2 Unix SMB/CIFS implementation.
4 CLDAP server - netlogon handling
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "libcli/ldap/ldap.h"
25 #include "lib/events/events.h"
26 #include "lib/socket/socket.h"
27 #include "smbd/service_task.h"
28 #include "cldap_server/cldap_server.h"
31 fill in the cldap netlogon union for a given version
33 static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap,
37 const char *src_address,
39 union nbt_cldap_netlogon *netlogon)
41 struct ldb_context *samctx;
42 const char *attrs[] = {"realm", "dnsDomain", "objectGUID", "name", NULL};
43 struct ldb_message **res;
45 const char **services = lp_server_services();
48 struct GUID domain_uuid;
50 const char *dns_domain;
51 const char *pdc_dns_name;
53 const char *site_name;
54 const char *site_name2;
57 samctx = samdb_connect(mem_ctx);
59 DEBUG(2,("Unable to open sam in cldap netlogon reply\n"));
60 return NT_STATUS_INTERNAL_DB_CORRUPTION;
63 /* the domain has an optional trailing . */
64 if (domain[strlen(domain)-1] == '.') {
65 domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
68 /* try and find the domain */
69 ret = gendb_search(samctx, samctx, NULL, &res, attrs,
70 "(&(dnsDomain=%s)(objectClass=domainDNS))", domain);
72 DEBUG(2,("Unable to find domain '%s' in sam\n", domain));
73 return NT_STATUS_NO_SUCH_DOMAIN;
77 NBT_SERVER_PDC | NBT_SERVER_GC |
78 NBT_SERVER_DS | NBT_SERVER_TIMESERV |
79 NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
80 NBT_SERVER_GOOD_TIMESERV;
82 if (lp_parm_bool(-1, "gensec", "krb5", True)) {
83 server_type |= NBT_SERVER_KDC;
85 if (str_list_check(services, "ldap")) {
86 server_type |= NBT_SERVER_LDAP;
89 pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
90 domain_uuid = samdb_result_guid(res[0], "objectGUID");
91 realm = samdb_result_string(res[0], "realm", lp_realm());
92 dns_domain = samdb_result_string(res[0], "dnsDomain", lp_realm());
93 pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s",
94 lp_netbios_name(), dns_domain);
95 flatname = samdb_result_string(res[0], "name", lp_workgroup());
96 site_name = "Default-First-Site-Name";
98 pdc_ip = iface_best_ip(src_address);
100 ZERO_STRUCTP(netlogon);
102 switch (version & 0xF) {
105 netlogon->logon1.pdc_name = pdc_name;
106 netlogon->logon1.unknown = "";
107 netlogon->logon1.domain_name = flatname;
108 netlogon->logon1.nt_version = 1;
109 netlogon->logon1.lmnt_token = 0xFFFF;
110 netlogon->logon1.lm20_token = 0xFFFF;
114 netlogon->logon2.pdc_name = pdc_name;
115 netlogon->logon2.unknown = "";
116 netlogon->logon2.domain_name = flatname;
117 netlogon->logon2.domain_uuid = domain_uuid;
118 netlogon->logon2.forest = realm;
119 netlogon->logon2.dns_domain = dns_domain;
120 netlogon->logon2.pdc_dns_name = pdc_dns_name;
121 netlogon->logon2.pdc_ip = pdc_ip;
122 netlogon->logon2.server_type = server_type;
123 netlogon->logon2.nt_version = 3;
124 netlogon->logon2.lmnt_token = 0xFFFF;
125 netlogon->logon2.lm20_token = 0xFFFF;
131 netlogon->logon3.server_type = server_type;
132 netlogon->logon3.domain_uuid = domain_uuid;
133 netlogon->logon3.forest = realm;
134 netlogon->logon3.dns_domain = dns_domain;
135 netlogon->logon3.pdc_dns_name = pdc_dns_name;
136 netlogon->logon3.domain = flatname;
137 netlogon->logon3.pdc_name = pdc_name;
138 netlogon->logon3.user_name = user;
139 netlogon->logon3.site_name = site_name;
140 netlogon->logon3.site_name2 = site_name2;
141 netlogon->logon3.nt_version = 3;
142 netlogon->logon3.lmnt_token = 0xFFFF;
143 netlogon->logon3.lm20_token = 0xFFFF;
146 netlogon->logon4.server_type = server_type;
147 netlogon->logon4.domain_uuid = domain_uuid;
148 netlogon->logon4.forest = realm;
149 netlogon->logon4.dns_domain = dns_domain;
150 netlogon->logon4.pdc_dns_name = pdc_dns_name;
151 netlogon->logon4.domain = flatname;
152 netlogon->logon4.pdc_name = lp_netbios_name();
153 netlogon->logon4.user_name = user;
154 netlogon->logon4.site_name = site_name;
155 netlogon->logon4.site_name2 = site_name2;
156 netlogon->logon4.unknown = 10;
157 netlogon->logon4.unknown2 = 2;
158 netlogon->logon4.pdc_ip = pdc_ip;
159 netlogon->logon4.nt_version = 5;
160 netlogon->logon4.lmnt_token = 0xFFFF;
161 netlogon->logon4.lm20_token = 0xFFFF;
170 handle incoming cldap requests
172 void cldapd_netlogon_request(struct cldap_socket *cldap,
175 const char *src_address, int src_port)
177 struct ldap_parse_tree *tree;
179 const char *domain = NULL;
180 const char *host = NULL;
181 const char *user = "";
182 const char *domain_guid = NULL;
183 const char *domain_sid = NULL;
184 int acct_control = -1;
186 union nbt_cldap_netlogon netlogon;
187 NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
189 TALLOC_CTX *tmp_ctx = talloc_new(cldap);
191 DEBUG(0,("cldap filter='%s'\n", filter));
193 tree = ldap_parse_filter_string(tmp_ctx, filter);
194 if (tree == NULL) goto failed;
196 if (tree->operation != LDAP_OP_AND) goto failed;
198 /* extract the query elements */
199 for (i=0;i<tree->u.list.num_elements;i++) {
200 struct ldap_parse_tree *t = tree->u.list.elements[i];
201 if (t->operation != LDAP_OP_SIMPLE) goto failed;
202 if (strcasecmp(t->u.simple.attr, "DnsDomain") == 0) {
203 domain = talloc_strndup(tmp_ctx,
204 t->u.simple.value.data,
205 t->u.simple.value.length);
207 if (strcasecmp(t->u.simple.attr, "Host") == 0) {
208 host = talloc_strndup(tmp_ctx,
209 t->u.simple.value.data,
210 t->u.simple.value.length);
212 if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) {
213 domain_guid = talloc_strndup(tmp_ctx,
214 t->u.simple.value.data,
215 t->u.simple.value.length);
217 if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) {
218 domain_sid = talloc_strndup(tmp_ctx,
219 t->u.simple.value.data,
220 t->u.simple.value.length);
222 if (strcasecmp(t->u.simple.attr, "User") == 0) {
223 user = talloc_strndup(tmp_ctx,
224 t->u.simple.value.data,
225 t->u.simple.value.length);
227 if (strcasecmp(t->u.simple.attr, "NtVer") == 0 &&
228 t->u.simple.value.length == 4) {
229 version = IVAL(t->u.simple.value.data, 0);
231 if (strcasecmp(t->u.simple.attr, "AAC") == 0 &&
232 t->u.simple.value.length == 4) {
233 acct_control = IVAL(t->u.simple.value.data, 0);
237 if (domain == NULL || host == NULL || version == -1) {
241 DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d\n",
242 domain, host, user, version));
244 status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, user, src_address,
246 if (!NT_STATUS_IS_OK(status)) {
250 status = cldap_netlogon_reply(cldap, message_id, src_address, src_port, version,
252 if (!NT_STATUS_IS_OK(status)) {
256 talloc_free(tmp_ctx);
260 DEBUG(0,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n",
261 domain, host, version, nt_errstr(status)));
262 talloc_free(tmp_ctx);
263 cldap_empty_reply(cldap, message_id, src_address, src_port);