2 Unix SMB/CIFS implementation.
3 NBT netbios routines and daemon - version 2
4 Copyright (C) Andrew Tridgell 1994-1998
5 Copyright (C) Luke Kenneth Casson Leighton 1994-1998
6 Copyright (C) Jeremy Allison 1994-1998
7 Copyright (C) Jim McDonough 2002
8 Copyright (C) Anthony Liguori 2002
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
30 struct sam_database_info
{
32 uint32 serial_lo
, serial_hi
;
33 uint32 date_lo
, date_hi
;
36 /****************************************************************************
37 Send a message to smbd to do a sam delta sync
38 **************************************************************************/
39 static void send_repl_message(uint32 low_serial
)
43 tdb
= tdb_open_log(lock_path("connections.tdb"), 0,
44 TDB_DEFAULT
, O_RDONLY
, 0);
47 DEBUG(3, ("send_repl_message(): failed to open connections "
52 DEBUG(3, ("sending replication message, serial = 0x%04x\n",
55 message_send_all(tdb
, MSG_SMB_SAM_REPL
, &low_serial
,
56 sizeof(low_serial
), False
, NULL
);
61 /****************************************************************************
62 Process a domain logon packet
63 **************************************************************************/
65 void process_logon_packet(struct packet_struct
*p
,char *buf
,int len
,
68 struct dgram_packet
*dgram
= &p
->packet
.dgram
;
78 BOOL short_request
= False
;
80 char *uniuser
; /* Unicode user name. */
82 char *unicomp
; /* Unicode computer name. */
84 memset(outbuf
, 0, sizeof(outbuf
));
86 if (!lp_domain_logons())
88 DEBUG(3,("process_logon_packet: Logon packet received from IP %s and domain \
89 logons are not enabled.\n", inet_ntoa(p
->ip
) ));
93 pstrcpy(my_name
, global_myname());
96 DEBUG(1,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p
->ip
), code
));
104 char *user
= skip_string(machine
,1);
106 getdc
= skip_string(user
,1);
107 q
= skip_string(getdc
,1);
110 fstrcpy(reply_name
,my_name
);
112 DEBUG(3,("process_logon_packet: Domain login request from %s at IP %s user=%s token=%x\n",
113 machine
,inet_ntoa(p
->ip
),user
,token
));
119 fstrcpy(reply_name
, "\\\\");
120 fstrcat(reply_name
, my_name
);
121 fstrcpy(q
, reply_name
); q
= skip_string(q
, 1); /* PDC name */
126 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
128 send_mailslot(True
, getdc
,
129 outbuf
,PTR_DIFF(q
,outbuf
),
130 global_myname(), 0x0,
132 dgram
->source_name
.name_type
,
133 p
->ip
, *iface_ip(p
->ip
), p
->port
);
142 if (!lp_domain_master())
144 /* We're not Primary Domain Controller -- ignore this */
148 getdc
= skip_string(machine
,1);
149 q
= skip_string(getdc
,1);
152 /* at this point we can work out if this is a W9X or NT style
153 request. Experiments show that the difference is wether the
154 packet ends here. For a W9X request we now end with a pair of
155 bytes (usually 0xFE 0xFF) whereas with NT we have two further
156 strings - the following is a simple way of detecting this */
157 if (len
- PTR_DIFF(q
, buf
) <= 3) {
158 short_request
= True
;
162 /* A full length (NT style) request */
163 q
= skip_unibuf(unicomp
, PTR_DIFF(buf
+ len
, unicomp
));
165 if (len
- PTR_DIFF(q
, buf
) > 8) {
166 /* with NT5 clients we can sometimes
167 get additional data - a length specificed string
168 containing the domain name, then 16 bytes of
169 data (no idea what it is) */
170 int dom_len
= CVAL(q
, 0);
177 ntversion
= IVAL(q
, 0);
178 lmnttoken
= SVAL(q
, 4);
179 lm20token
= SVAL(q
, 6);
182 /* Construct reply. */
184 SSVAL(q
, 0, QUERYFORPDC_R
);
187 fstrcpy(reply_name
