2005-05-12 12:28:07 +04:00
/*
Unix SMB / CIFS implementation .
CLDAP server - netlogon handling
Copyright ( C ) Andrew Tridgell 2005
2008-05-17 06:41:42 +04:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2008
2005-05-12 12:28:07 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2005-05-12 12:28:07 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-05-12 12:28:07 +04:00
*/
# include "includes.h"
2006-06-15 03:32:19 +04:00
# include "lib/ldb/include/ldb.h"
# include "lib/ldb/include/ldb_errors.h"
2005-05-12 12:28:07 +04:00
# include "lib/events/events.h"
# include "smbd/service_task.h"
# include "cldap_server/cldap_server.h"
2006-03-18 18:42:57 +03:00
# include "librpc/gen_ndr/ndr_misc.h"
2008-04-14 13:54:50 +04:00
# include "libcli/ldap/ldap_ndr.h"
2008-05-17 06:41:42 +04:00
# include "libcli/security/security.h"
2005-12-28 18:38:36 +03:00
# include "dsdb/samdb/samdb.h"
# include "auth/auth.h"
2007-11-16 22:12:00 +03:00
# include "ldb_wrap.h"
2006-03-07 14:07:23 +03:00
# include "system/network.h"
2006-08-17 17:37:04 +04:00
# include "lib/socket/netif.h"
2007-09-08 16:42:09 +04:00
# include "param/param.h"
2009-02-13 15:13:54 +03:00
# include "../lib/tsocket/tsocket.h"
2005-05-12 12:28:07 +04:00
/*
fill in the cldap netlogon union for a given version
*/
2008-05-17 06:41:42 +04:00
NTSTATUS fill_netlogon_samlogon_response ( struct ldb_context * sam_ctx ,
TALLOC_CTX * mem_ctx ,
const char * domain ,
2008-05-17 14:53:29 +04:00
const char * netbios_domain ,
2008-05-17 06:41:42 +04:00
struct dom_sid * domain_sid ,
const char * domain_guid ,
const char * user ,
2008-05-21 06:37:36 +04:00
uint32_t acct_control ,
2008-05-17 06:41:42 +04:00
const char * src_address ,
uint32_t version ,
struct loadparm_context * lp_ctx ,
struct netlogon_samlogon_response * netlogon )
2005-05-12 12:28:07 +04:00
{
2006-08-19 02:20:13 +04:00
const char * dom_attrs [ ] = { " objectGUID " , NULL } ;
2008-05-21 06:37:36 +04:00
const char * none_attrs [ ] = { NULL } ;
2009-05-26 06:31:39 +04:00
struct ldb_result * dom_res = NULL , * user_res = NULL ;
2007-11-14 00:30:33 +03:00
int ret ;
2007-12-02 18:20:25 +03:00
const char * * services = lp_server_services ( lp_ctx ) ;
2005-05-12 12:28:07 +04:00
uint32_t server_type ;
const char * pdc_name ;
struct GUID domain_uuid ;
const char * dns_domain ;
const char * pdc_dns_name ;
const char * flatname ;
2006-11-13 22:12:47 +03:00
const char * server_site ;
const char * client_site ;
2005-05-12 12:28:07 +04:00
const char * pdc_ip ;
2009-05-26 06:31:39 +04:00
struct ldb_dn * domain_dn = NULL ;
2007-12-12 00:23:14 +03:00
struct interface * ifaces ;
2008-05-21 06:37:36 +04:00
bool user_known ;
2008-08-21 10:09:42 +04:00
NTSTATUS status ;
2005-05-12 12:28:07 +04:00
2005-05-12 13:03:14 +04:00
/* the domain has an optional trailing . */
2005-05-16 15:17:57 +04:00
