Context Navigation

source: branches/samba-3.2.x/source/rpc_server/srv_netlog_nt.c@ 198

Visit:

Last change on this file since 198 was 136, checked in by Paul Smedley, 18 years ago
Update trunk to 3.2.0rc1
File size: 47.4 KB

Line
1	/*
2	* Unix SMB/CIFS implementation.
3	* RPC Pipe client / server routines
4	* Copyright (C) Andrew Tridgell 1992-1997,
5	* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6	* Copyright (C) Paul Ashton 1997.
7	* Copyright (C) Jeremy Allison 1998-2001.
8	* Copyright (C) Andrew Bartlett 2001.
9	* Copyright (C) Guenther Deschner 2008.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 3 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License
22	* along with this program; if not, see <http://www.gnu.org/licenses/>.
23	*/
24
25	/* This is the implementation of the netlogon pipe. */
26
27	#include "includes.h"
28
29	extern userdom_struct current_user_info;
30
31	#undef DBGC_CLASS
32	#define DBGC_CLASS DBGC_RPC_SRV
33
34	/*************************************************************************
35	init_net_r_req_chal:
36	*************************************************************************/
37
38	static void init_net_r_req_chal(struct netr_Credential *r,
39	struct netr_Credential *srv_chal)
40	{
41	DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
42
43	memcpy(r->data, srv_chal->data, sizeof(r->data));
44	}
45
46	/*******************************************************************
47	Inits a netr_NETLOGON_INFO_1 structure.
48	********************************************************************/
49
50	static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
51	uint32_t flags,
52	uint32_t pdc_connection_status)
53	{
54	r->flags = flags;
55	r->pdc_connection_status = pdc_connection_status;
56	}
57
58	/*******************************************************************
59	Inits a netr_NETLOGON_INFO_2 structure.
60	********************************************************************/
61
62	static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
63	uint32_t flags,
64	uint32_t pdc_connection_status,
65	const char *trusted_dc_name,
66	uint32_t tc_connection_status)
67	{
68	r->flags = flags;
69	r->pdc_connection_status = pdc_connection_status;
70	r->trusted_dc_name = trusted_dc_name;
71	r->tc_connection_status = tc_connection_status;
72	}
73
74	/*******************************************************************
75	Inits a netr_NETLOGON_INFO_3 structure.
76	********************************************************************/
77
78	static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
79	uint32_t flags,
80	uint32_t logon_attempts)
81	{
82	r->flags = flags;
83	r->logon_attempts = logon_attempts;
84	}
85
86	/*************************************************************************
87	_netr_LogonControl
88	*************************************************************************/
89
90	WERROR _netr_LogonControl(pipes_struct *p,
91	struct netr_LogonControl *r)
92	{
93	struct netr_NETLOGON_INFO_1 *info1;
94	uint32_t flags = 0x0;
95	uint32_t pdc_connection_status = W_ERROR_V(WERR_OK);
96
97	/* Setup the Logon Control response */
98
99	switch (r->in.level) {
100	case 1:
101	info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
102	if (!info1) {
103	return WERR_NOMEM;
104	}
105	init_netlogon_info1(info1,
106	flags,
107	pdc_connection_status);
108	r->out.info->info1 = info1;
109	break;
110	default:
111	return WERR_UNKNOWN_LEVEL;
112	}
113
114	return WERR_OK;
115	}
116
117	/****************************************************************************
118	Send a message to smbd to do a sam synchronisation
119	**************************************************************************/
120
121	static void send_sync_message(void)
122	{
123	DEBUG(3, ("sending sam synchronisation message\n"));
124	message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
125	NULL);
126	}
127
128	/*************************************************************************
129	_netr_LogonControl2
130	*************************************************************************/
131
132	WERROR _netr_LogonControl2(pipes_struct *p,
133	struct netr_LogonControl2 *r)
134	{
135	uint32 flags = 0x0;
136	uint32 pdc_connection_status = 0x0;
137	uint32 logon_attempts = 0x0;
138	uint32 tc_status;
139	fstring dc_name2;
140	const char *dc_name = NULL;
141	struct sockaddr_storage dc_ss;
142	const char *domain = NULL;
143	struct netr_NETLOGON_INFO_1 *info1;
144	struct netr_NETLOGON_INFO_2 *info2;
145	struct netr_NETLOGON_INFO_3 *info3;
146
147	tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
148
149	switch (r->in.function_code) {
150	case NETLOGON_CONTROL_TC_QUERY:
151	domain = r->in.data->domain;
152
153	if ( !is_trusted_domain( domain ) )
154	break;
155
156	if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
157	tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
158	break;
159	}
160
161	dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
162	if (!dc_name) {
163	return WERR_NOMEM;
164	}
165
166	tc_status = W_ERROR_V(WERR_OK);
167
168	break;
169
170	case NETLOGON_CONTROL_REDISCOVER:
171	domain = r->in.data->domain;
172
173	if ( !is_trusted_domain( domain ) )
174	break;
175
176	if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
177	tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
178	break;
179	}
180
181	dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
182	if (!dc_name) {
183	return WERR_NOMEM;
184	}
185
186	tc_status = W_ERROR_V(WERR_OK);
187
188	break;
189
190	default:
191	/* no idea what this should be */
192	DEBUG(0,("_netr_LogonControl2: unimplemented function level [%d]\n",
193	r->in.function_code));
194	return WERR_UNKNOWN_LEVEL;
195	}
196
197	/* prepare the response */
198
199	switch (r->in.level) {
200	case 1:
201	info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
202	W_ERROR_HAVE_NO_MEMORY(info1);
203
204	init_netlogon_info1(info1,
205	flags,
206	pdc_connection_status);
207	r->out.query->info1 = info1;
208	break;
209	case 2:
210	info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
211	W_ERROR_HAVE_NO_MEMORY(info2);
212
213	init_netlogon_info2(info2,
214	flags,
215	pdc_connection_status,
216	dc_name,
217	tc_status);
218	r->out.query->info2 = info2;
219	break;
220	case 3:
221	info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
222	W_ERROR_HAVE_NO_MEMORY(info3);
223
224	init_netlogon_info3(info3,
225	flags,
226	logon_attempts);
227	r->out.query->info3 = info3;
228	break;
229	default:
230	return WERR_UNKNOWN_LEVEL;
231	}
232
233	if (lp_server_role() == ROLE_DOMAIN_BDC) {
234	send_sync_message();
235	}
236
237	return WERR_OK;
238	}
239
240	/*************************************************************************
241	_netr_NetrEnumerateTrustedDomains
242	*************************************************************************/
243
244	WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
245	struct netr_NetrEnumerateTrustedDomains *r)
246	{
247	struct netr_Blob trusted_domains_blob;
248	DATA_BLOB blob;
249
250	DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
251
252	/* set up the Trusted Domain List response */
253
254	blob = data_blob_talloc_zero(p->mem_ctx, 2);
255	trusted_domains_blob.data = blob.data;
256	trusted_domains_blob.length = blob.length;
257
258	DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
259
260	*r->out.trusted_domains_blob = trusted_domains_blob;
261
262	return WERR_OK;
263	}
264
265	/******************************************************************
266	gets a machine password entry. checks access rights of the host.
