diff options
| author | Simo Sorce <idra@samba.org> | 2010-02-22 13:15:44 -0500 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2010-02-22 18:49:16 -0500 |
| commit | d4b8be513cf1707000f2870ce42c968e17f6ab27 (patch) | |
| tree | c598763537ee013c1abcede5cb4ae6c82e7c0dac | |
| parent | dbcc7ad7e4efc550b6937647995e8d74fe538d35 (diff) | |
| download | samba-d4b8be513cf1707000f2870ce42c968e17f6ab27.tar.gz samba-d4b8be513cf1707000f2870ce42c968e17f6ab27.tar.bz2 samba-d4b8be513cf1707000f2870ce42c968e17f6ab27.zip | |
s4:netlogon GetTrustedDomainInformation
start implementing calls related to trusted domain information
| -rw-r--r-- | librpc/gen_ndr/cli_netlogon.c | 19 | ||||
| -rw-r--r-- | librpc/gen_ndr/cli_netlogon.h | 9 | ||||
| -rw-r--r-- | librpc/gen_ndr/lsa.h | 2 | ||||
| -rw-r--r-- | librpc/gen_ndr/ndr_lsa.c | 6 | ||||
| -rw-r--r-- | librpc/gen_ndr/ndr_netlogon.c | 30 | ||||
| -rw-r--r-- | librpc/gen_ndr/netlogon.h | 4 | ||||
| -rw-r--r-- | librpc/gen_ndr/srv_netlogon.h | 4 | ||||
| -rw-r--r-- | librpc/idl/lsa.idl | 2 | ||||
| -rw-r--r-- | librpc/idl/netlogon.idl | 4 | ||||
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 178 |
10 files changed, 209 insertions, 49 deletions
diff --git a/librpc/gen_ndr/cli_netlogon.c b/librpc/gen_ndr/cli_netlogon.c index f033ff079f..c7f29b5fa1 100644 --- a/librpc/gen_ndr/cli_netlogon.c +++ b/librpc/gen_ndr/cli_netlogon.c @@ -7105,7 +7105,7 @@ struct tevent_req *rpccli_netr_GetForestTrustInformation_send(TALLOC_CTX *mem_ct struct tevent_context *ev, struct rpc_pipe_client *cli, const char *_server_name /* [in] [unique,charset(UTF16)] */, - const char *_trusted_domain_name /* [in] [ref,charset(UTF16)] */, + const char *_computer_name /* [in] [ref,charset(UTF16)] */, struct netr_Authenticator *_credential /* [in] [ref] */, struct netr_Authenticator *_return_authenticator /* [out] [ref] */, uint32_t _flags /* [in] */, @@ -7125,7 +7125,7 @@ struct tevent_req *rpccli_netr_GetForestTrustInformation_send(TALLOC_CTX *mem_ct /* In parameters */ state->orig.in.server_name = _server_name; - state->orig.in.trusted_domain_name = _trusted_domain_name; + state->orig.in.computer_name = _computer_name; state->orig.in.credential = _credential; state->orig.in.flags = _flags; @@ -7193,7 +7193,7 @@ static void rpccli_netr_GetForestTrustInformation_done(struct tevent_req *subreq NTSTATUS rpccli_netr_GetForestTrustInformation_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, - WERROR *result) + NTSTATUS *result) { struct rpccli_netr_GetForestTrustInformation_state *state = tevent_req_data( req, struct rpccli_netr_GetForestTrustInformation_state); @@ -7217,19 +7217,18 @@ NTSTATUS rpccli_netr_GetForestTrustInformation_recv(struct tevent_req *req, NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *server_name /* [in] [unique,charset(UTF16)] */, - const char *trusted_domain_name /* [in] [ref,charset(UTF16)] */, + const char *computer_name /* [in] [ref,charset(UTF16)] */, struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [out] [ref] */, uint32_t flags /* [in] */, - struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */, - WERROR *werror) + struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */) { struct netr_GetForestTrustInformation r; NTSTATUS status; /* In parameters */ r.in.server_name = server_name; - r.in.trusted_domain_name = trusted_domain_name; + r.in.computer_name = computer_name; r.in.credential = credential; r.in.flags = flags; @@ -7252,11 +7251,7 @@ NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli, *forest_trust_info = *r.out.forest_trust_info; /* Return result */ - if (werror) { - *werror = r.out.result; - } - - return werror_to_ntstatus(r.out.result); + return