9a3c8c23bcc584c1daed2d4791f3c6a4051b9825
[ira/wip.git] / source3 / rpc_server / srv_netlog_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6  *  Copyright (C) Paul Ashton                       1997.
7  *  Copyright (C) Jeremy Allison               1998-2001.
8  *  Copyright (C) Andrew Bartlett                   2001.
9  *  Copyright (C) Guenther Deschner                 2008.
10  *
11  *  This program is free software; you can redistribute it and/or modify
12  *  it under the terms of the GNU General Public License as published by
13  *  the Free Software Foundation; either version 3 of the License, or
14  *  (at your option) any later version.
15  *
16  *  This program is distributed in the hope that it will be useful,
17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  *  GNU General Public License for more details.
20  *
21  *  You should have received a copy of the GNU General Public License
22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 /* This is the implementation of the netlogon pipe. */
26
27 #include "includes.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../libcli/auth/schannel_state.h"
30
31 extern userdom_struct current_user_info;
32
33 #undef DBGC_CLASS
34 #define DBGC_CLASS DBGC_RPC_SRV
35
36 struct netlogon_server_pipe_state {
37         struct netr_Credential client_challenge;
38         struct netr_Credential server_challenge;
39 };
40
41 /*******************************************************************
42  Inits a netr_NETLOGON_INFO_1 structure.
43 ********************************************************************/
44
45 static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
46                                 uint32_t flags,
47                                 uint32_t pdc_connection_status)
48 {
49         r->flags = flags;
50         r->pdc_connection_status = pdc_connection_status;
51 }
52
53 /*******************************************************************
54  Inits a netr_NETLOGON_INFO_2 structure.
55 ********************************************************************/
56
57 static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
58                                 uint32_t flags,
59                                 uint32_t pdc_connection_status,
60                                 const char *trusted_dc_name,
61                                 uint32_t tc_connection_status)
62 {
63         r->flags = flags;
64         r->pdc_connection_status = pdc_connection_status;
65         r->trusted_dc_name = trusted_dc_name;
66         r->tc_connection_status = tc_connection_status;
67 }
68
69 /*******************************************************************
70  Inits a netr_NETLOGON_INFO_3 structure.
71 ********************************************************************/
72
73 static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
74                                 uint32_t flags,
75                                 uint32_t logon_attempts)
76 {
77         r->flags = flags;
78         r->logon_attempts = logon_attempts;
79 }
80
81 /*************************************************************************
82  _netr_LogonControl
83  *************************************************************************/
84
85 WERROR _netr_LogonControl(pipes_struct *p,
86                           struct netr_LogonControl *r)
87 {
88         struct netr_LogonControl2Ex l;
89
90         switch (r->in.level) {
91         case 1:
92                 break;
93         case 2:
94                 return WERR_NOT_SUPPORTED;
95         default:
96                 return WERR_UNKNOWN_LEVEL;
97         }
98
99         l.in.logon_server       = r->in.logon_server;
100         l.in.function_code      = r->in.function_code;
101         l.in.level              = r->in.level;
102         l.in.data               = NULL;
103         l.out.query             = r->out.query;
104
105         return _netr_LogonControl2Ex(p, &l);
106 }
107
108 /****************************************************************************
109 Send a message to smbd to do a sam synchronisation
110 **************************************************************************/
111
112 static void send_sync_message(void)
113 {
114         DEBUG(3, ("sending sam synchronisation message\n"));
115         message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
116                          NULL);
117 }
118
119 /*************************************************************************
120  _netr_LogonControl2
121  *************************************************************************/
122
123 WERROR _netr_LogonControl2(pipes_struct *p,
124                            struct netr_LogonControl2 *r)
125 {
126         struct netr_LogonControl2Ex l;
127
128         l.in.logon_server       = r->in.logon_server;
129         l.in.function_code      = r->in.function_code;
130         l.in.level              = r->in.level;
131         l.in.data               = r->in.data;
132         l.out.query             = r->out.query;
133
134         return _netr_LogonControl2Ex(p, &l);
135 }
136
137 /****************************************************************
138  _netr_LogonControl2Ex
139 ****************************************************************/
140
141 WERROR _netr_LogonControl2Ex(pipes_struct *p,
142                              struct netr_LogonControl2Ex *r)
143 {
144         uint32 flags = 0x0;
145         uint32 pdc_connection_status = 0x0;
146         uint32 logon_attempts = 0x0;
147         uint32 tc_status;
148         fstring dc_name2;
149         const char *dc_name = NULL;
150         struct sockaddr_storage dc_ss;
151         const char *domain = NULL;
152         struct netr_NETLOGON_INFO_1 *info1;
153         struct netr_NETLOGON_INFO_2 *info2;
154         struct netr_NETLOGON_INFO_3 *info3;
155         const char *fn;
156
157         switch (p->hdr_req.opnum) {
158                 case NDR_NETR_LOGONCONTROL:
159                         fn = "_netr_LogonControl";
160                         break;
161                 case NDR_NETR_LOGONCONTROL2:
162                         fn = "_netr_LogonControl2";
163                         break;
164                 case NDR_NETR_LOGONCONTROL2EX:
165                         fn = "_netr_LogonControl2Ex";
166                         break;
167                 default:
168                         return WERR_INVALID_PARAM;
169         }
170
171         tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
172
173         switch (r->in.function_code) {
174                 case NETLOGON_CONTROL_TC_QUERY:
175                         domain = r->in.data->domain;
176
177                         if ( !is_trusted_domain( domain ) )
178                                 break;
179
180                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
181                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
182                                 break;
183                         }
184
185                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
186                         if (!dc_name) {
187                                 return WERR_NOMEM;
188                         }
189
190                         tc_status = W_ERROR_V(WERR_OK);
191
192                         break;
193
194                 case NETLOGON_CONTROL_REDISCOVER:
195                         domain = r->in.data->domain;
196
197                         if ( !is_trusted_domain( domain ) )
198                                 break;
199
200                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
201                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
202                                 break;
203                         }
204
205                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
206                         if (!dc_name) {
207                                 return WERR_NOMEM;
208                         }
209
210                         tc_status = W_ERROR_V(WERR_OK);
211
212                         break;
213
214                 default:
215                         /* no idea what this should be */
216                         DEBUG(0,("%s: unimplemented function level [%d]\n",
217                                 fn, r->in.function_code));
218                         return WERR_UNKNOWN_LEVEL;
219         }
220
221         /* prepare the response */
222
