From b37b8f1a2727937b40a51acecfd125993609bd8b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Aug 2005 20:27:33 +0000 Subject: r9016: More work to avoid abuse of the "name" attribute, this time on NETLOGON. Andrew Bartlett (This used to be commit e9837d49bc8d784b365c0a7470ebfbd6f396464d) --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 38 +++++++++++++++++++-------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index ace5f9fffe..aad66ad314 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -870,11 +870,12 @@ static WERROR netr_DSRGETSITENAME(struct dcesrv_call_state *dce_call, TALLOC_CTX fill in a netr_DomainTrustInfo from a ldb search result */ static NTSTATUS fill_domain_primary_info(TALLOC_CTX *mem_ctx, struct ldb_message *res, - struct netr_DomainTrustInfo *info) + struct netr_DomainTrustInfo *info, + const char *local_domain) { ZERO_STRUCTP(info); - info->domainname.string = samdb_result_string(res, "name", NULL); + info->domainname.string = local_domain; info->fulldomainname.string = talloc_asprintf(info, "%s.", samdb_result_string(res, "dnsDomain", NULL)); /* TODO: we need proper forest support */ info->forest.string = info->fulldomainname.string; @@ -888,12 +889,13 @@ static NTSTATUS fill_domain_primary_info(TALLOC_CTX *mem_ctx, struct ldb_message fill in a netr_DomainTrustInfo from a ldb search result */ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res, - struct netr_DomainTrustInfo *info, BOOL is_local) + struct netr_DomainTrustInfo *info, + const char *local_domain, BOOL is_local) { ZERO_STRUCTP(info); if (is_local) { - info->domainname.string = samdb_result_string(res, "name", NULL); + info->domainname.string = local_domain; info->fulldomainname.string = samdb_result_string(res, "dnsDomain", NULL); info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); @@ -917,15 +919,18 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL struct netr_LogonGetDomainInfo *r) { struct server_pipe_state *pipe_state = dce_call->context->private; - const char * const attrs[] = { "name", "dnsDomain", "objectSid", + const char * const attrs[] = { "dnsDomain", "objectSid", "objectGUID", "flatName", "securityIdentifier", NULL }; - void *sam_ctx; - struct ldb_message **res1, **res2; + const char * const ref_attrs[] = { "nETBIOSName", NULL }; + struct ldb_context *sam_ctx; + struct ldb_message **res1, **res2, **ref_res; struct netr_DomainInfo1 *info1; - int ret1, ret2, i; + int ret, ret1, ret2, i; NTSTATUS status; + const char *local_domain; + status = netr_creds_server_step_check(pipe_state, r->in.credential, r->out.return_authenticator); if (!NT_STATUS_IS_OK(status)) { @@ -947,6 +952,17 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_INTERNAL_DB_CORRUPTION; } + /* try and find the domain */ + ret = gendb_search(sam_ctx, mem_ctx, NULL, + &ref_res, ref_attrs, + "(&(objectClass=crossRef)(ncName=%s))", + res1[0]->dn); + if (ret != 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + local_domain = samdb_result_string(ref_res[0], "nETBIOSName", NULL); + ret2 = gendb_search(sam_ctx, mem_ctx, NULL, &res2, attrs, "(objectClass=trustedDomain)"); if (ret2 == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -966,19 +982,19 @@ static NTSTATUS netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_NO_MEMORY; } - status = fill_domain_primary_info(mem_ctx, res1[0], &info1->domaininfo); + status = fill_domain_primary_info(mem_ctx, res1[0], &info1->domaininfo, local_domain); if (!NT_STATUS_IS_OK(status)) { return status; } for (i=0;itrusts[i], False); + status = fill_domain_trust_info(mem_ctx, res2[i], &info1->trusts[i], NULL, False); if (!NT_STATUS_IS_OK(status)) { return status; } } - status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[i], True); + status = fill_domain_trust_info(mem_ctx, res1[0], &info1->trusts[i], local_domain, True); if (!NT_STATUS_IS_OK(status)) { return status; } -- cgit