Context Navigation

source: branches/samba-3.2.x/source/rpc_server/srv_netlog_nt.c@ 233

Visit:

Last change on this file since 233 was 233, checked in by Herwig Bauernfeind, 17 years ago
Update 3.2 branch to 3.2.9
File size: 48.0 KB

Line
1	/*
2	* Unix SMB/CIFS implementation.
3	* RPC Pipe client / server routines
4	* Copyright (C) Andrew Tridgell 1992-1997,
5	* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6	* Copyright (C) Paul Ashton 1997.
7	* Copyright (C) Jeremy Allison 1998-2001.
8	* Copyright (C) Andrew Bartlett 2001.
9	* Copyright (C) Guenther Deschner 2008.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 3 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License
22	* along with this program; if not, see <http://www.gnu.org/licenses/>.
23	*/
24
25	/* This is the implementation of the netlogon pipe. */
26
27	#include "includes.h"
28
29	extern userdom_struct current_user_info;
30
31	#undef DBGC_CLASS
32	#define DBGC_CLASS DBGC_RPC_SRV
33
34	/*************************************************************************
35	init_net_r_req_chal:
36	*************************************************************************/
37
38	static void init_net_r_req_chal(struct netr_Credential *r,
39	struct netr_Credential *srv_chal)
40	{
41	DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
42
43	memcpy(r->data, srv_chal->data, sizeof(r->data));
44	}
45
46	/*******************************************************************
47	Inits a netr_NETLOGON_INFO_1 structure.
48	********************************************************************/
49
50	static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
51	uint32_t flags,
52	uint32_t pdc_connection_status)
53	{
54	r->flags = flags;
55	r->pdc_connection_status = pdc_connection_status;
56	}
57
58	/*******************************************************************
59	Inits a netr_NETLOGON_INFO_2 structure.
60	********************************************************************/
61
62	static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
63	uint32_t flags,
64	uint32_t pdc_connection_status,
65	const char *trusted_dc_name,
66	uint32_t tc_connection_status)
67	{
68	r->flags = flags;
69	r->pdc_connection_status = pdc_connection_status;
70	r->trusted_dc_name = trusted_dc_name;
71	r->tc_connection_status = tc_connection_status;
72	}
73
74	/*******************************************************************
75	Inits a netr_NETLOGON_INFO_3 structure.
76	********************************************************************/
77
78	static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
79	uint32_t flags,
80	uint32_t logon_attempts)
81	{
82	r->flags = flags;
83	r->logon_attempts = logon_attempts;
84	}
85
86	/*************************************************************************
87	_netr_LogonControl
88	*************************************************************************/
89
90	WERROR _netr_LogonControl(pipes_struct *p,
91	struct netr_LogonControl *r)
92	{
93	struct netr_NETLOGON_INFO_1 *info1;
94	uint32_t flags = 0x0;
95	uint32_t pdc_connection_status = W_ERROR_V(WERR_OK);
96
97	/* Setup the Logon Control response */
98
99	switch (r->in.level) {
100	case 1:
101	info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
102	if (!info1) {
103	return WERR_NOMEM;
104	}
105	init_netlogon_info1(info1,
106	flags,
107	pdc_connection_status);
108	r->out.info->info1 = info1;
109	break;
110	default:
111	return WERR_UNKNOWN_LEVEL;
112	}
113
114	return WERR_OK;
115	}
116
117	/****************************************************************************
118	Send a message to smbd to do a sam synchronisation
119	**************************************************************************/
120
121	static void send_sync_message(void)
122	{
123	DEBUG(3, ("sending sam synchronisation message\n"));
124	message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
125	NULL);
126	}
127
128	/*************************************************************************
129	_netr_LogonControl2
130	*************************************************************************/
131
132	WERROR _netr_LogonControl2(pipes_struct *p,
133	struct netr_LogonControl2 *r)
134	{
135	uint32 flags = 0x0;
136	uint32 pdc_connection_status = 0x0;
137	uint32 logon_attempts = 0x0;
138	uint32 tc_status;
139	fstring dc_name2;
140	const char *dc_name = NULL;
141	struct sockaddr_storage dc_ss;
142	const char *domain = NULL;
143	struct netr_NETLOGON_INFO_1 *info1;
144	struct netr_NETLOGON_INFO_2 *info2;
145	struct netr_NETLOGON_INFO_3 *info3;
146
147	tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
148
149	switch (r->in.function_code) {
150	case NETLOGON_CONTROL_TC_QUERY:
151	domain = r->in.data->domain;
152
153	if ( !is_trusted_domain( domain ) )
154	break;
155
156	if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
157	tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
158	break;
159	}
160
161	dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
162	if (!dc_name) {
163	return WERR_NOMEM;
164	}
165
166	tc_status = W_ERROR_V(WERR_OK);
167
168	break;
169
170	case NETLOGON_CONTROL_REDISCOVER:
171	domain = r->in.data->domain;
172
173	if ( !is_trusted_domain( domain ) )
174	break;
175
176	if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
177	tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
178	break;
179	}
180
181	dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
182	if (!dc_name) {
183	return WERR_NOMEM;
184	}
185
186	tc_status = W_ERROR_V(WERR_OK);
187
188	break;
189
190	default:
191	/* no idea what this should be */
192	DEBUG(0,("_netr_LogonControl2: unimplemented function level [%d]\n",
193	r->in.function_code));
194	return WERR_UNKNOWN_LEVEL;
195	}
196
197	/* prepare the response */
198
199	switch (r->in.level) {
200	case 1:
201	info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
202	W_ERROR_HAVE_NO_MEMORY(info1);
203
204	init_netlogon_info1(info1,
205	flags,
206	pdc_connection_status);
207	r->out.query->info1 = info1;
208	break;
209	case 2:
210	info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
211	W_ERROR_HAVE_NO_MEMORY(info2);
212
213	init_netlogon_info2(info2,
214	flags,
215	pdc_connection_status,
216	dc_name,
217	tc_status);
218	r->out.query->info2 = info2;
219	break;
220	case 3:
221	info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
222	W_ERROR_HAVE_NO_MEMORY(info3);
223
224	init_netlogon_info3(info3,
225	flags,
226	logon_attempts);
227	r->out.query->info3 = info3;
228	break;
229	default:
230	return WERR_UNKNOWN_LEVEL;
231	}
232
233	if (lp_server_role() == ROLE_DOMAIN_BDC) {
234	send_sync_message();
235	}
236
237	return WERR_OK;
238	}
239
240	/*************************************************************************
241	_netr_NetrEnumerateTrustedDomains
242	*************************************************************************/
243
244	WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
245	struct netr_NetrEnumerateTrustedDomains *r)
246	{
247	struct netr_Blob trusted_domains_blob;
248	DATA_BLOB blob;
249
250	DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
251
252	/* set up the Trusted Domain List response */
253
254	blob = data_blob_talloc_zero(p->mem_ctx, 2);
255	trusted_domains_blob.data = blob.data;
256	trusted_domains_blob.length = blob.length;
257
258	DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
259
260	*r->out.trusted_domains_blob = trusted_domains_blob;
261
262	return WERR_OK;
263	}
264
265	/******************************************************************
266	gets a machine password entry. checks access rights of the host.