,my_name
);
188 fstrcpy(q
, reply_name
);
189 q
= skip_string(q
, 1); /* PDC name */
191 /* PDC and domain name */
192 if (!short_request
) /* Make a full reply */
194 q
= ALIGN2(q
, outbuf
);
196 q
+= dos_PutUniCode(q
, my_name
, sizeof(pstring
), True
); /* PDC name */
197 q
+= dos_PutUniCode(q
, lp_workgroup(),sizeof(pstring
), True
); /* Domain name*/
198 SIVAL(q
, 0, 1); /* our nt version */
199 SSVAL(q
, 4, 0xffff); /* our lmnttoken */
200 SSVAL(q
, 6, 0xffff); /* our lm20token */
204 /* RJS, 21-Feb-2000, we send a short reply if the request was short */
206 DEBUG(3,("process_logon_packet: GETDC request from %s at IP %s, \
207 reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
208 machine
,inet_ntoa(p
->ip
), reply_name
, lp_workgroup(),
209 QUERYFORPDC_R
, (uint32
)ntversion
, (uint32
)lmnttoken
,
210 (uint32
)lm20token
));
212 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
214 send_mailslot(True
, getdc
,
215 outbuf
,PTR_DIFF(q
,outbuf
),
216 global_myname(), 0x0,
217 dgram
->source_name
.name
,
218 dgram
->source_name
.name_type
,
219 p
->ip
, *iface_ip(p
->ip
), p
->port
);
230 uniuser
= skip_unibuf(unicomp
, PTR_DIFF(buf
+len
, unicomp
));
231 getdc
= skip_unibuf(uniuser
,PTR_DIFF(buf
+len
, uniuser
));
232 q
= skip_string(getdc
,1);
233 q
+= 4; /* Account Control Bits - indicating username type */
234 domainsidsize
= IVAL(q
, 0);
237 DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize
, len
));
239 if (domainsidsize
< (len
- PTR_DIFF(q
, buf
)) && (domainsidsize
!= 0)) {
244 DEBUG(3,("process_logon_packet: len = %d PTR_DIFF(q, buf) = %d\n", len
, PTR_DIFF(q
, buf
) ));
246 if (len
- PTR_DIFF(q
, buf
) > 8) {
247 /* with NT5 clients we can sometimes
248 get additional data - a length specificed string
249 containing the domain name, then 16 bytes of
250 data (no idea what it is) */
251 int dom_len
= CVAL(q
, 0);
253 if (dom_len
< (len
- PTR_DIFF(q
, buf
)) && (dom_len
!= 0)) {
259 ntversion
= IVAL(q
, 0);
260 lmnttoken
= SVAL(q
, 4);
261 lm20token
= SVAL(q
, 6);
264 DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize
, ntversion
));
267 * we respond regadless of whether the machine is in our password
268 * database. If it isn't then we let smbd send an appropriate error.
269 * Let's ignore the SID.
271 pull_ucs2_pstring(ascuser
, uniuser
);
272 pull_ucs2_fstring(asccomp
, unicomp
);
273 DEBUG(3,("process_logon_packet: SAMLOGON user %s\n", ascuser
));
275 fstrcpy(reply_name
,"\\\\"); /* Here it wants \\LOGONSERVER. */
276 fstrcpy(reply_name
+2,my_name
);
278 DEBUG(3,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n",
279 asccomp
,inet_ntoa(p
->ip
), ascuser
, reply_name
, lp_workgroup(),
280 SAMLOGON_R
,lmnttoken
));
282 /* Construct reply. */
285 /* we want the simple version unless we are an ADS PDC..which means */
286 /* never, at least for now */
287 if ((ntversion
< 11) || (SEC_ADS
!= lp_security()) || (ROLE_DOMAIN_PDC
!= lp_server_role())) {
288 if (SVAL(uniuser
, 0) == 0) {
289 SSVAL(q
, 0, SAMLOGON_UNK_R
); /* user unknown */
291 SSVAL(q
, 0, SAMLOGON_R
);
296 q
+= dos_PutUniCode(q
, reply_name
,sizeof(pstring
), True
);
297 q
+= dos_PutUniCode(q
, ascuser
, sizeof(pstring
), True
);
298 q
+= dos_PutUniCode(q
, lp_workgroup(),sizeof(pstring
), True
);
305 char *component
, *dc
, *q1
;
308 get_mydomname(domain
);
309 get_myname(hostname
);
311 if (SVAL(uniuser
, 0) == 0) {
312 SSVAL(q
, 0, SAMLOGON_AD_UNK_R
); /* user unknown */
314 SSVAL(q
, 0, SAMLOGON_AD_R
);
320 SIVAL(q
, 0, ADS_PDC
|ADS_GC
|ADS_LDAP
|ADS_DS
