2 Unix SMB/CIFS implementation.
4 endpoint server for the drsuapi pipe
6 Copyright (C) Stefan Metzmacher 2004
7 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_drsuapi.h"
25 #include "rpc_server/dcerpc_server.h"
26 #include "rpc_server/common/common.h"
27 #include "dsdb/samdb/samdb.h"
28 #include "lib/ldb/include/ldb_errors.h"
29 #include "param/param.h"
30 #include "librpc/gen_ndr/ndr_drsblobs.h"
31 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
32 #include "libcli/security/security.h"
37 static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
38 struct drsuapi_DsBind *r)
40 struct drsuapi_bind_state *b_state;
41 struct dcesrv_handle *handle;
42 struct drsuapi_DsBindInfoCtr *bind_info;
43 struct GUID site_guid;
44 struct ldb_result *site_res;
45 struct ldb_dn *server_site_dn;
46 static const char *site_attrs[] = { "objectGUID", NULL };
47 struct ldb_result *ntds_res;
48 struct ldb_dn *ntds_dn;
49 static const char *ntds_attrs[] = { "ms-DS-ReplicationEpoch", NULL };
54 r->out.bind_info = NULL;
55 ZERO_STRUCTP(r->out.bind_handle);
57 b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
58 W_ERROR_HAVE_NO_MEMORY(b_state);
61 * connect to the samdb
63 b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
64 if (!b_state->sam_ctx) {
69 * find out the guid of our own site
71 server_site_dn = samdb_server_site_dn(b_state->sam_ctx, mem_ctx);
72 W_ERROR_HAVE_NO_MEMORY(server_site_dn);
74 ret = ldb_search(b_state->sam_ctx, mem_ctx, &site_res,
75 server_site_dn, LDB_SCOPE_BASE, site_attrs,
77 if (ret != LDB_SUCCESS) {
78 return WERR_DS_DRA_INTERNAL_ERROR;
80 if (site_res->count != 1) {
81 return WERR_DS_DRA_INTERNAL_ERROR;
83 site_guid = samdb_result_guid(site_res->msgs[0], "objectGUID");
86 * lookup the local servers Replication Epoch
88 ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx);
89 W_ERROR_HAVE_NO_MEMORY(ntds_dn);
91 ret = ldb_search(b_state->sam_ctx, mem_ctx, &ntds_res,
92 ntds_dn, LDB_SCOPE_BASE, ntds_attrs,
94 if (ret != LDB_SUCCESS) {
95 return WERR_DS_DRA_INTERNAL_ERROR;
97 if (ntds_res->count != 1) {
98 return WERR_DS_DRA_INTERNAL_ERROR;
100 repl_epoch = samdb_result_uint(ntds_res->msgs[0], "ms-DS-ReplicationEpoch", 0);
103 * The "process identifier" of the client.
104 * According to the WSPP docs, sectin 5.35, this is
105 * for informational and debugging purposes only.
106 * The assignment is implementation specific.