267	******************************************************************/
268
269	static NTSTATUS get_md4pw(char md4pw, const char mach_acct, uint16 sec_chan_type)
270	{
271	struct samu *sampass = NULL;
272	const uint8 *pass;
273	bool ret;
274	uint32 acct_ctrl;
275
276	#if 0
277	char addr[INET6_ADDRSTRLEN];
278
279	/*
280	* Currently this code is redundent as we already have a filter
281	* by hostname list. What this code really needs to do is to
282	* get a hosts allowed/hosts denied list from the SAM database
283	* on a per user basis, and make the access decision there.
284	* I will leave this code here for now as a reminder to implement
285	* this at a later date. JRA.
286	*/
287
288	if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
289	client_name(get_client_fd()),
290	client_addr(get_client_fd(),addr,sizeof(addr)))) {
291	DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
292	return False;
293	}
294	#endif /* 0 */
295
296	if ( !(sampass = samu_new( NULL )) ) {
297	return NT_STATUS_NO_MEMORY;
298	}
299
300	/* JRA. This is ok as it is only used for generating the challenge. */
301	become_root();
302	ret = pdb_getsampwnam(sampass, mach_acct);
303	unbecome_root();
304
305	if (!ret) {
306	DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
307	TALLOC_FREE(sampass);
308	return NT_STATUS_ACCESS_DENIED;
309	}
310
311	acct_ctrl = pdb_get_acct_ctrl(sampass);
312	if (acct_ctrl & ACB_DISABLED) {
313	DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
314	TALLOC_FREE(sampass);
315	return NT_STATUS_ACCOUNT_DISABLED;
316	}
317
318	if (!(acct_ctrl & ACB_SVRTRUST) &&
319	!(acct_ctrl & ACB_WSTRUST) &&
320	!(acct_ctrl & ACB_DOMTRUST))
321	{
322	DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
323	TALLOC_FREE(sampass);
324	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
325	}
326
327	switch (sec_chan_type) {
328	case SEC_CHAN_BDC:
329	if (!(acct_ctrl & ACB_SVRTRUST)) {
330	DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
331	"but not a server trust account\n", mach_acct));
332	TALLOC_FREE(sampass);
333	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
334	}
335	break;
336	case SEC_CHAN_WKSTA:
337	if (!(acct_ctrl & ACB_WSTRUST)) {
338	DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
339	"but not a workstation trust account\n", mach_acct));
340	TALLOC_FREE(sampass);
341	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
342	}
343	break;
344	case SEC_CHAN_DOMAIN:
345	if (!(acct_ctrl & ACB_DOMTRUST)) {
346	DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
347	"but not a interdomain trust account\n", mach_acct));
348	TALLOC_FREE(sampass);
349	return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
350	}
351	break;
352	default:
353	break;
354	}
355
356	if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
357	DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
358	TALLOC_FREE(sampass);
359	return NT_STATUS_LOGON_FAILURE;
360	}
361
362	memcpy(md4pw, pass, 16);
363	dump_data(5, (uint8 *)md4pw, 16);
364
365	TALLOC_FREE(sampass);
366
367	return NT_STATUS_OK;
368
369
370	}
371
372	/*************************************************************************
373	_netr_ServerReqChallenge
374	*************************************************************************/
375
376	NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
377	struct netr_ServerReqChallenge *r)
378	{
379	if (!p->dc) {
380	p->dc = TALLOC_ZERO_P(p->pipe_state_mem_ctx, struct dcinfo);
381	if (!p->dc) {
382	return NT_STATUS_NO_MEMORY;
383	}
384	} else {
385	DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
386	ZERO_STRUCTP(p->dc);
387	}
388
389	fstrcpy(p->dc->remote_machine, r->in.computer_name);
390
391	/* Save the client challenge to the server. */
392	memcpy(p->dc->clnt_chal.data, r->in.credentials->data,
393	sizeof(r->in.credentials->data));
394
395	/* Create a server challenge for the client */
396	/* Set this to a random value. */
397	generate_random_buffer(p->dc->srv_chal.data, 8);
398
399	/* set up the LSA REQUEST CHALLENGE response */
400	init_net_r_req_chal(r->out.return_credentials, &p->dc->srv_chal);
401
402	p->dc->challenge_sent = True;
403
404	return NT_STATUS_OK;
