s4-netlogond: Fix use of uninitialised value dns_name
[ira/wip.git] / source4 / rpc_server / netlogon / dcerpc_netlogon.c
index 0ddd098897d910a811df322d281a66d9ca7637a6..1cbd9583c7a68d828ee54d76997f9cd64ba9ce1d 100644 (file)
@@ -5,7 +5,7 @@
 
    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
    Copyright (C) Stefan Metzmacher <metze@samba.org>  2005
-   Copyright (C) Matthias Dieter Wallnöfer            2009
+   Copyright (C) Matthias Dieter Wallnöfer            2009-2010
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -37,6 +37,7 @@
 #include "lib/tsocket/tsocket.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "librpc/gen_ndr/ndr_irpc.h"
+#include "lib/socket/netif.h"
 
 struct netlogon_server_pipe_state {
        struct netr_Credential client_challenge;
@@ -125,9 +126,17 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
                                  NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
                                  NETLOGON_NEG_AUTHENTICATED_RPC;
 
-       if (!pipe_state) {
-               DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
-               return NT_STATUS_ACCESS_DENIED;
+       switch (r->in.secure_channel_type) {
+       case SEC_CHAN_WKSTA:
+       case SEC_CHAN_DNS_DOMAIN:
+       case SEC_CHAN_DOMAIN:
+       case SEC_CHAN_BDC:
+       case SEC_CHAN_RODC:
+               break;
+       default:
+               DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
+                         r->in.secure_channel_type));
+               return NT_STATUS_INVALID_PARAMETER;
        }
 
        sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
@@ -157,7 +166,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
                if (num_records == 0) {
                        DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
                                 encoded_account));
-                       return NT_STATUS_ACCESS_DENIED;
+                       return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
                }
 
                if (num_records > 1) {
@@ -168,7 +177,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
                flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
                if (!flatname) {
                        /* No flatname for this trust - we can't proceed */
-                       return NT_STATUS_ACCESS_DENIED;
+                       return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
                }
                account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
 
@@ -188,7 +197,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
        if (num_records == 0) {
                DEBUG(3,("Couldn't find user [%s] in samdb.\n",
                         r->in.account_name));
-               return NT_STATUS_ACCESS_DENIED;
+               return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
        }
 
        if (num_records > 1) {
@@ -200,35 +209,34 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 
        if (user_account_control & UF_ACCOUNTDISABLE) {
                DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
-               return NT_STATUS_ACCESS_DENIED;
+               return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
        }
 
        if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
                if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
                        DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
-                       return NT_STATUS_ACCESS_DENIED;
+                       return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
                }
        } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
                   r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
                if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
                        DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
 
-                       return NT_STATUS_ACCESS_DENIED;
+                       return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
                }
        } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
                if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
                        DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
-                       return NT_STATUS_ACCESS_DENIED;
+                       return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
                }
        } else if (r->in.secure_channel_type == SEC_CHAN_RODC) {
                if (!(user_account_control & UF_PARTIAL_SECRETS_ACCOUNT)) {
                        DEBUG(1, ("Client asked for a RODC secure channel, but is not a RODC: acb flags: 0x%x\n", user_account_control));
-                       return NT_STATUS_ACCESS_DENIED;
+                       return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
                }
        } else {
-               DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
-                         r->in.secure_channel_type));
-               return NT_STATUS_ACCESS_DENIED;
+               /* we should never reach this */
+               return NT_STATUS_INTERNAL_ERROR;
        }
 
        *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
@@ -239,6 +247,11 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       if (!pipe_state) {
+               DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        creds = netlogon_creds_server_init(mem_ctx,
                                           r->in.account_name,
                                           r->in.computer_name,
@@ -257,7 +270,7 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
        creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
 
        nt_status = schannel_save_creds_state(mem_ctx,
-                                             lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+                                             dce_call->conn->dce_ctx->lp_ctx,
                                              creds);
 
        return nt_status;
@@ -369,7 +382,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dc
        }
 
        nt_status = schannel_check_creds_state(mem_ctx,
-                                              lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+                                              dce_call->conn->dce_ctx->lp_ctx,
                                               computer_name,
                                               received_authenticator,
                                               return_authenticator,
@@ -519,6 +532,65 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
 }
 