223         switch (r->in.level) {
224                 case 1:
225                         info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
226                         W_ERROR_HAVE_NO_MEMORY(info1);
227
228                         init_netlogon_info1(info1,
229                                             flags,
230                                             pdc_connection_status);
231                         r->out.query->info1 = info1;
232                         break;
233                 case 2:
234                         info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
235                         W_ERROR_HAVE_NO_MEMORY(info2);
236
237                         init_netlogon_info2(info2,
238                                             flags,
239                                             pdc_connection_status,
240                                             dc_name,
241                                             tc_status);
242                         r->out.query->info2 = info2;
243                         break;
244                 case 3:
245                         info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
246                         W_ERROR_HAVE_NO_MEMORY(info3);
247
248                         init_netlogon_info3(info3,
249                                             flags,
250                                             logon_attempts);
251                         r->out.query->info3 = info3;
252                         break;
253                 default:
254                         return WERR_UNKNOWN_LEVEL;
255         }
256
257         if (lp_server_role() == ROLE_DOMAIN_BDC) {
258                 send_sync_message();
259         }
260
261         return WERR_OK;
262 }
263
264 /*************************************************************************
265  _netr_NetrEnumerateTrustedDomains
266  *************************************************************************/
267
268 WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
269                                          struct netr_NetrEnumerateTrustedDomains *r)
270 {
271         struct netr_Blob trusted_domains_blob;
272         DATA_BLOB blob;
273
274         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
275
276         /* set up the Trusted Domain List response */
277
278         blob = data_blob_talloc_zero(p->mem_ctx, 2);
279         trusted_domains_blob.data = blob.data;
280         trusted_domains_blob.length = blob.length;
281
282         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
283
284         *r->out.trusted_domains_blob = trusted_domains_blob;
285
286         return WERR_OK;
287 }
288
289 /******************************************************************
290  gets a machine password entry.  checks access rights of the host.
291  ******************************************************************/
292
293 static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
294                           uint16_t sec_chan_type, struct dom_sid *sid)
295 {
296         struct samu *sampass = NULL;
297         const uint8 *pass;
298         bool ret;
299         uint32 acct_ctrl;
300
301 #if 0
302         char addr[INET6_ADDRSTRLEN];
303
304     /*
305      * Currently this code is redundent as we already have a filter
306      * by hostname list. What this code really needs to do is to
307      * get a hosts allowed/hosts denied list from the SAM database
308      * on a per user basis, and make the access decision there.
309      * I will leave this code here for now as a reminder to implement
310      * this at a later date. JRA.
311      */
312
313         if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
314                         client_name(get_client_fd()),
315                         client_addr(get_client_fd(),addr,sizeof(addr)))) {
316                 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
317                 return False;
318         }
319 #endif /* 0 */
320
321         if ( !(sampass = samu_new( NULL )) ) {
322                 return NT_STATUS_NO_MEMORY;
323         }
324
325         /* JRA. This is ok as it is only used for generating the challenge. */
326         become_root();
327         ret = pdb_getsampwnam(sampass, mach_acct);
328         unbecome_root();
329
330         if (!ret) {
331                 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
332                 TALLOC_FREE(sampass);
333                 return NT_STATUS_ACCESS_DENIED;
334         }
335
336         acct_ctrl = pdb_get_acct_ctrl(sampass);
337         if (acct_ctrl & ACB_DISABLED) {
338                 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
339                 TALLOC_FREE(sampass);
340                 return NT_STATUS_ACCOUNT_DISABLED;
341         }
342
343         if (!(acct_ctrl & ACB_SVRTRUST) &&
344             !(acct_ctrl & ACB_WSTRUST) &&
345             !(acct_ctrl & ACB_DOMTRUST))
346         {
347                 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
348                 TALLOC_FREE(sampass);
349                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
350         }
351
352         switch (sec_chan_type) {
353                 case SEC_CHAN_BDC:
354                         if (!(acct_ctrl & ACB_SVRTRUST)) {
355                                 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
356                                          "but not a server trust account\n", mach_acct));
357                                 TALLOC_FREE(sampass);
358                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
359                         }
360                         break;
361                 case SEC_CHAN_WKSTA:
362                         if (!(acct_ctrl & ACB_WSTRUST)) {
363                                 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
364                                          "but not a workstation trust account\n", mach_acct));
365                                 TALLOC_FREE(sampass);
366                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
367                         }
368                         break;
369                 case SEC_CHAN_DOMAIN:
370                         if (!(acct_ctrl & ACB_DOMTRUST)) {
371                                 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
372                                          "but not a interdomain trust account\n", mach_acct));
373                                 TALLOC_FREE(sampass);
374                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
375                         }
376                         break;
377                 default:
378                         break;
379         }
380
381         if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
382                 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
383                 TALLOC_FREE(sampass);
384                 return NT_STATUS_LOGON_FAILURE;
385         }
386
387         memcpy(md4pw->hash, pass, 16);
388         dump_data(5, md4pw->hash, 16);
389
390         sid_copy(sid, pdb_get_user_sid(sampass));
391
392         TALLOC_FREE(sampass);
393
394         return NT_STATUS_OK;
395
396
397 }
398
399 /*************************************************************************
400  _netr_ServerReqChallenge
401  *************************************************************************/
402
403 NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
404                                   struct netr_ServerReqChallenge *r)
405 {
406         struct netlogon_server_pipe_state *pipe_state =
407                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
408
409         if (pipe_state) {
410                 DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
411                 talloc_free(pipe_state);
412                 p->private_data = NULL;
413         }
414
415         pipe_state = talloc(p, struct netlogon_server_pipe_state);
416         NT_STATUS_HAVE_NO_MEMORY(pipe_state);
417
418         pipe_state->client_challenge = *r->in.credentials;
419
420         generate_random_buffer(pipe_state->server_challenge.data,
421                                sizeof(pipe_state->server_challenge.data));
422
423         *r->out.return_credentials = pipe_state->server_challenge;
424
425         p->private_data = pipe_state;
426
427         return NT_STATUS_OK;
