diff options
author | Benjamin Franzke <benjaminfranzke@googlemail.com> | 2013-10-27 06:55:48 +0100 |
---|---|---|
committer | Benjamin Franzke <benjaminfranzke@googlemail.com> | 2013-10-27 19:42:06 +0100 |
commit | fdd92e8914ac0496a034dded52c8777d69aad856 (patch) | |
tree | b31ca73669861c15941b8517a926611354304dcc /source4/dsdb | |
parent | 8eada260c75504d2e1e7ec954c665fd54043857d (diff) | |
download | samba-fdd92e8914ac0496a034dded52c8777d69aad856.tar.gz samba-fdd92e8914ac0496a034dded52c8777d69aad856.tar.bz2 samba-fdd92e8914ac0496a034dded52c8777d69aad856.zip |
s4:dsdb/rootdse: Support netlogon request
This patch adds support for a netlogon ldap style request
over the tcp socket. This is available since win2k3+ [1].
The automatic client join & configuration daemon "realmd" makes
use of this ability.
Realmd can now be used to join a computer to a samba 4 domain.
(See also:
https://lists.samba.org/archive/samba-technical/2013-October/095606.html)
Tested with:
ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
And compared the result in wireshark with cldap request issued by
examples/misc/cldap.pl.
[1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 90 | ||||
-rwxr-xr-x | source4/dsdb/samdb/ldb_modules/wscript_build_server | 2 |
2 files changed, 91 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 167201ec60..6683ebf26c 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -34,6 +34,7 @@ #include "param/param.h" #include "lib/messaging/irpc.h" #include "librpc/gen_ndr/ndr_irpc_c.h" +#include "cldap_server/cldap_server.h" struct private_data { unsigned int num_controls; @@ -744,6 +745,88 @@ static int rootdse_filter_operations(struct ldb_module *module, struct ldb_reque return LDB_ERR_OPERATIONS_ERROR; } +static int rootdse_handle_netlogon(struct rootdse_context *ac) +{ + struct ldb_context *ldb; + struct ldb_parse_tree *tree; + struct loadparm_context *lp_ctx; + TALLOC_CTX *tmp_ctx = talloc_new(ac->req); + const char *domain, *host, *user, *domain_guid; + struct dom_sid *domain_sid; + int acct_control = -1; + int version = -1; + NTSTATUS status; + struct netlogon_samlogon_response netlogon; + struct ldb_message *msg = NULL; + int ret, error = LDB_ERR_OPERATIONS_ERROR; + struct ldb_val blob; + + ldb = ldb_module_get_ctx(ac->module); + tree = ac->req->op.search.tree; + lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), + struct loadparm_context); + + status = parse_netlogon_request(tree, lp_ctx, tmp_ctx, + &domain, &host, &user, &domain_guid, + &domain_sid, &acct_control, &version); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + status = fill_netlogon_samlogon_response(ldb, tmp_ctx, + domain, NULL, domain_sid, + domain_guid, + user, acct_control, + NULL, /* FIXME: How to retrieve client ip addr here? */ + version, lp_ctx, + &netlogon, false); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + status = push_netlogon_samlogon_response(&blob, tmp_ctx, &netlogon); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + msg = ldb_msg_new(tmp_ctx); + if (!msg) { + error = ldb_oom(ldb); + goto failed; + } + + msg->dn = ldb_dn_new(tmp_ctx, ldb, ""); + if (!msg->dn) { + error = ldb_oom(ldb); + goto failed; + } + + ret = ldb_msg_add_value(msg, "netlogon", &blob, NULL); + if (ret != LDB_SUCCESS) { + error = ret; + goto failed; + } + + ret = ldb_module_send_entry(ac->req, msg, NULL); + if (ret != LDB_SUCCESS) { + error = ret; + goto failed; + } + + ret = ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS); + if (ret != LDB_SUCCESS) { + error = ret; + goto failed; + } + + talloc_free(tmp_ctx); + return LDB_SUCCESS; + +failed: + talloc_free(tmp_ctx); + return ldb_module_done(ac->req, NULL, NULL, error); +} + static int rootdse_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb; @@ -774,6 +857,13 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) return ldb_operr(ldb); } + if (req->op.search.attrs && + req->op.search.attrs[0] && + req->op.search.attrs[1] == NULL && + ldb_attr_cmp(req->op.search.attrs[0], "netlogon") == 0) { + return rootdse_handle_netlogon(ac); + } + /* in our db we store the rootDSE with a DN of @ROOTDSE */ ret = ldb_build_search_req(&down_req, ldb, ac, ldb_dn_new(ac, ldb, "@ROOTDSE"), diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build_server b/source4/dsdb/samdb/ldb_modules/wscript_build_server index 41eb0f34e1..7ad1d3b87d 100755 --- a/source4/dsdb/samdb/ldb_modules/wscript_build_server +++ b/source4/dsdb/samdb/ldb_modules/wscript_build_server @@ -106,7 +106,7 @@ bld.SAMBA_MODULE('ldb_rootdse', init_function='ldb_rootdse_module_init', module_init_name='ldb_init_module', internal_module=False, - deps='talloc samdb MESSAGING samba-security DSDB_MODULE_HELPERS RPC_NDR_IRPC' + deps='talloc samdb MESSAGING samba-security DSDB_MODULE_HELPERS RPC_NDR_IRPC CLDAPD' ) |