r.out.result; } struct rpccli_netr_LogonSamLogonWithFlags_state { diff --git a/librpc/gen_ndr/cli_netlogon.h b/librpc/gen_ndr/cli_netlogon.h index 744e862b9b..64508f8e2a 100644 --- a/librpc/gen_ndr/cli_netlogon.h +++ b/librpc/gen_ndr/cli_netlogon.h @@ -833,23 +833,22 @@ struct tevent_req *rpccli_netr_GetForestTrustInformation_send(TALLOC_CTX *mem_ct struct tevent_context *ev, struct rpc_pipe_client *cli, const char *_server_name /* [in] [unique,charset(UTF16)] */, - const char *_trusted_domain_name /* [in] [ref,charset(UTF16)] */, + const char *_computer_name /* [in] [ref,charset(UTF16)] */, struct netr_Authenticator *_credential /* [in] [ref] */, struct netr_Authenticator *_return_authenticator /* [out] [ref] */, uint32_t _flags /* [in] */, struct lsa_ForestTrustInformation **_forest_trust_info /* [out] [ref] */); NTSTATUS rpccli_netr_GetForestTrustInformation_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, - WERROR *result); + NTSTATUS *result); NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *server_name /* [in] [unique,charset(UTF16)] */, - const char *trusted_domain_name /* [in] [ref,charset(UTF16)] */, + const char *computer_name /* [in] [ref,charset(UTF16)] */, struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [out] [ref] */, uint32_t flags /* [in] */, - struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */, - WERROR *werror); + struct lsa_ForestTrustInformation **forest_trust_info /* [out] [ref] */); struct tevent_req *rpccli_netr_LogonSamLogonWithFlags_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct rpc_pipe_client *cli, diff --git a/librpc/gen_ndr/lsa.h b/librpc/gen_ndr/lsa.h index 4a4a95d77a..8a389ae4dd 100644 --- a/librpc/gen_ndr/lsa.h +++ b/librpc/gen_ndr/lsa.h @@ -764,7 +764,7 @@ enum lsa_ForestTrustRecordType struct lsa_ForestTrustRecord { uint32_t flags; enum lsa_ForestTrustRecordType level; - uint64_t unknown; + uint64_t time; union lsa_ForestTrustData forest_trust_data;/* [switch_is(level)] */ }; diff --git a/librpc/gen_ndr/ndr_lsa.c b/librpc/gen_ndr/ndr_lsa.c index b198350b2d..e95784b599 100644 --- a/librpc/gen_ndr/ndr_lsa.c +++ b/librpc/gen_ndr/ndr_lsa.c @@ -5206,7 +5206,7 @@ static enum ndr_err_code ndr_push_lsa_ForestTrustRecord(struct ndr_push *ndr, in NDR_CHECK(ndr_push_align(ndr, 8)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->flags)); NDR_CHECK(ndr_push_lsa_ForestTrustRecordType(ndr, NDR_SCALARS, r->level)); - NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->unknown)); + NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->time)); NDR_CHECK(ndr_push_set_switch_value(ndr, &r->forest_trust_data, r->level)); NDR_CHECK(ndr_push_lsa_ForestTrustData(ndr, NDR_SCALARS, &r->forest_trust_data)); NDR_CHECK(ndr_push_trailer_align(ndr, 8)); @@ -5223,7 +5223,7 @@ static enum ndr_err_code ndr_pull_lsa_ForestTrustRecord(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_align(ndr, 8)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); NDR_CHECK(ndr_pull_lsa_ForestTrustRecordType(ndr, NDR_SCALARS, &r->level)); - NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->unknown)); + NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->time)); NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->forest_trust_data, r->level)); NDR_CHECK(ndr_pull_lsa_ForestTrustData(ndr, NDR_SCALARS, &r->forest_trust_data)); NDR_CHECK(ndr_pull_trailer_align(ndr, 8)); @@ -5240,7 +5240,7 @@ _PUBLIC_ void ndr_print_lsa_ForestTrustRecord(struct ndr_print *ndr, const char