2 Unix SMB/CIFS implementation.
4 endpoint server for the netlogon pipe
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "rpc_server/dcerpc_server.h"
25 #include "rpc_server/common/common.h"
26 #include "lib/ldb/include/ldb.h"
27 #include "auth/auth.h"
28 #include "auth/auth_sam_reply.h"
29 #include "dsdb/samdb/samdb.h"
30 #include "dsdb/common/flags.h"
31 #include "rpc_server/samr/proto.h"
32 #include "../lib/util/util_ldb.h"
33 #include "libcli/auth/libcli_auth.h"
34 #include "auth/gensec/schannel_state.h"
35 #include "libcli/security/security.h"
36 #include "param/param.h"
37 #include "lib/messaging/irpc.h"
38 #include "librpc/gen_ndr/ndr_irpc.h"
39 #include "librpc/gen_ndr/ndr_netlogon.h"
41 struct server_pipe_state {
42 struct netr_Credential client_challenge;
43 struct netr_Credential server_challenge;
47 static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
48 struct netr_ServerReqChallenge *r)
50 struct server_pipe_state *pipe_state = dce_call->context->private;
52 ZERO_STRUCTP(r->out.credentials);
54 /* destroyed on pipe shutdown */
57 talloc_free(pipe_state);
58 dce_call->context->private = NULL;
61 pipe_state = talloc(dce_call->context, struct server_pipe_state);
62 NT_STATUS_HAVE_NO_MEMORY(pipe_state);
64 pipe_state->client_challenge = *r->in.credentials;
66 generate_random_buffer(pipe_state->server_challenge.data,
67 sizeof(pipe_state->server_challenge.data));
69 *r->out.credentials = pipe_state->server_challenge;
71 dce_call->context->private = pipe_state;
76 static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
77 struct netr_ServerAuthenticate3 *r)
79 struct server_pipe_state *pipe_state = dce_call->context->private;
80 struct creds_CredentialState *creds;
82 struct samr_Password *mach_pwd;
83 uint32_t user_account_control;
85 struct ldb_message **msgs;
87 const char *attrs[] = {"unicodePwd", "userAccountControl",
90 const char *trust_dom_attrs[] = {"flatname", NULL};
91 const char *account_name;
93 ZERO_STRUCTP(r->out.credentials);
95 *r->out.negotiate_flags = *r->in.negotiate_flags;
98 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
99 return NT_STATUS_ACCESS_DENIED;
102 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
103 system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
104 if (sam_ctx == NULL) {
105 return NT_STATUS_INVALID_SYSTEM_SERVICE;
108 if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
109 char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
111 if (!encoded_account) {
112 return NT_STATUS_NO_MEMORY;
115 /* Kill the trailing dot */
116 if (encoded_account[strlen(encoded_account)-1] == '.') {
117 encoded_account[strlen(encoded_account)-1] = '\0';
120 /* pull the user attributes */
121 num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, trust_dom_attrs,
122 "(&(trustPartner=%s)(objectclass=trustedDomain))",
125 if (num_records == 0) {
126 DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
128 return NT_STATUS_ACCESS_DENIED;
131 if (num_records > 1) {
132 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
133 return NT_STATUS_INTERNAL_DB_CORRUPTION;
136 flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
138 /* No flatname for this trust - we can't proceed */
139 return NT_STATUS_ACCESS_DENIED;
141 account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
144 return NT_STATUS_NO_MEMORY;
148 account_name = r->in.account_name;
151 /* pull the user attributes */
152 num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
153 "(&(sAMAccountName=%s)(objectclass=user))",
154 ldb_binary_encode_string(mem_ctx, account_name));
156 if (num_records == 0) {
157 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
158 r->in.account_name));
159 return NT_STATUS_ACCESS_DENIED;
162 if (num_records > 1) {
163 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
164 return NT_STATUS_INTERNAL_DB_CORRUPTION;
168 user_account_control = ldb_msg_find_attr_as_uint(msgs[0], "userAccountControl", 0);
170 if (user_account_control & UF_ACCOUNTDISABLE) {
171 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
172 return NT_STATUS_ACCESS_DENIED;
175 if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
176 if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
177 DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
178 return NT_STATUS_ACCESS_DENIED;
180 } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
181 r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