if ( domain & & domain [ strlen ( domain ) - 1 ] = = ' . ' ) {
2005-05-12 13:03:14 +04:00
domain = talloc_strndup ( mem_ctx , domain , strlen ( domain ) - 1 ) ;
}
2009-10-12 21:09:18 +04:00
if ( domain & & strcasecmp_m ( domain , lp_dnsdomain ( lp_ctx ) ) = = 0 ) {
2009-05-26 06:31:39 +04:00
domain_dn = ldb_get_default_basedn ( sam_ctx ) ;
2006-06-15 03:32:19 +04:00
}
2009-05-26 06:31:39 +04:00
if ( netbios_domain & & strcasecmp_m ( domain , lp_sam_name ( lp_ctx ) ) ) {
domain_dn = ldb_get_default_basedn ( sam_ctx ) ;
}
2008-05-17 14:53:29 +04:00
2009-05-26 06:31:39 +04:00
if ( domain_dn ) {
ret = ldb_search ( sam_ctx , mem_ctx , & dom_res ,
domain_dn , LDB_SCOPE_BASE , dom_attrs ,
" objectClass=domain " ) ;
2008-05-17 14:53:29 +04:00
if ( ret ! = LDB_SUCCESS ) {
2009-05-26 06:31:39 +04:00
DEBUG ( 2 , ( " Error finding domain '%s'/'%s' in sam: %s \n " , domain , ldb_dn_get_linearized ( domain_dn ) , ldb_errstring ( sam_ctx ) ) ) ;
2008-05-17 14:53:29 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
2009-05-26 06:31:39 +04:00
}
if ( dom_res - > count ! = 1 ) {
DEBUG ( 2 , ( " Error finding domain '%s'/'%s' in sam \n " , domain , ldb_dn_get_linearized ( domain_dn ) ) ) ;
2008-05-17 14:53:29 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
}
2008-05-17 06:41:42 +04:00
if ( ( dom_res = = NULL | | dom_res - > count = = 0 ) & & ( domain_guid | | domain_sid ) ) {
2007-11-14 00:30:33 +03:00
2008-05-17 06:41:42 +04:00
if ( domain_guid ) {
2008-08-21 10:09:42 +04:00
struct GUID binary_guid ;
struct ldb_val guid_val ;
enum ndr_err_code ndr_err ;
/* By this means, we ensure we don't have funny stuff in the GUID */
status = GUID_from_string ( domain_guid , & binary_guid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
/* And this gets the result into the binary format we want anyway */
ndr_err = ndr_push_struct_blob ( & guid_val , mem_ctx , NULL , & binary_guid ,
( ndr_push_flags_fn_t ) ndr_push_GUID ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2008-09-23 22:30:06 +04:00
ret = ldb_search ( sam_ctx , mem_ctx , & dom_res ,
2008-05-17 06:41:42 +04:00
NULL , LDB_SCOPE_SUBTREE ,
dom_attrs ,
2008-08-22 14:50:07 +04:00
" (&(objectCategory=DomainDNS)(objectGUID=%s)) " ,
2008-08-21 10:09:42 +04:00
ldb_binary_encode ( mem_ctx , guid_val ) ) ;
2008-05-17 06:41:42 +04:00
} else { /* domain_sid case */
2008-08-21 10:09:42 +04:00
struct dom_sid * sid ;
struct ldb_val sid_val ;
enum ndr_err_code ndr_err ;
/* Rather than go via the string, just push into the NDR form */
ndr_err = ndr_push_struct_blob ( & sid_val , mem_ctx , NULL , & sid ,
( ndr_push_flags_fn_t ) ndr_push_dom_sid ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2008-09-23 22:30:06 +04:00
ret = ldb_search ( sam_ctx , mem_ctx , & dom_res ,
2008-05-17 06:41:42 +04:00
NULL , LDB_SCOPE_SUBTREE ,
dom_attrs ,
2008-08-22 14:50:07 +04:00
" (&(objectCategory=DomainDNS)(objectSID=%s)) " ,
