Do not redefine strupr
[ira/wip.git] / source3 / rpc_server / srv_netlog_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6  *  Copyright (C) Paul Ashton                       1997.
7  *  Copyright (C) Jeremy Allison               1998-2001.
8  *  Copyright (C) Andrew Bartlett                   2001.
9  *  Copyright (C) Guenther Deschner                 2008.
10  *
11  *  This program is free software; you can redistribute it and/or modify
12  *  it under the terms of the GNU General Public License as published by
13  *  the Free Software Foundation; either version 3 of the License, or
14  *  (at your option) any later version.
15  *
16  *  This program is distributed in the hope that it will be useful,
17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  *  GNU General Public License for more details.
20  *
21  *  You should have received a copy of the GNU General Public License
22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 /* This is the implementation of the netlogon pipe. */
26
27 #include "includes.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../libcli/auth/schannel_state.h"
30
31 extern userdom_struct current_user_info;
32
33 #undef DBGC_CLASS
34 #define DBGC_CLASS DBGC_RPC_SRV
35
36 struct netlogon_server_pipe_state {
37         struct netr_Credential client_challenge;
38         struct netr_Credential server_challenge;
39 };
40
41 /*******************************************************************
42  Inits a netr_NETLOGON_INFO_1 structure.
43 ********************************************************************/
44
45 static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
46                                 uint32_t flags,
47                                 uint32_t pdc_connection_status)
48 {
49         r->flags = flags;
50         r->pdc_connection_status = pdc_connection_status;
51 }
52
53 /*******************************************************************
54  Inits a netr_NETLOGON_INFO_2 structure.
55 ********************************************************************/
56
57 static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
58                                 uint32_t flags,
59                                 uint32_t pdc_connection_status,
60                                 const char *trusted_dc_name,
61                                 uint32_t tc_connection_status)
62 {
63         r->flags = flags;
64         r->pdc_connection_status = pdc_connection_status;
65         r->trusted_dc_name = trusted_dc_name;
66         r->tc_connection_status = tc_connection_status;
67 }
68
69 /*******************************************************************
70  Inits a netr_NETLOGON_INFO_3 structure.
71 ********************************************************************/
72
73 static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
74                                 uint32_t flags,
75                                 uint32_t logon_attempts)
76 {
77         r->flags = flags;
78         r->logon_attempts = logon_attempts;
79 }
80
81 /*************************************************************************
82  _netr_LogonControl
83  *************************************************************************/
84
85 WERROR _netr_LogonControl(pipes_struct *p,
86                           struct netr_LogonControl *r)
87 {
88         struct netr_LogonControl2Ex l;
89
90         switch (r->in.level) {
91         case 1:
92                 break;
93         case 2:
94                 return WERR_NOT_SUPPORTED;
95         default:
96                 return WERR_UNKNOWN_LEVEL;
97         }
98
99         l.in.logon_server       = r->in.logon_server;
100         l.in.function_code      = r->in.function_code;
101         l.in.level              = r->in.level;
102         l.in.data               = NULL;
103         l.out.query             = r->out.query;
104
105         return _netr_LogonControl2Ex(p, &l);
106 }
107
108 /****************************************************************************
109 Send a message to smbd to do a sam synchronisation
110 **************************************************************************/
111
112 static void send_sync_message(void)
113 {
114         DEBUG(3, ("sending sam synchronisation message\n"));
115         message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
116                          NULL);
117 }
118
119 /*************************************************************************
120  _netr_LogonControl2
121  *************************************************************************/
122
123 WERROR _netr_LogonControl2(pipes_struct *p,
124                            struct netr_LogonControl2 *r)
125 {
126         struct netr_LogonControl2Ex l;
127
128         l.in.logon_server       = r->in.logon_server;
129         l.in.function_code      = r->in.function_code;
130         l.in.level              = r->in.level;
131         l.in.data               = r->in.data;
132         l.out.query             = r->out.query;
133
134         return _netr_LogonControl2Ex(p, &l);
135 }
136
137 /****************************************************************
138  _netr_LogonControl2Ex
139 ****************************************************************/
140
141 WERROR _netr_LogonControl2Ex(pipes_struct *p,
142                              struct netr_LogonControl2Ex *r)
143 {
144         uint32 flags = 0x0;
145         uint32 pdc_connection_status = 0x0;
146         uint32 logon_attempts = 0x0;
147         uint32 tc_status;
148         fstring dc_name2;
149         const char *dc_name = NULL;
150         struct sockaddr_storage dc_ss;
151         const char *domain = NULL;
152         struct netr_NETLOGON_INFO_1 *info1;
153         struct netr_NETLOGON_INFO_2 *info2;
154         struct netr_NETLOGON_INFO_3 *info3;
155         const char *fn;
156
157         switch (p->hdr_req.opnum) {
158                 case NDR_NETR_LOGONCONTROL:
159                         fn = "_netr_LogonControl";
160                         break;
161                 case NDR_NETR_LOGONCONTROL2:
162                         fn = "_netr_LogonControl2";
163                         break;
164                 case NDR_NETR_LOGONCONTROL2EX:
165                         fn = "_netr_LogonControl2Ex";
166                         break;
167                 default:
168                         return WERR_INVALID_PARAM;
169         }
170
171         tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
172
173         switch (r->in.function_code) {
174                 case NETLOGON_CONTROL_TC_QUERY:
175                         domain = r->in.data->domain;
176
177                         if ( !is_trusted_domain( domain ) )
178                                 break;
179
180                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
181                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
182                                 break;
183                         }
184
185                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
186                         if (!dc_name) {
187                                 return WERR_NOMEM;
188                         }
189
190                         tc_status = W_ERROR_V(WERR_OK);
191
192                         break;
193
194                 case NETLOGON_CONTROL_REDISCOVER:
195                         domain = r->in.data->domain;
196
197                         if ( !is_trusted_domain( domain ) )
198                                 break;
199
200                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
201                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
202                                 break;
203                         }
204
205                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
206                         if (!dc_name) {
207                                 return WERR_NOMEM;
208                         }
209
210                         tc_status = W_ERROR_V(WERR_OK);
211
212                         break;
213
214                 default:
215                         /* no idea what this should be */
216                         DEBUG(0,("%s: unimplemented function level [%d]\n",
217                                 fn, r->in.function_code));
218                         return WERR_UNKNOWN_LEVEL;
219         }
220
221         /* prepare the response */
222
223         switch (r->in.level) {