267	******************************************************************/
268
269	static NTSTATUS get_md4pw(char md4pw, const char mach_acct, uint16 sec_chan_type)
270	{
271	struct samu *sampass = NULL;
272	const uint8 *pass;
273	bool ret;
274	uint32 acct_ctrl;
275
276	#if 0
277	char addr[INET6_ADDRSTRLEN];
278
279	/*
280	* Currently this code is redundent as we already have a filter
281	* by hostname list. What this code really needs to do is to
282	* get a hosts allowed/hosts denied list from the SAM database
283	* on a per user basis, and make the access decision there.
284	* I will leave this code here for now as a reminder to implement
285	* this at a later date. JRA.
286	*/
287
288	if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
289	client_name(get_client_fd()),
290	client_addr(get_client_fd(),addr,sizeof(addr)))) {
291	DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
292	return False;
293	}
294	#endif /* 0 */
295
296	if ( !(sampass = samu_new( NULL )) ) {
297	return NT_STATUS_NO_MEMORY;
298	}
299
300	/* JRA. This is ok as it is only used for generating the challenge. */
301	become_root();
302	ret = pdb_getsampwnam(sampass, mach_acct);
303	unbecome_root();
304
305	if (!ret) {
306	DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
307	TALLOC_FREE(sampass);
308	return NT_STATUS_ACCESS_DENIED;
309	}
310
311	acct_ctrl = pdb_get_acct_ctrl(sampass);
312	if (acct_ctrl & ACB_DISABLED) {
313	DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
314	TALLOC_FREE(sampass);
315	return NT_STATUS_ACCOUNT_DISABLED;
316	}
317
318	if (!(acct_ctrl & ACB_SVRTRUST) &&
319	!(acct_ctrl & ACB_WSTRUST) &&
320	!(acct_ctrl & ACB_DOMTRUST))
321	{
322	DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
323	TALLOC_FREE(sampass);
324	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
325	}
326
327	switch (sec_chan_type) {
328	case SEC_CHAN_BDC:
329	if (!(acct_ctrl & ACB_SVRTRUST)) {
330	DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
331	"but not a server trust account\n", mach_acct));
332	TALLOC_FREE(sampass);
333	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
334	}
335	break;
336	case SEC_CHAN_WKSTA:
337	if (!(acct_ctrl & ACB_WSTRUST)) {
338	DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
339	"but not a workstation trust account\n", mach_acct));
340	TALLOC_FREE(sampass);
341	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
342	}
343	break;
344	case SEC_CHAN_DOMAIN:
345	if (!(acct_ctrl & ACB_DOMTRUST)) {
346	DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
347	"but not a interdomain trust account\n", mach_acct));
348	TALLOC_FREE(sampass);
349	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
350	}
351	break;
352	default:
353	break;
354	}
355
356	if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
357	DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
358	TALLOC_FREE(sampass);
359	return NT_STATUS_LOGON_FAILURE;
360	}
361
362	memcpy(md4pw, pass, 16);
363	dump_data(5, (uint8 *)md4pw, 16);
364
365	TALLOC_FREE(sampass);
366
367	return NT_STATUS_OK;
368
369
370	}
371
372	/*************************************************************************
373	_netr_ServerReqChallenge
374	*************************************************************************/
375
376	NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
377	struct netr_ServerReqChallenge *r)
378	{
379	if (!p->dc) {
380	p->dc = TALLOC_ZERO_P(p->pipe_state_mem_ctx, struct dcinfo);
381	if (!p->dc) {
382	return NT_STATUS_NO_MEMORY;
383	}
384	} else {
385	DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
386	ZERO_STRUCTP(p->dc);
387	}
388
389	fstrcpy(p->dc->remote_machine, r->in.computer_name);
390
391	/* Save the client challenge to the server. */
392	memcpy(p->dc->clnt_chal.data, r->in.credentials->data,
393	sizeof(r->in.credentials->data));
394
395	/* Create a server challenge for the client */
396	/* Set this to a random value. */
397	generate_random_buffer(p->dc->srv_chal.data, 8);
398
399	/* set up the LSA REQUEST CHALLENGE response */
400	init_net_r_req_chal(r->out.return_credentials, &p->dc->srv_chal);
401
402	p->dc->challenge_sent = True;
403
404	return NT_STATUS_OK;
