s3-netlogon: implement _netr_LogonSamLogonWithFlags().
[ira/wip.git] / source3 / rpc_server / srv_netlog_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6  *  Copyright (C) Paul Ashton                       1997.
7  *  Copyright (C) Jeremy Allison               1998-2001.
8  *  Copyright (C) Andrew Bartlett                   2001.
9  *  Copyright (C) Guenther Deschner                 2008.
10  *
11  *  This program is free software; you can redistribute it and/or modify
12  *  it under the terms of the GNU General Public License as published by
13  *  the Free Software Foundation; either version 3 of the License, or
14  *  (at your option) any later version.
15  *
16  *  This program is distributed in the hope that it will be useful,
17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  *  GNU General Public License for more details.
20  *
21  *  You should have received a copy of the GNU General Public License
22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 /* This is the implementation of the netlogon pipe. */
26
27 #include "includes.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../libcli/auth/schannel_state.h"
30
31 extern userdom_struct current_user_info;
32
33 #undef DBGC_CLASS
34 #define DBGC_CLASS DBGC_RPC_SRV
35
36 struct netlogon_server_pipe_state {
37         struct netr_Credential client_challenge;
38         struct netr_Credential server_challenge;
39 };
40
41 /*******************************************************************
42  Inits a netr_NETLOGON_INFO_1 structure.
43 ********************************************************************/
44
45 static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
46                                 uint32_t flags,
47                                 uint32_t pdc_connection_status)
48 {
49         r->flags = flags;
50         r->pdc_connection_status = pdc_connection_status;
51 }
52
53 /*******************************************************************
54  Inits a netr_NETLOGON_INFO_2 structure.
55 ********************************************************************/
56
57 static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
58                                 uint32_t flags,
59                                 uint32_t pdc_connection_status,
60                                 const char *trusted_dc_name,
61                                 uint32_t tc_connection_status)
62 {
63         r->flags = flags;
64         r->pdc_connection_status = pdc_connection_status;
65         r->trusted_dc_name = trusted_dc_name;
66         r->tc_connection_status = tc_connection_status;
67 }
68
69 /*******************************************************************
70  Inits a netr_NETLOGON_INFO_3 structure.
71 ********************************************************************/
72
73 static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
74                                 uint32_t flags,
75                                 uint32_t logon_attempts)
76 {
77         r->flags = flags;
78         r->logon_attempts = logon_attempts;
79 }
80
81 /*************************************************************************
82  _netr_LogonControl
83  *************************************************************************/
84
85 WERROR _netr_LogonControl(pipes_struct *p,
86                           struct netr_LogonControl *r)
87 {
88         struct netr_LogonControl2Ex l;
89
90         switch (r->in.level) {
91         case 1:
92                 break;
93         case 2:
94                 return WERR_NOT_SUPPORTED;
95         default:
96                 return WERR_UNKNOWN_LEVEL;
97         }
98
99         l.in.logon_server       = r->in.logon_server;
100         l.in.function_code      = r->in.function_code;
101         l.in.level              = r->in.level;
102         l.in.data               = NULL;
103         l.out.query             = r->out.query;
104
105         return _netr_LogonControl2Ex(p, &l);
106 }
107
108 /****************************************************************************
109 Send a message to smbd to do a sam synchronisation
110 **************************************************************************/
111
112 static void send_sync_message(void)
113 {
114         DEBUG(3, ("sending sam synchronisation message\n"));
115         message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
116                          NULL);
117 }
118
119 /*************************************************************************
120  _netr_LogonControl2
121  *************************************************************************/
122
123 WERROR _netr_LogonControl2(pipes_struct *p,
124                            struct netr_LogonControl2 *r)
125 {
126         struct netr_LogonControl2Ex l;
127
128         l.in.logon_server       = r->in.logon_server;
129         l.in.function_code      = r->in.function_code;
130         l.in.level              = r->in.level;
131         l.in.data               = r->in.data;
132         l.out.query             = r->out.query;
133
134         return _netr_LogonControl2Ex(p, &l);
135 }
136
137 /****************************************************************
138  _netr_LogonControl2Ex
139 ****************************************************************/
140
141 WERROR _netr_LogonControl2Ex(pipes_struct *p,
142                              struct netr_LogonControl2Ex *r)
143 {
144         uint32 flags = 0x0;
145         uint32 pdc_connection_status = 0x0;
146         uint32 logon_attempts = 0x0;
147         uint32 tc_status;
148         fstring dc_name2;
149         const char *dc_name = NULL;
150         struct sockaddr_storage dc_ss;
151         const char *domain = NULL;
152         struct netr_NETLOGON_INFO_1 *info1;
153         struct netr_NETLOGON_INFO_2 *info2;
154         struct netr_NETLOGON_INFO_3 *info3;
155         const char *fn;
156
157         switch (p->hdr_req.opnum) {
158                 case NDR_NETR_LOGONCONTROL:
159                         fn = "_netr_LogonControl";
160                         break;
161                 case NDR_NETR_LOGONCONTROL2:
162                         fn = "_netr_LogonControl2";
163                         break;
164                 case NDR_NETR_LOGONCONTROL2EX:
165                         fn = "_netr_LogonControl2Ex";
166                         break;
167                 default:
168                         return WERR_INVALID_PARAM;
169         }
170
171         tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
172
173         switch (r->in.function_code) {
174                 case NETLOGON_CONTROL_TC_QUERY:
175                         domain = r->in.data->domain;
176
177                         if ( !is_trusted_domain( domain ) )
178                                 break;
179
180                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
181                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
182                                 break;
183                         }
184
185                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
186                         if (!dc_name) {
187                                 return WERR_NOMEM;
188                         }
189
190                         tc_status = W_ERROR_V(WERR_OK);
191
192                         break;
193
194                 case NETLOGON_CONTROL_REDISCOVER:
195                         domain = r->in.data->domain;
196
197                         if ( !is_trusted_domain( domain ) )
198                                 break;
199
200                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
201                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
202                                 break;
203                         }
204
205                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
206                         if (!dc_name) {
207                                 return WERR_NOMEM;
208                         }
209
210                         tc_status = W_ERROR_V(WERR_OK);
211
212                         break;
213
214                 default:
215                         /* no idea what this should be */
216                         DEBUG(0,("%s: unimplemented function level [%d]\n",
217                                 fn, r->in.function_code));
218                         return WERR_UNKNOWN_LEVEL;
219         }
220
221         /* prepare the response */
222
