struct netr_NETLOGON_INFO_4 *info4;
const char *fn;
uint32_t acct_ctrl;
+ NTSTATUS status;
+ struct netr_DsRGetDCNameInfo *dc_info;
switch (p->opnum) {
case NDR_NETR_LOGONCONTROL:
break;
}
- if (!get_dc_name(domain, NULL, dc_name2, &dc_ss)) {
+ status = dsgetdcname(p->mem_ctx, p->msg_ctx, domain, NULL, NULL,
+ DS_FORCE_REDISCOVERY | DS_RETURN_FLAT_NAME,
+ &dc_info);
+ if (!NT_STATUS_IS_OK(status)) {
tc_status = WERR_NO_LOGON_SERVERS;
break;
}
- dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
+ dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_info->dc_unc);
if (!dc_name) {
return WERR_NOMEM;
}
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_OK;
- struct policy_handle connect_handle, domain_handle;
+ struct policy_handle connect_handle;
+ struct policy_handle domain_handle = { 0, };
struct lsa_String domain_name;
struct dom_sid2 *domain_sid;
struct lsa_String names;
srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
}
+ if (in_neg_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
+ }
+
if (lp_server_schannel() != false) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
goto out;
}
- lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(10, ("loadparm_init_s3 failed\n"));
status = NT_STATUS_INTERNAL_ERROR;
}
}
- lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(0, ("loadparm_init_s3 failed\n"));
return NT_STATUS_INTERNAL_ERROR;
struct samr_UserInfo18 info18;
DATA_BLOB in,out;
int rc;
+ DATA_BLOB session_key;
ZERO_STRUCT(user_handle);
+ status = session_extract_session_key(session_info,
+ &session_key,
+ KEY_USE_16BYTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
rc = tsocket_address_inet_from_strings(mem_ctx,
"ip",
"127.0.0.1",
in = data_blob_const(nt_hash->hash, 16);
out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, &session_info->session_key, true);
+ sess_crypt_blob(&out, &in, &session_key, true);
memcpy(info18.nt_pwd.hash, out.data, out.length);
info18.nt_pwd_active = true;
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
- netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ netlogon_creds_aes_decrypt(creds, password_buf.data, 516);
+ } else {
+ netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
+ }
if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
TALLOC_FREE(creds);
return status;
}
- auth_context->get_ntlm_challenge(auth_context, chal);
+ auth_get_ntlm_challenge(auth_context, chal);
if (!make_user_info_netlogon_interactive(&user_info,
nt_username, nt_domain,
} /* end switch */
if ( NT_STATUS_IS_OK(status) ) {
- status = auth_context->check_ntlm_password(auth_context,
+ status = auth_check_ntlm_password(auth_context,
user_info, &server_info);
}
return NT_STATUS_INVALID_PARAMETER;
}
- lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(0, ("loadparm_init_s3 failed\n"));
return NT_STATUS_INTERNAL_ERROR;
WERROR _netr_LogonUasLogon(struct pipes_struct *p,
struct netr_LogonUasLogon *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_LogonUasLogoff(struct pipes_struct *p,
struct netr_LogonUasLogoff *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_DatabaseDeltas(struct pipes_struct *p,
struct netr_DatabaseDeltas *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DatabaseSync(struct pipes_struct *p,
struct netr_DatabaseSync *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_AccountDeltas(struct pipes_struct *p,
struct netr_AccountDeltas *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_AccountSync(struct pipes_struct *p,
struct netr_AccountSync *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DatabaseSync2(struct pipes_struct *p,
struct netr_DatabaseSync2 *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DatabaseRedo(struct pipes_struct *p,
struct netr_DatabaseRedo *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
WERROR _netr_DsRGetDCName(struct pipes_struct *p,
struct netr_DsRGetDCName *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p,
struct netr_NETRLOGONSETSERVICEBITS *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_LogonGetTrustRid(struct pipes_struct *p,
struct netr_LogonGetTrustRid *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p,
struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p,
struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p,
struct netr_DsRGetDCNameEx *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRGetSiteName(struct pipes_struct *p,
struct netr_DsRGetSiteName *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p,
struct netr_LogonGetDomainInfo *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
WERROR _netr_ServerPasswordGet(struct pipes_struct *p,
struct netr_ServerPasswordGet *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p,
struct netr_NETRLOGONSENDTOSAM *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p,
struct netr_DsRAddressToSitenamesW *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p,
struct netr_DsRGetDCNameEx2 *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p,
struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p,
struct netr_NetrEnumerateTrustedDomainsEx *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p,
struct netr_DsRAddressToSitenamesExW *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p,
struct netr_DsrGetDcSiteCoverageW *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p,
struct netr_DsrEnumerateDomainTrusts *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p,
struct netr_DsrDeregisterDNSHostRecords *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p,
struct netr_ServerTrustPasswordsGet *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
struct netr_DsRGetForestTrustInformation *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return WERR_NOT_SUPPORTED;
}
/* TODO: check server name */
- lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(0, ("loadparm_init_s3 failed\n"));
return NT_STATUS_INTERNAL_ERROR;
static NTSTATUS get_password_from_trustAuth(TALLOC_CTX *mem_ctx,
const DATA_BLOB *trustAuth_blob,
- const DATA_BLOB *session_key,
+ struct netlogon_creds_CredentialState *creds,
struct samr_Password *current_pw_enc,
struct samr_Password *previous_pw_enc)
{
return NT_STATUS_UNSUCCESSFUL;
}
- arcfour_crypt_blob(current_pw_enc->hash, sizeof(current_pw_enc->hash),
- session_key);
+ netlogon_creds_arcfour_crypt(creds, current_pw_enc->hash, sizeof(current_pw_enc->hash));
if (trustAuth.previous.count != 0 &&
trustAuth.previous.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
} else {
mdfour(previous_pw_enc->hash, NULL, 0);
}
- arcfour_crypt_blob(previous_pw_enc->hash, sizeof(previous_pw_enc->hash),
- session_key);
+
+ netlogon_creds_arcfour_crypt(creds, previous_pw_enc->hash, sizeof(previous_pw_enc->hash));
return NT_STATUS_OK;
}
DATA_BLOB trustAuth_blob;
struct samr_Password *new_owf_enc;
struct samr_Password *old_owf_enc;
- DATA_BLOB session_key;
struct loadparm_context *lp_ctx;
- lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
if (lp_ctx == NULL) {
DEBUG(0, ("loadparm_init_s3 failed\n"));
return NT_STATUS_INTERNAL_ERROR;
trustAuth_blob = td->trust_auth_outgoing;
}
- session_key.data = creds->session_key;
- session_key.length = sizeof(creds->session_key);
status = get_password_from_trustAuth(p->mem_ctx, &trustAuth_blob,
- &session_key,
+ creds,
new_owf_enc, old_owf_enc);
if (!NT_STATUS_IS_OK(status)) {
NTSTATUS _netr_Unused47(struct pipes_struct *p,
struct netr_Unused47 *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p,
struct netr_DsrUpdateReadOnlyServerDnsRecords *r)
{
- p->rng_fault_state = true;
+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
return NT_STATUS_NOT_IMPLEMENTED;
}