search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
[Samba/cd1.git] / source4 / rpc_server / netlogon / dcerpc_netlogon.c
blobd59cb6fb823d480903d4a66195672e18d15f79c5
1 /*
2 Unix SMB/CIFS implementation.
3
4 endpoint server for the netlogon pipe
5
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2008
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2005
8 Copyright (C) Matthias Dieter Wallnöfer 2009
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "rpc_server/dcerpc_server.h"
26 #include "auth/auth.h"
27 #include "auth/auth_sam_reply.h"
28 #include "dsdb/samdb/samdb.h"
29 #include "../lib/util/util_ldb.h"
30 #include "../libcli/auth/schannel.h"
31 #include "auth/gensec/schannel_state.h"
32 #include "libcli/security/security.h"
33 #include "param/param.h"
34 #include "lib/messaging/irpc.h"
35 #include "librpc/gen_ndr/ndr_irpc.h"
36
37 struct netlogon_server_pipe_state {
38 struct netr_Credential client_challenge;
39 struct netr_Credential server_challenge;
40 };
41
42
43 static NTSTATUS dcesrv_netr_ServerReqChallenge(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
44 struct netr_ServerReqChallenge *r)
45 {
46 struct netlogon_server_pipe_state *pipe_state =
47 talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
48
49 ZERO_STRUCTP(r->out.return_credentials);
50
51 /* destroyed on pipe shutdown */
52
53 if (pipe_state) {
54 talloc_free(pipe_state);
55 dce_call->context->private_data = NULL;
56 }
57
58 pipe_state = talloc(dce_call->context, struct netlogon_server_pipe_state);
59 NT_STATUS_HAVE_NO_MEMORY(pipe_state);
60
61 pipe_state->client_challenge = *r->in.credentials;
62
63 generate_random_buffer(pipe_state->server_challenge.data,
64 sizeof(pipe_state->server_challenge.data));
65
66 *r->out.return_credentials = pipe_state->server_challenge;
67
68 dce_call->context->private_data = pipe_state;
69
70 return NT_STATUS_OK;
71 }
72
73 static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
74 struct netr_ServerAuthenticate3 *r)
75 {
76 struct netlogon_server_pipe_state *pipe_state =
77 talloc_get_type(dce_call->context->private_data, struct netlogon_server_pipe_state);
78 struct netlogon_creds_CredentialState *creds;
79 struct ldb_context *schannel_ldb;
80 struct ldb_context *sam_ctx;
81 struct samr_Password *mach_pwd;
82 uint32_t user_account_control;
83 int num_records;
84 struct ldb_message **msgs;
85 NTSTATUS nt_status;
86 const char *attrs[] = {"unicodePwd", "userAccountControl",
87 "objectSid", NULL};
88
89 const char *trust_dom_attrs[] = {"flatname", NULL};
90 const char *account_name;
91
92 ZERO_STRUCTP(r->out.return_credentials);
93 *r->out.rid = 0;
94
95 /*
96 * According to Microsoft (see bugid #6099)
97 * Windows 7 looks at the negotiate_flags
98 * returned in this structure *even if the
99 * call fails with access denied!
100 */
101 *r->out.negotiate_flags = NETLOGON_NEG_ACCOUNT_LOCKOUT |
102 NETLOGON_NEG_PERSISTENT_SAMREPL |
103 NETLOGON_NEG_ARCFOUR |
104 NETLOGON_NEG_PROMOTION_COUNT |
105 NETLOGON_NEG_CHANGELOG_BDC |
106 NETLOGON_NEG_FULL_SYNC_REPL |
107 NETLOGON_NEG_MULTIPLE_SIDS |
108 NETLOGON_NEG_REDO |
109 NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL |
110 NETLOGON_NEG_SEND_PASSWORD_INFO_PDC |
111 NETLOGON_NEG_GENERIC_PASSTHROUGH |
112 NETLOGON_NEG_CONCURRENT_RPC |
113 NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL |
114 NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL |
115 NETLOGON_NEG_STRONG_KEYS |
116 NETLOGON_NEG_TRANSITIVE_TRUSTS |
117 NETLOGON_NEG_DNS_DOMAIN_TRUSTS |
118 NETLOGON_NEG_PASSWORD_SET2 |
119 NETLOGON_NEG_GETDOMAININFO |
120 NETLOGON_NEG_CROSS_FOREST_TRUSTS |
121 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION |
122 NETLOGON_NEG_RODC_PASSTHROUGH |
123 NETLOGON_NEG_AUTHENTICATED_RPC_LSASS |
124 NETLOGON_NEG_AUTHENTICATED_RPC;
125
126 if (!pipe_state) {
127 DEBUG(1, ("No challenge requested by client, cannot authenticate\n"));
128 return NT_STATUS_ACCESS_DENIED;
129 }
130
131 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
132 system_session(dce_call->conn->dce_ctx->lp_ctx));
133 if (sam_ctx == NULL) {
134 return NT_STATUS_INVALID_SYSTEM_SERVICE;
135 }
136
137 if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
138 char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
139 const char *flatname;
140 if (!encoded_account) {
141 return NT_STATUS_NO_MEMORY;
142 }
143
144 /* Kill the trailing dot */
145 if (encoded_account[strlen(encoded_account)-1] == '.') {
146 encoded_account[strlen(encoded_account)-1] = '\0';
147 }
148
149 /* pull the user attributes */
150 num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs,
151 trust_dom_attrs,
152 "(&(trustPartner=%s)(objectclass=trustedDomain))",
153 encoded_account);
154
155 if (num_records == 0) {
156 DEBUG(3,("Couldn't find trust [%s] in samdb.\n",
157 encoded_account));
158 return NT_STATUS_ACCESS_DENIED;
159 }
160
161 if (num_records > 1) {
162 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
163 return NT_STATUS_INTERNAL_DB_CORRUPTION;
164 }
165
166 flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
167 if (!flatname) {
168 /* No flatname for this trust - we can't proceed */
169 return NT_STATUS_ACCESS_DENIED;
170 }
171 account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
172
173 if (!account_name) {
174 return NT_STATUS_NO_MEMORY;
175 }
176
177 } else {
178 account_name = r->in.account_name;
179 }
180
181 /* pull the user attributes */
182 num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
183 "(&(sAMAccountName=%s)(objectclass=user))",
184 ldb_binary_encode_string(mem_ctx, account_name));
185
186 if (num_records == 0) {
187 DEBUG(3,("Couldn't find user [%s] in samdb.\n",
188 r->in.account_name));
189 return NT_STATUS_ACCESS_DENIED;
190 }
191
192 if (num_records > 1) {
193 DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
194 return NT_STATUS_INTERNAL_DB_CORRUPTION;
195 }
196
197
198 user_account_control = ldb_msg_find_attr_as_uint(msgs[0], "userAccountControl", 0);
199
200 if (user_account_control & UF_ACCOUNTDISABLE) {
201 DEBUG(1, ("Account [%s] is disabled\n", r->in.account_name));
202 return NT_STATUS_ACCESS_DENIED;
203 }
204
205 if (r->in.secure_channel_type == SEC_CHAN_WKSTA) {
206 if (!(user_account_control & UF_WORKSTATION_TRUST_ACCOUNT)) {
207 DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
208 return NT_STATUS_ACCESS_DENIED;
209 }
210 } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN ||
211 r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
212 if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
213 DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
214
215 return NT_STATUS_ACCESS_DENIED;
216 }
217 } else if (r->in.secure_channel_type == SEC_CHAN_BDC) {
218 if (!(user_account_control & UF_SERVER_TRUST_ACCOUNT)) {
219 DEBUG(1, ("Client asked for a server secure channel, but is not a server (domain controller): acb flags: 0x%x\n", user_account_control));
220 return NT_STATUS_ACCESS_DENIED;
221 }
222 } else {
223 DEBUG(1, ("Client asked for an invalid secure channel type: %d\n",
224 r->in.secure_channel_type));
225 return NT_STATUS_ACCESS_DENIED;
226 }
227
228 *r->out.rid = samdb_result_rid_from_sid(mem_ctx, msgs[0],
229 "objectSid", 0);
230
231 mach_pwd = samdb_result_hash(mem_ctx, msgs[0], "unicodePwd");
232 if (mach_pwd == NULL) {
233 return NT_STATUS_ACCESS_DENIED;
234 }
235
236 creds = netlogon_creds_server_init(mem_ctx,
237 r->in.account_name,
238 r->in.computer_name,
239 r->in.secure_channel_type,
240 &pipe_state->client_challenge,
241 &pipe_state->server_challenge,
242 mach_pwd,
243 r->in.credentials,
244 r->out.return_credentials,
245 *r->in.negotiate_flags);
246
247 if (!creds) {
248 return NT_STATUS_ACCESS_DENIED;
249 }
250
251 creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
252
253 schannel_ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
254 if (!schannel_ldb) {
255 return NT_STATUS_ACCESS_DENIED;
256 }
257
258 nt_status = schannel_store_session_key_ldb(schannel_ldb, mem_ctx, creds);
259 talloc_unlink(mem_ctx, schannel_ldb);
260
261 return nt_status;
262 }
263
264 static NTSTATUS dcesrv_netr_ServerAuthenticate(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
265 struct netr_ServerAuthenticate *r)
266 {
267 struct netr_ServerAuthenticate3 a;
268 uint32_t rid;
269 /* TODO:
270 * negotiate_flags is used as an [in] parameter
271 * so it need to be initialised.
