s3-netlogon: rework _netr_ServerPasswordSet.
[ira/wip.git] / source3 / rpc_server / srv_netlog_nt.c
1 /*
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6  *  Copyright (C) Paul Ashton                       1997.
7  *  Copyright (C) Jeremy Allison               1998-2001.
8  *  Copyright (C) Andrew Bartlett                   2001.
9  *  Copyright (C) Guenther Deschner                 2008.
10  *
11  *  This program is free software; you can redistribute it and/or modify
12  *  it under the terms of the GNU General Public License as published by
13  *  the Free Software Foundation; either version 3 of the License, or
14  *  (at your option) any later version.
15  *
16  *  This program is distributed in the hope that it will be useful,
17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  *  GNU General Public License for more details.
20  *
21  *  You should have received a copy of the GNU General Public License
22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 /* This is the implementation of the netlogon pipe. */
26
27 #include "includes.h"
28 #include "../libcli/auth/libcli_auth.h"
29 #include "../libcli/auth/schannel_state.h"
30
31 extern userdom_struct current_user_info;
32
33 #undef DBGC_CLASS
34 #define DBGC_CLASS DBGC_RPC_SRV
35
36 struct netlogon_server_pipe_state {
37         struct netr_Credential client_challenge;
38         struct netr_Credential server_challenge;
39 };
40
41 /*******************************************************************
42  Inits a netr_NETLOGON_INFO_1 structure.
43 ********************************************************************/
44
45 static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
46                                 uint32_t flags,
47                                 uint32_t pdc_connection_status)
48 {
49         r->flags = flags;
50         r->pdc_connection_status = pdc_connection_status;
51 }
52
53 /*******************************************************************
54  Inits a netr_NETLOGON_INFO_2 structure.
55 ********************************************************************/
56
57 static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
58                                 uint32_t flags,
59                                 uint32_t pdc_connection_status,
60                                 const char *trusted_dc_name,
61                                 uint32_t tc_connection_status)
62 {
63         r->flags = flags;
64         r->pdc_connection_status = pdc_connection_status;
65         r->trusted_dc_name = trusted_dc_name;
66         r->tc_connection_status = tc_connection_status;
67 }
68
69 /*******************************************************************
70  Inits a netr_NETLOGON_INFO_3 structure.
71 ********************************************************************/
72
73 static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
74                                 uint32_t flags,
75                                 uint32_t logon_attempts)
76 {
77         r->flags = flags;
78         r->logon_attempts = logon_attempts;
79 }
80
81 /*************************************************************************
82  _netr_LogonControl
83  *************************************************************************/
84
85 WERROR _netr_LogonControl(pipes_struct *p,
86                           struct netr_LogonControl *r)
87 {
88         struct netr_LogonControl2Ex l;
89
90         switch (r->in.level) {
91         case 1:
92                 break;
93         case 2:
94                 return WERR_NOT_SUPPORTED;
95         default:
96                 return WERR_UNKNOWN_LEVEL;
97         }
98
99         l.in.logon_server       = r->in.logon_server;
100         l.in.function_code      = r->in.function_code;
101         l.in.level              = r->in.level;
102         l.in.data               = NULL;
103         l.out.query             = r->out.query;
104
105         return _netr_LogonControl2Ex(p, &l);
106 }
107
108 /****************************************************************************
109 Send a message to smbd to do a sam synchronisation
110 **************************************************************************/
111
112 static void send_sync_message(void)
113 {
114         DEBUG(3, ("sending sam synchronisation message\n"));
115         message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
116                          NULL);
117 }
118
119 /*************************************************************************
120  _netr_LogonControl2
121  *************************************************************************/
122
123 WERROR _netr_LogonControl2(pipes_struct *p,
124                            struct netr_LogonControl2 *r)
125 {
126         struct netr_LogonControl2Ex l;
127
128         l.in.logon_server       = r->in.logon_server;
129         l.in.function_code      = r->in.function_code;
130         l.in.level              = r->in.level;
131         l.in.data               = r->in.data;
132         l.out.query             = r->out.query;
133
134         return _netr_LogonControl2Ex(p, &l);
135 }
136
137 /****************************************************************
138  _netr_LogonControl2Ex
139 ****************************************************************/
140
141 WERROR _netr_LogonControl2Ex(pipes_struct *p,
142                              struct netr_LogonControl2Ex *r)
143 {
144         uint32 flags = 0x0;
145         uint32 pdc_connection_status = 0x0;
146         uint32 logon_attempts = 0x0;
147         uint32 tc_status;
148         fstring dc_name2;
149         const char *dc_name = NULL;
150         struct sockaddr_storage dc_ss;
151         const char *domain = NULL;
152         struct netr_NETLOGON_INFO_1 *info1;
153         struct netr_NETLOGON_INFO_2 *info2;
154         struct netr_NETLOGON_INFO_3 *info3;
155         const char *fn;
156
157         switch (p->hdr_req.opnum) {
158                 case NDR_NETR_LOGONCONTROL:
159                         fn = "_netr_LogonControl";
160                         break;
161                 case NDR_NETR_LOGONCONTROL2:
162                         fn = "_netr_LogonControl2";
163                         break;
164                 case NDR_NETR_LOGONCONTROL2EX:
165                         fn = "_netr_LogonControl2Ex";
166                         break;
167                 default:
168                         return WERR_INVALID_PARAM;
169         }
170
171         tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
172
173         switch (r->in.function_code) {
174                 case NETLOGON_CONTROL_TC_QUERY:
175                         domain = r->in.data->domain;
176
177                         if ( !is_trusted_domain( domain ) )
178                                 break;
179
180                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
181                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
182                                 break;
183                         }
184
185                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
186                         if (!dc_name) {
187                                 return WERR_NOMEM;
188                         }
189
190                         tc_status = W_ERROR_V(WERR_OK);
191
192                         break;
193
194                 case NETLOGON_CONTROL_REDISCOVER:
195                         domain = r->in.data->domain;
196
197                         if ( !is_trusted_domain( domain ) )
198                                 break;
199
200                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
201                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
202                                 break;
203                         }
204
205                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
206                         if (!dc_name) {
207                                 return WERR_NOMEM;
208                         }
209
210                         tc_status = W_ERROR_V(WERR_OK);
211
212                         break;
213
214                 default:
215                         /* no idea what this should be */
216                         DEBUG(0,("%s: unimplemented function level [%d]\n",
217                                 fn, r->in.function_code));
218                         return WERR_UNKNOWN_LEVEL;
219         }
220
221         /* prepare the response */
222