182 if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
183 DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
185 return NT_STATUS_ACCESS_DENIED;
187 } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
188 if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
189 DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
190 return NT_STATUS_ACCESS_DENIED;
193 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
194 r->in.secure_channel_type));
195 return NT_STATUS_ACCESS_DENIED;
198 *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
201 mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "unicodePwd");
202 if (mach_pwd == NULL) {
203 return NT_STATUS_ACCESS_DENIED;
206 creds = talloc(mem_ctx, struct creds_CredentialState);
207 NT_STATUS_HAVE_NO_MEMORY(creds);
209 creds_server_init(creds, &pipe_state->client_challenge,
210 &pipe_state->server_challenge, mach_pwd,
212 *r->in.negotiate_flags);
214 if (!creds_server_check(creds, r->in.credentials)) {
216 return NT_STATUS_ACCESS_DENIED;
219 creds->account_name = talloc_steal(creds, r->in.account_name);
221 creds->computer_name = talloc_steal(creds, r->in.computer_name);
222 creds->domain = talloc_strdup(creds, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx));
224 creds->secure_channel_type = r->in.secure_channel_type;
226 creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
229 /* remember this session key state */
230 nt_status = schannel_store_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, creds);
235 static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
236 struct netr_ServerAuthenticate *r)
238 struct netr_ServerAuthenticate3 r3;
241 * negotiate_flags is used as an [in] parameter
242 * so it need to be initialised.
244 * (I think ... = 0; seems wrong here --metze)
246 uint32_t negotiate_flags = 0;
248 r3.in.server_name = r->in.server_name;
249 r3.in.account_name = r->in.account_name;
250 r3.in.secure_channel_type = r->in.secure_channel_type;
251 r3.in.computer_name = r->in.computer_name;
252 r3.in.credentials = r->in.credentials;
253 r3.out.credentials = r->out.credentials;
254 r3.in.negotiate_flags = &negotiate_flags;
255 r3.out.negotiate_flags = &negotiate_flags;
258 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
261 static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
262 struct netr_ServerAuthenticate2 *r)
264 struct netr_ServerAuthenticate3 r3;
267 r3.in.server_name = r->in.server_name;
268 r3.in.account_name = r->in.account_name;
269 r3.in.secure_channel_type = r->in.secure_channel_type;
270 r3.in.computer_name = r->in.computer_name;
271 r3.in.credentials = r->in.credentials;
272 r3.out.credentials = r->out.credentials;
273 r3.in.negotiate_flags = r->in.negotiate_flags;
274 r3.out.negotiate_flags = r->out.negotiate_flags;
277 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
281 Validate an incoming authenticator against the credentials for the remote machine.
283 The credentials are (re)read and from the schannel database, and
284 written back after the caclulations are performed.
286 The creds_out parameter (if not NULL) returns the credentials, if
287 the caller needs some of that information.
290 static NTSTATUS dcesrv_netr_creds_server_step_check(struct event_context *event_ctx,
291 struct loadparm_context *lp_ctx,
292 const char *computer_name,
294 struct netr_Authenticator *received_authenticator,
295 struct netr_Authenticator *return_authenticator,
296 struct creds_CredentialState **creds_out)
298 struct creds_CredentialState *creds;
300 struct ldb_context *ldb;
303 ldb = schannel_db_connect(mem_ctx, event_ctx, lp_ctx);
305 return NT_STATUS_ACCESS_DENIED;
308 ret = ldb_transaction_start(ldb);
311 return NT_STATUS_INTERNAL_DB_CORRUPTION;
314 /* Because this is a shared structure (even across
315 * disconnects) we must update the database every time we
316 * update the structure */
318 nt_status = schannel_fetch_session_key_ldb(ldb, ldb, computer_name,
319 lp_workgroup(lp_ctx),
321 if (NT_STATUS_IS_OK(nt_status)) {
322 nt_status = creds_server_step_check(creds,
323 received_authenticator,
324 return_authenticator);
326 if (NT_STATUS_IS_OK(nt_status)) {
327 nt_status = schannel_store_session_key_ldb(ldb, ldb, creds);
330 if (NT_STATUS_IS_OK(nt_status)) {
331 ldb_transaction_commit(ldb);
334 talloc_steal(mem_ctx, creds);
337 ldb_transaction_cancel(ldb);
344 Change the machine account password for the currently connected
345 client. Supplies only the NT#.