223         switch (r->in.level) {
224                 case 1:
225                         info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
226                         W_ERROR_HAVE_NO_MEMORY(info1);
227
228                         init_netlogon_info1(info1,
229                                             flags,
230                                             pdc_connection_status);
231                         r->out.query->info1 = info1;
232                         break;
233                 case 2:
234                         info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
235                         W_ERROR_HAVE_NO_MEMORY(info2);
236
237                         init_netlogon_info2(info2,
238                                             flags,
239                                             pdc_connection_status,
240                                             dc_name,
241                                             tc_status);
242                         r->out.query->info2 = info2;
243                         break;
244                 case 3:
245                         info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
246                         W_ERROR_HAVE_NO_MEMORY(info3);
247
248                         init_netlogon_info3(info3,
249                                             flags,
250                                             logon_attempts);
251                         r->out.query->info3 = info3;
252                         break;
253                 default:
254                         return WERR_UNKNOWN_LEVEL;
255         }
256
257         if (lp_server_role() == ROLE_DOMAIN_BDC) {
258                 send_sync_message();
259         }
260
261         return WERR_OK;
262 }
263
264 /*************************************************************************
265  _netr_NetrEnumerateTrustedDomains
266  *************************************************************************/
267
268 WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
269                                          struct netr_NetrEnumerateTrustedDomains *r)
270 {
271         struct netr_Blob trusted_domains_blob;
272         DATA_BLOB blob;
273
274         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
275
276         /* set up the Trusted Domain List response */
277
278         blob = data_blob_talloc_zero(p->mem_ctx, 2);
279         trusted_domains_blob.data = blob.data;
280         trusted_domains_blob.length = blob.length;
281
282         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
283
284         *r->out.trusted_domains_blob = trusted_domains_blob;
285
286         return WERR_OK;
287 }
288
289 /******************************************************************
290  gets a machine password entry.  checks access rights of the host.
291  ******************************************************************/
292
293 static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
294                           uint16_t sec_chan_type, struct dom_sid *sid)
295 {
296         struct samu *sampass = NULL;
297         const uint8 *pass;
298         bool ret;
299         uint32 acct_ctrl;
300
301 #if 0
302         char addr[INET6_ADDRSTRLEN];
303
304     /*
305      * Currently this code is redundent as we already have a filter
306      * by hostname list. What this code really needs to do is to
307      * get a hosts allowed/hosts denied list from the SAM database
308      * on a per user basis, and make the access decision there.
309      * I will leave this code here for now as a reminder to implement
310      * this at a later date. JRA.
311      */
312
313         if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
314                         client_name(get_client_fd()),
315                         client_addr(get_client_fd(),addr,sizeof(addr)))) {
316                 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
317                 return False;
318         }
319 #endif /* 0 */
320
321         if ( !(sampass = samu_new( NULL )) ) {
322                 return NT_STATUS_NO_MEMORY;
323         }
324
325         /* JRA. This is ok as it is only used for generating the challenge. */
326         become_root();
327         ret = pdb_getsampwnam(sampass, mach_acct);
328         unbecome_root();
329
330         if (!ret) {
331                 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
332                 TALLOC_FREE(sampass);
333                 return NT_STATUS_ACCESS_DENIED;
334         }
335
336         acct_ctrl = pdb_get_acct_ctrl(sampass);
337         if (acct_ctrl & ACB_DISABLED) {
338                 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
339                 TALLOC_FREE(sampass);
340                 return NT_STATUS_ACCOUNT_DISABLED;
341         }
342
343         if (!(acct_ctrl & ACB_SVRTRUST) &&
344             !(acct_ctrl & ACB_WSTRUST) &&
345             !(acct_ctrl & ACB_DOMTRUST))
346         {
347                 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
348                 TALLOC_FREE(sampass);
349                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
350         }
351
352         switch (sec_chan_type) {
353                 case SEC_CHAN_BDC:
354                         if (!(acct_ctrl & ACB_SVRTRUST)) {
355                                 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
356                                          "but not a server trust account\n", mach_acct));
357                                 TALLOC_FREE(sampass);
358                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
359                         }
360                         break;
361                 case SEC_CHAN_WKSTA:
362                         if (!(acct_ctrl & ACB_WSTRUST)) {
363                                 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
364                                          "but not a workstation trust account\n", mach_acct));
365                                 TALLOC_FREE(sampass);
366                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
367                         }
368                         break;
369                 case SEC_CHAN_DOMAIN:
370                         if (!(acct_ctrl & ACB_DOMTRUST)) {
371                                 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
372                                          "but not a interdomain trust account\n", mach_acct));
373                                 TALLOC_FREE(sampass);
374                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
375                         }
376                         break;
377                 default:
378                         break;
379         }
380
381         if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
382                 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
383                 TALLOC_FREE(sampass);
384                 return NT_STATUS_LOGON_FAILURE;
385         }
386
387         memcpy(md4pw->hash, pass, 16);
388         dump_data(5, md4pw->hash, 16);
389
390         sid_copy(sid, pdb_get_user_sid(sampass));
391
392         TALLOC_FREE(sampass);
393
394         return NT_STATUS_OK;
395
396
397 }
398
399 /*************************************************************************
400  _netr_ServerReqChallenge
401  *************************************************************************/
402
403 NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
404                                   struct netr_ServerReqChallenge *r)
405 {
406         struct netlogon_server_pipe_state *pipe_state =
407                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
408
409         if (pipe_state) {
410                 DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
411                 talloc_free(pipe_state);
412                 p->private_data = NULL;
413         }
414
415         pipe_state = talloc(p, struct netlogon_server_pipe_state);
416         NT_STATUS_HAVE_NO_MEMORY(pipe_state);
417
418         pipe_state->client_challenge = *r->in.credentials;
419
420         generate_random_buffer(pipe_state->server_challenge.data,
421                                sizeof(pipe_state->server_challenge.data));
422
423         *r->out.return_credentials = pipe_state->server_challenge;
424
425         p->private_data = pipe_state;
426
427         return NT_STATUS_OK;