223         switch (r->in.level) {
224                 case 1:
225                         info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
226                         W_ERROR_HAVE_NO_MEMORY(info1);
227
228                         init_netlogon_info1(info1,
229                                             flags,
230                                             pdc_connection_status);
231                         r->out.query->info1 = info1;
232                         break;
233                 case 2:
234                         info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
235                         W_ERROR_HAVE_NO_MEMORY(info2);
236
237                         init_netlogon_info2(info2,
238                                             flags,
239                                             pdc_connection_status,
240                                             dc_name,
241                                             tc_status);
242                         r->out.query->info2 = info2;
243                         break;
244                 case 3:
245                         info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
246                         W_ERROR_HAVE_NO_MEMORY(info3);
247
248                         init_netlogon_info3(info3,
249                                             flags,
250                                             logon_attempts);
251                         r->out.query->info3 = info3;
252                         break;
253                 default:
254                         return WERR_UNKNOWN_LEVEL;
255         }
256
257         if (lp_server_role() == ROLE_DOMAIN_BDC) {
258                 send_sync_message();
259         }
260
261         return WERR_OK;
262 }
263
264 /*************************************************************************
265  _netr_NetrEnumerateTrustedDomains
266  *************************************************************************/
267
268 WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
269                                          struct netr_NetrEnumerateTrustedDomains *r)
270 {
271         struct netr_Blob trusted_domains_blob;
272         DATA_BLOB blob;
273
274         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
275
276         /* set up the Trusted Domain List response */
277
278         blob = data_blob_talloc_zero(p->mem_ctx, 2);
279         trusted_domains_blob.data = blob.data;
280         trusted_domains_blob.length = blob.length;
281
282         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
283
284         *r->out.trusted_domains_blob = trusted_domains_blob;
285
286         return WERR_OK;
287 }
288
289 /******************************************************************
290  gets a machine password entry.  checks access rights of the host.
291  ******************************************************************/
292
293 static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct,
294                           uint16_t sec_chan_type, struct dom_sid *sid)
295 {
296         struct samu *sampass = NULL;
297         const uint8 *pass;
298         bool ret;
299         uint32 acct_ctrl;
300
301 #if 0
302         char addr[INET6_ADDRSTRLEN];
303
304     /*
305      * Currently this code is redundent as we already have a filter
306      * by hostname list. What this code really needs to do is to
307      * get a hosts allowed/hosts denied list from the SAM database
308      * on a per user basis, and make the access decision there.
309      * I will leave this code here for now as a reminder to implement
310      * this at a later date. JRA.
311      */
312
313         if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
314                         client_name(get_client_fd()),
315                         client_addr(get_client_fd(),addr,sizeof(addr)))) {
316                 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
317                 return False;
318         }
319 #endif /* 0 */
320
321         if ( !(sampass = samu_new( NULL )) ) {
322                 return NT_STATUS_NO_MEMORY;
323         }
324
325         /* JRA. This is ok as it is only used for generating the challenge. */
326         become_root();
327         ret = pdb_getsampwnam(sampass, mach_acct);
328         unbecome_root();
329
330         if (!ret) {
331                 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
332                 TALLOC_FREE(sampass);
333                 return NT_STATUS_ACCESS_DENIED;
334         }
335
336         acct_ctrl = pdb_get_acct_ctrl(sampass);
337         if (acct_ctrl & ACB_DISABLED) {
338                 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
339                 TALLOC_FREE(sampass);
340                 return NT_STATUS_ACCOUNT_DISABLED;
341         }
342
343         if (!(acct_ctrl & ACB_SVRTRUST) &&
344             !(acct_ctrl & ACB_WSTRUST) &&
345             !(acct_ctrl & ACB_DOMTRUST))
346         {
347                 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
348                 TALLOC_FREE(sampass);
349                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
350         }
351
352         switch (sec_chan_type) {
353                 case SEC_CHAN_BDC:
354                         if (!(acct_ctrl & ACB_SVRTRUST)) {
355                                 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
356                                          "but not a server trust account\n", mach_acct));
357                                 TALLOC_FREE(sampass);
358                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
359                         }
360                         break;
361                 case SEC_CHAN_WKSTA:
362                         if (!(acct_ctrl & ACB_WSTRUST)) {
363                                 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
364                                          "but not a workstation trust account\n", mach_acct));
365                                 TALLOC_FREE(sampass);
366                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
367                         }
368                         break;
369                 case SEC_CHAN_DOMAIN:
370                         if (!(acct_ctrl & ACB_DOMTRUST)) {
371                                 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
372                                          "but not a interdomain trust account\n", mach_acct));
373                                 TALLOC_FREE(sampass);
374                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
375                         }
376                         break;
377                 default:
378                         break;
379         }
380
381         if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
382                 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
383                 TALLOC_FREE(sampass);
384                 return NT_STATUS_LOGON_FAILURE;
385         }
386
387         memcpy(md4pw->hash, pass, 16);
388         dump_data(5, md4pw->hash, 16);
389
390         sid_copy(sid, pdb_get_user_sid(sampass));
391
392         TALLOC_FREE(sampass);
393
394         return NT_STATUS_OK;
395
396
397 }
398
399 /*************************************************************************
400  _netr_ServerReqChallenge
401  *************************************************************************/
402
403 NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
404                                   struct netr_ServerReqChallenge *r)
405 {
406         struct netlogon_server_pipe_state *pipe_state =
407                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
408
409         if (pipe_state) {
410                 DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
411                 talloc_free(pipe_state);
412                 p->private_data = NULL;
413         }
414
415         pipe_state = talloc(p, struct netlogon_server_pipe_state);
416         NT_STATUS_HAVE_NO_MEMORY(pipe_state);
417
418         pipe_state->client_challenge = *r->in.credentials;
419
420         generate_random_buffer(pipe_state->server_challenge.data,
421                                sizeof(pipe_state->server_challenge.data));
422
423         *r->out.return_credentials = pipe_state->server_challenge;
424
425         p->private_data = pipe_state;
426
427         return NT_STATUS_OK;
