dn,
420 NULL, /* Don't have plaintext */
421 NULL, &r->in.new_password,
422 False /* This is not considered a password change */,
425 if (!NT_STATUS_IS_OK(nt_status)) {
429 ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
431 /* we really need samdb.c to return NTSTATUS */
432 return NT_STATUS_UNSUCCESSFUL;
442 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
443 struct netr_LogonUasLogon *r)
445 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
452 static WERROR netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
453 struct netr_LogonUasLogoff *r)
455 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
460 netr_LogonSamLogonWithFlags
463 static NTSTATUS netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
464 struct netr_LogonSamLogonWithFlags *r)
466 struct server_pipe_state *pipe_state = dce_call->conn->private;
468 struct auth_context *auth_context;
469 struct auth_usersupplied_info *user_info;
470 struct auth_serversupplied_info *server_info;
473 static const char zeros[16];
474 struct netr_SamBaseInfo *sam;
475 struct netr_SamInfo2 *sam2;
476 struct netr_SamInfo3 *sam3;
477 struct netr_SamInfo6 *sam6;
480 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
481 return NT_STATUS_ACCESS_DENIED;
484 r->out.return_authenticator = talloc_p(mem_ctx, struct netr_Authenticator);
485 if (!r->out.return_authenticator) {
486 return NT_STATUS_NO_MEMORY;
489 if (!netr_creds_server_step_check(pipe_state, r->in.credential, r->out.return_authenticator)) {
490 return NT_STATUS_ACCESS_DENIED;
493 switch (r->in.logon_level) {
497 creds_arcfour_crypt(pipe_state->creds,
498 r->in.logon.password->lmpassword.hash,
499 sizeof(r->in.logon.password->lmpassword.hash));
500 creds_arcfour_crypt(pipe_state->creds,
501 r->in.logon.password->ntpassword.hash,
502 sizeof(r->in.logon.password->ntpassword.hash));
504 nt_status = make_auth_context_subsystem(pipe_state, &auth_context);
505 if (!NT_STATUS_IS_OK(nt_status)) {
509 chal = auth_context->get_ntlm_challenge(auth_context);
510 nt_status = make_user_info_netlogon_interactive(auth_context,
512 r->in.logon.password->identity_info.account_name.string,
513 r->in.logon.password->identity_info.domain_name.string,
514 r->in.logon.password->identity_info.workstation.string,
516 &r->in.logon.password->lmpassword,
517 &r->in.logon.password->ntpassword);
522 nt_status = make_auth_context_fixed(pipe_state,
523 &auth_context, r->in.logon.network->challenge);
524 if (!NT_STATUS_IS_OK(nt_status)) {
528 nt_status = make_user_info_netlogon_network(auth_context,
530 r->in.logon.network->identity_info.account_name.string,
531 r->in.logon.network->identity_info.domain_name.string,
532 r->in.logon.network->identity_info.workstation.string,
533 r->in.logon.network->lm.data, r->in.logon.network->lm.length,
534 r->in.logon.network->nt.data, r->in.logon.network->nt.length);
537 free_auth_context(&auth_context);
538 return NT_STATUS_INVALID_PARAMETER;
541 if (!NT_STATUS_IS_OK(nt_status)) {
545 nt_status = auth_context->check_ntlm_password(auth_context,
550 if (!NT_STATUS_IS_OK(nt_status)) {
551 free_auth_context(&auth_context);
554 free_auth_context(&auth_context);
556 sam = talloc_p(mem_ctx, struct netr_SamBaseInfo);
560 sam->last_logon = server_info->last_logon;
561 sam->last_logoff = server_info->last_logoff;
562 sam->acct_expiry = server_info->acct_expiry;
563 sam->last_password_change = server_info->last_password_change;
564 sam->allow_password_change = server_info->allow_password_change;
565 sam->force_password_change = server_info->force_password_change;
567 sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
568 sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
569 sam->logon_script.string = talloc_strdup(mem_ctx, server_info->logon_script);
570 sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
571 sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
572 sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
574 sam->logon_count = server_info->logon_count;
575 sam->bad_password_count = sam->bad_password_count;
576 sam->rid = server_info->user_sid->sub_auths[server_info->user_sid->num_auths-1];
577 sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
578 sam->group_count = 0;
579 sam->groupids = NULL;
580 sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
581 sam->acct_flags = server_info->acct_flags;
582 sam->logon_server.string = lp_netbios_name();
584 sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
586 sam->domain_sid = dom_sid_dup(mem_ctx, server_info->user_sid);
587 sam->domain_sid->num_auths--;
589 if (server_info->user_session_key.length == sizeof(sam->key.key)) {
590 memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
592 ZERO_STRUCT(sam->key.key);
595 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
596 /* It appears that level 6 is not individually encrypted */
597 if ((r->in.validation_level != 6)
598 && memcmp(sam->key.key, zeros,
599 sizeof(sam->key.key)) != 0) {
600 creds_arcfour_crypt(pipe_state->creds,
602 sizeof(sam->key.key));
605 if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
606 memcpy(sam->LMSessKey.key, server_info->lm_session_key.data,
607 sizeof(sam->LMSessKey.key));
609 ZERO_STRUCT(sam->LMSessKey.key);
612 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
613 /* It appears that level 6 is not individually encrypted */
614 if ((r->in.validation_level != 6)
615 && memcmp(sam->LMSessKey.key, zeros,
616 sizeof(sam->LMSessKey.key)) != 0) {
617 creds_arcfour_crypt(pipe_state->creds,
619 sizeof(sam->LMSessKey.key));
622 switch (r->in.validation_level) {
624 sam2 = talloc_p(mem_ctx, struct netr_SamInfo2);
