From 2279d1ebfb0a750d92ca0c4a9dc9803c35c845d9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 12 May 2005 08:28:07 +0000 Subject: r6747: first working version of cldapd server. It is missing 'sites' support, and filling in some of the returned parameters is quite rough, but it seems to work OK (This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140) --- source4/cldap_server/netlogon.c | 233 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 source4/cldap_server/netlogon.c (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c new file mode 100644 index 0000000000..ca77ea17b2 --- /dev/null +++ b/source4/cldap_server/netlogon.c @@ -0,0 +1,233 @@ +/* + Unix SMB/CIFS implementation. + + CLDAP server - netlogon handling + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "libcli/ldap/ldap.h" +#include "lib/events/events.h" +#include "lib/socket/socket.h" +#include "smbd/service_task.h" +#include "cldap_server/cldap_server.h" + +/* + fill in the cldap netlogon union for a given version +*/ +static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, + TALLOC_CTX *mem_ctx, + const char *domain, + const char *src_address, + uint32_t version, + union nbt_cldap_netlogon *netlogon) +{ + struct ldb_context *samctx; + const char *attrs[] = {"realm", "dnsDomain", "objectGUID", "name", NULL}; + struct ldb_message **res; + int ret; + const char **services = lp_server_services(); + uint32_t server_type; + const char *pdc_name; + struct GUID domain_uuid; + const char *realm; + const char *dns_domain; + const char *pdc_dns_name; + const char *flatname; + const char *site_name; + const char *site_name2; + const char *pdc_ip; + + samctx = samdb_connect(mem_ctx); + if (samctx == NULL) { + DEBUG(2,("Unable to open sam in cldap netlogon reply\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + /* try and find the domain */ + ret = gendb_search(samctx, samctx, NULL, &res, attrs, + "(&(dnsDomain=%s)(objectClass=domainDNS))", domain); + if (ret != 1) { + DEBUG(2,("Unable to find domain '%s' in sam\n", domain)); + return NT_STATUS_NO_SUCH_DOMAIN; + } + + server_type = + NBT_SERVER_PDC | NBT_SERVER_GC | + NBT_SERVER_DS | NBT_SERVER_TIMESERV | + NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | + NBT_SERVER_GOOD_TIMESERV; + + if (lp_parm_bool(-1, "gensec", "krb5", True)) { + server_type |= NBT_SERVER_KDC; + } + if (str_list_check(services, "ldap")) { + server_type |= NBT_SERVER_LDAP; + } + + pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); + domain_uuid = samdb_result_guid(res[0], "objectGUID"); + realm = samdb_result_string(res[0], "realm", lp_realm()); + dns_domain = samdb_result_string(res[0], "dnsDomain", lp_realm()); + pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", + lp_netbios_name(), dns_domain); + flatname = samdb_result_string(res[0], "name", lp_workgroup()); + site_name = "Default-First-Site-Name"; + site_name2 = ""; + pdc_ip = iface_best_ip(src_address); + + ZERO_STRUCTP(netlogon); + + switch (version & 0xF) { + case 0: + case 1: + netlogon->logon1.pdc_name = pdc_name; + netlogon->logon1.unknown = ""; + netlogon->logon1.domain_name = flatname; + netlogon->logon1.nt_version = 1; + netlogon->logon1.lmnt_token = 0xFFFF; + netlogon->logon1.lm20_token = 0xFFFF; + break; + case 2: + case 3: + netlogon->logon2.pdc_name = pdc_name; + netlogon->logon2.unknown = ""; + netlogon->logon2.domain_name = flatname; + netlogon->logon2.domain_uuid = domain_uuid; + netlogon->logon2.forest = realm; + netlogon->logon2.dns_domain = dns_domain; + netlogon->logon2.pdc_dns_name = pdc_dns_name; + netlogon->logon2.pdc_ip = pdc_ip; + netlogon->logon2.server_type = server_type; + netlogon->logon2.nt_version = 3; + netlogon->logon2.lmnt_token = 0xFFFF; + netlogon->logon2.lm20_token = 0xFFFF; + break; + case 4: + case 5: + case 6: + case 7: + netlogon->logon3.server_type = server_type; + netlogon->logon3.domain_uuid = domain_uuid; + netlogon->logon3.forest = realm; + netlogon->logon3.dns_domain = dns_domain; + netlogon->logon3.pdc_dns_name = pdc_dns_name; + netlogon->logon3.domain = flatname; + netlogon->logon3.pdc_name = pdc_name; + netlogon->logon3.user_name = ""; + netlogon->logon3.site_name = site_name; + netlogon->logon3.site_name2 = site_name2; + netlogon->logon3.nt_version = 3; + netlogon->logon3.lmnt_token = 0xFFFF; + netlogon->logon3.lm20_token = 0xFFFF; + break; + default: + netlogon->logon4.server_type = server_type; + netlogon->logon4.domain_uuid = domain_uuid; + netlogon->logon4.forest = realm; + netlogon->logon4.dns_domain = dns_domain; + netlogon->logon4.pdc_dns_name = pdc_dns_name; + netlogon->logon4.domain = flatname; + netlogon->logon4.pdc_name = lp_netbios_name(); + netlogon->logon4.user_name = ""; + netlogon->logon4.site_name = site_name; + netlogon->logon4.site_name2 = site_name2; + netlogon->logon4.unknown = 10; + netlogon->logon4.unknown2 = 2; + netlogon->logon4.pdc_ip = pdc_ip; + netlogon->logon4.nt_version = 5; + netlogon->logon4.lmnt_token = 0xFFFF; + netlogon->logon4.lm20_token = 0xFFFF; + break; + } + + return NT_STATUS_OK; +} + + +/* + handle incoming cldap requests +*/ +void cldapd_netlogon_request(struct cldap_socket *cldap, + uint32_t message_id, + const char *filter, + const char *src_address, int src_port) +{ + struct ldap_parse_tree *tree; + int i; + const char *domain = NULL; + const char *host = NULL; + int version = -1; + union nbt_cldap_netlogon netlogon; + NTSTATUS status = NT_STATUS_INVALID_PARAMETER; + + TALLOC_CTX *tmp_ctx = talloc_new(cldap); + + tree = ldap_parse_filter_string(tmp_ctx, filter); + if (tree == NULL) goto failed; + + if (tree->operation != LDAP_OP_AND) goto failed; + + /* extract the query elements */ + for (i=0;iu.list.num_elements;i++) { + struct ldap_parse_tree *t = tree->u.list.elements[i]; + if (t->operation != LDAP_OP_SIMPLE) goto failed; + if (strcasecmp(t->u.simple.attr, "DnsDomain") == 0) { + domain = talloc_strndup(tmp_ctx, + t->u.simple.value.data, + t->u.simple.value.length); + } + if (strcasecmp(t->u.simple.attr, "Host") == 0) { + host = talloc_strndup(tmp_ctx, + t->u.simple.value.data, + t->u.simple.value.length); + } + if (strcasecmp(t->u.simple.attr, "NtVer") == 0 && + t->u.simple.value.length == 4) { + version = IVAL(t->u.simple.value.data, 0); + } + } + + if (domain == NULL || host == NULL || version == -1) { + goto failed; + } + + DEBUG(2,("cldap netlogon query domain=%s host=%s version=%d\n", + domain, host, version)); + + status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, src_address, + version, &netlogon); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + status = cldap_netlogon_reply(cldap, message_id, src_address, src_port, version, + &netlogon); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + talloc_free(tmp_ctx); + return; + +failed: + DEBUG(0,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n", + domain, host, version, nt_errstr(status))); + talloc_free(tmp_ctx); + cldap_empty_reply(cldap, message_id, src_address, src_port); +} -- cgit From 0b5fe8f7e14565209fe4354a6990aa9df1854023 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 12 May 2005 09:03:14 +0000 Subject: r6750: some minor tweaks to the cldapd server I can now join winxp -> samba4 DC using long name, and login. The nice thing is there are no delays now, as the client likes the replies it gets (This used to be commit 5aff7d36f3e535e305820ae42b023ae53cc0daf9) --- source4/cldap_server/netlogon.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index ca77ea17b2..327a60c8bb 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -33,6 +33,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, TALLOC_CTX *mem_ctx, const char *domain, + const char *user, const char *src_address, uint32_t version, union nbt_cldap_netlogon *netlogon) @@ -59,6 +60,11 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, return NT_STATUS_INTERNAL_DB_CORRUPTION; } + /* the domain has an optional trailing . */ + if (domain[strlen(domain)-1] == '.') { + domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); + } + /* try and find the domain */ ret = gendb_search(samctx, samctx, NULL, &res, attrs, "(&(dnsDomain=%s)(objectClass=domainDNS))", domain); @@ -87,7 +93,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", lp_netbios_name(), dns_domain); flatname = samdb_result_string(res[0], "name", lp_workgroup()); - site_name = "Default-First-Site-Name"; + site_name = "Default-First-Site-Name.bludom.tridgell.net"; site_name2 = ""; pdc_ip = iface_best_ip(src_address); @@ -129,7 +135,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, netlogon->logon3.pdc_dns_name = pdc_dns_name; netlogon->logon3.domain = flatname; netlogon->logon3.pdc_name = pdc_name; - netlogon->logon3.user_name = ""; + netlogon->logon3.user_name = user; netlogon->logon3.site_name = site_name; netlogon->logon3.site_name2 = site_name2; netlogon->logon3.nt_version = 3; @@ -144,7 +150,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, netlogon->logon4.pdc_dns_name = pdc_dns_name; netlogon->logon4.domain = flatname; netlogon->logon4.pdc_name = lp_netbios_name(); - netlogon->logon4.user_name = ""; + netlogon->logon4.user_name = user; netlogon->logon4.site_name = site_name; netlogon->logon4.site_name2 = site_name2; netlogon->logon4.unknown = 10; @@ -172,12 +178,15 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, int i; const char *domain = NULL; const char *host = NULL; + const char *user = ""; int version = -1; union nbt_cldap_netlogon netlogon; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; TALLOC_CTX *tmp_ctx = talloc_new(cldap); + DEBUG(0,("cldap filter='%s'\n", filter)); + tree = ldap_parse_filter_string(tmp_ctx, filter); if (tree == NULL) goto failed; @@ -197,6 +206,11 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, t->u.simple.value.data, t->u.simple.value.length); } + if (strcasecmp(t->u.simple.attr, "User") == 0) { + user = talloc_strndup(tmp_ctx, + t->u.simple.value.data, + t->u.simple.value.length); + } if (strcasecmp(t->u.simple.attr, "NtVer") == 0 && t->u.simple.value.length == 4) { version = IVAL(t->u.simple.value.data, 0); @@ -207,10 +221,10 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, goto failed; } - DEBUG(2,("cldap netlogon query domain=%s host=%s version=%d\n", - domain, host, version)); + DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d\n", + domain, host, user, version)); - status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, src_address, + status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, user, src_address, version, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; -- cgit From 04ecea3b1ce9e4fdda5f39368b51ca90364a2496 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 13 May 2005 05:29:41 +0000 Subject: r6761: - not everyone is in my domain :-) - started adding support for the other cldap attributes that XP uses (This used to be commit 1537558039b012a4124e6167ad7ebfd7486f05ff) --- source4/cldap_server/netlogon.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 327a60c8bb..ea4a8726ef 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -93,7 +93,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", lp_netbios_name(), dns_domain); flatname = samdb_result_string(res[0], "name", lp_workgroup()); - site_name = "Default-First-Site-Name.bludom.tridgell.net"; + site_name = talloc_asprintf(mem_ctx, "Default-First-Site-Name.%s", + dns_domain); site_name2 = ""; pdc_ip = iface_best_ip(src_address); @@ -179,6 +180,9 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, const char *domain = NULL; const char *host = NULL; const char *user = ""; + const char *domain_guid = NULL; + const char *domain_sid = NULL; + int acct_control = -1; int version = -1; union nbt_cldap_netlogon netlogon; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; @@ -206,6 +210,16 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, t->u.simple.value.data, t->u.simple.value.length); } + if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) { + domain_guid = talloc_strndup(tmp_ctx, + t->u.simple.value.data, + t->u.simple.value.length); + } + if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) { + domain_sid = talloc_strndup(tmp_ctx, + t->u.simple.value.data, + t->u.simple.value.length); + } if (strcasecmp(t->u.simple.attr, "User") == 0) { user = talloc_strndup(tmp_ctx, t->u.simple.value.data, @@ -215,6 +229,10 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, t->u.simple.value.length == 4) { version = IVAL(t->u.simple.value.data, 0); } + if (strcasecmp(t->u.simple.attr, "AAC") == 0 && + t->u.simple.value.length == 4) { + acct_control = IVAL(t->u.simple.value.data, 0); + } } if (domain == NULL || host == NULL || version == -1) { -- cgit From 2f315e94f8268880f9fbc1f95d08fdb2518b0479 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 13 May 2005 06:06:19 +0000 Subject: r6762: with the zone right we don't need a fully qualified site name at all (This used to be commit 6f4ad382d445c3cdb8e50727f09d79334076e02d) --- source4/cldap_server/netlogon.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index ea4a8726ef..57606c3930 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -93,8 +93,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", lp_netbios_name(), dns_domain); flatname = samdb_result_string(res[0], "name", lp_workgroup()); - site_name = talloc_asprintf(mem_ctx, "Default-First-Site-Name.