2 Unix SMB/CIFS implementation.
4 Do a netr_DsrUpdateReadOnlyServerDnsRecords to a remote DC
6 Copyright (C) Andrew Bartlett 2010
7 Copyright (C) Andrew Tridgell 2010
9 based heavily on wb_sam_logon.c which is copyright:
11 Copyright (C) Volker Lendecke 2005
12 Copyright (C) Andrew Bartlett 2005
13 Copyright (C) Stefan Metzmacher 2006
15 This program is free software; you can redistribute it and/or modify
16 it under the terms of the GNU General Public License as published by
17 the Free Software Foundation; either version 3 of the License, or
18 (at your option) any later version.
20 This program is distributed in the hope that it will be useful,
21 but WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 GNU General Public License for more details.
25 You should have received a copy of the GNU General Public License
26 along with this program. If not, see <http://www.gnu.org/licenses/>.
31 #include "../lib/util/tevent_ntstatus.h"
32 #include "libcli/composite/composite.h"
33 #include "winbind/wb_server.h"
34 #include "smbd/service_task.h"
35 #include "auth/credentials/credentials.h"
36 #include "libcli/auth/libcli_auth.h"
37 #include "librpc/gen_ndr/ndr_netlogon_c.h"
38 #include "librpc/gen_ndr/winbind.h"
40 struct wb_update_rodc_dns_state
{
41 struct tevent_context
*ev
;
43 struct winbind_DsrUpdateReadOnlyServerDnsRecords
*req
;
45 struct netlogon_creds_CredentialState
*creds_state
;
46 struct netr_Authenticator auth1
, auth2
;
48 TALLOC_CTX
*r_mem_ctx
;
49 struct netr_DsrUpdateReadOnlyServerDnsRecords r
;
52 static void wb_update_rodc_dns_recv_domain(struct composite_context
*csubreq
);
53 static void wb_update_rodc_dns_recv_response(struct tevent_req
*subreq
);
56 Find the connection to the DC (or find an existing connection)
58 struct tevent_req
*wb_update_rodc_dns_send(TALLOC_CTX
*mem_ctx
,
59 struct tevent_context
*ev
,
60 struct wbsrv_service
*service
,
61 struct winbind_DsrUpdateReadOnlyServerDnsRecords
*_req
)
63 struct tevent_req
*req
;
64 struct wb_update_rodc_dns_state
*state
;
65 struct composite_context
*csubreq
;
67 req
= tevent_req_create(mem_ctx
, &state
,
68 struct wb_update_rodc_dns_state
);
75 csubreq
= wb_sid2domain_send(state
, service
, service
->primary_sid
);
76 if (tevent_req_nomem(csubreq
, req
)) {
77 return tevent_req_post(req
, ev
);
79 csubreq
->async
.fn
= wb_update_rodc_dns_recv_domain
;
80 csubreq
->async
.private_data
= req
;
86 Having finished making the connection to the DC
87 Send of a DsrUpdateReadOnlyServerDnsRecords request to authenticate a user.
89 static void wb_update_rodc_dns_recv_domain(struct composite_context
*csubreq
)
91 struct tevent_req
*req
=
92 talloc_get_type_abort(csubreq
->async
.private_data
,
94 struct wb_update_rodc_dns_state
*state
=
96 struct wb_update_rodc_dns_state
);
98 struct wbsrv_domain
*domain
;
99 struct tevent_req
*subreq
;
101 status
= wb_sid2domain_recv(csubreq
, &domain
);
102 if (tevent_req_nterror(req
, status
)) {
106 state
->creds_state
= cli_credentials_get_netlogon_creds(domain
->libnet_ctx
->cred
);
107 netlogon_creds_client_authenticator(state
->creds_state
, &state
->auth1
);
109 state
->r
.in
.server_name
= talloc_asprintf(state
, "\\\\%s",
110 dcerpc_server_name(domain
->netlogon_pipe
));
111 if (tevent_req_nomem(state
->r
.in
.server_name
, req
)) {
115 state
->r
.in
.computer_name
= cli_credentials_get_workstation(domain
->libnet_ctx
->cred
);
116 state
->r
.in
.credential
= &state
->auth1
;
117 state
->r
.out
.return_authenticator
= &state
->auth2
;
118 state
->r
.in
.site_name
= state
->req
->in
.site_name
;
119 state
->r
.in
.dns_ttl
= state
->req
->in
.dns_ttl
;
120 state
->r
.in
.dns_names
= state
->req
->in
.dns_names
;
121 state
->r
.out
.dns_names
= state
->req
->in
.dns_names
;
124 * use a new talloc context for the DsrUpdateReadOnlyServerDnsRecords call
125 * because then we can just to a talloc_steal on this context
126 * in the final _recv() function to give the caller all the content of
127 * the s->r.out.dns_names
129 state
->r_mem_ctx
= talloc_new(state
);
130 if (tevent_req_nomem(state
->r_mem_ctx
, req
)) {
134 subreq
= dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords_r_send(state
,
136 domain
->netlogon_pipe
->binding_handle
,
138 if (tevent_req_nomem(subreq
, req
)) {
141 tevent_req_set_callback(subreq
, wb_update_rodc_dns_recv_response
, req
);
147 Check the DsrUpdateReadOnlyServerDnsRecords reply and decrypt the session keys
149 static void wb_update_rodc_dns_recv_response(struct tevent_req
*subreq
)
151 struct tevent_req
*req
=
152 tevent_req_callback_data(subreq
,
154 struct wb_update_rodc_dns_state
*state
=
156 struct wb_update_rodc_dns_state
);
160 status
= dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords_r_recv(subreq
,
163 if (tevent_req_nterror(req
, status
)) {
167 if (tevent_req_nterror(req
, state
->r
.out
.result
)) {
171 if (state
->r
.out
.return_authenticator
== NULL
) {
172 tevent_req_nterror(req
, NT_STATUS_ACCESS_DENIED
);
176 ok
= netlogon_creds_client_check(state
->creds_state
,
177 &state
->r
.out
.return_authenticator
->cred
);
179 DEBUG(0, ("Credentials check failed!\n"));
180 tevent_req_nterror(req
, NT_STATUS_ACCESS_DENIED
);
184 tevent_req_done(req
);
187 NTSTATUS
wb_update_rodc_dns_recv(struct tevent_req
*req
,
189 struct winbind_DsrUpdateReadOnlyServerDnsRecords
*_req
)
191 struct wb_update_rodc_dns_state
*state
=
193 struct wb_update_rodc_dns_state
);
196 if (tevent_req_is_nterror(req
, &status
)) {
197 tevent_req_received(req
);
201 talloc_steal(mem_ctx
, state
->r_mem_ctx
);
202 _req
->out
.dns_names
= state
->r
.out
.dns_names
;
204 tevent_req_received(req
);