405	}
406
407	/*************************************************************************
408	_netr_ServerAuthenticate
409	Create the initial credentials.
410	*************************************************************************/
411
412	NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
413	struct netr_ServerAuthenticate *r)
414	{
415	NTSTATUS status;
416	struct netr_Credential srv_chal_out;
417
418	if (!p->dc \|\| !p->dc->challenge_sent) {
419	return NT_STATUS_ACCESS_DENIED;
420	}
421
422	status = get_md4pw((char *)p->dc->mach_pw,
423	r->in.account_name,
424	r->in.secure_channel_type);
425	if (!NT_STATUS_IS_OK(status)) {
426	DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
427	"get password for machine account %s "
428	"from client %s: %s\n",
429	r->in.account_name,
430	r->in.computer_name,
431	nt_errstr(status) ));
432	/* always return NT_STATUS_ACCESS_DENIED */
433	return NT_STATUS_ACCESS_DENIED;
434	}
435
436	/* From the client / server challenges and md4 password, generate sess key */
437	creds_server_init(0, /* No neg flags. */
438	p->dc,
439	&p->dc->clnt_chal, /* Stored client chal. */
440	&p->dc->srv_chal, /* Stored server chal. */
441	p->dc->mach_pw,
442	&srv_chal_out);
443
444	/* Check client credentials are valid. */
445	if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
446	DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth "
447	"request from client %s machine account %s\n",
448	r->in.computer_name,
449	r->in.account_name));
450	return NT_STATUS_ACCESS_DENIED;
451	}
452
453	fstrcpy(p->dc->mach_acct, r->in.account_name);
454	fstrcpy(p->dc->remote_machine, r->in.computer_name);
455	p->dc->authenticated = True;
456
457	/* set up the LSA AUTH response */
458	/* Return the server credentials. */
459
460	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
461	sizeof(r->out.return_credentials->data));
462
463	return NT_STATUS_OK;
464	}
465
466	/*************************************************************************
467	_netr_ServerAuthenticate2
468	*************************************************************************/
469
470	NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
471	struct netr_ServerAuthenticate2 *r)
472	{
473	NTSTATUS status;
474	uint32_t srv_flgs;
475	struct netr_Credential srv_chal_out;
476
477	/* According to Microsoft (see bugid #6099)
478	* Windows 7 looks at the negotiate_flags
479	* returned in this structure *even if the
480	* call fails with access denied ! So in order
481	* to allow Win7 to connect to a Samba NT style
482	* PDC we set the flags before we know if it's
483	* an error or not.
484	*/
485
486	/* 0x000001ff */
487	srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT \|
488	NETLOGON_NEG_PERSISTENT_SAMREPL \|
489	NETLOGON_NEG_ARCFOUR \|
490	NETLOGON_NEG_PROMOTION_COUNT \|
491	NETLOGON_NEG_CHANGELOG_BDC \|
492	NETLOGON_NEG_FULL_SYNC_REPL \|
493	NETLOGON_NEG_MULTIPLE_SIDS \|
494	NETLOGON_NEG_REDO \|
495	NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
496
497	if (lp_server_schannel() != false) {
498	srv_flgs \|= NETLOGON_NEG_SCHANNEL;
499	}
500
501	*r->out.negotiate_flags = srv_flgs;
502
503	/* We use this as the key to store the creds: */
504	/* r->in.computer_name */
505
506	if (!p->dc \|\| !p->dc->challenge_sent) {
507	DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
508	r->in.computer_name));
509	return NT_STATUS_ACCESS_DENIED;
510	}
511
512	if ( (lp_server_schannel() == true) &&
513	((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
514
515	/* schannel must be used, but client did not offer it. */
516	DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
517	"to offer it. Client was %s\n",
518	r->in.account_name));
519	return NT_STATUS_ACCESS_DENIED;
520	}
521
522	status = get_md4pw((char *)p->dc->mach_pw,
523	r->in.account_name,
524	r->in.secure_channel_type);
525	if (!NT_STATUS_IS_OK(status)) {
526	DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for "
527	"account %s: %s\n",
528	r->in.account_name, nt_errstr(status) ));
529	/* always return NT_STATUS_ACCESS_DENIED */
530	return NT_STATUS_ACCESS_DENIED;
531	}
532
533	/* From the client / server challenges and md4 password, generate sess key */
534	creds_server_init(*r->in.negotiate_flags,
535	p->dc,
536	&p->dc->clnt_chal, /* Stored client chal. */
537	&p->dc->srv_chal, /* Stored server chal. */
538	p->dc->mach_pw,
539	&srv_chal_out);
540
541	/* Check client credentials are valid. */
542	if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
543	DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth "
544	"request from client %s machine account %s\n",
545	r->in.computer_name,
546	r->in.account_name));
547	return NT_STATUS_ACCESS_DENIED;
548	}
549
550	/* set up the LSA AUTH 2 response */
551	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
552	sizeof(r->out.return_credentials->data));
553
554	fstrcpy(p->dc->mach_acct, r->in.account_name);
555	fstrcpy(p->dc->remote_machine, r->in.computer_name);
556	fstrcpy(p->dc->domain, lp_workgroup() );
557
558	p->dc->authenticated = True;
559
560	/* Store off the state so we can continue after client disconnect. */
561	become_root();
562	secrets_store_schannel_session_info(p->mem_ctx,
563	r->in.computer_name,
564	p->dc);
565	unbecome_root();
566
567	return NT_STATUS_OK;
568	}
569
570	/*************************************************************************
571	_netr_ServerPasswordSet
572	*************************************************************************/
573
574	NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
575	struct netr_ServerPasswordSet *r)
576	{
577	NTSTATUS status = NT_STATUS_OK;
578	fstring remote_machine;
579	struct samu *sampass=NULL;
580	bool ret = False;
581	unsigned char pwd[16];
582	int i;
583	uint32 acct_ctrl;
584	struct netr_Authenticator cred_out;
585	const uchar *old_pw;
586
587	DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
588
589	/* We need the remote machine name for the creds lookup. */
590	fstrcpy(remote_machine, r->in.computer_name);
591
592	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
593	/* 'server schannel = yes' should enforce use of
594	schannel, the client did offer it in auth2, but
595	obviously did not use it. */
596	DEBUG(0,("_netr_ServerPasswordSet: client %s not using schannel for netlogon\n",
597	remote_machine ));
598	return NT_STATUS_ACCESS_DENIED;
599	}
600
601	if (!p->dc) {
602	/* Restore the saved state of the netlogon creds. */
603	become_root();
604	ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
605	remote_machine,
606	&p->dc);
607	unbecome_root();
608	if (!ret) {
609	return NT_STATUS_INVALID_HANDLE;
610	}
611	}
612
613	if (!p->dc \|\| !p->dc->authenticated) {
614	return NT_STATUS_INVALID_HANDLE;
615	}
616
617	DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
618	remote_machine, p->dc->mach_acct));
619
620	/* Step the creds chain forward. */
621	if (!netlogon_creds_server_step(p->dc, r->in.credential, &cred_out)) {
622	DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
623	"request from client %s machine account %s\n",