272 *
273 * (I think ... = 0; seems wrong here --metze)
274 */
275 uint32_t negotiate_flags_in = 0;
276 uint32_t negotiate_flags_out = 0;
277
278 a.in.server_name = r->in.server_name;
279 a.in.account_name = r->in.account_name;
280 a.in.secure_channel_type = r->in.secure_channel_type;
281 a.in.computer_name = r->in.computer_name;
282 a.in.credentials = r->in.credentials;
283 a.in.negotiate_flags = &negotiate_flags_in;
284
285 a.out.return_credentials = r->out.return_credentials;
286 a.out.rid = &rid;
287 a.out.negotiate_flags = &negotiate_flags_out;
288
289 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &a);
290 }
291
292 static NTSTATUS dcesrv_netr_ServerAuthenticate2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
293 struct netr_ServerAuthenticate2 *r)
294 {
295 struct netr_ServerAuthenticate3 r3;
296 uint32_t rid = 0;
297
298 r3.in.server_name = r->in.server_name;
299 r3.in.account_name = r->in.account_name;
300 r3.in.secure_channel_type = r->in.secure_channel_type;
301 r3.in.computer_name = r->in.computer_name;
302 r3.in.credentials = r->in.credentials;
303 r3.out.return_credentials = r->out.return_credentials;
304 r3.in.negotiate_flags = r->in.negotiate_flags;
305 r3.out.negotiate_flags = r->out.negotiate_flags;
306 r3.out.rid = &rid;
307
308 return dcesrv_netr_ServerAuthenticate3(dce_call, mem_ctx, &r3);
309 }
310
311 /*
312 Validate an incoming authenticator against the credentials for the remote machine.
313
314 The credentials are (re)read and from the schannel database, and
315 written back after the caclulations are performed.
316
317 The creds_out parameter (if not NULL) returns the credentials, if
318 the caller needs some of that information.
319
320 */
321 static NTSTATUS dcesrv_netr_creds_server_step_check(struct dcesrv_call_state *dce_call,
322 TALLOC_CTX *mem_ctx,
323 const char *computer_name,
324 struct netr_Authenticator *received_authenticator,
325 struct netr_Authenticator *return_authenticator,
326 struct netlogon_creds_CredentialState **creds_out)
327 {
328 NTSTATUS nt_status;
329 struct ldb_context *ldb;
330 bool schannel_global_required = false; /* Should be lp_schannel_server() == true */
331 bool schannel_in_use = dce_call->conn->auth_state.auth_info
332 && dce_call->conn->auth_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL
333 && (dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY
334 || dce_call->conn->auth_state.auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY);
335
336 ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
337 if (!ldb) {
338 return NT_STATUS_ACCESS_DENIED;
339 }
340 nt_status = schannel_creds_server_step_check_ldb(ldb, mem_ctx,
341 computer_name,
342 schannel_global_required,
343 schannel_in_use,
344 received_authenticator,
345 return_authenticator, creds_out);
346 talloc_unlink(mem_ctx, ldb);
347 return nt_status;
348 }
349
350 /*
351 Change the machine account password for the currently connected
352 client. Supplies only the NT#.
353 */
354
355 static NTSTATUS dcesrv_netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
356 struct netr_ServerPasswordSet *r)
357 {
358 struct netlogon_creds_CredentialState *creds;
359 struct ldb_context *sam_ctx;
360 NTSTATUS nt_status;
361
362 nt_status = dcesrv_netr_creds_server_step_check(dce_call,
363 mem_ctx,
364 r->in.computer_name,
365 r->in.credential, r->out.return_authenticator,
366 &creds);
367 NT_STATUS_NOT_OK_RETURN(nt_status);
368
369 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
370 if (sam_ctx == NULL) {
371 return NT_STATUS_INVALID_SYSTEM_SERVICE;
372 }
373
374 netlogon_creds_des_decrypt(creds, r->in.new_password);
375
376 /* Using the sid for the account as the key, set the password */
377 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
378 creds->sid,
379 NULL, /* Don't have plaintext */
380 NULL, r->in.new_password,
381 true, /* Password change */
382 NULL, NULL);
383 return nt_status;
384 }
385
386 /*
387 Change the machine account password for the currently connected
388 client. Supplies new plaintext.
