summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2004-06-03 18:00:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:51:53 -0500
commit9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad (patch)
tree7b126d923a8a0ee8b02ab43bf54a43ce3344f051 /source3/rpc_server
parent4e1b26db3490c6063bf0ea05b8ae7e34a96ca8a9 (diff)
downloadsamba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.gz
samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.tar.bz2
samba-9dbf2e2419e2ba0f2293b4a7a5971123f34a09ad.zip
r991: Allow winbindd to use the domain trust account password
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog.c11
-rw-r--r--source3/rpc_server/srv_netlog_nt.c69
2 files changed, 56 insertions, 24 deletions
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index f06a2002e3..705b629732 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -227,8 +227,6 @@ static BOOL api_net_trust_dom_list(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__));
-
/* grab the lsa trusted domain list query... */
if(!net_io_q_trust_dom("", &q_u, data, 0)) {
DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n"));
@@ -244,8 +242,6 @@ static BOOL api_net_trust_dom_list(pipes_struct *p)
return False;
}
- DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__));
-
return True;
}
@@ -263,7 +259,6 @@ static BOOL api_net_logon_ctrl2(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
/* grab the lsa netlogon ctrl2 query... */
if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) {
@@ -278,8 +273,6 @@ static BOOL api_net_logon_ctrl2(pipes_struct *p)
return False;
}
- DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
-
return True;
}
@@ -297,8 +290,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p)
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
- DEBUG(6,("api_net_logon_ctrl: %d\n", __LINE__));
-
/* grab the lsa netlogon ctrl query... */
if(!net_io_q_logon_ctrl("", &q_u, data, 0)) {
DEBUG(0,("api_net_logon_ctrl: Failed to unmarshall NET_Q_LOGON_CTRL.\n"));
@@ -312,8 +303,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p)
return False;
}
- DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__));
-
return True;
}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index be8eda82c9..264b7a74a7 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -47,6 +47,7 @@ static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
#define ERROR_NO_SUCH_DOMAIN 0x54b
#define ERROR_NO_LOGON_SERVERS 0x51f
+#define NO_ERROR 0x0
/*************************************************************************
net_reply_logon_ctrl:
@@ -104,25 +105,67 @@ NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_C
uint32 flags = 0x0;
uint32 pdc_connection_status = 0x0;
uint32 logon_attempts = 0x0;
- uint32 tc_status = ERROR_NO_LOGON_SERVERS;
- const char *trusted_domain = "test_domain";
+ uint32 tc_status;
+ fstring servername, domain, dc_name, dc_name2;
+ struct in_addr dc_ip;
- DEBUG(0, ("*** net long ctrl2 %d, %d, %d\n",
- q_u->function_code, q_u->query_level, q_u->switch_value));
+ /* this should be \\global_myname() */
+ unistr2_to_ascii(servername, &q_u->uni_server_name, sizeof(servername));
- DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__));
-
-
- /* set up the Logon Control2 response */
- init_net_r_logon_ctrl2(r_u, q_u->query_level,
- flags, pdc_connection_status, logon_attempts,
- tc_status, trusted_domain);
+ r_u->status = NT_STATUS_OK;
+
+ tc_status = ERROR_NO_SUCH_DOMAIN;
+ fstrcpy( dc_name, "" );
+
+ switch ( q_u->function_code ) {
+ case NETLOGON_CONTROL_TC_QUERY:
+ unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
+
+ if ( !is_trusted_domain( domain ) )
+ break;
+
+ if ( !get_dc_name( domain, NULL, dc_name2, &dc_ip ) ) {
+ tc_status = ERROR_NO_LOGON_SERVERS;
+ break;
+ }
+
+ fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
+
+ tc_status = NO_ERROR;
+
+ break;
+
+ case NETLOGON_CONTROL_REDISCOVER:
+ unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
+
+ if ( !is_trusted_domain( domain ) )
+ break;
+
+ if ( !get_dc_name( domain, NULL, dc_name2, &dc_ip ) ) {
+ tc_status = ERROR_NO_LOGON_SERVERS;
+ break;
+ }
+
+ fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
+
+ tc_status = NO_ERROR;
+
+ break;
+
+ default:
+ /* no idea what this should be */
+ DEBUG(0,("_net_logon_ctrl2: unimplemented function level [%d]\n",
+ q_u->function_code));
+ }
+
+ /* prepare the response */
+
+ init_net_r_logon_ctrl2( r_u, q_u->query_level, flags,
+ pdc_connection_status, logon_attempts, tc_status, dc_name );
if (lp_server_role() == ROLE_DOMAIN_BDC)
send_sync_message();
- DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__));
-
return r_u->status;
}