428 }
429
430 /*************************************************************************
431  _netr_ServerAuthenticate
432  Create the initial credentials.
433  *************************************************************************/
434
435 NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
436                                   struct netr_ServerAuthenticate *r)
437 {
438         struct netr_ServerAuthenticate3 a;
439         uint32_t negotiate_flags = 0;
440         uint32_t rid;
441
442         a.in.server_name                = r->in.server_name;
443         a.in.account_name               = r->in.account_name;
444         a.in.secure_channel_type        = r->in.secure_channel_type;
445         a.in.computer_name              = r->in.computer_name;
446         a.in.credentials                = r->in.credentials;
447         a.in.negotiate_flags            = &negotiate_flags;
448
449         a.out.return_credentials        = r->out.return_credentials;
450         a.out.rid                       = &rid;
451         a.out.negotiate_flags           = &negotiate_flags;
452
453         return _netr_ServerAuthenticate3(p, &a);
454
455 }
456
457 /*************************************************************************
458  _netr_ServerAuthenticate3
459  *************************************************************************/
460
461 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
462                                    struct netr_ServerAuthenticate3 *r)
463 {
464         NTSTATUS status;
465         uint32_t srv_flgs;
466         /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
467          * so use a copy to avoid destroying the client values. */
468         uint32_t in_neg_flags = *r->in.negotiate_flags;
469         const char *fn;
470         struct dom_sid sid;
471         struct samr_Password mach_pwd;
472         struct netlogon_creds_CredentialState *creds;
473         struct netlogon_server_pipe_state *pipe_state =
474                 talloc_get_type(p->private_data, struct netlogon_server_pipe_state);
475
476         /* According to Microsoft (see bugid #6099)
477          * Windows 7 looks at the negotiate_flags
478          * returned in this structure *even if the
479          * call fails with access denied* ! So in order
480          * to allow Win7 to connect to a Samba NT style
481          * PDC we set the flags before we know if it's
482          * an error or not.
483          */
484
485         /* 0x000001ff */
486         srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
487                    NETLOGON_NEG_PERSISTENT_SAMREPL |
488                    NETLOGON_NEG_ARCFOUR |
489                    NETLOGON_NEG_PROMOTION_COUNT |
490                    NETLOGON_NEG_CHANGELOG_BDC |
491                    NETLOGON_NEG_FULL_SYNC_REPL |
492                    NETLOGON_NEG_MULTIPLE_SIDS |
493                    NETLOGON_NEG_REDO |
494                    NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
495
496         /* Ensure we support strong (128-bit) keys. */
497         if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
498                 srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
499         }
500
501         if (lp_server_schannel() != false) {
502                 srv_flgs |= NETLOGON_NEG_SCHANNEL;
503         }
504
505         switch (p->hdr_req.opnum) {
506                 case NDR_NETR_SERVERAUTHENTICATE:
507                         fn = "_netr_ServerAuthenticate";
508                         break;
509                 case NDR_NETR_SERVERAUTHENTICATE2:
510                         fn = "_netr_ServerAuthenticate2";
511                         break;
512                 case NDR_NETR_SERVERAUTHENTICATE3:
513                         fn = "_netr_ServerAuthenticate3";
514                         break;
515                 default:
516                         return NT_STATUS_INTERNAL_ERROR;
517         }
518
519         /* We use this as the key to store the creds: */
520         /* r->in.computer_name */
521
522         if (!pipe_state) {
523                 DEBUG(0,("%s: no challenge sent to client %s\n", fn,
524                         r->in.computer_name));
525                 status = NT_STATUS_ACCESS_DENIED;
526                 goto out;
527         }
528
529         if ( (lp_server_schannel() == true) &&
530              ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
531
532                 /* schannel must be used, but client did not offer it. */
533                 DEBUG(0,("%s: schannel required but client failed "
534                         "to offer it. Client was %s\n",
535                         fn, r->in.account_name));
536                 status = NT_STATUS_ACCESS_DENIED;
537                 goto out;
538         }
539
540         status = get_md4pw(&mach_pwd,
541                            r->in.account_name,
542                            r->in.secure_channel_type,
543                            &sid);
544         if (!NT_STATUS_IS_OK(status)) {
545                 DEBUG(0,("%s: failed to get machine password for "
546                         "account %s: %s\n",
547                         fn, r->in.account_name, nt_errstr(status) ));
548                 /* always return NT_STATUS_ACCESS_DENIED */
549                 status = NT_STATUS_ACCESS_DENIED;
550                 goto out;
551         }
552
553         /* From the client / server challenges and md4 password, generate sess key */
554         /* Check client credentials are valid. */
555         creds = netlogon_creds_server_init(p->mem_ctx,
556                                            r->in.account_name,
557                                            r->in.computer_name,
558                                            r->in.secure_channel_type,
559                                            &pipe_state->client_challenge,
560                                            &pipe_state->server_challenge,
561                                            &mach_pwd,
562                                            r->in.credentials,
563                                            r->out.return_credentials,
564                                            *r->in.negotiate_flags);
565         if (!creds) {
566                 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
567                         "request from client %s machine account %s\n",
568                         fn, r->in.computer_name,
569                         r->in.account_name));
570                 status = NT_STATUS_ACCESS_DENIED;
571                 goto out;
572         }
573
574         creds->sid = sid_dup_talloc(creds, &sid);
575         if (!creds->sid) {
576                 status = NT_STATUS_NO_MEMORY;
577                 goto out;
578         }
579
580         /* Store off the state so we can continue after client disconnect. */
581         become_root();
582         status = schannel_store_session_key(p->mem_ctx, creds);
583         unbecome_root();
584
585         if (!NT_STATUS_IS_OK(status)) {
586                 goto out;
587         }
588
589         sid_peek_rid(&sid, r->out.rid);
590
591         status = NT_STATUS_OK;
592
593   out:
594
595         *r->out.negotiate_flags = srv_flgs;
596         return status;
597 }
598
599 /*************************************************************************
600  _netr_ServerAuthenticate2
601  *************************************************************************/
602
603 NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
604                                    struct netr_ServerAuthenticate2 *r)
605 {
606         struct netr_ServerAuthenticate3 a;
607         uint32_t rid;
608
609         a.in.server_name                = r->in.server_name;