389 */
390 static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
391 struct netr_ServerPasswordSet2 *r)
392 {
393 struct netlogon_creds_CredentialState *creds;
394 struct ldb_context *sam_ctx;
395 NTSTATUS nt_status;
396 DATA_BLOB new_password;
397
398 struct samr_CryptPassword password_buf;
399
400 nt_status = dcesrv_netr_creds_server_step_check(dce_call,
401 mem_ctx,
402 r->in.computer_name,
403 r->in.credential, r->out.return_authenticator,
404 &creds);
405 NT_STATUS_NOT_OK_RETURN(nt_status);
406
407 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
408 if (sam_ctx == NULL) {
409 return NT_STATUS_INVALID_SYSTEM_SERVICE;
410 }
411
412 memcpy(password_buf.data, r->in.new_password->data, 512);
413 SIVAL(password_buf.data, 512, r->in.new_password->length);
414 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
415
416 if (!extract_pw_from_buffer(mem_ctx, password_buf.data, &new_password)) {
417 DEBUG(3,("samr: failed to decode password buffer\n"));
418 return NT_STATUS_WRONG_PASSWORD;
419 }
420
421 /* Using the sid for the account as the key, set the password */
422 nt_status = samdb_set_password_sid(sam_ctx, mem_ctx,
423 creds->sid,
424 &new_password, /* we have plaintext */
425 NULL, NULL,
426 true, /* Password change */
427 NULL, NULL);
428 return nt_status;
429 }
430
431
432 /*
433 netr_LogonUasLogon
434 */
435 static WERROR dcesrv_netr_LogonUasLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
436 struct netr_LogonUasLogon *r)
437 {
438 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
439 }
440
441
442 /*
443 netr_LogonUasLogoff
444 */
445 static WERROR dcesrv_netr_LogonUasLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
446 struct netr_LogonUasLogoff *r)
447 {
448 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
449 }
450
451
452 /*
453 netr_LogonSamLogon_base
454
455 This version of the function allows other wrappers to say 'do not check the credentials'
456
457 We can't do the traditional 'wrapping' format completly, as this function must only run under schannel
458 */
459 static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
460 struct netr_LogonSamLogonEx *r, struct netlogon_creds_CredentialState *creds)
461 {
462 struct auth_context *auth_context;
463 struct auth_usersupplied_info *user_info;
464 struct auth_serversupplied_info *server_info;
465 NTSTATUS nt_status;
466 static const char zeros[16];
467 struct netr_SamBaseInfo *sam;
468 struct netr_SamInfo2 *sam2;
469 struct netr_SamInfo3 *sam3;
470 struct netr_SamInfo6 *sam6;
471
472 user_info = talloc(mem_ctx, struct auth_usersupplied_info);
473 NT_STATUS_HAVE_NO_MEMORY(user_info);
474
475 user_info->flags = 0;
476 user_info->mapped_state = false;
477 user_info->remote_host = NULL;
478
479 switch (r->in.logon_level) {
480 case NetlogonInteractiveInformation:
481 case NetlogonServiceInformation:
482 case NetlogonInteractiveTransitiveInformation:
483 case NetlogonServiceTransitiveInformation:
484 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
485 netlogon_creds_arcfour_crypt(creds,
486 r->in.logon->password->lmpassword.hash,
487 sizeof(r->in.logon->password->lmpassword.hash));
488 netlogon_creds_arcfour_crypt(creds,
489 r->in.logon->password->ntpassword.hash,
490 sizeof(r->in.logon->password->ntpassword.hash));
491 } else {
492 netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword);
493 netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword);
494 }
495
496 /* TODO: we need to deny anonymous access here */
497 nt_status = auth_context_create(mem_ctx,
498 dce_call->event_ctx, dce_call->msg_ctx,
499 dce_call->conn->dce_ctx->lp_ctx,
500 &auth_context);
501 NT_STATUS_NOT_OK_RETURN(nt_status);
502
503 user_info->logon_parameters = r->in.logon->password->identity_info.parameter_control;
504 user_info->client.account_name = r->in.logon->password->identity_info.account_name.string;
505 user_info->client.domain_name = r->in.logon->password->identity_info.domain_name.string;
506 user_info->workstation_name = r->in.logon->password->identity_info.workstation.string;
507
508 user_info->flags |= USER_INFO_INTERACTIVE_LOGON;
509 user_info->password_state = AUTH_PASSWORD_HASH;
510
511 user_info->password.hash.lanman = talloc(user_info, struct samr_Password);
512 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.lanman);
513 *user_info->password.hash.lanman = r->in.logon->password->lmpassword;
514
515 user_info->password.hash.nt = talloc(user_info, struct samr_Password);
516 NT_STATUS_HAVE_NO_MEMORY(user_info->password.hash.nt);
517 *user_info->password.hash.nt = r->in.logon->password->ntpassword;
518
519 break;
520 case NetlogonNetworkInformation:
521 case NetlogonNetworkTransitiveInformation:
522
523 /* TODO: we need to deny anonymous access here */
524 nt_status = auth_context_create(mem_ctx,
525 dce_call->event_ctx, dce_call->msg_ctx,
526 dce_call->conn->dce_ctx->lp_ctx,
527 &auth_context);
528 NT_STATUS_NOT_OK_RETURN(nt_status);
529
530 nt_status = auth_context_set_challenge(auth_context, r->in.logon->network->challenge, "netr_LogonSamLogonWithFlags");
531 NT_STATUS_NOT_OK_RETURN(nt_status);
532
533 user_info->logon_parameters = r->in.logon->network->identity_info.parameter_control;
534 user_info->client.account_name = r->in.logon->network->identity_info.account_name.string;
535 user_info->client.domain_name = r->in.logon->network->identity_info.domain_name.string;
536 user_info->workstation_name = r->in.logon->network->identity_info.workstation.string;
537
538 user_info->password_state = AUTH_PASSWORD_RESPONSE;
539 user_info->password.response.lanman = data_blob_talloc(mem_ctx, r->in.logon->network->lm.data, r->in.logon->network->lm.length);
540 user_info->password.response.nt = data_blob_talloc(mem_ctx, r->in.logon->network->nt.data, r->in.logon->network->nt.length);
541
542 break;
543
544
545 case NetlogonGenericInformation:
546 {
547 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
548 netlogon_creds_arcfour_crypt(creds,
549 r->in.logon->generic->data, r->in.logon->generic->length);
550 } else {
551 /* Using DES to verify kerberos tickets makes no sense */
552 return NT_STATUS_INVALID_PARAMETER;
553 }
554
555 if (strcmp(r->in.logon->generic->package_name.string, "Kerberos") == 0) {
556 NTSTATUS status;
557 struct server_id *kdc;
558 struct kdc_check_generic_kerberos check;
559 struct netr_GenericInfo2 *generic = talloc_zero(mem_ctx, struct netr_GenericInfo2);
560 NT_STATUS_HAVE_NO_MEMORY(generic);
561 *r->out.authoritative = 1;
562
563 /* TODO: Describe and deal with these flags */
564 *r->out.flags = 0;
565
566 r->out.validation->generic = generic;
567
568 kdc = irpc_servers_byname(dce_call->msg_ctx, mem_ctx, "kdc_server");
569 if ((kdc == NULL) || (kdc[0].id == 0)) {
570 return NT_STATUS_NO_LOGON_SERVERS;
571 }
572
573 check.in.generic_request =
574 data_blob_const(r->in.logon->generic->data,
575 r->in.logon->generic->length);
576
577 status = irpc_call(dce_call->msg_ctx, kdc[0],
578 &ndr_table_irpc, NDR_KDC_CHECK_GENERIC_KERBEROS,
579 &check, mem_ctx);
580 if (!NT_STATUS_IS_OK(status)) {
581 return status;
582 }
583 generic->length = check.out.generic_reply.length;
584 generic->data = check.out.generic_reply.data;
585 return NT_STATUS_OK;
586 }
587
588 /* Until we get an implemetnation of these other packages */
589 return NT_STATUS_INVALID_PARAMETER;
590 }
591 default:
592 return NT_STATUS_INVALID_PARAMETER;
593 }
594
595 nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