428 }
429
430 /*************************************************************************
431  _netr_ServerAuthenticate
432  Create the initial credentials.
433  *************************************************************************/
434
435 NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
436                                   struct netr_ServerAuthenticate *r)
437 {
438         struct netr_ServerAuthenticate3 a;
439         uint32_t negotiate_flags = 0;
440         uint32_t rid;
441
442         a.in.server_name                = r->in.server_name;
443         a.in.account_name               = r->in.account_name;
444         a.in.secure_channel_type        = r->in.secure_channel_type;
445         a.in.computer_name              = r->in.computer_name;
446         a.in.credentials                = r->in.credentials;
447         a.in.negotiate_flags            = &negotiate_flags;
448
449         a.out.return_credentials        = r->out.return_credentials;
450         a.out.rid                       = &rid;
451         a.out.negotiate_flags           = &negotiate_flags;
452
453         return _netr_ServerAuthenticate3(p, &a);
454
455 }
456
457 /*************************************************************************
458  _netr_ServerAuthenticate3
459  *************************************************************************/
460
461 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
462                                    struct netr_ServerAuthenticate3 *r)
463 {
464         NTSTATUS status;
465         uint32_t srv_flgs;
466         /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
467          * so use a copy to avoid destroying the client values. */
468         uint32_t in_neg_flags = *r->in.negotiate_flags;
469         const char *fn;
470         struct dom_sid sid;
471         struct samr_Password mach_pwd;
472         struct netlogon_creds_CredentialState *creds;
473         struct netlogon_server_pipe_state *pipe_state =
474                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
475
476         /* According to Microsoft (see bugid #6099)
477          * Windows 7 looks at the negotiate_flags
478          * returned in this structure *even if the
479          * call fails with access denied* ! So in order
480          * to allow Win7 to connect to a Samba NT style
481          * PDC we set the flags before we know if it's
482          * an error or not.
483          */
484
485         /* 0x000001ff */
486         srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
487                    NETLOGON_NEG_PERSISTENT_SAMREPL |
488                    NETLOGON_NEG_ARCFOUR |
489                    NETLOGON_NEG_PROMOTION_COUNT |
490                    NETLOGON_NEG_CHANGELOG_BDC |
491                    NETLOGON_NEG_FULL_SYNC_REPL |
492                    NETLOGON_NEG_MULTIPLE_SIDS |
493                    NETLOGON_NEG_REDO |
494                    NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
495
496         /* Ensure we support strong (128-bit) keys. */
497         if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
498                 srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
499         }
500
501         if (lp_server_schannel() != false) {
502                 srv_flgs |= NETLOGON_NEG_SCHANNEL;
503         }
504
505         switch (p->hdr_req.opnum) {
506                 case NDR_NETR_SERVERAUTHENTICATE:
507                         fn = "_netr_ServerAuthenticate";
508                         break;
509                 case NDR_NETR_SERVERAUTHENTICATE2:
510                         fn = "_netr_ServerAuthenticate2";
511                         break;
512                 case NDR_NETR_SERVERAUTHENTICATE3:
513                         fn = "_netr_ServerAuthenticate3";
514                         break;
515                 default:
516                         return NT_STATUS_INTERNAL_ERROR;
517         }
518
519         /* We use this as the key to store the creds: */
520         /* r->in.computer_name */
521
522         if (!pipe_state) {
523                 DEBUG(0,("%s: no challenge sent to client %s\n", fn,
524                         r->in.computer_name));
525                 status = NT_STATUS_ACCESS_DENIED;
526                 goto out;
527         }
528
529         if ( (lp_server_schannel() == true) &&
530              ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
531
532                 /* schannel must be used, but client did not offer it. */
533                 DEBUG(0,("%s: schannel required but client failed "
534                         "to offer it. Client was %s\n",
535                         fn, r->in.account_name));
536                 status = NT_STATUS_ACCESS_DENIED;
537                 goto out;
538         }
539
540         status = get_md4pw(&mach_pwd,
541                            r->in.account_name,
542                            r->in.secure_channel_type,
543                            &sid);
544         if (!NT_STATUS_IS_OK(status)) {
545                 DEBUG(0,("%s: failed to get machine password for "
546                         "account %s: %s\n",
547                         fn, r->in.account_name, nt_errstr(status) ));
548                 /* always return NT_STATUS_ACCESS_DENIED */
549                 status = NT_STATUS_ACCESS_DENIED;
550                 goto out;
551         }
552
553         /* From the client / server challenges and md4 password, generate sess key */
554         /* Check client credentials are valid. */
555         creds = netlogon_creds_server_init(p->mem_ctx,
556                                            r->in.account_name,
557                                            r->in.computer_name,
558                                            r->in.secure_channel_type,
559                                            &pipe_state->client_challenge,
560                                            &pipe_state->server_challenge,
561                                            &mach_pwd,
562                                            r->in.credentials,
563                                            r->out.return_credentials,
564                                            *r->in.negotiate_flags);
565         if (!creds) {
566                 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
567                         "request from client %s machine account %s\n",
568                         fn, r->in.computer_name,
569                         r->in.account_name));
570                 status = NT_STATUS_ACCESS_DENIED;
571                 goto out;
572         }
573
574         creds->sid = sid_dup_talloc(creds, &sid);
575         if (!creds->sid) {
576                 status = NT_STATUS_NO_MEMORY;
577                 goto out;
578         }
579
580         /* Store off the state so we can continue after client disconnect. */
581         become_root();
582         status = schannel_store_session_key(p->mem_ctx, creds);
583         unbecome_root();
584
585         if (!NT_STATUS_IS_OK(status)) {
586                 goto out;
587         }
588
589         sid_peek_rid(&sid, r->out.rid);