%s", - dns_domain); + site_name = "Default-First-Site-Name"; site_name2 = ""; pdc_ip = iface_best_ip(src_address); -- cgit From d43e0836dd1dc6f60104a93ff3e2c333e3f79b48 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 16 May 2005 10:30:51 +0000 Subject: r6815: fill in values in cldap server as well (This used to be commit 50cac2ce845b7408d83f18e13544b950b2a5a65b) --- source4/cldap_server/netlogon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 57606c3930..ce49f084f8 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -103,7 +103,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, case 0: case 1: netlogon->logon1.pdc_name = pdc_name; - netlogon->logon1.unknown = ""; + netlogon->logon1.user_name = user; netlogon->logon1.domain_name = flatname; netlogon->logon1.nt_version = 1; netlogon->logon1.lmnt_token = 0xFFFF; @@ -112,7 +112,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, case 2: case 3: netlogon->logon2.pdc_name = pdc_name; - netlogon->logon2.unknown = ""; + netlogon->logon2.user_name = user; netlogon->logon2.domain_name = flatname; netlogon->logon2.domain_uuid = domain_uuid; netlogon->logon2.forest = realm; -- cgit From 9469051d5bcdd6a91b688d20bc91bb3cb2ba094d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 16 May 2005 11:17:57 +0000 Subject: r6817: - fixed empty ldap search elements in filters - added support for guids in cldap netlogon searches. the cldap server now passes the LDAP-CLDAP torture test (This used to be commit eb7979d9def389942fa1c54693d2dfcb8828f544) --- source4/cldap_server/netlogon.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index ce49f084f8..252ae884ea 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -33,6 +33,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, TALLOC_CTX *mem_ctx, const char *domain, + const char *domain_guid, const char *user, const char *src_address, uint32_t version, @@ -61,13 +62,15 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, } /* the domain has an optional trailing . */ - if (domain[strlen(domain)-1] == '.') { + if (domain && domain[strlen(domain)-1] == '.') { domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); } /* try and find the domain */ ret = gendb_search(samctx, samctx, NULL, &res, attrs, - "(&(dnsDomain=%s)(objectClass=domainDNS))", domain); + "(&(objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s)))", + domain?domain:"", + domain_guid?domain_guid:""); if (ret != 1) { DEBUG(2,("Unable to find domain '%s' in sam\n", domain)); return NT_STATUS_NO_SUCH_DOMAIN; @@ -210,9 +213,13 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, t->u.simple.value.length); } if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) { - domain_guid = talloc_strndup(tmp_ctx, - t->u.simple.value.data, - t->u.simple.value.length); + NTSTATUS enc_status; + struct GUID guid; + enc_status = ldap_decode_ndr_GUID(tmp_ctx, + t->u.simple.value, &guid); + if (NT_STATUS_IS_OK(enc_status)) { + domain_guid = GUID_string(tmp_ctx, &guid); + } } if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) { domain_sid = talloc_strndup(tmp_ctx, @@ -234,14 +241,19 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, } } - if (domain == NULL || host == NULL || version == -1) { + if (domain_guid == NULL && domain == NULL) { + domain = lp_realm(); + } + + if (version == -1) { goto failed; } - DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d\n", - domain, host, user, version)); + DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", + domain, host, user, version, domain_guid)); - status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, user, src_address, + status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, domain_guid, + user, src_address, version, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; -- cgit From 13a3fdf933c3ebdc0fd5bc0f3460d201a7c6b229 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 18 May 2005 04:18:19 +0000 Subject: r6876: - fixed a memory leak in the cldap server - keep the samdb open between requests (This used to be commit ee75a8353b0dab579abf0e675395d796f1c39746) --- source4/cldap_server/netlogon.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 252ae884ea..191b2b10b4 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -30,7 +30,7 @@ /* fill in the cldap netlogon union for a given version */ -static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, +static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, TALLOC_CTX *mem_ctx, const char *domain, const char *domain_guid, @@ -39,7 +39,6 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, uint32_t version, union nbt_cldap_netlogon *netlogon) { - struct ldb_context *samctx; const char *attrs[] = {"realm", "dnsDomain", "objectGUID", "name", NULL}; struct ldb_message **res; int ret; @@ -55,10 +54,12 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, const char *site_name2; const char *pdc_ip; - samctx = samdb_connect(mem_ctx); - if (samctx == NULL) { - DEBUG(2,("Unable to open sam in cldap netlogon reply\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; + if (cldapd->samctx == NULL) { + cldapd->samctx = samdb_connect(mem_ctx); + if (cldapd->samctx == NULL) { + DEBUG(2,("Unable to open sam in cldap netlogon reply\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } } /* the domain has an optional trailing . */ @@ -67,7 +68,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap, } /* try and find the domain */ - ret = gendb_search(samctx, samctx, NULL, &res, attrs, + ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &res, attrs, "(&(objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s)))", domain?domain:"", domain_guid?domain_guid:""); @@ -177,6 +178,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, const char *filter, const char *src_address, int src_port) { + struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private, struct cldapd_server); struct ldap_parse_tree *tree; int i; const char *domain = NULL; @@ -191,7 +193,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, TALLOC_CTX *tmp_ctx = talloc_new(cldap); - DEBUG(0,("cldap filter='%s'\n", filter)); + DEBUG(5,("cldap filter='%s'\n", filter)); tree = ldap_parse_filter_string(tmp_ctx, filter); if (tree == NULL) goto failed; @@ -249,10 +251,10 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, goto failed; } - DEBUG(0,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", + DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", domain, host, user, version, domain_guid)); - status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, domain_guid, + status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid, user, src_address, version, &netlogon); if (!NT_STATUS_IS_OK(status)) { -- cgit From 45511bd09b62266904c547398037fd41fbb8871e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 19 May 2005 13:35:50 +0000 Subject: r6904: use "krb5:kdc=yes" in your smb.conf when you have the lorikeet-heimdal kdc running metze (This used to be commit fa652919bd6ab58ff15cab239cf88d2359b03d55) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 191b2b10b4..3ccad45d9f 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -83,7 +83,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; - if (lp_parm_bool(-1, "gensec", "krb5", True)) { + if (lp_parm_bool(-1, "krb5", "kdc", True)) { server_type |= NBT_SERVER_KDC; } if (str_list_check(services, "ldap")) { -- cgit From fdc2be2cd6b48bfe5f9dbd3306714119f95bcaf2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Jun 2005 23:06:24 +0000 Subject: r7378: Lowercase netbios name when forming the DNS name of the DC in the NETLOGON reply. Use the kdc server service to determine if we are a kdc (no more krb5:kdc=yes). Andrew Bartlett (This used to be commit fe9cdb063ca183674d0093b43017cc054d7c3f63) --- source4/cldap_server/netlogon.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 3ccad45d9f..9e7ddc6989 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -83,19 +83,21 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; - if (lp_parm_bool(-1, "krb5", "kdc", True)) { - server_type |= NBT_SERVER_KDC; - } if (str_list_check(services, "ldap")) { server_type |= NBT_SERVER_LDAP; } + if (str_list_check(services, "kdc")) { + server_type |= NBT_SERVER_KDC; + } + pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); domain_uuid = samdb_result_guid(res[0], "objectGUID"); realm = samdb_result_string(res[0], "realm", lp_realm()); dns_domain = samdb_result_string(res[0], "dnsDomain", lp_realm()); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", - lp_netbios_name(), dns_domain); + strlower_talloc(mem_ctx, lp_netbios_name()), + dns_domain); flatname = samdb_result_string(res[0], "name", lp_workgroup()); site_name = "Default-First-Site-Name"; site_name2 = ""; -- cgit From 816f4f7c4afa1022075fb36563fadf4820f37afd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Jun 2005 06:06:29 +0000 Subject: r7519: rip the copy of the ldap expression parser out of libcli/ldap/ and use the original one in lib/ldb/ instead. Having two copies of this code is silly. (This used to be commit 0e9f18c44858b692c724c004f362de9e3dc15db5) --- source4/cldap_server/netlogon.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 9e7ddc6989..f4f1c226af 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -181,7 +181,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, const char *src_address, int src_port) { struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private, struct cldapd_server); - struct ldap_parse_tree *tree; + struct ldb_parse_tree *tree; int i; const char *domain = NULL; const char *host = NULL; @@ -197,15 +197,15 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, DEBUG(5,("cldap filter='%s'\n", filter)); - tree = ldap_parse_filter_string(tmp_ctx, filter); + tree = ldb_parse_tree(tmp_ctx, filter); if (tree == NULL) goto failed; - if (tree->operation != LDAP_OP_AND) goto failed; + if (tree->operation != LDB_OP_AND) goto failed; /* extract the query elements */ for (i=0;iu.list.num_elements;i++) { - struct ldap_parse_tree *t = tree->u.list.elements[i]; - if (t->operation != LDAP_OP_SIMPLE) goto failed; + struct ldb_parse_tree *t = tree->u.list.elements[i]; + if (t->operation != LDB_OP_SIMPLE) goto failed; if (strcasecmp(t->u.simple.attr, "DnsDomain") == 0) { domain = talloc_strndup(tmp_ctx, t->u.simple.value.data, -- cgit From 4b0e5bd75373ffa2d847706a71fd0349dfa15e71 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Jun 2005 09:10:17 +0000 Subject: r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897) --- source4/cldap_server/netlogon.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index f4f1c226af..4ccec27d01 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -177,11 +177,10 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, */ void cldapd_netlogon_request(struct cldap_socket *cldap, uint32_t message_id, - const char *filter, + struct ldb_parse_tree *tree, const char *src_address, int src_port) { struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private, struct cldapd_server); - struct ldb_parse_tree *tree; int i; const char *domain = NULL; const char *host = NULL; @@ -195,11 +194,6 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, TALLOC_CTX *tmp_ctx = talloc_new(cldap); - DEBUG(5,("cldap filter='%s'\n", filter)); - - tree = ldb_parse_tree(tmp_ctx, filter); - if (tree == NULL) goto failed; - if (tree->operation != LDB_OP_AND) goto failed; /* extract the query elements */ -- cgit From d52ce8ff0c0546b681f3787728f739c1bb6a71e2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 18 Jun 2005 20:32:21 +0000 Subject: r7731: change debug level to not spam the build-farm smbd log metze (This used to be commit 3a1ed83fd0714fa46055c8fe5b039986909f9a45) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 4ccec27d01..f97e6d20a6 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -267,7 +267,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, return; failed: - DEBUG(0,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n", + DEBUG(2,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n", domain, host, version, nt_errstr(status))); talloc_free(tmp_ctx); cldap_empty_reply(cldap, message_id, src_address, src_port); -- cgit From 9654f24751aef913870f710dc1e65edae6adee54 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 7 Jul 2005 19:40:25 +0000 Subject: r8211: fix some cldap replies metze (This used to be commit 8ca5729ec80a9064d592503ae101d22e07c2da0a) --- source4/cldap_server/netlogon.