596 NT_STATUS_NOT_OK_RETURN(nt_status);
597
598 nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
599 NT_STATUS_NOT_OK_RETURN(nt_status);
600
601 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
602 /* It appears that level 6 is not individually encrypted */
603 if ((r->in.validation_level != 6) &&
604 memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) {
605 /* This key is sent unencrypted without the ARCFOUR flag set */
606 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
607 netlogon_creds_arcfour_crypt(creds,
608 sam->key.key,
609 sizeof(sam->key.key));
610 }
611 }
612
613 /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
614 /* It appears that level 6 is not individually encrypted */
615 if ((r->in.validation_level != 6) &&
616 memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) {
617 if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
618 netlogon_creds_arcfour_crypt(creds,
619 sam->LMSessKey.key,
620 sizeof(sam->LMSessKey.key));
621 } else {
622 netlogon_creds_des_encrypt_LMKey(creds,
623 &sam->LMSessKey);
624 }
625 }
626
627 switch (r->in.validation_level) {
628 case 2:
629 sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
630 NT_STATUS_HAVE_NO_MEMORY(sam2);
631 sam2->base = *sam;
632 r->out.validation->sam2 = sam2;
633 break;
634
635 case 3:
636 sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
637 NT_STATUS_HAVE_NO_MEMORY(sam3);
638 sam3->base = *sam;
639 r->out.validation->sam3 = sam3;
640 break;
641
642 case 6:
643 sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
644 NT_STATUS_HAVE_NO_MEMORY(sam6);
645 sam6->base = *sam;
646 sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
647 sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
648 sam->account_name.string, sam6->forest.string);
649 NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
650 r->out.validation->sam6 = sam6;
651 break;
652
653 default:
654 break;
655 }
656
657 *r->out.authoritative = 1;
658
659 /* TODO: Describe and deal with these flags */
660 *r->out.flags = 0;
661
662 return NT_STATUS_OK;
663 }
664
665 static NTSTATUS dcesrv_netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
666 struct netr_LogonSamLogonEx *r)
667 {
668 NTSTATUS nt_status;
669 struct netlogon_creds_CredentialState *creds;
670 struct ldb_context *ldb = schannel_db_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx);
671 if (!ldb) {
672 return NT_STATUS_ACCESS_DENIED;
673 }
674
675 nt_status = schannel_fetch_session_key_ldb(ldb, mem_ctx, r->in.computer_name, &creds);
676 if (!NT_STATUS_IS_OK(nt_status)) {
677 return nt_status;
678 }
679
680 if (!dce_call->conn->auth_state.auth_info ||
681 dce_call->conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
682 return NT_STATUS_ACCESS_DENIED;
683 }
684 return dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds);
685 }
686
687 /*
688 netr_LogonSamLogonWithFlags
689
690 */
691 static NTSTATUS dcesrv_netr_LogonSamLogonWithFlags(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
692 struct netr_LogonSamLogonWithFlags *r)
693 {
694 NTSTATUS nt_status;
695 struct netlogon_creds_CredentialState *creds;
696 struct netr_LogonSamLogonEx r2;
697
698 struct netr_Authenticator *return_authenticator;
699
700 return_authenticator = talloc(mem_ctx, struct netr_Authenticator);
701 NT_STATUS_HAVE_NO_MEMORY(return_authenticator);
702
703 nt_status = dcesrv_netr_creds_server_step_check(dce_call,
704 mem_ctx,
705 r->in.computer_name,
706 r->in.credential, return_authenticator,
707 &creds);
708 NT_STATUS_NOT_OK_RETURN(nt_status);
709
710 ZERO_STRUCT(r2);
711
712 r2.in.server_name = r->in.server_name;
713 r2.in.computer_name = r->in.computer_name;
714 r2.in.logon_level = r->in.logon_level;
715 r2.in.logon = r->in.logon;
716 r2.in.validation_level = r->in.validation_level;
717 r2.in.flags = r->in.flags;
718 r2.out.validation = r->out.validation;
719 r2.out.authoritative = r->out.authoritative;
720 r2.out.flags = r->out.flags;
721
722 nt_status = dcesrv_netr_LogonSamLogon_base(dce_call, mem_ctx, &r2, creds);
723
724 r->out.return_authenticator = return_authenticator;
725
726 return nt_status;
727 }
728
729 /*
730 netr_LogonSamLogon
731 */
732 static NTSTATUS dcesrv_netr_LogonSamLogon(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
733 struct netr_LogonSamLogon *r)
734 {
735 struct netr_LogonSamLogonWithFlags r2;
736 uint32_t flags = 0;
737 NTSTATUS status;
738
739 ZERO_STRUCT(r2);
740
741 r2.in.server_name = r->in.server_name;
742 r2.in.computer_name = r->in.computer_name;
743 r2.in.credential = r->in.credential;
744 r2.in.return_authenticator = r->in.return_authenticator;
745 r2.in.logon_level = r->in.logon_level;
746 r2.in.logon = r->in.logon;
747 r2.in.validation_level = r->in.validation_level;
748 r2.in.flags = &flags;
749 r2.out.validation = r->out.validation;
750 r2.out.authoritative = r->out.authoritative;
751 r2.out.flags = &flags;
752
753 status = dcesrv_netr_LogonSamLogonWithFlags(dce_call, mem_ctx, &r2);
754
755 r->out.return_authenticator = r2.out.return_authenticator;
756
757 return status;
758 }
759
760
761 /*
762 netr_LogonSamLogoff
763 */
764 static NTSTATUS dcesrv_netr_LogonSamLogoff(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
765 struct netr_LogonSamLogoff *r)
766 {
767 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
768 }
769
770
771
772 /*
773 netr_DatabaseDeltas
774 */
775 static NTSTATUS dcesrv_netr_DatabaseDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
776 struct netr_DatabaseDeltas *r)
777 {
778 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
779 }
780
781
782 /*
783 netr_DatabaseSync2
784 */
785 static NTSTATUS dcesrv_netr_DatabaseSync2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
786 struct netr_DatabaseSync2 *r)
787 {
788 /* win2k3 native mode returns "NOT IMPLEMENTED" for this call */
789 return NT_STATUS_NOT_IMPLEMENTED;
790 }
791
792
793 /*
794 netr_DatabaseSync
795 */
796 static NTSTATUS dcesrv_netr_DatabaseSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
797 struct netr_DatabaseSync *r)
798 {
799 struct netr_DatabaseSync2 r2;
800 NTSTATUS status;
801
802 ZERO_STRUCT(r2);
803
804 r2.in.logon_server = r->in.logon_server;
805 r2.in.computername = r->in.computername;
806 r2.in.credential = r->in.credential;
807 r2.in.database_id = r->in.database_id;
808 r2.in.restart_state = SYNCSTATE_NORMAL_STATE;
809 r2.in.sync_context = r->in.sync_context;
810 r2.out.sync_context = r->out.sync_context;
811 r2.out.delta_enum_array = r->out.delta_enum_array;
812 r2.in.preferredmaximumlength = r->in.preferredmaximumlength;
813
814 status = dcesrv_netr_DatabaseSync2(dce_call, mem_ctx, &r2);
815
816 return status;
817 }
818
819
820 /*
821 netr_AccountDeltas
822 */
823 static NTSTATUS dcesrv_netr_AccountDeltas(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
824 struct netr_AccountDeltas *r)
825 {
826 /* w2k3 returns "NOT IMPLEMENTED" for this call */
827 return NT_STATUS_NOT_IMPLEMENTED;
828 }
829
830
831 /*
832 netr_AccountSync
833 */
834 static NTSTATUS dcesrv_netr_AccountSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
835 struct netr_AccountSync *r)
836 {
837 /* w2k3 returns "NOT IMPLEMENTED" for this call */
838 return NT_STATUS_NOT_IMPLEMENTED;
839 }
840
841
842 /*
843 netr_GetDcName
844 */
845 static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
846 struct netr_GetDcName *r)
847 {
848 const char * const attrs[] = { NULL };