624	remote_machine, p->dc->mach_acct ));
625	return NT_STATUS_INVALID_PARAMETER;
626	}
627
628	/* We must store the creds state after an update. */
629	sampass = samu_new( NULL );
630	if (!sampass) {
631	return NT_STATUS_NO_MEMORY;
632	}
633
634	become_root();
635	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
636	remote_machine,
637	p->dc);
638	ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
639	unbecome_root();
640
641	if (!ret) {
642	TALLOC_FREE(sampass);
643	return NT_STATUS_ACCESS_DENIED;
644	}
645
646	/* Ensure the account exists and is a machine account. */
647
648	acct_ctrl = pdb_get_acct_ctrl(sampass);
649
650	if (!(acct_ctrl & ACB_WSTRUST \|\|
651	acct_ctrl & ACB_SVRTRUST \|\|
652	acct_ctrl & ACB_DOMTRUST)) {
653	TALLOC_FREE(sampass);
654	return NT_STATUS_NO_SUCH_USER;
655	}
656
657	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
658	TALLOC_FREE(sampass);
659	return NT_STATUS_ACCOUNT_DISABLED;
660	}
661
662	/* Woah - what does this to to the credential chain ? JRA */
663	cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
664
665	DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
666	for(i = 0; i < sizeof(pwd); i++)
667	DEBUG(100,("%02X ", pwd[i]));
668	DEBUG(100,("\n"));
669
670	old_pw = pdb_get_nt_passwd(sampass);
671
672	if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
673	/* Avoid backend modificiations and other fun if the
674	client changed the password to the same thing */
675
676	ret = True;
677	} else {
678
679	/* LM password should be NULL for machines */
680	if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
681	TALLOC_FREE(sampass);
682	return NT_STATUS_NO_MEMORY;
683	}
684
685	if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
686	TALLOC_FREE(sampass);
687	return NT_STATUS_NO_MEMORY;
688	}
689
690	if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
691	TALLOC_FREE(sampass);
692	/* Not quite sure what this one qualifies as, but this will do */
693	return NT_STATUS_UNSUCCESSFUL;
694	}
695
696	become_root();
697	status = pdb_update_sam_account(sampass);
698	unbecome_root();
699	}
700
701	/* set up the LSA Server Password Set response */
702
703	memcpy(r->out.return_authenticator, &cred_out,
704	sizeof(*(r->out.return_authenticator)));
705
706	TALLOC_FREE(sampass);
707	return status;
708	}
709
710	/*************************************************************************
711	_netr_LogonSamLogoff
712	*************************************************************************/
713
714	NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
715	struct netr_LogonSamLogoff *r)
716	{
717	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
718	/* 'server schannel = yes' should enforce use of
719	schannel, the client did offer it in auth2, but
720	obviously did not use it. */
721	DEBUG(0,("_netr_LogonSamLogoff: client %s not using schannel for netlogon\n",
722	get_remote_machine_name() ));
723	return NT_STATUS_ACCESS_DENIED;
724	}
725
726
727	if (!get_valid_user_struct(p->vuid))
728	return NT_STATUS_NO_SUCH_USER;
729
730	/* Using the remote machine name for the creds store: */
731	/* r->in.computer_name */
732
733	if (!p->dc) {
734	/* Restore the saved state of the netlogon creds. */
735	bool ret;
736
737	become_root();
738	ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
739	r->in.computer_name,
740	&p->dc);
741	unbecome_root();
742	if (!ret) {
743	return NT_STATUS_INVALID_HANDLE;
744	}
745	}
746
747	if (!p->dc \|\| !p->dc->authenticated) {
748	return NT_STATUS_INVALID_HANDLE;
749	}
750
751	/* checks and updates credentials. creates reply credentials */
752	if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
753	DEBUG(2,("_netr_LogonSamLogoff: netlogon_creds_server_step failed. Rejecting auth "
754	"request from client %s machine account %s\n",
755	r->in.computer_name, p->dc->mach_acct ));
756	return NT_STATUS_INVALID_PARAMETER;
757	}
758
759	/* We must store the creds state after an update. */
760	become_root();
761	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
762	r->in.computer_name,
763	p->dc);
764	unbecome_root();
765
766	return NT_STATUS_OK;
767	}
768
769	/*******************************************************************
770	gets a domain user's groups from their already-calculated NT_USER_TOKEN
771	********************************************************************/
772
773	static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
774	const DOM_SID *domain_sid,
775	size_t num_sids,
776	const DOM_SID *sids,
777	int numgroups, DOM_GID *pgids)
778	{
779	int i;
780
781	*numgroups=0;
782	*pgids = NULL;
783
784	for (i=0; i<num_sids; i++) {
785	DOM_GID gid;
786	if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.g_rid)) {
787	continue;
788	}
789	gid.attr = (SE_GROUP_MANDATORY\|SE_GROUP_ENABLED_BY_DEFAULT\|
790	SE_GROUP_ENABLED);
791	ADD_TO_ARRAY(mem_ctx, DOM_GID, gid, pgids, numgroups);
792	if (*pgids == NULL) {
793	return NT_STATUS_NO_MEMORY;
794	}
795	}
796	return NT_STATUS_OK;
797	}
798
799	/*************************************************************************
800	_netr_LogonSamLogon
801	*************************************************************************/
802
803	NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
804	struct netr_LogonSamLogon *r)
805	{
806	NTSTATUS status = NT_STATUS_OK;
807	struct netr_SamInfo3 *sam3 = NULL;
808	union netr_LogonInfo *logon = r->in.logon;
809	fstring nt_username, nt_domain, nt_workstation;
810	auth_usersupplied_info *user_info = NULL;
811	auth_serversupplied_info *server_info = NULL;
812	struct samu *sampw;
813	struct auth_context *auth_context = NULL;
814	bool process_creds = true;
815
816	switch (p->hdr_req.opnum) {
817	case NDR_NETR_LOGONSAMLOGON:
818	process_creds = true;
819	break;
820	case NDR_NETR_LOGONSAMLOGONEX:
821	default:
822	process_creds = false;
823	}
824
825	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
826	/* 'server schannel = yes' should enforce use of
827	schannel, the client did offer it in auth2, but
828	obviously did not use it. */
829	DEBUG(0,("_netr_LogonSamLogon: client %s not using schannel for netlogon\n",
830	get_remote_machine_name() ));
831	return NT_STATUS_ACCESS_DENIED;
832	}
833
834	sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
835	if (!sam3) {
836	return NT_STATUS_NO_MEMORY;
837	}
838
839	/* store the user information, if there is any. */
840	r->out.validation->sam3 = sam3;
841	r->out.authoritative = true; / authoritative response */
842	if (r->in.validation_level != 2 && r->in.validation_level != 3) {
843	DEBUG(0,("_netr_LogonSamLogon: bad validation_level value %d.\n",
844	(int)r->in.validation_level));
845	return NT_STATUS_ACCESS_DENIED;
846	}
847
848	if (!get_valid_user_struct(p->vuid))
849	return NT_STATUS_NO_SUCH_USER;
850
851	if (process_creds) {
852	fstring remote_machine;
853
854	/* Get the remote machine name for the creds store. */
855	/* Note this is the remote machine this request is coming from (member server),
856	not neccessarily the workstation name the user is logging onto.