224                 case 1:
225                         info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
226                         W_ERROR_HAVE_NO_MEMORY(info1);
227
228                         init_netlogon_info1(info1,
229                                             flags,
230                                             pdc_connection_status);
231                         r->out.query->info1 = info1;
232                         break;
233                 case 2:
234                         info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
235                         W_ERROR_HAVE_NO_MEMORY(info2);
236
237                         init_netlogon_info2(info2,
238                                             flags,
239                                             pdc_connection_status,
240                                             dc_name,
241                                             tc_status);
242                         r->out.query->info2 = info2;
243                         break;
244                 case 3:
245                         info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
246                         W_ERROR_HAVE_NO_MEMORY(info3);
247
248                         init_netlogon_info3(info3,
249                                             flags,
250                                             logon_attempts);
251                         r->out.query->info3 = info3;
252                         break;
253                 default:
254                         return WERR_UNKNOWN_LEVEL;
255         }
256
257         if (lp_server_role() == ROLE_DOMAIN_BDC) {
258                 send_sync_message();
259         }
260
261         return WERR_OK;
262 }
263
264 /*************************************************************************
265  _netr_NetrEnumerateTrustedDomains
266  *************************************************************************/
267
268 WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
269                                          struct netr_NetrEnumerateTrustedDomains *r)
270 {
271         struct netr_Blob trusted_domains_blob;
272         DATA_BLOB blob;
273
274         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
275
276         /* set up the Trusted Domain List response */
277
278         blob = data_blob_talloc_zero(p->mem_ctx, 2);
279         trusted_domains_blob.data = blob.data;
280         trusted_domains_blob.length = blob.length;
281
282         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
283
284         *r->out.trusted_domains_blob = trusted_domains_blob;
285
286         return WERR_OK;
287 }
288
289 /******************************************************************
290  gets a machine password entry.  checks access rights of the host.
291  ******************************************************************/
292
293 static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
294                           uint16_t sec_chan_type, struct dom_sid *sid)
295 {
296         struct samu *sampass = NULL;
297         const uint8 *pass;
298         bool ret;
299         uint32 acct_ctrl;
300
301 #if 0
302         char addr[INET6_ADDRSTRLEN];
303
304     /*
305      * Currently this code is redundent as we already have a filter
306      * by hostname list. What this code really needs to do is to
307      * get a hosts allowed/hosts denied list from the SAM database
308      * on a per user basis, and make the access decision there.
309      * I will leave this code here for now as a reminder to implement
310      * this at a later date. JRA.
311      */
312
313         if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
314                         client_name(get_client_fd()),
315                         client_addr(get_client_fd(),addr,sizeof(addr)))) {
316                 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
317                 return False;
318         }
319 #endif /* 0 */
320
321         if ( !(sampass = samu_new( NULL )) ) {
322                 return NT_STATUS_NO_MEMORY;
323         }
324
325         /* JRA. This is ok as it is only used for generating the challenge. */
326         become_root();
327         ret = pdb_getsampwnam(sampass, mach_acct);
328         unbecome_root();
329
330         if (!ret) {
331                 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
332                 TALLOC_FREE(sampass);
333                 return NT_STATUS_ACCESS_DENIED;
334         }
335
336         acct_ctrl = pdb_get_acct_ctrl(sampass);
337         if (acct_ctrl & ACB_DISABLED) {
338                 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
339                 TALLOC_FREE(sampass);
340                 return NT_STATUS_ACCOUNT_DISABLED;
341         }
342
343         if (!(acct_ctrl & ACB_SVRTRUST) &&
344             !(acct_ctrl & ACB_WSTRUST) &&
345             !(acct_ctrl & ACB_DOMTRUST))
346         {
347                 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
348                 TALLOC_FREE(sampass);
349                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
350         }
351
352         switch (sec_chan_type) {
353                 case SEC_CHAN_BDC:
354                         if (!(acct_ctrl & ACB_SVRTRUST)) {
355                                 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
356                                          "but not a server trust account\n", mach_acct));
357                                 TALLOC_FREE(sampass);
358                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
359                         }
360                         break;
361                 case SEC_CHAN_WKSTA:
362                         if (!(acct_ctrl & ACB_WSTRUST)) {
363                                 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
364                                          "but not a workstation trust account\n", mach_acct));
365                                 TALLOC_FREE(sampass);
366                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
367                         }
368                         break;
369                 case SEC_CHAN_DOMAIN:
370                         if (!(acct_ctrl & ACB_DOMTRUST)) {
371                                 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
372                                          "but not a interdomain trust account\n", mach_acct));
373                                 TALLOC_FREE(sampass);
374                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
375                         }
376                         break;
377                 default:
378                         break;
379         }
380
381         if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
382                 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
383                 TALLOC_FREE(sampass);
384                 return NT_STATUS_LOGON_FAILURE;
385         }
386
387         memcpy(md4pw->hash, pass, 16);
388         dump_data(5, md4pw->hash, 16);
389
390         sid_copy(sid, pdb_get_user_sid(sampass));
391
392         TALLOC_FREE(sampass);
393
394         return NT_STATUS_OK;
395
396
397 }
398
399 /*************************************************************************
400  _netr_ServerReqChallenge
401  *************************************************************************/
402
403 NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
404                                   struct netr_ServerReqChallenge *r)
405 {
406         struct netlogon_server_pipe_state *pipe_state =
407                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
408
409         if (pipe_state) {
410                 DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
411                 talloc_free(pipe_state);
412                 p->private_data = NULL;
413         }
414
415         pipe_state = talloc(p, struct netlogon_server_pipe_state);
416         NT_STATUS_HAVE_NO_MEMORY(pipe_state);
417
418         pipe_state->client_challenge = *r->in.credentials;
419
420         generate_random_buffer(pipe_state->server_challenge.data,
421                                sizeof(pipe_state->server_challenge.data));
422
423         *r->out.return_credentials = pipe_state->server_challenge;
424
425         p->private_data = pipe_state;
426
427         return NT_STATUS_OK;
