diff options
-rw-r--r-- | source4/cldap_server/cldap_server.h | 11 | ||||
-rw-r--r-- | source4/cldap_server/netlogon.c | 96 |
2 files changed, 73 insertions, 34 deletions
diff --git a/source4/cldap_server/cldap_server.h b/source4/cldap_server/cldap_server.h index fe7788f773..995ceed3a2 100644 --- a/source4/cldap_server/cldap_server.h +++ b/source4/cldap_server/cldap_server.h @@ -47,4 +47,15 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, struct netlogon_samlogon_response *netlogon, bool fill_on_blank_request); +NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, + struct loadparm_context *lp_ctx, + TALLOC_CTX *mem_ctx, + const char **domain, + const char **host, + const char **user, + const char **domain_guid, + struct dom_sid **domain_sid, + int *acct_control, + int *version); + #include "cldap_server/proto.h" diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 6d5efb5560..0894b2bea7 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -369,27 +369,26 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, return NT_STATUS_OK; } - -/* - handle incoming cldap requests -*/ -void cldapd_netlogon_request(struct cldap_socket *cldap, - struct cldapd_server *cldapd, - TALLOC_CTX *tmp_ctx, - uint32_t message_id, - struct ldb_parse_tree *tree, - struct tsocket_address *src) +NTSTATUS parse_netlogon_request(struct ldb_parse_tree *tree, + struct loadparm_context *lp_ctx, + TALLOC_CTX *tmp_ctx, + const char **domain, + const char **host, + const char **user, + const char **domain_guid, + struct dom_sid **domain_sid, + int *acct_control, + int *version) { unsigned int i; - const char *domain = NULL; - const char *host = NULL; - const char *user = NULL; - const char *domain_guid = NULL; - struct dom_sid *domain_sid = NULL; - int acct_control = -1; - int version = -1; - struct netlogon_samlogon_response netlogon; - NTSTATUS status = NT_STATUS_INVALID_PARAMETER; + + *domain = NULL; + *host = NULL; + *user = NULL; + *domain_guid = NULL; + *domain_sid = NULL; + *acct_control = -1; + *version = -1; if (tree->operation != LDB_OP_AND) goto failed; @@ -398,12 +397,12 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, struct ldb_parse_tree *t = tree->u.list.elements[i]; if (t->operation != LDB_OP_EQUALITY) goto failed; if (strcasecmp(t->u.equality.attr, "DnsDomain") == 0) { - domain = talloc_strndup(tmp_ctx, + *domain = talloc_strndup(tmp_ctx, (const char *)t->u.equality.value.data, t->u.equality.value.length); } if (strcasecmp(t->u.equality.attr, "Host") == 0) { - host = talloc_strndup(tmp_ctx, + *host = talloc_strndup(tmp_ctx, (const char *)t->u.equality.value.data, t->u.equality.value.length); } @@ -413,50 +412,79 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, enc_status = ldap_decode_ndr_GUID(tmp_ctx, t->u.equality.value, &guid); if (NT_STATUS_IS_OK(enc_status)) { - domain_guid = GUID_string(tmp_ctx, &guid); + *domain_guid = GUID_string(tmp_ctx, &guid); } } if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) { enum ndr_err_code ndr_err; - domain_sid = talloc(tmp_ctx, struct dom_sid); - if (domain_sid == NULL) { + *domain_sid = talloc(tmp_ctx, struct dom_sid); + if (*domain_sid == NULL) { goto failed; } ndr_err = ndr_pull_struct_blob(&t->u.equality.value, - domain_sid, domain_sid, + *domain_sid, *domain_sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(domain_sid); + talloc_free(*domain_sid); goto failed; } } if (strcasecmp(t->u.equality.attr, "User") == 0) { - user = talloc_strndup(tmp_ctx, - (const char *)t->u.equality.value.data, - t->u.equality.value.length); + *user = talloc_strndup(tmp_ctx, + (const char *)t->u.equality.value.data, + t->u.equality.value.length); } if (strcasecmp(t->u.equality.attr, "NtVer") == 0 && t->u.equality.value.length == 4) { - version = IVAL(t->u.equality.value.data, 0); + *version = IVAL(t->u.equality.value.data, 0); } if (strcasecmp(t->u.equality.attr, "AAC") == 0 && t->u.equality.value.length == 4) { - acct_control = IVAL(t->u.equality.value.data, 0); + *acct_control = IVAL(t->u.equality.value.data, 0); } } - if ((domain == NULL) && (domain_guid == NULL) && (domain_sid == NULL)) { - domain = lpcfg_dnsdomain(cldapd->task->lp_ctx); + if ((*domain == NULL) && (*domain_guid == NULL) && (*domain_sid == NULL)) { + *domain = lpcfg_dnsdomain(lp_ctx); } - if (version == -1) { + if (*version == -1) { goto failed; } + return NT_STATUS_OK; + +failed: + return NT_STATUS_UNSUCCESSFUL; +} + +/* + handle incoming cldap requests +*/ +void cldapd_netlogon_request(struct cldap_socket *cldap, + struct cldapd_server *cldapd, + TALLOC_CTX *tmp_ctx, + uint32_t message_id, + struct ldb_parse_tree *tree, + struct tsocket_address *src) +{ + const char *domain, *host, *user, *domain_guid; + struct dom_sid *domain_sid; + int acct_control, version; + struct netlogon_samlogon_response netlogon; + NTSTATUS status = NT_STATUS_INVALID_PARAMETER; + DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", domain, host, user, version, domain_guid)); + status = parse_netlogon_request(tree, cldapd->task->lp_ctx, tmp_ctx, + &domain, &host, &user, &domain_guid, + &domain_sid, &acct_control, &version); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, domain_sid, domain_guid, |