2008-08-21 10:09:42 +04:00
ldb_binary_encode ( mem_ctx , sid_val ) ) ;
2008-05-17 06:41:42 +04:00
}
2007-11-14 00:30:33 +03:00
if ( ret ! = LDB_SUCCESS ) {
2008-05-17 06:41:42 +04:00
DEBUG ( 2 , ( " Unable to find referece to GUID '%s' or SID %s in sam: %s \n " ,
domain_guid , dom_sid_string ( mem_ctx , domain_sid ) ,
ldb_errstring ( sam_ctx ) ) ) ;
2007-11-14 00:30:33 +03:00
return NT_STATUS_NO_SUCH_DOMAIN ;
} else if ( dom_res - > count = = 1 ) {
2009-05-26 06:31:39 +04:00
/* Ok, now just check it is our domain */
2007-11-14 00:30:33 +03:00
2009-05-26 06:31:39 +04:00
if ( ldb_dn_compare ( ldb_get_default_basedn ( sam_ctx ) , dom_res - > msgs [ 0 ] - > dn ) ! = 0 ) {
2006-06-15 03:32:19 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2007-11-14 00:30:33 +03:00
} else if ( dom_res - > count > 1 ) {
return NT_STATUS_NO_SUCH_DOMAIN ;
2006-06-15 03:32:19 +04:00
}
2005-05-12 12:28:07 +04:00
}
2008-05-21 06:37:36 +04:00
2007-11-14 00:30:33 +03:00
if ( ( dom_res = = NULL | | dom_res - > count = = 0 ) ) {
2006-06-15 03:32:19 +04:00
DEBUG ( 2 , ( " Unable to find domain with name %s or GUID {%s} \n " , domain , domain_guid ) ) ;
2005-08-03 22:30:21 +04:00
return NT_STATUS_NO_SUCH_DOMAIN ;
}
2008-05-21 06:37:36 +04:00
/* work around different inputs for not-specified users */
if ( ! user ) {
user = " " ;
}
/* Enquire about any valid username with just a CLDAP packet -
* if kerberos didn ' t also do this , the security folks would
* scream . . . */
if ( user [ 0 ] ) { \
/* Only allow some bits to be enquired: [MS-ATDS] 7.3.3.2 */
if ( acct_control = = ( uint32_t ) - 1 ) {
acct_control = 0 ;
}
acct_control = acct_control & ( ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST ) ;
/* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */
2008-09-23 22:30:06 +04:00
ret = ldb_search ( sam_ctx , mem_ctx , & user_res ,
2008-05-21 06:37:36 +04:00
dom_res - > msgs [ 0 ] - > dn , LDB_SCOPE_SUBTREE ,
none_attrs ,
" (&(objectClass=user)(samAccountName=%s) "
" (!(userAccountControl: " LDB_OID_COMPARATOR_AND " :=%u)) "
" (userAccountControl: " LDB_OID_COMPARATOR_OR " :=%u)) " ,
2008-08-21 10:09:42 +04:00
ldb_binary_encode_string ( mem_ctx , user ) ,
2009-06-12 17:20:48 +04:00
UF_ACCOUNTDISABLE , ds_acb2uf ( acct_control ) ) ;
2008-05-21 06:37:36 +04:00
if ( ret ! = LDB_SUCCESS ) {
DEBUG ( 2 , ( " Unable to find referece to user '%s' with ACB 0x%8x under %s: %s \n " ,
user , acct_control , ldb_dn_get_linearized ( dom_res - > msgs [ 0 ] - > dn ) ,
ldb_errstring ( sam_ctx ) ) ) ;
return NT_STATUS_NO_SUCH_USER ;
} else if ( user_res - > count = = 1 ) {
user_known = true ;
} else {
user_known = false ;
}
} else {
user_known = true ;
}
2005-05-12 12:28:07 +04:00
server_type =
2009-10-02 05:52:16 +04:00
DS_SERVER_DS | DS_SERVER_TIMESERV |
DS_SERVER_CLOSEST | DS_SERVER_WRITABLE |
DS_SERVER_GOOD_TIMESERV ;
#if 0