111 * store the clients bind_guid
113 if (r->in.bind_guid) {
114 b_state->remote_bind_guid = *r->in.bind_guid;
118 * store the clients bind_info
120 if (r->in.bind_info) {
121 switch (r->in.bind_info->length) {
123 struct drsuapi_DsBindInfo24 *info24;
124 info24 = &r->in.bind_info->info.info24;
125 b_state->remote_info28.supported_extensions = info24->supported_extensions;
126 b_state->remote_info28.site_guid = info24->site_guid;
127 b_state->remote_info28.pid = info24->pid;
128 b_state->remote_info28.repl_epoch = 0;
132 b_state->remote_info28 = r->in.bind_info->info.info28;
138 * fill in our local bind info 28
140 b_state->local_info28.supported_extensions = 0;
141 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
142 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
143 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
144 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
145 #if 0 /* we don't support MSZIP compression (only decompression) */
146 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
148 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
149 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
150 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
151 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
152 if (0 /*domain.behavior_version == 2*/) {
153 /* TODO: find out how this is really triggered! */
154 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
156 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
157 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
158 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
159 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
160 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
161 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
162 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
163 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
164 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
165 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_00100000;
166 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
167 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
168 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
169 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
170 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
171 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
172 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
173 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
174 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
175 #if 0 /* we don't support XPRESS compression yet */
176 b_state->local_info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
178 b_state->local_info28.site_guid = site_guid;
179 b_state->local_info28.pid = pid;
180 b_state->local_info28.repl_epoch = repl_epoch;
183 * allocate the return bind_info
185 bind_info = talloc(mem_ctx, struct drsuapi_DsBindInfoCtr);
186 W_ERROR_HAVE_NO_MEMORY(bind_info);
188 bind_info->length = 28;
189 bind_info->info.info28 = b_state->local_info28;
192 * allocate a bind handle
194 handle = dcesrv_handle_new(dce_call->context, DRSUAPI_BIND_HANDLE);
195 W_ERROR_HAVE_NO_MEMORY(handle);
196 handle->data = talloc_steal(handle, b_state);
201 r->out.bind_info = bind_info;
202 *r->out.bind_handle = handle->wire_handle;
211 static WERROR dcesrv_drsuapi_DsUnbind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
212 struct drsuapi_DsUnbind *r)
214 struct dcesrv_handle *h;
216 *r->out.bind_handle = *r->in.bind_handle;
218 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
222 ZERO_STRUCTP(r->out.bind_handle);
229 drsuapi_DsReplicaSync
231 static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
232 struct drsuapi_DsReplicaSync *r)
234 if (security_session_user_level(dce_call->conn->auth_state.session_info) <
235 SECURITY_DOMAIN_CONTROLLER) {
236 DEBUG(0,("DsReplicaSync refused for security token\n"));
237 return WERR_DS_DRA_ACCESS_DENIED;
240 dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICASYNC,
242 "dreplsrv", "DsReplicaSync");
250 static WERROR dcesrv_drsuapi_DsReplicaAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
251 struct drsuapi_DsReplicaAdd *r)
253 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
260 static WERROR dcesrv_drsuapi_DsReplicaDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
261 struct drsuapi_DsReplicaDel *r)
263 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
268 drsuapi_DsReplicaModify
270 static WERROR dcesrv_drsuapi_DsReplicaMod(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
271 struct drsuapi_DsReplicaMod *r)
273 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