428 }
429
430 /*************************************************************************
431  _netr_ServerAuthenticate
432  Create the initial credentials.
433  *************************************************************************/
434
435 NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
436                                   struct netr_ServerAuthenticate *r)
437 {
438         struct netr_ServerAuthenticate3 a;
439         uint32_t negotiate_flags = 0;
440         uint32_t rid;
441
442         a.in.server_name                = r->in.server_name;
443         a.in.account_name               = r->in.account_name;
444         a.in.secure_channel_type        = r->in.secure_channel_type;
445         a.in.computer_name              = r->in.computer_name;
446         a.in.credentials                = r->in.credentials;
447         a.in.negotiate_flags            = &negotiate_flags;
448
449         a.out.return_credentials        = r->out.return_credentials;
450         a.out.rid                       = &rid;
451         a.out.negotiate_flags           = &negotiate_flags;
452
453         return _netr_ServerAuthenticate3(p, &a);
454
455 }
456
457 /*************************************************************************
458  _netr_ServerAuthenticate3
459  *************************************************************************/
460
461 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
462                                    struct netr_ServerAuthenticate3 *r)
463 {
464         NTSTATUS status;
465         uint32_t srv_flgs;
466         /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
467          * so use a copy to avoid destroying the client values. */
468         uint32_t in_neg_flags = *r->in.negotiate_flags;
469         const char *fn;
470         struct dom_sid sid;
471         struct samr_Password mach_pwd;
472         struct netlogon_creds_CredentialState *creds;
473         struct netlogon_server_pipe_state *pipe_state =
474                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
475
476         /* According to Microsoft (see bugid #6099)
477          * Windows 7 looks at the negotiate_flags
478          * returned in this structure *even if the
479          * call fails with access denied* ! So in order
480          * to allow Win7 to connect to a Samba NT style
481          * PDC we set the flags before we know if it's
482          * an error or not.
483          */
484
485         /* 0x000001ff */
486         srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
487                    NETLOGON_NEG_PERSISTENT_SAMREPL |
488                    NETLOGON_NEG_ARCFOUR |
489                    NETLOGON_NEG_PROMOTION_COUNT |
490                    NETLOGON_NEG_CHANGELOG_BDC |
491                    NETLOGON_NEG_FULL_SYNC_REPL |
492                    NETLOGON_NEG_MULTIPLE_SIDS |
493                    NETLOGON_NEG_REDO |
494                    NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
495                    NETLOGON_NEG_PASSWORD_SET2;
496
497         /* Ensure we support strong (128-bit) keys. */
498         if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
499                 srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
500         }
501
502         if (lp_server_schannel() != false) {
503                 srv_flgs |= NETLOGON_NEG_SCHANNEL;
504         }
505
506         switch (p->hdr_req.opnum) {
507                 case NDR_NETR_SERVERAUTHENTICATE:
508                         fn = "_netr_ServerAuthenticate";
509                         break;
510                 case NDR_NETR_SERVERAUTHENTICATE2:
511                         fn = "_netr_ServerAuthenticate2";
512                         break;
513                 case NDR_NETR_SERVERAUTHENTICATE3:
514                         fn = "_netr_ServerAuthenticate3";
515                         break;
516                 default:
517                         return NT_STATUS_INTERNAL_ERROR;
518         }
519
520         /* We use this as the key to store the creds: */
521         /* r->in.computer_name */
522
523         if (!pipe_state) {
524                 DEBUG(0,("%s: no challenge sent to client %s\n", fn,
525                         r->in.computer_name));
526                 status = NT_STATUS_ACCESS_DENIED;
527                 goto out;
528         }
529
530         if ( (lp_server_schannel() == true) &&
531              ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
532
533                 /* schannel must be used, but client did not offer it. */
534                 DEBUG(0,("%s: schannel required but client failed "
535                         "to offer it. Client was %s\n",
536                         fn, r->in.account_name));
537                 status = NT_STATUS_ACCESS_DENIED;
538                 goto out;
539         }
540
541         status = get_md4pw(&mach_pwd,
542                            r->in.account_name,
543                            r->in.secure_channel_type,
544                            &sid);
545         if (!NT_STATUS_IS_OK(status)) {
546                 DEBUG(0,("%s: failed to get machine password for "
547                         "account %s: %s\n",
548                         fn, r->in.account_name, nt_errstr(status) ));
549                 /* always return NT_STATUS_ACCESS_DENIED */
550                 status = NT_STATUS_ACCESS_DENIED;
551                 goto out;
552         }
553
554         /* From the client / server challenges and md4 password, generate sess key */
555         /* Check client credentials are valid. */
556         creds = netlogon_creds_server_init(p->mem_ctx,
557                                            r->in.account_name,
558                                            r->in.computer_name,
559                                            r->in.secure_channel_type,
560                                            &pipe_state->client_challenge,
561                                            &pipe_state->server_challenge,
562                                            &mach_pwd,
563                                            r->in.credentials,
564                                            r->out.return_credentials,
565                                            *r->in.negotiate_flags);
566         if (!creds) {
567                 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
568                         "request from client %s machine account %s\n",
569                         fn, r->in.computer_name,
570                         r->in.account_name));
571                 status = NT_STATUS_ACCESS_DENIED;
572                 goto out;
573         }
574
575         creds->sid = sid_dup_talloc(creds, &sid);
576         if (!creds->sid) {
577                 status = NT_STATUS_NO_MEMORY;
578                 goto out;
579         }
580
581         /* Store off the state so we can continue after client disconnect. */
582         become_root();
583         status = schannel_store_session_key(p->mem_ctx, creds);
584         unbecome_root();
585
586         if (!NT_STATUS_IS_OK(status)) {
587                 goto out;
588         }
589
590         sid_peek_rid(&sid, r->out.rid);
591
592         status = NT_STATUS_OK;
593
594   out:
595
596         *r->out.negotiate_flags = srv_flgs;
597         return status;
598 }
599
600 /*************************************************************************
601  _netr_ServerAuthenticate2
602  *************************************************************************/
603
604 NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
605                                    struct netr_ServerAuthenticate2 *r)
606 {
607         struct netr_ServerAuthenticate3 a;
608         uint32_t rid;
609
610         a.in.server_name                = r->in.server_name;
611         a.in.account_name               = r->in.account_name;
612         a.in.secure_channel_type        = r->in.secure_channel_type;
613         a.in.computer_name              = r->in.computer_name;
614         a.in.credentials                = r->in.credentials;
615         a.in.negotiate_flags            = r->in.negotiate_flags;
616
617         a.out.return_credentials        = r->out.return_credentials;
618         a.out.rid                       = &rid;
619         a.out.negotiate_flags           = r->out.negotiate_flags;
620
621         return _netr_ServerAuthenticate3(p, &a);