428 }
429
430 /*************************************************************************
431  _netr_ServerAuthenticate
432  Create the initial credentials.
433  *************************************************************************/
434
435 NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
436                                   struct netr_ServerAuthenticate *r)
437 {
438         struct netr_ServerAuthenticate3 a;
439         uint32_t negotiate_flags = 0;
440         uint32_t rid;
441
442         a.in.server_name                = r->in.server_name;
443         a.in.account_name               = r->in.account_name;
444         a.in.secure_channel_type        = r->in.secure_channel_type;
445         a.in.computer_name              = r->in.computer_name;
446         a.in.credentials                = r->in.credentials;
447         a.in.negotiate_flags            = &negotiate_flags;
448
449         a.out.return_credentials        = r->out.return_credentials;
450         a.out.rid                       = &rid;
451         a.out.negotiate_flags           = &negotiate_flags;
452
453         return _netr_ServerAuthenticate3(p, &a);
454
455 }
456
457 /*************************************************************************
458  _netr_ServerAuthenticate3
459  *************************************************************************/
460
461 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
462                                    struct netr_ServerAuthenticate3 *r)
463 {
464         NTSTATUS status;
465         uint32_t srv_flgs;
466         /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
467          * so use a copy to avoid destroying the client values. */
468         uint32_t in_neg_flags = *r->in.negotiate_flags;
469         const char *fn;
470         struct dom_sid sid;
471         struct samr_Password mach_pwd;
472         struct netlogon_creds_CredentialState *creds;
473         struct netlogon_server_pipe_state *pipe_state =
474                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
475
476         /* According to Microsoft (see bugid #6099)
477          * Windows 7 looks at the negotiate_flags
478          * returned in this structure *even if the
479          * call fails with access denied* ! So in order
480          * to allow Win7 to connect to a Samba NT style
481          * PDC we set the flags before we know if it's
482          * an error or not.
483          */
484
485         /* 0x000001ff */
486         srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
487                    NETLOGON_NEG_PERSISTENT_SAMREPL |
488                    NETLOGON_NEG_ARCFOUR |
489                    NETLOGON_NEG_PROMOTION_COUNT |
490                    NETLOGON_NEG_CHANGELOG_BDC |
491                    NETLOGON_NEG_FULL_SYNC_REPL |
492                    NETLOGON_NEG_MULTIPLE_SIDS |
493                    NETLOGON_NEG_REDO |
494                    NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
495
496         /* Ensure we support strong (128-bit) keys. */
497         if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
498                 srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
499         }
500
501         if (lp_server_schannel() != false) {
502                 srv_flgs |= NETLOGON_NEG_SCHANNEL;
503         }
504
505         switch (p->hdr_req.opnum) {
506                 case NDR_NETR_SERVERAUTHENTICATE:
507                         fn = "_netr_ServerAuthenticate";
508                         break;
509                 case NDR_NETR_SERVERAUTHENTICATE2:
510                         fn = "_netr_ServerAuthenticate2";
511                         break;
512                 case NDR_NETR_SERVERAUTHENTICATE3:
513                         fn = "_netr_ServerAuthenticate3";
514                         break;
515                 default:
516                         return NT_STATUS_INTERNAL_ERROR;
517         }
518
519         /* We use this as the key to store the creds: */
520         /* r->in.computer_name */
521
522         if (!pipe_state) {
523                 DEBUG(0,("%s: no challenge sent to client %s\n", fn,
524                         r->in.computer_name));
525                 status = NT_STATUS_ACCESS_DENIED;
526                 goto out;
527         }
528
529         if ( (lp_server_schannel() == true) &&
530              ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
531
532                 /* schannel must be used, but client did not offer it. */
533                 DEBUG(0,("%s: schannel required but client failed "
534                         "to offer it. Client was %s\n",
535                         fn, r->in.account_name));
536                 status = NT_STATUS_ACCESS_DENIED;
537                 goto out;
538         }
539
540         status = get_md4pw(&mach_pwd,
541                            r->in.account_name,
542                            r->in.secure_channel_type,
543                            &sid);
544         if (!NT_STATUS_IS_OK(status)) {
545                 DEBUG(0,("%s: failed to get machine password for "
546                         "account %s: %s\n",
547                         fn, r->in.account_name, nt_errstr(status) ));
548                 /* always return NT_STATUS_ACCESS_DENIED */
549                 status = NT_STATUS_ACCESS_DENIED;
550                 goto out;
551         }
552
553         /* From the client / server challenges and md4 password, generate sess key */
554         /* Check client credentials are valid. */
555         creds = netlogon_creds_server_init(p->mem_ctx,
556                                            r->in.account_name,
557                                            r->in.computer_name,
558                                            r->in.secure_channel_type,
559                                            &pipe_state->client_challenge,
560                                            &pipe_state->server_challenge,
561                                            &mach_pwd,
562                                            r->in.credentials,
563                                            r->out.return_credentials,
564                                            *r->in.negotiate_flags);
565         if (!creds) {
566                 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
567                         "request from client %s machine account %s\n",
568                         fn, r->in.computer_name,
569                         r->in.account_name));
570                 status = NT_STATUS_ACCESS_DENIED;
571                 goto out;
572         }
573
574         creds->sid = sid_dup_talloc(creds, &sid);
575         if (!creds->sid) {
576                 status = NT_STATUS_NO_MEMORY;