405	}
406
407	/*************************************************************************
408	_netr_ServerAuthenticate
409	Create the initial credentials.
410	*************************************************************************/
411
412	NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
413	struct netr_ServerAuthenticate *r)
414	{
415	NTSTATUS status;
416	struct netr_Credential srv_chal_out;
417
418	if (!p->dc \|\| !p->dc->challenge_sent) {
419	return NT_STATUS_ACCESS_DENIED;
420	}
421
422	status = get_md4pw((char *)p->dc->mach_pw,
423	r->in.account_name,
424	r->in.secure_channel_type);
425	if (!NT_STATUS_IS_OK(status)) {
426	DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
427	"get password for machine account %s "
428	"from client %s: %s\n",
429	r->in.account_name,
430	r->in.computer_name,
431	nt_errstr(status) ));
432	/* always return NT_STATUS_ACCESS_DENIED */
433	return NT_STATUS_ACCESS_DENIED;
434	}
435
436	/* From the client / server challenges and md4 password, generate sess key */
437	creds_server_init(0, /* No neg flags. */
438	p->dc,
439	&p->dc->clnt_chal, /* Stored client chal. */
440	&p->dc->srv_chal, /* Stored server chal. */
441	p->dc->mach_pw,
442	&srv_chal_out);
443
444	/* Check client credentials are valid. */
445	if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
446	DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth "
447	"request from client %s machine account %s\n",
448	r->in.computer_name,
449	r->in.account_name));
450	return NT_STATUS_ACCESS_DENIED;
451	}
452
453	fstrcpy(p->dc->mach_acct, r->in.account_name);
454	fstrcpy(p->dc->remote_machine, r->in.computer_name);
455	p->dc->authenticated = True;
456
457	/* set up the LSA AUTH response */
458	/* Return the server credentials. */
459
460	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
461	sizeof(r->out.return_credentials->data));
462
463	return NT_STATUS_OK;
464	}
465
466	/*************************************************************************
467	_netr_ServerAuthenticate2
468	*************************************************************************/
469
470	NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
471	struct netr_ServerAuthenticate2 *r)
472	{
473	NTSTATUS status;
474	uint32_t srv_flgs;
475	struct netr_Credential srv_chal_out;
476
477	/* We use this as the key to store the creds: */
478	/* r->in.computer_name */
479
480	if (!p->dc \|\| !p->dc->challenge_sent) {
481	DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
482	r->in.computer_name));
483	return NT_STATUS_ACCESS_DENIED;
484	}
485
486	if ( (lp_server_schannel() == true) &&
487	((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
488
489	/* schannel must be used, but client did not offer it. */
490	DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
491	"to offer it. Client was %s\n",
492	r->in.account_name));
493	return NT_STATUS_ACCESS_DENIED;
494	}
495
496	status = get_md4pw((char *)p->dc->mach_pw,
497	r->in.account_name,
498	r->in.secure_channel_type);
499	if (!NT_STATUS_IS_OK(status)) {
500	DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for "
501	"account %s: %s\n",
502	r->in.account_name, nt_errstr(status) ));
503	/* always return NT_STATUS_ACCESS_DENIED */
504	return NT_STATUS_ACCESS_DENIED;
505	}
506
507	/* From the client / server challenges and md4 password, generate sess key */
508	creds_server_init(*r->in.negotiate_flags,
509	p->dc,
510	&p->dc->clnt_chal, /* Stored client chal. */
511	&p->dc->srv_chal, /* Stored server chal. */
512	p->dc->mach_pw,
513	&srv_chal_out);
514
515	/* Check client credentials are valid. */
516	if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
517	DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth "
518	"request from client %s machine account %s\n",
519	r->in.computer_name,
520	r->in.account_name));
521	return NT_STATUS_ACCESS_DENIED;
522	}
523
524	srv_flgs = 0x000001ff;
525
526	if (lp_server_schannel() != false) {
527	srv_flgs \|= NETLOGON_NEG_SCHANNEL;
528	}
529
530	/* set up the LSA AUTH 2 response */
531	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
532	sizeof(r->out.return_credentials->data));
533	*r->out.negotiate_flags = srv_flgs;
534
535	fstrcpy(p->dc->mach_acct, r->in.account_name);
536	fstrcpy(p->dc->remote_machine, r->in.computer_name);
537	fstrcpy(p->dc->domain, lp_workgroup() );
538
539	p->dc->authenticated = True;
540
541	/* Store off the state so we can continue after client disconnect. */
542	become_root();
543	secrets_store_schannel_session_info(p->mem_ctx,
544	r->in.computer_name,
545	p->dc);
546	unbecome_root();
547
548	return NT_STATUS_OK;
549	}
550
551	/*************************************************************************
552	_netr_ServerPasswordSet
553	*************************************************************************/
554
555	NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
556	struct netr_ServerPasswordSet *r)
557	{
558	NTSTATUS status = NT_STATUS_OK;
559	fstring remote_machine;
560	struct samu *sampass=NULL;
561	bool ret = False;
562	unsigned char pwd[16];
563	int i;
564	uint32 acct_ctrl;
565	struct netr_Authenticator cred_out;
566	const uchar *old_pw;
567
568	DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
569
570	/* We need the remote machine name for the creds lookup. */
571	fstrcpy(remote_machine, r->in.computer_name);
572
573	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
574	/* 'server schannel = yes' should enforce use of
575	schannel, the client did offer it in auth2, but
576	obviously did not use it. */
577	DEBUG(0,("_netr_ServerPasswordSet: client %s not using schannel for netlogon\n",
578	remote_machine ));
579	return NT_STATUS_ACCESS_DENIED;
580	}
581
582	if (!p->dc) {
583	/* Restore the saved state of the netlogon creds. */
584	become_root();
585	ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
586	remote_machine,
587	&p->dc);
588	unbecome_root();
589	if (!ret) {
590	return NT_STATUS_INVALID_HANDLE;
591	}
592	}
593
594	if (!p->dc \|\| !p->dc->authenticated) {
595	return NT_STATUS_INVALID_HANDLE;
596	}
597
598	DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
599	remote_machine, p->dc->mach_acct));
600
601	/* Step the creds chain forward. */
602	if (!netlogon_creds_server_step(p->dc, r->in.credential, &cred_out)) {
603	DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
604	"request from client %s machine account %s\n",
605	remote_machine, p->dc->mach_acct ));
606	return NT_STATUS_INVALID_PARAMETER;
607	}
608
609	/* We must store the creds state after an update. */
610	sampass = samu_new( NULL );
611	if (!sampass) {
612	return NT_STATUS_NO_MEMORY;
613	}
614
615	become_root();
616	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