 
+static NTSTATUS dcesrv_netr_LogonSamLogon_check(const struct netr_LogonSamLogonEx *r)
+{
+       switch (r->in.logon_level) {
+       case NetlogonInteractiveInformation:
+       case NetlogonServiceInformation:
+       case NetlogonInteractiveTransitiveInformation:
+       case NetlogonServiceTransitiveInformation:
+               if (r->in.logon->password == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               switch (r->in.validation_level) {
+               case NetlogonValidationSamInfo:  /* 2 */
+               case NetlogonValidationSamInfo2: /* 3 */
+               case NetlogonValidationSamInfo4: /* 6 */
+                       break;
+               default:
+                       return NT_STATUS_INVALID_INFO_CLASS;
+               }
+
+               break;
+       case NetlogonNetworkInformation:
+       case NetlogonNetworkTransitiveInformation:
+               if (r->in.logon->network == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               switch (r->in.validation_level) {
+               case NetlogonValidationSamInfo:  /* 2 */
+               case NetlogonValidationSamInfo2: /* 3 */
+               case NetlogonValidationSamInfo4: /* 6 */
+                       break;
+               default:
+                       return NT_STATUS_INVALID_INFO_CLASS;
+               }
+
+               break;
+
+       case NetlogonGenericInformation:
+               if (r->in.logon->generic == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               switch (r->in.validation_level) {
+               /* TODO: case NetlogonValidationGenericInfo: 4 */
+               case NetlogonValidationGenericInfo2: /* 5 */
+                       break;
+               default:
+                       return NT_STATUS_INVALID_INFO_CLASS;
+               }
+
+               break;
+       default:
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       return NT_STATUS_OK;
+}
+
 /*
   netr_LogonSamLogon_base
 
@@ -529,9 +601,9 @@ static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TAL
 static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                                        struct netr_LogonSamLogonEx *r, struct netlogon_creds_CredentialState *creds)
 {
-       struct auth_context *auth_context;
+       struct auth4_context *auth_context;
        struct auth_usersupplied_info *user_info;
-       struct auth_serversupplied_info *server_info;
+       struct auth_user_info_dc *user_info_dc;
        NTSTATUS nt_status;
        static const char zeros[16];
        struct netr_SamBaseInfo *sam;
@@ -539,6 +611,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
        struct netr_SamInfo3 *sam3;
        struct netr_SamInfo6 *sam6;
 
+       *r->out.authoritative = 1;
+
        user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info);
        NT_STATUS_HAVE_NO_MEMORY(user_info);
 
@@ -661,12 +735,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
+       nt_status = auth_check_password(auth_context, mem_ctx, user_info, &user_info_dc);
+       /* TODO: set *r->out.authoritative = 0 on specific errors */
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
        switch (r->in.validation_level) {
        case 2:
-               nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
+               nt_status = auth_convert_user_info_dc_sambaseinfo(mem_ctx, user_info_dc, &sam);
                NT_STATUS_NOT_OK_RETURN(nt_status);
 
                sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
@@ -681,8 +756,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                break;
 
        case 3:
-               nt_status = auth_convert_server_info_saminfo3(mem_ctx,
-                                                             server_info,
+               nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
+                                                             user_info_dc,
                                                              &sam3);
                NT_STATUS_NOT_OK_RETURN(nt_status);
 
@@ -692,8 +767,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                break;
 
        case 6:
-               nt_status = auth_convert_server_info_saminfo3(mem_ctx,
-                                                          server_info,
+               nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
+                                                          user_info_dc,
                                                           &sam3);
                NT_STATUS_NOT_OK_RETURN(nt_status);
 
@@ -715,7 +790,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                break;
 
        default:
-               break;
+               return NT_STATUS_INVALID_INFO_CLASS;
        }
 
        /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
@@ -744,8 +819,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
                }
        }
 
-       *r->out.authoritative = 1;
-
        /* TODO: Describe and deal with these flags */
        *r->out.flags = 0;
 
@@ -758,8 +831,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call,
        NTSTATUS nt_status;
        struct netlogon_creds_CredentialState *creds;
 
+       *r->out.authoritative = 1;
+
+       nt_status = dcesrv_netr_LogonSamLogon_check(r);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return nt_status;
+       }
+
        nt_status = schannel_get_creds_state(mem_ctx,
-                                            lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+                                            dce_call->conn->dce_ctx->lp_ctx,
                                             r->in.computer_name, &creds);
        if (!NT_STATUS_IS_OK(nt_status)) {
                return nt_status;
@@ -785,16 +865,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
 
        struct netr_Authenticator *return_authenticator;
 
-       return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
-       NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
-
-       nt_status = dcesrv_netr_creds_server_step_check(dce_call,
-                                                       mem_ctx,
-                                                       r->in.computer_name,
-                                                       r->in.credential, return_authenticator,
-                                                       &creds);
-       NT_STATUS_NOT_OK_RETURN(nt_status);
-
        ZERO_STRUCT(r2);
 
        r2.in.server_name       = r->in.server_name;
@@ -807,6 +877,23 @@ static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce
        r2.out.authoritative    = r->out.authoritative;
        r2.out.flags            = r->out.flags;
 
+       *r->out.authoritative = 1;
+
+       nt_status = dcesrv_netr_LogonSamLogon_check(&r2);
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               return nt_status;
+       }
+
+       return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
+       NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
+
+       nt_status = dcesrv_netr_creds_server_step_check(dce_call,
+                                                       mem_ctx,
+                                                       r->in.computer_name,
+                                                       r->in.credential, return_authenticator,
+                                                       &creds);
+       NT_STATUS_NOT_OK_RETURN(nt_status);
+
        nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
 
        r->out.return_authenticator     = return_authenticator;
@@ -940,6 +1027,25 @@ static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_C
        int ret;
        const char *dcname;
 
+       /*
+        * [MS-NRPC] 3.5.5.3.4 NetrGetDCName says
+        * that the domainname needs to be a valid netbios domain
+        * name, if it is not NULL.
+        */
+       if (r->in.domainname) {
+               const char *dot = strchr(r->in.domainname, '.');
+               size_t len = strlen(r->in.domainname);
+
+               if (dot || len > 15) {
+                       return WERR_DCNOTFOUND;
+               }
+
+               /*
+                * TODO: Should we also varify that only valid
+                *       netbios name characters are used?
+                */
+       }
+
        sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
                                dce_call->conn->dce_ctx->lp_ctx,
                                dce_call->conn->auth_state.session_info, 0);
@@ -950,7 +1056,7 @@ static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_C
        domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx,
                                       r->in.domainname);
        if (domain_dn == NULL) {
-               return WERR_DS_UNAVAILABLE;
+               return WERR_NO_SUCH_DOMAIN;
        }
 
        ret = gendb_search_dn(sam_ctx, mem_ctx,
@@ -1128,6 +1234,7 @@ static NTSTATUS dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state
 static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
                       struct netr_LogonGetCapabilities *r)
 {
+
        /* we don't support AES yet */
        return NT_STATUS_NOT_IMPLEMENTED;
 }
@@ -1189,6 +1296,11 @@ static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TAL
                return WERR_DS_UNAVAILABLE;
        }
 
+       /*
+        * We assume to be a DC when we get called over NETLOGON. Hence we
+        * get our site name always by using "samdb_server_site_name()"
+        * and not "samdb_client_site_name()".
+        */
        *r->out.site = samdb_server_site_name(sam_ctx, mem_ctx);
        W_ERROR_HAVE_NO_MEMORY(*r->out.site);
 
@@ -1240,8 +1352,8 @@ static NTSTATUS fill_one_domain_info(TALLOC_CTX *mem_ctx,
                info->domain_guid = samdb_result_guid(res, "objectGUID");
                info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
        } else {
-               info->domainname.string = samdb_result_string(res, "flatName", NULL);
-               info->dns_domainname.string = samdb_result_string(res, "trustPartner", NULL);
+               info->domainname.string = ldb_msg_find_attr_as_string(res, "flatName", NULL);
+               info->dns_domainname.string = ldb_msg_find_attr_as_string(res, "trustPartner", NULL);
                info->domain_guid = samdb_result_guid(res, "objectGUID");
                info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
        }
@@ -1265,16 +1377,14 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
        struct netlogon_creds_CredentialState *creds;
        const char * const attrs[] = { "objectSid", "objectGUID", "flatName",
                "securityIdentifier", "trustPartner", NULL };
-       const char * const attrs2[] = { "dNSHostName",
+       const char * const attrs2[] = { "sAMAccountName", "dNSHostName",
                "msDS-SupportedEncryptionTypes", NULL };
-       const char *temp_str, *temp_str2;
-       const char *old_dns_hostname;
+       const char *sam_account_name, *old_dns_hostname, *prefix1, *prefix2;
        struct ldb_context *sam_ctx;
        struct ldb_message **res1, **res2, **res3, *new_msg;
        struct ldb_dn *workstation_dn;
        struct netr_DomainInformation *domain_info;
        struct netr_LsaPolicyInformation *lsa_policy_info;
-       struct netr_OsVersionInfoEx *os_version;
        uint32_t default_supported_enc_types = 0xFFFFFFFF;
        bool update_dns_hostname = true;
        int ret, ret3, i;
@@ -1305,38 +1415,52 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
                        return NT_STATUS_INVALID_PARAMETER;
                }
 
-               /*
-                * Checks that the computer name parameter without possible "$"
-                * matches as prefix with the DNS hostname in the workstation
-                * info structure.
-                */
-               temp_str = talloc_strndup(mem_ctx,
-                                         r->in.computer_name,
-                                         strcspn(r->in.computer_name, "$"));
-               NT_STATUS_HAVE_NO_MEMORY(temp_str);
-               temp_str2 = talloc_strndup(mem_ctx,
-                                          r->in.query->workstation_info->dns_hostname,
-                                          strcspn(r->in.query->workstation_info->dns_hostname, "."));
-               NT_STATUS_HAVE_NO_MEMORY(temp_str2);
-               if (strcasecmp(temp_str, temp_str2) != 0) {
-                       update_dns_hostname = false;
-               }
-
-               /* Prepare the workstation DN */
+               /* Prepares the workstation DN */
                workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
-                       dom_sid_string(mem_ctx, creds->sid));
+                                               dom_sid_string(mem_ctx, creds->sid));
                NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
 
                /* Lookup for attributes in workstation object */
-               ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
-                       &res1, attrs2);
+               ret = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn, &res1,
+                                     attrs2);
                if (ret != 1) {
                        return NT_STATUS_INTERNAL_DB_CORRUPTION;
                }
 
+               /* Gets the sam account name which is checked against the DNS
+                * hostname parameter. */
+               sam_account_name = ldb_msg_find_attr_as_string(res1[0],
+                                                              "sAMAccountName",
+                                                              NULL);
+               if (sam_account_name == NULL) {
+                       return NT_STATUS_INTERNAL_DB_CORRUPTION;
+               }
+
+               /*
+                * Checks that the sam account name without a possible "$"
+                * matches as prefix with the DNS hostname in the workstation
+                * info structure.
+                */
+               prefix1 = talloc_strndup(mem_ctx, sam_account_name,
+                                        strcspn(sam_account_name, "$"));
+               NT_STATUS_HAVE_NO_MEMORY(prefix1);
+               if (r->in.query->workstation_info->dns_hostname != NULL) {
+                       prefix2 = talloc_strndup(mem_ctx,
+                                                r->in.query->workstation_info->dns_hostname,
+                                                strcspn(r->in.query->workstation_info->dns_hostname, "."));
+                       NT_STATUS_HAVE_NO_MEMORY(prefix2);
+
+                       if (strcasecmp(prefix1, prefix2) != 0) {
+                               update_dns_hostname = false;
+                       }
+               } else {
+                       update_dns_hostname = false;
+               }
+
                /* Gets the old DNS hostname */
-               old_dns_hostname = samdb_result_string(res1[0], "dNSHostName",
-                       NULL);
+               old_dns_hostname = ldb_msg_find_attr_as_string(res1[0],
+                                                              "dNSHostName",
+                                                              NULL);
 
                /*
                 * Updates the DNS hostname when the client wishes that the
@@ -1352,7 +1476,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
                        update_dns_hostname = false;
                }
 
-               /* Gets host informations and put them into our directory */
+               /* Gets host information and put them into our directory */
 
                new_msg = ldb_msg_new(mem_ctx);
                NT_STATUS_HAVE_NO_MEMORY(new_msg);
@@ -1360,35 +1484,62 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
                new_msg->dn = workstation_dn;
 
                /* Sets the OS name */
-               samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
-                       "operatingSystem",
-                       r->in.query->workstation_info->os_name.string);
+
+               if (r->in.query->workstation_info->os_name.string == NULL) {
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
+
+               ret = ldb_msg_add_string(new_msg, "operatingSystem",
+                                        r->in.query->workstation_info->os_name.string);
+               if (ret != LDB_SUCCESS) {
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                /*
-                * Sets informations from "os_version". On an empty structure
+                * Sets information from "os_version". On an empty structure
                 * the values are cleared.
                 */
                if (r->in.query->workstation_info->os_version.os != NULL) {
+                       struct netr_OsVersionInfoEx *os_version;
+                       const char *os_version_str;
+
                        os_version = &r->in.query->workstation_info->os_version.os->os;
 
-                       samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
-                                            "operatingSystemServicePack",
-                                            os_version->CSDVersion);
-
-                       samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
-                               "operatingSystemVersion",
-                               talloc_asprintf(mem_ctx, "%d.%d (%d)",
-                                       os_version->MajorVersion,
-                                       os_version->MinorVersion,
-                                       os_version->BuildNumber
-                               )
-                       );
+                       if (os_version->CSDVersion == NULL) {
+                               return NT_STATUS_INVALID_PARAMETER;
+                       }
+
+                       os_version_str = talloc_asprintf(new_msg, "%u.%u (%u)",
+                                                        os_version->MajorVersion,
+                                                        os_version->MinorVersion,
+                                                        os_version->BuildNumber);
+                       NT_STATUS_HAVE_NO_MEMORY(os_version_str);
+
+                       ret = ldb_msg_add_string(new_msg,
+                                                "operatingSystemServicePack",
+                                                os_version->CSDVersion);
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
+
+                       ret = ldb_msg_add_string(new_msg,
+                                                "operatingSystemVersion",
+                                                os_version_str);
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                } else {
-                       samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
-                                            "operatingSystemServicePack");
+                       ret = samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+                                                  "operatingSystemServicePack");
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
 
-                       samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
-                                            "operatingSystemVersion");
+                       ret = samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
+                                                  "operatingSystemVersion");
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                }
 
                /*
@@ -1396,20 +1547,32 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
                 * are fine to start the update.
                 */
                if (update_dns_hostname) {
-                       samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
-                               "dNSHostname",
-                       r->in.query->workstation_info->dns_hostname);
-
-                       samdb_msg_add_string(sam_ctx, mem_ctx, new_msg,
-                               "servicePrincipalName",
-                               talloc_asprintf(mem_ctx, "HOST/%s",
-                               r->in.computer_name)
-                       );
-                       samdb_msg_add_string(sam_ctx, mem_ctx, new_msg,
-                               "servicePrincipalName",
-                               talloc_asprintf(mem_ctx, "HOST/%s",
-                               r->in.query->workstation_info->dns_hostname)
-                       );
+                       ret = ldb_msg_add_string(new_msg,
+                                                "dNSHostname",
+                                                r->in.query->workstation_info->dns_hostname);
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
+
+                       /* This manual "servicePrincipalName" generation is
+                        * still needed! Since the update in the samldb LDB
+                        * module does only work if the entries already exist
+                        * which isn't always the case. */
+                       ret = ldb_msg_add_string(new_msg,
+                                                "servicePrincipalName",
+                                                talloc_asprintf(new_msg, "HOST/%s",
+                                                r->in.computer_name));
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
+
+                       ret = ldb_msg_add_string(new_msg,
+                                                "servicePrincipalName",
+                                                talloc_asprintf(new_msg, "HOST/%s",
+                                                r->in.query->workstation_info->dns_hostname));
+                       if (ret != LDB_SUCCESS) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                }
 
                if (dsdb_replace(sam_ctx, new_msg, 0) != LDB_SUCCESS) {
@@ -1472,11 +1635,11 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
                NT_STATUS_NOT_OK_RETURN(status);
 
                /* Sets the supported encryption types */
-               domain_info->supported_enc_types = samdb_result_uint(res1[0],
+               domain_info->supported_enc_types = ldb_msg_find_attr_as_uint(res1[0],
                        "msDS-SupportedEncryptionTypes",
                        default_supported_enc_types);
 
-               /* Other host domain informations */
+               /* Other host domain information */
 
                lsa_policy_info = talloc(mem_ctx,
                        struct netr_LsaPolicyInformation);
@@ -1516,7 +1679,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 }
 
 
-
 /*
   netr_ServerPasswordGet
 */
@@ -1553,6 +1715,10 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
        char *guid_str;
        struct netlogon_samlogon_response response;
        NTSTATUS status;
+       const char *dc_name = NULL;
+       const char *domain_name = NULL;
+       struct interface *ifaces;
+       const char *pdc_ip;
 
        ZERO_STRUCTP(r->out.info);
 
@@ -1570,6 +1736,43 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
 
        /* "server_unc" is ignored by w2k3 */
 
+       if (r->in.flags & ~(DSGETDC_VALID_FLAGS)) {
+               return WERR_INVALID_FLAGS;
+       }
+
+       if (r->in.flags & DS_GC_SERVER_REQUIRED &&
+           r->in.flags & DS_PDC_REQUIRED &&
+           r->in.flags & DS_KDC_REQUIRED) {
+               return WERR_INVALID_FLAGS;
+       }
+       if (r->in.flags & DS_IS_FLAT_NAME &&
+           r->in.flags & DS_IS_DNS_NAME) {
+               return WERR_INVALID_FLAGS;
+       }
+       if (r->in.flags & DS_RETURN_DNS_NAME &&
+           r->in.flags & DS_RETURN_FLAT_NAME) {
+               return WERR_INVALID_FLAGS;
+       }
+       if (r->in.flags & DS_DIRECTORY_SERVICE_REQUIRED &&
+           r->in.flags & DS_DIRECTORY_SERVICE_6_REQUIRED) {
+               return WERR_INVALID_FLAGS;
+       }
+
+       if (r->in.flags & DS_GOOD_TIMESERV_PREFERRED &&
+           r->in.flags &
+           (DS_DIRECTORY_SERVICE_REQUIRED |
+            DS_DIRECTORY_SERVICE_PREFERRED |
+            DS_GC_SERVER_REQUIRED |
+            DS_PDC_REQUIRED |
+            DS_KDC_REQUIRED)) {
+               return WERR_INVALID_FLAGS;
+       }
+
+       if (r->in.flags & DS_TRY_NEXTCLOSEST_SITE &&
+           r->in.site_name) {
+               return WERR_INVALID_FLAGS;
+       }
+
        /* Proof server site parameter "site_name" if it was specified */
        server_site_name = samdb_server_site_name(sam_ctx, mem_ctx);
        W_ERROR_HAVE_NO_MEMORY(server_site_name);
@@ -1578,8 +1781,6 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
                return WERR_NO_SUCH_DOMAIN;
        }
 
-       /* TODO: the flags are ignored for now */
-
        guid_str = r->in.domain_guid != NULL ?
                 GUID_string(mem_ctx, r->in.domain_guid) : NULL;
 
@@ -1595,17 +1796,59 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call,
                return ntstatus_to_werror(status);
        }
 
+       /*
+        * According to MS-NRPC 2.2.1.2.1 we should set the "DS_DNS_FOREST_ROOT"
+        * (O) flag when the returned forest name is in DNS format. This is here
+        * always the case (see below).
+        */
+       response.data.nt5_ex.server_type |= DS_DNS_FOREST_ROOT;
+
+       if (r->in.flags & DS_RETURN_DNS_NAME) {
+               dc_name = response.data.nt5_ex.pdc_dns_name;
+               domain_name = response.data.nt5_ex.dns_domain;
+               /*
+                * According to MS-NRPC 2.2.1.2.1 we should set the
+                * "DS_DNS_CONTROLLER" (M) and "DS_DNS_DOMAIN" (N) flags when
+                * the returned information is in DNS form.
+                */
+               response.data.nt5_ex.server_type |=
+                       DS_DNS_CONTROLLER | DS_DNS_DOMAIN;
+       } else if (r->in.flags & DS_RETURN_FLAT_NAME) {
+               dc_name = response.data.nt5_ex.pdc_name;
+               domain_name = response.data.nt5_ex.domain_name;
+       } else {
+
+               /*
+                * TODO: autodetect what we need to return
+                * based on the given arguments
+                */
+               dc_name = response.data.nt5_ex.pdc_name;
+               domain_name = response.data.nt5_ex.domain_name;
+       }
+
+       if (!dc_name || !dc_name[0]) {
+               return WERR_NO_SUCH_DOMAIN;
+       }
+
+       if (!domain_name || !domain_name[0]) {
+               return WERR_NO_SUCH_DOMAIN;
+       }
+
        info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
        W_ERROR_HAVE_NO_MEMORY(info);
-       info->dc_unc           = talloc_asprintf(mem_ctx, "\\\\%s",
-                                                response.data.nt5_ex.pdc_dns_name);
+       info->dc_unc           = talloc_asprintf(mem_ctx, "\\\\%s", dc_name);
        W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
-       info->dc_address = talloc_asprintf(mem_ctx, "\\\\%s",
-                                          response.data.nt5_ex.sockaddr.pdc_ip);
+
+       load_interface_list(mem_ctx, lp_ctx, &ifaces);
+       pdc_ip = iface_list_best_ip(ifaces, addr);
+       if (pdc_ip == NULL) {
+               pdc_ip = "127.0.0.1";
+       }
+       info->dc_address = talloc_asprintf(mem_ctx, "\\\\%s", pdc_ip);
        W_ERROR_HAVE_NO_MEMORY(info->dc_address);
-       info->dc_address_type  = DS_ADDRESS_TYPE_INET; /* TODO: make this dynamic? for ipv6 */
+       info->dc_address_type  = DS_ADDRESS_TYPE_INET;
        info->domain_guid      = response.data.nt5_ex.domain_uuid;
-       info->domain_name      = response.data.nt5_ex.dns_domain;
+       info->domain_name      = domain_name;
        info->forest_name      = response.data.nt5_ex.forest;
        info->dc_flags         = response.data.nt5_ex.server_type;
        info->dc_site_name     = response.data.nt5_ex.server_site;
@@ -1658,7 +1901,7 @@ static WERROR dcesrv_netr_DsRGetDCName(struct dcesrv_call_state *dce_call, TALLO
        r2.in.domain_name = r->in.domain_name;
        r2.in.domain_guid = r->in.domain_guid;
 