610         a.in.account_name               = r->in.account_name;
611         a.in.secure_channel_type        = r->in.secure_channel_type;
612         a.in.computer_name              = r->in.computer_name;
613         a.in.credentials                = r->in.credentials;
614         a.in.negotiate_flags            = r->in.negotiate_flags;
615
616         a.out.return_credentials        = r->out.return_credentials;
617         a.out.rid                       = &rid;
618         a.out.negotiate_flags           = r->out.negotiate_flags;
619
620         return _netr_ServerAuthenticate3(p, &a);
621 }
622
623 /*************************************************************************
624  *************************************************************************/
625
626 static NTSTATUS netr_creds_server_step_check(pipes_struct *p,
627                                              TALLOC_CTX *mem_ctx,
628                                              const char *computer_name,
629                                              struct netr_Authenticator *received_authenticator,
630                                              struct netr_Authenticator *return_authenticator,
631                                              struct netlogon_creds_CredentialState **creds_out)
632 {
633         NTSTATUS status;
634         struct tdb_context *tdb;
635         bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
636         bool schannel_in_use = (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL) ? true:false; /* &&
637                 (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY ||
638                  p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY); */
639
640         tdb = open_schannel_session_store(mem_ctx);
641         if (!tdb) {
642                 return NT_STATUS_ACCESS_DENIED;
643         }
644
645         status = schannel_creds_server_step_check_tdb(tdb, mem_ctx,
646                                                       computer_name,
647                                                       schannel_global_required,
648                                                       schannel_in_use,
649                                                       received_authenticator,
650                                                       return_authenticator,
651                                                       creds_out);
652         tdb_close(tdb);
653
654         return status;
655 }
656
657 /*************************************************************************
658  *************************************************************************/
659
660 static NTSTATUS netr_find_machine_account(TALLOC_CTX *mem_ctx,
661                                           const char *account_name,
662                                           struct samu **sampassp)
663 {
664         struct samu *sampass;
665         bool ret = false;
666         uint32_t acct_ctrl;
667
668         sampass = samu_new(mem_ctx);
669         if (!sampass) {
670                 return NT_STATUS_NO_MEMORY;
671         }
672
673         become_root();
674         ret = pdb_getsampwnam(sampass, account_name);
675         unbecome_root();
676
677         if (!ret) {
678                 TALLOC_FREE(sampass);
679                 return NT_STATUS_ACCESS_DENIED;
680         }
681
682         /* Ensure the account exists and is a machine account. */
683
684         acct_ctrl = pdb_get_acct_ctrl(sampass);
685
686         if (!(acct_ctrl & ACB_WSTRUST ||
687               acct_ctrl & ACB_SVRTRUST ||
688               acct_ctrl & ACB_DOMTRUST)) {
689                 TALLOC_FREE(sampass);
690                 return NT_STATUS_NO_SUCH_USER;
691         }
692
693         if (acct_ctrl & ACB_DISABLED) {
694                 TALLOC_FREE(sampass);
695                 return NT_STATUS_ACCOUNT_DISABLED;
696         }
697
698         *sampassp = sampass;
699
700         return NT_STATUS_OK;
701 }
702
703 /*************************************************************************
704  *************************************************************************/
705
706 static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
707                                                   struct samu *sampass,
708                                                   DATA_BLOB *plaintext_blob,
709                                                   struct samr_Password *nt_hash,
710                                                   struct samr_Password *lm_hash)
711 {
712         NTSTATUS status;
713         const uchar *old_pw;
714         const char *plaintext = NULL;
715         size_t plaintext_len;
716         struct samr_Password nt_hash_local;
717
718         if (!sampass) {
719                 return NT_STATUS_INVALID_PARAMETER;
720         }
721
722         if (plaintext_blob) {
723                 if (!convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
724                                            plaintext_blob->data, plaintext_blob->length,
725                                            &plaintext, &plaintext_len, false))
726                 {
727                         plaintext = NULL;
728                         mdfour(nt_hash_local.hash, plaintext_blob->data, plaintext_blob->length);
729                         nt_hash = &nt_hash_local;
730                 }
731         }
732
733         if (plaintext) {
734                 if (!pdb_set_plaintext_passwd(sampass, plaintext)) {
735                         return NT_STATUS_ACCESS_DENIED;
736                 }
737
738                 goto done;
739         }
740
741         if (nt_hash) {
742                 old_pw = pdb_get_nt_passwd(sampass);
743
744                 if (old_pw && memcmp(nt_hash->hash, old_pw, 16) == 0) {
745                         /* Avoid backend modificiations and other fun if the
746                            client changed the password to the *same thing* */
747                 } else {
748                         /* LM password should be NULL for machines */
749                         if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
750                                 return NT_STATUS_NO_MEMORY;
751                         }
752                         if (!pdb_set_nt_passwd(sampass, nt_hash->hash, PDB_CHANGED)) {
753                                 return NT_STATUS_NO_MEMORY;
754                         }
755
756                         if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
757                                 /* Not quite sure what this one qualifies as, but this will do */
758                                 return NT_STATUS_UNSUCCESSFUL;
759                         }
760                 }
761         }
762
763  done:
764         become_root();
765         status = pdb_update_sam_account(sampass);
766         unbecome_root();
767
768         return status;
769 }
770
771 /*************************************************************************
772  _netr_ServerPasswordSet
773  *************************************************************************/
774
775 NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
776                                  struct netr_ServerPasswordSet *r)
777 {
778         NTSTATUS status = NT_STATUS_OK;
779         struct samu *sampass=NULL;
780         int i;
781         struct netlogon_creds_CredentialState *creds;
782
783         DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
784
785         become_root();
786         status = netr_creds_server_step_check(p, p->mem_ctx,
787                                               r->in.computer_name,
788                                               r->in.credential,
789                                               r->out.return_authenticator,
790                                               &creds);