849 struct ldb_context *sam_ctx;
850 struct ldb_message **res;
851 struct ldb_dn *domain_dn;
852 int ret;
853 const char *dcname;
854
855 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
856 dce_call->conn->dce_ctx->lp_ctx,
857 dce_call->conn->auth_state.session_info);
858 if (sam_ctx == NULL) {
859 return WERR_DS_UNAVAILABLE;
860 }
861
862 domain_dn = samdb_domain_to_dn(sam_ctx, mem_ctx,
863 r->in.domainname);
864 if (domain_dn == NULL) {
865 return WERR_DS_UNAVAILABLE;
866 }
867
868 ret = gendb_search_dn(sam_ctx, mem_ctx,
869 domain_dn, &res, attrs);
870 if (ret != 1) {
871 return WERR_NO_SUCH_DOMAIN;
872 }
873
874 /* TODO: - return real IP address
875 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
876 */
877 dcname = talloc_asprintf(mem_ctx, "\\\\%s",
878 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx));
879 W_ERROR_HAVE_NO_MEMORY(dcname);
880
881 *r->out.dcname = dcname;
882 return WERR_OK;
883 }
884
885
886 /*
887 netr_LogonControl2Ex
888 */
889 static WERROR dcesrv_netr_LogonControl2Ex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
890 struct netr_LogonControl2Ex *r)
891 {
892 return WERR_NOT_SUPPORTED;
893 }
894
895
896 /*
897 netr_LogonControl
898 */
899 static WERROR dcesrv_netr_LogonControl(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
900 struct netr_LogonControl *r)
901 {
902 struct netr_LogonControl2Ex r2;
903 WERROR werr;
904
905 if (r->in.level == 0x00000001) {
906 ZERO_STRUCT(r2);
907
908 r2.in.logon_server = r->in.logon_server;
909 r2.in.function_code = r->in.function_code;
910 r2.in.level = r->in.level;
911 r2.in.data = NULL;
912 r2.out.query = r->out.query;
913
914 werr = dcesrv_netr_LogonControl2Ex(dce_call, mem_ctx, &r2);
915 } else if (r->in.level == 0x00000002) {
916 werr = WERR_NOT_SUPPORTED;
917 } else {
918 werr = WERR_UNKNOWN_LEVEL;
919 }
920
921 return werr;
922 }
923
924
925 /*
926 netr_LogonControl2
927 */
928 static WERROR dcesrv_netr_LogonControl2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
929 struct netr_LogonControl2 *r)
930 {
931 struct netr_LogonControl2Ex r2;
932 WERROR werr;
933
934 ZERO_STRUCT(r2);
935
936 r2.in.logon_server = r->in.logon_server;
937 r2.in.function_code = r->in.function_code;
938 r2.in.level = r->in.level;
939 r2.in.data = r->in.data;
940 r2.out.query = r->out.query;
941
942 werr = dcesrv_netr_LogonControl2Ex(dce_call, mem_ctx, &r2);
943
944 return werr;
945 }
946
947
948 /*
949 netr_GetAnyDCName
950 */
951 static WERROR dcesrv_netr_GetAnyDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
952 struct netr_GetAnyDCName *r)
953 {
954 struct netr_GetDcName r2;
955 WERROR werr;
956
957 ZERO_STRUCT(r2);
958
959 r2.in.logon_server = r->in.logon_server;
960 r2.in.domainname = r->in.domainname;
961 r2.out.dcname = r->out.dcname;
962
963 werr = dcesrv_netr_GetDcName(dce_call, mem_ctx, &r2);
964
965 return werr;
966 }
967
968
969 /*
970 netr_DatabaseRedo
971 */
972 static NTSTATUS dcesrv_netr_DatabaseRedo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
973 struct netr_DatabaseRedo *r)
974 {
975 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
976 }
977
978
979 /*
980 netr_NetrEnumerateTurstedDomains
981 */
982 static WERROR dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
983 struct netr_NetrEnumerateTrustedDomains *r)
984 {
985 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
986 }
987
988
989 /*
990 netr_LogonGetCapabilities
991 */
992 static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
993 struct netr_LogonGetCapabilities *r)
994 {
995 /* we don't support AES yet */
996 return NT_STATUS_NOT_IMPLEMENTED;
997 }
998
999
1000 /*
1001 netr_NETRLOGONSETSERVICEBITS
1002 */
1003 static WERROR dcesrv_netr_NETRLOGONSETSERVICEBITS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1004 struct netr_NETRLOGONSETSERVICEBITS *r)
1005 {
1006 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1007 }
1008
1009
1010 /*
1011 netr_LogonGetTrustRid
1012 */
1013 static WERROR dcesrv_netr_LogonGetTrustRid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1014 struct netr_LogonGetTrustRid *r)
1015 {
1016 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1017 }
1018
1019
1020 /*
1021 netr_NETRLOGONCOMPUTESERVERDIGEST
1022 */
1023 static WERROR dcesrv_netr_NETRLOGONCOMPUTESERVERDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1024 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1025 {
1026 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1027 }
1028
1029
1030 /*
1031 netr_NETRLOGONCOMPUTECLIENTDIGEST
1032 */
1033 static WERROR dcesrv_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1034 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1035 {
1036 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1037 }
1038
1039
1040
1041 /*
1042 netr_DsRGetSiteName
1043 */
1044 static WERROR dcesrv_netr_DsRGetSiteName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1045 struct netr_DsRGetSiteName *r)
1046 {
1047 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1048 }
1049
1050
1051 /*
1052 fill in a netr_OneDomainInfo from a ldb search result
1053 */
1054 static NTSTATUS fill_one_domain_info(TALLOC_CTX *mem_ctx,
1055 struct loadparm_context *lp_ctx,
1056 struct ldb_context *sam_ctx,
1057 struct ldb_message *res,
1058 struct netr_OneDomainInfo *info,
1059 bool is_local, bool is_trust_list)
1060 {
1061 ZERO_STRUCTP(info);
1062
1063 if (is_trust_list) {
1064 /* w2k8 only fills this on trusted domains */
1065 info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
1066 info->trust_extension.length = 16;
1067 info->trust_extension.info->flags =
1068 NETR_TRUST_FLAG_TREEROOT |
1069 NETR_TRUST_FLAG_IN_FOREST |
1070 NETR_TRUST_FLAG_PRIMARY |
1071 NETR_TRUST_FLAG_NATIVE;
1072
1073 info->trust_extension.info->parent_index = 0; /* should be index into array
1074 of parent */
1075 info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
1076 info->trust_extension.info->trust_attributes = 0; /* TODO: base on ldb search? */
1077 }
1078
1079 if (is_trust_list) {
1080 /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
1081 info->dns_forestname.string = NULL;
1082 } else {
1083 char *p;
1084 /* TODO: we need a common function for pulling the forest */
1085 info->dns_forestname.string = ldb_dn_canonical_string(info, ldb_get_root_basedn(sam_ctx));
1086 if (!info->dns_forestname.string) {
1087 return NT_STATUS_NO_SUCH_DOMAIN;
1088 }
1089 p = strchr(info->dns_forestname.string, '/');
1090 if (p) {
1091 *p = '\0';
1092 }
1093 info->dns_forestname.string = talloc_asprintf(mem_ctx, "%s.", info->dns_forestname.string);
1094
1095 }
1096
1097 if (is_local) {
1098 info->domainname.string = lp_sam_name(lp_ctx);
1099 info->dns_domainname.string = lp_dnsdomain(lp_ctx);
1100 info->domain_guid = samdb_result_guid(res, "objectGUID");
1101 info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
1102 } else {
1103 info->domainname.string = samdb_result_string(res, "flatName", NULL);
1104 info->dns_domainname.string = samdb_result_string(res, "trustPartner", NULL);
1105 info->domain_guid = samdb_result_guid(res, "objectGUID");
1106 info->domain_sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
1107 }
1108 if (!is_trust_list) {
1109 info->dns_domainname.string = talloc_asprintf(mem_ctx, "%s.", info->dns_domainname.string);
1110 }
1111
1112 return NT_STATUS_OK;
1113 }
1114
1115 /*
1116 netr_LogonGetDomainInfo
1117 this is called as part of the ADS domain logon procedure.