/* w2k8-r2 as a DC does not claim these */
server_type | = DS_DNS_CONTROLLER | DS_DNS_DOMAIN ;
# endif
2005-05-12 12:28:07 +04:00
2008-05-17 06:41:42 +04:00
if ( samdb_is_pdc ( sam_ctx ) ) {
2009-09-21 21:41:06 +04:00
int * domainFunctionality ;
2009-10-02 05:52:16 +04:00
server_type | = DS_SERVER_PDC ;
2009-09-21 21:41:06 +04:00
domainFunctionality = talloc_get_type ( ldb_get_opaque ( sam_ctx , " domainFunctionality " ) , int ) ;
if ( domainFunctionality & & * domainFunctionality > = DS_DOMAIN_FUNCTION_2008 ) {
2009-10-02 05:52:16 +04:00
server_type | = DS_SERVER_FULL_SECRET_DOMAIN_6 ;
2009-09-21 21:41:06 +04:00
}
2008-01-03 15:00:38 +03:00
}
2008-05-17 06:41:42 +04:00
if ( samdb_is_gc ( sam_ctx ) ) {
2009-10-02 05:52:16 +04:00
server_type | = DS_SERVER_GC ;
2008-01-07 09:47:01 +03:00
}
2005-05-12 12:28:07 +04:00
if ( str_list_check ( services , " ldap " ) ) {
2009-10-02 05:52:16 +04:00
server_type | = DS_SERVER_LDAP ;
2005-05-12 12:28:07 +04:00
}
2005-06-08 03:06:24 +04:00
if ( str_list_check ( services , " kdc " ) ) {
2009-10-02 05:52:16 +04:00
server_type | = DS_SERVER_KDC ;
2005-06-08 03:06:24 +04:00
}
2009-10-02 05:52:16 +04:00
#if 0
/* w2k8-r2 as a sole DC does not claim this */
2008-10-03 08:58:46 +04:00
if ( ldb_dn_compare ( ldb_get_root_basedn ( sam_ctx ) , ldb_get_default_basedn ( sam_ctx ) ) = = 0 ) {
2009-10-02 05:52:16 +04:00
server_type | = DS_DNS_FOREST_ROOT ;
2008-08-20 06:45:41 +04:00
}
2009-10-02 05:52:16 +04:00
# endif
2008-08-20 06:45:41 +04:00
2007-12-02 18:20:25 +03:00
pdc_name = talloc_asprintf ( mem_ctx , " \\ \\ %s " , lp_netbios_name ( lp_ctx ) ) ;
2007-11-14 00:30:33 +03:00
domain_uuid = samdb_result_guid ( dom_res - > msgs [ 0 ] , " objectGUID " ) ;
2009-10-12 21:09:18 +04:00
dns_domain = lp_dnsdomain ( lp_ctx ) ;
2005-05-12 12:28:07 +04:00
pdc_dns_name = talloc_asprintf ( mem_ctx , " %s.%s " ,
2007-09-28 05:17:46 +04:00
strlower_talloc ( mem_ctx ,
2007-12-02 18:20:25 +03:00
lp_netbios_name ( lp_ctx ) ) ,
2005-06-08 03:06:24 +04:00
dns_domain ) ;
2005-08-03 22:30:21 +04:00
2009-05-26 06:31:39 +04:00
flatname = lp_sam_name ( lp_ctx ) ;
2008-08-20 06:45:41 +04:00
/* FIXME: Hardcoded site names */
2006-11-13 22:12:47 +03:00
server_site = " Default-First-Site-Name " ;
client_site = " Default-First-Site-Name " ;
2007-12-12 00:23:20 +03:00
load_interfaces ( mem_ctx , lp_interfaces ( lp_ctx ) , & ifaces ) ;
2007-12-12 00:23:14 +03:00
pdc_ip = iface_best_ip ( ifaces , src_address ) ;
2005-05-12 12:28:07 +04:00
ZERO_STRUCTP ( netlogon ) ;
2008-05-21 06:37:36 +04:00
/* check if either of these bits is present */
if ( version & ( NETLOGON_NT_VERSION_5EX | NETLOGON_NT_VERSION_5EX_WITH_IP ) ) {
2008-05-17 14:53:29 +04:00
uint32_t extra_flags = 0 ;
2008-05-17 06:41:42 +04:00
netlogon - > ntver = NETLOGON_NT_VERSION_5EX ;
/* could check if the user exists */
2008-05-21 06:37:36 +04:00
if ( user_known ) {
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5_ex . command = LOGON_SAM_LOGON_RESPONSE_EX ;
2008-05-17 14:53:29 +04:00
} else {
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5_ex . command = LOGON_SAM_LOGON_USER_UNKNOWN_EX ;
2008-05-17 14:53:29 +04:00
}
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5_ex . server_type = server_type ;
netlogon - > data . nt5_ex . domain_uuid = domain_uuid ;
2009-10-12 21:09:18 +04:00
netlogon - > data . nt5_ex . forest = dns_domain ;
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5_ex . dns_domain = dns_domain ;
netlogon - > data . nt5_ex . pdc_dns_name = pdc_dns_name ;
netlogon - > data . nt5_ex . domain = flatname ;
netlogon - > data . nt5_ex . pdc_name = lp_netbios_name ( lp_ctx ) ;
netlogon - > data . nt5_ex . user_name = user ;
netlogon - > data . nt5_ex . server_site = server_site ;
netlogon - > data . nt5_ex . client_site = client_site ;
2008-05-17 06:41:42 +04:00
if ( version & NETLOGON_NT_VERSION_5EX_WITH_IP ) {
/* Clearly this needs to be fixed up for IPv6 */
extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP ;
2008-10-14 17:43:04 +04:00
netlogon - > data . nt5_ex . sockaddr . sockaddr_family = 2 ;
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5_ex . sockaddr . pdc_ip = pdc_ip ;
netlogon - > data . nt5_ex . sockaddr . remaining = data_blob_talloc_zero ( mem_ctx , 8 ) ;
2008-05-17 06:41:42 +04:00
}
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5_ex . nt_version = NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5EX | extra_flags ;
netlogon - > data . nt5_ex . lmnt_token = 0xFFFF ;
netlogon - > data . nt5_ex . lm20_token = 0xFFFF ;
2008-05-17 06:41:42 +04:00
} else if ( version & NETLOGON_NT_VERSION_5 ) {
netlogon - > ntver = NETLOGON_NT_VERSION_5 ;
/* could check if the user exists */
2008-05-21 06:37:36 +04:00
if ( user_known ) {
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5 . command = LOGON_SAM_LOGON_RESPONSE ;
2008-05-17 14:53:29 +04:00
} else {
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5 . command = LOGON_SAM_LOGON_USER_UNKNOWN ;
2008-05-17 14:53:29 +04:00
}
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5 . pdc_name = pdc_name ;
netlogon - > data . nt5 . user_name = user ;
netlogon - > data . nt5 . domain_name = flatname ;
netlogon - > data . nt5 . domain_uuid = domain_uuid ;
2009-10-12 21:09:18 +04:00
netlogon - > data . nt5 . forest = dns_domain ;
2008-10-02 10:09:25 +04:00
netlogon - > data . nt5 . dns_domain = dns_domain ;
netlogon - > data . nt5 . pdc_dns_name = pdc_dns_name ;
netlogon - > data . nt5 . pdc_ip = pdc_ip ;
netlogon - > data . nt5 . server_type = server_type ;
netlogon - > data . nt5 . nt_version = NETLOGON_NT_VERSION_1 | NETLOGON_NT_VERSION_5 ;
netlogon - > data . nt5 . lmnt_token = 0xFFFF ;
netlogon - > data . nt5 . lm20_token = 0xFFFF ;