857	*/
858
859	fstrcpy(remote_machine, r->in.computer_name);
860
861	if (!p->dc) {
862	/* Restore the saved state of the netlogon creds. */
863	bool ret;
864
865	become_root();
866	ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
867	remote_machine,
868	&p->dc);
869	unbecome_root();
870	if (!ret) {
871	return NT_STATUS_INVALID_HANDLE;
872	}
873	}
874
875	if (!p->dc \|\| !p->dc->authenticated) {
876	return NT_STATUS_INVALID_HANDLE;
877	}
878
879	/* checks and updates credentials. creates reply credentials */
880	if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
881	DEBUG(2,("_netr_LogonSamLogon: creds_server_step failed. Rejecting auth "
882	"request from client %s machine account %s\n",
883	remote_machine, p->dc->mach_acct ));
884	return NT_STATUS_INVALID_PARAMETER;
885	}
886
887	/* We must store the creds state after an update. */
888	become_root();
889	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
890	remote_machine,
891	p->dc);
892	unbecome_root();
893	}
894
895	switch (r->in.logon_level) {
896	case INTERACTIVE_LOGON_TYPE:
897	fstrcpy(nt_username,
898	logon->password->identity_info.account_name.string);
899	fstrcpy(nt_domain,
900	logon->password->identity_info.domain_name.string);
901	fstrcpy(nt_workstation,
902	logon->password->identity_info.workstation.string);
903
904	DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
905	break;
906	case NET_LOGON_TYPE:
907	fstrcpy(nt_username,
908	logon->network->identity_info.account_name.string);
909	fstrcpy(nt_domain,
910	logon->network->identity_info.domain_name.string);
911	fstrcpy(nt_workstation,
912	logon->network->identity_info.workstation.string);
913
914	DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
915	break;
916	default:
917	DEBUG(2,("SAM Logon: unsupported switch value\n"));
918	return NT_STATUS_INVALID_INFO_CLASS;
919	} /* end switch */
920
921	DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
922	fstrcpy(current_user_info.smb_name, nt_username);
923	sub_set_smb_name(nt_username);
924
925	DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
926	r->in.validation_level, nt_username));
927
928	status = NT_STATUS_OK;
929
930	switch (r->in.logon_level) {
931	case NET_LOGON_TYPE:
932	{
933	const char *wksname = nt_workstation;
934
935	status = make_auth_context_fixed(&auth_context,
936	logon->network->challenge);
937	if (!NT_STATUS_IS_OK(status)) {
938	return status;
939	}
940
941	/* For a network logon, the workstation name comes in with two
942	* backslashes in the front. Strip them if they are there. */
943
944	if (*wksname == '\\') wksname++;
945	if (*wksname == '\\') wksname++;
946
947	/* Standard challenge/response authenticaion */
948	if (!make_user_info_netlogon_network(&user_info,
949	nt_username, nt_domain,
950	wksname,
951	logon->network->identity_info.parameter_control,
952	logon->network->lm.data,
953	logon->network->lm.length,
954	logon->network->nt.data,
955	logon->network->nt.length)) {
956	status = NT_STATUS_NO_MEMORY;
957	}
958	break;
959	}
960	case INTERACTIVE_LOGON_TYPE:
961	/* 'Interactive' authentication, supplies the password in its
962	MD4 form, encrypted with the session key. We will convert
963	this to challenge/response for the auth subsystem to chew
964	on */
965	{
966	const uint8 *chal;
967
968	if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
969	return status;
970	}
971
972	chal = auth_context->get_ntlm_challenge(auth_context);
973
974	if (!make_user_info_netlogon_interactive(&user_info,
975	nt_username, nt_domain,
976	nt_workstation,
977	logon->password->identity_info.parameter_control,
978	chal,
979	logon->password->lmpassword.hash,
980	logon->password->ntpassword.hash,
981	p->dc->sess_key)) {
982	status = NT_STATUS_NO_MEMORY;
983	}
984	break;
985	}
986	default:
987	DEBUG(2,("SAM Logon: unsupported switch value\n"));
988	return NT_STATUS_INVALID_INFO_CLASS;
989	} /* end switch */
990
991	if ( NT_STATUS_IS_OK(status) ) {
992	status = auth_context->check_ntlm_password(auth_context,
993	user_info, &server_info);
994	}
995
996	(auth_context->free)(&auth_context);
997	free_user_info(&user_info);
998
999	DEBUG(5,("_netr_LogonSamLogon: check_password returned status %s\n",
1000	nt_errstr(status)));
1001
1002	/* Check account and password */
1003
1004	if (!NT_STATUS_IS_OK(status)) {
1005	/* If we don't know what this domain is, we need to
1006	indicate that we are not authoritative. This
1007	allows the client to decide if it needs to try
1008	a local user. Fix by [email protected], #2976 */
1009	if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
1010	&& !strequal(nt_domain, get_global_sam_name())
1011	&& !is_trusted_domain(nt_domain) )
1012	r->out.authoritative = false; / We are not authoritative */
1013
1014	TALLOC_FREE(server_info);
1015	return status;
1016	}
1017
1018	if (server_info->guest) {
1019	/* We don't like guest domain logons... */
1020	DEBUG(5,("_netr_LogonSamLogon: Attempted domain logon as GUEST "
1021	"denied.\n"));
1022	TALLOC_FREE(server_info);
1023	return NT_STATUS_LOGON_FAILURE;
1024	}
1025
1026	/* This is the point at which, if the login was successful, that
1027	the SAM Local Security Authority should record that the user is
1028	logged in to the domain. */
1029
1030	{