791         unbecome_root();
792
793         if (!NT_STATUS_IS_OK(status)) {
794                 DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
795                         "request from client %s machine account %s\n",
796                         r->in.computer_name, creds->computer_name));
797                 TALLOC_FREE(creds);
798                 return status;
799         }
800
801         DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
802                         r->in.computer_name, creds->computer_name));
803
804         netlogon_creds_des_decrypt(creds, r->in.new_password);
805
806         DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
807         for(i = 0; i < sizeof(r->in.new_password->hash); i++)
808                 DEBUG(100,("%02X ", r->in.new_password->hash[i]));
809         DEBUG(100,("\n"));
810
811         status = netr_find_machine_account(p->mem_ctx,
812                                            creds->account_name,
813                                            &sampass);
814         if (!NT_STATUS_IS_OK(status)) {
815                 return status;
816         }
817
818         status = netr_set_machine_account_password(sampass,
819                                                    sampass,
820                                                    NULL,
821                                                    r->in.new_password,
822                                                    NULL);
823         TALLOC_FREE(sampass);
824         return status;
825 }
826
827 /*************************************************************************
828  _netr_LogonSamLogoff
829  *************************************************************************/
830
831 NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
832                               struct netr_LogonSamLogoff *r)
833 {
834         NTSTATUS status;
835         struct netlogon_creds_CredentialState *creds;
836
837         become_root();
838         status = netr_creds_server_step_check(p, p->mem_ctx,
839                                               r->in.computer_name,
840                                               r->in.credential,
841                                               r->out.return_authenticator,
842                                               &creds);
843         unbecome_root();
844
845         return status;
846 }
847
848 /*************************************************************************
849  _netr_LogonSamLogon_base
850  *************************************************************************/
851
852 static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
853                                          struct netr_LogonSamLogonEx *r,
854                                          struct netlogon_creds_CredentialState *creds)
855 {
856         NTSTATUS status = NT_STATUS_OK;
857         union netr_LogonLevel *logon = r->in.logon;
858         const char *nt_username, *nt_domain, *nt_workstation;
859         auth_usersupplied_info *user_info = NULL;
860         auth_serversupplied_info *server_info = NULL;
861         struct auth_context *auth_context = NULL;
862         uint8_t pipe_session_key[16];
863         bool process_creds = true;
864         const char *fn;
865
866         switch (p->hdr_req.opnum) {
867                 case NDR_NETR_LOGONSAMLOGON:
868                         process_creds = true;
869                         fn = "_netr_LogonSamLogon";
870                         break;
871                 case NDR_NETR_LOGONSAMLOGONWITHFLAGS:
872                         process_creds = true;
873                         fn = "_netr_LogonSamLogonWithFlags";
874                         break;
875                 case NDR_NETR_LOGONSAMLOGONEX:
876                         process_creds = false;
877                         fn = "_netr_LogonSamLogonEx";
878                         break;
879                 default:
880                         return NT_STATUS_INTERNAL_ERROR;
881         }
882
883         *r->out.authoritative = true; /* authoritative response */
884
885         switch (r->in.validation_level) {
886         case 2:
887                 r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
888                 if (!r->out.validation->sam2) {
889                         return NT_STATUS_NO_MEMORY;
890                 }
891                 break;
892         case 3:
893                 r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
894                 if (!r->out.validation->sam3) {
895                         return NT_STATUS_NO_MEMORY;
896                 }
897                 break;
898         default:
899                 DEBUG(0,("%s: bad validation_level value %d.\n",
900                         fn, (int)r->in.validation_level));
901                 return NT_STATUS_INVALID_INFO_CLASS;
902         }
903
904         switch (r->in.logon_level) {
905         case NetlogonInteractiveInformation:
906                 nt_username     = logon->password->identity_info.account_name.string;
907                 nt_domain       = logon->password->identity_info.domain_name.string;
908                 nt_workstation  = logon->password->identity_info.workstation.string;
909
910                 DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
911                 break;
912         case NetlogonNetworkInformation:
913                 nt_username     = logon->network->identity_info.account_name.string;
914                 nt_domain       = logon->network->identity_info.domain_name.string;
915                 nt_workstation  = logon->network->identity_info.workstation.string;
916
917                 DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
918                 break;
919         default:
920                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
921                 return NT_STATUS_INVALID_INFO_CLASS;
922         } /* end switch */
923
924         DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
925         fstrcpy(current_user_info.smb_name, nt_username);
926         sub_set_smb_name(nt_username);
927
928         DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
929                 r->in.validation_level, nt_username));
930
931         status = NT_STATUS_OK;
932
933         switch (r->in.logon_level) {
934         case NetlogonNetworkInformation:
935         {
936                 const char *wksname = nt_workstation;
937
938                 status = make_auth_context_fixed(&auth_context,
939                                                  logon->network->challenge);
940                 if (!NT_STATUS_IS_OK(status)) {
941                         return status;
942                 }
943
944                 /* For a network logon, the workstation name comes in with two
945                  * backslashes in the front. Strip them if they are there. */
946
947                 if (*wksname == '\\') wksname++;
948                 if (*wksname == '\\') wksname++;
949
950                 /* Standard challenge/response authenticaion */
951                 if (!make_user_info_netlogon_network(&user_info,
952                                                      nt_username, nt_domain,
953                                                      wksname,
954                                                      logon->network->identity_info.parameter_control,
955                                                      logon->network->lm.data,
956                                                      logon->network->lm.length,
957                                                      logon->network->nt.data,
958                                                      logon->network->nt.length)) {
959                         status = NT_STATUS_NO_MEMORY;
960                 }