617	remote_machine,
618	p->dc);
619	ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
620	unbecome_root();
621
622	if (!ret) {
623	TALLOC_FREE(sampass);
624	return NT_STATUS_ACCESS_DENIED;
625	}
626
627	/* Ensure the account exists and is a machine account. */
628
629	acct_ctrl = pdb_get_acct_ctrl(sampass);
630
631	if (!(acct_ctrl & ACB_WSTRUST \|\|
632	acct_ctrl & ACB_SVRTRUST \|\|
633	acct_ctrl & ACB_DOMTRUST)) {
634	TALLOC_FREE(sampass);
635	return NT_STATUS_NO_SUCH_USER;
636	}
637
638	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
639	TALLOC_FREE(sampass);
640	return NT_STATUS_ACCOUNT_DISABLED;
641	}
642
643	/* Woah - what does this to to the credential chain ? JRA */
644	cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
645
646	DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
647	for(i = 0; i < sizeof(pwd); i++)
648	DEBUG(100,("%02X ", pwd[i]));
649	DEBUG(100,("\n"));
650
651	old_pw = pdb_get_nt_passwd(sampass);
652
653	if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
654	/* Avoid backend modificiations and other fun if the
655	client changed the password to the same thing */
656
657	ret = True;
658	} else {
659
660	/* LM password should be NULL for machines */
661	if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
662	TALLOC_FREE(sampass);
663	return NT_STATUS_NO_MEMORY;
664	}
665
666	if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
667	TALLOC_FREE(sampass);
668	return NT_STATUS_NO_MEMORY;
669	}
670
671	if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
672	TALLOC_FREE(sampass);
673	/* Not quite sure what this one qualifies as, but this will do */
674	return NT_STATUS_UNSUCCESSFUL;
675	}
676
677	become_root();
678	status = pdb_update_sam_account(sampass);
679	unbecome_root();
680	}
681
682	/* set up the LSA Server Password Set response */
683
684	memcpy(r->out.return_authenticator, &cred_out,
685	sizeof(r->out.return_authenticator));
686
687	TALLOC_FREE(sampass);
688	return status;
689	}
690
691	/*************************************************************************
692	_netr_LogonSamLogoff
693	*************************************************************************/
694
695	NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
696	struct netr_LogonSamLogoff *r)
697	{
698	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
699	/* 'server schannel = yes' should enforce use of
700	schannel, the client did offer it in auth2, but
701	obviously did not use it. */
702	DEBUG(0,("_netr_LogonSamLogoff: client %s not using schannel for netlogon\n",
703	get_remote_machine_name() ));
704	return NT_STATUS_ACCESS_DENIED;
705	}
706
707
708	if (!get_valid_user_struct(p->vuid))
709	return NT_STATUS_NO_SUCH_USER;
710
711	/* Using the remote machine name for the creds store: */
712	/* r->in.computer_name */
713
714	if (!p->dc) {
715	/* Restore the saved state of the netlogon creds. */
716	bool ret;
717
718	become_root();
719	ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
720	r->in.computer_name,
721	&p->dc);
722	unbecome_root();
723	if (!ret) {
724	return NT_STATUS_INVALID_HANDLE;
725	}
726	}
727
728	if (!p->dc \|\| !p->dc->authenticated) {
729	return NT_STATUS_INVALID_HANDLE;
730	}
731
732	/* checks and updates credentials. creates reply credentials */
733	if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
734	DEBUG(2,("_netr_LogonSamLogoff: netlogon_creds_server_step failed. Rejecting auth "
735	"request from client %s machine account %s\n",
736	r->in.computer_name, p->dc->mach_acct ));
737	return NT_STATUS_INVALID_PARAMETER;
738	}
739
740	/* We must store the creds state after an update. */
741	become_root();
742	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
743	r->in.computer_name,
744	p->dc);
745	unbecome_root();
746
747	return NT_STATUS_OK;
748	}
749
750	/*******************************************************************
751	gets a domain user's groups from their already-calculated NT_USER_TOKEN
752	********************************************************************/
753
754	static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
755	const DOM_SID *domain_sid,
756	size_t num_sids,
757	const DOM_SID *sids,
758	int numgroups, DOM_GID *pgids)
759	{
760	int i;
761
762	*numgroups=0;
763	*pgids = NULL;
764
765	for (i=0; i<num_sids; i++) {
766	DOM_GID gid;
767	if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.g_rid)) {
768	continue;
769	}
770	gid.attr = (SE_GROUP_MANDATORY\|SE_GROUP_ENABLED_BY_DEFAULT\|
771	SE_GROUP_ENABLED);
772	ADD_TO_ARRAY(mem_ctx, DOM_GID, gid, pgids, numgroups);
773	if (*pgids == NULL) {
774	return NT_STATUS_NO_MEMORY;
775	}
776	}
777	return NT_STATUS_OK;
778	}
779
780	/*************************************************************************
781	_netr_LogonSamLogon
782	*************************************************************************/
783
784	NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
785	struct netr_LogonSamLogon *r)
786	{
787	NTSTATUS status = NT_STATUS_OK;
788	struct netr_SamInfo3 *sam3 = NULL;
789	union netr_LogonInfo *logon = r->in.logon;
790	fstring nt_username, nt_domain, nt_workstation;
791	auth_usersupplied_info *user_info = NULL;
792	auth_serversupplied_info *server_info = NULL;
793	struct samu *sampw;
794	struct auth_context *auth_context = NULL;
795	bool process_creds = true;
796
797	switch (p->hdr_req.opnum) {
798	case NDR_NETR_LOGONSAMLOGON:
799	process_creds = true;
800	break;
801	case NDR_NETR_LOGONSAMLOGONEX:
802	default:
803	process_creds = false;
804	}
805
806	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
807	/* 'server schannel = yes' should enforce use of
808	schannel, the client did offer it in auth2, but
809	obviously did not use it. */
810	DEBUG(0,("_netr_LogonSamLogon: client %s not using schannel for netlogon\n",
811	get_remote_machine_name() ));
812	return NT_STATUS_ACCESS_DENIED;
813	}
814
815	sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
816	if (!sam3) {
817	return NT_STATUS_NO_MEMORY;
818	}
819
820	/* store the user information, if there is any. */
821	r->out.validation->sam3 = sam3;
822	r->out.authoritative = true; / authoritative response */
823	if (r->in.validation_level != 2 && r->in.validation_level != 3) {
824	DEBUG(0,("_netr_LogonSamLogon: bad validation_level value %d.\n",
825	(int)r->in.validation_level));
826	return NT_STATUS_ACCESS_DENIED;
827	}
828
829	if (!get_valid_user_struct(p->vuid))
830	return NT_STATUS_NO_SUCH_USER;
831
832	if (process_creds) {
833	fstring remote_machine;
834
835	/* Get the remote machine name for the creds store. */
836	/* Note this is the remote machine this request is coming from (member server),
837	not neccessarily the workstation name the user is logging onto.