|
321 ADS_KDC
|ADS_TIMESERV
|ADS_CLOSEST
|ADS_WRITABLE
);
324 /* Push Domain GUID */
325 if (False
== secrets_fetch_domain_guid(domain
, &domain_guid
)) {
326 DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain
));
329 memcpy(q
, &domain_guid
, sizeof(domain_guid
));
330 q
+= sizeof(domain_guid
);
332 /* Push domain components */
335 while ((component
= strtok(dc
, "."))) {
337 size
= push_ascii(&q
[1], component
, -1, 0);
342 SSVAL(q
, 0, 0x18c0); /* not sure what this is for, but */
343 q
+= 2; /* it must follow the domain name. */
345 /* Push dns host name */
346 size
= push_ascii(&q
[1], hostname
, -1, 0);
349 SSVAL(q
, 0, 0x18c0); /* not sure what this is for, but */
350 q
+= 2; /* it must follow the domain name. */
352 /* Push NETBIOS of domain */
353 size
= push_ascii(&q
[1], lp_workgroup(), -1, STR_UPPER
);
356 SCVAL(q
, 0, 0); q
++; /* is this a null terminator or empty field */
357 /* null terminator would not be needed because size is included */
359 /* Push NETBIOS of hostname */
360 size
= push_ascii(&q
[1], my_name
, -1, 0);
363 SCVAL(q
, 0, 0); q
++; /* null terminator or empty field? */
365 /* Push user account */
366 size
= push_ascii(&q
[1], ascuser
, -1, 0);
370 /* Push 'Default-First-Site-Name' */
371 size
= push_ascii(&q
[1], "Default-First-Site-Name", -1, 0);
375 SSVAL(q
, 0, 0xc000); /* unknown */
376 SCVAL(q
, 2, PTR_DIFF(q
,q1
));
377 SCVAL(q
, 3, 0x10); /* unknown */
380 SIVAL(q
, 0, 0x00000002); q
+= 4; /* unknown */
381 SIVAL(q
, 0, (iface_ip(p
->ip
))->s_addr
); q
+= 4;
382 SIVAL(q
, 0, 0x00000000); q
+= 4; /* unknown */
383 SIVAL(q
, 0, 0x00000000); q
+= 4; /* unknown */
387 /* tell the client what version we are */
388 SIVAL(q
, 0, ((ntversion
< 11) || (SEC_ADS
!= lp_security())) ? 1 : 13);
390 SSVAL(q
, 4, 0xffff); /* our lmnttoken */
391 SSVAL(q
, 6, 0xffff); /* our lm20token */
394 dump_data(4, outbuf
, PTR_DIFF(q
, outbuf
));
396 send_mailslot(True
, getdc
,
397 outbuf
,PTR_DIFF(q
,outbuf
),
398 global_myname(), 0x0,
399 dgram
->source_name
.name
,
400 dgram
->source_name
.name_type
,
401 p
->ip
, *iface_ip(p
->ip
), p
->port
);
405 /* Announce change to UAS or SAM. Send by the domain controller when a
406 replication event is required. */
408 case SAM_UAS_CHANGE
: {
409 struct sam_database_info
*db_info
;
416 low_serial
= IVAL(q
, 0); q
+= 4; /* Low serial number */
418 q
+= 4; /* Date/time */
424 q
= skip_string(q
, 1); /* PDC name */
425 q
= skip_string(q
, 1); /* Domain name */
426 q
= skip_unibuf(q
, PTR_DIFF(buf
+ len
, q
)); /* Unicode PDC name */
427 q
= skip_unibuf(q
, PTR_DIFF(buf
+ len
, q
)); /* Unicode domain name */
431 db_count
= SVAL(q
, 0); q
+= 2;
433 db_info
= (struct sam_database_info
*)
434 malloc(sizeof(struct sam_database_info
) * db_count
);
436 if (db_info
== NULL
) {
437 DEBUG(3, ("out of memory allocating info for %d databases\n",
442 for (i
= 0; i
< db_count
; i
++) {
443 db_info
[i
].index
= IVAL(q
, 0);
444 db_info
[i
].serial_lo
= IVAL(q
, 4);
445 db_info
[i
].serial_hi
= IVAL(q
, 8);
446 db_info
[i
].date_lo
= IVAL(q
, 12);
447 db_info
[i
].date_hi
= IVAL(q
, 16);
453 q
+= IVAL(q
, 0) + 4; /* 4 byte length plus data */
455 q
+= 2; /* Alignment? */
457 /* Misc other info */
459 q
+= 4; /* NT version (0x1) */
460 q
+= 2; /* LMNT token (0xff) */
461 q
+= 2; /* LM20 token (0xff) */
463 SAFE_FREE(db_info
); /* Not sure whether we need to do anything
466 /* Send message to smbd */
468 send_repl_message(low_serial
);
475 DEBUG(3,("process_logon_packet: Unknown domain request %d\n",code
));