1118
1119 It has an important role in convaying details about the client, such
1120 as Operating System, Version, Service Pack etc.
1121 */
1122 static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call,
1123 TALLOC_CTX *mem_ctx, struct netr_LogonGetDomainInfo *r)
1124 {
1125 struct netlogon_creds_CredentialState *creds;
1126 const char * const attrs[] = { "objectSid", "objectGUID", "flatName",
1127 "securityIdentifier", "trustPartner", NULL };
1128 const char * const attrs2[] = { "dNSHostName",
1129 "msDS-SupportedEncryptionTypes", NULL };
1130 const char *temp_str;
1131 const char *old_dns_hostname;
1132 struct ldb_context *sam_ctx;
1133 struct ldb_message **res1, **res2, **res3, *new_msg;
1134 struct ldb_dn *workstation_dn;
1135 struct netr_DomainInformation *domain_info;
1136 struct netr_LsaPolicyInformation *lsa_policy_info;
1137 struct netr_OsVersionInfoEx *os_version;
1138 uint32_t default_supported_enc_types = 0xFFFFFFFF;
1139 int ret1, ret2, ret3, i;
1140 NTSTATUS status;
1141
1142 status = dcesrv_netr_creds_server_step_check(dce_call,
1143 mem_ctx,
1144 r->in.computer_name,
1145 r->in.credential,
1146 r->out.return_authenticator,
1147 &creds);
1148 if (!NT_STATUS_IS_OK(status)) {
1149 DEBUG(0,(__location__ " Bad credentials - error\n"));
1150 }
1151 NT_STATUS_NOT_OK_RETURN(status);
1152
1153 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
1154 dce_call->conn->dce_ctx->lp_ctx,
1155 system_session(dce_call->conn->dce_ctx->lp_ctx));
1156 if (sam_ctx == NULL) {
1157 return NT_STATUS_INVALID_SYSTEM_SERVICE;
1158 }
1159
1160 switch (r->in.level) {
1161 case 1: /* Domain information */
1162
1163 /* TODO: check NTSTATUS results - and fail also on SAMDB
1164 * errors (needs some testing against Windows Server 2008) */
1165
1166 /*
1167 * Check that the computer name parameter matches as prefix with
1168 * the DNS hostname in the workstation info structure.
1169 */
1170 temp_str = strndup(r->in.query->workstation_info->dns_hostname,
1171 strcspn(r->in.query->workstation_info->dns_hostname,
1172 "."));
1173 if (strcasecmp(r->in.computer_name, temp_str) != 0)
1174 return NT_STATUS_INVALID_PARAMETER;
1175
1176 workstation_dn = ldb_dn_new_fmt(mem_ctx, sam_ctx, "<SID=%s>",
1177 dom_sid_string(mem_ctx, creds->sid));
1178 NT_STATUS_HAVE_NO_MEMORY(workstation_dn);
1179
1180 /* Lookup for attributes in workstation object */
1181 ret1 = gendb_search_dn(sam_ctx, mem_ctx, workstation_dn,
1182 &res1, attrs2);
1183 if (ret1 != 1) {
1184 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1185 }
1186
1187 /* Gets the old DNS hostname */
1188 old_dns_hostname = samdb_result_string(res1[0], "dNSHostName",
1189 NULL);
1190
1191 /* Gets host informations and put them in our directory */
1192 new_msg = ldb_msg_new(mem_ctx);
1193 NT_STATUS_HAVE_NO_MEMORY(new_msg);
1194
1195 new_msg->dn = workstation_dn;
1196
1197 /* Deletes old OS version values */
1198 samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
1199 "operatingSystemServicePack");
1200 samdb_msg_add_delete(sam_ctx, mem_ctx, new_msg,
1201 "operatingSystemVersion");
1202
1203 if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) {
1204 DEBUG(3,("Impossible to update samdb: %s\n",
1205 ldb_errstring(sam_ctx)));
1206 }
1207
1208 talloc_free(new_msg);
1209
1210 new_msg = ldb_msg_new(mem_ctx);
1211 NT_STATUS_HAVE_NO_MEMORY(new_msg);
1212
1213 new_msg->dn = workstation_dn;
1214
1215 /* Sets the OS name */
1216 samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
1217 "operatingSystem",
1218 r->in.query->workstation_info->os_name.string);
1219
1220 if (r->in.query->workstation_info->dns_hostname) {
1221 /* TODO: should this always be done? */
1222 samdb_msg_add_string(sam_ctx, mem_ctx, new_msg,
1223 "dNSHostname",
1224 r->in.query->workstation_info->dns_hostname);
1225 }
1226
1227 /*
1228 * Sets informations from "os_version". On a empty structure
1229 * the values are cleared.
1230 */
1231 if (r->in.query->workstation_info->os_version.os != NULL) {
1232 os_version = &r->in.query->workstation_info->os_version.os->os;
1233
1234 samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
1235 "operatingSystemServicePack",
1236 os_version->CSDVersion);
1237
1238 samdb_msg_set_string(sam_ctx, mem_ctx, new_msg,
1239 "operatingSystemVersion",
1240 talloc_asprintf(mem_ctx, "%d.%d (%d)",
1241 os_version->MajorVersion,
1242 os_version->MinorVersion,
1243 os_version->BuildNumber
1244 )
1245 );
1246 }
1247
1248 /*
1249 * Updates the "dNSHostname" and the "servicePrincipalName"s
1250 * since the client wishes that the server should handle this
1251 * for him ("NETR_WS_FLAG_HANDLES_SPN_UPDATE" not set).