838	*/
839
840	fstrcpy(remote_machine, r->in.computer_name);
841
842	if (!p->dc) {
843	/* Restore the saved state of the netlogon creds. */
844	bool ret;
845
846	become_root();
847	ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
848	remote_machine,
849	&p->dc);
850	unbecome_root();
851	if (!ret) {
852	return NT_STATUS_INVALID_HANDLE;
853	}
854	}
855
856	if (!p->dc \|\| !p->dc->authenticated) {
857	return NT_STATUS_INVALID_HANDLE;
858	}
859
860	/* checks and updates credentials. creates reply credentials */
861	if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
862	DEBUG(2,("_netr_LogonSamLogon: creds_server_step failed. Rejecting auth "
863	"request from client %s machine account %s\n",
864	remote_machine, p->dc->mach_acct ));
865	return NT_STATUS_INVALID_PARAMETER;
866	}
867
868	/* We must store the creds state after an update. */
869	become_root();
870	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
871	remote_machine,
872	p->dc);
873	unbecome_root();
874	}
875
876	switch (r->in.logon_level) {
877	case INTERACTIVE_LOGON_TYPE:
878	fstrcpy(nt_username,
879	logon->password->identity_info.account_name.string);
880	fstrcpy(nt_domain,
881	logon->password->identity_info.domain_name.string);
882	fstrcpy(nt_workstation,
883	logon->password->identity_info.workstation.string);
884
885	DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
886	break;
887	case NET_LOGON_TYPE:
888	fstrcpy(nt_username,
889	logon->network->identity_info.account_name.string);
890	fstrcpy(nt_domain,
891	logon->network->identity_info.domain_name.string);
892	fstrcpy(nt_workstation,
893	logon->network->identity_info.workstation.string);
894
895	DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
896	break;
897	default:
898	DEBUG(2,("SAM Logon: unsupported switch value\n"));
899	return NT_STATUS_INVALID_INFO_CLASS;
900	} /* end switch */
901
902	DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
903	fstrcpy(current_user_info.smb_name, nt_username);
904	sub_set_smb_name(nt_username);
905
906	DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
907	r->in.validation_level, nt_username));
908
909	status = NT_STATUS_OK;
910
911	switch (r->in.logon_level) {
912	case NET_LOGON_TYPE:
913	{
914	const char *wksname = nt_workstation;
915
916	status = make_auth_context_fixed(&auth_context,
917	logon->network->challenge);
918	if (!NT_STATUS_IS_OK(status)) {
919	return status;
920	}
921
922	/* For a network logon, the workstation name comes in with two
923	* backslashes in the front. Strip them if they are there. */
924
925	if (*wksname == '\\') wksname++;
926	if (*wksname == '\\') wksname++;
927
928	/* Standard challenge/response authenticaion */
929	if (!make_user_info_netlogon_network(&user_info,
930	nt_username, nt_domain,
931	wksname,
932	logon->network->identity_info.parameter_control,
933	logon->network->lm.data,
934	logon->network->lm.length,
935	logon->network->nt.data,
936	logon->network->nt.length)) {
937	status = NT_STATUS_NO_MEMORY;
938	}
939	break;
940	}
941	case INTERACTIVE_LOGON_TYPE:
942	/* 'Interactive' authentication, supplies the password in its
943	MD4 form, encrypted with the session key. We will convert
944	this to challenge/response for the auth subsystem to chew
945	on */
946	{
947	const uint8 *chal;
948
949	if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
950	return status;
951	}
952
953	chal = auth_context->get_ntlm_challenge(auth_context);
954
955	if (!make_user_info_netlogon_interactive(&user_info,
956	nt_username, nt_domain,
957	nt_workstation,
958	logon->password->identity_info.parameter_control,
959	chal,
960	logon->password->lmpassword.hash,
961	logon->password->ntpassword.hash,
962	p->dc->sess_key)) {
963	status = NT_STATUS_NO_MEMORY;
964	}
965	break;
966	}
967	default:
968	DEBUG(2,("SAM Logon: unsupported switch value\n"));
969	return NT_STATUS_INVALID_INFO_CLASS;
970	} /* end switch */
971
972	if ( NT_STATUS_IS_OK(status) ) {
973	status = auth_context->check_ntlm_password(auth_context,
974	user_info, &server_info);
975	}
976
977	(auth_context->free)(&auth_context);
978	free_user_info(&user_info);
979
980	DEBUG(5,("_netr_LogonSamLogon: check_password returned status %s\n",
981	nt_errstr(status)));
982
983	/* Check account and password */
984
985	if (!NT_STATUS_IS_OK(status)) {
986	/* If we don't know what this domain is, we need to
987	indicate that we are not authoritative. This
988	allows the client to decide if it needs to try
989	a local user. Fix by [email protected], #2976 */
990	if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
991	&& !strequal(nt_domain, get_global_sam_name())
992	&& !is_trusted_domain(nt_domain) )
993	r->out.authoritative = false; / We are not authoritative */
994
995	TALLOC_FREE(server_info);
996	return status;
997	}
998
999	if (server_info->guest) {
1000	/* We don't like guest domain logons... */
1001	DEBUG(5,("_netr_LogonSamLogon: Attempted domain logon as GUEST "
1002	"denied.\n"));
1003	TALLOC_FREE(server_info);
1004	return NT_STATUS_LOGON_FAILURE;
1005	}
1006
1007	/* This is the point at which, if the login was successful, that
1008	the SAM Local Security Authority should record that the user is
1009	logged in to the domain. */
1010
1011	{
1012	DOM_GID *gids = NULL;
