diff options
| -rw-r--r-- | source4/cldap_server/cldap_server.h | 3 | ||||
| -rw-r--r-- | source4/cldap_server/netlogon.c | 25 | ||||
| -rw-r--r-- | source4/nbt_server/dgram/netlogon.c | 2 | ||||
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 2 | ||||
| -rw-r--r-- | source4/torture/rpc/netlogon.c | 9 |
5 files changed, 34 insertions, 7 deletions
diff --git a/source4/cldap_server/cldap_server.h b/source4/cldap_server/cldap_server.h index 2eaf59401f..e40a1bd4ba 100644 --- a/source4/cldap_server/cldap_server.h +++ b/source4/cldap_server/cldap_server.h @@ -43,6 +43,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, - struct netlogon_samlogon_response *netlogon); + struct netlogon_samlogon_response *netlogon, + bool fill_on_blank_request); #include "cldap_server/proto.h" diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index e24f1b376e..06c61aca24 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -51,7 +51,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, - struct netlogon_samlogon_response *netlogon) + struct netlogon_samlogon_response *netlogon, + bool fill_on_blank_request) { const char *dom_attrs[] = {"objectGUID", NULL}; const char *none_attrs[] = {NULL}; @@ -170,8 +171,24 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } } - if (dom_res == NULL) { - DEBUG(2,("Unable to get domain informations if no parameter of the list [long domainname, short domainname, GUID, SID] was specified!\n")); + if (dom_res == NULL && fill_on_blank_request) { + /* blank inputs gives our domain - tested against + w2k8r2. Without this ADUC on Win7 won't start */ + domain_dn = ldb_get_default_basedn(sam_ctx); + ret = ldb_search(sam_ctx, mem_ctx, &dom_res, + domain_dn, LDB_SCOPE_BASE, dom_attrs, + "objectClass=domain"); + if (ret != LDB_SUCCESS) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", + lp_dnsdomain(lp_ctx), + ldb_dn_get_linearized(domain_dn), + ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } + + if (dom_res == NULL) { + DEBUG(2,(__location__ ": Unable to get domain informations with no inputs\n")); return NT_STATUS_NO_SUCH_DOMAIN; } @@ -437,7 +454,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid, user, acct_control, tsocket_address_inet_addr_string(src, tmp_ctx), - version, cldapd->task->lp_ctx, &netlogon); + version, cldapd->task->lp_ctx, &netlogon, false); if (!NT_STATUS_IS_OK(status)) { goto failed; } diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index 8fec15a675..c9d864c3c3 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -124,7 +124,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot, status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, - netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon); + netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon, false); if (!NT_STATUS_IS_OK(status)) { DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n", name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status))); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 2650dc7e59..b55ad57350 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -1568,7 +1568,7 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, r->in.client_account, r->in.mask, addr, NETLOGON_NT_VERSION_5EX_WITH_IP, - lp_ctx, &response); + lp_ctx, &response, true); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); } diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 1fc902b59e..d6bc013e8a 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -2271,6 +2271,15 @@ static bool test_netr_DsRGetDCNameEx2(struct torture_context *tctx, struct netr_DsRGetDCNameInfo *info = NULL; struct dcerpc_binding_handle *b = p->binding_handle; + torture_comment(tctx, "Testing netr_DsRGetDCNameEx2 with no inputs\n"); + ZERO_STRUCT(r.in); + r.in.flags = DS_RETURN_DNS_NAME; + r.out.info = &info; + + status = dcerpc_netr_DsRGetDCNameEx2_r(b, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "netr_DsRGetDCNameEx2"); + torture_assert_werr_ok(tctx, r.out.result, "netr_DsRGetDCNameEx2"); + r.in.server_unc = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.client_account = NULL; r.in.mask = 0x00000000; |