/*
reply to a ADS style GETDC request
*/
static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
struct nbtd_interface *iface,
struct nbt_dgram_packet *packet,
const struct socket_address *src,
struct nbt_netlogon_packet *netlogon)
{
struct nbt_name *name = &packet->data.msg.dest_name;
struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
struct ldb_context *samctx;
const char *my_ip = reply_iface->ip_address;
struct dom_sid *sid;
struct nbt_netlogon_response netlogon_response;
NTSTATUS status;
if (!my_ip) {
DEBUG(0, ("Could not obtain own IP address for datagram socket\n"));
return;
}
/* only answer getdc requests on the PDC or LOGON names */
if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
return;
}
samctx = iface->nbtsrv->sam_ctx;
if (netlogon->req.logon.sid_size) {
sid = &netlogon->req.logon.sid;
} else {
sid = NULL;
}
status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL,
netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr,
netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon, false);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
return;
}
netlogon_response.response_type = NETLOGON_SAMLOGON;
packet->data.msg.dest_name.type = 0;
dgram_mailslot_netlogon_reply(reply_iface->dgmsock,
packet,
lpcfg_netbios_name(iface->nbtsrv->task->lp_ctx),
netlogon->req.logon.mailslot_name,
&netlogon_response);
}
/*
handle incoming cldap requests
*/
void cldapd_netlogon_request(struct cldap_socket *cldap,
struct cldapd_server *cldapd,
TALLOC_CTX *tmp_ctx,
uint32_t message_id,
struct ldb_parse_tree *tree,
struct tsocket_address *src)
{
unsigned int i;
const char *domain = NULL;
const char *host = NULL;
const char *user = NULL;
const char *domain_guid = NULL;
struct dom_sid *domain_sid = NULL;
int acct_control = -1;
int version = -1;
struct netlogon_samlogon_response netlogon;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
if (tree->operation != LDB_OP_AND) goto failed;
/* extract the query elements */
for (i=0;i<tree->u.list.num_elements;i++) {
struct ldb_parse_tree *t = tree->u.list.elements[i];
if (t->operation != LDB_OP_EQUALITY) goto failed;
if (strcasecmp(t->u.equality.attr, "DnsDomain") == 0) {
domain = talloc_strndup(tmp_ctx,
(const char *)t->u.equality.value.data,
t->u.equality.value.length);
}
if (strcasecmp(t->u.equality.attr, "Host") == 0) {
host = talloc_strndup(tmp_ctx,
(const char *)t->u.equality.value.data,
t->u.equality.value.length);
}
if (strcasecmp(t->u.equality.attr, "DomainGuid") == 0) {
NTSTATUS enc_status;
struct GUID guid;
enc_status = ldap_decode_ndr_GUID(tmp_ctx,
t->u.equality.value, &guid);
if (NT_STATUS_IS_OK(enc_status)) {
domain_guid = GUID_string(tmp_ctx, &guid);
}
}
if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) {
enum ndr_err_code ndr_err;
domain_sid = talloc(tmp_ctx, struct dom_sid);
if (domain_sid == NULL) {
goto failed;
}
ndr_err = ndr_pull_struct_blob(&t->u.equality.value,
domain_sid, domain_sid,
(ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(domain_sid);
goto failed;
}
}
if (strcasecmp(t->u.equality.attr, "User") == 0) {
user = talloc_strndup(tmp_ctx,
(const char *)t->u.equality.value.data,
t->u.equality.value.length);
}
if (strcasecmp(t->u.equality.attr, "NtVer") == 0 &&
t->u.equality.value.length == 4) {
version = IVAL(t->u.equality.value.data, 0);
}
if (strcasecmp(t->u.equality.attr, "AAC") == 0 &&
t->u.equality.value.length == 4) {
acct_control = IVAL(t->u.equality.value.data, 0);
}
}
if ((domain == NULL) && (domain_guid == NULL) && (domain_sid == NULL)) {
domain = lpcfg_dnsdomain(cldapd->task->lp_ctx);
}
if (version == -1) {
goto failed;
}
DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n",
domain, host, user, version, domain_guid));
status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx,
domain, NULL, domain_sid,
domain_guid,
user, acct_control,
tsocket_address_inet_addr_string(src, tmp_ctx),
version, cldapd->task->lp_ctx,
&netlogon, false);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
status = cldap_netlogon_reply(cldap, message_id, src, version, &netlogon);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
return;
failed:
DEBUG(2,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n",
domain, host, version, nt_errstr(status)));
cldap_empty_reply(cldap, message_id, src);
}
/*
reply to a ADS style GETDC request
*/
static NTSTATUS nbtd_netlogon_samlogon(
struct nbtd_server *nbtsrv,
struct nbt_name *dst_name,
const struct socket_address *src,
struct nbt_netlogon_packet *netlogon,
TALLOC_CTX *mem_ctx,
struct nbt_netlogon_response **presponse,
char **preply_mailslot)
{
struct ldb_context *samctx;
struct dom_sid *sid = NULL;
struct nbt_netlogon_response *response = NULL;
char *reply_mailslot = NULL;
NTSTATUS status;
/* only answer getdc requests on the PDC or LOGON names */
if ((dst_name->type != NBT_NAME_PDC) &&
(dst_name->type != NBT_NAME_LOGON)) {
return NT_STATUS_NOT_SUPPORTED;
}
samctx = nbtsrv->sam_ctx;
if (netlogon->req.logon.sid_size != 0) {
sid = &netlogon->req.logon.sid;
}
reply_mailslot = talloc_strdup(
mem_ctx, netlogon->req.logon.mailslot_name);
if (reply_mailslot == NULL) {
return NT_STATUS_NO_MEMORY;
}
response = talloc_zero(mem_ctx, struct nbt_netlogon_response);
if (response == NULL) {
TALLOC_FREE(reply_mailslot);
return NT_STATUS_NO_MEMORY;
}
response->response_type = NETLOGON_SAMLOGON;
status = fill_netlogon_samlogon_response(
samctx, response, NULL, dst_name->name, sid, NULL,
netlogon->req.logon.user_name,
netlogon->req.logon.acct_control, src->addr,
netlogon->req.logon.nt_version, nbtsrv->task->lp_ctx,
&response->data.samlogon, false);
if (!NT_STATUS_IS_OK(status)) {
char buf[DOM_SID_STR_BUFLEN];
dom_sid_string_buf(sid, buf, sizeof(buf));
DBG_NOTICE("NBT netlogon query failed domain=%s sid=%s "
"version=%d - %s\n", dst_name->name, buf,
netlogon->req.logon.nt_version, nt_errstr(status));
TALLOC_FREE(reply_mailslot);
TALLOC_FREE(response);
return status;
}
*presponse = response;
*preply_mailslot = reply_mailslot;
return NT_STATUS_OK;
}