577                 goto out;
578         }
579
580         /* Store off the state so we can continue after client disconnect. */
581         become_root();
582         status = schannel_store_session_key(p->mem_ctx, creds);
583         unbecome_root();
584
585         if (!NT_STATUS_IS_OK(status)) {
586                 goto out;
587         }
588
589         sid_peek_rid(&sid, r->out.rid);
590
591         status = NT_STATUS_OK;
592
593   out:
594
595         *r->out.negotiate_flags = srv_flgs;
596         return status;
597 }
598
599 /*************************************************************************
600  _netr_ServerAuthenticate2
601  *************************************************************************/
602
603 NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
604                                    struct netr_ServerAuthenticate2 *r)
605 {
606         struct netr_ServerAuthenticate3 a;
607         uint32_t rid;
608
609         a.in.server_name                = r->in.server_name;
610         a.in.account_name               = r->in.account_name;
611         a.in.secure_channel_type        = r->in.secure_channel_type;
612         a.in.computer_name              = r->in.computer_name;
613         a.in.credentials                = r->in.credentials;
614         a.in.negotiate_flags            = r->in.negotiate_flags;
615
616         a.out.return_credentials        = r->out.return_credentials;
617         a.out.rid                       = &rid;
618         a.out.negotiate_flags           = r->out.negotiate_flags;
619
620         return _netr_ServerAuthenticate3(p, &a);
621 }
622
623 /*************************************************************************
624  *************************************************************************/
625
626 static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
627                                              TALLOC_CTX *mem_ctx,
628                                              const char *computer_name,
629                                              struct netr_Authenticator *received_authenticator,
630                                              struct netr_Authenticator *return_authenticator,
631                                              struct netlogon_creds_CredentialState **creds_out)
632 {
633         NTSTATUS status;
634         struct tdb_context *tdb;
635         bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
636         bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
637                 (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
638                  p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
639
640         tdb = open_schannel_session_store(mem_ctx);
641         if (!tdb) {
642                 return NT_STATUS_ACCESS_DENIED;
643         }
644
645         status = schannel_creds_server_step_check_tdb(tdb, mem_ctx,
646                                                       computer_name,
647                                                       schannel_global_required,
648                                                       schannel_in_use,
649                                                       received_authenticator,
650                                                       return_authenticator,
651                                                       creds_out);
652         tdb_close(tdb);
653
654         return status;
655 }
656
657 /*************************************************************************
658  _netr_ServerPasswordSet
659  *************************************************************************/
660
661 NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
662                                  struct netr_ServerPasswordSet *r)
663 {
664         NTSTATUS status = NT_STATUS_OK;
665         struct samu *sampass=NULL;
666         bool ret = False;
667         int i;
668         uint32 acct_ctrl;
669         const uchar *old_pw;
670         struct netlogon_creds_CredentialState *creds;
671
672         DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
673
674         become_root();
675         status = netr_creds_server_step_check(p, p->mem_ctx,
676                                               r->in.computer_name,
677                                               r->in.credential,
678                                               r->out.return_authenticator,
679                                               &creds);
680         unbecome_root();
681
682         if (!NT_STATUS_IS_OK(status)) {
683                 DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
684                         "request from client %s machine account %s\n",
685                         r->in.computer_name, creds->computer_name));
686                 TALLOC_FREE(creds);
687                 return status;
688         }
689
690         DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
691                         r->in.computer_name, creds->computer_name));
692
693         sampass = samu_new( NULL );
694         if (!sampass) {
695                 return NT_STATUS_NO_MEMORY;
696         }
697
698         become_root();
699         ret = pdb_getsampwnam(sampass, creds->account_name);
700         unbecome_root();
701
702         if (!ret) {
703                 TALLOC_FREE(sampass);
704                 return NT_STATUS_ACCESS_DENIED;
705         }
706
707         /* Ensure the account exists and is a machine account. */
708
709         acct_ctrl = pdb_get_acct_ctrl(sampass);
710
711         if (!(acct_ctrl & ACB_WSTRUST ||
712                       acct_ctrl & ACB_SVRTRUST ||
713                       acct_ctrl & ACB_DOMTRUST)) {
714                 TALLOC_FREE(sampass);
715                 return NT_STATUS_NO_SUCH_USER;
716         }
717
718         if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
719                 TALLOC_FREE(sampass);
720                 return NT_STATUS_ACCOUNT_DISABLED;
721         }
722
723         /* Woah - what does this to to the credential chain ? JRA */
724         netlogon_creds_des_decrypt(creds, r->in.new_password);
725
726         DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
727         for(i = 0; i < sizeof(r->in.new_password->hash); i++)
728                 DEBUG(100,("%02X ", r->in.new_password->hash[i]));
729         DEBUG(100,("\n"));
730
731         old_pw = pdb_get_nt_passwd(sampass);
732
733         if (old_pw && memcmp(r->in.new_password->hash, old_pw, 16) == 0) {
734                 /* Avoid backend modificiations and other fun if the
735                    client changed the password to the *same thing* */
736
737                 ret = True;
738         } else {
739
740                 /* LM password should be NULL for machines */