622 }
623
624 /*************************************************************************
625  *************************************************************************/
626
627 static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
628                                              TALLOC_CTX *mem_ctx,
629                                              const char *computer_name,
630                                              struct netr_Authenticator *received_authenticator,
631                                              struct netr_Authenticator *return_authenticator,
632                                              struct netlogon_creds_CredentialState **creds_out)
633 {
634         NTSTATUS status;
635         struct tdb_context *tdb;
636         bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
637         bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
638                 (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
639                  p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
640
641         tdb = open_schannel_session_store(mem_ctx);
642         if (!tdb) {
643                 return NT_STATUS_ACCESS_DENIED;
644         }
645
646         status = schannel_creds_server_step_check_tdb(tdb, mem_ctx,
647                                                       computer_name,
648                                                       schannel_global_required,
649                                                       schannel_in_use,
650                                                       received_authenticator,
651                                                       return_authenticator,
652                                                       creds_out);
653         tdb_close(tdb);
654
655         return status;
656 }
657
658 /*************************************************************************
659  *************************************************************************/
660
661 static NTSTATUS netr_find_machine_account(TALLOC_CTX *mem_ctx,
662                                           const char *account_name,
663                                           struct samu **sampassp)
664 {
665         struct samu *sampass;
666         bool ret = false;
667         uint32_t acct_ctrl;
668
669         sampass = samu_new(mem_ctx);
670         if (!sampass) {
671                 return NT_STATUS_NO_MEMORY;
672         }
673
674         become_root();
675         ret = pdb_getsampwnam(sampass, account_name);
676         unbecome_root();
677
678         if (!ret) {
679                 TALLOC_FREE(sampass);
680                 return NT_STATUS_ACCESS_DENIED;
681         }
682
683         /* Ensure the account exists and is a machine account. */
684
685         acct_ctrl = pdb_get_acct_ctrl(sampass);
686
687         if (!(acct_ctrl & ACB_WSTRUST ||
688               acct_ctrl & ACB_SVRTRUST ||
689               acct_ctrl & ACB_DOMTRUST)) {
690                 TALLOC_FREE(sampass);
691                 return NT_STATUS_NO_SUCH_USER;
692         }
693
694         if (acct_ctrl & ACB_DISABLED) {
695                 TALLOC_FREE(sampass);
696                 return NT_STATUS_ACCOUNT_DISABLED;
697         }
698
699         *sampassp = sampass;
700
701         return NT_STATUS_OK;
702 }
703
704 /*************************************************************************
705  *************************************************************************/
706
707 static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
708                                                   struct samu *sampass,
709                                                   DATA_BLOB *plaintext_blob,
710                                                   struct samr_Password *nt_hash,
711                                                   struct samr_Password *lm_hash)
712 {
713         NTSTATUS status;
714         const uchar *old_pw;
715         const char *plaintext = NULL;
716         size_t plaintext_len;
717         struct samr_Password nt_hash_local;
718
719         if (!sampass) {
720                 return NT_STATUS_INVALID_PARAMETER;
721         }
722
723         if (plaintext_blob) {
724                 if (!convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
725                                            plaintext_blob->data, plaintext_blob->length,
726                                            &plaintext, &plaintext_len, false))
727                 {
728                         plaintext = NULL;
729                         mdfour(nt_hash_local.hash, plaintext_blob->data, plaintext_blob->length);
730                         nt_hash = &nt_hash_local;
731                 }
732         }
733
734         if (plaintext) {
735                 if (!pdb_set_plaintext_passwd(sampass, plaintext)) {
736                         return NT_STATUS_ACCESS_DENIED;
737                 }
738
739                 goto done;
740         }
741
742         if (nt_hash) {
743                 old_pw = pdb_get_nt_passwd(sampass);
744
745                 if (old_pw && memcmp(nt_hash->hash, old_pw, 16) == 0) {
746                         /* Avoid backend modificiations and other fun if the
747                            client changed the password to the *same thing* */
748                 } else {
749                         /* LM password should be NULL for machines */
750                         if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
751                                 return NT_STATUS_NO_MEMORY;
752                         }
753                         if (!pdb_set_nt_passwd(sampass, nt_hash->hash, PDB_CHANGED)) {
754                                 return NT_STATUS_NO_MEMORY;
755                         }
756
757                         if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
758                                 /* Not quite sure what this one qualifies as, but this will do */
759                                 return NT_STATUS_UNSUCCESSFUL;
760                         }
761                 }
762         }
763
764  done:
765         become_root();
766         status = pdb_update_sam_account(sampass);
767         unbecome_root();
768
769         return status;
770 }
771
772 /*************************************************************************
773  _netr_ServerPasswordSet
774  *************************************************************************/
775
776 NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
777                                  struct netr_ServerPasswordSet *r)
778 {
779         NTSTATUS status = NT_STATUS_OK;
780         struct samu *sampass=NULL;
781         int i;
782         struct netlogon_creds_CredentialState *creds;
783
784         DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
785
786         become_root();
787         status = netr_creds_server_step_check(p, p->mem_ctx,
788                                               r->in.computer_name,
789                                               r->in.credential,
790                                               r->out.return_authenticator,
791                                               &creds);
792         unbecome_root();
793
794         if (!NT_STATUS_IS_OK(status)) {
795                 DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
796                         "request from client %s machine account %s\n",
797                         r->in.computer_name, creds->computer_name));
798                 TALLOC_FREE(creds);
799                 return status;
800         }
801
802         DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
803                         r->in.computer_name, creds->computer_name));
804
805         netlogon_creds_des_decrypt(creds, r->in.new_password);
806
807         DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
808         for(i = 0; i < sizeof(r->in.new_password->hash); i++)
809                 DEBUG(100,("%02X ", r->in.new_password->hash[i]));
810         DEBUG(100,("\n"));
811
812         status = netr_find_machine_account(p->mem_ctx,
813                                            creds->account_name,
814                                            &sampass);
815         if (!NT_STATUS_IS_OK(status)) {
816                 return status;
817         }
818
819         status = netr_set_machine_account_password(sampass,