348 static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
349 struct netr_ServerPasswordSet *r)
351 struct creds_CredentialState *creds;
352 struct ldb_context *sam_ctx;
355 nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
356 r->in.computer_name, mem_ctx,
357 &r->in.credential, &r->out.return_authenticator,
359 NT_STATUS_NOT_OK_RETURN(nt_status);
361 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
362 if (sam_ctx == NULL) {
363 return NT_STATUS_INVALID_SYSTEM_SERVICE;
366 creds_des_decrypt(creds, &r->in.new_password);
368 /* Using the sid for the account as the key, set the password */
369 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
371 NULL, /* Don't have plaintext */
372 NULL, &r->in.new_password,
373 false, /* This is not considered a password change */
379 Change the machine account password for the currently connected
380 client. Supplies new plaintext.
382 static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
383 struct netr_ServerPasswordSet2 *r)
385 struct creds_CredentialState *creds;
386 struct ldb_context *sam_ctx;
391 struct samr_CryptPassword password_buf;
393 nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
394 r->in.computer_name, mem_ctx,
395 &r->in.credential, &r->out.return_authenticator,
397 NT_STATUS_NOT_OK_RETURN(nt_status);
399 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
400 if (sam_ctx == NULL) {
401 return NT_STATUS_INVALID_SYSTEM_SERVICE;
404 memcpy(password_buf.data, r->in.new_password.data, 512);
405 SIVAL(password_buf.data,512,r->in.new_password.length);
406 creds_arcfour_crypt(creds, password_buf.data, 516);
408 ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
411 DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
412 return NT_STATUS_ACCESS_DENIED;
415 /* Using the sid for the account as the key, set the password */
416 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
418 new_pass, /* we have plaintext */
420 false, /* This is not considered a password change */
429 static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
430 struct netr_LogonUasLogon *r)
432 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
439 static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
440 struct netr_LogonUasLogoff *r)
442 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
447 netr_LogonSamLogon_base
449 This version of the function allows other wrappers to say 'do not check the credentials'
451 We can't do the traditional 'wrapping' format completly, as this function must only run under schannel
453 static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
454 struct netr_LogonSamLogonEx *r, struct creds_CredentialState *creds)
456 struct auth_context *auth_context;
457 struct auth_usersupplied_info *user_info;
458 struct auth_serversupplied_info *server_info;
460 static const char zeros[16];
461 struct netr_SamBaseInfo *sam;
462 struct netr_SamInfo2 *sam2;
463 struct netr_SamInfo3 *sam3;
464 struct netr_SamInfo6 *sam6;
466 user_info = talloc(mem_ctx, struct auth_usersupplied_info);
467 NT_STATUS_HAVE_NO_MEMORY(user_info);
469 user_info->flags = 0;
470 user_info->mapped_state = false;
471 user_info->remote_host = NULL;
473 switch (r->in.logon_level) {
474 case NetlogonInteractiveInformation:
475 case NetlogonServiceInformation:
476 case NetlogonInteractiveTransitiveInformation:
477 case NetlogonServiceTransitiveInformation:
478 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
479 creds_arcfour_crypt(creds,
480 r->in.logon.password->lmpassword.hash,
481 sizeof(r->in.logon.password->lmpassword.hash));
482 creds_arcfour_crypt(creds,
483 r->in.logon.password->ntpassword.hash,
484 sizeof(r->in.logon.password->ntpassword.hash));
486 creds_des_decrypt(creds, &r->in.logon.password->lmpassword);
487 creds_des_decrypt(creds, &r->in.logon.password->ntpassword);
490 /* TODO: we need to deny anonymous access here */
491 nt_status = auth_context_create(mem_ctx,
492 dce_call->event_ctx, dce_call->msg_ctx,
493 dce_call->conn->dce_ctx->lp_ctx,
495 NT_STATUS_NOT_OK_RETURN(nt_status);
497 user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control;
498 user_info->client.account_name = r->in.logon.password->identity_info.account_name.string;
499 user_info->client.domain_name = r->in.logon.password->identity_info.domain_name.string;
500 user_info->workstation_name = r->in.logon.password->identity_info.workstation.string;
502 user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