280 static WERROR dcesrv_DRSUAPI_VERIFY_NAMES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
281 struct DRSUAPI_VERIFY_NAMES *r)
283 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
288 drsuapi_DsGetMemberships
290 static WERROR dcesrv_drsuapi_DsGetMemberships(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
291 struct drsuapi_DsGetMemberships *r)
293 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
298 DRSUAPI_INTER_DOMAIN_MOVE
300 static WERROR dcesrv_DRSUAPI_INTER_DOMAIN_MOVE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
301 struct DRSUAPI_INTER_DOMAIN_MOVE *r)
303 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
308 drsuapi_DsGetNT4ChangeLog
310 static WERROR dcesrv_drsuapi_DsGetNT4ChangeLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
311 struct drsuapi_DsGetNT4ChangeLog *r)
313 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
320 static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
321 struct drsuapi_DsCrackNames *r)
324 struct drsuapi_bind_state *b_state;
325 struct dcesrv_handle *h;
327 *r->out.level_out = r->in.level;
329 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
332 r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsNameCtr);
333 W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
335 switch (r->in.level) {
337 struct drsuapi_DsNameCtr1 *ctr1;
338 struct drsuapi_DsNameInfo1 *names;
342 ctr1 = talloc(mem_ctx, struct drsuapi_DsNameCtr1);
343 W_ERROR_HAVE_NO_MEMORY(ctr1);
345 count = r->in.req->req1.count;
346 names = talloc_array(mem_ctx, struct drsuapi_DsNameInfo1, count);
347 W_ERROR_HAVE_NO_MEMORY(names);
349 for (i=0; i < count; i++) {
350 status = DsCrackNameOneName(b_state->sam_ctx, mem_ctx,
351 r->in.req->req1.format_flags,
352 r->in.req->req1.format_offered,
353 r->in.req->req1.format_desired,
354 r->in.req->req1.names[i].str,
356 if (!W_ERROR_IS_OK(status)) {
363 r->out.ctr->ctr1 = ctr1;
369 return WERR_UNKNOWN_LEVEL;
373 drsuapi_DsWriteAccountSpn
375 static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
376 struct drsuapi_DsWriteAccountSpn *r)
378 struct drsuapi_bind_state *b_state;
379 struct dcesrv_handle *h;
381 *r->out.level_out = r->in.level;
383 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
386 r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult);
387 W_ERROR_HAVE_NO_MEMORY(r->out.res);
389 switch (r->in.level) {
391 struct drsuapi_DsWriteAccountSpnRequest1 *req;
392 struct ldb_message *msg;
394 req = &r->in.req->req1;
397 msg = ldb_msg_new(mem_ctx);
402 msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn);
403 if ( ! ldb_dn_validate(msg->dn)) {
404 r->out.res->res1.status = WERR_OK;
409 for (i = 0; i < count; i++) {
410 samdb_msg_add_string(b_state->sam_ctx,
411 msg, msg, "servicePrincipalName",
412 req->spn_names[i].str);
414 for (i=0;i<msg->num_elements;i++) {
415 switch (req->operation) {
416 case DRSUAPI_DS_SPN_OPERATION_ADD:
417 msg->elements[i].flags = LDB_FLAG_MOD_ADD;
419 case DRSUAPI_DS_SPN_OPERATION_REPLACE:
420 msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
422 case DRSUAPI_DS_SPN_OPERATION_DELETE:
423 msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
428 /* Apply to database */
430 ret = ldb_modify(b_state->sam_ctx, msg);
432 DEBUG(0,("Failed to modify SPNs on %s: %s\n",
433 ldb_dn_get_linearized(msg->dn),
434 ldb_errstring(b_state->sam_ctx)));
435 r->out.res->res1.status = WERR_ACCESS_DENIED;
437 r->out.res->res1.status = WERR_OK;
444 return WERR_UNKNOWN_LEVEL;
449 drsuapi_DsRemoveDSServer
451 static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
452 struct drsuapi_DsRemoveDSServer *r)
454 struct drsuapi_bind_state *b_state;
455 struct dcesrv_handle *h;
456 struct ldb_dn *ntds_dn;
460 ZERO_STRUCT(r->out.res);
461 *r->out.level_out = 1;
463 if (security_session_user_level(dce_call->conn->auth_state.session_info) <
464 SECURITY_DOMAIN_CONTROLLER) {
465 DEBUG(0,("DsRemoveDSServer refused for security token\n"));
466 return WERR_DS_DRA_ACCESS_DENIED;
469 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
472 switch (r->in.level) {
474 ntds_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, r->in.req->req1.server_dn);
475 W_ERROR_HAVE_NO_MEMORY(ntds_dn);
477 ok = ldb_dn_validate(ntds_dn);
482 /* TODO: it's likely that we need more checks here */
484 ok = ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings");
489 if (r->in.req->req1.commit) {
490 ret = ldb_delete(b_state->sam_ctx, ntds_dn);
491 if (ret != LDB_SUCCESS) {
506 DRSUAPI_REMOVE_DS_DOMAIN
508 static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
509 struct DRSUAPI_REMOVE_DS_DOMAIN *r)
511 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