2008-05-17 14:53:29 +04:00
} else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ {
2008-05-17 06:41:42 +04:00
netlogon - > ntver = NETLOGON_NT_VERSION_1 ;
/* could check if the user exists */
2008-05-21 06:37:36 +04:00
if ( user_known ) {
2008-10-02 10:09:25 +04:00
netlogon - > data . nt4 . command = LOGON_SAM_LOGON_RESPONSE ;
2008-05-17 14:53:29 +04:00
} else {
2008-10-02 10:09:25 +04:00
netlogon - > data . nt4 . command = LOGON_SAM_LOGON_USER_UNKNOWN ;
2008-05-17 14:53:29 +04:00
}
2008-10-02 10:09:25 +04:00
netlogon - > data . nt4 . server = pdc_name ;
netlogon - > data . nt4 . user_name = user ;
netlogon - > data . nt4 . domain = flatname ;
netlogon - > data . nt4 . nt_version = NETLOGON_NT_VERSION_1 ;
netlogon - > data . nt4 . lmnt_token = 0xFFFF ;
netlogon - > data . nt4 . lm20_token = 0xFFFF ;
2005-05-12 12:28:07 +04:00
}
return NT_STATUS_OK ;
}
/*
handle incoming cldap requests
*/
2009-02-13 15:13:54 +03:00
void cldapd_netlogon_request ( struct cldap_socket * cldap ,
struct cldapd_server * cldapd ,
TALLOC_CTX * tmp_ctx ,
2005-05-12 12:28:07 +04:00
uint32_t message_id ,
2005-06-13 13:10:17 +04:00
struct ldb_parse_tree * tree ,
2009-02-13 15:13:54 +03:00
struct tsocket_address * src )
2005-05-12 12:28:07 +04:00
{
int i ;
const char * domain = NULL ;
const char * host = NULL ;
2005-07-12 13:40:34 +04:00
const char * user = NULL ;
2005-05-13 09:29:41 +04:00
const char * domain_guid = NULL ;
const char * domain_sid = NULL ;
int acct_control = - 1 ;
2005-05-12 12:28:07 +04:00
int version = - 1 ;
2008-05-17 06:41:42 +04:00
struct netlogon_samlogon_response netlogon ;
2005-05-12 12:28:07 +04:00
NTSTATUS status = NT_STATUS_INVALID_PARAMETER ;
2005-06-13 10:06:29 +04:00
if ( tree - > operation ! = LDB_OP_AND ) goto failed ;
2005-05-12 12:28:07 +04:00
/* extract the query elements */
for ( i = 0 ; i < tree - > u . list . num_elements ; i + + ) {
2005-06-13 10:06:29 +04:00
struct ldb_parse_tree * t = tree - > u . list . elements [ i ] ;
2005-07-19 13:09:00 +04:00
if ( t - > operation ! = LDB_OP_EQUALITY ) goto failed ;
if ( strcasecmp ( t - > u . equality . attr , " DnsDomain " ) = = 0 ) {
2005-05-12 12:28:07 +04:00
domain = talloc_strndup ( tmp_ctx ,
2006-03-15 13:28:35 +03:00
( const char * ) t - > u . equality . value . data ,
2005-07-19 13:09:00 +04:00
t - > u . equality . value . length ) ;
2005-05-12 12:28:07 +04:00
}
2005-07-19 13:09:00 +04:00
if ( strcasecmp ( t - > u . equality . attr , " Host " ) = = 0 ) {
2005-05-12 12:28:07 +04:00
host = talloc_strndup ( tmp_ctx ,
2006-03-15 13:28:35 +03:00
( const char * ) t - > u . equality . value . data ,
2005-07-19 13:09:00 +04:00
t - > u . equality . value . length ) ;
2005-05-12 12:28:07 +04:00
}
2005-07-19 13:09:00 +04:00
if ( strcasecmp ( t - > u . equality . attr , " DomainGuid " ) = = 0 ) {
2005-05-16 15:17:57 +04:00
NTSTATUS enc_status ;
struct GUID guid ;