590
591         status = NT_STATUS_OK;
592
593   out:
594
595         *r->out.negotiate_flags = srv_flgs;
596         return status;
597 }
598
599 /*************************************************************************
600  _netr_ServerAuthenticate2
601  *************************************************************************/
602
603 NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
604                                    struct netr_ServerAuthenticate2 *r)
605 {
606         struct netr_ServerAuthenticate3 a;
607         uint32_t rid;
608
609         a.in.server_name                = r->in.server_name;
610         a.in.account_name               = r->in.account_name;
611         a.in.secure_channel_type        = r->in.secure_channel_type;
612         a.in.computer_name              = r->in.computer_name;
613         a.in.credentials                = r->in.credentials;
614         a.in.negotiate_flags            = r->in.negotiate_flags;
615
616         a.out.return_credentials        = r->out.return_credentials;
617         a.out.rid                       = &rid;
618         a.out.negotiate_flags           = r->out.negotiate_flags;
619
620         return _netr_ServerAuthenticate3(p, &a);
621 }
622
623 /*************************************************************************
624  *************************************************************************/
625
626 static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
627                                              TALLOC_CTX *mem_ctx,
628                                              const char *computer_name,
629                                              struct netr_Authenticator *received_authenticator,
630                                              struct netr_Authenticator *return_authenticator,
631                                              struct netlogon_creds_CredentialState **creds_out)
632 {
633         NTSTATUS status;
634         struct tdb_context *tdb;
635         bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
636         bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
637                 (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
638                  p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
639
640         tdb = open_schannel_session_store(mem_ctx);
641         if (!tdb) {
642                 return NT_STATUS_ACCESS_DENIED;
643         }
644
645         status = schannel_creds_server_step_check_tdb(tdb, mem_ctx,
646                                                       computer_name,
647                                                       schannel_global_required,
648                                                       schannel_in_use,
649                                                       received_authenticator,
650                                                       return_authenticator,
651                                                       creds_out);
652         tdb_close(tdb);
653
654         return status;
655 }
656
657 /*************************************************************************
658  _netr_ServerPasswordSet
659  *************************************************************************/
660
661 NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
662                                  struct netr_ServerPasswordSet *r)
663 {
664         NTSTATUS status = NT_STATUS_OK;
665         struct samu *sampass=NULL;
666         bool ret = False;
667         int i;
668         uint32 acct_ctrl;
669         const uchar *old_pw;
670         struct netlogon_creds_CredentialState *creds;
671
672         DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
673
674         become_root();
675         status = netr_creds_server_step_check(p, p->mem_ctx,
676                                               r->in.computer_name,
677                                               r->in.credential,
678                                               r->out.return_authenticator,
679                                               &creds);
680         unbecome_root();
681
682         if (!NT_STATUS_IS_OK(status)) {
683                 DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
684                         "request from client %s machine account %s\n",
685                         r->in.computer_name, creds->computer_name));
686                 TALLOC_FREE(creds);
687                 return status;
688         }
689
690         DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
691                         r->in.computer_name, creds->computer_name));
692
693         sampass = samu_new( NULL );
694         if (!sampass) {
695                 return NT_STATUS_NO_MEMORY;
696         }
697
698         become_root();
699         ret = pdb_getsampwnam(sampass, creds->account_name);
700         unbecome_root();
701
702         if (!ret) {
703                 TALLOC_FREE(sampass);
704                 return NT_STATUS_ACCESS_DENIED;
705         }
706
707         /* Ensure the account exists and is a machine account. */
708
709         acct_ctrl = pdb_get_acct_ctrl(sampass);
710
711         if (!(acct_ctrl & ACB_WSTRUST ||
712                       acct_ctrl & ACB_SVRTRUST ||
713                       acct_ctrl & ACB_DOMTRUST)) {
714                 TALLOC_FREE(sampass);
715                 return NT_STATUS_NO_SUCH_USER;
716         }
717
718         if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
719                 TALLOC_FREE(sampass);
720                 return NT_STATUS_ACCOUNT_DISABLED;
721         }
722
723         /* Woah - what does this to to the credential chain ? JRA */
724         netlogon_creds_des_decrypt(creds, r->in.new_password);
725
726         DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
727         for(i = 0; i < sizeof(r->in.new_password->hash); i++)
728                 DEBUG(100,("%02X ", r->in.new_password->hash[i]));
729         DEBUG(100,("\n"));
730
731         old_pw = pdb_get_nt_passwd(sampass);
732
733         if (old_pw && memcmp(r->in.new_password->hash, old_pw, 16) == 0) {
734                 /* Avoid backend modificiations and other fun if the
735                    client changed the password to the *same thing* */
736
737                 ret = True;
738         } else {
739
740                 /* LM password should be NULL for machines */
741                 if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
742                         TALLOC_FREE(sampass);
743                         return NT_STATUS_NO_MEMORY;
744                 }
745
746                 if (!pdb_set_nt_passwd(sampass, r->in.new_password->hash, PDB_CHANGED)) {
747                         TALLOC_FREE(sampass);
748                         return NT_STATUS_NO_MEMORY;
749                 }
750
751                 if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
752                         TALLOC_FREE(sampass);
753                         /* Not quite sure what this one qualifies as, but this will do */
754                         return NT_STATUS_UNSUCCESSFUL;
755                 }
756