961                 break;
962         }
963         case NetlogonInteractiveInformation:
964                 /* 'Interactive' authentication, supplies the password in its
965                    MD4 form, encrypted with the session key.  We will convert
966                    this to challenge/response for the auth subsystem to chew
967                    on */
968         {
969                 uint8_t chal[8];
970
971                 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
972                         return status;
973                 }
974
975                 auth_context->get_ntlm_challenge(auth_context, chal);
976
977                 if (!make_user_info_netlogon_interactive(&user_info,
978                                                          nt_username, nt_domain,
979                                                          nt_workstation,
980                                                          logon->password->identity_info.parameter_control,
981                                                          chal,
982                                                          logon->password->lmpassword.hash,
983                                                          logon->password->ntpassword.hash,
984                                                          creds->session_key)) {
985                         status = NT_STATUS_NO_MEMORY;
986                 }
987                 break;
988         }
989         default:
990                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
991                 return NT_STATUS_INVALID_INFO_CLASS;
992         } /* end switch */
993
994         if ( NT_STATUS_IS_OK(status) ) {
995                 status = auth_context->check_ntlm_password(auth_context,
996                         user_info, &server_info);
997         }
998
999         (auth_context->free)(&auth_context);
1000         free_user_info(&user_info);
1001
1002         DEBUG(5,("%s: check_password returned status %s\n",
1003                   fn, nt_errstr(status)));
1004
1005         /* Check account and password */
1006
1007         if (!NT_STATUS_IS_OK(status)) {
1008                 /* If we don't know what this domain is, we need to
1009                    indicate that we are not authoritative.  This
1010                    allows the client to decide if it needs to try
1011                    a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
1012                 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
1013                      && !strequal(nt_domain, get_global_sam_name())
1014                      && !is_trusted_domain(nt_domain) )
1015                         *r->out.authoritative = false; /* We are not authoritative */
1016
1017                 TALLOC_FREE(server_info);
1018                 return status;
1019         }
1020
1021         if (server_info->guest) {
1022                 /* We don't like guest domain logons... */
1023                 DEBUG(5,("%s: Attempted domain logon as GUEST "
1024                          "denied.\n", fn));
1025                 TALLOC_FREE(server_info);
1026                 return NT_STATUS_LOGON_FAILURE;
1027         }
1028
1029         /* This is the point at which, if the login was successful, that
1030            the SAM Local Security Authority should record that the user is
1031            logged in to the domain.  */
1032
1033         if (process_creds) {
1034                 /* Get the pipe session key from the creds. */
1035                 memcpy(pipe_session_key, creds->session_key, 16);
1036         } else {
1037                 /* Get the pipe session key from the schannel. */
1038                 if ((p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL)
1039                     || (p->auth.a_u.schannel_auth == NULL)) {
1040                         return NT_STATUS_INVALID_HANDLE;
1041                 }
1042                 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1043         }
1044
1045         switch (r->in.validation_level) {
1046         case 2:
1047                 status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
1048                                                 r->out.validation->sam2);
1049                 break;
1050         case 3:
1051                 status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
1052                                                 r->out.validation->sam3);
1053                 break;
1054         }
1055
1056         TALLOC_FREE(server_info);
1057
1058         return status;
1059 }
1060
1061 /****************************************************************
1062  _netr_LogonSamLogonWithFlags
1063 ****************************************************************/
1064
1065 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1066                                       struct netr_LogonSamLogonWithFlags *r)
1067 {
1068         NTSTATUS status;
1069         struct netlogon_creds_CredentialState *creds;
1070         struct netr_LogonSamLogonEx r2;
1071         struct netr_Authenticator return_authenticator;
1072
1073         become_root();
1074         status = netr_creds_server_step_check(p, p->mem_ctx,
1075                                               r->in.computer_name,
1076                                               r->in.credential,
1077                                               &return_authenticator,
1078                                               &creds);
1079         unbecome_root();
1080         if (!NT_STATUS_IS_OK(status)) {
1081                 return status;
1082         }
1083
1084         r2.in.server_name       = r->in.server_name;
1085         r2.in.computer_name     = r->in.computer_name;
1086         r2.in.logon_level       = r->in.logon_level;
1087         r2.in.logon             = r->in.logon;
1088         r2.in.validation_level  = r->in.validation_level;
1089         r2.in.flags             = r->in.flags;
1090         r2.out.validation       = r->out.validation;
1091         r2.out.authoritative    = r->out.authoritative;
1092         r2.out.flags            = r->out.flags;
1093
1094         status = _netr_LogonSamLogon_base(p, &r2, creds);
1095
1096         *r->out.return_authenticator = return_authenticator;
1097
1098         return status;
1099 }
1100
1101 /*************************************************************************
1102  _netr_LogonSamLogon
1103  *************************************************************************/
1104
1105 NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
1106                              struct netr_LogonSamLogon *r)
1107 {
1108         NTSTATUS status;
1109         struct netr_LogonSamLogonWithFlags r2;
1110         uint32_t flags = 0;
1111
1112         r2.in.server_name               = r->in.server_name;
1113         r2.in.computer_name             = r->in.computer_name;
1114         r2.in.credential                = r->in.credential;
1115         r2.in.logon_level               = r->in.logon_level;
1116         r2.in.logon                     = r->in.logon;
1117         r2.in.validation_level          = r->in.validation_level;
1118         r2.in.return_authenticator      = r->in.return_authenticator;
1119         r2.in.flags                     = &flags;
1120         r2.out.validation               = r->out.validation;
1121         r2.out.authoritative            = r->out.authoritative;
1122         r2.out.flags                    = &flags;
1123         r2.out.return_authenticator     = r->out.return_authenticator;
1124
1125         status = _netr_LogonSamLogonWithFlags(p, &r2);
1126
1127         return status;
1128 }
1129
1130 /*************************************************************************
1131  _netr_LogonSamLogonEx
1132  - no credential chaining. Map into net sam logon.