1013	const DOM_SID *user_sid = NULL;
1014	const DOM_SID *group_sid = NULL;
1015	DOM_SID domain_sid;
1016	uint32 user_rid, group_rid;
1017
1018	int num_gids = 0;
1019	const char *my_name;
1020
1021	struct netr_UserSessionKey user_session_key;
1022	struct netr_LMSessionKey lm_session_key;
1023	unsigned char pipe_session_key[16];
1024
1025	NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
1026	NTTIME allow_password_change, force_password_change;
1027	struct samr_RidWithAttributeArray groups;
1028	int i;
1029	struct dom_sid2 *sid = NULL;
1030
1031	ZERO_STRUCT(user_session_key);
1032	ZERO_STRUCT(lm_session_key);
1033
1034	sampw = server_info->sam_account;
1035
1036	user_sid = pdb_get_user_sid(sampw);
1037	group_sid = pdb_get_group_sid(sampw);
1038
1039	if ((user_sid == NULL) \|\| (group_sid == NULL)) {
1040	DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
1041	return NT_STATUS_UNSUCCESSFUL;
1042	}
1043
1044	sid_copy(&domain_sid, user_sid);
1045	sid_split_rid(&domain_sid, &user_rid);
1046
1047	sid = sid_dup_talloc(p->mem_ctx, &domain_sid);
1048	if (!sid) {
1049	return NT_STATUS_NO_MEMORY;
1050	}
1051
1052	if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
1053	DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
1054	"%s\n but group sid %s.\n"
1055	"The conflicting domain portions are not "
1056	"supported for NETLOGON calls\n",
1057	pdb_get_domain(sampw),
1058	pdb_get_username(sampw),
1059	sid_string_dbg(user_sid),
1060	sid_string_dbg(group_sid)));
1061	return NT_STATUS_UNSUCCESSFUL;
1062	}
1063
1064	if(server_info->login_server) {
1065	my_name = server_info->login_server;
1066	} else {
1067	my_name = global_myname();
1068	}
1069
1070	status = nt_token_to_group_list(p->mem_ctx, &domain_sid,
1071	server_info->num_sids,
1072	server_info->sids,
1073	&num_gids, &gids);
1074
1075	if (!NT_STATUS_IS_OK(status)) {
1076	return status;
1077	}
1078
1079	if (server_info->user_session_key.length) {
1080	memcpy(user_session_key.key,
1081	server_info->user_session_key.data,
1082	MIN(sizeof(user_session_key.key),
1083	server_info->user_session_key.length));
1084	if (process_creds) {
1085	/* Get the pipe session key from the creds. */
1086	memcpy(pipe_session_key, p->dc->sess_key, 16);
1087	} else {
1088	/* Get the pipe session key from the schannel. */
1089	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL \|\| p->auth.a_u.schannel_auth == NULL) {
1090	return NT_STATUS_INVALID_HANDLE;
1091	}
1092	memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1093	}
1094	SamOEMhash(user_session_key.key, pipe_session_key, 16);
1095	memset(pipe_session_key, '\0', 16);
1096	}
1097	if (server_info->lm_session_key.length) {
1098	memcpy(lm_session_key.key,
1099	server_info->lm_session_key.data,
1100	MIN(sizeof(lm_session_key.key),
1101	server_info->lm_session_key.length));
1102	if (process_creds) {
1103	/* Get the pipe session key from the creds. */
1104	memcpy(pipe_session_key, p->dc->sess_key, 16);
1105	} else {
1106	/* Get the pipe session key from the schannel. */
1107	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL \|\| p->auth.a_u.schannel_auth == NULL) {
1108	return NT_STATUS_INVALID_HANDLE;
1109	}
1110	memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1111	}
1112	SamOEMhash(lm_session_key.key, pipe_session_key, 8);
1113	memset(pipe_session_key, '\0', 16);
1114	}
1115
1116	groups.count = num_gids;
1117	groups.rids = TALLOC_ARRAY(p->mem_ctx, struct samr_RidWithAttribute,
1118	groups.count);
1119	if (!groups.rids) {
1120	return NT_STATUS_NO_MEMORY;
1121	}
1122
1123	for (i=0; i < groups.count; i++) {
1124	groups.rids[i].rid = gids[i].g_rid;
1125	groups.rids[i].attributes = gids[i].attr;
1126	}
1127
1128	unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
1129	unix_to_nt_time(&last_logoff, get_time_t_max());
1130	unix_to_nt_time(&acct_expiry, get_time_t_max());
1131	unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
1132	unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
1133	unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
1134
1135	init_netr_SamInfo3(sam3,
1136	last_logon,
1137	last_logoff,
1138	acct_expiry,
1139	last_password_change,
1140	allow_password_change,
1141	force_password_change,
1142	talloc_strdup(p->mem_ctx, pdb_get_username(sampw)),
1143	talloc_strdup(p->mem_ctx, pdb_get_fullname(sampw)),
1144	talloc_strdup(p->mem_ctx, pdb_get_logon_script(sampw)),
1145	talloc_strdup(p->mem_ctx, pdb_get_profile_path(sampw)),
1146	talloc_strdup(p->mem_ctx, pdb_get_homedir(sampw)),
1147	talloc_strdup(p->mem_ctx, pdb_get_dir_drive(sampw)),
1148	0, /* logon_count */
1149	0, /* bad_password_count */
1150	user_rid,
1151	group_rid,
1152	groups,
1153	NETLOGON_EXTRA_SIDS,
1154	user_session_key,
1155	my_name,
1156	talloc_strdup(p->mem_ctx, pdb_get_domain(sampw)),
1157	sid,
1158	lm_session_key,
1159	pdb_get_acct_ctrl(sampw),
1160	0, /* sidcount */
1161	NULL); /* struct netr_SidAttr sids /
1162	ZERO_STRUCT(user_session_key);
1163	ZERO_STRUCT(lm_session_key);
1164	}
1165	TALLOC_FREE(server_info);
1166	return status;
1167	}
1168
1169	/*************************************************************************
1170	_netr_LogonSamLogonEx
1171	- no credential chaining. Map into net sam logon.
