summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-10-19 11:28:00 +0200
committerGünther Deschner <gd@samba.org>2009-11-04 00:55:45 +0100
commitbb2e1ff6315f070b67d45600dd763011f8aba136 (patch)
tree48d6e8598cc4c1108f4308174294fc6ea85ed4b5 /source3/rpc_server
parent40f3f456bcea3d37537e807dbcd3a09b08dbc870 (diff)
downloadsamba-bb2e1ff6315f070b67d45600dd763011f8aba136.tar.gz
samba-bb2e1ff6315f070b67d45600dd763011f8aba136.tar.bz2
samba-bb2e1ff6315f070b67d45600dd763011f8aba136.zip
s3-netlogon: let s3 pass against RPC-NETLOGON-S3 again.
Guenther
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c72
1 files changed, 72 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 017d3bbcb7..d5740c06f1 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -126,6 +126,37 @@ static bool wb_change_trust_creds(const char *domain, WERROR *tc_status)
return true;
}
+/*************************************************************************
+ *************************************************************************/
+
+static bool wb_check_trust_creds(const char *domain, WERROR *tc_status)
+{
+ wbcErr result;
+ struct wbcAuthErrorInfo *error = NULL;
+
+ result = wbcCheckTrustCredentials(domain, &error);
+ switch (result) {
+ case WBC_ERR_WINBIND_NOT_AVAILABLE:
+ return false;
+ case WBC_ERR_DOMAIN_NOT_FOUND:
+ *tc_status = WERR_NO_SUCH_DOMAIN;
+ return true;
+ case WBC_ERR_SUCCESS:
+ *tc_status = WERR_OK;
+ return true;
+ default:
+ break;
+ }
+
+ if (error && error->nt_status != 0) {
+ *tc_status = ntstatus_to_werror(NT_STATUS(error->nt_status));
+ } else {
+ *tc_status = WERR_TRUST_FAILURE;
+ }
+ wbcFreeMemory(error);
+ return true;
+}
+
/****************************************************************
_netr_LogonControl2Ex
****************************************************************/
@@ -164,7 +195,44 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
tc_status = WERR_NO_SUCH_DOMAIN;
switch (r->in.function_code) {
+ case NETLOGON_CONTROL_QUERY:
+ tc_status = WERR_OK;
+ break;
+ case NETLOGON_CONTROL_REPLICATE:
+ case NETLOGON_CONTROL_SYNCHRONIZE:
+ case NETLOGON_CONTROL_PDC_REPLICATE:
+ case NETLOGON_CONTROL_BACKUP_CHANGE_LOG:
+ case NETLOGON_CONTROL_TRUNCATE_LOG:
+ case NETLOGON_CONTROL_BREAKPOINT:
+ return WERR_ACCESS_DENIED;
+ case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ case NETLOGON_CONTROL_QUERY_DNS_REG:
+ return WERR_NOT_SUPPORTED;
+ case NETLOGON_CONTROL_FIND_USER:
+ if (!r->in.data || !r->in.data->user) {
+ return WERR_NOT_SUPPORTED;
+ }
+ break;
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ if (!r->in.data) {
+ return WERR_NOT_SUPPORTED;
+ }
+ break;
+ case NETLOGON_CONTROL_TC_VERIFY:
+ if (!r->in.data || !r->in.data->domain) {
+ return WERR_NOT_SUPPORTED;
+ }
+
+ if (!wb_check_trust_creds(r->in.data->domain, &tc_status)) {
+ return WERR_NOT_SUPPORTED;
+ }
+ break;
case NETLOGON_CONTROL_TC_QUERY:
+ if (!r->in.data || !r->in.data->domain) {
+ return WERR_NOT_SUPPORTED;
+ }
+
domain = r->in.data->domain;
if (!is_trusted_domain(domain)) {
@@ -186,6 +254,10 @@ WERROR _netr_LogonControl2Ex(pipes_struct *p,
break;
case NETLOGON_CONTROL_REDISCOVER:
+ if (!r->in.data || !r->in.data->domain) {
+ return WERR_NOT_SUPPORTED;
+ }
+
domain = r->in.data->domain;
if (!is_trusted_domain(domain)) {