-       r2.in.site_name = NULL; /* should fill in from site GUID */
+       r2.in.site_name = NULL; /* this is correct, we should ignore site GUID */
        r2.in.flags = r->in.flags;
        r2.out.info = r->out.info;
 
@@ -1845,21 +2088,6 @@ static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_ca
 }
 
 
-#define GET_CHECK_STR(dest, mem, msg, attr) \
-do {\
-       const char *s; \
-       s = samdb_result_string(msg, attr, NULL); \
-       if (!s) { \
-               DEBUG(0, ("DB Error, TustedDomain entry (%s) " \
-                         "without flatname\n", \
-                         ldb_dn_get_linearized(msg->dn))); \
-               continue; \
-       } \
-       dest = talloc_strdup(mem, s); \
-       W_ERROR_HAVE_NO_MEMORY(dest); \
-} while(0)
-
-
 static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
                                         struct ldb_context *sam_ctx,
                                         struct netr_DomainTrustList *trusts,
@@ -1894,8 +2122,8 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
                unsigned int trust_dir;
                uint32_t flags = 0;
 
-               trust_dir = samdb_result_uint(dom_res[i],
-                                             "trustDirection", 0);
+               trust_dir = ldb_msg_find_attr_as_uint(dom_res[i],
+                                                     "trustDirection", 0);
 
                if (trust_dir & LSA_TRUST_DIRECTION_INBOUND) {
                        flags |= NETR_TRUST_FLAG_INBOUND;
@@ -1915,10 +2143,14 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
                                               n + 1);
                W_ERROR_HAVE_NO_MEMORY(trusts->array);
 
-               GET_CHECK_STR(trusts->array[n].netbios_name, trusts,
-                             dom_res[i], "flatname");
-               GET_CHECK_STR(trusts->array[n].dns_name, trusts,
-                             dom_res[i], "trustPartner");
+               trusts->array[n].netbios_name = talloc_steal(trusts->array, ldb_msg_find_attr_as_string(dom_res[i], "flatname", NULL));
+               if (!trusts->array[n].netbios_name) {
+                       DEBUG(0, ("DB Error, TrustedDomain entry (%s) "
+                                 "without flatname\n", 
+                                 ldb_dn_get_linearized(dom_res[i]->dn)));
+               }
+
+               trusts->array[n].dns_name = talloc_steal(trusts->array, ldb_msg_find_attr_as_string(dom_res[i], "trustPartner", NULL));
 
                trusts->array[n].trust_flags = flags;
                if ((trust_flags & NETR_TRUST_FLAG_IN_FOREST) &&
@@ -1928,10 +2160,10 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
                }
 
                trusts->array[n].trust_type =
-                               samdb_result_uint(dom_res[i],
+                               ldb_msg_find_attr_as_uint(dom_res[i],
                                                  "trustType", 0);
                trusts->array[n].trust_attributes =
-                               samdb_result_uint(dom_res[i],
+                               ldb_msg_find_attr_as_uint(dom_res[i],
                                                  "trustAttributes", 0);
 
                if ((trusts->array[n].trust_type == NETR_TRUST_TYPE_MIT) ||
@@ -2225,7 +2457,7 @@ static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *
        sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx,
                                dce_call->conn->auth_state.session_info, 0);
        if (sam_ctx == NULL) {
-               return NT_STATUS_UNSUCCESSFUL;
+               return NT_STATUS_INTERNAL_ERROR;
        }
 
        /* TODO: check r->in.server_name is our name */