1031	DOM_GID *gids = NULL;
1032	const DOM_SID *user_sid = NULL;
1033	const DOM_SID *group_sid = NULL;
1034	DOM_SID domain_sid;
1035	uint32 user_rid, group_rid;
1036
1037	int num_gids = 0;
1038	const char *my_name;
1039
1040	struct netr_UserSessionKey user_session_key;
1041	struct netr_LMSessionKey lm_session_key;
1042	unsigned char pipe_session_key[16];
1043
1044	NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
1045	NTTIME allow_password_change, force_password_change;
1046	struct samr_RidWithAttributeArray groups;
1047	int i;
1048	struct dom_sid2 *sid = NULL;
1049
1050	ZERO_STRUCT(user_session_key);
1051	ZERO_STRUCT(lm_session_key);
1052
1053	sampw = server_info->sam_account;
1054
1055	user_sid = pdb_get_user_sid(sampw);
1056	group_sid = pdb_get_group_sid(sampw);
1057
1058	if ((user_sid == NULL) \|\| (group_sid == NULL)) {
1059	DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
1060	return NT_STATUS_UNSUCCESSFUL;
1061	}
1062
1063	sid_copy(&domain_sid, user_sid);
1064	sid_split_rid(&domain_sid, &user_rid);
1065
1066	sid = sid_dup_talloc(p->mem_ctx, &domain_sid);
1067	if (!sid) {
1068	return NT_STATUS_NO_MEMORY;
1069	}
1070
1071	if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
1072	DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
1073	"%s\n but group sid %s.\n"
1074	"The conflicting domain portions are not "
1075	"supported for NETLOGON calls\n",
1076	pdb_get_domain(sampw),
1077	pdb_get_username(sampw),
1078	sid_string_dbg(user_sid),
1079	sid_string_dbg(group_sid)));
1080	return NT_STATUS_UNSUCCESSFUL;
1081	}
1082
1083	if(server_info->login_server) {
1084	my_name = server_info->login_server;
1085	} else {
1086	my_name = global_myname();
1087	}
1088
1089	status = nt_token_to_group_list(p->mem_ctx, &domain_sid,
1090	server_info->num_sids,
1091	server_info->sids,
1092	&num_gids, &gids);
1093
1094	if (!NT_STATUS_IS_OK(status)) {
1095	return status;
1096	}
1097
1098	if (server_info->user_session_key.length) {
1099	memcpy(user_session_key.key,
1100	server_info->user_session_key.data,
1101	MIN(sizeof(user_session_key.key),
1102	server_info->user_session_key.length));
1103	if (process_creds) {
1104	/* Get the pipe session key from the creds. */
1105	memcpy(pipe_session_key, p->dc->sess_key, 16);
1106	} else {
1107	/* Get the pipe session key from the schannel. */
1108	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL \|\| p->auth.a_u.schannel_auth == NULL) {
1109	return NT_STATUS_INVALID_HANDLE;
1110	}
1111	memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1112	}
1113	SamOEMhash(user_session_key.key, pipe_session_key, 16);
1114	memset(pipe_session_key, '\0', 16);
1115	}
1116	if (server_info->lm_session_key.length) {
1117	memcpy(lm_session_key.key,
1118	server_info->lm_session_key.data,
1119	MIN(sizeof(lm_session_key.key),
1120	server_info->lm_session_key.length));
1121	if (process_creds) {
1122	/* Get the pipe session key from the creds. */
1123	memcpy(pipe_session_key, p->dc->sess_key, 16);
1124	} else {
1125	/* Get the pipe session key from the schannel. */
1126	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL \|\| p->auth.a_u.schannel_auth == NULL) {
1127	return NT_STATUS_INVALID_HANDLE;
1128	}
1129	memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1130	}
1131	SamOEMhash(lm_session_key.key, pipe_session_key, 8);
1132	memset(pipe_session_key, '\0', 16);
1133	}
1134
1135	groups.count = num_gids;
1136	groups.rids = TALLOC_ARRAY(p->mem_ctx, struct samr_RidWithAttribute,
1137	groups.count);
1138	if (!groups.rids) {
1139	return NT_STATUS_NO_MEMORY;
1140	}
1141
1142	for (i=0; i < groups.count; i++) {
1143	groups.rids[i].rid = gids[i].g_rid;
1144	groups.rids[i].attributes = gids[i].attr;
1145	}
1146
1147	unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
1148	unix_to_nt_time(&last_logoff, get_time_t_max());
1149	unix_to_nt_time(&acct_expiry, get_time_t_max());
1150	unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
1151	unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
1152	unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
1153
1154	init_netr_SamInfo3(sam3,
1155	last_logon,
1156	last_logoff,
1157	acct_expiry,
1158	last_password_change,
1159	allow_password_change,
1160	force_password_change,
1161	talloc_strdup(p->mem_ctx, pdb_get_username(sampw)),
1162	talloc_strdup(p->mem_ctx, pdb_get_fullname(sampw)),
1163	talloc_strdup(p->mem_ctx, pdb_get_logon_script(sampw)),
1164	talloc_strdup(p->mem_ctx, pdb_get_profile_path(sampw)),
1165	talloc_strdup(p->mem_ctx, pdb_get_homedir(sampw)),
1166	talloc_strdup(p->mem_ctx, pdb_get_dir_drive(sampw)),
1167	0, /* logon_count */
1168	0, /* bad_password_count */
1169	user_rid,
1170	group_rid,
1171	groups,
1172	NETLOGON_EXTRA_SIDS,
1173	user_session_key,
1174	my_name,
1175	talloc_strdup(p->mem_ctx, pdb_get_domain(sampw)),
1176	sid,
1177	lm_session_key,
1178	pdb_get_acct_ctrl(sampw),
1179	0, /* sidcount */
1180	NULL); /* struct netr_SidAttr sids /
1181	ZERO_STRUCT(user_session_key);
1182	ZERO_STRUCT(lm_session_key);
1183	}
1184	TALLOC_FREE(server_info);
1185	return status;
1186	}
1187
1188	/*************************************************************************
1189	_netr_LogonSamLogonEx
1190	- no credential chaining. Map into net sam logon.