1172	*************************************************************************/
1173
1174	NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1175	struct netr_LogonSamLogonEx *r)
1176	{
1177	struct netr_LogonSamLogon q;
1178
1179	/* Only allow this if the pipe is protected. */
1180	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1181	DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n",
1182	get_remote_machine_name() ));
1183	return NT_STATUS_INVALID_PARAMETER;
1184	}
1185
1186	q.in.server_name = r->in.server_name;
1187	q.in.computer_name = r->in.computer_name;
1188	q.in.logon_level = r->in.logon_level;
1189	q.in.logon = r->in.logon;
1190	q.in.validation_level = r->in.validation_level;
1191	/* we do not handle the flags */
1192	/* = r->in.flags; */
1193
1194	q.out.validation = r->out.validation;
1195	q.out.authoritative = r->out.authoritative;
1196	/* we do not handle the flags */
1197	/* = r->out.flags; */
1198
1199	return _netr_LogonSamLogon(p, &q);
1200	}
1201
1202	/*************************************************************************
1203	_ds_enum_dom_trusts
1204	*************************************************************************/
1205	#if 0 /* JERRY -- not correct */
1206	NTSTATUS _ds_enum_dom_trusts(pipes_struct p, DS_Q_ENUM_DOM_TRUSTS q_u,
1207	DS_R_ENUM_DOM_TRUSTS *r_u)
1208	{
1209	NTSTATUS status = NT_STATUS_OK;
1210
1211	/* TODO: According to MSDN, the can only be executed against a
1212	DC or domain member running Windows 2000 or later. Need
1213	to test against a standalone 2k server and see what it
1214	does. A windows 2000 DC includes its own domain in the
1215	list. --jerry */
1216
1217	return status;
1218	}
1219	#endif /* JERRY */
1220
1221
1222	/****************************************************************
1223	****************************************************************/
1224
1225	WERROR _netr_LogonUasLogon(pipes_struct *p,
1226	struct netr_LogonUasLogon *r)
1227	{
1228	p->rng_fault_state = true;
1229	return WERR_NOT_SUPPORTED;
1230	}
1231
1232	/****************************************************************
1233	****************************************************************/
1234
1235	WERROR _netr_LogonUasLogoff(pipes_struct *p,
1236	struct netr_LogonUasLogoff *r)
1237	{
1238	p->rng_fault_state = true;
1239	return WERR_NOT_SUPPORTED;
1240	}
1241
1242	/****************************************************************
1243	****************************************************************/
1244
1245	NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1246	struct netr_DatabaseDeltas *r)
1247	{
1248	p->rng_fault_state = true;
1249	return NT_STATUS_NOT_IMPLEMENTED;
1250	}
1251
1252	/****************************************************************
1253	****************************************************************/
1254
1255	NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1256	struct netr_DatabaseSync *r)
1257	{
1258	p->rng_fault_state = true;
1259	return NT_STATUS_NOT_IMPLEMENTED;
1260	}
1261
1262	/****************************************************************
1263	****************************************************************/
1264
1265	NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1266	struct netr_AccountDeltas *r)
1267	{
1268	p->rng_fault_state = true;
1269	return NT_STATUS_NOT_IMPLEMENTED;
1270	}
1271
1272	/****************************************************************
1273	****************************************************************/
1274
1275	NTSTATUS _netr_AccountSync(pipes_struct *p,
1276	struct netr_AccountSync *r)
1277	{
1278	p->rng_fault_state = true;
1279	return NT_STATUS_NOT_IMPLEMENTED;
1280	}
1281
1282	/****************************************************************
1283	****************************************************************/
1284
1285	WERROR _netr_GetDcName(pipes_struct *p,
1286	struct netr_GetDcName *r)
1287	{
1288	p->rng_fault_state = true;
1289	return WERR_NOT_SUPPORTED;
1290	}
1291
1292	/****************************************************************
1293	****************************************************************/
1294
1295	WERROR _netr_GetAnyDCName(pipes_struct *p,
1296	struct netr_GetAnyDCName *r)
1297	{
1298	p->rng_fault_state = true;
1299	return WERR_NOT_SUPPORTED;
1300	}
1301
1302	/****************************************************************
1303	****************************************************************/
1304
1305	NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1306	struct netr_DatabaseSync2 *r)
1307	{
1308	p->rng_fault_state = true;
1309	return NT_STATUS_NOT_IMPLEMENTED;
1310	}
1311
1312	/****************************************************************
1313	****************************************************************/
1314
1315	NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1316	struct netr_DatabaseRedo *r)
1317	{
1318	p->rng_fault_state = true;
1319	return NT_STATUS_NOT_IMPLEMENTED;
1320	}
1321
1322	/****************************************************************
1323	****************************************************************/
1324
1325	WERROR _netr_LogonControl2Ex(pipes_struct *p,
1326	struct netr_LogonControl2Ex *r)
1327	{
1328	p->rng_fault_state = true;
1329	return WERR_NOT_SUPPORTED;
1330	}
1331
1332	/****************************************************************
1333	****************************************************************/
1334
1335	WERROR _netr_DsRGetDCName(pipes_struct *p,
1336	struct netr_DsRGetDCName *r)
1337	{
1338	p->rng_fault_state = true;
1339	return WERR_NOT_SUPPORTED;
1340	}
1341
1342	/****************************************************************
1343	****************************************************************/
1344
1345	WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p,
1346	struct netr_NETRLOGONDUMMYROUTINE1 *r)
1347	{
1348	p->rng_fault_state = true;
1349	return WERR_NOT_SUPPORTED;
1350	}
1351
1352	/****************************************************************
1353	****************************************************************/
1354
1355	WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1356	struct netr_NETRLOGONSETSERVICEBITS *r)
1357	{
1358	p->rng_fault_state = true;
1359	return WERR_NOT_SUPPORTED;
1360	}
1361
1362	/****************************************************************
1363	****************************************************************/
1364
1365	WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1366	struct netr_LogonGetTrustRid *r)
1367	{
1368	p->rng_fault_state = true;
1369	return WERR_NOT_SUPPORTED;
1370	}
1371
1372	/****************************************************************
1373	****************************************************************/
1374
1375	WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1376	struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1377	{
1378	p->rng_fault_state = true;
1379	return WERR_NOT_SUPPORTED;
1380	}
1381
1382	/****************************************************************
1383	****************************************************************/