627 r->out.validation.sam2 = sam2;
631 sam3 = talloc_p(mem_ctx, struct netr_SamInfo3);
634 r->out.validation.sam3 = sam3;
638 sam6 = talloc_p(mem_ctx, struct netr_SamInfo6);
641 sam6->forest.string = lp_realm();
642 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
643 sam->account_name.string, sam6->forest.string);
644 r->out.validation.sam6 = sam6;
651 r->out.authoritative = 1;
659 static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
660 struct netr_LogonSamLogon *r)
662 struct netr_LogonSamLogonWithFlags r2;
667 r2.in.server_name = r->in.server_name;
668 r2.in.workstation = r->in.workstation;
669 r2.in.credential = r->in.credential;
670 r2.in.return_authenticator = r->in.return_authenticator;
671 r2.in.logon_level = r->in.logon_level;
672 r2.in.logon = r->in.logon;
673 r2.in.validation_level = r->in.validation_level;
676 status = netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
678 r->out.return_authenticator = r2.out.return_authenticator;
679 r->out.validation = r2.out.validation;
680 r->out.authoritative = r2.out.authoritative;
689 static NTSTATUS netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
690 struct netr_LogonSamLogoff *r)
692 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
700 static NTSTATUS netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
701 struct netr_DatabaseDeltas *r)
703 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
710 static NTSTATUS netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
711 struct netr_DatabaseSync *r)
713 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
720 static NTSTATUS netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
721 struct netr_AccountDeltas *r)
723 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
730 static NTSTATUS netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
731 struct netr_AccountSync *r)
733 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
740 static NTSTATUS netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
741 struct netr_GetDcName *r)
743 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
750 static WERROR netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
751 struct netr_LogonControl *r)
753 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
760 static WERROR netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
761 struct netr_GetAnyDCName *r)
763 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
770 static WERROR netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
771 struct netr_LogonControl2 *r)
773 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
780 static NTSTATUS netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
781 struct netr_DatabaseSync2 *r)
783 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
790 static NTSTATUS netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
791 struct netr_DatabaseRedo *r)
793 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
800 static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
801 struct netr_LogonControl2Ex *r)
803 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
808 netr_NETRENUMERATETRUSTEDDOMAINS
810 static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
811 struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
813 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
820 static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
821 struct netr_DSRGETDCNAME *r)
823 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
828 netr_NETRLOGONDUMMYROUTINE1
830 static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
831 struct netr_NETRLOGONDUMMYROUTINE1 *r)
833 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
838 netr_NETRLOGONSETSERVICEBITS
840 static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
841 struct netr_NETRLOGONSETSERVICEBITS *r)
843 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
848 netr_NETRLOGONGETTRUSTRID
850 static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
851 struct netr_NETRLOGONGETTRUSTRID *r)
853 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
858 netr_NETRLOGONCOMPUTESERVERDIGEST
860 static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
861 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
863 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
868 netr_NETRLOGONCOMPUTECLIENTDIGEST
870 static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
871 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
873 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
880 static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
881 struct netr_DSRGETDCNAMEX *r)
883 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
890 static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
891 struct netr_DSRGETSITENAME *r)
893 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
898 fill in a netr_DomainTrustInfo from a ldb search result
900 static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res,
901 struct netr_DomainTrustInfo *info)
905 info->domainname.string = samdb_result_string(res, "flatName", NULL);
906 if (info->domainname.string == NULL) {
907 info->domainname.string = samdb_result_string(res, "name", NULL);
908 info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL);
910 info->fulldomainname.string = samdb_result_string(res, "name", NULL);
913 /* TODO: we need proper forest support */
914 info->forest.string = info->fulldomainname.string;
916 info->guid = samdb_result_guid(res, "objectGUID");
917 info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
923 netr_LogonGetDomainInfo
924 this is called as part of the ADS domain logon procedure.
926 static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
927 struct netr_LogonGetDomainInfo *r)
929 struct server_pipe_state *pipe_state = dce_call->conn->private;
930 const char * const attrs[] = { "name", "dnsDomain", "objectSid",
931 "objectGUID", "flatName", NULL };
933 struct ldb_message **res1, **res2;
934 struct netr_DomainInfo1 *info1;
939 return NT_STATUS_ACCESS_DENIED;
942 if (!netr_creds_server_step_check(pipe_state,
943 r->in.credential, r->out.credential)) {
944 return NT_STATUS_ACCESS_DENIED;
947 sam_ctx = samdb_connect(mem_ctx);
948 if (sam_ctx == NULL) {
949 return NT_STATUS_INVALID_SYSTEM_SERVICE;
952 /* we need to do two searches. The first will pull our primary
953 domain and the second will pull any trusted domains. Our
954 primary domain is also a "trusted" domain, so we need to
955 put the primary domain into the lists of returned trusts as
957 ret1 = samdb_search(sam_ctx, mem_ctx, NULL, &res1, attrs, "(objectClass=domainDNS)");
959 return NT_STATUS_INTERNAL_DB_CORRUPTION;
962 ret2 = samdb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
964 return NT_STATUS_INTERNAL_DB_CORRUPTION;
967 info1 = talloc_p(mem_ctx, struct netr_DomainInfo1);
969 return NT_STATUS_NO_MEMORY;
974 info1->num_trusts = ret2 + 1;
975 info1->trusts = talloc_array_p(mem_ctx, struct netr_DomainTrustInfo,
977 if (info1->trusts == NULL) {
978 return NT_STATUS_NO_MEMORY;
981 status = fill_domain_trust_info(mem_ctx, res1[0], &info1->domaininfo);
982 if (!NT_STATUS_IS_OK(status)) {
986 status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[0]);
987 if (!NT_STATUS_IS_OK(status)) {
991 for (i=0;i<ret2;i++) {
992 status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i+1]);
993 if (!NT_STATUS_IS_OK(status)) {
998 r->out.info.info1 = info1;
1000 return NT_STATUS_OK;
1005 netr_NETRSERVERPASSWORDSET2
1007 static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1008 struct netr_NETRSERVERPASSWORDSET2 *r)
1010 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1015 netr_NETRSERVERPASSWORDGET
1017 static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1018 struct netr_NETRSERVERPASSWORDGET *r)
1020 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1025 netr_NETRLOGONSENDTOSAM
1027 static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1028 struct netr_NETRLOGONSENDTOSAM *r)
1030 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1035 netr_DSRADDRESSTOSITENAMESW
1037 static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1038 struct netr_DSRADDRESSTOSITENAMESW *r)
1040 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1045 netr_DSRGETDCNAMEEX2
1047 static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1048 struct netr_DSRGETDCNAMEEX2 *r)
1050 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1055 netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
1057 static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1058 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1060 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1065 netr_NETRENUMERATETRUSTEDDOMAINSEX
1067 static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1068 struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
1070 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1075 netr_DSRADDRESSTOSITENAMESEXW
1077 static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1078 struct netr_DSRADDRESSTOSITENAMESEXW *r)
1080 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1085 netr_DSRGETDCSITECOVERAGEW
1087 static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1088 struct netr_DSRGETDCSITECOVERAGEW *r)
1090 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1095 netr_NETRLOGONSAMLOGONEX
1097 static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1098 struct netr_NETRLOGONSAMLOGONEX *r)
1100 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1105 netr_DsrEnumerateDomainTrusts
1107 static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1108 struct netr_DsrEnumerateDomainTrusts *r)
1110 struct netr_DomainTrust *trusts;
1113 struct ldb_message **res;
1114 const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL };
1116 ZERO_STRUCT(r->out);
1118 sam_ctx = samdb_connect(mem_ctx);
1119 if (sam_ctx == NULL) {
1120 return WERR_GENERAL_FAILURE;
1123 ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
1125 return WERR_GENERAL_FAILURE;
1132 trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret);
1133 if (trusts == NULL) {
1138 r->out.trusts = trusts;
1140 /* TODO: add filtering by trust_flags, and correct trust_type
1142 for (i=0;i<ret;i++) {
1143 trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL);
1144 trusts[i].dns_name = samdb_result_string(res[i], "dnsDomain", NULL);
1145 trusts[i].trust_flags =
1146 NETR_TRUST_FLAG_TREEROOT |
1147 NETR_TRUST_FLAG_IN_FOREST |
1148 NETR_TRUST_FLAG_PRIMARY;
1149 trusts[i].parent_index = 0;
1150 trusts[i].trust_type = 2;
1151 trusts[i].trust_attributes = 0;
1152 trusts[i].sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
1153 trusts[i].guid = samdb_result_guid(res[i], "objectGUID");
1162 netr_DSRDEREGISTERDNSHOSTRECORDS
1164 static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1165 struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
1167 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1172 netr_NETRSERVERTRUSTPASSWORDSGET
1174 static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1175 struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
1177 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1182 netr_DSRGETFORESTTRUSTINFORMATION
1184 static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1185 struct netr_DSRGETFORESTTRUSTINFORMATION *r)
1187 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1192 netr_NETRGETFORESTTRUSTINFORMATION
1194 static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1195 struct netr_NETRGETFORESTTRUSTINFORMATION *r)
1197 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1202 netr_NETRSERVERGETTRUSTINFO
1204 static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1205 struct netr_NETRSERVERGETTRUSTINFO *r)
1207 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1211 /* include the generated boilerplate */
1212 #include "librpc/gen_ndr/ndr_netlogon_s.c"