ndr->depth++; ndr_print_uint32(ndr, "flags", r->flags); ndr_print_lsa_ForestTrustRecordType(ndr, "level", r->level); - ndr_print_hyper(ndr, "unknown", r->unknown); + ndr_print_hyper(ndr, "time", r->time); ndr_print_set_switch_value(ndr, &r->forest_trust_data, r->level); ndr_print_lsa_ForestTrustData(ndr, "forest_trust_data", &r->forest_trust_data); ndr->depth--; diff --git a/librpc/gen_ndr/ndr_netlogon.c b/librpc/gen_ndr/ndr_netlogon.c index 3693860e01..aad5bac428 100644 --- a/librpc/gen_ndr/ndr_netlogon.c +++ b/librpc/gen_ndr/ndr_netlogon.c @@ -16151,13 +16151,13 @@ static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); } - if (r->in.trusted_domain_name == NULL) { + if (r->in.computer_name == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16))); NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, 0)); - NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16))); - NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.trusted_domain_name, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_push_uint3264(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); if (r->in.credential == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -16176,7 +16176,7 @@ static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push if (*r->out.forest_trust_info) { NDR_CHECK(ndr_push_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info)); } - NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; } @@ -16211,13 +16211,13 @@ static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0); } - NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name)); - NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name)); - if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name)); + if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name)); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16)); + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.credential); } @@ -16257,7 +16257,7 @@ static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_1, 0); } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } return NDR_ERR_SUCCESS; } @@ -16278,9 +16278,9 @@ _PUBLIC_ void ndr_print_netr_GetForestTrustInformation(struct ndr_print *ndr, co ndr_print_string(ndr, "server_name", r->in.server_name); } ndr->depth--; - ndr_print_ptr(ndr, "trusted_domain_name", r->in.trusted_domain_name); + ndr_print_ptr(ndr, "computer_name", r->in.computer_name); ndr->depth++; - ndr_print_string(ndr, "trusted_domain_name", r->in.trusted_domain_name); + ndr_print_string(ndr, "computer_name", r->in.computer_name); ndr->depth--; ndr_print_ptr(ndr, "credential", r->in.credential); ndr->depth++; @@ -16305,7 +16305,7 @@ _PUBLIC_ void ndr_print_netr_GetForestTrustInformation(struct ndr_print *ndr, co } ndr->depth--; ndr->depth--; - ndr_print_WERROR(ndr, "result", r->out.result); + ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; } ndr->depth--; diff --git a/librpc/gen_ndr/netlogon.h b/librpc/gen_ndr/netlogon.h index ceda7f3ec1..a069dc5eb8 100644 --- a/librpc/gen_ndr/netlogon.h +++ b/librpc/gen_ndr/netlogon.h @@ -1830,7 +1830,7 @@ struct netr_DsRGetForestTrustInformation { struct netr_GetForestTrustInformation { struct { const char *server_name;/* [unique,charset(UTF16)] */ - const char *trusted_domain_name;/* [ref,charset(UTF16)] */ + const char *computer_name;/* [ref,charset(UTF16)] */ struct netr_Authenticator *credential;/* [ref] */ uint32_t flags; } in; @@ -1838,7 +1838,7 @@ struct netr_GetForestTrustInformation { struct { struct netr_Authenticator *return_authenticator;/* [ref] */ struct lsa_ForestTrustInformation **forest_trust_info;/* [ref] */ - WERROR result; + NTSTATUS result; } out; }; diff --git a/librpc/gen_ndr/srv_netlogon.h b/librpc/gen_ndr/srv_netlogon.h index 521f08f688..73c98b1785 100644 --- a/librpc/gen_ndr/srv_netlogon.h +++ b/librpc/gen_ndr/srv_netlogon.h @@ -45,7 +45,7 @@ WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p, struct netr_DsrEnumerateD WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, struct netr_DsrDeregisterDNSHostRecords *r); NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustPasswordsGet *r); WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r); -WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r); +NTSTATUS _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r); NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r); NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, struct netr_ServerGetTrustInfo *r); void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns); @@ -94,7 +94,7 @@ WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p, struct netr_DsrEnumerateD WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, struct netr_DsrDeregisterDNSHostRecords *r); NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustPasswordsGet *r); WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r); -WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r); +NTSTATUS _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r); NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r); NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p, struct netr_ServerGetTrustInfo *r); NTSTATUS rpc_netlogon_init(void); diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index baa5c93c2c..bfb465a7e4 100644 --- a/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -1295,7 +1295,7 @@ import "misc.idl", "security.idl"; typedef struct { uint32 flags; lsa_ForestTrustRecordType level; - hyper unknown; + hyper time; [switch_is(level)] lsa_ForestTrustData forest_trust_data; } lsa_ForestTrustRecord; diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 77fc380f5d..6b10f8bcdd 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -1627,9 +1627,9 @@ interface netlogon /****************/ /* Function 0x2c */ - WERROR netr_GetForestTrustInformation( + NTSTATUS netr_GetForestTrustInformation( [in,unique] [string,charset(UTF16)] uint16 *server_name, - [in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name, + [in,ref] [string,charset(UTF16)] uint16 *computer_name, [in,ref] netr_Authenticator *credential, [out,ref] netr_Authenticator *return_authenticator, [in] uint32 flags, diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 417035e8a2..a5308bb84e 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1816,23 +1816,189 @@ static NTSTATUS dcesrv_netr_ServerTrustPasswordsGet(struct dcesrv_call_state *dc } +static WERROR fill_forest_trust_array(TALLOC_CTX *mem_ctx, + struct ldb_context *sam_ctx, + struct loadparm_context *lp_ctx, + struct lsa_ForestTrustInformation *info) +{ + struct lsa_ForestTrustDomainInfo *domain_info; + struct lsa_ForestTrustRecord *e; + struct ldb_message **dom_res; + const char * const dom_attrs[] = { "objectSid", NULL }; + int ret; + + /* we need to provide 2 entries: + * 1. the Root Forest name + * 2. the Domain Information + */ + + info->count = 2; + info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, 2); + W_ERROR_HAVE_NO_MEMORY(info->entries); + + /* Forest root info */ + e = talloc(info, struct lsa_ForestTrustRecord); + W_ERROR_HAVE_NO_MEMORY(e); + + e->flags = 0; + e->level = LSA_FOREST_TRUST_TOP_LEVEL_NAME; + e->time = 0; /* so far always 0 in trces. */ + e->forest_trust_data.top_level_name.string = lp_dnsdomain(lp_ctx); + + info->entries[0] = e; + + /* Domain info */ + e = talloc(info, struct lsa_ForestTrustRecord); + W_ERROR_HAVE_NO_MEMORY(e); + + /* get our own domain info */ + ret = gendb_search_dn(sam_ctx, mem_ctx, NULL, &dom_res, dom_attrs); + if (ret != 1) { + return WERR_GENERAL_FAILURE; + } + + /* TODO: check if