741                 if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
742                         TALLOC_FREE(sampass);
743                         return NT_STATUS_NO_MEMORY;
744                 }
745
746                 if (!pdb_set_nt_passwd(sampass, r->in.new_password->hash, PDB_CHANGED)) {
747                         TALLOC_FREE(sampass);
748                         return NT_STATUS_NO_MEMORY;
749                 }
750
751                 if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
752                         TALLOC_FREE(sampass);
753                         /* Not quite sure what this one qualifies as, but this will do */
754                         return NT_STATUS_UNSUCCESSFUL;
755                 }
756
757                 become_root();
758                 status = pdb_update_sam_account(sampass);
759                 unbecome_root();
760         }
761
762         TALLOC_FREE(sampass);
763         return status;
764 }
765
766 /*************************************************************************
767  _netr_LogonSamLogoff
768  *************************************************************************/
769
770 NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
771                               struct netr_LogonSamLogoff *r)
772 {
773         NTSTATUS status;
774         struct netlogon_creds_CredentialState *creds;
775
776         become_root();
777         status = netr_creds_server_step_check(p, p->mem_ctx,
778                                               r->in.computer_name,
779                                               r->in.credential,
780                                               r->out.return_authenticator,
781                                               &creds);
782         unbecome_root();
783
784         return status;
785 }
786
787 /*************************************************************************
788  _netr_LogonSamLogon_base
789  *************************************************************************/
790
791 static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
792                                          struct netr_LogonSamLogonEx *r,
793                                          struct netlogon_creds_CredentialState *creds)
794 {
795         NTSTATUS status = NT_STATUS_OK;
796         union netr_LogonLevel *logon = r->in.logon;
797         const char *nt_username, *nt_domain, *nt_workstation;
798         auth_usersupplied_info *user_info = NULL;
799         auth_serversupplied_info *server_info = NULL;
800         struct auth_context *auth_context = NULL;
801         uint8_t pipe_session_key[16];
802         bool process_creds = true;
803         const char *fn;
804
805         switch (p->hdr_req.opnum) {
806                 case NDR_NETR_LOGONSAMLOGON:
807                         process_creds = true;
808                         fn = "_netr_LogonSamLogon";
809                         break;
810                 case NDR_NETR_LOGONSAMLOGONEX:
811                         process_creds = false;
812                         fn = "_netr_LogonSamLogonEx";
813                         break;
814                 default:
815                         return NT_STATUS_INTERNAL_ERROR;
816         }
817
818         *r->out.authoritative = true; /* authoritative response */
819
820         switch (r->in.validation_level) {
821         case 2:
822                 r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
823                 if (!r->out.validation->sam2) {
824                         return NT_STATUS_NO_MEMORY;
825                 }
826                 break;
827         case 3:
828                 r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
829                 if (!r->out.validation->sam3) {
830                         return NT_STATUS_NO_MEMORY;
831                 }
832                 break;
833         default:
834                 DEBUG(0,("%s: bad validation_level value %d.\n",
835                         fn, (int)r->in.validation_level));
836                 return NT_STATUS_INVALID_INFO_CLASS;
837         }
838
839         switch (r->in.logon_level) {
840         case NetlogonInteractiveInformation:
841                 nt_username     = logon->password->identity_info.account_name.string;
842                 nt_domain       = logon->password->identity_info.domain_name.string;
843                 nt_workstation  = logon->password->identity_info.workstation.string;
844
845                 DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
846                 break;
847         case NetlogonNetworkInformation:
848                 nt_username     = logon->network->identity_info.account_name.string;
849                 nt_domain       = logon->network->identity_info.domain_name.string;
850                 nt_workstation  = logon->network->identity_info.workstation.string;
851
852                 DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
853                 break;
854         default:
855                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
856                 return NT_STATUS_INVALID_INFO_CLASS;
857         } /* end switch */
858
859         DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
860         fstrcpy(current_user_info.smb_name, nt_username);
861         sub_set_smb_name(nt_username);
862
863         DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
864                 r->in.validation_level, nt_username));
865
866         status = NT_STATUS_OK;
867
868         switch (r->in.logon_level) {
869         case NetlogonNetworkInformation:
870         {
871                 const char *wksname = nt_workstation;
872
873                 status = make_auth_context_fixed(&auth_context,
874                                                  logon->network->challenge);
875                 if (!NT_STATUS_IS_OK(status)) {
876                         return status;
877                 }
878
879                 /* For a network logon, the workstation name comes in with two
880                  * backslashes in the front. Strip them if they are there. */
881
882                 if (*wksname == '\\') wksname++;
883                 if (*wksname == '\\') wksname++;
884
885                 /* Standard challenge/response authenticaion */
886                 if (!make_user_info_netlogon_network(&user_info,
887                                                      nt_username, nt_domain,
888                                                      wksname,
889                                                      logon->network->identity_info.parameter_control,
890                                                      logon->network->lm.data,
891                                                      logon->network->lm.length,
892                                                      logon->network->nt.data,
893                                                      logon->network->nt.length)) {
894                         status = NT_STATUS_NO_MEMORY;
895                 }
896                 break;
897         }
898         case NetlogonInteractiveInformation:
899                 /* 'Interactive' authentication, supplies the password in its
900                    MD4 form, encrypted with the session key.  We will convert
901                    this to challenge/response for the auth subsystem to chew
902                    on */
903         {
904                 uint8_t chal[8];
905
906                 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
907                         return status;
908                 }
909
910                 auth_context->get_ntlm_challenge(auth_context, chal);
911
912                 if (!make_user_info_netlogon_interactive(&user_info,
913                                                          nt_username, nt_domain,
914                                                          nt_workstation,
915                                                          logon->password->identity_info.parameter_control,
916                                                          chal,
917                                                          logon->password->lmpassword.hash,
918                                                          logon->password->ntpassword.hash,
919                                                          creds->session_key)) {
920                         status = NT_STATUS_NO_MEMORY;
921                 }
922                 break;
923         }
924         default:
925                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
926                 return NT_STATUS_INVALID_INFO_CLASS;
927         } /* end switch */
928
929         if ( NT_STATUS_IS_OK(status) ) {
930                 status = auth_context->check_ntlm_password(auth_context,
931                         user_info, &server_info);
932         }
933
934         (auth_context->free)(&auth_context);
935         free_user_info(&user_info);
936
937         DEBUG(5,("%s: check_password returned status %s\n",
938                   fn, nt_errstr(status)));
939
940         /* Check account and password */
941
942         if (!NT_STATUS_IS_OK(status)) {
943                 /* If we don't know what this domain is, we need to
944                    indicate that we are not authoritative.  This
945                    allows the client to decide if it needs to try
946                    a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
947                 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
948                      && !strequal(nt_domain, get_global_sam_name())
949                      && !is_trusted_domain(nt_domain) )
950                         *r->out.authoritative = false; /* We are not authoritative */
951
952                 TALLOC_FREE(server_info);
953                 return status;
954         }
955
956         if (server_info->guest) {
957                 /* We don't like guest domain logons... */
958                 DEBUG(5,("%s: Attempted domain logon as GUEST "
959                          "denied.\n", fn));
960                 TALLOC_FREE(server_info);
961                 return NT_STATUS_LOGON_FAILURE;
962         }
963
964         /* This is the point at which, if the login was successful, that
965            the SAM Local Security Authority should record that the user is
966            logged in to the domain.  */
967
968         if (process_creds) {
969                 /* Get the pipe session key from the creds. */
970                 memcpy(pipe_session_key, creds->session_key, 16);
971         } else {
972                 /* Get the pipe session key from the schannel. */
973                 if ((p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL)
974                     || (p->auth.a_u.schannel_auth == NULL)) {
975                         return NT_STATUS_INVALID_HANDLE;
976                 }
977                 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
978         }
979
980         switch (r->in.validation_level) {
981         case 2:
982                 status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
983                                                 r->out.validation->sam2);
984                 break;
985         case 3:
986                 status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
987                                                 r->out.validation->sam3);
988                 break;
989         }
990
991         TALLOC_FREE(server_info);
992
993         return status;
994 }
995
996 /*************************************************************************
997  _netr_LogonSamLogon
998  *************************************************************************/
999
1000 NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
1001                              struct netr_LogonSamLogon *r)
1002 {
1003         NTSTATUS status;
1004         struct netlogon_creds_CredentialState *creds;
1005         struct netr_LogonSamLogonEx r2;
1006         struct netr_Authenticator return_authenticator;
1007         uint32_t flags = 0;
1008
1009         become_root();
1010         status = netr_creds_server_step_check(p, p->mem_ctx,
1011                                               r->in.computer_name,
1012                                               r->in.credential,
1013                                               &return_authenticator,
1014                                               &creds);
1015         unbecome_root();
1016         if (!NT_STATUS_IS_OK(status)) {
1017                 return status;
1018         }
1019
1020         r2.in.server_name       = r->in.server_name;
1021         r2.in.computer_name     = r->in.computer_name;
1022         r2.in.logon_level       = r->in.logon_level;
1023         r2.in.logon             = r->in.logon;
1024         r2.in.validation_level  = r->in.validation_level;
1025         r2.in.flags             = &flags;
1026         r2.out.validation       = r->out.validation;
1027         r2.out.authoritative    = r->out.authoritative;
1028         r2.out.flags            = &flags;
1029
1030         status = _netr_LogonSamLogon_base(p, &r2, creds);
1031
1032         *r->out.return_authenticator = return_authenticator;
1033
1034         return status;
1035 }
1036
1037 /*************************************************************************
1038  _netr_LogonSamLogonEx
1039  - no credential chaining. Map into net sam logon.
1040  *************************************************************************/
1041
1042 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1043                                struct netr_LogonSamLogonEx *r)
1044 {
1045         NTSTATUS status;
1046         struct netlogon_creds_CredentialState *creds;
1047
1048         become_root();
1049         status = schannel_fetch_session_key(p->mem_ctx, r->in.computer_name, &creds);
1050         unbecome_root();
1051         if (!NT_STATUS_IS_OK(status)) {
1052                 return status;
1053         }
1054
1055         /* Only allow this if the pipe is protected. */
1056         if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1057                 DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
1058                         get_remote_machine_name() ));
1059                 return NT_STATUS_INVALID_PARAMETER;
1060         }
1061
1062         status = _netr_LogonSamLogon_base(p, r, creds);
1063         TALLOC_FREE(creds);
1064
1065         return status;
1066 }
1067
1068 /*************************************************************************
1069  _ds_enum_dom_trusts
1070  *************************************************************************/
1071 #if 0   /* JERRY -- not correct */
1072  NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
1073                              DS_R_ENUM_DOM_TRUSTS *r_u)
1074 {
1075         NTSTATUS status = NT_STATUS_OK;
1076
1077         /* TODO: According to MSDN, the can only be executed against a
1078            DC or domain member running Windows 2000 or later.  Need
1079            to test against a standalone 2k server and see what it
1080            does.  A windows 2000 DC includes its own domain in the
1081            list.  --jerry */
1082
1083         return status;
1084 }
1085 #endif  /* JERRY */
1086
1087
1088 /****************************************************************
1089 ****************************************************************/
1090
1091 WERROR _netr_LogonUasLogon(pipes_struct *p,
1092                            struct netr_LogonUasLogon *r)
1093 {
1094         p->rng_fault_state = true;
1095         return WERR_NOT_SUPPORTED;
1096 }
1097
1098 /****************************************************************
1099 ****************************************************************/
1100
1101 WERROR _netr_LogonUasLogoff(pipes_struct *p,
1102                             struct netr_LogonUasLogoff *r)
1103 {
1104         p->rng_fault_state = true;
1105         return WERR_NOT_SUPPORTED;
1106 }
1107
1108 /****************************************************************
1109 ****************************************************************/
1110
1111 NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1112                               struct netr_DatabaseDeltas *r)
1113 {
1114         p->rng_fault_state = true;
1115         return NT_STATUS_NOT_IMPLEMENTED;
1116 }
1117
1118 /****************************************************************
1119 ****************************************************************/
1120
1121 NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1122                             struct netr_DatabaseSync *r)
1123 {
1124         p->rng_fault_state = true;
1125         return NT_STATUS_NOT_IMPLEMENTED;
1126 }
1127
1128 /****************************************************************
1129 ****************************************************************/
1130
1131 NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1132                              struct netr_AccountDeltas *r)
1133 {
1134         p->rng_fault_state = true;
1135         return NT_STATUS_NOT_IMPLEMENTED;
1136 }
1137
1138 /****************************************************************
1139 ****************************************************************/
1140
1141 NTSTATUS _netr_AccountSync(pipes_struct *p,
1142                            struct netr_AccountSync *r)
1143 {
1144         p->rng_fault_state = true;
1145         return NT_STATUS_NOT_IMPLEMENTED;
1146 }
1147
1148 /****************************************************************
1149 ****************************************************************/
1150
1151 WERROR _netr_GetDcName(pipes_struct *p,
1152                        struct netr_GetDcName *r)
1153 {
1154         p->rng_fault_state = true;
1155         return WERR_NOT_SUPPORTED;
1156 }
1157
1158 /****************************************************************
1159 ****************************************************************/
1160
1161 WERROR _netr_GetAnyDCName(pipes_struct *p,
1162                           struct netr_GetAnyDCName *r)
1163 {
1164         p->rng_fault_state = true;
1165         return WERR_NOT_SUPPORTED;
1166 }
1167
1168 /****************************************************************
1169 ****************************************************************/
1170
1171 NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1172                              struct netr_DatabaseSync2 *r)
1173 {
1174         p->rng_fault_state = true;
1175         return NT_STATUS_NOT_IMPLEMENTED;
1176 }
1177
1178 /****************************************************************
1179 ****************************************************************/
1180
1181 NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1182                             struct netr_DatabaseRedo *r)
1183 {
1184         p->rng_fault_state = true;
1185         return NT_STATUS_NOT_IMPLEMENTED;
1186 }
1187
1188 /****************************************************************
1189 ****************************************************************/
1190
1191 WERROR _netr_DsRGetDCName(pipes_struct *p,
1192                           struct netr_DsRGetDCName *r)
1193 {
1194         p->rng_fault_state = true;
1195         return WERR_NOT_SUPPORTED;
1196 }
1197
1198 /****************************************************************
1199 ****************************************************************/
1200
1201 NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
1202                                     struct netr_LogonGetCapabilities *r)
1203 {
1204         return NT_STATUS_NOT_IMPLEMENTED;
1205 }
1206
1207 /****************************************************************
1208 ****************************************************************/
1209
1210 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1211                                      struct netr_NETRLOGONSETSERVICEBITS *r)
1212 {
1213         p->rng_fault_state = true;
1214         return WERR_NOT_SUPPORTED;
1215 }
1216
1217 /****************************************************************
1218 ****************************************************************/
1219
1220 WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1221                               struct netr_LogonGetTrustRid *r)
1222 {
1223         p->rng_fault_state = true;
1224         return WERR_NOT_SUPPORTED;
1225 }
1226
1227 /****************************************************************
1228 ****************************************************************/
1229
1230 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1231                                           struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1232 {
1233         p->rng_fault_state = true;
1234         return WERR_NOT_SUPPORTED;
1235 }
1236
1237 /****************************************************************
1238 ****************************************************************/
1239
1240 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1241                                           struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1242 {
1243         p->rng_fault_state = true;
1244         return WERR_NOT_SUPPORTED;
1245 }
1246
1247 /****************************************************************
1248 ****************************************************************/
1249
1250 WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1251                             struct netr_DsRGetDCNameEx *r)
1252 {
1253         p->rng_fault_state = true;
1254         return WERR_NOT_SUPPORTED;
1255 }
1256
1257 /****************************************************************
1258 ****************************************************************/
1259
1260 WERROR _netr_DsRGetSiteName(pipes_struct *p,
1261                             struct netr_DsRGetSiteName *r)
1262 {
1263         p->rng_fault_state = true;
1264         return WERR_NOT_SUPPORTED;
1265 }
1266
1267 /****************************************************************
1268 ****************************************************************/
1269
1270 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1271                                   struct netr_LogonGetDomainInfo *r)
1272 {
1273         p->rng_fault_state = true;
1274         return NT_STATUS_NOT_IMPLEMENTED;
1275 }
1276
1277 /****************************************************************
1278 ****************************************************************/
1279
1280 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
1281                                   struct netr_ServerPasswordSet2 *r)
1282 {
1283         p->rng_fault_state = true;
1284         return NT_STATUS_NOT_IMPLEMENTED;
1285 }
1286
1287 /****************************************************************
1288 ****************************************************************/
1289
1290 WERROR _netr_ServerPasswordGet(pipes_struct *p,
1291                                struct netr_ServerPasswordGet *r)
1292 {
1293         p->rng_fault_state = true;
1294         return WERR_NOT_SUPPORTED;
1295 }
1296
1297 /****************************************************************
1298 ****************************************************************/
1299
1300 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1301                                 struct netr_NETRLOGONSENDTOSAM *r)
1302 {
1303         p->rng_fault_state = true;
1304         return WERR_NOT_SUPPORTED;
1305 }
1306
1307 /****************************************************************
1308 ****************************************************************/
1309
1310 WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1311                                     struct netr_DsRAddressToSitenamesW *r)
1312 {
1313         p->rng_fault_state = true;
1314         return WERR_NOT_SUPPORTED;
1315 }
1316
1317 /****************************************************************
1318 ****************************************************************/
1319
1320 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1321                              struct netr_DsRGetDCNameEx2 *r)
1322 {
1323         p->rng_fault_state = true;
1324         return WERR_NOT_SUPPORTED;
1325 }
1326
1327 /****************************************************************
1328 ****************************************************************/
1329
1330 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1331                                                  struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1332 {
1333         p->rng_fault_state = true;
1334         return WERR_NOT_SUPPORTED;
1335 }
1336
1337 /****************************************************************
1338 ****************************************************************/
1339
1340 WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1341                                            struct netr_NetrEnumerateTrustedDomainsEx *r)
1342 {
1343         p->rng_fault_state = true;
1344         return WERR_NOT_SUPPORTED;
1345 }
1346
1347 /****************************************************************
1348 ****************************************************************/
1349
1350 WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1351                                       struct netr_DsRAddressToSitenamesExW *r)
1352 {
1353         p->rng_fault_state = true;
1354         return WERR_NOT_SUPPORTED;
1355 }
1356
1357 /****************************************************************
1358 ****************************************************************/
1359
1360 WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1361                                    struct netr_DsrGetDcSiteCoverageW *r)
1362 {
1363         p->rng_fault_state = true;
1364         return WERR_NOT_SUPPORTED;
1365 }
1366
1367 /****************************************************************
1368 ****************************************************************/
1369
1370 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1371                                       struct netr_DsrEnumerateDomainTrusts *r)
1372 {
1373         p->rng_fault_state = true;
1374         return WERR_NOT_SUPPORTED;
1375 }
1376
1377 /****************************************************************
1378 ****************************************************************/
1379
1380 WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1381                                          struct netr_DsrDeregisterDNSHostRecords *r)
1382 {
1383         p->rng_fault_state = true;
1384         return WERR_NOT_SUPPORTED;
1385 }
1386
1387 /****************************************************************
1388 ****************************************************************/
1389
1390 NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1391                                        struct netr_ServerTrustPasswordsGet *r)
1392 {
1393         p->rng_fault_state = true;
1394         return NT_STATUS_NOT_IMPLEMENTED;
1395 }
1396
1397 /****************************************************************
1398 ****************************************************************/
1399
1400 WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1401                                           struct netr_DsRGetForestTrustInformation *r)
1402 {
1403         p->rng_fault_state = true;
1404         return WERR_NOT_SUPPORTED;
1405 }
1406
1407 /****************************************************************
1408 ****************************************************************/
1409
1410 WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1411                                        struct netr_GetForestTrustInformation *r)
1412 {
1413         p->rng_fault_state = true;
1414         return WERR_NOT_SUPPORTED;
1415 }
1416
1417 /****************************************************************
1418 ****************************************************************/
1419
1420 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1421                                       struct netr_LogonSamLogonWithFlags *r)
1422 {
1423         p->rng_fault_state = true;
1424         return NT_STATUS_NOT_IMPLEMENTED;
1425 }
1426
1427 /****************************************************************
1428 ****************************************************************/
1429
1430 NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p,
1431                                   struct netr_ServerGetTrustInfo *r)
1432 {
1433         p->rng_fault_state = true;
1434         return NT_STATUS_NOT_IMPLEMENTED;
1435 }
1436