root/source4/nbt_server/dgram/netlogon.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. nbtd_netlogon_getdc
  2. nbtd_netlogon_samlogon
  3. nbtd_mailslot_netlogon_handler

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    NBT datagram netlogon server
   5 
   6    Copyright (C) Andrew Tridgell        2005
   7    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
   8   
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13    
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18    
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #include "includes.h"
  24 #include "nbt_server/nbt_server.h"
  25 #include "lib/socket/socket.h"
  26 #include "lib/ldb/include/ldb.h"
  27 #include "dsdb/samdb/samdb.h"
  28 #include "auth/auth.h"
  29 #include "../lib/util/util_ldb.h"
  30 #include "param/param.h"
  31 #include "smbd/service_task.h"
  32 #include "cldap_server/cldap_server.h"
  33 #include "libcli/security/security.h"
  34 #include "nbt_server/dgram/proto.h"
  35 
  36 /*
  37   reply to a GETDC request
  38  */
  39 static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, 
     /* [<][>][^][v][top][bottom][index][help] */
  40                                 struct nbtd_interface *iface,
  41                                 struct nbt_dgram_packet *packet, 
  42                                 const struct socket_address *src,
  43                                 struct nbt_netlogon_packet *netlogon)
  44 {
  45         struct nbt_name *name = &packet->data.msg.dest_name;
  46         struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
  47         struct nbt_netlogon_response_from_pdc *pdc;
  48         const char *ref_attrs[] = {"nETBIOSName", NULL};
  49         struct ldb_message **ref_res;
  50         struct ldb_context *samctx;
  51         struct ldb_dn *partitions_basedn;
  52         struct nbt_netlogon_response netlogon_response;
  53         int ret;
  54 
  55         /* only answer getdc requests on the PDC or LOGON names */
  56         if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
  57                 return;
  58         }
  59 
  60         samctx = iface->nbtsrv->sam_ctx;
  61 
  62         if (!samdb_is_pdc(samctx)) {
  63                 DEBUG(2, ("Not a PDC, so not processing LOGON_PRIMARY_QUERY\n"));
  64                 return;         
  65         }
  66 
  67         partitions_basedn = samdb_partitions_dn(samctx, packet);
  68 
  69         ret = gendb_search(samctx, packet, partitions_basedn, &ref_res, ref_attrs,
  70                            "(&(&(nETBIOSName=%s)(objectclass=crossRef))(ncName=*))", 
  71                            name->name);
  72         
  73         if (ret != 1) {
  74                 DEBUG(2,("Unable to find domain reference '%s' in sam\n", name->name));
  75                 return;
  76         }
  77 
  78         /* setup a GETDC reply */
  79         ZERO_STRUCT(netlogon_response);
  80         netlogon_response.response_type = NETLOGON_GET_PDC;
  81         pdc = &netlogon_response.data.get_pdc;
  82 
  83         pdc->command = NETLOGON_RESPONSE_FROM_PDC;
  84         pdc->pdc_name         = lp_netbios_name(iface->nbtsrv->task->lp_ctx);
  85         pdc->unicode_pdc_name = pdc->pdc_name;
  86         pdc->domain_name      = samdb_result_string(ref_res[0], "nETBIOSName", name->name);;
  87         pdc->nt_version       = 1;
  88         pdc->lmnt_token       = 0xFFFF;
  89         pdc->lm20_token       = 0xFFFF;
  90 
  91         dgram_mailslot_netlogon_reply(reply_iface->dgmsock, 
  92                                       packet, 
  93                                       lp_netbios_name(iface->nbtsrv->task->lp_ctx),
  94                                       netlogon->req.pdc.mailslot_name,
  95                                       &netlogon_response);
  96 }
  97 
  98 
  99 /*
 100   reply to a ADS style GETDC request
 101  */
 102 static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot,
     /* [<][>][^][v][top][bottom][index][help] */
 103                                    struct nbtd_interface *iface,
 104                                    struct nbt_dgram_packet *packet, 
 105                                    const struct socket_address *src,
 106                                    struct nbt_netlogon_packet *netlogon)
 107 {
 108         struct nbt_name *name = &packet->data.msg.dest_name;
 109         struct nbtd_interface *reply_iface = nbtd_find_reply_iface(iface, src->addr, false);
 110         struct ldb_context *samctx;
 111         const char *my_ip = reply_iface->ip_address; 
 112         struct dom_sid *sid;
 113         struct nbt_netlogon_response netlogon_response;
 114         NTSTATUS status;
 115 
 116         if (!my_ip) {
 117                 DEBUG(0, ("Could not obtain own IP address for datagram socket\n"));
 118                 return;
 119         }
 120 
 121         /* only answer getdc requests on the PDC or LOGON names */
 122         if (name->type != NBT_NAME_PDC && name->type != NBT_NAME_LOGON) {
 123                 return;
 124         }
 125 
 126         samctx = iface->nbtsrv->sam_ctx;
 127 
 128         if (netlogon->req.logon.sid_size) {
 129                 sid = &netlogon->req.logon.sid;
 130         } else {
 131                 sid = NULL;
 132         }
 133 
 134         status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, 
 135                                                  netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, 
 136                                                  netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon);
 137         if (!NT_STATUS_IS_OK(status)) {
 138                 DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n",
 139                          name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status)));
 140                 return;
 141         }
 142 
 143         netlogon_response.response_type = NETLOGON_SAMLOGON;
 144 
 145         packet->data.msg.dest_name.type = 0;
 146 
 147         dgram_mailslot_netlogon_reply(reply_iface->dgmsock, 
 148                                       packet, 
 149                                       lp_netbios_name(iface->nbtsrv->task->lp_ctx),
 150                                       netlogon->req.logon.mailslot_name,
 151                                       &netlogon_response);
 152 }
 153 
 154 
 155 /*
 156   handle incoming netlogon mailslot requests
 157 */
 158 void nbtd_mailslot_netlogon_handler(struct dgram_mailslot_handler *dgmslot, 
     /* [<][>][^][v][top][bottom][index][help] */
 159                                     struct nbt_dgram_packet *packet, 
 160                                     struct socket_address *src)
 161 {
 162         NTSTATUS status = NT_STATUS_NO_MEMORY;
 163         struct nbtd_interface *iface = 
 164                 talloc_get_type(dgmslot->private_data, struct nbtd_interface);
 165         struct nbt_netlogon_packet *netlogon = 
 166                 talloc(dgmslot, struct nbt_netlogon_packet);
 167         struct nbtd_iface_name *iname;
 168         struct nbt_name *name = &packet->data.msg.dest_name;
 169 
 170         if (netlogon == NULL) goto failed;
 171 
 172         /*
 173           see if the we are listening on the destination netbios name
 174         */
 175         iname = nbtd_find_iname(iface, name, 0);
 176         if (iname == NULL) {
 177                 status = NT_STATUS_BAD_NETWORK_NAME;
 178                 goto failed;
 179         }
 180 
 181         DEBUG(2,("netlogon request to %s from %s:%d\n", 
 182                  nbt_name_string(netlogon, name), src->addr, src->port));
 183         status = dgram_mailslot_netlogon_parse_request(dgmslot, netlogon, packet, netlogon);
 184         if (!NT_STATUS_IS_OK(status)) goto failed;
 185 
 186         switch (netlogon->command) {
 187         case LOGON_PRIMARY_QUERY:
 188                 nbtd_netlogon_getdc(dgmslot, iface, packet, 
 189                                     src, netlogon);
 190                 break;
 191         case LOGON_SAM_LOGON_REQUEST:
 192                 nbtd_netlogon_samlogon(dgmslot, iface, packet, 
 193                                        src, netlogon);
 194                 break;
 195         default:
 196                 DEBUG(2,("unknown netlogon op %d from %s:%d\n", 
 197                          netlogon->command, src->addr, src->port));
 198                 NDR_PRINT_DEBUG(nbt_netlogon_packet, netlogon);
 199                 break;
 200         }
 201 
 202         talloc_free(netlogon);
 203         return;
 204 
 205 failed:
 206         DEBUG(2,("nbtd netlogon handler failed from %s:%d to %s - %s\n",
 207                  src->addr, src->port, nbt_name_string(netlogon, name),
 208                  nt_errstr(status)));
 209         talloc_free(netlogon);
 210 }

/* [<][>][^][v][top][bottom][index][help] */