disabled and set flags accordingly */ + e->flags = 0; + e->level = LSA_FOREST_TRUST_DOMAIN_INFO; + e->time = 0; /* so far always 0 in traces. */ + + domain_info = &e->forest_trust_data.domain_info; + domain_info->domain_sid = samdb_result_dom_sid(info, dom_res[0], + "objectSid"); + domain_info->dns_domain_name.string = lp_dnsdomain(lp_ctx); + domain_info->netbios_domain_name.string = lp_workgroup(lp_ctx); + + info->entries[1] = e; + + talloc_free(dom_res); + + return WERR_OK; +} + /* netr_DsRGetForestTrustInformation */ -static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct netr_DsRGetForestTrustInformation *r) +static WERROR dcesrv_netr_DsRGetForestTrustInformation(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct netr_DsRGetForestTrustInformation *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + struct lsa_ForestTrustInformation *info, **info_ptr; + struct ldb_context *sam_ctx; + WERROR werr; + + ZERO_STRUCT(r->out); + + if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) { + return WERR_CALL_NOT_IMPLEMENTED; + } + + if (r->in.flags & 0xFFFFFFFE) { + return WERR_INVALID_FLAGS; + } + + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return WERR_GENERAL_FAILURE; + } + + if (r->in.flags & DS_GFTI_UPDATE_TDO) { + if (!samdb_is_pdc(sam_ctx)) { + return WERR_NERR_NOTPRIMARY; + } + + if (r->in.trusted_domain_name == NULL) { + return WERR_INVALID_FLAGS; + } + + /* TODO: establish an schannel connection with + * r->in.trusted_domain_name and perform a + * netr_GetForestTrustInformation call against it */ + + /* for now return not implementd */ + return WERR_CALL_NOT_IMPLEMENTED; + } + + /* TODO: check r->in.server_name is our name */ + + info_ptr = talloc(mem_ctx, struct lsa_ForestTrustInformation *); + W_ERROR_HAVE_NO_MEMORY(info_ptr); + + info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation); + W_ERROR_HAVE_NO_MEMORY(info); + + werr = fill_forest_trust_array(mem_ctx, sam_ctx, lp_ctx, info); + W_ERROR_NOT_OK_RETURN(werr); + + *info_ptr = info; + r->out.forest_trust_info = info_ptr; + + return WERR_OK; } /* netr_GetForestTrustInformation */ -static WERROR dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct netr_GetForestTrustInformation *r) +static NTSTATUS dcesrv_netr_GetForestTrustInformation(struct dcesrv_call_state *dce_call, + TALLOC_CTX *mem_ctx, + struct netr_GetForestTrustInformation *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; + struct netlogon_creds_CredentialState *creds; + struct lsa_ForestTrustInformation *info, **info_ptr; + struct ldb_context *sam_ctx; + NTSTATUS status; + WERROR werr; + + if (lp_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + ZERO_STRUCT(r->out); + + status = dcesrv_netr_creds_server_step_check(dce_call, + mem_ctx, + r->in.computer_name, + r->in.credential, + r->out.return_authenticator, + &creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if ((creds->secure_channel_type != SEC_CHAN_DNS_DOMAIN) && + (creds->secure_channel_type != SEC_CHAN_DOMAIN)) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, lp_ctx, + dce_call->conn->auth_state.session_info); + if (sam_ctx == NULL) { + return NT_STATUS_UNSUCCESSFUL; + } + + /* TODO: check r->in.server_name is our name */ + + info_ptr = talloc(mem_ctx, struct lsa_ForestTrustInformation *); + if (!info_ptr) { + return NT_STATUS_NO_MEMORY; + } + info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation); + if (!info) { + return NT_STATUS_NO_MEMORY; + } + + werr = fill_forest_trust_array(mem_ctx, sam_ctx, lp_ctx, info); + if (!W_ERROR_IS_OK(werr)) { + return werror_to_ntstatus(werr); + } + + *info_ptr = info; + r->out.forest_trust_info = info_ptr; + + return NT_STATUS_OK; } |