1384
1385	WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1386	struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1387	{
1388	p->rng_fault_state = true;
1389	return WERR_NOT_SUPPORTED;
1390	}
1391
1392	/****************************************************************
1393	****************************************************************/
1394
1395	NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
1396	struct netr_ServerAuthenticate3 *r)
1397	{
1398	p->rng_fault_state = true;
1399	return NT_STATUS_NOT_IMPLEMENTED;
1400	}
1401
1402	/****************************************************************
1403	****************************************************************/
1404
1405	WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1406	struct netr_DsRGetDCNameEx *r)
1407	{
1408	p->rng_fault_state = true;
1409	return WERR_NOT_SUPPORTED;
1410	}
1411
1412	/****************************************************************
1413	****************************************************************/
1414
1415	WERROR _netr_DsRGetSiteName(pipes_struct *p,
1416	struct netr_DsRGetSiteName *r)
1417	{
1418	p->rng_fault_state = true;
1419	return WERR_NOT_SUPPORTED;
1420	}
1421
1422	/****************************************************************
1423	****************************************************************/
1424
1425	NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1426	struct netr_LogonGetDomainInfo *r)
1427	{
1428	p->rng_fault_state = true;
1429	return NT_STATUS_NOT_IMPLEMENTED;
1430	}
1431
1432	/****************************************************************
1433	****************************************************************/
1434
1435	NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
1436	struct netr_ServerPasswordSet2 *r)
1437	{
1438	p->rng_fault_state = true;
1439	return NT_STATUS_NOT_IMPLEMENTED;
1440	}
1441
1442	/****************************************************************
1443	****************************************************************/
1444
1445	WERROR _netr_ServerPasswordGet(pipes_struct *p,
1446	struct netr_ServerPasswordGet *r)
1447	{
1448	p->rng_fault_state = true;
1449	return WERR_NOT_SUPPORTED;
1450	}
1451
1452	/****************************************************************
1453	****************************************************************/
1454
1455	WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1456	struct netr_NETRLOGONSENDTOSAM *r)
1457	{
1458	p->rng_fault_state = true;
1459	return WERR_NOT_SUPPORTED;
1460	}
1461
1462	/****************************************************************
1463	****************************************************************/
1464
1465	WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1466	struct netr_DsRAddressToSitenamesW *r)
1467	{
1468	p->rng_fault_state = true;
1469	return WERR_NOT_SUPPORTED;
1470	}
1471
1472	/****************************************************************
1473	****************************************************************/
1474
1475	WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1476	struct netr_DsRGetDCNameEx2 *r)
1477	{
1478	p->rng_fault_state = true;
1479	return WERR_NOT_SUPPORTED;
1480	}
1481
1482	/****************************************************************
1483	****************************************************************/
1484
1485	WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1486	struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1487	{
1488	p->rng_fault_state = true;
1489	return WERR_NOT_SUPPORTED;
1490	}
1491
1492	/****************************************************************
1493	****************************************************************/
1494
1495	WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1496	struct netr_NetrEnumerateTrustedDomainsEx *r)
1497	{
1498	p->rng_fault_state = true;
1499	return WERR_NOT_SUPPORTED;
1500	}
1501
1502	/****************************************************************
1503	****************************************************************/
1504
1505	WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1506	struct netr_DsRAddressToSitenamesExW *r)
1507	{
1508	p->rng_fault_state = true;
1509	return WERR_NOT_SUPPORTED;
1510	}
1511
1512	/****************************************************************
1513	****************************************************************/
1514
1515	WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1516	struct netr_DsrGetDcSiteCoverageW *r)
1517	{
1518	p->rng_fault_state = true;
1519	return WERR_NOT_SUPPORTED;
1520	}
1521
1522	/****************************************************************
1523	****************************************************************/
1524
1525	WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1526	struct netr_DsrEnumerateDomainTrusts *r)
1527	{
1528	p->rng_fault_state = true;
1529	return WERR_NOT_SUPPORTED;
1530	}
1531
1532	/****************************************************************
1533	****************************************************************/
1534
1535	WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1536	struct netr_DsrDeregisterDNSHostRecords *r)
1537	{
1538	p->rng_fault_state = true;
1539	return WERR_NOT_SUPPORTED;
1540	}
1541
1542	/****************************************************************
1543	****************************************************************/
1544
1545	NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1546	struct netr_ServerTrustPasswordsGet *r)
1547	{
1548	p->rng_fault_state = true;
1549	return NT_STATUS_NOT_IMPLEMENTED;
1550	}
1551
1552	/****************************************************************
1553	****************************************************************/
1554
1555	WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1556	struct netr_DsRGetForestTrustInformation *r)
1557	{
1558	p->rng_fault_state = true;
1559	return WERR_NOT_SUPPORTED;
1560	}
1561
1562	/****************************************************************
1563	****************************************************************/
1564
1565	WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1566	struct netr_GetForestTrustInformation *r)
1567	{
1568	p->rng_fault_state = true;
1569	return WERR_NOT_SUPPORTED;
1570	}
1571
1572	/****************************************************************
1573	****************************************************************/
1574
1575	NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1576	struct netr_LogonSamLogonWithFlags *r)
1577	{
1578	p->rng_fault_state = true;
1579	return NT_STATUS_NOT_IMPLEMENTED;
1580	}
1581
1582	/****************************************************************
1583	****************************************************************/
1584
1585	WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p,
1586	struct netr_NETRSERVERGETTRUSTINFO *r)
1587	{
1588	p->rng_fault_state = true;
1589	return WERR_NOT_SUPPORTED;
1590	}
1591

Note: See TracBrowser for help on using the repository browser.

Download in other formats: