source4/rpc_server/netlogon/dcerpc_netlogon.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    endpoint server for the netlogon pipe
   5
   6    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24 #include "rpc_server/common/common.h"
  25
  26 struct server_pipe_state {
  27         TALLOC_CTX *mem_ctx;
  28         struct netr_Credential client_challenge;
  29         struct netr_Credential server_challenge;
  30         BOOL authenticated;
  31         char *account_name;
  32         char *computer_name;  /* for logging only */
  33         uint32_t acct_flags;
  34         uint16_t sec_chan_type;
  35         struct creds_CredentialState *creds;
  36 };
  37
  38 static NTSTATUS netlogon_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *di)
  39 {
  40         dce_call->conn->private = NULL;
  41
  42         return NT_STATUS_OK;
  43 }
  44
  45 /* this function is called when the client disconnects the endpoint */
  46 static void netlogon_unbind(struct dcesrv_connection *conn, const struct dcesrv_interface *di)
  47 {
  48         struct server_pipe_state *pipe_state = conn->private;
  49
  50         if (pipe_state) {
  51                 talloc_destroy(pipe_state->mem_ctx);
  52         }
  53
  54         conn->private = NULL;
  55 }
  56
  57 #define DCESRV_INTERFACE_NETLOGON_BIND netlogon_bind
  58 #define DCESRV_INTERFACE_NETLOGON_UNBIND netlogon_unbind
  59
  60 static NTSTATUS netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
  61                                         struct netr_ServerReqChallenge *r)
  62 {
  63         struct server_pipe_state *pipe_state = dce_call->conn->private;
  64         TALLOC_CTX *pipe_mem_ctx;
  65
  66         ZERO_STRUCTP(r->out.credentials);
  67
  68         /* destroyed on pipe shutdown */
  69
  70         if (pipe_state) {
  71                 talloc_destroy(pipe_state->mem_ctx);
  72                 dce_call->conn->private = NULL;
  73         }
  74
  75         pipe_mem_ctx = talloc_init("internal netlogon pipe state for %s",
  76                                    r->in.computer_name);
  77
  78         if (!pipe_mem_ctx) {
  79                 return NT_STATUS_NO_MEMORY;
  80         }
  81
  82         pipe_state = talloc_p(pipe_mem_ctx, struct server_pipe_state);
  83         if (!pipe_state) {
  84                 talloc_destroy(pipe_mem_ctx);
  85                 return NT_STATUS_NO_MEMORY;
  86         }
  87
  88         pipe_state->mem_ctx = pipe_mem_ctx;
  89         pipe_state->authenticated = False;
  90         pipe_state->creds = NULL;
  91         pipe_state->account_name = NULL;
  92         pipe_state->computer_name = NULL;
  93
  94         pipe_state->client_challenge = *r->in.credentials;
  95
  96         generate_random_buffer(pipe_state->server_challenge.data,
  97                                sizeof(pipe_state->server_challenge.data),
  98                                False);
  99
 100         *r->out.credentials = pipe_state->server_challenge;
 101
 102         dce_call->conn->private = pipe_state;
 103
 104         return NT_STATUS_OK;
 105 }
 106
 107 static NTSTATUS netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 108                                          struct netr_ServerAuthenticate3 *r)
 109 {
 110         struct server_pipe_state *pipe_state = dce_call->conn->private;
 111         void *sam_ctx;
 112         struct samr_Password *mach_pwd;
 113         uint16_t acct_flags;
 114         int num_records;
 115         struct ldb_message **msgs;
 116         NTSTATUS nt_status;
 117         const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", "userAccountControl",
 118                                "objectSid", NULL};
 119
 120         ZERO_STRUCTP(r->out.credentials);
 121         *r->out.rid = 0;
 122         *r->out.negotiate_flags = *r->in.negotiate_flags;
 123
 124         if (!pipe_state) {
 125                 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
 126                 return NT_STATUS_ACCESS_DENIED;
 127         }
 128
 129         sam_ctx = samdb_connect();
 130         if (sam_ctx == NULL) {
 131                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
 132         }
 133         /* pull the user attributes */
 134         num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 135                                    "(&(sAMAccountName=%s)(objectclass=user))",
 136                                    r->in.account_name);
 137
 138         if (num_records == 0) {
 139                 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
 140                          r->in.account_name));
 141                 samdb_close(sam_ctx);
 142                 return NT_STATUS_NO_SUCH_USER;
 143         }
 144
 145         if (num_records > 1) {
 146                 DEBUG(1,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
 147                 samdb_close(sam_ctx);
 148                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 149         }
 150
 151         acct_flags = samdb_result_acct_flags(msgs[0],
 152                                              "userAccountControl");
 153
 154         if (acct_flags & ACB_DISABLED) {
 155                 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
 156                 return NT_STATUS_ACCESS_DENIED;
 157         }
 158
 159         if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
 160                 if (!(acct_flags & ACB_WSTRUST)) {
 161                         DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", acct_flags));
 162                         return NT_STATUS_ACCESS_DENIED;
 163                 }
 164         } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
 165                 if (!(acct_flags & ACB_DOMTRUST)) {
 166                         DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", acct_flags));
 167                         return NT_STATUS_ACCESS_DENIED;
 168                 }
 169         } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
 170                 if (!(acct_flags & ACB_SVRTRUST)) {
 171                         DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", acct_flags));
 172                         return NT_STATUS_ACCESS_DENIED;
 173                 }
 174         } else {
 175                 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
 176                           r->in.secure_channel_type));
 177                 return NT_STATUS_ACCESS_DENIED;
 178         }
 179
 180         pipe_state->acct_flags = acct_flags;
 181         pipe_state->sec_chan_type = r->in.secure_channel_type;
 182
 183         *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0], "objectSid", 0);
 184
 185         nt_status = samdb_result_passwords(mem_ctx, msgs[0], NULL, &mach_pwd);
 186         if (!NT_STATUS_IS_OK(nt_status) || mach_pwd == NULL) {
 187                 samdb_close(sam_ctx);
 188                 return NT_STATUS_ACCESS_DENIED;
 189         }
 190
 191         samdb_close(sam_ctx);
 192
 193         if (!pipe_state->creds) {
 194                 pipe_state->creds = talloc_p(pipe_state->mem_ctx, struct creds_CredentialState);
 195                 if (!pipe_state->creds) {
 196                         return NT_STATUS_NO_MEMORY;
 197                 }
 198         }
 199
 200         creds_server_init(pipe_state->creds, &pipe_state->client_challenge,
 201                           &pipe_state->server_challenge, mach_pwd,
 202                           r->out.credentials,
 203                           *r->in.negotiate_flags);
 204
 205         if (!creds_server_check(pipe_state->creds, r->in.credentials)) {
 206                 return NT_STATUS_ACCESS_DENIED;
 207         }
 208
 209         pipe_state->authenticated = True;
 210
 211         if (pipe_state->account_name) {
 212                 /* We don't want a memory leak on this long-lived talloc context */
 213                 talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
 214         }
 215
 216         pipe_state->account_name = talloc_strdup(pipe_state->mem_ctx, r->in.account_name);
 217
 218         if (pipe_state->computer_name) {
 219                 /* We don't want a memory leak on this long-lived talloc context */
 220                 talloc_free(pipe_state->mem_ctx, pipe_state->account_name);
 221         }
 222
 223         pipe_state->computer_name = talloc_strdup(pipe_state->mem_ctx, r->in.computer_name);
 224
 225         /* remember this session key state */
 226         nt_status = schannel_store_session_key(mem_ctx, pipe_state->computer_name, pipe_state->creds);
 227
 228         return nt_status;
 229 }
 230
 231
 232 static NTSTATUS netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 233                                         struct netr_ServerAuthenticate *r)
 234 {
 235         struct netr_ServerAuthenticate3 r3;
 236         uint32 negotiate_flags, rid;
 237
 238         r3.in.server_name = r->in.server_name;
 239         r3.in.account_name = r->in.account_name;
 240         r3.in.secure_channel_type = r->in.secure_channel_type;
 241         r3.in.computer_name = r->in.computer_name;
 242         r3.in.credentials = r->in.credentials;
 243         r3.out.credentials = r->out.credentials;
 244         r3.in.negotiate_flags = &negotiate_flags;
 245         r3.out.negotiate_flags = &negotiate_flags;
 246         r3.out.rid = &rid;
 247
 248         return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
 249 }
 250
 251 static NTSTATUS netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 252                                          struct netr_ServerAuthenticate2 *r)
 253 {
 254         struct netr_ServerAuthenticate3 r3;
 255         uint32 rid;
 256
 257         r3.in.server_name = r->in.server_name;
 258         r3.in.account_name = r->in.account_name;
 259         r3.in.secure_channel_type = r->in.secure_channel_type;
 260         r3.in.computer_name = r->in.computer_name;
 261         r3.in.credentials = r->in.credentials;
 262         r3.out.credentials = r->out.credentials;
 263         r3.in.negotiate_flags = r->in.negotiate_flags;
 264         r3.out.negotiate_flags = r->out.negotiate_flags;
 265         r3.out.rid = &rid;
 266
 267         return netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
 268 }
 269
 270
 271 static BOOL netr_creds_server_step_check(struct server_pipe_state *pipe_state,
 272                                          struct netr_Authenticator *received_authenticator,
 273                                          struct netr_Authenticator *return_authenticator)
 274 {
 275         if (!pipe_state->authenticated) {
 276                 return False;
 277         }
 278         return creds_server_step_check(pipe_state->creds,
 279                                        received_authenticator,
 280                                        return_authenticator);
 281 }
 282
 283
 284 static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 285                                        struct netr_ServerPasswordSet *r)
 286 {
 287         struct server_pipe_state *pipe_state = dce_call->conn->private;
 288
 289         void *sam_ctx;
 290         int num_records;
 291         int num_records_domain;
 292         int ret;
 293         struct ldb_message **msgs;
 294         struct ldb_message **msgs_domain;
 295         NTSTATUS nt_status;
 296         struct ldb_message mod, *msg_set_pw = &mod;
 297         const char *domain_dn;
 298         const char *domain_sid;
 299
 300         const char *attrs[] = {"objectSid", NULL };
 301
 302         const char **domain_attrs = attrs;
 303         ZERO_STRUCT(mod);
 304
 305         if (!netr_creds_server_step_check(pipe_state, &r->in.credential, &r->out.return_authenticator)) {
 306                 return NT_STATUS_ACCESS_DENIED;
 307         }
 308
 309         if (!pipe_state) {
 310                 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
 311                 return NT_STATUS_ACCESS_DENIED;
 312         }
 313
 314         sam_ctx = samdb_connect();
 315         if (sam_ctx == NULL) {
 316                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
 317         }
 318         /* pull the user attributes */
 319         num_records = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 320                                    "(&(sAMAccountName=%s)(objectclass=user))",
 321                                    pipe_state->account_name);
 322
 323         if (num_records == 0) {
 324                 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
 325                          pipe_state->account_name));
 326                 samdb_close(sam_ctx);
 327                 return NT_STATUS_NO_SUCH_USER;
 328         }
 329
 330         if (num_records > 1) {
 331                 DEBUG(1,("Found %d records matching user [%s]\n", num_records,
 332                          pipe_state->account_name));
 333                 samdb_close(sam_ctx);
 334                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 335         }
 336
 337         domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
 338         if (!domain_sid) {
 339                 samdb_close(sam_ctx);
 340                 DEBUG(1,("no objectSid in user record\n"));
 341                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 342         }
 343
 344         /* find the domain's DN */
 345         num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL,
 346                                           &msgs_domain, domain_attrs,
 347                                           "(&(objectSid=%s)(objectclass=domain))",
 348                                           domain_sid);
 349
 350         if (num_records_domain == 0) {
 351                 DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
 352                          domain_sid));
 353                 samdb_close(sam_ctx);
 354                 return NT_STATUS_NO_SUCH_USER;
 355         }
 356
 357         if (num_records_domain > 1) {
 358                 DEBUG(1,("Found %d records matching domain [%s]\n",
 359                          num_records_domain, domain_sid));
 360                 samdb_close(sam_ctx);
 361                 return NT_STATUS_INTERNAL_DB_CORRUPTION;
 362         }
 363
 364         domain_dn = msgs_domain[0]->dn;
 365
 366         mod.dn = talloc_strdup(mem_ctx, msgs[0]->dn);
 367         if (!mod.dn) {
 368                 samdb_close(sam_ctx);
 369                 return NT_STATUS_NO_MEMORY;
 370         }
 371
 372         creds_des_decrypt(pipe_state->creds, &r->in.new_password);
 373
 374         /* set the password - samdb needs to know both the domain and user DNs,
 375            so the domain password policy can be used */
 376         nt_status = samdb_set_password(sam_ctx, mem_ctx,
 377                                        msgs[0]->dn, domain_dn,
 378                                        msg_set_pw,
 379                                        NULL, /* Don't have plaintext */
 380                                        NULL, &r->in.new_password,
 381                                        False /* This is not considered a password change */,
 382                                        NULL);
 383
 384         if (!NT_STATUS_IS_OK(nt_status)) {
 385                 samdb_close(sam_ctx);
 386                 return nt_status;
 387         }
 388
 389         ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
 390         if (ret != 0) {
 391                 /* we really need samdb.c to return NTSTATUS */
 392
 393                 samdb_close(sam_ctx);
 394                 return NT_STATUS_UNSUCCESSFUL;
 395         }
 396
 397         samdb_close(sam_ctx);
 398         return NT_STATUS_OK;
 399 }
 400
 401
 402 /*
 403   netr_LogonUasLogon
 404 */
 405 static WERROR netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 406                                  struct netr_LogonUasLogon *r)
 407 {
 408         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 409 }
 410
 411
 412 /*
 413   netr_LogonUasLogoff
 414 */
 415 static WERROR netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 416                        struct netr_LogonUasLogoff *r)
 417 {
 418         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 419 }
 420
 421
 422 /*
 423   netr_LogonSamLogon
 424
 425
 426
 427 */
 428
 429 #if 0
 430
 431 static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 432                        struct netr_LogonSamLogon *r)
 433 {
 434         struct server_pipe_state *pipe_state = dce_call->conn->private;
 435
 436         struct auth_context *auth_context;
 437         struct auth_usersupplied_info *user_info;
 438         struct auth_serversupplied_info *server_info;
 439         NTSTATUS nt_status;
 440         const uint8_t *chal;
 441
 442
 443         switch (r->in.logon_level) {
 444         case 1:
 445         case 3:
 446                 creds_arcfour_crypt(pipe_state->creds,
 447                                     r->in.logon.password->lmpassword.hash,
 448                                     sizeof(r->in.logon.password->lmpassword.hash));
 449                 creds_arcfour_crypt(pipe_state->creds,
 450                                     r->in.logon.password->ntpassword.hash,
 451                                     sizeof(r->in.logon.password->ntpassword.hash));
 452
 453                 nt_status = make_auth_context_subsystem(&auth_context);
 454                 if (!NT_STATUS_IS_OK(nt_status)) {
 455                         return nt_status;
 456                 }
 457
 458                 chal = auth_context->get_ntlm_challenge(auth_context);
 459                 nt_status = make_user_info_netlogon_interactive(&user_info,
 460                                                                 r->in.logon.password->identity_info.account_name.string,
 461                                                                 r->in.logon.password->identity_info.domain_name.string,
 462                                                                 r->in.logon.password->identity_info.workstation.string,
 463                                                                 chal,
 464                                                                 &r->in.logon.password->lmpassword,
 465                                                                 &r->in.logon.password->ntpassword);
 466                 break;
 467
 468         case 2:
 469         case 6:
 470                 nt_status = make_auth_context_fixed(&auth_context, r->in.logon.network->challenge);
 471                 if (!NT_STATUS_IS_OK(nt_status)) {
 472                         return nt_status;
 473                 }
 474
 475                 nt_status = make_user_info_netlogon_network(&user_info,
 476                                                             r->in.logon.network->identity_info.account_name.string,
 477                                                             r->in.logon.network->identity_info.domain_name.string,
 478                                                             r->in.logon.network->identity_info.workstation.string,
 479                                                             r->in.logon.network->nt.data, r->in.logon.network->nt.length,
 480                                                             r->in.logon.network->lm.data, r->in.logon.network->lm.length);
 481                 break;
 482         default:
 483                 free_auth_context(&auth_context);
 484                 return NT_STATUS_INVALID_PARAMETER;
 485         }
 486
 487         if (!NT_STATUS_IS_OK(nt_status)) {
 488                 return nt_status;
 489         }
 490
 491         nt_status = auth_context->check_ntlm_password(auth_context,
 492                                                       user_info,
 493                                                       &server_info);
 494
 495         if (!NT_STATUS_IS_OK(nt_status)) {
 496                 free_auth_context(&auth_context);
 497                 return nt_status;
 498         }
 499         free_auth_context(&auth_context);
 500
 501         switch (r->in.validation_level) {
 502         case 2:
 503         {
 504                 struct netr_SamInfo *sam;
 505                 sam = talloc_p(mem_ctx, struct netr_SamInfo);
 506                 r->out.validation.sam = sam;
 507
 508                 sam->last_logon = server_info->last_logon;
 509                 sam->last_logoff = server_info->last_logoff;
 510                 sam->acct_expiry = server_info->acct_expiry;
 511                 sam->last_password_change = server_info->last_password_change;
 512                 sam->allow_password_change = server_info->allow_password_change;
 513                 sam->force_password_change = server_info->force_password_change;
 514
 515                 sam->account_name.string = talloc_strdup(mem_ctx, server_info->account_name);
 516                 sam->full_name.string = talloc_strdup(mem_ctx, server_info->full_name);
 517                 sam->logon_script.string = talloc_strdup(mem_ctx, server_info->account_name);
 518                 sam->profile_path.string = talloc_strdup(mem_ctx, server_info->profile_path);
 519                 sam->home_directory.string = talloc_strdup(mem_ctx, server_info->home_directory);
 520                 sam->home_drive.string = talloc_strdup(mem_ctx, server_info->home_drive);
 521
 522                 sam->logon_count = server_info->logon_count;
 523                 sam->bad_password_count = sam->bad_password_count;
 524                 sam->rid = server_info->user_sid->sub_auths[server_info->user_sid->num_auths-1];
 525                 sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
 526                 sam->group_count = 0;
 527                 sam->groupids = NULL;
 528
 529                 sam->acct_flags = server_info->acct_flags;
 530
 531                 sam->domain.string = talloc_strdup(mem_ctx, server_info->domain);
 532
 533                 /* need to finish */
 534
 535                 break;
 536         }
 537         case 3:
 538         {
 539                 struct netr_SamInfo2 *sam;
 540                 sam = talloc_p(mem_ctx, struct netr_SamInfo2);
 541                 r->out.validation.sam2 = sam;
 542
 543                 break;
 544         }
 545         default:
 546                 break;
 547         }
 548
 549         r->out.authoritative = 1;
 550
 551         return NT_STATUS_OK;
 552 }
 553 #else
 554 static NTSTATUS netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 555                        struct netr_LogonSamLogon *r)
 556 {
 557         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 558 }
 559 #endif
 560
 561 /*
 562   netr_LogonSamLogoff
 563 */
 564 static NTSTATUS netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 565                        struct netr_LogonSamLogoff *r)
 566 {
 567         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 568 }
 569
 570
 571
 572 /*
 573   netr_DatabaseDeltas
 574 */
 575 static NTSTATUS netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 576                        struct netr_DatabaseDeltas *r)
 577 {
 578         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 579 }
 580
 581
 582 /*
 583   netr_DatabaseSync
 584 */
 585 static NTSTATUS netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 586                        struct netr_DatabaseSync *r)
 587 {
 588         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 589 }
 590
 591
 592 /*
 593   netr_AccountDeltas
 594 */
 595 static NTSTATUS netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 596                        struct netr_AccountDeltas *r)
 597 {
 598         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 599 }
 600
 601
 602 /*
 603   netr_AccountSync
 604 */
 605 static NTSTATUS netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 606                        struct netr_AccountSync *r)
 607 {
 608         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 609 }
 610
 611
 612 /*
 613   netr_GetDcName
 614 */
 615 static NTSTATUS netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 616                        struct netr_GetDcName *r)
 617 {
 618         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 619 }
 620
 621
 622 /*
 623   netr_LogonControl
 624 */
 625 static WERROR netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 626                        struct netr_LogonControl *r)
 627 {
 628         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 629 }
 630
 631
 632 /*
 633   netr_GetAnyDCName
 634 */
 635 static WERROR netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 636                        struct netr_GetAnyDCName *r)
 637 {
 638         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 639 }
 640
 641
 642 /*
 643   netr_LogonControl2
 644 */
 645 static WERROR netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 646                        struct netr_LogonControl2 *r)
 647 {
 648         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 649 }
 650
 651
 652 /*
 653   netr_DatabaseSync2
 654 */
 655 static NTSTATUS netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 656                        struct netr_DatabaseSync2 *r)
 657 {
 658         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 659 }
 660
 661
 662 /*
 663   netr_DatabaseRedo
 664 */
 665 static NTSTATUS netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 666                        struct netr_DatabaseRedo *r)
 667 {
 668         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 669 }
 670
 671
 672 /*
 673   netr_LogonControl2Ex
 674 */
 675 static WERROR netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 676                        struct netr_LogonControl2Ex *r)
 677 {
 678         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 679 }
 680
 681
 682 /*
 683   netr_NETRENUMERATETRUSTEDDOMAINS
 684 */
 685 static WERROR netr_NETRENUMERATETRUSTEDDOMAINS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 686                        struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
 687 {
 688         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 689 }
 690
 691
 692 /*
 693   netr_DSRGETDCNAME
 694 */
 695 static WERROR netr_DSRGETDCNAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 696                        struct netr_DSRGETDCNAME *r)
 697 {
 698         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 699 }
 700
 701
 702 /*
 703   netr_NETRLOGONDUMMYROUTINE1
 704 */
 705 static WERROR netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 706                        struct netr_NETRLOGONDUMMYROUTINE1 *r)
 707 {
 708         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 709 }
 710
 711
 712 /*
 713   netr_NETRLOGONSETSERVICEBITS
 714 */
 715 static WERROR netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 716                        struct netr_NETRLOGONSETSERVICEBITS *r)
 717 {
 718         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 719 }
 720
 721
 722 /*
 723   netr_NETRLOGONGETTRUSTRID
 724 */
 725 static WERROR netr_NETRLOGONGETTRUSTRID(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 726                        struct netr_NETRLOGONGETTRUSTRID *r)
 727 {
 728         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 729 }
 730
 731
 732 /*
 733   netr_NETRLOGONCOMPUTESERVERDIGEST
 734 */
 735 static WERROR netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 736                        struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
 737 {
 738         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 739 }
 740
 741
 742 /*
 743   netr_NETRLOGONCOMPUTECLIENTDIGEST
 744 */
 745 static WERROR netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 746                        struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
 747 {
 748         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 749 }
 750
 751
 752 /*
 753   netr_DSRGETDCNAMEX
 754 */
 755 static WERROR netr_DSRGETDCNAMEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 756                        struct netr_DSRGETDCNAMEX *r)
 757 {
 758         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 759 }
 760
 761
 762 /*
 763   netr_DSRGETSITENAME
 764 */
 765 static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 766                        struct netr_DSRGETSITENAME *r)
 767 {
 768         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 769 }
 770
 771
 772 /*
 773   netr_NETRLOGONGETDOMAININFO
 774 */
 775 static WERROR netr_NETRLOGONGETDOMAININFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 776                        struct netr_NETRLOGONGETDOMAININFO *r)
 777 {
 778         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 779 }
 780
 781
 782 /*
 783   netr_NETRSERVERPASSWORDSET2
 784 */
 785 static WERROR netr_NETRSERVERPASSWORDSET2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 786                        struct netr_NETRSERVERPASSWORDSET2 *r)
 787 {
 788         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 789 }
 790
 791
 792 /*
 793   netr_NETRSERVERPASSWORDGET
 794 */
 795 static WERROR netr_NETRSERVERPASSWORDGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 796                        struct netr_NETRSERVERPASSWORDGET *r)
 797 {
 798         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 799 }
 800
 801
 802 /*
 803   netr_NETRLOGONSENDTOSAM
 804 */
 805 static WERROR netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 806                        struct netr_NETRLOGONSENDTOSAM *r)
 807 {
 808         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 809 }
 810
 811
 812 /*
 813   netr_DSRADDRESSTOSITENAMESW
 814 */
 815 static WERROR netr_DSRADDRESSTOSITENAMESW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 816                        struct netr_DSRADDRESSTOSITENAMESW *r)
 817 {
 818         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 819 }
 820
 821
 822 /*
 823   netr_DSRGETDCNAMEEX2
 824 */
 825 static WERROR netr_DSRGETDCNAMEEX2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 826                        struct netr_DSRGETDCNAMEEX2 *r)
 827 {
 828         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 829 }
 830
 831
 832 /*
 833   netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
 834 */
 835 static WERROR netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 836                        struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
 837 {
 838         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 839 }
 840
 841
 842 /*
 843   netr_NETRENUMERATETRUSTEDDOMAINSEX
 844 */
 845 static WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 846                        struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
 847 {