820                                                    sampass,
821                                                    NULL,
822                                                    r->in.new_password,
823                                                    NULL);
824         TALLOC_FREE(sampass);
825         return status;
826 }
827
828 /****************************************************************
829  _netr_ServerPasswordSet2
830 ****************************************************************/
831
832 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
833                                   struct netr_ServerPasswordSet2 *r)
834 {
835         NTSTATUS status;
836         struct netlogon_creds_CredentialState *creds;
837         struct samu *sampass;
838         DATA_BLOB plaintext;
839         struct samr_CryptPassword password_buf;
840
841         become_root();
842         status = netr_creds_server_step_check(p, p->mem_ctx,
843                                               r->in.computer_name,
844                                               r->in.credential,
845                                               r->out.return_authenticator,
846                                               &creds);
847         unbecome_root();
848
849         if (!NT_STATUS_IS_OK(status)) {
850                 DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
851                         "failed. Rejecting auth request from client %s machine account %s\n",
852                         r->in.computer_name, creds->computer_name));
853                 TALLOC_FREE(creds);
854                 return status;
855         }
856
857         memcpy(password_buf.data, r->in.new_password->data, 512);
858         SIVAL(password_buf.data, 512, r->in.new_password->length);
859         netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
860
861         if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
862                 return NT_STATUS_WRONG_PASSWORD;
863         }
864
865         status = netr_find_machine_account(p->mem_ctx,
866                                            creds->account_name,
867                                            &sampass);
868         if (!NT_STATUS_IS_OK(status)) {
869                 return status;
870         }
871
872         status = netr_set_machine_account_password(sampass,
873                                                    sampass,
874                                                    &plaintext,
875                                                    NULL,
876                                                    NULL);
877         TALLOC_FREE(sampass);
878         return status;
879 }
880
881 /*************************************************************************
882  _netr_LogonSamLogoff
883  *************************************************************************/
884
885 NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
886                               struct netr_LogonSamLogoff *r)
887 {
888         NTSTATUS status;
889         struct netlogon_creds_CredentialState *creds;
890
891         become_root();
892         status = netr_creds_server_step_check(p, p->mem_ctx,
893                                               r->in.computer_name,
894                                               r->in.credential,
895                                               r->out.return_authenticator,
896                                               &creds);
897         unbecome_root();
898
899         return status;
900 }
901
902 /*************************************************************************
903  _netr_LogonSamLogon_base
904  *************************************************************************/
905
906 static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
907                                          struct netr_LogonSamLogonEx *r,
908                                          struct netlogon_creds_CredentialState *creds)
909 {
910         NTSTATUS status = NT_STATUS_OK;
911         union netr_LogonLevel *logon = r->in.logon;
912         const char *nt_username, *nt_domain, *nt_workstation;
913         auth_usersupplied_info *user_info = NULL;
914         auth_serversupplied_info *server_info = NULL;
915         struct auth_context *auth_context = NULL;
916         uint8_t pipe_session_key[16];
917         bool process_creds = true;
918         const char *fn;
919
920         switch (p->hdr_req.opnum) {
921                 case NDR_NETR_LOGONSAMLOGON:
922                         process_creds = true;
923                         fn = "_netr_LogonSamLogon";
924                         break;
925                 case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
926                         process_creds = true;
927                         fn = "_netr_LogonSamLogonWithFlags";
928                         break;
929                 case NDR_NETR_LOGONSAMLOGONEX:
930                         process_creds = false;
931                         fn = "_netr_LogonSamLogonEx";
932                         break;
933                 default:
934                         return NT_STATUS_INTERNAL_ERROR;
935         }
936
937         *r->out.authoritative = true; /* authoritative response */
938
939         switch (r->in.validation_level) {
940         case 2:
941                 r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
942                 if (!r->out.validation->sam2) {
943                         return NT_STATUS_NO_MEMORY;
944                 }
945                 break;
946         case 3:
947                 r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
948                 if (!r->out.validation->sam3) {
949                         return NT_STATUS_NO_MEMORY;
950                 }
951                 break;
952         default:
953                 DEBUG(0,("%s: bad validation_level value %d.\n",
954                         fn, (int)r->in.validation_level));
955                 return NT_STATUS_INVALID_INFO_CLASS;
956         }
957
958         switch (r->in.logon_level) {
959         case NetlogonInteractiveInformation:
960                 nt_username     = logon->password->identity_info.account_name.string;
961                 nt_domain       = logon->password->identity_info.domain_name.string;
962                 nt_workstation  = logon->password->identity_info.workstation.string;
963
964                 DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
965                 break;
966         case NetlogonNetworkInformation:
967                 nt_username     = logon->network->identity_info.account_name.string;
968                 nt_domain       = logon->network->identity_info.domain_name.string;
969                 nt_workstation  = logon->network->identity_info.workstation.string;
970
971                 DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
972                 break;
973         default:
974                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
975                 return NT_STATUS_INVALID_INFO_CLASS;
976         } /* end switch */
977
978         DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
979         fstrcpy(current_user_info.smb_name, nt_username);
980         sub_set_smb_name(nt_username);
981
982         DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
983                 r->in.validation_level, nt_username));
984
985         status = NT_STATUS_OK;
986
987         switch (r->in.logon_level) {
988         case NetlogonNetworkInformation:
989         {
990                 const char *wksname = nt_workstation;
991
992                 status = make_auth_context_fixed(&auth_context,
993                                                  logon->network->challenge);
994                 if (!NT_STATUS_IS_OK(status)) {
995                         return status;
996                 }
997
998                 /* For a network logon, the workstation name comes in with two
999                  * backslashes in the front. Strip them if they are there. */
1000
1001                 if (*wksname == '\\') wksname++;
1002                 if (*wksname == '\\') wksname++;
1003
1004                 /* Standard challenge/response authenticaion */
1005                 if (!make_user_info_netlogon_network(&user_info,
1006                                                      nt_username, nt_domain,
1007                                                      wksname,