757                 become_root();
758                 status = pdb_update_sam_account(sampass);
759                 unbecome_root();
760         }
761
762         TALLOC_FREE(sampass);
763         return status;
764 }
765
766 /*************************************************************************
767  _netr_LogonSamLogoff
768  *************************************************************************/
769
770 NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
771                               struct netr_LogonSamLogoff *r)
772 {
773         NTSTATUS status;
774         struct netlogon_creds_CredentialState *creds;
775
776         become_root();
777         status = netr_creds_server_step_check(p, p->mem_ctx,
778                                               r->in.computer_name,
779                                               r->in.credential,
780                                               r->out.return_authenticator,
781                                               &creds);
782         unbecome_root();
783
784         return status;
785 }
786
787 /*************************************************************************
788  _netr_LogonSamLogon_base
789  *************************************************************************/
790
791 static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
792                                          struct netr_LogonSamLogonEx *r,
793                                          struct netlogon_creds_CredentialState *creds)
794 {
795         NTSTATUS status = NT_STATUS_OK;
796         union netr_LogonLevel *logon = r->in.logon;
797         const char *nt_username, *nt_domain, *nt_workstation;
798         auth_usersupplied_info *user_info = NULL;
799         auth_serversupplied_info *server_info = NULL;
800         struct auth_context *auth_context = NULL;
801         uint8_t pipe_session_key[16];
802         bool process_creds = true;
803         const char *fn;
804
805         switch (p->hdr_req.opnum) {
806                 case NDR_NETR_LOGONSAMLOGON:
807                         process_creds = true;
808                         fn = "_netr_LogonSamLogon";
809                         break;
810                 case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
811                         process_creds = true;
812                         fn = "_netr_LogonSamLogonWithFlags";
813                         break;
814                 case NDR_NETR_LOGONSAMLOGONEX:
815                         process_creds = false;
816                         fn = "_netr_LogonSamLogonEx";
817                         break;
818                 default:
819                         return NT_STATUS_INTERNAL_ERROR;
820         }
821
822         *r->out.authoritative = true; /* authoritative response */
823
824         switch (r->in.validation_level) {
825         case 2:
826                 r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
827                 if (!r->out.validation->sam2) {
828                         return NT_STATUS_NO_MEMORY;
829                 }
830                 break;
831         case 3:
832                 r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
833                 if (!r->out.validation->sam3) {
834                         return NT_STATUS_NO_MEMORY;
835                 }
836                 break;
837         default:
838                 DEBUG(0,("%s: bad validation_level value %d.\n",
839                         fn, (int)r->in.validation_level));
840                 return NT_STATUS_INVALID_INFO_CLASS;
841         }
842
843         switch (r->in.logon_level) {
844         case NetlogonInteractiveInformation:
845                 nt_username     = logon->password->identity_info.account_name.string;
846                 nt_domain       = logon->password->identity_info.domain_name.string;
847                 nt_workstation  = logon->password->identity_info.workstation.string;
848
849                 DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
850                 break;
851         case NetlogonNetworkInformation:
852                 nt_username     = logon->network->identity_info.account_name.string;
853                 nt_domain       = logon->network->identity_info.domain_name.string;
854                 nt_workstation  = logon->network->identity_info.workstation.string;
855
856                 DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
857                 break;
858         default:
859                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
860                 return NT_STATUS_INVALID_INFO_CLASS;
861         } /* end switch */
862
863         DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
864         fstrcpy(current_user_info.smb_name, nt_username);
865         sub_set_smb_name(nt_username);
866
867         DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
868                 r->in.validation_level, nt_username));
869
870         status = NT_STATUS_OK;
871
872         switch (r->in.logon_level) {
873         case NetlogonNetworkInformation:
874         {
875                 const char *wksname = nt_workstation;
876
877                 status = make_auth_context_fixed(&auth_context,
878                                                  logon->network->challenge);
879                 if (!NT_STATUS_IS_OK(status)) {
880                         return status;
881                 }
882
883                 /* For a network logon, the workstation name comes in with two
884                  * backslashes in the front. Strip them if they are there. */
885
886                 if (*wksname == '\\') wksname++;
887                 if (*wksname == '\\') wksname++;
888
889                 /* Standard challenge/response authenticaion */
890                 if (!make_user_info_netlogon_network(&user_info,
891                                                      nt_username, nt_domain,
892                                                      wksname,
893                                                      logon->network->identity_info.parameter_control,
894                                                      logon->network->lm.data,
895                                                      logon->network->lm.length,
896                                                      logon->network->nt.data,
897                                                      logon->network->nt.length)) {
898                         status = NT_STATUS_NO_MEMORY;
899                 }
900                 break;
901         }
902         case NetlogonInteractiveInformation:
903                 /* 'Interactive' authentication, supplies the password in its
904                    MD4 form, encrypted with the session key.  We will convert
905                    this to challenge/response for the auth subsystem to chew
906                    on */
907         {
908                 uint8_t chal[8];
909
910                 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
911                         return status;
912                 }
913
914                 auth_context->get_ntlm_challenge(auth_context, chal);