1133  *************************************************************************/
1134
1135 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1136                                struct netr_LogonSamLogonEx *r)
1137 {
1138         NTSTATUS status;
1139         struct netlogon_creds_CredentialState *creds;
1140
1141         become_root();
1142         status = schannel_fetch_session_key(p->mem_ctx, r->in.computer_name, &creds);
1143         unbecome_root();
1144         if (!NT_STATUS_IS_OK(status)) {
1145                 return status;
1146         }
1147
1148         /* Only allow this if the pipe is protected. */
1149         if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1150                 DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
1151                         get_remote_machine_name() ));
1152                 return NT_STATUS_INVALID_PARAMETER;
1153         }
1154
1155         status = _netr_LogonSamLogon_base(p, r, creds);
1156         TALLOC_FREE(creds);
1157
1158         return status;
1159 }
1160
1161 /*************************************************************************
1162  _ds_enum_dom_trusts
1163  *************************************************************************/
1164 #if 0   /* JERRY -- not correct */
1165  NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
1166                              DS_R_ENUM_DOM_TRUSTS *r_u)
1167 {
1168         NTSTATUS status = NT_STATUS_OK;
1169
1170         /* TODO: According to MSDN, the can only be executed against a
1171            DC or domain member running Windows 2000 or later.  Need
1172            to test against a standalone 2k server and see what it
1173            does.  A windows 2000 DC includes its own domain in the
1174            list.  --jerry */
1175
1176         return status;
1177 }
1178 #endif  /* JERRY */
1179
1180
1181 /****************************************************************
1182 ****************************************************************/
1183
1184 WERROR _netr_LogonUasLogon(pipes_struct *p,
1185                            struct netr_LogonUasLogon *r)
1186 {
1187         p->rng_fault_state = true;
1188         return WERR_NOT_SUPPORTED;
1189 }
1190
1191 /****************************************************************
1192 ****************************************************************/
1193
1194 WERROR _netr_LogonUasLogoff(pipes_struct *p,
1195                             struct netr_LogonUasLogoff *r)
1196 {
1197         p->rng_fault_state = true;
1198         return WERR_NOT_SUPPORTED;
1199 }
1200
1201 /****************************************************************
1202 ****************************************************************/
1203
1204 NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1205                               struct netr_DatabaseDeltas *r)
1206 {
1207         p->rng_fault_state = true;
1208         return NT_STATUS_NOT_IMPLEMENTED;
1209 }
1210
1211 /****************************************************************
1212 ****************************************************************/
1213
1214 NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1215                             struct netr_DatabaseSync *r)
1216 {
1217         p->rng_fault_state = true;
1218         return NT_STATUS_NOT_IMPLEMENTED;
1219 }
1220
1221 /****************************************************************
1222 ****************************************************************/
1223
1224 NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1225                              struct netr_AccountDeltas *r)
1226 {
1227         p->rng_fault_state = true;
1228         return NT_STATUS_NOT_IMPLEMENTED;
1229 }
1230
1231 /****************************************************************
1232 ****************************************************************/
1233
1234 NTSTATUS _netr_AccountSync(pipes_struct *p,
1235                            struct netr_AccountSync *r)
1236 {
1237         p->rng_fault_state = true;
1238         return NT_STATUS_NOT_IMPLEMENTED;
1239 }
1240
1241 /****************************************************************
1242 ****************************************************************/
1243
1244 WERROR _netr_GetDcName(pipes_struct *p,
1245                        struct netr_GetDcName *r)
1246 {
1247         p->rng_fault_state = true;
1248         return WERR_NOT_SUPPORTED;
1249 }
1250
1251 /****************************************************************
1252 ****************************************************************/
1253
1254 WERROR _netr_GetAnyDCName(pipes_struct *p,
1255                           struct netr_GetAnyDCName *r)
1256 {
1257         p->rng_fault_state = true;
1258         return WERR_NOT_SUPPORTED;
1259 }
1260
1261 /****************************************************************
1262 ****************************************************************/
1263
1264 NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1265                              struct netr_DatabaseSync2 *r)
1266 {
1267         p->rng_fault_state = true;
1268         return NT_STATUS_NOT_IMPLEMENTED;
1269 }
1270
1271 /****************************************************************
1272 ****************************************************************/
1273
1274 NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1275                             struct netr_DatabaseRedo *r)
1276 {
1277         p->rng_fault_state = true;
1278         return NT_STATUS_NOT_IMPLEMENTED;
1279 }
1280
1281 /****************************************************************
1282 ****************************************************************/
1283
1284 WERROR _netr_DsRGetDCName(pipes_struct *p,
1285                           struct netr_DsRGetDCName *r)
1286 {
1287         p->rng_fault_state = true;
1288         return WERR_NOT_SUPPORTED;
1289 }
1290
1291 /****************************************************************
1292 ****************************************************************/
1293
1294 NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
1295                                     struct netr_LogonGetCapabilities *r)
1296 {
1297         return NT_STATUS_NOT_IMPLEMENTED;
1298 }
1299
1300 /****************************************************************
1301 ****************************************************************/
1302
1303 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1304                                      struct netr_NETRLOGONSETSERVICEBITS *r)
1305 {
1306         p->rng_fault_state = true;
1307         return WERR_NOT_SUPPORTED;
1308 }
1309
1310 /****************************************************************
1311 ****************************************************************/
1312
1313 WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1314                               struct netr_LogonGetTrustRid *r)
1315 {
1316         p->rng_fault_state = true;
1317         return WERR_NOT_SUPPORTED;
1318 }
1319
1320 /****************************************************************
1321 ****************************************************************/
1322
1323 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1324                                           struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1325 {
1326         p->rng_fault_state = true;
1327         return WERR_NOT_SUPPORTED;