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index f97e6d20a6..f2530c46be 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -93,14 +93,14 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); domain_uuid = samdb_result_guid(res[0], "objectGUID"); - realm = samdb_result_string(res[0], "realm", lp_realm()); + realm = samdb_result_string(res[0], "dnsDomain", lp_realm()); dns_domain = samdb_result_string(res[0], "dnsDomain", lp_realm()); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lp_netbios_name()), dns_domain); flatname = samdb_result_string(res[0], "name", lp_workgroup()); site_name = "Default-First-Site-Name"; - site_name2 = ""; + site_name2 = "Default-First-Site-Name"; pdc_ip = iface_best_ip(src_address); ZERO_STRUCTP(netlogon); @@ -140,7 +140,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon3.dns_domain = dns_domain; netlogon->logon3.pdc_dns_name = pdc_dns_name; netlogon->logon3.domain = flatname; - netlogon->logon3.pdc_name = pdc_name; + netlogon->logon3.pdc_name = lp_netbios_name(); netlogon->logon3.user_name = user; netlogon->logon3.site_name = site_name; netlogon->logon3.site_name2 = site_name2; -- cgit From 06a4e5688e05f1989a661815bd75e23d1f54e443 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 8 Jul 2005 05:10:02 +0000 Subject: r8223: fix the values of nt_version and type we reply in the server code, also name the struct like the nt_version number metze (This used to be commit 1e3af5cc1f68b7fa54b8ba77ed9836a619a69436) --- source4/cldap_server/netlogon.c | 77 ++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 40 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index f2530c46be..33f8734278 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -117,54 +117,51 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, break; case 2: case 3: - netlogon->logon2.pdc_name = pdc_name; - netlogon->logon2.user_name = user; - netlogon->logon2.domain_name = flatname; - netlogon->logon2.domain_uuid = domain_uuid; - netlogon->logon2.forest = realm; - netlogon->logon2.dns_domain = dns_domain; - netlogon->logon2.pdc_dns_name = pdc_dns_name; - netlogon->logon2.pdc_ip = pdc_ip; - netlogon->logon2.server_type = server_type; - netlogon->logon2.nt_version = 3; - netlogon->logon2.lmnt_token = 0xFFFF; - netlogon->logon2.lm20_token = 0xFFFF; - break; - case 4: - case 5: - case 6: - case 7: - netlogon->logon3.server_type = server_type; + netlogon->logon3.pdc_name = pdc_name; + netlogon->logon3.user_name = user; + netlogon->logon3.domain_name = flatname; netlogon->logon3.domain_uuid = domain_uuid; netlogon->logon3.forest = realm; netlogon->logon3.dns_domain = dns_domain; netlogon->logon3.pdc_dns_name = pdc_dns_name; - netlogon->logon3.domain = flatname; - netlogon->logon3.pdc_name = lp_netbios_name(); - netlogon->logon3.user_name = user; - netlogon->logon3.site_name = site_name; - netlogon->logon3.site_name2 = site_name2; - netlogon->logon3.nt_version = 3; + netlogon->logon3.pdc_ip = pdc_ip; + netlogon->logon3.server_type = server_type; netlogon->logon3.lmnt_token = 0xFFFF; netlogon->logon3.lm20_token = 0xFFFF; break; + case 4: + case 5: + case 6: + case 7: + netlogon->logon5.server_type = server_type; + netlogon->logon5.domain_uuid = domain_uuid; + netlogon->logon5.forest = realm; + netlogon->logon5.dns_domain = dns_domain; + netlogon->logon5.pdc_dns_name = pdc_dns_name; + netlogon->logon5.domain = flatname; + netlogon->logon5.pdc_name = lp_netbios_name(); + netlogon->logon5.user_name = user; + netlogon->logon5.site_name = site_name; + netlogon->logon5.site_name2 = site_name2; + netlogon->logon5.lmnt_token = 0xFFFF; + netlogon->logon5.lm20_token = 0xFFFF; + break; default: - netlogon->logon4.server_type = server_type; - netlogon->logon4.domain_uuid = domain_uuid; - netlogon->logon4.forest = realm; - netlogon->logon4.dns_domain = dns_domain; - netlogon->logon4.pdc_dns_name = pdc_dns_name; - netlogon->logon4.domain = flatname; - netlogon->logon4.pdc_name = lp_netbios_name(); - netlogon->logon4.user_name = user; - netlogon->logon4.site_name = site_name; - netlogon->logon4.site_name2 = site_name2; - netlogon->logon4.unknown = 10; - netlogon->logon4.unknown2 = 2; - netlogon->logon4.pdc_ip = pdc_ip; - netlogon->logon4.nt_version = 5; - netlogon->logon4.lmnt_token = 0xFFFF; - netlogon->logon4.lm20_token = 0xFFFF; + netlogon->logon13.server_type = server_type; + netlogon->logon13.domain_uuid = domain_uuid; + netlogon->logon13.forest = realm; + netlogon->logon13.dns_domain = dns_domain; + netlogon->logon13.pdc_dns_name = pdc_dns_name; + netlogon->logon13.domain = flatname; + netlogon->logon13.pdc_name = lp_netbios_name(); + netlogon->logon13.user_name = user; + netlogon->logon13.site_name = site_name; + netlogon->logon13.site_name2 = site_name2; + netlogon->logon13.unknown = 10; + netlogon->logon13.unknown2 = 2; + netlogon->logon13.pdc_ip = pdc_ip; + netlogon->logon13.lmnt_token = 0xFFFF; + netlogon->logon13.lm20_token = 0xFFFF; break; } -- cgit From e87f589f00a24b312f9e987ebcb5d998360800b8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 12 Jul 2005 09:40:34 +0000 Subject: r8368: the type filed depends on the user being present or not call ndr_print for each call metze (This used to be commit 0a07e4ef8d869d35ceb0761495e367077f2361ba) --- source4/cldap_server/netlogon.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 33f8734278..8dd7d549b4 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -108,6 +108,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, switch (version & 0xF) { case 0: case 1: + netlogon->logon1.type = (user?19+2:19); netlogon->logon1.pdc_name = pdc_name; netlogon->logon1.user_name = user; netlogon->logon1.domain_name = flatname; @@ -117,6 +118,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, break; case 2: case 3: + netlogon->logon3.type = (user?19+2:19); netlogon->logon3.pdc_name = pdc_name; netlogon->logon3.user_name = user; netlogon->logon3.domain_name = flatname; @@ -133,6 +135,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, case 5: case 6: case 7: + netlogon->logon5.type = (user?23+2:23); netlogon->logon5.server_type = server_type; netlogon->logon5.domain_uuid = domain_uuid; netlogon->logon5.forest = realm; @@ -147,6 +150,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon5.lm20_token = 0xFFFF; break; default: + netlogon->logon13.type = (user?23+2:23); netlogon->logon13.server_type = server_type; netlogon->logon13.domain_uuid = domain_uuid; netlogon->logon13.forest = realm; @@ -181,7 +185,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, int i; const char *domain = NULL; const char *host = NULL; - const char *user = ""; + const char *user = NULL; const char *domain_guid = NULL; const char *domain_sid = NULL; int acct_control = -1; -- cgit From bfb11862698743ee36bc6050269378321e6e577c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 19 Jul 2005 09:09:00 +0000 Subject: r8585: add to ldb and ldap comparison functionality better pares filters Approx is currently only a stub need to dig more info to understand what it really means and how it works exactly (This used to be commit a9e8cd0bad27ed2b3c6a12302e787ba3c9a70a3c) --- source4/cldap_server/netlogon.c | 42 ++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 8dd7d549b4..3f6c8d4972 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -200,43 +200,43 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, /* extract the query elements */ for (i=0;iu.list.num_elements;i++) { struct ldb_parse_tree *t = tree->u.list.elements[i]; - if (t->operation != LDB_OP_SIMPLE) goto failed; - if (strcasecmp(t->u.simple.attr, "DnsDomain") == 0) { + if (t->operation != LDB_OP_EQUALITY) goto failed; + if (strcasecmp(t->u.equality.attr, "DnsDomain") == 0) { domain = talloc_strndup(tmp_ctx, - t->u.simple.value.data, - t->u.simple.value.length); + t->u.equality.value.data, + t->u.equality.value.length); } - if (strcasecmp(t->u.simple.attr, "Host") == 0) { + if (strcasecmp(t->u.equality.attr, "Host") == 0) { host = talloc_strndup(tmp_ctx, - t->u.simple.value.data, - t->u.simple.value.length); + t->u.equality.value.data, + t->u.equality.value.length); } - if (strcasecmp(t->u.simple.attr, "DomainGuid") == 0) { + if (strcasecmp(t->u.equality.attr, "DomainGuid") == 0) { NTSTATUS enc_status; struct GUID guid; enc_status = ldap_decode_ndr_GUID(tmp_ctx, - t->u.simple.value, &guid); + t->u.equality.value, &guid); if (NT_STATUS_IS_OK(enc_status)) { domain_guid = GUID_string(tmp_ctx, &guid); } } - if (strcasecmp(t->u.simple.attr, "DomainSid") == 0) { + if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) { domain_sid = talloc_strndup(tmp_ctx, - t->u.simple.value.data, - t->u.simple.value.length); + t->u.equality.value.data, + t->u.equality.value.length); } - if (strcasecmp(t->u.simple.attr, "User") == 0) { + if (strcasecmp(t->u.equality.attr, "User") == 0) { user = talloc_strndup(tmp_ctx, - t->u.simple.value.data, - t->u.simple.value.length); + t->u.equality.value.data, + t->u.equality.value.length); } - if (strcasecmp(t->u.simple.attr, "NtVer") == 0 && - t->u.simple.value.length == 4) { - version = IVAL(t->u.simple.value.data, 0); + if (strcasecmp(t->u.equality.attr, "NtVer") == 0 && + t->u.equality.value.length == 4) { + version = IVAL(t->u.equality.value.data, 0); } - if (strcasecmp(t->u.simple.attr, "AAC") == 0 && - t->u.simple.value.length == 4) { - acct_control = IVAL(t->u.simple.value.data, 0); + if (strcasecmp(t->u.equality.attr, "AAC") == 0 && + t->u.equality.value.length == 4) { + acct_control = IVAL(t->u.equality.value.data, 0); } } -- cgit From 338c3f8523d5db2cba1b79f94ff0cecabcd9e9cd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 20 Jul 2005 00:59:38 +0000 Subject: r8625: move the ldb_wrap logic into the ldb code. This logic is meant to avoid the horrors of posix locking, but it was preventing us having an ldb open twice with different options. Now each ldb open of the same file shares the same underlying tdb, but uses a different ldb structure (This used to be commit 4e090c66dfa1d2764e4693578d3845be3b8893f6) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 3f6c8d4972..3e99fe80b8 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -55,7 +55,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *pdc_ip; if (cldapd->samctx == NULL) { - cldapd->samctx = samdb_connect(mem_ctx); + cldapd->samctx = samdb_connect(cldapd); if (cldapd->samctx == NULL) { DEBUG(2,("Unable to open sam in cldap netlogon reply\n")); return NT_STATUS_INTERNAL_DB_CORRUPTION; -- cgit From e7d87f8538a78f6d4aa22799af18dfbbbc999715 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Aug 2005 18:30:21 +0000 Subject: r9011: Remove more references to "name" as a netbios name, using the cross-reference instead. Andrew Bartlett (This used to be commit 0f7b1136f6e0779f28f2132a8606dd64be20c42e) --- source4/cldap_server/netlogon.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 3e99fe80b8..a39ad64a8e 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -39,8 +39,9 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, uint32_t version, union nbt_cldap_netlogon *netlogon) { - const char *attrs[] = {"realm", "dnsDomain", "objectGUID", "name", NULL}; - struct ldb_message **res; + const char *ref_attrs[] = {"nETBIOSName", NULL}; + const char *dom_attrs[] = {"dnsDomain", "objectGUID", NULL}; + struct ldb_message **ref_res, **dom_res; int ret; const char **services = lp_server_services(); uint32_t server_type; @@ -68,7 +69,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } /* try and find the domain */ - ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &res, attrs, + ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &dom_res, dom_attrs, "(&(objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s)))", domain?domain:"", domain_guid?domain_guid:""); @@ -77,6 +78,15 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, return NT_STATUS_NO_SUCH_DOMAIN; } + /* try and find the domain */ + ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &ref_res, ref_attrs, + "(&(objectClass=crossRef)(ncName=%s))", + dom_res[0]->dn); + if (ret != 1) { + DEBUG(2,("Unable to find referece to '%s' in sam\n", dom_res[0]->dn)); + return NT_STATUS_NO_SUCH_DOMAIN; + } + server_type = NBT_SERVER_PDC | NBT_SERVER_GC | NBT_SERVER_DS | NBT_SERVER_TIMESERV | @@ -92,13 +102,14 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); - domain_uuid = samdb_result_guid(res[0], "objectGUID"); - realm = samdb_result_string(res[0], "dnsDomain", lp_realm()); - dns_domain = samdb_result_string(res[0], "dnsDomain", lp_realm()); + domain_uuid = samdb_result_guid(dom_res[0], "objectGUID"); + realm = samdb_result_string(dom_res[0], "dnsDomain", lp_realm()); + dns_domain = samdb_result_string(dom_res[0], "dnsDomain", lp_realm()); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lp_netbios_name()), dns_domain); - flatname = samdb_result_string(res[0], "name", lp_workgroup()); + + flatname = samdb_result_string(ref_res[0], "nETBIOSName", lp_workgroup()); site_name = "Default-First-Site-Name"; site_name2 = "Default-First-Site-Name"; pdc_ip = iface_best_ip(src_address); -- cgit From 3e4c4cff2177af33efdb15f03a1bbcb639505cee Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 18 Aug 2005 15:02:01 +0000 Subject: r9391: Convert all the code to use struct ldb_dn to ohandle ldap like distinguished names Provide more functions to handle DNs in this form (This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba) --- source4/cldap_server/netlogon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index a39ad64a8e..bfecc3576f 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -81,9 +81,10 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, /* try and find the domain */ ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - dom_res[0]->dn); + ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); if (ret != 1) { - DEBUG(2,("Unable to find referece to '%s' in sam\n", dom_res[0]->dn)); + DEBUG(2,("Unable to find referece to '%s' in sam\n", + ldb_dn_linearize(mem_ctx, dom_res[0]->dn))); return NT_STATUS_NO_SUCH_DOMAIN; } -- cgit From 1377cca5f4beb43cf67fcc65eed79f14178d6349 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Oct 2005 11:31:45 +0000 Subject: r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index bfecc3576f..95d0250268 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -56,7 +56,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *pdc_ip; if (cldapd->samctx == NULL) { - cldapd->samctx = samdb_connect(cldapd); + cldapd->samctx = samdb_connect(cldapd, anonymous_session(cldapd)); if (cldapd->samctx == NULL) { DEBUG(2,("Unable to open sam in cldap netlogon reply\n")); return NT_STATUS_INTERNAL_DB_CORRUPTION; -- cgit From 2cd5ca7d25f12aa9198bf8c2deb6aea282f573ee Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 28 Dec 2005 15:38:36 +0000 Subject: r12542: Move some more prototypes out to seperate headers (This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2) --- source4/cldap_server/netlogon.