503 user_info->password_state = AUTH_PASSWORD_HASH;
505 user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
506 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman);
507 *user_info->password.hash.lanman = r->in.logon.password->lmpassword;
509 user_info->password.hash.nt = talloc(user_info, struct samr_Password);
510 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt);
511 *user_info->password.hash.nt = r->in.logon.password->ntpassword;
514 case NetlogonNetworkInformation:
515 case NetlogonNetworkTransitiveInformation:
517 /* TODO: we need to deny anonymous access here */
518 nt_status = auth_context_create(mem_ctx,
519 dce_call->event_ctx, dce_call->msg_ctx,
520 dce_call->conn->dce_ctx->lp_ctx,
522 NT_STATUS_NOT_OK_RETURN(nt_status);
524 nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");
525 NT_STATUS_NOT_OK_RETURN(nt_status);
527 user_info->logon_parameters = r->in.logon.network->identity_info.parameter_control;
528 user_info->client.account_name = r->in.logon.network->identity_info.account_name.string;
529 user_info->client.domain_name = r->in.logon.network->identity_info.domain_name.string;
530 user_info->workstation_name = r->in.logon.network->identity_info.workstation.string;
532 user_info->password_state = AUTH_PASSWORD_RESPONSE;
533 user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon.network->lm.data, r->in.logon.network->lm.length);
534 user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon.network->nt.data, r->in.logon.network->nt.length);
539 case NetlogonGenericInformation:
541 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
542 creds_arcfour_crypt(creds,
543 r->in.logon.generic->data, r->in.logon.generic->length);
545 /* Using DES to verify kerberos tickets makes no sense */
546 return NT_STATUS_INVALID_PARAMETER;
549 if (strcmp(r->in.logon.generic->package_name.string, "Kerberos") == 0) {
551 struct server_id *kdc;
552 struct kdc_check_generic_kerberos check;
553 struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
554 NT_STATUS_HAVE_NO_MEMORY(generic);
555 r->out.authoritative = 1;
557 /* TODO: Describe and deal with these flags */
560 r->out.validation.generic = generic;
562 kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server");
563 if ((kdc == NULL) || (kdc[0].id == 0)) {
564 return NT_STATUS_NO_LOGON_SERVERS;
567 check.in.generic_request =
568 data_blob_const(r->in.logon.generic->data,
569 r->in.logon.generic->length);
571 status = irpc_call(dce_call->msg_ctx, kdc[0],
572 &ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS,
574 if (!NT_STATUS_IS_OK(status)) {
577 generic->length = check.out.generic_reply.length;
578 generic->data = check.out.generic_reply.data;
582 /* Until we get an implemetnation of these other packages */
583 return NT_STATUS_INVALID_PARAMETER;
586 return NT_STATUS_INVALID_PARAMETER;
589 nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
590 NT_STATUS_NOT_OK_RETURN(nt_status);
592 nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
593 NT_STATUS_NOT_OK_RETURN(nt_status);
595 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
596 /* It appears that level 6 is not individually encrypted */
597 if ((r->in.validation_level != 6) &&
598 memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
599 /* This key is sent unencrypted without the ARCFOUR flag set */
600 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
601 creds_arcfour_crypt(creds,
603 sizeof(sam->key.key));
607 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
608 /* It appears that level 6 is not individually encrypted */
609 if ((r->in.validation_level != 6) &&
610 memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
611 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
612 creds_arcfour_crypt(creds,
614 sizeof(sam->LMSessKey.key));
616 creds_des_encrypt_LMKey(creds,
621 switch (r->in.validation_level) {
623 sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
624 NT_STATUS_HAVE_NO_MEMORY(sam2);
626 r->out.validation.sam2 = sam2;
630 sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
631 NT_STATUS_HAVE_NO_MEMORY(sam3);
633 r->out.validation.sam3 = sam3;
637 sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
638 NT_STATUS_HAVE_NO_MEMORY(sam6);
640 sam6->forest.string = lp_realm(dce_call->conn->dce_ctx->lp_ctx);
641 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
642 sam->account_name.string, sam6->forest.string);
643 NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
644 r->out.validation.sam6 = sam6;
651 r->out.authoritative = 1;
653 /* TODO: Describe and deal with these flags */
659 static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
660 struct netr_LogonSamLogonEx *r)
663 struct creds_CredentialState *creds;
664 nt_status = schannel_fetch_session_key(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, lp_workgroup(dce_call->conn->dce_ctx->lp_ctx), &creds);
665 if (!NT_STATUS_IS_OK(nt_status)) {
669 if (!dce_call->conn->auth_state.auth_info ||
670 dce_call->conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
671 return NT_STATUS_INTERNAL_ERROR;
673 return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
677 netr_LogonSamLogonWithFlags
680 static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
681 struct netr_LogonSamLogonWithFlags *r)
684 struct creds_CredentialState *creds;
685 struct netr_LogonSamLogonEx r2;
687 struct netr_Authenticator *return_authenticator;
689 return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
690 NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
692 nt_status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
693 r->in.computer_name, mem_ctx,
694 r->in.credential, return_authenticator,
696 NT_STATUS_NOT_OK_RETURN(nt_status);
700 r2.in.server_name = r->in.server_name;
701 r2.in.computer_name = r->in.computer_name;
702 r2.in.logon_level = r->in.logon_level;
703 r2.in.logon = r->in.logon;
704 r2.in.validation_level = r->in.validation_level;
705 r2.in.flags = r->in.flags;
707 nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
709 r->out.return_authenticator = return_authenticator;
710 r->out.validation = r2.out.validation;
711 r->out.authoritative = r2.out.authoritative;
712 r->out.flags = r2.out.flags;
720 static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
721 struct netr_LogonSamLogon *r)
723 struct netr_LogonSamLogonWithFlags r2;
728 r2.in.server_name = r->in.server_name;
729 r2.in.computer_name = r->in.computer_name;
730 r2.in.credential = r->in.credential;
731 r2.in.return_authenticator = r->in.return_authenticator;
732 r2.in.logon_level = r->in.logon_level;
733 r2.in.logon = r->in.logon;
734 r2.in.validation_level = r->in.validation_level;
737 status = dcesrv_netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
739 r->out.return_authenticator = r2.out.return_authenticator;
740 r->out.validation = r2.out.validation;
741 r->out.authoritative = r2.out.authoritative;
750 static NTSTATUS dcesrv_netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
751 struct netr_LogonSamLogoff *r)
753 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
761 static NTSTATUS dcesrv_netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
762 struct netr_DatabaseDeltas *r)
764 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
771 static NTSTATUS dcesrv_netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
772 struct netr_DatabaseSync *r)
774 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
775 return NT_STATUS_NOT_IMPLEMENTED;
782 static NTSTATUS dcesrv_netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
783 struct netr_AccountDeltas *r)
785 /* w2k3 returns "NOT IMPLEMENTED" for this call */
786 return NT_STATUS_NOT_IMPLEMENTED;
793 static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
794 struct netr_AccountSync *r)
796 /* w2k3 returns "NOT IMPLEMENTED" for this call */
797 return NT_STATUS_NOT_IMPLEMENTED;
804 static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
805 struct netr_GetDcName *r)
807 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
814 static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
815 struct netr_LogonControl *r)
817 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
824 static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
825 struct netr_GetAnyDCName *r)
827 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
834 static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
835 struct netr_LogonControl2 *r)
837 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
844 static NTSTATUS dcesrv_netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
845 struct netr_DatabaseSync2 *r)
847 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
848 return NT_STATUS_NOT_IMPLEMENTED;
855 static NTSTATUS dcesrv_netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
856 struct netr_DatabaseRedo *r)
858 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
865 static WERROR dcesrv_netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
866 struct netr_LogonControl2Ex *r)
868 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
873 netr_NetrEnumerateTurstedDomains
875 static WERROR dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
876 struct netr_NetrEnumerateTrustedDomains *r)
878 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
883 netr_NETRLOGONDUMMYROUTINE1
885 static WERROR dcesrv_netr_NETRLOGONDUMMYROUTINE1(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
886 struct netr_NETRLOGONDUMMYROUTINE1 *r)
888 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
893 netr_NETRLOGONSETSERVICEBITS
895 static WERROR dcesrv_netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
896 struct netr_NETRLOGONSETSERVICEBITS *r)
898 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
903 netr_LogonGetTrustRid
905 static WERROR dcesrv_netr_LogonGetTrustRid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
906 struct netr_LogonGetTrustRid *r)
908 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
913 netr_NETRLOGONCOMPUTESERVERDIGEST
915 static WERROR dcesrv_netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
916 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
918 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
923 netr_NETRLOGONCOMPUTECLIENTDIGEST
925 static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
926 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
928 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
936 static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
937 struct netr_DsRGetSiteName *r)
939 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
944 fill in a netr_DomainTrustInfo from a ldb search result
946 static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
947 struct ldb_message *res,
948 struct ldb_message *ref_res,
949 struct netr_DomainTrustInfo *info,
950 bool is_local, bool is_trust_list)
954 info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
955 info->trust_extension.length = 16;
956 info->trust_extension.info->flags =
957 NETR_TRUST_FLAG_TREEROOT |
958 NETR_TRUST_FLAG_IN_FOREST |
959 NETR_TRUST_FLAG_PRIMARY;
960 info->trust_extension.info->parent_index = 0; /* should be index into array
962 info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
963 info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */
966 /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
967 info->forest.string = NULL;
969 /* TODO: we need a common function for pulling the forest */
970 info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL);
974 info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL);
975 info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL);
976 info->guid = samdb_result_guid(res, "objectGUID");
977 info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
979 info->domainname.string = samdb_result_string(res, "flatName", NULL);
980 info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL);
981 info->guid = samdb_result_guid(res, "objectGUID");
982 info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
989 netr_LogonGetDomainInfo
990 this is called as part of the ADS domain logon procedure.
992 It has an important role in convaying details about the client, such
993 as Operating System, Version, Service Pack etc.
995 static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
996 struct netr_LogonGetDomainInfo *r)
998 const char * const attrs[] = { "objectSid",
999 "objectGUID", "flatName", "securityIdentifier",
1000 "trustPartner", NULL };
1001 const char * const ref_attrs[] = { "nETBIOSName", "dnsRoot", NULL };
1002 struct ldb_context *sam_ctx;
1003 struct ldb_message **res1, **res2, **ref_res;
1004 struct netr_DomainInfo1 *info1;
1005 int ret, ret1, ret2, i;
1007 struct ldb_dn *partitions_basedn;
1009 const char *local_domain;
1011 status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
1012 r->in.computer_name, mem_ctx,
1014 r->out.return_authenticator,
1016 if (!NT_STATUS_IS_OK(status)) {
1017 DEBUG(0,(__location__ " Bad credentials - error\n"));
1019 NT_STATUS_NOT_OK_RETURN(status);
1021 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1022 if (sam_ctx == NULL) {
1023 return NT_STATUS_INVALID_SYSTEM_SERVICE;
1026 partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
1028 /* we need to do two searches. The first will pull our primary
1029 domain and the second will pull any trusted domains. Our
1030 primary domain is also a "trusted" domain, so we need to