1191	*************************************************************************/
1192
1193	NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
1194	struct netr_LogonSamLogonEx *r)
1195	{
1196	struct netr_LogonSamLogon q;
1197
1198	/* Only allow this if the pipe is protected. */
1199	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1200	DEBUG(0,("_net_sam_logon_ex: client %s not using schannel for netlogon\n",
1201	get_remote_machine_name() ));
1202	return NT_STATUS_INVALID_PARAMETER;
1203	}
1204
1205	q.in.server_name = r->in.server_name;
1206	q.in.computer_name = r->in.computer_name;
1207	q.in.logon_level = r->in.logon_level;
1208	q.in.logon = r->in.logon;
1209	q.in.validation_level = r->in.validation_level;
1210	/* we do not handle the flags */
1211	/* = r->in.flags; */
1212
1213	q.out.validation = r->out.validation;
1214	q.out.authoritative = r->out.authoritative;
1215	/* we do not handle the flags */
1216	/* = r->out.flags; */
1217
1218	return _netr_LogonSamLogon(p, &q);
1219	}
1220
1221	/*************************************************************************
1222	_ds_enum_dom_trusts
1223	*************************************************************************/
1224	#if 0 /* JERRY -- not correct */
1225	NTSTATUS _ds_enum_dom_trusts(pipes_struct p, DS_Q_ENUM_DOM_TRUSTS q_u,
1226	DS_R_ENUM_DOM_TRUSTS *r_u)
1227	{
1228	NTSTATUS status = NT_STATUS_OK;
1229
1230	/* TODO: According to MSDN, the can only be executed against a
1231	DC or domain member running Windows 2000 or later. Need
1232	to test against a standalone 2k server and see what it
1233	does. A windows 2000 DC includes its own domain in the
1234	list. --jerry */
1235
1236	return status;
1237	}
1238	#endif /* JERRY */
1239
1240
1241	/****************************************************************
1242	****************************************************************/
1243
1244	WERROR _netr_LogonUasLogon(pipes_struct *p,
1245	struct netr_LogonUasLogon *r)
1246	{
1247	p->rng_fault_state = true;
1248	return WERR_NOT_SUPPORTED;
1249	}
1250
1251	/****************************************************************
1252	****************************************************************/
1253
1254	WERROR _netr_LogonUasLogoff(pipes_struct *p,
1255	struct netr_LogonUasLogoff *r)
1256	{
1257	p->rng_fault_state = true;
1258	return WERR_NOT_SUPPORTED;
1259	}
1260
1261	/****************************************************************
1262	****************************************************************/
1263
1264	NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
1265	struct netr_DatabaseDeltas *r)
1266	{
1267	p->rng_fault_state = true;
1268	return NT_STATUS_NOT_IMPLEMENTED;
1269	}
1270
1271	/****************************************************************
1272	****************************************************************/
1273
1274	NTSTATUS _netr_DatabaseSync(pipes_struct *p,
1275	struct netr_DatabaseSync *r)
1276	{
1277	p->rng_fault_state = true;
1278	return NT_STATUS_NOT_IMPLEMENTED;
1279	}
1280
1281	/****************************************************************
1282	****************************************************************/
1283
1284	NTSTATUS _netr_AccountDeltas(pipes_struct *p,
1285	struct netr_AccountDeltas *r)
1286	{
1287	p->rng_fault_state = true;
1288	return NT_STATUS_NOT_IMPLEMENTED;
1289	}
1290
1291	/****************************************************************
1292	****************************************************************/
1293
1294	NTSTATUS _netr_AccountSync(pipes_struct *p,
1295	struct netr_AccountSync *r)
1296	{
1297	p->rng_fault_state = true;
1298	return NT_STATUS_NOT_IMPLEMENTED;
1299	}
1300
1301	/****************************************************************
1302	****************************************************************/
1303
1304	WERROR _netr_GetDcName(pipes_struct *p,
1305	struct netr_GetDcName *r)
1306	{
1307	p->rng_fault_state = true;
1308	return WERR_NOT_SUPPORTED;
1309	}
1310
1311	/****************************************************************
1312	****************************************************************/
1313
1314	WERROR _netr_GetAnyDCName(pipes_struct *p,
1315	struct netr_GetAnyDCName *r)
1316	{
1317	p->rng_fault_state = true;
1318	return WERR_NOT_SUPPORTED;
1319	}
1320
1321	/****************************************************************
1322	****************************************************************/
1323
1324	NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
1325	struct netr_DatabaseSync2 *r)
1326	{
1327	p->rng_fault_state = true;
1328	return NT_STATUS_NOT_IMPLEMENTED;
1329	}
1330
1331	/****************************************************************
1332	****************************************************************/
1333
1334	NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
1335	struct netr_DatabaseRedo *r)
1336	{
1337	p->rng_fault_state = true;
1338	return NT_STATUS_NOT_IMPLEMENTED;
1339	}
1340
1341	/****************************************************************
1342	****************************************************************/
1343
1344	WERROR _netr_LogonControl2Ex(pipes_struct *p,
1345	struct netr_LogonControl2Ex *r)
1346	{
1347	p->rng_fault_state = true;
1348	return WERR_NOT_SUPPORTED;
1349	}
1350
1351	/****************************************************************
1352	****************************************************************/
1353
1354	WERROR _netr_DsRGetDCName(pipes_struct *p,
1355	struct netr_DsRGetDCName *r)
1356	{
1357	p->rng_fault_state = true;
1358	return WERR_NOT_SUPPORTED;
1359	}
1360
1361	/****************************************************************
1362	****************************************************************/
1363
1364	NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
1365	struct netr_LogonGetCapabilities *r)
1366	{
1367	return NT_STATUS_NOT_IMPLEMENTED;
1368	}
1369
1370	/****************************************************************
1371	****************************************************************/
1372
1373	WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
1374	struct netr_NETRLOGONSETSERVICEBITS *r)
1375	{
1376	p->rng_fault_state = true;
1377	return WERR_NOT_SUPPORTED;
1378	}
1379
1380	/****************************************************************
1381	****************************************************************/
1382
1383	WERROR _netr_LogonGetTrustRid(pipes_struct *p,
1384	struct netr_LogonGetTrustRid *r)
1385	{
1386	p->rng_fault_state = true;
1387	return WERR_NOT_SUPPORTED;
1388	}
1389
1390	/****************************************************************
1391	****************************************************************/
1392
1393	WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
1394	struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1395	{
1396	p->rng_fault_state = true;
1397	return WERR_NOT_SUPPORTED;
1398	}
1399
1400	/****************************************************************
1401	****************************************************************/