1008                                                      logon->network->identity_info.parameter_control,
1009                                                      logon->network->lm.data,
1010                                                      logon->network->lm.length,
1011                                                      logon->network->nt.data,
1012                                                      logon->network->nt.length)) {
1013                         status = NT_STATUS_NO_MEMORY;
1014                 }
1015                 break;
1016         }
1017         case NetlogonInteractiveInformation:
1018                 /* 'Interactive' authentication, supplies the password in its
1019                    MD4 form, encrypted with the session key.  We will convert
1020                    this to challenge/response for the auth subsystem to chew
1021                    on */
1022         {
1023                 uint8_t chal[8];
1024
1025                 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
1026                         return status;
1027                 }
1028
1029                 auth_context->get_ntlm_challenge(auth_context, chal);
1030
1031                 if (!make_user_info_netlogon_interactive(&user_info,
1032                                                          nt_username, nt_domain,
1033                                                          nt_workstation,
1034                                                          logon->password->identity_info.parameter_control,
1035                                                          chal,
1036                                                          logon->password->lmpassword.hash,
1037                                                          logon->password->ntpassword.hash,
1038                                                          creds->session_key)) {
1039                         status = NT_STATUS_NO_MEMORY;
1040                 }
1041                 break;
1042         }
1043         default:
1044                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
1045                 return NT_STATUS_INVALID_INFO_CLASS;
1046         } /* end switch */
1047
1048         if ( NT_STATUS_IS_OK(status) ) {
1049                 status = auth_context->check_ntlm_password(auth_context,
1050                         user_info, &server_info);
1051         }
1052
1053         (auth_context->free)(&auth_context);
1054         free_user_info(&user_info);
1055
1056         DEBUG(5,("%s: check_password returned status %s\n",
1057                   fn, nt_errstr(status)));
1058
1059         /* Check account and password */
1060
1061         if (!NT_STATUS_IS_OK(status)) {
1062                 /* If we don't know what this domain is, we need to
1063                    indicate that we are not authoritative.  This
1064                    allows the client to decide if it needs to try
1065                    a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
1066                 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
1067                      && !strequal(nt_domain, get_global_sam_name())
1068                      && !is_trusted_domain(nt_domain) )
1069                         *r->out.authoritative = false; /* We are not authoritative */
1070
1071                 TALLOC_FREE(server_info);
1072                 return status;
1073         }
1074
1075         if (server_info->guest) {
1076                 /* We don't like guest domain logons... */
1077                 DEBUG(5,("%s: Attempted domain logon as GUEST "
1078                          "denied.\n", fn));
1079                 TALLOC_FREE(server_info);
1080                 return NT_STATUS_LOGON_FAILURE;
1081         }
1082
1083         /* This is the point at which, if the login was successful, that
1084            the SAM Local Security Authority should record that the user is
1085            logged in to the domain.  */
1086
1087         if (process_creds) {
1088                 /* Get the pipe session key from the creds. */
1089                 memcpy(pipe_session_key, creds->session_key, 16);
1090         } else {
1091                 /* Get the pipe session key from the schannel. */
1092                 if ((p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL)
1093                     || (p->auth.a_u.schannel_auth == NULL)) {
1094                         return NT_STATUS_INVALID_HANDLE;
1095                 }
1096                 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1097         }
1098
1099         switch (r->in.validation_level) {
1100         case 2:
1101                 status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
1102                                                 r->out.validation->sam2);
1103                 break;
1104         case 3:
1105                 status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
1106                                                 r->out.validation->sam3);
1107                 break;
1108         }
1109
1110         TALLOC_FREE(server_info);
1111
1112         return status;
1113 }
1114
1115 /****************************************************************
1116  _netr_LogonSamLogonWithFlags
1117 ****************************************************************/
1118
1119 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1120                                       struct netr_LogonSamLogonWithFlags *r)
1121 {
1122         NTSTATUS status;
1123         struct netlogon_creds_CredentialState *creds;
1124         struct netr_LogonSamLogonEx r2;
1125         struct netr_Authenticator return_authenticator;
1126
1127         become_root();
1128         status = netr_creds_server_step_check(p, p->mem_ctx,
1129                                               r->in.computer_name,
1130                                               r->in.credential,
1131                                               &return_authenticator,
1132                                               &creds);
1133         unbecome_root();
1134         if (!NT_STATUS_IS_OK(status)) {
1135                 return status;
1136         }
1137
1138         r2.in.server_name       = r->in.server_name;
1139         r2.in.computer_name     = r->in.computer_name;
1140         r2.in.logon_level       = r->in.logon_level;
1141         r2.in.logon             = r->in.logon;
1142         r2.in.validation_level  = r->in.validation_level;
1143         r2.in.flags             = r->in.flags;
1144         r2.out.validation       = r->out.validation;
1145         r2.out.authoritative    = r->out.authoritative;
1146         r2.out.flags            = r->out.flags;
1147
1148         status = _netr_LogonSamLogon_base(p, &r2, creds);
1149
1150         *r->out.return_authenticator = return_authenticator;
1151
1152         return status;
1153 }
1154
1155 /*************************************************************************
1156  _netr_LogonSamLogon
1157  *************************************************************************/
1158
1159 NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
1160                              struct netr_LogonSamLogon *r)
1161 {
1162         NTSTATUS status;
1163         struct netr_LogonSamLogonWithFlags r2;
1164         uint32_t flags = 0;
1165
1166         r2.in.server_name               = r->in.server_name;
1167         r2.in.computer_name             = r->in.computer_name;
1168         r2.in.credential                = r->in.credential;
1169         r2.in.logon_level               = r->in.logon_level;
1170         r2.in.logon                     = r->in.logon;
1171         r2.in.validation_level          = r->in.validation_level;
1172         r2.in.return_authenticator      = r->in.return_authenticator;
1173         r2.in.flags                     = &flags;
1174         r2.out.validation               = r->out.validation;
1175         r2.out.authoritative            = r->out.authoritative;
1176         r2.out.flags                    = &flags;
1177         r2.out.return_authenticator     = r->out.return_authenticator;
1178
1179         status = _netr_LogonSamLogonWithFlags(p, &r2);
1180
1181         return status;
1182 }
1183
1184 /*************************************************************************
1185  _netr_LogonSamLogonEx
1186  - no credential chaining. Map into net sam logon.
1187  *************************************************************************/
1188
1189 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1190                                struct netr_LogonSamLogonEx *r)
1191 {
1192         NTSTATUS status;
1193         struct netlogon_creds_CredentialState *creds;
1194
1195         become_root();
1196         status = schannel_fetch_session_key(p->mem_ctx, r->in.computer_name, &creds);
1197         unbecome_root();
1198         if (!NT_STATUS_IS_OK(status)) {
1199                 return status;
1200         }
1201
1202         /* Only allow this if the pipe is protected. */
1203         if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1204                 DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
1205                         get_remote_machine_name() ));
1206                 return NT_STATUS_INVALID_PARAMETER;
1207         }
1208
1209         status = _netr_LogonSamLogon_base(p, r, creds);
1210         TALLOC_FREE(creds);
1211
1212         return status;
1213 }
1214
1215 /*************************************************************************
1216  _ds_enum_dom_trusts
1217  *************************************************************************/
1218 #if 0   /* JERRY -- not correct */
1219  NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
1220                              DS_R_ENUM_DOM_TRUSTS *r_u)
1221 {
1222         NTSTATUS status = NT_STATUS_OK;
1223
1224         /* TODO: According to MSDN, the can only be executed against a
1225            DC or domain member running Windows 2000 or later.  Need
1226            to test against a standalone 2k server and see what it
1227            does.  A windows 2000 DC includes its own domain in the
1228            list.  --jerry */
1229
1230         return status;
1231 }
1232 #endif  /* JERRY */
1233
1234
1235 /****************************************************************
1236 ****************************************************************/
1237
1238 WERROR _netr_LogonUasLogon(pipes_struct *p,
1239                            struct netr_LogonUasLogon *r)
1240 {
1241         p->rng_fault_state = true;
1242         return WERR_NOT_SUPPORTED;
1243 }
1244
1245 /****************************************************************
1246 ****************************************************************/
1247
1248 WERROR _netr_LogonUasLogoff(pipes_struct *p,
1249                             struct netr_LogonUasLogoff *r)
1250 {
1251         p->rng_fault_state = true;
1252         return WERR_NOT_SUPPORTED;
1253 }
1254
1255 /****************************************************************
1256 ****************************************************************/
1257
1258 NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1259                               struct netr_DatabaseDeltas *r)
1260 {
1261         p->rng_fault_state = true;
1262         return NT_STATUS_NOT_IMPLEMENTED;
1263 }
1264
1265 /****************************************************************
1266 ****************************************************************/
1267
1268 NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1269                             struct netr_DatabaseSync *r)
1270 {
1271         p->rng_fault_state = true;
1272         return NT_STATUS_NOT_IMPLEMENTED;
1273 }
1274
1275 /****************************************************************
1276 ****************************************************************/
1277
1278 NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1279                              struct netr_AccountDeltas *r)
1280 {
1281         p->rng_fault_state = true;
1282         return NT_STATUS_NOT_IMPLEMENTED;
1283 }
1284
1285 /****************************************************************
1286 ****************************************************************/
1287
1288 NTSTATUS _netr_AccountSync(pipes_struct *p,
1289                            struct netr_AccountSync *r)
1290 {
1291         p->rng_fault_state = true;
1292         return NT_STATUS_NOT_IMPLEMENTED;
1293 }
1294
1295 /****************************************************************
1296 ****************************************************************/
1297
1298 WERROR _netr_GetDcName(pipes_struct *p,
1299                        struct netr_GetDcName *r)
1300 {
1301         p->rng_fault_state = true;
1302         return WERR_NOT_SUPPORTED;
1303 }
1304
1305 /****************************************************************
1306 ****************************************************************/
1307
1308 WERROR _netr_GetAnyDCName(pipes_struct *p,
1309                           struct netr_GetAnyDCName *r)
1310 {
1311         p->rng_fault_state = true;
1312         return WERR_NOT_SUPPORTED;
1313 }
1314
1315 /****************************************************************
1316 ****************************************************************/
1317
1318 NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1319                              struct netr_DatabaseSync2 *r)
1320 {
1321         p->rng_fault_state = true;
1322         return NT_STATUS_NOT_IMPLEMENTED;
1323 }
1324
1325 /****************************************************************
1326 ****************************************************************/
1327
1328 NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1329                             struct netr_DatabaseRedo *r)
1330 {
1331         p->rng_fault_state = true;
1332         return NT_STATUS_NOT_IMPLEMENTED;
1333 }
1334
1335 /****************************************************************
1336 ****************************************************************/
1337
1338 WERROR _netr_DsRGetDCName(pipes_struct *p,
1339                           struct netr_DsRGetDCName *r)
1340 {
1341         p->rng_fault_state = true;
1342         return WERR_NOT_SUPPORTED;
1343 }
1344
1345 /****************************************************************
1346 ****************************************************************/
1347
1348 NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
1349                                     struct netr_LogonGetCapabilities *r)
1350 {
1351         return NT_STATUS_NOT_IMPLEMENTED;
1352 }
1353
1354 /****************************************************************
1355 ****************************************************************/
1356
1357 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1358                                      struct netr_NETRLOGONSETSERVICEBITS *r)
1359 {
1360         p->rng_fault_state = true;
1361         return WERR_NOT_SUPPORTED;
1362 }
1363
1364 /****************************************************************
1365 ****************************************************************/
1366
1367 WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1368                               struct netr_LogonGetTrustRid *r)
1369 {
1370         p->rng_fault_state = true;
1371         return WERR_NOT_SUPPORTED;
1372 }
1373
1374 /****************************************************************
1375 ****************************************************************/
1376
1377 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1378                                           struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1379 {
1380         p->rng_fault_state = true;
1381         return WERR_NOT_SUPPORTED;
1382 }
1383
1384 /****************************************************************
1385 ****************************************************************/
1386
1387 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1388                                           struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1389 {
1390         p->rng_fault_state = true;
1391         return WERR_NOT_SUPPORTED;
1392 }
1393
1394 /****************************************************************
1395 ****************************************************************/
1396
1397 WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1398                             struct netr_DsRGetDCNameEx *r)
1399 {
1400         p->rng_fault_state = true;
1401         return WERR_NOT_SUPPORTED;
1402 }
1403
1404 /****************************************************************
1405 ****************************************************************/
1406
1407 WERROR _netr_DsRGetSiteName(pipes_struct *p,
1408                             struct netr_DsRGetSiteName *r)
1409 {
1410         p->rng_fault_state = true;
1411         return WERR_NOT_SUPPORTED;
1412 }
1413
1414 /****************************************************************
1415 ****************************************************************/
1416
1417 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1418                                   struct netr_LogonGetDomainInfo *r)
1419 {
1420         p->rng_fault_state = true;
1421         return NT_STATUS_NOT_IMPLEMENTED;
1422 }
1423
1424 /****************************************************************
1425 ****************************************************************/
1426
1427 WERROR _netr_ServerPasswordGet(pipes_struct *p,
1428                                struct netr_ServerPasswordGet *r)
1429 {
1430         p->rng_fault_state = true;
1431         return WERR_NOT_SUPPORTED;
1432 }
1433
1434 /****************************************************************
1435 ****************************************************************/
1436
1437 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1438                                 struct netr_NETRLOGONSENDTOSAM *r)
1439 {
1440         p->rng_fault_state = true;
1441         return WERR_NOT_SUPPORTED;
1442 }
1443
1444 /****************************************************************
1445 ****************************************************************/
1446
1447 WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1448                                     struct netr_DsRAddressToSitenamesW *r)
1449 {
1450         p->rng_fault_state = true;
1451         return WERR_NOT_SUPPORTED;
1452 }
1453
1454 /****************************************************************
1455 ****************************************************************/
1456
1457 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1458                              struct netr_DsRGetDCNameEx2 *r)
1459 {
1460         p->rng_fault_state = true;
1461         return WERR_NOT_SUPPORTED;
1462 }
1463
1464 /****************************************************************
1465 ****************************************************************/
1466
1467 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1468                                                  struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1469 {
1470         p->rng_fault_state = true;
1471         return WERR_NOT_SUPPORTED;
1472 }
1473
1474 /****************************************************************
1475 ****************************************************************/
1476
1477 WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1478                                            struct netr_NetrEnumerateTrustedDomainsEx *r)
1479 {
1480         p->rng_fault_state = true;
1481         return WERR_NOT_SUPPORTED;
1482 }
1483
1484 /****************************************************************
1485 ****************************************************************/
1486
1487 WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1488                                       struct netr_DsRAddressToSitenamesExW *r)
1489 {
1490         p->rng_fault_state = true;
1491         return WERR_NOT_SUPPORTED;
1492 }
1493
1494 /****************************************************************
1495 ****************************************************************/
1496
1497 WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1498                                    struct netr_DsrGetDcSiteCoverageW *r)
1499 {
1500         p->rng_fault_state = true;
1501         return WERR_NOT_SUPPORTED;
1502 }
1503
1504 /****************************************************************
1505 ****************************************************************/
1506
1507 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1508                                       struct netr_DsrEnumerateDomainTrusts *r)
1509 {
1510         p->rng_fault_state = true;
1511         return WERR_NOT_SUPPORTED;
1512 }
1513
1514 /****************************************************************
1515 ****************************************************************/
1516
1517 WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1518                                          struct netr_DsrDeregisterDNSHostRecords *r)
1519 {
1520         p->rng_fault_state = true;
1521         return WERR_NOT_SUPPORTED;
1522 }
1523
1524 /****************************************************************
1525 ****************************************************************/
1526
1527 NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1528                                        struct netr_ServerTrustPasswordsGet *r)
1529 {
1530         p->rng_fault_state = true;
1531         return NT_STATUS_NOT_IMPLEMENTED;
1532 }
1533
1534 /****************************************************************
1535 ****************************************************************/
1536
1537 WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1538                                           struct netr_DsRGetForestTrustInformation *r)
1539 {
1540         p->rng_fault_state = true;
1541         return WERR_NOT_SUPPORTED;
1542 }
1543
1544 /****************************************************************
1545 ****************************************************************/
1546
1547 WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1548                                        struct netr_GetForestTrustInformation *r)
1549 {
1550         p->rng_fault_state = true;
1551         return WERR_NOT_SUPPORTED;
1552 }
1553
1554 /****************************************************************
1555 ****************************************************************/
1556
1557 NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p,
1558                                   struct netr_ServerGetTrustInfo *r)
1559 {
1560         p->rng_fault_state = true;
1561         return NT_STATUS_NOT_IMPLEMENTED;
1562 }
1563