1031 put the primary domain into the lists of returned trusts as
1033 ret1 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx), &res1, attrs);
1035 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1038 /* try and find the domain */
1039 ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn,
1040 &ref_res, ref_attrs,
1041 "(&(objectClass=crossRef)(ncName=%s))",
1042 ldb_dn_get_linearized(res1[0]->dn));
1044 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1047 local_domain = samdb_result_string(ref_res[0], "nETBIOSName", NULL);
1049 ret2 = gendb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)");
1051 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1054 info1 = talloc(mem_ctx, struct netr_DomainInfo1);
1055 NT_STATUS_HAVE_NO_MEMORY(info1);
1057 ZERO_STRUCTP(info1);
1059 info1->num_trusts = ret2 + 1;
1060 info1->trusts = talloc_array(mem_ctx, struct netr_DomainTrustInfo,
1062 NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
1064 status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo,
1066 NT_STATUS_NOT_OK_RETURN(status);
1068 for (i=0;i<ret2;i++) {
1069 status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i],
1071 NT_STATUS_NOT_OK_RETURN(status);
1074 status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i],
1076 NT_STATUS_NOT_OK_RETURN(status);
1078 info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL);
1079 info1->workstation_flags =
1080 NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
1081 info1->supported_enc_types = 0; /* w2008 gives this 0 */
1083 r->out.info.info1 = info1;
1085 return NT_STATUS_OK;
1091 netr_ServerPasswordGet
1093 static WERROR dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1094 struct netr_ServerPasswordGet *r)
1096 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1101 netr_NETRLOGONSENDTOSAM
1103 static WERROR dcesrv_netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1104 struct netr_NETRLOGONSENDTOSAM *r)
1106 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1111 netr_DsRAddressToSitenamesW
1113 static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1114 struct netr_DsRAddressToSitenamesW *r)
1116 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1121 netr_DsRGetDCNameEx2
1123 static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1124 struct netr_DsRGetDCNameEx2 *r)
1126 const char * const attrs[] = { "dnsDomain", "objectGUID", NULL };
1128 struct ldb_message **res;
1129 struct ldb_dn *domain_dn;
1132 ZERO_STRUCT(r->out);
1134 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1135 if (sam_ctx == NULL) {
1136 return WERR_DS_SERVICE_UNAVAILABLE;
1139 domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
1141 if (domain_dn == NULL) {
1142 return WERR_DS_SERVICE_UNAVAILABLE;
1145 ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, &res, attrs);
1147 return WERR_NO_SUCH_DOMAIN;
1150 r->out.info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
1151 W_ERROR_HAVE_NO_MEMORY(r->out.info);
1153 /* TODO: - return real IP address
1154 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
1156 r->out.info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s",
1157 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
1158 lp_realm(dce_call->conn->dce_ctx->lp_ctx));
1159 W_ERROR_HAVE_NO_MEMORY(r->out.info->dc_unc);
1160 r->out.info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
1161 W_ERROR_HAVE_NO_MEMORY(r->out.info->dc_address);
1162 r->out.info->dc_address_type = DS_ADDRESS_TYPE_INET;
1163 r->out.info->domain_guid = samdb_result_guid(res[0], "objectGUID");
1164 r->out.info->domain_name = samdb_result_string(res[0], "dnsDomain", NULL);
1165 r->out.info->forest_name = samdb_result_string(res[0], "dnsDomain", NULL);
1166 r->out.info->dc_flags = DS_DNS_FOREST |
1169 DS_SERVER_WRITABLE |
1171 DS_SERVER_TIMESERV |
1177 r->out.info->dc_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1178 W_ERROR_HAVE_NO_MEMORY(r->out.info->dc_site_name);
1179 r->out.info->client_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1180 W_ERROR_HAVE_NO_MEMORY(r->out.info->client_site_name);
1188 static WERROR dcesrv_netr_DsRGetDCNameEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1189 struct netr_DsRGetDCNameEx *r)
1191 struct netr_DsRGetDCNameEx2 r2;
1196 r2.in.server_unc = r->in.server_unc;
1197 r2.in.client_account = NULL;
1199 r2.in.domain_guid = r->in.domain_guid;
1200 r2.in.domain_name = r->in.domain_name;
1201 r2.in.site_name = r->in.site_name;
1202 r2.in.flags = r->in.flags;
1205 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1207 r->out.info = r2.out.info;
1215 static WERROR dcesrv_netr_DsRGetDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1216 struct netr_DsRGetDCName *r)
1218 struct netr_DsRGetDCNameEx2 r2;
1223 r2.in.server_unc = r->in.server_unc;
1224 r2.in.client_account = NULL;
1226 r2.in.domain_name = r->in.domain_name;
1227 r2.in.domain_guid = r->in.domain_guid;
1229 r2.in.site_name = NULL; /* should fill in from site GUID */
1230 r2.in.flags = r->in.flags;
1233 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1235 r->out.info = r2.out.info;
1241 netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
1243 static WERROR dcesrv_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1244 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1246 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1251 netr_NetrEnumerateTrustedDomainsEx
1253 static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1254 struct netr_NetrEnumerateTrustedDomainsEx *r)
1256 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1261 netr_DsRAddressToSitenamesExW
1263 static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1264 struct netr_DsRAddressToSitenamesExW *r)
1266 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1271 netr_DsrGetDcSiteCoverageW
1273 static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1274 struct netr_DsrGetDcSiteCoverageW *r)
1276 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1281 netr_DsrEnumerateDomainTrusts
1283 static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1284 struct netr_DsrEnumerateDomainTrusts *r)
1286 struct netr_DomainTrust *trusts;
1289 struct ldb_message **dom_res, **ref_res;
1290 const char * const dom_attrs[] = { "objectSid", "objectGUID", NULL };
1291 const char * const ref_attrs[] = { "nETBIOSName", "dnsRoot", NULL };
1292 struct ldb_dn *partitions_basedn;
1294 ZERO_STRUCT(r->out);
1296 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1297 if (sam_ctx == NULL) {
1298 return WERR_GENERAL_FAILURE;
1301 partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx);
1303 ret = gendb_search_dn(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs);
1305 return WERR_GENERAL_FAILURE;
1308 return WERR_GENERAL_FAILURE;
1311 ret = gendb_search(sam_ctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs,
1312 "(&(objectClass=crossRef)(ncName=%s))",
1313 ldb_dn_get_linearized(dom_res[0]->dn));
1315 return WERR_GENERAL_FAILURE;
1318 return WERR_GENERAL_FAILURE;
1321 trusts = talloc_array(mem_ctx, struct netr_DomainTrust, ret);
1322 W_ERROR_HAVE_NO_MEMORY(trusts);
1325 r->out.trusts = trusts;
1327 /* TODO: add filtering by trust_flags, and correct trust_type
1329 trusts[0].netbios_name = samdb_result_string(ref_res[0], "nETBIOSName", NULL);
1330 trusts[0].dns_name = samdb_result_string(ref_res[0], "dnsRoot", NULL);
1331 trusts[0].trust_flags =
1332 NETR_TRUST_FLAG_TREEROOT |
1333 NETR_TRUST_FLAG_IN_FOREST |
1334 NETR_TRUST_FLAG_PRIMARY;
1335 trusts[0].parent_index = 0;
1336 trusts[0].trust_type = 2;
1337 trusts[0].trust_attributes = 0;
1338 trusts[0].sid = samdb_result_dom_sid(mem_ctx, dom_res[0], "objectSid");
1339 trusts[0].guid = samdb_result_guid(dom_res[0], "objectGUID");
1346 netr_DsrDeregisterDNSHostRecords
1348 static WERROR dcesrv_netr_DsrDeregisterDNSHostRecords(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1349 struct netr_DsrDeregisterDNSHostRecords *r)
1351 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1356 netr_ServerTrustPasswordsGet
1358 static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1359 struct netr_ServerTrustPasswordsGet *r)
1361 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1366 netr_DsRGetForestTrustInformation
1368 static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1369 struct netr_DsRGetForestTrustInformation *r)
1371 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1376 netr_GetForestTrustInformation
1378 static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1379 struct netr_GetForestTrustInformation *r)
1381 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1386 netr_NETRSERVERGETTRUSTINFO
1388 static WERROR dcesrv_netr_NETRSERVERGETTRUSTINFO(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1389 struct netr_NETRSERVERGETTRUSTINFO *r)
1391 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1395 /* include the generated boilerplate */
1396 #include "librpc/gen_ndr/ndr_netlogon_s.c"