514 /* Obtain the site name from a server DN */
515 static const char *result_site_name(struct ldb_dn *site_dn)
517 /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
518 const struct ldb_val *val = ldb_dn_get_component_val(site_dn, 2);
519 const char *name = ldb_dn_get_component_name(site_dn, 2);
521 if (!name || (ldb_attr_cmp(name, "cn") != 0)) {
522 /* Ensure this matches the format. This gives us a
523 * bit more confidence that a 'cn' value will be a
528 return (char *)val->data;
534 drsuapi_DsGetDomainControllerInfo
536 static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_state *b_state,
538 struct drsuapi_DsGetDomainControllerInfo *r)
540 struct ldb_dn *sites_dn;
541 struct ldb_result *res;
543 const char *attrs_account_1[] = { "cn", "dnsHostName", NULL };
544 const char *attrs_account_2[] = { "cn", "dnsHostName", "objectGUID", NULL };
546 const char *attrs_none[] = { NULL };
548 const char *attrs_site[] = { "objectGUID", NULL };
550 const char *attrs_ntds[] = { "options", "objectGUID", NULL };
552 const char *attrs_1[] = { "serverReference", "cn", "dnsHostName", NULL };
553 const char *attrs_2[] = { "serverReference", "cn", "dnsHostName", "objectGUID", NULL };
556 struct drsuapi_DsGetDCInfoCtr1 *ctr1;
557 struct drsuapi_DsGetDCInfoCtr2 *ctr2;
561 *r->out.level_out = r->in.req->req1.level;
562 r->out.ctr = talloc(mem_ctx, union drsuapi_DsGetDCInfoCtr);
563 W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
565 sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
567 return WERR_DS_OBJ_NOT_FOUND;
570 switch (*r->out.level_out) {
572 /* this level is not like the others */
573 return WERR_UNKNOWN_LEVEL;
581 return WERR_UNKNOWN_LEVEL;
584 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
585 "objectClass=server");
588 DEBUG(1, ("searching for servers in sites DN %s failed: %s\n",
589 ldb_dn_get_linearized(sites_dn), ldb_errstring(b_state->sam_ctx)));
590 return WERR_GENERAL_FAILURE;
593 switch (*r->out.level_out) {
595 ctr1 = &r->out.ctr->ctr1;
596 ctr1->count = res->count;
597 ctr1->array = talloc_zero_array(mem_ctx,
598 struct drsuapi_DsGetDCInfo1,
600 for (i=0; i < res->count; i++) {
601 struct ldb_dn *domain_dn;
602 struct ldb_result *res_domain;
603 struct ldb_result *res_account;
604 struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
606 struct ldb_dn *ref_dn
607 = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
608 mem_ctx, res->msgs[i],
611 if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
615 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
616 LDB_SCOPE_BASE, attrs_account_1, "objectClass=computer");
617 if (ret == LDB_SUCCESS && res_account->count == 1) {
619 ctr1->array[i].dns_name
620 = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
621 ctr1->array[i].netbios_name
622 = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
623 ctr1->array[i].computer_dn
624 = ldb_dn_get_linearized(res_account->msgs[0]->dn);
626 /* Determine if this is the PDC */
627 ret = samdb_search_for_parent_domain(b_state->sam_ctx,
628 mem_ctx, res_account->msgs[0]->dn,
629 &domain_dn, &errstr);
631 if (ret == LDB_SUCCESS) {
632 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
633 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
634 ldb_dn_get_linearized(ntds_dn));
636 return WERR_GENERAL_FAILURE;
638 if (res_domain->count == 1) {
639 ctr1->array[i].is_pdc = true;
643 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
644 DEBUG(5, ("warning: searching for computer DN %s failed: %s\n",
645 ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
648 /* Look at server DN and extract site component */
649 ctr1->array[i].site_name = result_site_name(res->msgs[i]->dn);
650 ctr1->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
653 ctr1->array[i].is_enabled = true;
658 ctr2 = &r->out.ctr->ctr2;
659 ctr2->count = res->count;
660 ctr2->array = talloc_zero_array(mem_ctx,
661 struct drsuapi_DsGetDCInfo2,
663 for (i=0; i < res->count; i++) {
664 struct ldb_dn *domain_dn;
665 struct ldb_result *res_domain;
666 struct ldb_result *res_account;
667 struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
668 struct ldb_result *res_ntds;
669 struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
670 struct ldb_result *res_site;
671 struct ldb_dn *ref_dn
672 = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
673 mem_ctx, res->msgs[i],
676 if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
680 /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
681 if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
685 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
686 LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