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 95d0250268..e58907d69f 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -26,6 +26,8 @@ #include "lib/socket/socket.h" #include "smbd/service_task.h" #include "cldap_server/cldap_server.h" +#include "dsdb/samdb/samdb.h" +#include "auth/auth.h" /* fill in the cldap netlogon union for a given version -- cgit From f55ea8bb3dca868e21663cd90eaea7a35cd7886c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 9 Jan 2006 22:12:53 +0000 Subject: r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2) --- source4/cldap_server/netlogon.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index e58907d69f..476b9dfed5 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -193,7 +193,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, void cldapd_netlogon_request(struct cldap_socket *cldap, uint32_t message_id, struct ldb_parse_tree *tree, - const char *src_address, int src_port) + struct socket_address *src) { struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private, struct cldapd_server); int i; @@ -266,13 +266,13 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, domain, host, user, version, domain_guid)); status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid, - user, src_address, + user, src->addr, version, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } - status = cldap_netlogon_reply(cldap, message_id, src_address, src_port, version, + status = cldap_netlogon_reply(cldap, message_id, src, version, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; @@ -285,5 +285,5 @@ failed: DEBUG(2,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n", domain, host, version, nt_errstr(status))); talloc_free(tmp_ctx); - cldap_empty_reply(cldap, message_id, src_address, src_port); + cldap_empty_reply(cldap, message_id, src); } -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/cldap_server/netlogon.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 476b9dfed5..45a6930451 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -28,6 +28,9 @@ #include "cldap_server/cldap_server.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" +#include "db_wrap.h" +#include "system/network.h" +#include "netif/netif.h" /* fill in the cldap netlogon union for a given version -- cgit From ed1fbaee10e6acfde5525715bd4776f0464d7f24 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 15 Mar 2006 10:28:35 +0000 Subject: r14439: fix warnings metze (This used to be commit 3b712b70f05f2c41ce3cdfc295488a189a971bce) --- source4/cldap_server/netlogon.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 45a6930451..d2a9390a60 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -220,12 +220,12 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, if (t->operation != LDB_OP_EQUALITY) goto failed; if (strcasecmp(t->u.equality.attr, "DnsDomain") == 0) { domain = talloc_strndup(tmp_ctx, - t->u.equality.value.data, + (const char *)t->u.equality.value.data, t->u.equality.value.length); } if (strcasecmp(t->u.equality.attr, "Host") == 0) { host = talloc_strndup(tmp_ctx, - t->u.equality.value.data, + (const char *)t->u.equality.value.data, t->u.equality.value.length); } if (strcasecmp(t->u.equality.attr, "DomainGuid") == 0) { @@ -239,12 +239,12 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, } if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) { domain_sid = talloc_strndup(tmp_ctx, - t->u.equality.value.data, + (const char *)t->u.equality.value.data, t->u.equality.value.length); } if (strcasecmp(t->u.equality.attr, "User") == 0) { user = talloc_strndup(tmp_ctx, - t->u.equality.value.data, + (const char *)t->u.equality.value.data, t->u.equality.value.length); } if (strcasecmp(t->u.equality.attr, "NtVer") == 0 && -- cgit From 35349a58df5b69446607fbd742a05f57f3515319 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 18 Mar 2006 15:42:57 +0000 Subject: r14542: Remove librpc, libndr and libnbt from includes.h (This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f) --- source4/cldap_server/netlogon.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index d2a9390a60..e29cdfe505 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -26,6 +26,7 @@ #include "lib/socket/socket.h" #include "smbd/service_task.h" #include "cldap_server/cldap_server.h" +#include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "db_wrap.h" -- cgit From b7bcaec77562ee8967db01d42b84d734359467ff Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Jun 2006 23:32:19 +0000 Subject: r16232: Avoid searching on domainDns, as it is not an AD attribute in the official schema. Add baseDNs, so we search the correct partition. Andrew Bartlett (This used to be commit f47b7720a3a69f60e60b3671b621f49b0c444eec) --- source4/cldap_server/netlogon.c | 67 ++++++++++++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 17 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index e29cdfe505..903764abf1 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -22,6 +22,8 @@ #include "includes.h" #include "libcli/ldap/ldap.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" #include "lib/events/events.h" #include "lib/socket/socket.h" #include "smbd/service_task.h" @@ -45,10 +47,10 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, uint32_t version, union nbt_cldap_netlogon *netlogon) { - const char *ref_attrs[] = {"nETBIOSName", NULL}; + const char *ref_attrs[] = {"nETBIOSName", "ncName", NULL}; const char *dom_attrs[] = {"dnsDomain", "objectGUID", NULL}; struct ldb_message **ref_res, **dom_res; - int ret; + int ret, count = 0; const char **services = lp_server_services(); uint32_t server_type; const char *pdc_name; @@ -60,6 +62,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *site_name; const char *site_name2; const char *pdc_ip; + const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); if (cldapd->samctx == NULL) { cldapd->samctx = samdb_connect(cldapd, anonymous_session(cldapd)); @@ -74,23 +77,53 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); } - /* try and find the domain */ - ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &dom_res, dom_attrs, - "(&(objectClass=domainDNS)(|(dnsDomain=%s)(objectGUID=%s)))", - domain?domain:"", - domain_guid?domain_guid:""); - if (ret != 1) { - DEBUG(2,("Unable to find domain '%s' in sam\n", domain)); - return NT_STATUS_NO_SUCH_DOMAIN; + if (domain) { + struct ldb_result *dom_ldb_result; + struct ldb_dn *dom_dn; + /* try and find the domain */ + count = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, + "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", + domain); + if (count == 1) { + dom_dn = samdb_result_dn(mem_ctx, ref_res[0], "ncName", NULL); + if (!dom_dn) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + ret = ldb_search(cldapd->samctx, dom_dn, + LDB_SCOPE_BASE, "objectClass=domain", + dom_attrs, &dom_ldb_result); + if (ret != LDB_SUCCESS) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(cldapd->samctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + if (dom_ldb_result->count != 1) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_linearize(mem_ctx, dom_dn))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + dom_res = dom_ldb_result->msgs; + } + } + + if (count == 0 && domain_guid) { + /* OK, so no dice with the name, try and find the domain with the GUID */ + count = gendb_search(cldapd->samctx, mem_ctx, samdb_base_dn(mem_ctx), &dom_res, dom_attrs, + "(&(objectClass=domainDNS)(objectGUID=%s))", + domain_guid); + if (count == 1) { + /* try and find the domain */ + ret = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, + "(&(objectClass=crossRef)(ncName=%s))", + ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); + if (ret != 1) { + DEBUG(2,("Unable to find referece to '%s' in sam\n", + ldb_dn_linearize(mem_ctx, dom_res[0]->dn))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } } - /* try and find the domain */ - ret = gendb_search(cldapd->samctx, mem_ctx, NULL, &ref_res, ref_attrs, - "(&(objectClass=crossRef)(ncName=%s))", - ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); - if (ret != 1) { - DEBUG(2,("Unable to find referece to '%s' in sam\n", - ldb_dn_linearize(mem_ctx, dom_res[0]->dn))); + if (count == 0) { + DEBUG(2,("Unable to find domain with name %s or GUID {%s}\n", domain, domain_guid)); return NT_STATUS_NO_SUCH_DOMAIN; } -- cgit From a2eca9174c7803732658a1e6f7e8ed873c4fb6fd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Aug 2006 13:37:04 +0000 Subject: r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on the configure check for the interfaces. should fix the build on some old sun boxes metze (This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 903764abf1..4e7274f483 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -33,7 +33,7 @@ #include "auth/auth.h" #include "db_wrap.h" #include "system/network.h" -#include "netif/netif.h" +#include "lib/socket/netif.h" /* fill in the cldap netlogon union for a given version -- cgit From c15bab356d5b4f37de5678733afb28b27299f95d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 18 Aug 2006 22:20:13 +0000 Subject: r17609: Kill one more use of the fake dnsDomain attribute. Add a talloc_steal to avoid a memory leak of the ldb_search result. Andrew Bartlett (This used to be commit 69525129f9d199b1d4caeb5d52c918fc0bc95737) --- source4/cldap_server/netlogon.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 4e7274f483..fb8040e4bc 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -47,8 +47,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, uint32_t version, union nbt_cldap_netlogon *netlogon) { - const char *ref_attrs[] = {"nETBIOSName", "ncName", NULL}; - const char *dom_attrs[] = {"dnsDomain", "objectGUID", NULL}; + const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; + const char *dom_attrs[] = {"objectGUID", NULL}; struct ldb_message **ref_res, **dom_res; int ret, count = 0; const char **services = lp_server_services(); @@ -96,6 +96,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(cldapd->samctx))); return NT_STATUS_NO_SUCH_DOMAIN; } + talloc_steal(mem_ctx, dom_ldb_result); if (dom_ldb_result->count != 1) { DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_linearize(mem_ctx, dom_dn))); return NT_STATUS_NO_SUCH_DOMAIN; @@ -143,8 +144,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); domain_uuid = samdb_result_guid(dom_res[0], "objectGUID"); - realm = samdb_result_string(dom_res[0], "dnsDomain", lp_realm()); - dns_domain = samdb_result_string(dom_res[0], "dnsDomain", lp_realm()); + realm = samdb_result_string(ref_res[0], "dnsRoot", lp_realm()); + dns_domain = samdb_result_string(ref_res[0], "dnsRoot", lp_realm()); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lp_netbios_name()), dns_domain); -- cgit From 0fd98079425cff37c45be824ffa2695458ff12f3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 25 Aug 2006 07:08:06 +0000 Subject: r17823: get rid of most of the samdb_base_dn() calls, as they are no longer needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index fb8040e4bc..16d2362d06 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -107,7 +107,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, if (count == 0 && domain_guid) { /* OK, so no dice with the name, try and find the domain with the GUID */ - count = gendb_search(cldapd->samctx, mem_ctx, samdb_base_dn(mem_ctx), &dom_res, dom_attrs, + count = gendb_search(cldapd->samctx, mem_ctx, NULL, &dom_res, dom_attrs, "(&(objectClass=domainDNS)(objectGUID=%s))", domain_guid); if (count == 1) { -- cgit From b21b119cbcff175453173d7061e3be3888dc8ec3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 25 Aug 2006 07:32:18 +0000 Subject: r17824: add a wrapper for the common partitions_basedn calculation (This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc) --- source4/cldap_server/netlogon.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 16d2362d06..74e7b3c7e5 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -62,7 +62,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *site_name; const char *site_name2; const char *pdc_ip; - const struct ldb_dn *partitions_basedn = ldb_dn_string_compose(mem_ctx, samdb_base_dn(mem_ctx), "CN=Partitions,CN=Configuration"); + const struct ldb_dn *partitions_basedn; if (cldapd->samctx == NULL) { cldapd->samctx = samdb_connect(cldapd, anonymous_session(cldapd)); @@ -72,6 +72,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } } + partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); + /* the domain has an optional trailing . */ if (domain && domain[strlen(domain)-1] == '.') { domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1); -- cgit From 65a50f46c829240bc1c9c6d663d8e1f7a8320012 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 13 Nov 2006 19:12:47 +0000 Subject: r19699: - use better names for the site strings - use the client_site when creating the server object metze (This used to be commit b02d0e1be343c7d609715237dc842702b6fbe231) --- source4/cldap_server/netlogon.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 74e7b3c7e5..f5090df837 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -59,8 +59,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *dns_domain; const char *pdc_dns_name; const char *flatname; - const char *site_name; - const char *site_name2; + const char *server_site; + const char *client_site; const char *pdc_ip; const struct ldb_dn *partitions_basedn; @@ -153,8 +153,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, dns_domain); flatname = samdb_result_string(ref_res[0], "nETBIOSName", lp_workgroup()); - site_name = "Default-First-Site-Name"; - site_name2 = "Default-First-Site-Name"; + server_site = "Default-First-Site-Name"; + client_site = "Default-First-Site-Name"; pdc_ip = iface_best_ip(src_address); ZERO_STRUCTP(netlogon); @@ -198,8 +198,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon5.domain = flatname; netlogon->logon5.pdc_name = lp_netbios_name(); netlogon->logon5.user_name = user; - netlogon->logon5.site_name = site_name; - netlogon->logon5.site_name2 = site_name2; + netlogon->logon5.server_site = server_site; + netlogon->logon5.client_site = client_site; netlogon->logon5.lmnt_token = 0xFFFF; netlogon->logon5.lm20_token = 0xFFFF; break; @@ -213,8 +213,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon13.domain = flatname; netlogon->logon13.pdc_name = lp_netbios_name(); netlogon->logon13.user_name = user; - netlogon->logon13.site_name = site_name; - netlogon->logon13.site_name2 = site_name2; + netlogon->logon13.server_site = server_site; + netlogon->logon13.client_site = client_site; netlogon->logon13.unknown = 10; netlogon->logon13.unknown2 = 2; netlogon->logon13.pdc_ip = pdc_ip; -- cgit From b471ed1a0cec6f978f5aa183e925766faca13f59 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Nov 2006 10:47:15 +0000 Subject: r19736: handle rootdse call via CLDAP metze (This used to be commit 39dc94b219355ba774b309e26f1d93070d9d080b) --- source4/cldap_server/netlogon.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index f5090df837..fd00c43cda 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -64,14 +64,6 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *pdc_ip; const struct ldb_dn *partitions_basedn; - if (cldapd->samctx == NULL) { - cldapd->samctx = samdb_connect(cldapd, anonymous_session(cldapd)); - if (cldapd->samctx == NULL) { - DEBUG(2,("Unable to open sam in cldap netlogon reply\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - } - partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); /* the domain has an optional trailing . */ -- cgit From 4889eb9f7aae9349e426d0f6d2217adff67eaebd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 00:59:34 +0000 Subject: r19831: Big ldb_dn optimization and interfaces enhancement patch This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63) --- source4/cldap_server/netlogon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index fd00c43cda..6de505659f 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -62,7 +62,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *server_site; const char *client_site; const char *pdc_ip; - const struct ldb_dn *partitions_basedn; + struct ldb_dn *partitions_basedn; partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); @@ -79,7 +79,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", domain); if (count == 1) { - dom_dn = samdb_result_dn(mem_ctx, ref_res[0], "ncName", NULL); + dom_dn = samdb_result_dn(cldapd->samctx, mem_ctx, ref_res[0], "ncName", NULL); if (!dom_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } -- cgit From a9e31b33b55a873c2f01db5e348560176adf863d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Nov 2006 02:05:19 +0000 Subject: r19832: better prototypes for the linearization functions: - ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd) --- source4/cldap_server/netlogon.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 6de505659f..2ee1391ebd 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -87,12 +87,12 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, LDB_SCOPE_BASE, "objectClass=domain", dom_attrs, &dom_ldb_result); if (ret != LDB_SUCCESS) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_linearize(mem_ctx, dom_dn), ldb_errstring(cldapd->samctx))); + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx))); return NT_STATUS_NO_SUCH_DOMAIN; } talloc_steal(mem_ctx, dom_ldb_result); if (dom_ldb_result->count != 1) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_linearize(mem_ctx, dom_dn))); + DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } dom_res = dom_ldb_result->msgs; @@ -108,10 +108,10 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, /* try and find the domain */ ret = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", - ldb_dn_linearize(mem_ctx, dom_res[0]->dn)); + ldb_dn_get_linearized(dom_res[0]->dn)); if (ret != 1) { DEBUG(2,("Unable to find referece to '%s' in sam\n", - ldb_dn_linearize(mem_ctx, dom_res[0]->dn))); + ldb_dn_get_linearized(dom_res[0]->dn))); return NT_STATUS_NO_SUCH_DOMAIN; } } -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/cldap_server/netlogon.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 2ee1391ebd..1dec279905 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From ffeee68e4b72dd94fee57366bd8d38b8c284c3d4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 12:42:09 +0000 Subject: r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31) --- source4/cldap_server/netlogon.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 1dec279905..5eef4de4cd 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -33,6 +33,7 @@ #include "db_wrap.h" #include "system/network.h" #include "lib/socket/netif.h" +#include "param/param.h" /* fill in the cldap netlogon union for a given version -- cgit From 37d53832a4623653f706e77985a79d84bd7c6694 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 28 Sep 2007 01:17:46 +0000 Subject: r25398: Parse loadparm context to all lp_*() functions. (This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238) --- source4/cldap_server/netlogon.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 5eef4de4cd..6b398a4144 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -51,7 +51,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *dom_attrs[] = {"objectGUID", NULL}; struct ldb_message **ref_res, **dom_res; int ret, count = 0; - const char **services = lp_server_services(); + const char **services = lp_server_services(global_loadparm); uint32_t server_type; const char *pdc_name; struct GUID domain_uuid; @@ -136,15 +136,17 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, server_type |= NBT_SERVER_KDC; } - pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); + pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(global_loadparm)); domain_uuid = samdb_result_guid(dom_res[0], "objectGUID"); - realm = samdb_result_string(ref_res[0], "dnsRoot", lp_realm()); - dns_domain = samdb_result_string(ref_res[0], "dnsRoot", lp_realm()); + realm = samdb_result_string(ref_res[0], "dnsRoot", lp_realm(global_loadparm)); + dns_domain = samdb_result_string(ref_res[0], "dnsRoot", lp_realm(global_loadparm)); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", - strlower_talloc(mem_ctx, lp_netbios_name()), + strlower_talloc(mem_ctx, + lp_netbios_name(global_loadparm)), dns_domain); - flatname = samdb_result_string(ref_res[0], "nETBIOSName", lp_workgroup()); + flatname = samdb_result_string(ref_res[0], "nETBIOSName", + lp_workgroup(global_loadparm)); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; pdc_ip = iface_best_ip(src_address); @@ -188,7 +190,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon5.dns_domain = dns_domain; netlogon->logon5.pdc_dns_name = pdc_dns_name; netlogon->logon5.domain = flatname; - netlogon->logon5.pdc_name = lp_netbios_name(); + netlogon->logon5.pdc_name = lp_netbios_name(global_loadparm); netlogon->logon5.user_name = user; netlogon->logon5.server_site = server_site; netlogon->logon5.client_site = client_site; @@ -203,7 +205,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon13.dns_domain = dns_domain; netlogon->logon13.pdc_dns_name = pdc_dns_name; netlogon->logon13.domain = flatname; - netlogon->logon13.pdc_name = lp_netbios_name(); + netlogon->logon13.pdc_name = lp_netbios_name(global_loadparm); netlogon->logon13.user_name = user; netlogon->logon13.server_site = server_site; netlogon->logon13.client_site = client_site; @@ -287,7 +289,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, } if (domain_guid == NULL && domain == NULL) { - domain = lp_realm(); + domain = lp_realm(global_loadparm); } if (version == -1) { -- cgit From cadf696f8b9cda131f7b5a46169c2f5f3b47ab0a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 13 Nov 2007 22:30:33 +0100 Subject: r25939: Rework the CLDAP server not to use gendb_search but to call ldb_search directly. Handle the errors from ldb_search (now that we get more than just -1), including NO_SUCH_ENTRY when the base DN doesn't exist. Andrew Bartlett (This used to be commit e47df4a0fe5efd91f0355aa13c9b50c7be789767) --- source4/cldap_server/netlogon.c | 93 ++++++++++++++++++++++++++++------------- 1 file changed, 65 insertions(+), 28 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 6b398a4144..c6b1fc376b 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -49,8 +49,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; - struct ldb_message **ref_res, **dom_res; - int ret, count = 0; + struct ldb_result *ref_res = NULL, *dom_res = NULL; + int ret; const char **services = lp_server_services(global_loadparm); uint32_t server_type; const char *pdc_name; @@ -72,52 +72,89 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } if (domain) { - struct ldb_result *dom_ldb_result; struct ldb_dn *dom_dn; /* try and find the domain */ - count = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, - "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", - domain); - if (count == 1) { - dom_dn = samdb_result_dn(cldapd->samctx, mem_ctx, ref_res[0], "ncName", NULL); + + ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res, + partitions_basedn, LDB_SCOPE_ONELEVEL, + ref_attrs, + "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", + domain); + + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", + domain, + ldb_errstring(cldapd->samctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } else if (ref_res->count == 1) { + talloc_steal(mem_ctx, dom_res); + dom_dn = ldb_msg_find_attr_as_dn(cldapd->samctx, mem_ctx, ref_res->msgs[0], "ncName"); if (!dom_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } ret = ldb_search(cldapd->samctx, dom_dn, LDB_SCOPE_BASE, "objectClass=domain", - dom_attrs, &dom_ldb_result); + dom_attrs, &dom_res); if (ret != LDB_SUCCESS) { DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx))); return NT_STATUS_NO_SUCH_DOMAIN; } - talloc_steal(mem_ctx, dom_ldb_result); - if (dom_ldb_result->count != 1) { + talloc_steal(mem_ctx, dom_res); + if (dom_res->count != 1) { DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); return NT_STATUS_NO_SUCH_DOMAIN; } - dom_res = dom_ldb_result->msgs; + } else if (ref_res->count > 1) { + talloc_free(ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; } } - if (count == 0 && domain_guid) { - /* OK, so no dice with the name, try and find the domain with the GUID */ - count = gendb_search(cldapd->samctx, mem_ctx, NULL, &dom_res, dom_attrs, - "(&(objectClass=domainDNS)(objectGUID=%s))", - domain_guid); - if (count == 1) { + if ((dom_res == NULL || dom_res->count == 0) && domain_guid) { + ref_res = NULL; + + ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, + dom_attrs, + "(&(objectClass=domainDNS)(objectGUID=%s))", + domain_guid); + + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to GUID '%s' in sam: %s\n", + domain_guid, + ldb_errstring(cldapd->samctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } else if (dom_res->count == 1) { /* try and find the domain */ - ret = gendb_search(cldapd->samctx, mem_ctx, partitions_basedn, &ref_res, ref_attrs, - "(&(objectClass=crossRef)(ncName=%s))", - ldb_dn_get_linearized(dom_res[0]->dn)); - if (ret != 1) { + ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res, + partitions_basedn, LDB_SCOPE_ONELEVEL, + ref_attrs, + "(&(objectClass=crossRef)(ncName=%s))", + ldb_dn_get_linearized(dom_res->msgs[0]->dn)); + + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", + ldb_dn_get_linearized(dom_res->msgs[0]->dn), + ldb_errstring(cldapd->samctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + + } else if (ref_res->count != 1) { DEBUG(2,("Unable to find referece to '%s' in sam\n", - ldb_dn_get_linearized(dom_res[0]->dn))); + ldb_dn_get_linearized(dom_res->msgs[0]->dn))); return NT_STATUS_NO_SUCH_DOMAIN; } + } else if (dom_res->count > 1) { + talloc_free(ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; } } - if (count == 0) { + if ((ref_res == NULL || ref_res->count == 0)) { + DEBUG(2,("Unable to find domain reference with name %s or GUID {%s}\n", domain, domain_guid)); + return NT_STATUS_NO_SUCH_DOMAIN; + } + + if ((dom_res == NULL || dom_res->count == 0)) { DEBUG(2,("Unable to find domain with name %s or GUID {%s}\n", domain, domain_guid)); return NT_STATUS_NO_SUCH_DOMAIN; } @@ -137,15 +174,15 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(global_loadparm)); - domain_uuid = samdb_result_guid(dom_res[0], "objectGUID"); - realm = samdb_result_string(ref_res[0], "dnsRoot", lp_realm(global_loadparm)); - dns_domain = samdb_result_string(ref_res[0], "dnsRoot", lp_realm(global_loadparm)); + domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID"); + realm = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(global_loadparm)); + dns_domain = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(global_loadparm)); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, lp_netbios_name(global_loadparm)), dns_domain); - flatname = samdb_result_string(ref_res[0], "nETBIOSName", + flatname = samdb_result_string(ref_res->msgs[0], "nETBIOSName", lp_workgroup(global_loadparm)); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; -- cgit From ca0b72a1fdb7bd965065e833df34662afef0423e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 16 Nov 2007 20:12:00 +0100 Subject: r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies. (This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index c6b1fc376b..2031f58e7b 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -30,7 +30,7 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" -#include "db_wrap.h" +#include "ldb_wrap.h" #include "system/network.h" #include "lib/socket/netif.h" #include "param/param.h" -- cgit From 3b281c308111323600af4ed44af372d7ceb0b25b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 16:20:25 +0100 Subject: r26222: Avoid global_loadparm in a couple more places. (This used to be commit 5bd053a570ec0a783b4dcd943698263925f819f9) --- source4/cldap_server/netlogon.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 2031f58e7b..db07c8d618 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -45,13 +45,14 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *user, const char *src_address, uint32_t version, + struct loadparm_context *lp_ctx, union nbt_cldap_netlogon *netlogon) { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; struct ldb_result *ref_res = NULL, *dom_res = NULL; int ret; - const char **services = lp_server_services(global_loadparm); + const char **services = lp_server_services(lp_ctx); uint32_t server_type; const char *pdc_name; struct GUID domain_uuid; @@ -173,17 +174,17 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, server_type |= NBT_SERVER_KDC; } - pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(global_loadparm)); + pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(lp_ctx)); domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID"); - realm = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(global_loadparm)); - dns_domain = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(global_loadparm)); + realm = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx)); + dns_domain = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx)); pdc_dns_name = talloc_asprintf(mem_ctx, "%s.%s", strlower_talloc(mem_ctx, - lp_netbios_name(global_loadparm)), + lp_netbios_name(lp_ctx)), dns_domain); flatname = samdb_result_string(ref_res->msgs[0], "nETBIOSName", - lp_workgroup(global_loadparm)); + lp_workgroup(lp_ctx)); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; pdc_ip = iface_best_ip(src_address); @@ -227,7 +228,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon5.dns_domain = dns_domain; netlogon->logon5.pdc_dns_name = pdc_dns_name; netlogon->logon5.domain = flatname; - netlogon->logon5.pdc_name = lp_netbios_name(global_loadparm); + netlogon->logon5.pdc_name = lp_netbios_name(lp_ctx); netlogon->logon5.user_name = user; netlogon->logon5.server_site = server_site; netlogon->logon5.client_site = client_site; @@ -242,7 +243,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon13.dns_domain = dns_domain; netlogon->logon13.pdc_dns_name = pdc_dns_name; netlogon->logon13.domain = flatname; - netlogon->logon13.pdc_name = lp_netbios_name(global_loadparm); + netlogon->logon13.pdc_name = lp_netbios_name(lp_ctx); netlogon->logon13.user_name = user; netlogon->logon13.server_site = server_site; netlogon->logon13.client_site = client_site; @@ -338,7 +339,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid, user, src->addr, - version, &netlogon); + version, global_loadparm, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } -- cgit From da0f222f432c4fc8bf5da80baf849ca32b315ca0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 23:33:16 +0100 Subject: r26271: Remove some more uses of global_loadparm. (This used to be commit e9875fcd56de0748ed78d7e3c9cdb4919cd96d3c) --- source4/cldap_server/netlogon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index db07c8d618..beb1767138 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -327,7 +327,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, } if (domain_guid == NULL && domain == NULL) { - domain = lp_realm(global_loadparm); + domain = lp_realm(cldapd->task->lp_ctx); } if (version == -1) { @@ -339,7 +339,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid, user, src->addr, - version, global_loadparm, &netlogon); + version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } -- cgit From 41db2ab12cea20b271d690be554ab8e6095c2b4e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 21:39:49 +0100 Subject: r26319: Split encoding functions out of libcli_ldap. (This used to be commit 95a6ef7fc8757ccfd90dbf0d6c9b5098f10b10b6) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index beb1767138..b123027a7c 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -20,7 +20,7 @@ */ #include "includes.h" -#include "libcli/ldap/ldap.h" +#include "libcli/ldap/ldap_ndr.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/events/events.h" -- cgit From c5bf20c5fe7eaa04cd11a7ce4f365aa6ffd7b124 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 6 Dec 2007 23:57:22 +0100 Subject: r26325: Remove use of global_loadparm in netif. (This used to be commit e452cb28594f23add7c00247ed39e8323aea78a6) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index b123027a7c..d1f001e333 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -187,7 +187,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, lp_workgroup(lp_ctx)); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; - pdc_ip = iface_best_ip(src_address); + pdc_ip = iface_best_ip(lp_ctx, src_address); ZERO_STRUCTP(netlogon); -- cgit From 6f2252dace1629d7b5c5637b103caa28d2c89b07 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Dec 2007 22:23:14 +0100 Subject: r26401: Don't cache interfaces context in libnetif. (This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153) --- source4/cldap_server/netlogon.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index d1f001e333..1c2b51aed7 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -64,6 +64,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, const char *client_site; const char *pdc_ip; struct ldb_dn *partitions_basedn; + struct interface *ifaces; partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); @@ -187,7 +188,8 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, lp_workgroup(lp_ctx)); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; - pdc_ip = iface_best_ip(lp_ctx, src_address); + load_interfaces(lp_interfaces(lp_ctx), &ifaces); + pdc_ip = iface_best_ip(ifaces, src_address); ZERO_STRUCTP(netlogon); -- cgit From 70f1f33af8e6e82506d0ee9ff6cc7e0923a7d0a1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Dec 2007 22:23:20 +0100 Subject: r26402: Require a talloc context in libnetif. (This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 1c2b51aed7..b79d678e88 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -188,7 +188,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, lp_workgroup(lp_ctx)); server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; - load_interfaces(lp_interfaces(lp_ctx), &ifaces); + load_interfaces(mem_ctx, lp_interfaces(lp_ctx), &ifaces); pdc_ip = iface_best_ip(ifaces, src_address); ZERO_STRUCTP(netlogon); -- cgit From 4d0514b38abf9c0a9c439cc2b024892d9f7f1f97 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 3 Jan 2008 06:00:38 -0600 Subject: r26649: Only claim to be a PDC if we are a PDC. Andrew Bartlett (This used to be commit fc5746ae95e5a0b751ec19cae1f204c505f4ca27) --- source4/cldap_server/netlogon.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index b79d678e88..f77909e8fa 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -162,11 +162,15 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } server_type = - NBT_SERVER_PDC | NBT_SERVER_GC | + NBT_SERVER_GC | NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; + if (samdb_is_pdc(cldapd->samctx)) { + server_type |= NBT_SERVER_PDC; + } + if (str_list_check(services, "ldap")) { server_type |= NBT_SERVER_LDAP; } -- cgit From 654282b885bac0666e2c9add43df2dd9a6ca0c6f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Jan 2008 00:47:01 -0600 Subject: r26680: Don't always advertise GC functionality. Andrew Bartlett (This used to be commit 2f228bcbf63af98ff2d0f498f48d49d0f2926343) --- source4/cldap_server/netlogon.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index f77909e8fa..3493e342d6 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -162,7 +162,6 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } server_type = - NBT_SERVER_GC | NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; @@ -171,6 +170,10 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, server_type |= NBT_SERVER_PDC; } + if (samdb_is_gc(cldapd->samctx)) { + server_type |= NBT_SERVER_GC; + } + if (str_list_check(services, "ldap")) { server_type |= NBT_SERVER_LDAP; } -- cgit From 97273d37fcdcfcb78d5b05bbafd7b2f543d01156 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Jan 2008 03:14:51 -0600 Subject: r26681: Use fewer magic numbers. Andrew Bartlett (This used to be commit 16edbe1d607390227652ee97a000da98c696c735) --- source4/cldap_server/netlogon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 3493e342d6..32a71e43af 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -230,7 +230,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, case 5: case 6: case 7: - netlogon->logon5.type = (user?23+2:23); + netlogon->logon5.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); netlogon->logon5.server_type = server_type; netlogon->logon5.domain_uuid = domain_uuid; netlogon->logon5.forest = realm; @@ -245,7 +245,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, netlogon->logon5.lm20_token = 0xFFFF; break; default: - netlogon->logon13.type = (user?23+2:23); + netlogon->logon13.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); netlogon->logon13.server_type = server_type; netlogon->logon13.domain_uuid = domain_uuid; netlogon->logon13.forest = realm; -- cgit From f78bc8c489b02b521e9ecbdbdc72d160c6911b6b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 14 Apr 2008 11:54:50 +0200 Subject: Remove prototypes from build.h in preparation of removing build.h altogether. (This used to be commit dbeab2a9cdee4e5f69afeb2603ba29cbed56debd) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 32a71e43af..a524a6f8bd 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -20,7 +20,6 @@ */ #include "includes.h" -#include "libcli/ldap/ldap_ndr.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/events/events.h" @@ -28,6 +27,7 @@ #include "smbd/service_task.h" #include "cldap_server/cldap_server.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "libcli/ldap/ldap_ndr.