915
916                 if (!make_user_info_netlogon_interactive(&user_info,
917                                                          nt_username, nt_domain,
918                                                          nt_workstation,
919                                                          logon->password->identity_info.parameter_control,
920                                                          chal,
921                                                          logon->password->lmpassword.hash,
922                                                          logon->password->ntpassword.hash,
923                                                          creds->session_key)) {
924                         status = NT_STATUS_NO_MEMORY;
925                 }
926                 break;
927         }
928         default:
929                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
930                 return NT_STATUS_INVALID_INFO_CLASS;
931         } /* end switch */
932
933         if ( NT_STATUS_IS_OK(status) ) {
934                 status = auth_context->check_ntlm_password(auth_context,
935                         user_info, &server_info);
936         }
937
938         (auth_context->free)(&auth_context);
939         free_user_info(&user_info);
940
941         DEBUG(5,("%s: check_password returned status %s\n",
942                   fn, nt_errstr(status)));
943
944         /* Check account and password */
945
946         if (!NT_STATUS_IS_OK(status)) {
947                 /* If we don't know what this domain is, we need to
948                    indicate that we are not authoritative.  This
949                    allows the client to decide if it needs to try
950                    a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
951                 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
952                      && !strequal(nt_domain, get_global_sam_name())
953                      && !is_trusted_domain(nt_domain) )
954                         *r->out.authoritative = false; /* We are not authoritative */
955
956                 TALLOC_FREE(server_info);
957                 return status;
958         }
959
960         if (server_info->guest) {
961                 /* We don't like guest domain logons... */
962                 DEBUG(5,("%s: Attempted domain logon as GUEST "
963                          "denied.\n", fn));
964                 TALLOC_FREE(server_info);
965                 return NT_STATUS_LOGON_FAILURE;
966         }
967
968         /* This is the point at which, if the login was successful, that
969            the SAM Local Security Authority should record that the user is
970            logged in to the domain.  */
971
972         if (process_creds) {
973                 /* Get the pipe session key from the creds. */
974                 memcpy(pipe_session_key, creds->session_key, 16);
975         } else {
976                 /* Get the pipe session key from the schannel. */
977                 if ((p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL)
978                     || (p->auth.a_u.schannel_auth == NULL)) {
979                         return NT_STATUS_INVALID_HANDLE;
980                 }
981                 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
982         }
983
984         switch (r->in.validation_level) {
985         case 2:
986                 status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
987                                                 r->out.validation->sam2);
988                 break;
989         case 3:
990                 status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
991                                                 r->out.validation->sam3);
992                 break;
993         }
994
995         TALLOC_FREE(server_info);
996
997         return status;
998 }
999
1000 /****************************************************************
1001  _netr_LogonSamLogonWithFlags
1002 ****************************************************************/
1003
1004 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1005                                       struct netr_LogonSamLogonWithFlags *r)
1006 {
1007         NTSTATUS status;
1008         struct netlogon_creds_CredentialState *creds;
1009         struct netr_LogonSamLogonEx r2;
1010         struct netr_Authenticator return_authenticator;
1011
1012         become_root();
1013         status = netr_creds_server_step_check(p, p->mem_ctx,
1014                                               r->in.computer_name,
1015                                               r->in.credential,
1016                                               &return_authenticator,
1017                                               &creds);
1018         unbecome_root();
1019         if (!NT_STATUS_IS_OK(status)) {
1020                 return status;
1021         }
1022
1023         r2.in.server_name       = r->in.server_name;
1024         r2.in.computer_name     = r->in.computer_name;
1025         r2.in.logon_level       = r->in.logon_level;
1026         r2.in.logon             = r->in.logon;
1027         r2.in.validation_level  = r->in.validation_level;
1028         r2.in.flags             = r->in.flags;
1029         r2.out.validation       = r->out.validation;
1030         r2.out.authoritative    = r->out.authoritative;
1031         r2.out.flags            = r->out.flags;
1032
1033         status = _netr_LogonSamLogon_base(p, &r2, creds);
1034
1035         *r->out.return_authenticator = return_authenticator;
1036
1037         return status;
1038 }
1039
1040 /*************************************************************************
1041  _netr_LogonSamLogon
1042  *************************************************************************/
1043
1044 NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
1045                              struct netr_LogonSamLogon *r)
1046 {
1047         NTSTATUS status;
1048         struct netr_LogonSamLogonWithFlags r2;
1049         uint32_t flags = 0;
1050
1051         r2.in.server_name               = r->in.server_name;
1052         r2.in.computer_name             = r->in.computer_name;
1053         r2.in.credential                = r->in.credential;
1054         r2.in.logon_level               = r->in.logon_level;
1055         r2.in.logon                     = r->in.logon;
1056         r2.in.validation_level          = r->in.validation_level;
1057         r2.in.return_authenticator      = r->in.return_authenticator;
1058         r2.in.flags                     = &flags;
1059         r2.out.validation               = r->out.validation;
1060         r2.out.authoritative            = r->out.authoritative;
1061         r2.out.flags                    = &flags;
1062         r2.out.return_authenticator     = r->out.return_authenticator;
1063
1064         status = _netr_LogonSamLogonWithFlags(p, &r2);
1065
1066         return status;
1067 }
1068
1069 /*************************************************************************
1070  _netr_LogonSamLogonEx
1071  - no credential chaining. Map into net sam logon.
1072  *************************************************************************/
1073
1074 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1075                                struct netr_LogonSamLogonEx *r)
1076 {
1077         NTSTATUS status;
1078         struct netlogon_creds_CredentialState *creds;
1079
1080         become_root();
1081         status = schannel_fetch_session_key(p->mem_ctx, r->in.computer_name, &creds);
1082         unbecome_root();
1083         if (!NT_STATUS_IS_OK(status)) {
1084                 return status;
1085         }
1086
1087         /* Only allow this if the pipe is protected. */
1088         if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1089                 DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
1090                         get_remote_machine_name() ));
1091                 return NT_STATUS_INVALID_PARAMETER;
1092         }
1093
1094         status = _netr_LogonSamLogon_base(p, r, creds);
1095         TALLOC_FREE(creds);
1096
1097         return status;
1098 }
1099
1100 /*************************************************************************
1101  _ds_enum_dom_trusts
1102  *************************************************************************/
1103 #if 0   /* JERRY -- not correct */
1104  NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
1105                              DS_R_ENUM_DOM_TRUSTS *r_u)
1106 {
1107         NTSTATUS status = NT_STATUS_OK;
1108
1109         /* TODO: According to MSDN, the can only be executed against a
1110            DC or domain member running Windows 2000 or later.  Need
1111            to test against a standalone 2k server and see what it
1112            does.  A windows 2000 DC includes its own domain in the
1113            list.  --jerry */
1114
1115         return status;
1116 }
1117 #endif  /* JERRY */
1118
1119
1120 /****************************************************************
1121 ****************************************************************/
1122
1123 WERROR _netr_LogonUasLogon(pipes_struct *p,
1124                            struct netr_LogonUasLogon *r)
1125 {
1126         p->rng_fault_state = true;
1127         return WERR_NOT_SUPPORTED;
1128 }
1129
1130 /****************************************************************
1131 ****************************************************************/
1132
1133 WERROR _netr_LogonUasLogoff(pipes_struct *p,
1134                             struct netr_LogonUasLogoff *r)
1135 {
1136         p->rng_fault_state = true;
1137         return WERR_NOT_SUPPORTED;
1138 }
1139
1140 /****************************************************************
1141 ****************************************************************/
1142
1143 NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1144                               struct netr_DatabaseDeltas *r)
1145 {
1146         p->rng_fault_state = true;
1147         return NT_STATUS_NOT_IMPLEMENTED;
1148 }
1149
1150 /****************************************************************
1151 ****************************************************************/
1152
1153 NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1154                             struct netr_DatabaseSync *r)
1155 {
1156         p->rng_fault_state = true;
1157         return NT_STATUS_NOT_IMPLEMENTED;
1158 }
1159
1160 /****************************************************************
1161 ****************************************************************/
1162
1163 NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1164                              struct netr_AccountDeltas *r)
1165 {
1166         p->rng_fault_state = true;
1167         return NT_STATUS_NOT_IMPLEMENTED;
1168 }
1169
1170 /****************************************************************
1171 ****************************************************************/
1172
1173 NTSTATUS _netr_AccountSync(pipes_struct *p,
1174                            struct netr_AccountSync *r)
1175 {
1176         p->rng_fault_state = true;
1177         return NT_STATUS_NOT_IMPLEMENTED;
1178 }
1179
1180 /****************************************************************
1181 ****************************************************************/
1182
1183 WERROR _netr_GetDcName(pipes_struct *p,
1184                        struct netr_GetDcName *r)
1185 {
1186         p->rng_fault_state = true;
1187         return WERR_NOT_SUPPORTED;
1188 }
1189
1190 /****************************************************************
1191 ****************************************************************/
1192
1193 WERROR _netr_GetAnyDCName(pipes_struct *p,
1194                           struct netr_GetAnyDCName *r)
1195 {
1196         p->rng_fault_state = true;
1197         return WERR_NOT_SUPPORTED;
1198 }
1199
1200 /****************************************************************
1201 ****************************************************************/
1202
1203 NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1204                              struct netr_DatabaseSync2 *r)
1205 {
1206         p->rng_fault_state = true;
1207         return NT_STATUS_NOT_IMPLEMENTED;
1208 }
1209
1210 /****************************************************************
1211 ****************************************************************/
1212
1213 NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1214                             struct netr_DatabaseRedo *r)
1215 {
1216         p->rng_fault_state = true;
1217         return NT_STATUS_NOT_IMPLEMENTED;
1218 }
1219
1220 /****************************************************************
1221 ****************************************************************/
1222
1223 WERROR _netr_DsRGetDCName(pipes_struct *p,
1224                           struct netr_DsRGetDCName *r)
1225 {
1226         p->rng_fault_state = true;
1227         return WERR_NOT_SUPPORTED;
1228 }
1229
1230 /****************************************************************
1231 ****************************************************************/
1232
1233 NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
1234                                     struct netr_LogonGetCapabilities *r)
1235 {
1236         return NT_STATUS_NOT_IMPLEMENTED;
1237 }
1238
1239 /****************************************************************
1240 ****************************************************************/
1241
1242 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1243                                      struct netr_NETRLOGONSETSERVICEBITS *r)
1244 {
1245         p->rng_fault_state = true;
1246         return WERR_NOT_SUPPORTED;
1247 }
1248
1249 /****************************************************************
1250 ****************************************************************/
1251
1252 WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1253                               struct netr_LogonGetTrustRid *r)
1254 {
1255         p->rng_fault_state = true;
1256         return WERR_NOT_SUPPORTED;
1257 }
1258
1259 /****************************************************************
1260 ****************************************************************/
1261
1262 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1263                                           struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1264 {
1265         p->rng_fault_state = true;
1266         return WERR_NOT_SUPPORTED;
1267 }
1268
1269 /****************************************************************
1270 ****************************************************************/
1271
1272 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1273                                           struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1274 {
1275         p->rng_fault_state = true;
1276         return WERR_NOT_SUPPORTED;
1277 }
1278
1279 /****************************************************************
1280 ****************************************************************/
1281
1282 WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1283                             struct netr_DsRGetDCNameEx *r)
1284 {
1285         p->rng_fault_state = true;
1286         return WERR_NOT_SUPPORTED;
1287 }
1288
1289 /****************************************************************
1290 ****************************************************************/
1291
1292 WERROR _netr_DsRGetSiteName(pipes_struct *p,
1293                             struct netr_DsRGetSiteName *r)
1294 {
1295         p->rng_fault_state = true;
1296         return WERR_NOT_SUPPORTED;
1297 }
1298
1299 /****************************************************************
1300 ****************************************************************/
1301
1302 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1303                                   struct netr_LogonGetDomainInfo *r)
1304 {
1305         p->rng_fault_state = true;
1306         return NT_STATUS_NOT_IMPLEMENTED;
1307 }
1308
1309 /****************************************************************
1310 ****************************************************************/
1311
1312 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
1313                                   struct netr_ServerPasswordSet2 *r)
1314 {
1315         p->rng_fault_state = true;
1316         return NT_STATUS_NOT_IMPLEMENTED;
1317 }
1318
1319 /****************************************************************
1320 ****************************************************************/
1321
1322 WERROR _netr_ServerPasswordGet(pipes_struct *p,
1323                                struct netr_ServerPasswordGet *r)
1324 {
1325         p->rng_fault_state = true;
1326         return WERR_NOT_SUPPORTED;
1327 }
1328
1329 /****************************************************************
1330 ****************************************************************/
1331
1332 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1333                                 struct netr_NETRLOGONSENDTOSAM *r)
1334 {
1335         p->rng_fault_state = true;
1336         return WERR_NOT_SUPPORTED;
1337 }
1338
1339 /****************************************************************
1340 ****************************************************************/
1341
1342 WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1343                                     struct netr_DsRAddressToSitenamesW *r)
1344 {
1345         p->rng_fault_state = true;
1346         return WERR_NOT_SUPPORTED;
1347 }
1348
1349 /****************************************************************
1350 ****************************************************************/
1351
1352 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1353                              struct netr_DsRGetDCNameEx2 *r)
1354 {
1355         p->rng_fault_state = true;
1356         return WERR_NOT_SUPPORTED;
1357 }
1358
1359 /****************************************************************
1360 ****************************************************************/
1361
1362 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1363                                                  struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1364 {
1365         p->rng_fault_state = true;
1366         return WERR_NOT_SUPPORTED;
1367 }
1368
1369 /****************************************************************
1370 ****************************************************************/
1371
1372 WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1373                                            struct netr_NetrEnumerateTrustedDomainsEx *r)
1374 {
1375         p->rng_fault_state = true;
1376         return WERR_NOT_SUPPORTED;
1377 }
1378
1379 /****************************************************************
1380 ****************************************************************/
1381
1382 WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1383                                       struct netr_DsRAddressToSitenamesExW *r)
1384 {
1385         p->rng_fault_state = true;
1386         return WERR_NOT_SUPPORTED;
1387 }
1388
1389 /****************************************************************
1390 ****************************************************************/
1391
1392 WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1393                                    struct netr_DsrGetDcSiteCoverageW *r)
1394 {
1395         p->rng_fault_state = true;
1396         return WERR_NOT_SUPPORTED;
1397 }
1398
1399 /****************************************************************
1400 ****************************************************************/
1401
1402 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1403                                       struct netr_DsrEnumerateDomainTrusts *r)
1404 {
1405         p->rng_fault_state = true;
1406         return WERR_NOT_SUPPORTED;
1407 }
1408
1409 /****************************************************************
1410 ****************************************************************/
1411
1412 WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1413                                          struct netr_DsrDeregisterDNSHostRecords *r)
1414 {
1415         p->rng_fault_state = true;
1416         return WERR_NOT_SUPPORTED;
1417 }
1418
1419 /****************************************************************
1420 ****************************************************************/
1421
1422 NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1423                                        struct netr_ServerTrustPasswordsGet *r)
1424 {
1425         p->rng_fault_state = true;
1426         return NT_STATUS_NOT_IMPLEMENTED;
1427 }
1428
1429 /****************************************************************
1430 ****************************************************************/
1431
1432 WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1433                                           struct netr_DsRGetForestTrustInformation *r)
1434 {
1435         p->rng_fault_state = true;
1436         return WERR_NOT_SUPPORTED;
1437 }
1438
1439 /****************************************************************
1440 ****************************************************************/
1441
1442 WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1443                                        struct netr_GetForestTrustInformation *r)
1444 {
1445         p->rng_fault_state = true;
1446         return WERR_NOT_SUPPORTED;
1447 }
1448
1449 /****************************************************************
1450 ****************************************************************/
1451
1452 NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p,
1453                                   struct netr_ServerGetTrustInfo *r)
1454 {
1455         p->rng_fault_state = true;
1456         return NT_STATUS_NOT_IMPLEMENTED;
1457 }
1458