2 Unix SMB/CIFS implementation.
3 NBT netbios routines and daemon - version 2
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6 Copyright (C) Jeremy Allison 1994-1998
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 struct sam_database_info
{
31 uint32 serial_lo
, serial_hi
;
32 uint32 date_lo
, date_hi
;
35 /****************************************************************************
36 Send a message to smbd to do a sam delta sync
37 **************************************************************************/
38 static void send_repl_message(uint32 low_serial
)
42 tdb
= tdb_open_log(lock_path("connections.tdb"), 0,
43 TDB_DEFAULT
, O_RDONLY
, 0);
46 DEBUG(3, ("send_repl_message(): failed to open connections "
51 DEBUG(3, ("sending replication message, serial = 0x%04x\n",
54 message_send_all(tdb
, MSG_SMB_SAM_REPL
, &low_serial
,
55 sizeof(low_serial
), False
, NULL
);
60 /****************************************************************************
61 Process a domain logon packet
62 **************************************************************************/
64 void process_logon_packet(struct packet_struct
*p
, char *buf
,int len
,
67 struct dgram_packet
*dgram
= &p
->packet
.dgram
;
77 BOOL short_request
= False
;
79 char *uniuser
; /* Unicode user name. */
81 char *unicomp
; /* Unicode computer name. */
83 memset(outbuf
, 0, sizeof(outbuf
));
85 if (!lp_domain_logons())
87 DEBUG(3,("process_logon_packet: Logon packet received from IP %s and domain \
88 logons are not enabled.\n", inet_ntoa(p
->ip
) ));
92 pstrcpy(my_name
, global_myname());
95 DEBUG(1,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p
->ip
), code
));
103 char *user
= skip_string(machine
,1);
105 getdc
= skip_string(user
,1);
106 q
= skip_string(getdc
,1);
109 fstrcpy(reply_name
,my_name
);
111 DEBUG(3,("process_logon_packet: Domain login request from %s at IP %s user=%s token=%x\n",
112 machine
,inet_ntoa(p
->ip
),user
,token
));
118 fstrcpy(reply_name
, "\\\\");
119 fstrcat(reply_name
, my_name
);
120 fstrcpy(q
, reply_name
); q
= skip_string(q
, 1); /* PDC name */
125 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
127 send_mailslot(True
, getdc
,
128 outbuf
,PTR_DIFF(q
,outbuf
),
129 global_myname(), 0x0,
131 dgram
->source_name
.name_type
,
132 p
->ip
, *iface_ip(p
->ip
), p
->port
);
141 if (!lp_domain_master())
143 /* We're not Primary Domain Controller -- ignore this */
147 getdc
= skip_string(machine
,1);
148 q
= skip_string(getdc
,1);
151 /* at this point we can work out if this is a W9X or NT style
152 request. Experiments show that the difference is wether the
153 packet ends here. For a W9X request we now end with a pair of
154 bytes (usually 0xFE 0xFF) whereas with NT we have two further
155 strings - the following is a simple way of detecting this */
156 if (len
- PTR_DIFF(q
, buf
) <= 3) {
157 short_request
= True
;
161 /* A full length (NT style) request */
162 q
= skip_unibuf(unicomp
, PTR_DIFF(buf
+ len
, unicomp
));
164 if (len
- PTR_DIFF(q
, buf
) > 8) {
165 /* with NT5 clients we can sometimes
166 get additional data - a length specificed string
167 containing the domain name, then 16 bytes of
168 data (no idea what it is) */
169 int dom_len
= CVAL(q
, 0);
176 ntversion
= IVAL(q
, 0);
177 lmnttoken
= SVAL(q
, 4);
178 lm20token
= SVAL(q
, 6);
181 /* Construct reply. */
183 SSVAL(q
, 0, QUERYFORPDC_R
);
186 fstrcpy(reply_name
,my_name
);
187 fstrcpy(q
, reply_name
);
188 q
= skip_string(q
, 1); /* PDC name */
190 /* PDC and domain name */
191 if (!short_request
) /* Make a full reply */
193 q
= ALIGN2(q
, outbuf
);
195 q
+= dos_PutUniCode(q
, my_name
, sizeof(pstring
), True
); /* PDC name */
196 q
+= dos_PutUniCode(q
, lp_workgroup(),sizeof(pstring
), True
); /* Domain name*/
197 SIVAL(q
, 0, 1); /* our nt version */
198 SSVAL(q
, 4, 0xffff); /* our lmnttoken */
199 SSVAL(q
, 6, 0xffff); /* our lm20token */
203 /* RJS, 21-Feb-2000, we send a short reply if the request was short */
205 DEBUG(3,("process_logon_packet: GETDC request from %s at IP %s, \
206 reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
207 machine
,inet_ntoa(p
->ip
), reply_name
, lp_workgroup(),
208 QUERYFORPDC_R
, (uint32
)ntversion
, (uint32
)lmnttoken
,
209 (uint32
)lm20token
));
211 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
213 send_mailslot(True
, getdc
,
214 outbuf
,PTR_DIFF(q
,outbuf
),
215 global_myname(), 0x0,
216 dgram
->source_name
.name
,
217 dgram
->source_name
.name_type
,
218 p
->ip
, *iface_ip(p
->ip
), p
->port
);
229 uniuser
= skip_unibuf(unicomp
, PTR_DIFF(buf
+len
, unicomp
));
230 getdc
= skip_unibuf(uniuser
,PTR_DIFF(buf
+len
, uniuser
));
231 q
= skip_string(getdc
,1);
232 q
+= 4; /* Account Control Bits - indicating username type */
233 domainsidsize
= IVAL(q
, 0);
236 DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize
, len
));
238 if (domainsidsize
< (len
- PTR_DIFF(q
, buf
)) && (domainsidsize
!= 0)) {
243 DEBUG(3,("process_logon_packet: len = %d PTR_DIFF(q, buf) = %d\n", len
, PTR_DIFF(q
, buf
) ));
245 if (len
- PTR_DIFF(q
, buf
) > 8) {
246 /* with NT5 clients we can sometimes
247 get additional data - a length specificed string
248 containing the domain name, then 16 bytes of
249 data (no idea what it is) */
250 int dom_len
= CVAL(q
, 0);
252 if (dom_len
< (len
- PTR_DIFF(q
, buf
)) && (dom_len
!= 0)) {
258 ntversion
= IVAL(q
, 0);
259 lmnttoken
= SVAL(q
, 4);
260 lm20token
= SVAL(q
, 6);
263 DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize
, ntversion
));
266 * we respond regadless of whether the machine is in our password
267 * database. If it isn't then we let smbd send an appropriate error.
268 * Let's ignore the SID.
270 pull_ucs2_pstring(ascuser
, uniuser
);
271 pull_ucs2_fstring(asccomp
, unicomp
);
272 DEBUG(3,("process_logon_packet: SAMLOGON user %s\n", ascuser
));
274 fstrcpy(reply_name
, "\\\\"); /* Here it wants \\LOGONSERVER. */
275 fstrcat(reply_name
, my_name
);
277 DEBUG(3,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n",
278 asccomp
,inet_ntoa(p
->ip
), ascuser
, reply_name
, lp_workgroup(),
279 SAMLOGON_R
,lmnttoken
));
281 /* Construct reply. */
284 /* we want the simple version unless we are an ADS PDC..which means */
285 /* never, at least for now */
286 if ((ntversion
< 11) || (SEC_ADS
!= lp_security()) || (ROLE_DOMAIN_PDC
!= lp_server_role())) {
287 if (SVAL(uniuser
, 0) == 0) {
288 SSVAL(q
, 0, SAMLOGON_UNK_R
); /* user unknown */
290 SSVAL(q
, 0, SAMLOGON_R
);
295 q
+= dos_PutUniCode(q
, reply_name
,sizeof(pstring
), True
);
296 q
+= dos_PutUniCode(q
, ascuser
, sizeof(pstring
), True
);
297 q
+= dos_PutUniCode(q
, lp_workgroup(),sizeof(pstring
), True
);
304 char *component
, *dc
, *q1
;
309 get_mydomname(domain
);
310 get_myname(hostname
);
312 if (SVAL(uniuser
, 0) == 0) {
313 SIVAL(q
, 0, SAMLOGON_AD_UNK_R
); /* user unknown */
315 SIVAL(q
, 0, SAMLOGON_AD_R
);
319 SIVAL(q
, 0, ADS_PDC
|ADS_GC
|ADS_LDAP
|ADS_DS
|
320 ADS_KDC
|ADS_TIMESERV
|ADS_CLOSEST
|ADS_WRITABLE
);
323 /* Push Domain GUID */
324 if (False
== secrets_fetch_domain_guid(domain
, &domain_guid
)) {
325 DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain
));
328 memcpy(q
, &domain_guid
, sizeof(domain_guid
));
329 q
+= sizeof(domain_guid
);
332 str_offset
= q
- q_orig
;
335 while ((component
= strtok(dc
, "."))) {
337 size
= push_ascii(&q
[1], component
, -1, 0);
346 SCVAL(q
, 0, 0xc0 | ((str_offset
>> 8) & 0x3F));
347 SCVAL(q
, 1, str_offset
& 0xFF);
351 size
= push_ascii(&q
[1], hostname
, -1, 0);
354 SCVAL(q
, 0, 0xc0 | ((str_offset
>> 8) & 0x3F));
355 SCVAL(q
, 1, str_offset
& 0xFF);
358 /* NETBIOS of domain */
359 size
= push_ascii(&q
[1], lp_workgroup(), -1, STR_UPPER
);
366 /* NETBIOS of hostname */
367 size
= push_ascii(&q
[1], my_name
, -1, 0);
375 if (SVAL(uniuser
, 0) != 0) {
376 size
= push_ascii(&q
[1], ascuser
, -1, 0);
383 size
= push_ascii(&q
[1], "Default-First-Site-Name", -1, 0);
388 str_offset
= q
- q_orig
;
389 SCVAL(q
, 0, 0xc0 | ((str_offset
>> 8) & 0x3F));
390 SCVAL(q
, 1, str_offset
& 0xFF);
393 SCVAL(q
, 0, PTR_DIFF(q
,q1
));
394 SCVAL(q
, 1, 0x10); /* unknown */
396 SIVAL(q
, 0, 0x00000002); q
+= 4; /* unknown */
397 SIVAL(q
, 0, (iface_ip(p
->ip
))->s_addr
); q
+= 4;
398 SIVAL(q
, 0, 0x00000000); q
+= 4; /* unknown */
399 SIVAL(q
, 0, 0x00000000); q
+= 4; /* unknown */
403 /* tell the client what version we are */
404 SIVAL(q
, 0, ((ntversion
< 11) || (SEC_ADS
!= lp_security())) ? 1 : 13);
406 SSVAL(q
, 4, 0xffff); /* our lmnttoken */
407 SSVAL(q
, 6, 0xffff); /* our lm20token */
410 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
412 send_mailslot(True
, getdc
,
413 outbuf
,PTR_DIFF(q
,outbuf
),
414 global_myname(), 0x0,
415 dgram
->source_name
.name
,
416 dgram
->source_name
.name_type
,
417 p
->ip
, *iface_ip(p
->ip
), p
->port
);
421 /* Announce change to UAS or SAM. Send by the domain controller when a
422 replication event is required. */
424 case SAM_UAS_CHANGE
: {
425 struct sam_database_info
*db_info
;
432 low_serial
= IVAL(q
, 0); q
+= 4; /* Low serial number */
434 q
+= 4; /* Date/time */
440 q
= skip_string(q
, 1); /* PDC name */
441 q
= skip_string(q
, 1); /* Domain name */
442 q
= skip_unibuf(q
, PTR_DIFF(buf
+ len
, q
)); /* Unicode PDC name */
443 q
= skip_unibuf(q
, PTR_DIFF(buf
+ len
, q
)); /* Unicode domain name */
447 db_count
= SVAL(q
, 0); q
+= 2;
449 db_info
= (struct sam_database_info
*)
450 malloc(sizeof(struct sam_database_info
) * db_count
);
452 if (db_info
== NULL
) {
453 DEBUG(3, ("out of memory allocating info for %d databases\n",
458 for (i
= 0; i
< db_count
; i
++) {
459 db_info
[i
].index
= IVAL(q
, 0);
460 db_info
[i
].serial_lo
= IVAL(q
, 4);
461 db_info
[i
].serial_hi
= IVAL(q
, 8);
462 db_info
[i
].date_lo
= IVAL(q
, 12);
463 db_info
[i
].date_hi
= IVAL(q
, 16);
469 q
+= IVAL(q
, 0) + 4; /* 4 byte length plus data */
471 q
+= 2; /* Alignment? */
473 /* Misc other info */
475 q
+= 4; /* NT version (0x1) */
476 q
+= 2; /* LMNT token (0xff) */
477 q
+= 2; /* LM20 token (0xff) */
479 SAFE_FREE(db_info
); /* Not sure whether we need to do anything
482 /* Send message to smbd */
484 send_repl_message(low_serial
);
491 DEBUG(3,("process_logon_packet: Unknown domain request %d\n",code
));