1 files changed, 85 insertions, 8 deletions

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index cceb2a62ac..b948d1210e 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -36,6 +36,7 @@
 #include "param/param.h"
 #include "lib/messaging/irpc.h"
 #include "librpc/gen_ndr/ndr_irpc.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
 
 struct server_pipe_state {
 	struct netr_Credential client_challenge;
@@ -86,6 +87,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 	const char *attrs[] = {"unicodePwd", "userAccountControl", 
 			       "objectSid", NULL};
 
+	const char *trust_dom_attrs[] = {"flatname", NULL};
+	const char *account_name;
+
 	ZERO_STRUCTP(r->out.credentials);
 	*r->out.rid = 0;
 	*r->out.negotiate_flags = *r->in.negotiate_flags;
@@ -100,10 +104,54 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 	if (sam_ctx == NULL) {
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
 	}
+
+	if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
+		char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name);
+		char *flatname;
+		if (!encoded_account) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* Kill the trailing dot */
+		if (encoded_account[strlen(encoded_account)-1] == '.') {
+			encoded_account[strlen(encoded_account)-1] = '\0';
+		}
+
+		/* pull the user attributes */
+		num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, trust_dom_attrs,
+					   "(&(trustPartner=%s)(objectclass=trustedDomain))", 
+					   encoded_account);
+		
+		if (num_records == 0) {
+			DEBUG(3,("Couldn't find trust [%s] in samdb.\n", 
+				 encoded_account));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		
+		if (num_records > 1) {
+			DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name));
+			return NT_STATUS_INTERNAL_DB_CORRUPTION;
+		}
+		
+		flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL);
+		if (!flatname) {
+			/* No flatname for this trust - we can't proceed */
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		account_name = talloc_asprintf(mem_ctx, "%s$", flatname);
+
+		if (!account_name) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		
+	} else {
+		account_name = r->in.account_name;
+	}
+	
 	/* pull the user attributes */
 	num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs,
 				   "(&(sAMAccountName=%s)(objectclass=user))", 
-				   r->in.account_name);
+				   ldb_binary_encode_string(mem_ctx, account_name));
 
 	if (num_records == 0) {
 		DEBUG(3,("Couldn't find user [%s] in samdb.\n", 
@@ -129,7 +177,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca
 			DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control));
 			return NT_STATUS_ACCESS_DENIED;
 		}
-	} else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) {
+	} else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN || 
+		   r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) {
 		if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) {
 			DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control));
 			
@@ -898,20 +947,37 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx,
 				       struct ldb_message *res,
 				       struct ldb_message *ref_res,
 				       struct netr_DomainTrustInfo *info, 
-				       bool is_local)
+				       bool is_local, bool is_trust_list)
 {
 	ZERO_STRUCTP(info);
 
+	info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension);
+	info->trust_extension.length = 16;
+	info->trust_extension.info->flags = 
+		NETR_TRUST_FLAG_TREEROOT | 
+		NETR_TRUST_FLAG_IN_FOREST | 
+		NETR_TRUST_FLAG_PRIMARY;
+	info->trust_extension.info->parent_index = 0; /* should be index into array
+							 of parent */
+	info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */
+	info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */
+
+	if (is_trust_list) {
+		/* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */
+		info->forest.string = NULL;
+	} else {
+		/* TODO: we need a common function for pulling the forest */
+		info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL);
+	}
+
 	if (is_local) {
 		info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL);
 		info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL);
-		info->forest.string = NULL;
 		info->guid = samdb_result_guid(res, "objectGUID");
 		info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid");
 	} else {
 		info->domainname.string = samdb_result_string(res, "flatName", NULL);
 		info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL);
-		info->forest.string = NULL;
 		info->guid = samdb_result_guid(res, "objectGUID");
 		info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier");
 	}
@@ -947,6 +1013,9 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 					      r->in.credential, 
 					      r->out.return_authenticator,
 					      NULL);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,(__location__ " Bad credentials - error\n"));
+	}
 	NT_STATUS_NOT_OK_RETURN(status);
 
 	sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
@@ -992,17 +1061,25 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal
 				       info1->num_trusts);
 	NT_STATUS_HAVE_NO_MEMORY(info1->trusts);
 
-	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true);
+	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, 
+					true, false);
 	NT_STATUS_NOT_OK_RETURN(status);
 
 	for (i=0;i<ret2;i++) {
-		status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], false);
+		status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], 
+						false, true);
 		NT_STATUS_NOT_OK_RETURN(status);
 	}
 
-	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true);
+	status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], 
+					true, true);
 	NT_STATUS_NOT_OK_RETURN(status);
 
+	info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL);
+	info1->workstation_flags = 
+		NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE;
+	info1->supported_enc_types = 0; /* w2008 gives this 0 */
+
 	r->out.info.info1 = info1;
 
 	return NT_STATUS_OK;