687 if (ret == LDB_SUCCESS && res_ntds->count == 1) {
689 = (ldb_msg_find_attr_as_int(res_ntds->msgs[0], "options", 0) == 1);
690 ctr2->array[i].ntds_guid
691 = samdb_result_guid(res_ntds->msgs[0], "objectGUID");
692 ctr2->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
694 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
695 DEBUG(5, ("warning: searching for NTDS DN %s failed: %s\n",
696 ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx)));
699 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
700 LDB_SCOPE_BASE, attrs_site, "objectClass=site");
701 if (ret == LDB_SUCCESS && res_site->count == 1) {
702 ctr2->array[i].site_guid
703 = samdb_result_guid(res_site->msgs[0], "objectGUID");
704 ctr2->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
706 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
707 DEBUG(5, ("warning: searching for site DN %s failed: %s\n",
708 ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx)));
711 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
712 LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
713 if (ret == LDB_SUCCESS && res_account->count == 1) {
715 ctr2->array[i].dns_name
716 = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
717 ctr2->array[i].netbios_name
718 = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
719 ctr2->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
720 ctr2->array[i].computer_guid
721 = samdb_result_guid(res_account->msgs[0], "objectGUID");
723 /* Determine if this is the PDC */
724 ret = samdb_search_for_parent_domain(b_state->sam_ctx,
725 mem_ctx, res_account->msgs[0]->dn,
726 &domain_dn, &errstr);
728 if (ret == LDB_SUCCESS) {
729 ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
730 LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
731 ldb_dn_get_linearized(ntds_dn));
732 if (ret == LDB_SUCCESS && res_domain->count == 1) {
733 ctr2->array[i].is_pdc = true;
735 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
736 DEBUG(5, ("warning: searching for domain DN %s failed: %s\n",
737 ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx)));
741 if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
742 DEBUG(5, ("warning: searching for computer account DN %s failed: %s\n",
743 ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx)));
746 /* Look at server DN and extract site component */
747 ctr2->array[i].site_name = result_site_name(res->msgs[i]->dn);
748 ctr2->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
749 ctr2->array[i].server_guid
750 = samdb_result_guid(res->msgs[i], "objectGUID");
752 ctr2->array[i].is_enabled = true;
761 drsuapi_DsGetDomainControllerInfo
763 static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
764 struct drsuapi_DsGetDomainControllerInfo *r)
766 struct dcesrv_handle *h;
767 struct drsuapi_bind_state *b_state;
768 DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
771 switch (r->in.level) {
773 return dcesrv_drsuapi_DsGetDomainControllerInfo_1(b_state, mem_ctx, r);
776 return WERR_UNKNOWN_LEVEL;
784 static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
785 struct drsuapi_DsExecuteKCC *r)
787 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
792 drsuapi_DsReplicaGetInfo
794 static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
795 struct drsuapi_DsReplicaGetInfo *r)
797 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
802 DRSUAPI_ADD_SID_HISTORY
804 static WERROR dcesrv_DRSUAPI_ADD_SID_HISTORY(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
805 struct DRSUAPI_ADD_SID_HISTORY *r)
807 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
811 drsuapi_DsGetMemberships2
813 static WERROR dcesrv_drsuapi_DsGetMemberships2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
814 struct drsuapi_DsGetMemberships2 *r)
816 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
820 DRSUAPI_REPLICA_VERIFY_OBJECTS
822 static WERROR dcesrv_DRSUAPI_REPLICA_VERIFY_OBJECTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
823 struct DRSUAPI_REPLICA_VERIFY_OBJECTS *r)
825 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
830 DRSUAPI_GET_OBJECT_EXISTENCE
832 static WERROR dcesrv_DRSUAPI_GET_OBJECT_EXISTENCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
833 struct DRSUAPI_GET_OBJECT_EXISTENCE *r)
835 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
840 drsuapi_QuerySitesByCost
842 static WERROR dcesrv_drsuapi_QuerySitesByCost(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
843 struct drsuapi_QuerySitesByCost *r)
845 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
849 /* include the generated boilerplate */
850 #include "librpc/gen_ndr/ndr_drsuapi_s.c"
git.samba.org / ira / wip.git / blob