1252 * See MS-NRPC section 3.5.4.3.9
1253 */
1254 if ((r->in.query->workstation_info->workstation_flags
1255 & NETR_WS_FLAG_HANDLES_SPN_UPDATE) == 0) {
1256
1257 samdb_msg_add_string(sam_ctx, mem_ctx, new_msg,
1258 "servicePrincipalName",
1259 talloc_asprintf(mem_ctx, "HOST/%s",
1260 r->in.computer_name)
1261 );
1262 samdb_msg_add_string(sam_ctx, mem_ctx, new_msg,
1263 "servicePrincipalName",
1264 talloc_asprintf(mem_ctx, "HOST/%s",
1265 r->in.query->workstation_info->dns_hostname)
1266 );
1267 }
1268
1269 if (samdb_replace(sam_ctx, mem_ctx, new_msg) != LDB_SUCCESS) {
1270 DEBUG(3,("Impossible to update samdb: %s\n",
1271 ldb_errstring(sam_ctx)));
1272 }
1273
1274 talloc_free(new_msg);
1275
1276 /* Writes back the domain information */
1277
1278 /* We need to do two searches. The first will pull our primary
1279 domain and the second will pull any trusted domains. Our
1280 primary domain is also a "trusted" domain, so we need to
1281 put the primary domain into the lists of returned trusts as
1282 well. */
1283 ret2 = gendb_search_dn(sam_ctx, mem_ctx, samdb_base_dn(sam_ctx),
1284 &res2, attrs);
1285 if (ret2 != 1) {
1286 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1287 }
1288
1289 ret3 = gendb_search(sam_ctx, mem_ctx, NULL, &res3, attrs,
1290 "(objectClass=trustedDomain)");
1291 if (ret3 == -1) {
1292 return NT_STATUS_INTERNAL_DB_CORRUPTION;
1293 }
1294
1295 domain_info = talloc(mem_ctx, struct netr_DomainInformation);
1296 NT_STATUS_HAVE_NO_MEMORY(domain_info);
1297
1298 ZERO_STRUCTP(domain_info);
1299
1300 /* Informations about the local and trusted domains */
1301
1302 status = fill_one_domain_info(mem_ctx,
1303 dce_call->conn->dce_ctx->lp_ctx,
1304 sam_ctx, res2[0], &domain_info->primary_domain,
1305 true, false);
1306 NT_STATUS_NOT_OK_RETURN(status);
1307
1308 domain_info->trusted_domain_count = ret3 + 1;
1309 domain_info->trusted_domains = talloc_array(mem_ctx,
1310 struct netr_OneDomainInfo,
1311 domain_info->trusted_domain_count);
1312 NT_STATUS_HAVE_NO_MEMORY(domain_info->trusted_domains);
1313
1314 for (i=0;i<ret3;i++) {
1315 status = fill_one_domain_info(mem_ctx,
1316 dce_call->conn->dce_ctx->lp_ctx,
1317 sam_ctx, res3[i],
1318 &domain_info->trusted_domains[i],
1319 false, true);
1320 NT_STATUS_NOT_OK_RETURN(status);
1321 }
1322
1323 status = fill_one_domain_info(mem_ctx,
1324 dce_call->conn->dce_ctx->lp_ctx, sam_ctx, res2[0],
1325 &domain_info->trusted_domains[i], true, true);
1326 NT_STATUS_NOT_OK_RETURN(status);
1327
1328 /* Sets the supported encryption types */
1329 domain_info->supported_enc_types = samdb_result_uint(res1[0],
1330 "msDS-SupportedEncryptionTypes",
1331 default_supported_enc_types);
1332
1333 /* Other host domain informations */
1334
1335 lsa_policy_info = talloc(mem_ctx,
1336 struct netr_LsaPolicyInformation);
1337 NT_STATUS_HAVE_NO_MEMORY(lsa_policy_info);
1338 ZERO_STRUCTP(lsa_policy_info);
1339
1340 domain_info->lsa_policy = *lsa_policy_info;
1341
1342 domain_info->dns_hostname.string = old_dns_hostname;
1343 domain_info->workstation_flags =
1344 r->in.query->workstation_info->workstation_flags;
1345
1346 r->out.info->domain_info = domain_info;
1347 break;
1348 case 2: /* LSA policy information - not used at the moment */
1349 lsa_policy_info = talloc(mem_ctx,
1350 struct netr_LsaPolicyInformation);
1351 NT_STATUS_HAVE_NO_MEMORY(lsa_policy_info);
1352 ZERO_STRUCTP(lsa_policy_info);
1353
1354 r->out.info->lsa_policy_info = lsa_policy_info;
1355 break;
1356 default:
1357 return NT_STATUS_INVALID_LEVEL;
1358 break;
1359 }
1360
1361 return NT_STATUS_OK;
1362 }
1363
1364
1365
1366 /*
1367 netr_ServerPasswordGet
1368 */
1369 static WERROR dcesrv_netr_ServerPasswordGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1370 struct netr_ServerPasswordGet *r)
1371 {
1372 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1373 }
1374
1375
1376 /*
1377 netr_NETRLOGONSENDTOSAM
1378 */
1379 static WERROR dcesrv_netr_NETRLOGONSENDTOSAM(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1380 struct netr_NETRLOGONSENDTOSAM *r)
1381 {
1382 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1383 }
1384
1385
1386 /*
1387 netr_DsRAddressToSitenamesW
1388 */
1389 static WERROR dcesrv_netr_DsRAddressToSitenamesW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1390 struct netr_DsRAddressToSitenamesW *r)
1391 {
1392 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1393 }
1394
1395
1396 /*
1397 netr_DsRGetDCNameEx2
1398 */
1399 static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1400 struct netr_DsRGetDCNameEx2 *r)
1401 {
1402 const char * const attrs[] = { "objectGUID", NULL };
1403 struct ldb_context *sam_ctx;
1404 struct ldb_message **res;
1405 struct ldb_dn *domain_dn;
1406 int ret;
1407 struct netr_DsRGetDCNameInfo *info;
1408
1409 ZERO_STRUCTP(r->out.info);
1410
1411 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1412 if (sam_ctx == NULL) {
1413 return WERR_DS_UNAVAILABLE;
1414 }
1415
1416 /* Win7-beta will send the domain name in the form the user typed, so we have to cope
1417 with both the short and long form here */
1418 if (r->in.domain_name != NULL && !lp_is_my_domain_or_realm(dce_call->conn->dce_ctx->lp_ctx,
1419 r->in.domain_name)) {
1420 return WERR_NO_SUCH_DOMAIN;
1421 }
1422
1423 domain_dn = ldb_get_default_basedn(sam_ctx);
1424 if (domain_dn == NULL) {
1425 return WERR_DS_UNAVAILABLE;
1426 }
1427
1428 ret = gendb_search_dn(sam_ctx, mem_ctx,
1429 domain_dn, &res, attrs);
1430 if (ret != 1) {
1431 }
1432
1433 info = talloc(mem_ctx, struct netr_DsRGetDCNameInfo);
1434 W_ERROR_HAVE_NO_MEMORY(info);
1435
1436 /* TODO: - return real IP address
1437 * - check all r->in.* parameters (server_unc is ignored by w2k3!)