1328 }
1329
1330 /****************************************************************
1331 ****************************************************************/
1332
1333 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1334                                           struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1335 {
1336         p->rng_fault_state = true;
1337         return WERR_NOT_SUPPORTED;
1338 }
1339
1340 /****************************************************************
1341 ****************************************************************/
1342
1343 WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1344                             struct netr_DsRGetDCNameEx *r)
1345 {
1346         p->rng_fault_state = true;
1347         return WERR_NOT_SUPPORTED;
1348 }
1349
1350 /****************************************************************
1351 ****************************************************************/
1352
1353 WERROR _netr_DsRGetSiteName(pipes_struct *p,
1354                             struct netr_DsRGetSiteName *r)
1355 {
1356         p->rng_fault_state = true;
1357         return WERR_NOT_SUPPORTED;
1358 }
1359
1360 /****************************************************************
1361 ****************************************************************/
1362
1363 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1364                                   struct netr_LogonGetDomainInfo *r)
1365 {
1366         p->rng_fault_state = true;
1367         return NT_STATUS_NOT_IMPLEMENTED;
1368 }
1369
1370 /****************************************************************
1371 ****************************************************************/
1372
1373 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
1374                                   struct netr_ServerPasswordSet2 *r)
1375 {
1376         p->rng_fault_state = true;
1377         return NT_STATUS_NOT_IMPLEMENTED;
1378 }
1379
1380 /****************************************************************
1381 ****************************************************************/
1382
1383 WERROR _netr_ServerPasswordGet(pipes_struct *p,
1384                                struct netr_ServerPasswordGet *r)
1385 {
1386         p->rng_fault_state = true;
1387         return WERR_NOT_SUPPORTED;
1388 }
1389
1390 /****************************************************************
1391 ****************************************************************/
1392
1393 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1394                                 struct netr_NETRLOGONSENDTOSAM *r)
1395 {
1396         p->rng_fault_state = true;
1397         return WERR_NOT_SUPPORTED;
1398 }
1399
1400 /****************************************************************
1401 ****************************************************************/
1402
1403 WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1404                                     struct netr_DsRAddressToSitenamesW *r)
1405 {
1406         p->rng_fault_state = true;
1407         return WERR_NOT_SUPPORTED;
1408 }
1409
1410 /****************************************************************
1411 ****************************************************************/
1412
1413 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1414                              struct netr_DsRGetDCNameEx2 *r)
1415 {
1416         p->rng_fault_state = true;
1417         return WERR_NOT_SUPPORTED;
1418 }
1419
1420 /****************************************************************
1421 ****************************************************************/
1422
1423 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1424                                                  struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1425 {
1426         p->rng_fault_state = true;
1427         return WERR_NOT_SUPPORTED;
1428 }
1429
1430 /****************************************************************
1431 ****************************************************************/
1432
1433 WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1434                                            struct netr_NetrEnumerateTrustedDomainsEx *r)
1435 {
1436         p->rng_fault_state = true;
1437         return WERR_NOT_SUPPORTED;
1438 }
1439
1440 /****************************************************************
1441 ****************************************************************/
1442
1443 WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1444                                       struct netr_DsRAddressToSitenamesExW *r)
1445 {
1446         p->rng_fault_state = true;
1447         return WERR_NOT_SUPPORTED;
1448 }
1449
1450 /****************************************************************
1451 ****************************************************************/
1452
1453 WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1454                                    struct netr_DsrGetDcSiteCoverageW *r)
1455 {
1456         p->rng_fault_state = true;
1457         return WERR_NOT_SUPPORTED;
1458 }
1459
1460 /****************************************************************
1461 ****************************************************************/
1462
1463 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1464                                       struct netr_DsrEnumerateDomainTrusts *r)
1465 {
1466         p->rng_fault_state = true;
1467         return WERR_NOT_SUPPORTED;
1468 }
1469
1470 /****************************************************************
1471 ****************************************************************/
1472
1473 WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1474                                          struct netr_DsrDeregisterDNSHostRecords *r)
1475 {
1476         p->rng_fault_state = true;
1477         return WERR_NOT_SUPPORTED;
1478 }
1479
1480 /****************************************************************
1481 ****************************************************************/
1482
1483 NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1484                                        struct netr_ServerTrustPasswordsGet *r)
1485 {
1486         p->rng_fault_state = true;
1487         return NT_STATUS_NOT_IMPLEMENTED;
1488 }
1489
1490 /****************************************************************
1491 ****************************************************************/
1492
1493 WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1494                                           struct netr_DsRGetForestTrustInformation *r)
1495 {
1496         p->rng_fault_state = true;
1497         return WERR_NOT_SUPPORTED;
1498 }
1499
1500 /****************************************************************
1501 ****************************************************************/
1502
1503 WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1504                                        struct netr_GetForestTrustInformation *r)
1505 {
1506         p->rng_fault_state = true;
1507         return WERR_NOT_SUPPORTED;
1508 }
1509
1510 /****************************************************************
1511 ****************************************************************/
1512
1513 NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p,
1514                                   struct netr_ServerGetTrustInfo *r)
1515 {
1516         p->rng_fault_state = true;
1517         return NT_STATUS_NOT_IMPLEMENTED;
1518 }
1519