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "ldb_wrap.h" -- cgit From 326d591d57708a88ad30a8893ca9373f1d994b56 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 17 May 2008 12:41:42 +1000 Subject: Convert the CLDAP server to use the new netlogon structures. This also makes the CLDAP server the place where we create the NETLOGON SAMLOGON replies, regardless of protocol (NBT mailslots or CLDAP). Andrew Bartlett (This used to be commit 8b00a9429470c9ad3646255c340e6a963bd226bd) --- source4/cldap_server/netlogon.c | 193 ++++++++++++++++++++-------------------- 1 file changed, 98 insertions(+), 95 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index a524a6f8bd..b59a54ade7 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -4,6 +4,7 @@ CLDAP server - netlogon handling Copyright (C) Andrew Tridgell 2005 + Copyright (C) Andrew Bartlett 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,25 +29,26 @@ #include "cldap_server/cldap_server.h" #include "librpc/gen_ndr/ndr_misc.h" #include "libcli/ldap/ldap_ndr.h" +#include "libcli/security/security.h" #include "dsdb/samdb/samdb.h" #include "auth/auth.h" #include "ldb_wrap.h" #include "system/network.h" #include "lib/socket/netif.h" #include "param/param.h" - /* fill in the cldap netlogon union for a given version */ -static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, - TALLOC_CTX *mem_ctx, - const char *domain, - const char *domain_guid, - const char *user, - const char *src_address, - uint32_t version, - struct loadparm_context *lp_ctx, - union nbt_cldap_netlogon *netlogon) +NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, + TALLOC_CTX *mem_ctx, + const char *domain, + struct dom_sid *domain_sid, + const char *domain_guid, + const char *user, + const char *src_address, + uint32_t version, + struct loadparm_context *lp_ctx, + struct netlogon_samlogon_response *netlogon) { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; @@ -66,7 +68,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, struct ldb_dn *partitions_basedn; struct interface *ifaces; - partitions_basedn = samdb_partitions_dn(cldapd->samctx, mem_ctx); + partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx); /* the domain has an optional trailing . */ if (domain && domain[strlen(domain)-1] == '.') { @@ -77,7 +79,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, struct ldb_dn *dom_dn; /* try and find the domain */ - ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res, + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res, partitions_basedn, LDB_SCOPE_ONELEVEL, ref_attrs, "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", @@ -86,19 +88,19 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", domain, - ldb_errstring(cldapd->samctx))); + ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (ref_res->count == 1) { talloc_steal(mem_ctx, dom_res); - dom_dn = ldb_msg_find_attr_as_dn(cldapd->samctx, mem_ctx, ref_res->msgs[0], "ncName"); + dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName"); if (!dom_dn) { return NT_STATUS_NO_SUCH_DOMAIN; } - ret = ldb_search(cldapd->samctx, dom_dn, + ret = ldb_search(sam_ctx, dom_dn, LDB_SCOPE_BASE, "objectClass=domain", dom_attrs, &dom_res); if (ret != LDB_SUCCESS) { - DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(cldapd->samctx))); + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } talloc_steal(mem_ctx, dom_res); @@ -112,23 +114,31 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, } } - if ((dom_res == NULL || dom_res->count == 0) && domain_guid) { + if ((dom_res == NULL || dom_res->count == 0) && (domain_guid || domain_sid)) { ref_res = NULL; - ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &dom_res, - NULL, LDB_SCOPE_SUBTREE, - dom_attrs, - "(&(objectClass=domainDNS)(objectGUID=%s))", - domain_guid); + if (domain_guid) { + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, + dom_attrs, + "(&(objectClass=domainDNS)(objectGUID=%s))", + domain_guid); + } else { /* domain_sid case */ + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, + NULL, LDB_SCOPE_SUBTREE, + dom_attrs, + "(&(objectClass=domainDNS)(objectSID=%s))", + dom_sid_string(mem_ctx, domain_sid)); + } if (ret != LDB_SUCCESS) { - DEBUG(2,("Unable to find referece to GUID '%s' in sam: %s\n", - domain_guid, - ldb_errstring(cldapd->samctx))); + DEBUG(2,("Unable to find referece to GUID '%s' or SID %s in sam: %s\n", + domain_guid, dom_sid_string(mem_ctx, domain_sid), + ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (dom_res->count == 1) { /* try and find the domain */ - ret = ldb_search_exp_fmt(cldapd->samctx, mem_ctx, &ref_res, + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res, partitions_basedn, LDB_SCOPE_ONELEVEL, ref_attrs, "(&(objectClass=crossRef)(ncName=%s))", @@ -137,7 +147,7 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", ldb_dn_get_linearized(dom_res->msgs[0]->dn), - ldb_errstring(cldapd->samctx))); + ldb_errstring(sam_ctx))); return NT_STATUS_NO_SUCH_DOMAIN; } else if (ref_res->count != 1) { @@ -166,11 +176,11 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; - if (samdb_is_pdc(cldapd->samctx)) { + if (samdb_is_pdc(sam_ctx)) { server_type |= NBT_SERVER_PDC; } - if (samdb_is_gc(cldapd->samctx)) { + if (samdb_is_gc(sam_ctx)) { server_type |= NBT_SERVER_GC; } @@ -200,68 +210,61 @@ static NTSTATUS cldapd_netlogon_fill(struct cldapd_server *cldapd, ZERO_STRUCTP(netlogon); - switch (version & 0xF) { - case 0: - case 1: - netlogon->logon1.type = (user?19+2:19); - netlogon->logon1.pdc_name = pdc_name; - netlogon->logon1.user_name = user; - netlogon->logon1.domain_name = flatname; - netlogon->logon1.nt_version = 1; - netlogon->logon1.lmnt_token = 0xFFFF; - netlogon->logon1.lm20_token = 0xFFFF; - break; - case 2: - case 3: - netlogon->logon3.type = (user?19+2:19); - netlogon->logon3.pdc_name = pdc_name; - netlogon->logon3.user_name = user; - netlogon->logon3.domain_name = flatname; - netlogon->logon3.domain_uuid = domain_uuid; - netlogon->logon3.forest = realm; - netlogon->logon3.dns_domain = dns_domain; - netlogon->logon3.pdc_dns_name = pdc_dns_name; - netlogon->logon3.pdc_ip = pdc_ip; - netlogon->logon3.server_type = server_type; - netlogon->logon3.lmnt_token = 0xFFFF; - netlogon->logon3.lm20_token = 0xFFFF; - break; - case 4: - case 5: - case 6: - case 7: - netlogon->logon5.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); - netlogon->logon5.server_type = server_type; - netlogon->logon5.domain_uuid = domain_uuid; - netlogon->logon5.forest = realm; - netlogon->logon5.dns_domain = dns_domain; - netlogon->logon5.pdc_dns_name = pdc_dns_name; - netlogon->logon5.domain = flatname; - netlogon->logon5.pdc_name = lp_netbios_name(lp_ctx); - netlogon->logon5.user_name = user; - netlogon->logon5.server_site = server_site; - netlogon->logon5.client_site = client_site; - netlogon->logon5.lmnt_token = 0xFFFF; - netlogon->logon5.lm20_token = 0xFFFF; - break; - default: - netlogon->logon13.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); - netlogon->logon13.server_type = server_type; - netlogon->logon13.domain_uuid = domain_uuid; - netlogon->logon13.forest = realm; - netlogon->logon13.dns_domain = dns_domain; - netlogon->logon13.pdc_dns_name = pdc_dns_name; - netlogon->logon13.domain = flatname; - netlogon->logon13.pdc_name = lp_netbios_name(lp_ctx); - netlogon->logon13.user_name = user; - netlogon->logon13.server_site = server_site; - netlogon->logon13.client_site = client_site; - netlogon->logon13.unknown = 10; - netlogon->logon13.unknown2 = 2; - netlogon->logon13.pdc_ip = pdc_ip; - netlogon->logon13.lmnt_token = 0xFFFF; - netlogon->logon13.lm20_token = 0xFFFF; - break; + if (version & NETLOGON_NT_VERSION_5EX) { + uint32_t extra_flags; + netlogon->ntver = NETLOGON_NT_VERSION_5EX; + + /* could check if the user exists */ + netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; + netlogon->nt5_ex.server_type = server_type; + netlogon->nt5_ex.domain_uuid = domain_uuid; + netlogon->nt5_ex.forest = realm; + netlogon->nt5_ex.dns_domain = dns_domain; + netlogon->nt5_ex.pdc_dns_name = pdc_dns_name; + netlogon->nt5_ex.domain = flatname; + netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx); + netlogon->nt5_ex.user_name = user; + netlogon->nt5_ex.server_site = server_site; + netlogon->nt5_ex.client_site = client_site; + + if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) { + /* Clearly this needs to be fixed up for IPv6 */ + extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; + netlogon->nt5_ex.sockaddr.sa_family = 2; + netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; + } + netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5|extra_flags; + netlogon->nt5_ex.lmnt_token = 0xFFFF; + netlogon->nt5_ex.lm20_token = 0xFFFF; + + } else if (version & NETLOGON_NT_VERSION_5) { + netlogon->ntver = NETLOGON_NT_VERSION_5; + + /* could check if the user exists */ + netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; + netlogon->nt5.pdc_name = pdc_name; + netlogon->nt5.user_name = user; + netlogon->nt5.domain_name = flatname; + netlogon->nt5.domain_uuid = domain_uuid; + netlogon->nt5.forest = realm; + netlogon->nt5.dns_domain = dns_domain; + netlogon->nt5.pdc_dns_name = pdc_dns_name; + netlogon->nt5.pdc_ip = pdc_ip; + netlogon->nt5.server_type = server_type; + netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; + netlogon->nt5.lmnt_token = 0xFFFF; + netlogon->nt5.lm20_token = 0xFFFF; + } else { + netlogon->ntver = NETLOGON_NT_VERSION_1; + /* could check if the user exists */ + netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; + netlogon->nt4.server = pdc_name; + netlogon->nt4.user_name = user; + netlogon->nt4.domain = flatname; + netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1; + netlogon->nt4.lmnt_token = 0xFFFF; + netlogon->nt4.lm20_token = 0xFFFF; + } return NT_STATUS_OK; @@ -285,7 +288,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, const char *domain_sid = NULL; int acct_control = -1; int version = -1; - union nbt_cldap_netlogon netlogon; + struct netlogon_samlogon_response netlogon; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; TALLOC_CTX *tmp_ctx = talloc_new(cldap); @@ -346,9 +349,9 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", domain, host, user, version, domain_guid)); - status = cldapd_netlogon_fill(cldapd, tmp_ctx, domain, domain_guid, - user, src->addr, - version, cldapd->task->lp_ctx, &netlogon); + status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, domain_guid, + user, src->addr, + version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } -- cgit From fd0d47b746be322b60fca29c1daa13e72b360e62 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 17 May 2008 20:53:29 +1000 Subject: Handle netbios domains in the CLDAP server too. This commit also fixes a number of issues found by the NBT-DGRAM and LDAP-CLDAP tests. Andrew Bartlett (This used to be commit 8f99a4b94e95f8bde0f80f92d4e57020c62cfaab) --- source4/cldap_server/netlogon.c | 72 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 8 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index b59a54ade7..b2a034d5a4 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -42,6 +42,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *domain, + const char *netbios_domain, struct dom_sid *domain_sid, const char *domain_guid, const char *user, @@ -114,6 +115,45 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } } + if (netbios_domain) { + struct ldb_dn *dom_dn; + /* try and find the domain */ + + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &ref_res, + partitions_basedn, LDB_SCOPE_ONELEVEL, + ref_attrs, + "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))", + netbios_domain); + + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", + netbios_domain, + ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } else if (ref_res->count == 1) { + talloc_steal(mem_ctx, dom_res); + dom_dn = ldb_msg_find_attr_as_dn(sam_ctx, mem_ctx, ref_res->msgs[0], "ncName"); + if (!dom_dn) { + return NT_STATUS_NO_SUCH_DOMAIN; + } + ret = ldb_search(sam_ctx, dom_dn, + LDB_SCOPE_BASE, "objectClass=domain", + dom_attrs, &dom_res); + if (ret != LDB_SUCCESS) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam: %s\n", domain, ldb_dn_get_linearized(dom_dn), ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + talloc_steal(mem_ctx, dom_res); + if (dom_res->count != 1) { + DEBUG(2,("Error finding domain '%s'/'%s' in sam\n", domain, ldb_dn_get_linearized(dom_dn))); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } else if (ref_res->count > 1) { + talloc_free(ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; + } + } + if ((dom_res == NULL || dom_res->count == 0) && (domain_guid || domain_sid)) { ref_res = NULL; @@ -211,11 +251,16 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ZERO_STRUCTP(netlogon); if (version & NETLOGON_NT_VERSION_5EX) { - uint32_t extra_flags; + uint32_t extra_flags = 0; netlogon->ntver = NETLOGON_NT_VERSION_5EX; /* could check if the user exists */ - netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; + if (!user) { + user = ""; + netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; + } else { + netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; + } netlogon->nt5_ex.server_type = server_type; netlogon->nt5_ex.domain_uuid = domain_uuid; netlogon->nt5_ex.forest = realm; @@ -232,8 +277,9 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon->nt5_ex.sockaddr.sa_family = 2; netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; + netlogon->nt5_ex.sockaddr.remaining = data_blob(NULL, 4); } - netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5|extra_flags; + netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; netlogon->nt5_ex.lmnt_token = 0xFFFF; netlogon->nt5_ex.lm20_token = 0xFFFF; @@ -241,7 +287,12 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ - netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; + if (!user) { + user = ""; + netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; + } else { + netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; + } netlogon->nt5.pdc_name = pdc_name; netlogon->nt5.user_name = user; netlogon->nt5.domain_name = flatname; @@ -254,17 +305,22 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; netlogon->nt5.lmnt_token = 0xFFFF; netlogon->nt5.lm20_token = 0xFFFF; - } else { + + } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ - netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; + if (!user) { + user = ""; + netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; + } else { + netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; + } netlogon->nt4.server = pdc_name; netlogon->nt4.user_name = user; netlogon->nt4.domain = flatname; netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1; netlogon->nt4.lmnt_token = 0xFFFF; netlogon->nt4.lm20_token = 0xFFFF; - } return NT_STATUS_OK; @@ -349,7 +405,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n", domain, host, user, version, domain_guid)); - status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, domain_guid, + status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid, user, src->addr, version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { -- cgit From f67156fc920b9a5c84c4fcaf1bf41640ddae6005 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 May 2008 12:37:36 +1000 Subject: Extend the 'netlogon' CLDAP and NBT implementation. This now handles checking if the user exists, including validating the ACB mask on the user. This would be a nasty security hole, if Kerberos did not already expose this information anonymously... Andrew Bartlett (This used to be commit 441b286c00f9a7743cdefeb243545bdbd2c94c5e) --- source4/cldap_server/netlogon.c | 60 ++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 10 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index b2a034d5a4..bca965781a 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -46,6 +46,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, struct dom_sid *domain_sid, const char *domain_guid, const char *user, + uint32_t acct_control, const char *src_address, uint32_t version, struct loadparm_context *lp_ctx, @@ -53,7 +54,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, { const char *ref_attrs[] = {"nETBIOSName", "dnsRoot", "ncName", NULL}; const char *dom_attrs[] = {"objectGUID", NULL}; - struct ldb_result *ref_res = NULL, *dom_res = NULL; + const char *none_attrs[] = {NULL}; + struct ldb_result *ref_res = NULL, *dom_res = NULL, *user_res = NULL; int ret; const char **services = lp_server_services(lp_ctx); uint32_t server_type; @@ -68,6 +70,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, const char *pdc_ip; struct ldb_dn *partitions_basedn; struct interface *ifaces; + bool user_known; partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx); @@ -201,6 +204,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } } + if ((ref_res == NULL || ref_res->count == 0)) { DEBUG(2,("Unable to find domain reference with name %s or GUID {%s}\n", domain, domain_guid)); return NT_STATUS_NO_SUCH_DOMAIN; @@ -211,6 +215,44 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, return NT_STATUS_NO_SUCH_DOMAIN; } + /* work around different inputs for not-specified users */ + if (!user) { + user = ""; + } + + /* Enquire about any valid username with just a CLDAP packet - + * if kerberos didn't also do this, the security folks would + * scream... */ + if (user[0]) { \ + /* Only allow some bits to be enquired: [MS-ATDS] 7.3.3.2 */ + if (acct_control == (uint32_t)-1) { + acct_control = 0; + } + acct_control = acct_control & (ACB_TEMPDUP | ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST); + + /* We must exclude disabled accounts, but otherwise do the bitwise match the client asked for */ + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &user_res, + dom_res->msgs[0]->dn, LDB_SCOPE_SUBTREE, + none_attrs, + "(&(objectClass=user)(samAccountName=%s)" + "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))" + "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", + user, UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control)); + if (ret != LDB_SUCCESS) { + DEBUG(2,("Unable to find referece to user '%s' with ACB 0x%8x under %s: %s\n", + user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn), + ldb_errstring(sam_ctx))); + return NT_STATUS_NO_SUCH_USER; + } else if (user_res->count == 1) { + user_known = true; + } else { + user_known = false; + } + + } else { + user_known = true; + } + server_type = NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | @@ -250,13 +292,13 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ZERO_STRUCTP(netlogon); - if (version & NETLOGON_NT_VERSION_5EX) { + /* check if either of these bits is present */ + if (version & (NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_5EX_WITH_IP)) { uint32_t extra_flags = 0; netlogon->ntver = NETLOGON_NT_VERSION_5EX; /* could check if the user exists */ - if (!user) { - user = ""; + if (user_known) { netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; } else { netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; @@ -277,7 +319,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon->nt5_ex.sockaddr.sa_family = 2; netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; - netlogon->nt5_ex.sockaddr.remaining = data_blob(NULL, 4); + netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc(mem_ctx, NULL, 4); } netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; netlogon->nt5_ex.lmnt_token = 0xFFFF; @@ -287,8 +329,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ - if (!user) { - user = ""; + if (user_known) { netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; @@ -309,8 +350,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ - if (!user) { - user = ""; + if (user_known) { netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; } else { netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; @@ -406,7 +446,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, domain, host, user, version, domain_guid)); status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid, - user, src->addr, + user, acct_control, src->addr, version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; -- cgit From 3a29c33e821b78cad8b586c944fd182d363eda93 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 21 May 2008 14:29:20 +1000 Subject: Fix creation of sockaddr in netlogon datagram generator. The previous code sent uninitialised data, and was the wrong length. Andrew Bartlett (This used to be commit 8e070293cfd522b7464be5bc4d8045572d6d996c) --- source4/cldap_server/netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index bca965781a..f263f33d48 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -319,7 +319,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon->nt5_ex.sockaddr.sa_family = 2; netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; - netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc(mem_ctx, NULL, 4); + netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); } netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; netlogon->nt5_ex.lmnt_token = 0xFFFF; -- cgit From bec7a952076e92d2ed5f53b4e3f87d95793e9c33 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Wed, 20 Aug 2008 12:45:41 +1000 Subject: Add extra bits to our 'netlogon' response in CLDAP and NBT. I've studied now the netlogon attribute from the CLDAP request and have compared them with the table presented in the WSPP docs (http://msdn.microsoft.com/en-us/library/cc201036.aspx). The first two bytes seem to be correct, but that the third and fourth one is completely clear with SAMBA 4. Signed-off-by: Andrew Bartlett (This used to be commit 3024a43c25e3ec9821d94a27d5cf738890b1b8f3) --- source4/cldap_server/netlogon.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index f263f33d48..084714f4cf 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -256,7 +256,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, server_type = NBT_SERVER_DS | NBT_SERVER_TIMESERV | NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | - NBT_SERVER_GOOD_TIMESERV; + NBT_SERVER_GOOD_TIMESERV | NBT_SERVER_DS_DNS_CONTR | + NBT_SERVER_DS_DNS_DOMAIN; if (samdb_is_pdc(sam_ctx)) { server_type |= NBT_SERVER_PDC; @@ -274,6 +275,10 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, server_type |= NBT_SERVER_KDC; } + if (!ldb_dn_compare_base(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx))) { + server_type |= NBT_SERVER_DS_DNS_FOREST; + } + pdc_name = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name(lp_ctx)); domain_uuid = samdb_result_guid(dom_res->msgs[0], "objectGUID"); realm = samdb_result_string(ref_res->msgs[0], "dnsRoot", lp_realm(lp_ctx)); @@ -285,6 +290,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, flatname = samdb_result_string(ref_res->msgs[0], "nETBIOSName", lp_workgroup(lp_ctx)); + /* FIXME: Hardcoded site names */ server_site = "Default-First-Site-Name"; client_site = "Default-First-Site-Name"; load_interfaces(mem_ctx, lp_interfaces(lp_ctx), &ifaces); -- cgit From 53a35b265566b94f882ea09b26cb049fa89b8759 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 21 Aug 2008 16:09:42 +1000 Subject: Validate input in the CLDAP and DGRAM 'netlogon' responder. (This used to be commit 682ca3cae1d5e796bc58142f79c99d43742ac85c) --- source4/cldap_server/netlogon.c | 44 ++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 084714f4cf..d4242061f4 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -71,6 +71,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, struct ldb_dn *partitions_basedn; struct interface *ifaces; bool user_known; + NTSTATUS status; partitions_basedn = samdb_partitions_dn(sam_ctx, mem_ctx); @@ -87,7 +88,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, partitions_basedn, LDB_SCOPE_ONELEVEL, ref_attrs, "(&(&(objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*))", - domain); + ldb_binary_encode_string(mem_ctx, domain)); if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", @@ -126,7 +127,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, partitions_basedn, LDB_SCOPE_ONELEVEL, ref_attrs, "(&(objectClass=crossRef)(ncName=*)(nETBIOSName=%s))", - netbios_domain); + ldb_binary_encode_string(mem_ctx, netbios_domain)); if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to '%s' in sam: %s\n", @@ -161,17 +162,45 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ref_res = NULL; if (domain_guid) { + struct GUID binary_guid; + struct ldb_val guid_val; + enum ndr_err_code ndr_err; + + /* By this means, we ensure we don't have funny stuff in the GUID */ + + status = GUID_from_string(domain_guid, &binary_guid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* And this gets the result into the binary format we want anyway */ + ndr_err = ndr_push_struct_blob(&guid_val, mem_ctx, NULL, &binary_guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return NT_STATUS_INVALID_PARAMETER; + } ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, - "(&(objectClass=domainDNS)(objectGUID=%s))", - domain_guid); + "(&(objectCategory=Domain-DNS)(objectGUID=%s))", + ldb_binary_encode(mem_ctx, guid_val)); } else { /* domain_sid case */ + struct dom_sid *sid; + struct ldb_val sid_val; + enum ndr_err_code ndr_err; + + /* Rather than go via the string, just push into the NDR form */ + ndr_err = ndr_push_struct_blob(&sid_val, mem_ctx, NULL, &sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return NT_STATUS_INVALID_PARAMETER; + } + ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, - "(&(objectClass=domainDNS)(objectSID=%s))", - dom_sid_string(mem_ctx, domain_sid)); + "(&(objectCategory=Domain-DNS)(objectSID=%s))", + ldb_binary_encode(mem_ctx, sid_val)); } if (ret != LDB_SUCCESS) { @@ -237,7 +266,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, "(&(objectClass=user)(samAccountName=%s)" "(!(userAccountControl:" LDB_OID_COMPARATOR_AND ":=%u))" "(userAccountControl:" LDB_OID_COMPARATOR_OR ":=%u))", - user, UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control)); + ldb_binary_encode_string(mem_ctx, user), + UF_ACCOUNTDISABLE, samdb_acb2uf(acct_control)); if (ret != LDB_SUCCESS) { DEBUG(2,("Unable to find referece to user '%s' with ACB 0x%8x under %s: %s\n", user, acct_control, ldb_dn_get_linearized(dom_res->msgs[0]->dn), -- cgit From 53ecaf4a4251a83eb017ebe5db447ecc98944793 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 22 Aug 2008 20:50:07 +1000 Subject: fixed the DomainDNS searches in the netlogon code (This used to be commit 7dce38f9897df02073132f18b1021e0d0636590c) --- source4/cldap_server/netlogon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/cldap_server/netlogon.c') diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index d4242061f4..0b146b3c7d 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -182,7 +182,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, - "(&(objectCategory=Domain-DNS)(objectGUID=%s))", + "(&(objectCategory=DomainDNS)(objectGUID=%s))", ldb_binary_encode(mem_ctx, guid_val)); } else { /* domain_sid case */ struct dom_sid *sid; @@ -199,7 +199,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, &dom_res, NULL, LDB_SCOPE_SUBTREE, dom_attrs, - "(&(objectCategory=Domain-DNS)(objectSID=%s))", + "(&(objectCategory=DomainDNS)(objectSID=%s))", ldb_binary_encode(mem_ctx, sid_val)); } -- cgit