1438 */
1439 info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s.%s",
1440 lp_netbios_name(dce_call->conn->dce_ctx->lp_ctx),
1441 lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx));
1442 W_ERROR_HAVE_NO_MEMORY(info->dc_unc);
1443 info->dc_address = talloc_strdup(mem_ctx, "\\\\0.0.0.0");
1444 W_ERROR_HAVE_NO_MEMORY(info->dc_address);
1445 info->dc_address_type = DS_ADDRESS_TYPE_INET;
1446 info->domain_guid = samdb_result_guid(res[0], "objectGUID");
1447 info->domain_name = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
1448 info->forest_name = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
1449 info->dc_flags = DS_DNS_FOREST_ROOT |
1450 DS_DNS_DOMAIN |
1451 DS_DNS_CONTROLLER |
1452 DS_SERVER_WRITABLE |
1453 DS_SERVER_CLOSEST |
1454 DS_SERVER_TIMESERV |
1455 DS_SERVER_KDC |
1456 DS_SERVER_DS |
1457 DS_SERVER_LDAP |
1458 DS_SERVER_GC |
1459 DS_SERVER_PDC;
1460 info->dc_site_name = samdb_server_site_name(sam_ctx, mem_ctx);
1461 W_ERROR_HAVE_NO_MEMORY(info->dc_site_name);
1462 /* FIXME: Hardcoded site name */
1463 info->client_site_name = talloc_strdup(mem_ctx, "Default-First-Site-Name");
1464 W_ERROR_HAVE_NO_MEMORY(info->client_site_name);
1465
1466 *r->out.info = info;
1467
1468 return WERR_OK;
1469 }
1470
1471 /*
1472 netr_DsRGetDCNameEx
1473 */
1474 static WERROR dcesrv_netr_DsRGetDCNameEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1475 struct netr_DsRGetDCNameEx *r)
1476 {
1477 struct netr_DsRGetDCNameEx2 r2;
1478 WERROR werr;
1479
1480 ZERO_STRUCT(r2);
1481
1482 r2.in.server_unc = r->in.server_unc;
1483 r2.in.client_account = NULL;
1484 r2.in.mask = 0;
1485 r2.in.domain_guid = r->in.domain_guid;
1486 r2.in.domain_name = r->in.domain_name;
1487 r2.in.site_name = r->in.site_name;
1488 r2.in.flags = r->in.flags;
1489 r2.out.info = r->out.info;
1490
1491 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1492
1493 return werr;
1494 }
1495
1496 /*
1497 netr_DsRGetDCName
1498 */
1499 static WERROR dcesrv_netr_DsRGetDCName(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1500 struct netr_DsRGetDCName *r)
1501 {
1502 struct netr_DsRGetDCNameEx2 r2;
1503 WERROR werr;
1504
1505 ZERO_STRUCT(r2);
1506
1507 r2.in.server_unc = r->in.server_unc;
1508 r2.in.client_account = NULL;
1509 r2.in.mask = 0;
1510 r2.in.domain_name = r->in.domain_name;
1511 r2.in.domain_guid = r->in.domain_guid;
1512
1513 r2.in.site_name = NULL; /* should fill in from site GUID */
1514 r2.in.flags = r->in.flags;
1515 r2.out.info = r->out.info;
1516
1517 werr = dcesrv_netr_DsRGetDCNameEx2(dce_call, mem_ctx, &r2);
1518
1519 return werr;
1520 }
1521 /*
1522 netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
1523 */
1524 static WERROR dcesrv_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1525 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1526 {
1527 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1528 }
1529
1530
1531 /*
1532 netr_NetrEnumerateTrustedDomainsEx
1533 */
1534 static WERROR dcesrv_netr_NetrEnumerateTrustedDomainsEx(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1535 struct netr_NetrEnumerateTrustedDomainsEx *r)
1536 {
1537 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1538 }
1539
1540
1541 /*
1542 netr_DsRAddressToSitenamesExW
1543 */
1544 static WERROR dcesrv_netr_DsRAddressToSitenamesExW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1545 struct netr_DsRAddressToSitenamesExW *r)
1546 {
1547 struct netr_DsRAddressToSitenamesExWCtr *ctr;
1548 int i;
1549
1550 /* we should map the provided IPs to site names, once we have
1551 * sites support
1552 */
1553 ctr = talloc(mem_ctx, struct netr_DsRAddressToSitenamesExWCtr);
1554 W_ERROR_HAVE_NO_MEMORY(ctr);
1555
1556 *r->out.ctr = ctr;
1557
1558 ctr->count = r->in.count;
1559 ctr->sitename = talloc_array(ctr, struct lsa_String, ctr->count);
1560 W_ERROR_HAVE_NO_MEMORY(ctr->sitename);
1561 ctr->subnetname = talloc_array(ctr, struct lsa_String, ctr->count);
1562 W_ERROR_HAVE_NO_MEMORY(ctr->subnetname);
1563
1564 for (i=0; i<ctr->count; i++) {
1565 /* FIXME: Hardcoded site name */
1566 ctr->sitename[i].string = "Default-First-Site-Name";
1567 ctr->subnetname[i].string = NULL;
1568 }
1569
1570 return WERR_OK;
1571 }
1572
1573
1574 /*
1575 netr_DsrGetDcSiteCoverageW
1576 */
1577 static WERROR dcesrv_netr_DsrGetDcSiteCoverageW(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1578 struct netr_DsrGetDcSiteCoverageW *r)
1579 {
1580 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1581 }
1582
1583
1584 /*
1585 netr_DsrEnumerateDomainTrusts
1586 */
1587 static WERROR dcesrv_netr_DsrEnumerateDomainTrusts(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1588 struct netr_DsrEnumerateDomainTrusts *r)
1589 {
1590 struct netr_DomainTrustList *trusts;
1591 struct ldb_context *sam_ctx;
1592 int ret;
1593 struct ldb_message **dom_res;
1594 const char * const dom_attrs[] = { "objectSid", "objectGUID", NULL };
1595
1596 ZERO_STRUCT(r->out);
1597
1598 sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
1599 if (sam_ctx == NULL) {
1600 return WERR_GENERAL_FAILURE;
1601 }
1602
1603 ret = gendb_search_dn(sam_ctx, mem_ctx, NULL,
1604 &dom_res, dom_attrs);
1605 if (ret == -1) {
1606 return WERR_GENERAL_FAILURE;
1607 }
1608 if (ret != 1) {
1609 return WERR_GENERAL_FAILURE;
1610 }
1611
1612 trusts = talloc(mem_ctx, struct netr_DomainTrustList);
1613 W_ERROR_HAVE_NO_MEMORY(trusts);
1614
1615 trusts->array = talloc_array(trusts, struct netr_DomainTrust, ret);
1616 W_ERROR_HAVE_NO_MEMORY(trusts->array);
1617
1618 trusts->count = 1; /* ?? */
1619
1620 r->out.trusts = trusts;
1621
1622 /* TODO: add filtering by trust_flags, and correct trust_type
1623 and attributes */
1624 trusts->array[0].netbios_name = lp_sam_name(dce_call->conn->dce_ctx->lp_ctx);
1625 trusts->array[0].dns_name = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
1626 trusts->array[0].trust_flags =
1627 NETR_TRUST_FLAG_TREEROOT |
1628 NETR_TRUST_FLAG_IN_FOREST |
1629 NETR_TRUST_FLAG_PRIMARY;
1630 trusts->array[0].parent_index = 0;
1631 trusts->array[0].trust_type = 2;
1632 trusts->array[0].trust_attributes = 0;
1633 trusts->array[0].sid = samdb_result_dom_sid(mem_ctx, dom_res[0], "objectSid");
1634 trusts->array[0].guid = samdb_result_guid(dom_res[0], "objectGUID");
1635
1636 return WERR_OK;
1637 }
1638
1639
1640 /*
1641 netr_DsrDeregisterDNSHostRecords
1642 */
1643 static WERROR dcesrv_netr_DsrDeregisterDNSHostRecords(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1644 struct netr_DsrDeregisterDNSHostRecords *r)
1645 {
1646 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1647 }
1648
1649
1650 /*
1651 netr_ServerTrustPasswordsGet
1652 */
1653 static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1654 struct netr_ServerTrustPasswordsGet *r)
1655 {
1656 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1657 }
1658
1659
1660 /*
1661 netr_DsRGetForestTrustInformation
1662 */
1663 static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1664 struct netr_DsRGetForestTrustInformation *r)
1665 {
1666 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1667 }
1668
1669
1670 /*
1671 netr_GetForestTrustInformation
1672 */
1673 static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1674 struct netr_GetForestTrustInformation *r)
1675 {
1676 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1677 }
1678
1679
1680 /*
1681 netr_ServerGetTrustInfo
1682 */
1683 static NTSTATUS dcesrv_netr_ServerGetTrustInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
1684 struct netr_ServerGetTrustInfo *r)
1685 {
1686 DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
1687 }
1688
1689
1690 /* include the generated boilerplate */
1691 #include "librpc/gen_ndr/ndr_netlogon_s.c"
Crístian's Samba branch