2 Samba Unix/Linux SMB client library
3 net ads cldap functions
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "../utils/net.h"
27 #define MAX_DNS_LABEL 255 + 1
29 struct cldap_netlogon_reply {
34 char forest[MAX_DNS_LABEL];
35 char unk0[MAX_DNS_LABEL];
36 char domain[MAX_DNS_LABEL];
37 char hostname[MAX_DNS_LABEL];
39 char netbios_domain[MAX_DNS_LABEL];
40 char unk1[MAX_DNS_LABEL];
41 char netbios_hostname[MAX_DNS_LABEL];
43 char unk2[MAX_DNS_LABEL];
44 char user_name[MAX_DNS_LABEL];
45 char unk3[MAX_DNS_LABEL];
46 char site_name[MAX_DNS_LABEL];
47 char unk4[MAX_DNS_LABEL];
48 char site_name_2[MAX_DNS_LABEL];
56 These seem to be strings as described in RFC1035 4.1.4 and can be:
58 - a sequence of labels ending in a zero octet
60 - a sequence of labels ending with a pointer
62 A label is a byte where the first two bits must be zero and the remaining
63 bits represent the length of the label followed by the label itself.
64 Therefore, the length of a label is at max 64 bytes. Under RFC1035, a
65 sequence of labels cannot exceed 255 bytes.
67 A pointer consists of a 14 bit offset from the beginning of the data.
70 unsigned ident:2; // must be 11
71 unsigned offset:14; // from the beginning of data
74 This is used as a method to compress the packet by eliminated duplicate
75 domain components. Since a UDP packet should probably be < 512 bytes and a
76 DNS name can be up to 255 bytes, this actually makes a lot of sense.
78 static unsigned pull_netlogon_string(char *ret, const char *ptr,
85 memset(pret, 0, MAX_DNS_LABEL);
87 if ((*ptr & 0xc0) == 0xc0) {
94 len = ((ptr[0] & 0x3f) << 8) | ptr[1];
97 uint8 len = (uint8)*(ptr++);
99 if ((pret - ret + len + 1) >= MAX_DNS_LABEL) {
100 d_printf("DC returning too long DNS name\n");
108 memcpy(pret, ptr, len);
113 ret_len += (len + 1);
118 return ret_len ? ret_len : 1;
122 do a cldap netlogon query
124 static int send_cldap_netlogon(int sock, const char *domain,
125 const char *hostname, unsigned ntversion)
129 #ifdef CLDAP_USER_QUERY
132 SIVAL(aac, 0, 0x00000180);
134 SIVAL(ntver, 0, ntversion);
136 memset(&data, 0, sizeof(data));
138 asn1_push_tag(&data,ASN1_SEQUENCE(0));
139 asn1_write_Integer(&data, 4);
140 asn1_push_tag(&data, ASN1_APPLICATION(3));
141 asn1_write_OctetString(&data, NULL, 0);
142 asn1_write_enumerated(&data, 0);
143 asn1_write_enumerated(&data, 0);
144 asn1_write_Integer(&data, 0);
145 asn1_write_Integer(&data, 0);
146 asn1_write_BOOLEAN2(&data, False);
147 asn1_push_tag(&data, ASN1_CONTEXT(0));
149 asn1_push_tag(&data, ASN1_CONTEXT(3));
150 asn1_write_OctetString(&data, "DnsDomain", 9);
151 asn1_write_OctetString(&data, domain, strlen(domain));
154 asn1_push_tag(&data, ASN1_CONTEXT(3));
155 asn1_write_OctetString(&data, "Host", 4);
156 asn1_write_OctetString(&data, hostname, strlen(hostname));
159 #ifdef CLDAP_USER_QUERY
160 asn1_push_tag(&data, ASN1_CONTEXT(3));
161 asn1_write_OctetString(&data, "User", 4);
162 asn1_write_OctetString(&data, "SAMBA$", 6);
165 asn1_push_tag(&data, ASN1_CONTEXT(3));
166 asn1_write_OctetString(&data, "AAC", 4);
167 asn1_write_OctetString(&data, aac, 4);
171 asn1_push_tag(&data, ASN1_CONTEXT(3));
172 asn1_write_OctetString(&data, "NtVer", 5);
173 asn1_write_OctetString(&data, ntver, 4);
178 asn1_push_tag(&data,ASN1_SEQUENCE(0));
179 asn1_write_OctetString(&data, "NetLogon", 8);
184 if (data.has_error) {
185 d_printf("Failed to build cldap netlogon at offset %d\n", (int)data.ofs);
190 if (write(sock, data.data, data.length) != (ssize_t)data.length) {
191 d_printf("failed to send cldap query (%s)\n", strerror(errno));
201 receive a cldap netlogon reply
203 static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
208 DATA_BLOB os1, os2, os3;
212 blob = data_blob(NULL, 8192);
214 ret = read(sock, blob.data, blob.length);
217 d_printf("no reply received to cldap netlogon\n");
222 asn1_load(&data, blob);
223 asn1_start_tag(&data, ASN1_SEQUENCE(0));
224 asn1_read_Integer(&data, &i1);
225 asn1_start_tag(&data, ASN1_APPLICATION(4));
226 asn1_read_OctetString(&data, &os1);
227 asn1_start_tag(&data, ASN1_SEQUENCE(0));
228 asn1_start_tag(&data, ASN1_SEQUENCE(0));
229 asn1_read_OctetString(&data, &os2);
230 asn1_start_tag(&data, ASN1_SET);
231 asn1_read_OctetString(&data, &os3);
238 if (data.has_error) {
239 d_printf("Failed to parse cldap reply\n");
245 reply->type = IVAL(p, 0); p += 4;
246 reply->flags = IVAL(p, 0); p += 4;
248 memcpy(&reply->guid.info, p, GUID_SIZE);
251 p += pull_netlogon_string(reply->forest, p, os3.data);
252 p += pull_netlogon_string(reply->unk0, p, os3.data);
253 p += pull_netlogon_string(reply->domain, p, os3.data);
254 p += pull_netlogon_string(reply->hostname, p, os3.data);
255 p += pull_netlogon_string(reply->netbios_domain, p, os3.data);
256 p += pull_netlogon_string(reply->unk1, p, os3.data);
257 p += pull_netlogon_string(reply->netbios_hostname, p, os3.data);
258 p += pull_netlogon_string(reply->unk2, p, os3.data);
260 if (reply->type == SAMLOGON_AD_R) {
261 p += pull_netlogon_string(reply->user_name, p, os3.data);
263 *reply->user_name = 0;
266 p += pull_netlogon_string(reply->unk3, p, os3.data);
267 p += pull_netlogon_string(reply->site_name, p, os3.data);
268 p += pull_netlogon_string(reply->unk4, p, os3.data);
269 p += pull_netlogon_string(reply->site_name_2, p, os3.data);
271 reply->version = IVAL(p, 0);
272 reply->lmnt_token = SVAL(p, 4);
273 reply->lm20_token = SVAL(p, 6);
275 data_blob_free(&os1);
276 data_blob_free(&os2);
277 data_blob_free(&os3);
278 data_blob_free(&blob);
284 do a cldap netlogon query
286 int ads_cldap_netlogon(ADS_STRUCT *ads)
290 struct cldap_netlogon_reply reply;
292 sock = open_udp_socket(inet_ntoa(ads->ldap_ip), ads->ldap_port);
294 d_printf("Failed to open udp socket to %s:%u\n",
295 inet_ntoa(ads->ldap_ip),
301 ret = send_cldap_netlogon(sock, ads->config.realm, global_myname(), 6);
305 ret = recv_cldap_netlogon(sock, &reply);
312 d_printf("Information for Domain Controller: %s\n\n",
313 ads->config.ldap_server_name);
315 d_printf("Response Type: ");
316 switch (reply.type) {
317 case SAMLOGON_AD_UNK_R:
318 d_printf("SAMLOGON\n");
321 d_printf("SAMLOGON_USER\n");
324 d_printf("0x%x\n", reply.type);
328 print_guid(&reply.guid);
331 "\tIs a GC of the forest: %s\n"
332 "\tIs an LDAP server: %s\n"
333 "\tSupports DS: %s\n"
334 "\tIs running a KDC: %s\n"
335 "\tIs running time services: %s\n"
336 "\tIs the closest DC: %s\n"
337 "\tIs writable: %s\n"
338 "\tHas a hardware clock: %s\n"
339 "\tIs a non-domain NC serviced by LDAP server: %s\n",
340 (reply.flags & ADS_PDC) ? "yes" : "no",
341 (reply.flags & ADS_GC) ? "yes" : "no",
342 (reply.flags & ADS_LDAP) ? "yes" : "no",
343 (reply.flags & ADS_DS) ? "yes" : "no",
344 (reply.flags & ADS_KDC) ? "yes" : "no",
345 (reply.flags & ADS_TIMESERV) ? "yes" : "no",
346 (reply.flags & ADS_CLOSEST) ? "yes" : "no",
347 (reply.flags & ADS_WRITABLE) ? "yes" : "no",
348 (reply.flags & ADS_GOOD_TIMESERV) ? "yes" : "no",
349 (reply.flags & ADS_NDNC) ? "yes" : "no");
351 printf("Forest:\t\t\t%s\n", reply.forest);
352 if (*reply.unk0) printf("Unk0:\t\t\t%s\n", reply.unk0);
353 printf("Domain:\t\t\t%s\n", reply.domain);
354 printf("Domain Controller:\t%s\n", reply.hostname);
356 printf("Pre-Win2k Domain:\t%s\n", reply.netbios_domain);
357 if (*reply.unk1) printf("Unk1:\t\t\t%s\n", reply.unk1);
358 printf("Pre-Win2k Hostname:\t%s\n", reply.netbios_hostname);
360 if (*reply.unk2) printf("Unk2:\t\t\t%s\n", reply.unk2);
361 if (*reply.user_name) printf("User name:\t%s\n", reply.user_name);
363 if (*reply.unk3) printf("Unk3:\t\t\t%s\n", reply.unk3);
364 printf("Site Name:\t\t%s\n", reply.site_name);
365 if (*reply.unk4) printf("Unk4:\t\t\t%s\n", reply.unk4);
366 printf("Site Name (2):\t\t%s\n", reply.site_name_2);
368 d_printf("NT Version: %d\n", reply.version);
369 d_printf("LMNT Token: %.2x\n", reply.lmnt_token);
370 d_printf("LM20 Token: %.2x\n", reply.lm20_token);