enc_status = ldap_decode_ndr_GUID ( tmp_ctx ,
2005-07-19 13:09:00 +04:00
t - > u . equality . value , & guid ) ;
2005-05-16 15:17:57 +04:00
if ( NT_STATUS_IS_OK ( enc_status ) ) {
domain_guid = GUID_string ( tmp_ctx , & guid ) ;
}
2005-05-13 09:29:41 +04:00
}
2005-07-19 13:09:00 +04:00
if ( strcasecmp ( t - > u . equality . attr , " DomainSid " ) = = 0 ) {
2005-05-13 09:29:41 +04:00
domain_sid = talloc_strndup ( tmp_ctx ,
2006-03-15 13:28:35 +03:00
( const char * ) t - > u . equality . value . data ,
2005-07-19 13:09:00 +04:00
t - > u . equality . value . length ) ;
2005-05-13 09:29:41 +04:00
}
2005-07-19 13:09:00 +04:00
if ( strcasecmp ( t - > u . equality . attr , " User " ) = = 0 ) {
2005-05-12 13:03:14 +04:00
user = talloc_strndup ( tmp_ctx ,
2006-03-15 13:28:35 +03:00
( const char * ) t - > u . equality . value . data ,
2005-07-19 13:09:00 +04:00
t - > u . equality . value . length ) ;
2005-05-12 13:03:14 +04:00
}
2005-07-19 13:09:00 +04:00
if ( strcasecmp ( t - > u . equality . attr , " NtVer " ) = = 0 & &
t - > u . equality . value . length = = 4 ) {
version = IVAL ( t - > u . equality . value . data , 0 ) ;
2005-05-12 12:28:07 +04:00
}
2005-07-19 13:09:00 +04:00
if ( strcasecmp ( t - > u . equality . attr , " AAC " ) = = 0 & &
t - > u . equality . value . length = = 4 ) {
acct_control = IVAL ( t - > u . equality . value . data , 0 ) ;
2005-05-13 09:29:41 +04:00
}
2005-05-12 12:28:07 +04:00
}
2005-05-16 15:17:57 +04:00
if ( domain_guid = = NULL & & domain = = NULL ) {
2009-10-12 21:09:18 +04:00
domain = lp_dnsdomain ( cldapd - > task - > lp_ctx ) ;
2005-05-16 15:17:57 +04:00
}
if ( version = = - 1 ) {
2005-05-12 12:28:07 +04:00
goto failed ;
}
2005-05-18 08:18:19 +04:00
DEBUG ( 5 , ( " cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s \n " ,
2005-05-16 15:17:57 +04:00
domain , host , user , version , domain_guid ) ) ;
2005-05-12 12:28:07 +04:00
2008-05-17 14:53:29 +04:00
status = fill_netlogon_samlogon_response ( cldapd - > samctx , tmp_ctx , domain , NULL , NULL , domain_guid ,
2009-02-13 15:13:54 +03:00
user , acct_control ,
tsocket_address_inet_addr_string ( src , tmp_ctx ) ,
2008-05-17 06:41:42 +04:00
version , cldapd - > task - > lp_ctx , & netlogon ) ;
2005-05-12 12:28:07 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
2009-02-13 15:13:54 +03:00
status = cldap_netlogon_reply ( cldap ,
lp_iconv_convenience ( cldapd - > task - > lp_ctx ) ,
message_id , src , version ,
2005-05-12 12:28:07 +04:00
& netlogon ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto failed ;
}
return ;
failed :
2005-06-19 00:32:21 +04:00
DEBUG ( 2 , ( " cldap netlogon query failed domain=%s host=%s version=%d - %s \n " ,
2005-05-12 12:28:07 +04:00
domain , host , version , nt_errstr ( status ) ) ) ;
2009-02-13 15:13:54 +03:00
cldap_empty_reply ( cldap , message_id , src ) ;
2005-05-12 12:28:07 +04:00
}