 848         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 849 }
 850
 851
 852 /*
 853   netr_DSRADDRESSTOSITENAMESEXW
 854 */
 855 static WERROR netr_DSRADDRESSTOSITENAMESEXW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 856                        struct netr_DSRADDRESSTOSITENAMESEXW *r)
 857 {
 858         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 859 }
 860
 861
 862 /*
 863   netr_DSRGETDCSITECOVERAGEW
 864 */
 865 static WERROR netr_DSRGETDCSITECOVERAGEW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 866                        struct netr_DSRGETDCSITECOVERAGEW *r)
 867 {
 868         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 869 }
 870
 871
 872 /*
 873   netr_NETRLOGONSAMLOGONEX
 874 */
 875 static WERROR netr_NETRLOGONSAMLOGONEX(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 876                        struct netr_NETRLOGONSAMLOGONEX *r)
 877 {
 878         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 879 }
 880
 881
 882 /*
 883   netr_DsrEnumerateDomainTrusts
 884 */
 885 static WERROR netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 886                                               struct netr_DsrEnumerateDomainTrusts *r)
 887 {
 888         struct netr_DomainTrust *trusts;
 889         void *sam_ctx;
 890         int ret, i;
 891         struct ldb_message **res;
 892         const char * const attrs[] = { "name", "dnsDomain", "objectSid", "objectGUID", NULL };
 893
 894         ZERO_STRUCT(r->out);
 895
 896         sam_ctx = samdb_connect();
 897         if (sam_ctx == NULL) {
 898                 return WERR_GENERAL_FAILURE;
 899         }
 900
 901         ret = samdb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(objectClass=domainDNS)");
 902         if (ret == -1) {
 903                 samdb_close(sam_ctx);
 904                 return WERR_GENERAL_FAILURE;
 905         }
 906
 907         if (ret == 0) {
 908                 return WERR_OK;
 909         }
 910
 911         trusts = talloc_array_p(mem_ctx, struct netr_DomainTrust, ret);
 912         if (trusts == NULL) {
 913                 return WERR_NOMEM;
 914         }
 915
 916         r->out.count = ret;
 917         r->out.trusts = trusts;
 918
 919         /* TODO: add filtering by trust_flags, and correct trust_type
 920            and attributes */
 921         for (i=0;i<ret;i++) {
 922                 trusts[i].netbios_name = samdb_result_string(res[i], "name", NULL);
 923                 trusts[i].dns_name     = samdb_result_string(res[i], "dnsDomain", NULL);
 924                 trusts[i].trust_flags =
 925                         NETR_TRUST_FLAG_TREEROOT |
 926                         NETR_TRUST_FLAG_IN_FOREST |
 927                         NETR_TRUST_FLAG_PRIMARY;
 928                 trusts[i].parent_index = 0;
 929                 trusts[i].trust_type = 2;
 930                 trusts[i].trust_attributes = 0;
 931                 trusts[i].sid  = samdb_result_dom_sid(mem_ctx, res[i], "objectSid");
 932                 trusts[i].guid = samdb_result_guid(res[i], "objectGUID");
 933         }
 934
 935
 936         return WERR_OK;
 937 }
 938
 939
 940 /*
 941   netr_DSRDEREGISTERDNSHOSTRECORDS
 942 */
 943 static WERROR netr_DSRDEREGISTERDNSHOSTRECORDS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 944                        struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
 945 {
 946         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 947 }
 948
 949
 950 /*
 951   netr_NETRSERVERTRUSTPASSWORDSGET
 952 */
 953 static WERROR netr_NETRSERVERTRUSTPASSWORDSGET(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 954                        struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
 955 {
 956         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 957 }
 958
 959
 960 /*
 961   netr_DSRGETFORESTTRUSTINFORMATION
 962 */
 963 static WERROR netr_DSRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 964                        struct netr_DSRGETFORESTTRUSTINFORMATION *r)
 965 {
 966         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 967 }
 968
 969
 970 /*
 971   netr_NETRGETFORESTTRUSTINFORMATION
 972 */
 973 static WERROR netr_NETRGETFORESTTRUSTINFORMATION(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 974                        struct netr_NETRGETFORESTTRUSTINFORMATION *r)
 975 {
 976         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 977 }
 978
 979
 980 /*
 981   netr_NETRLOGONSAMLOGONWITHFLAGS
 982 */
 983 static WERROR netr_NETRLOGONSAMLOGONWITHFLAGS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 984                        struct netr_NETRLOGONSAMLOGONWITHFLAGS *r)
 985 {
 986         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 987 }
 988
 989
 990 /*
 991   netr_NETRSERVERGETTRUSTINFO
 992 */
 993 static WERROR netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 994                        struct netr_NETRSERVERGETTRUSTINFO *r)
 995 {
 996         DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
 997 }
 998
 999
1000 /* include the generated boilerplate */
1001 #include "librpc/gen_ndr/ndr_netlogon_s.c"