1402
1403	WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
1404	struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1405	{
1406	p->rng_fault_state = true;
1407	return WERR_NOT_SUPPORTED;
1408	}
1409
1410	/****************************************************************
1411	****************************************************************/
1412
1413	NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
1414	struct netr_ServerAuthenticate3 *r)
1415	{
1416	p->rng_fault_state = true;
1417	return NT_STATUS_NOT_IMPLEMENTED;
1418	}
1419
1420	/****************************************************************
1421	****************************************************************/
1422
1423	WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
1424	struct netr_DsRGetDCNameEx *r)
1425	{
1426	p->rng_fault_state = true;
1427	return WERR_NOT_SUPPORTED;
1428	}
1429
1430	/****************************************************************
1431	****************************************************************/
1432
1433	WERROR _netr_DsRGetSiteName(pipes_struct *p,
1434	struct netr_DsRGetSiteName *r)
1435	{
1436	p->rng_fault_state = true;
1437	return WERR_NOT_SUPPORTED;
1438	}
1439
1440	/****************************************************************
1441	****************************************************************/
1442
1443	NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
1444	struct netr_LogonGetDomainInfo *r)
1445	{
1446	p->rng_fault_state = true;
1447	return NT_STATUS_NOT_IMPLEMENTED;
1448	}
1449
1450	/****************************************************************
1451	****************************************************************/
1452
1453	NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
1454	struct netr_ServerPasswordSet2 *r)
1455	{
1456	p->rng_fault_state = true;
1457	return NT_STATUS_NOT_IMPLEMENTED;
1458	}
1459
1460	/****************************************************************
1461	****************************************************************/
1462
1463	WERROR _netr_ServerPasswordGet(pipes_struct *p,
1464	struct netr_ServerPasswordGet *r)
1465	{
1466	p->rng_fault_state = true;
1467	return WERR_NOT_SUPPORTED;
1468	}
1469
1470	/****************************************************************
1471	****************************************************************/
1472
1473	WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
1474	struct netr_NETRLOGONSENDTOSAM *r)
1475	{
1476	p->rng_fault_state = true;
1477	return WERR_NOT_SUPPORTED;
1478	}
1479
1480	/****************************************************************
1481	****************************************************************/
1482
1483	WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
1484	struct netr_DsRAddressToSitenamesW *r)
1485	{
1486	p->rng_fault_state = true;
1487	return WERR_NOT_SUPPORTED;
1488	}
1489
1490	/****************************************************************
1491	****************************************************************/
1492
1493	WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
1494	struct netr_DsRGetDCNameEx2 *r)
1495	{
1496	p->rng_fault_state = true;
1497	return WERR_NOT_SUPPORTED;
1498	}
1499
1500	/****************************************************************
1501	****************************************************************/
1502
1503	WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
1504	struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1505	{
1506	p->rng_fault_state = true;
1507	return WERR_NOT_SUPPORTED;
1508	}
1509
1510	/****************************************************************
1511	****************************************************************/
1512
1513	WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
1514	struct netr_NetrEnumerateTrustedDomainsEx *r)
1515	{
1516	p->rng_fault_state = true;
1517	return WERR_NOT_SUPPORTED;
1518	}
1519
1520	/****************************************************************
1521	****************************************************************/
1522
1523	WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
1524	struct netr_DsRAddressToSitenamesExW *r)
1525	{
1526	p->rng_fault_state = true;
1527	return WERR_NOT_SUPPORTED;
1528	}
1529
1530	/****************************************************************
1531	****************************************************************/
1532
1533	WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
1534	struct netr_DsrGetDcSiteCoverageW *r)
1535	{
1536	p->rng_fault_state = true;
1537	return WERR_NOT_SUPPORTED;
1538	}
1539
1540	/****************************************************************
1541	****************************************************************/
1542
1543	WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
1544	struct netr_DsrEnumerateDomainTrusts *r)
1545	{
1546	p->rng_fault_state = true;
1547	return WERR_NOT_SUPPORTED;
1548	}
1549
1550	/****************************************************************
1551	****************************************************************/
1552
1553	WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
1554	struct netr_DsrDeregisterDNSHostRecords *r)
1555	{
1556	p->rng_fault_state = true;
1557	return WERR_NOT_SUPPORTED;
1558	}
1559
1560	/****************************************************************
1561	****************************************************************/
1562
1563	NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
1564	struct netr_ServerTrustPasswordsGet *r)
1565	{
1566	p->rng_fault_state = true;
1567	return NT_STATUS_NOT_IMPLEMENTED;
1568	}
1569
1570	/****************************************************************
1571	****************************************************************/
1572
1573	WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
1574	struct netr_DsRGetForestTrustInformation *r)
1575	{
1576	p->rng_fault_state = true;
1577	return WERR_NOT_SUPPORTED;
1578	}
1579
1580	/****************************************************************
1581	****************************************************************/
1582
1583	WERROR _netr_GetForestTrustInformation(pipes_struct *p,
1584	struct netr_GetForestTrustInformation *r)
1585	{
1586	p->rng_fault_state = true;
1587	return WERR_NOT_SUPPORTED;
1588	}
1589
1590	/****************************************************************
1591	****************************************************************/
1592
1593	NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
1594	struct netr_LogonSamLogonWithFlags *r)
1595	{
1596	p->rng_fault_state = true;
1597	return NT_STATUS_NOT_IMPLEMENTED;
1598	}
1599
1600	/****************************************************************
1601	****************************************************************/
1602
1603	WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p,
1604	struct netr_NETRSERVERGETTRUSTINFO *r)
1605	{
1606	p->rng_fault_state = true;
1607	return WERR_NOT_SUPPORTED;
1608	}
1609

Note: See TracBrowser for help on using the repository browser.

Download in other formats: