root/source3/rpc_server/srv_netlog_nt.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. init_net_r_req_chal
  2. init_netlogon_info1
  3. init_netlogon_info2
  4. init_netlogon_info3
  5. _netr_LogonControl
  6. send_sync_message
  7. _netr_LogonControl2
  8. _netr_LogonControl2Ex
  9. _netr_NetrEnumerateTrustedDomains
  10. get_md4pw
  11. _netr_ServerReqChallenge
  12. _netr_ServerAuthenticate
  13. _netr_ServerAuthenticate3
  14. _netr_ServerAuthenticate2
  15. _netr_ServerPasswordSet
  16. _netr_LogonSamLogoff
  17. _netr_LogonSamLogon
  18. _netr_LogonSamLogonEx
  19. _ds_enum_dom_trusts
  20. _netr_LogonUasLogon
  21. _netr_LogonUasLogoff
  22. _netr_DatabaseDeltas
  23. _netr_DatabaseSync
  24. _netr_AccountDeltas
  25. _netr_AccountSync
  26. _netr_GetDcName
  27. _netr_GetAnyDCName
  28. _netr_DatabaseSync2
  29. _netr_DatabaseRedo
  30. _netr_DsRGetDCName
  31. _netr_LogonGetCapabilities
  32. _netr_NETRLOGONSETSERVICEBITS
  33. _netr_LogonGetTrustRid
  34. _netr_NETRLOGONCOMPUTESERVERDIGEST
  35. _netr_NETRLOGONCOMPUTECLIENTDIGEST
  36. _netr_DsRGetDCNameEx
  37. _netr_DsRGetSiteName
  38. _netr_LogonGetDomainInfo
  39. _netr_ServerPasswordSet2
  40. _netr_ServerPasswordGet
  41. _netr_NETRLOGONSENDTOSAM
  42. _netr_DsRAddressToSitenamesW
  43. _netr_DsRGetDCNameEx2
  44. _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN
  45. _netr_NetrEnumerateTrustedDomainsEx
  46. _netr_DsRAddressToSitenamesExW
  47. _netr_DsrGetDcSiteCoverageW
  48. _netr_DsrEnumerateDomainTrusts
  49. _netr_DsrDeregisterDNSHostRecords
  50. _netr_ServerTrustPasswordsGet
  51. _netr_DsRGetForestTrustInformation
  52. _netr_GetForestTrustInformation
  53. _netr_LogonSamLogonWithFlags
  54. _netr_ServerGetTrustInfo

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  RPC Pipe client / server routines
   4  *  Copyright (C) Andrew Tridgell              1992-1997,
   5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
   6  *  Copyright (C) Paul Ashton                       1997.
   7  *  Copyright (C) Jeremy Allison               1998-2001.
   8  *  Copyright (C) Andrew Bartlett                   2001.
   9  *  Copyright (C) Guenther Deschner                 2008.
  10  *
  11  *  This program is free software; you can redistribute it and/or modify
  12  *  it under the terms of the GNU General Public License as published by
  13  *  the Free Software Foundation; either version 3 of the License, or
  14  *  (at your option) any later version.
  15  *
  16  *  This program is distributed in the hope that it will be useful,
  17  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  *  GNU General Public License for more details.
  20  *
  21  *  You should have received a copy of the GNU General Public License
  22  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  23  */
  24 
  25 /* This is the implementation of the netlogon pipe. */
  26 
  27 #include "includes.h"
  28 
  29 extern userdom_struct current_user_info;
  30 
  31 #undef DBGC_CLASS
  32 #define DBGC_CLASS DBGC_RPC_SRV
  33 
  34 /*************************************************************************
  35  init_net_r_req_chal:
  36  *************************************************************************/
  37 
  38 static void init_net_r_req_chal(struct netr_Credential *r,
     /* [<][>][^][v][top][bottom][index][help] */
  39                                 struct netr_Credential *srv_chal)
  40 {
  41         DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
  42 
  43         memcpy(r->data, srv_chal->data, sizeof(r->data));
  44 }
  45 
  46 /*******************************************************************
  47  Inits a netr_NETLOGON_INFO_1 structure.
  48 ********************************************************************/
  49 
  50 static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
     /* [<][>][^][v][top][bottom][index][help] */
  51                                 uint32_t flags,
  52                                 uint32_t pdc_connection_status)
  53 {
  54         r->flags = flags;
  55         r->pdc_connection_status = pdc_connection_status;
  56 }
  57 
  58 /*******************************************************************
  59  Inits a netr_NETLOGON_INFO_2 structure.
  60 ********************************************************************/
  61 
  62 static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
     /* [<][>][^][v][top][bottom][index][help] */
  63                                 uint32_t flags,
  64                                 uint32_t pdc_connection_status,
  65                                 const char *trusted_dc_name,
  66                                 uint32_t tc_connection_status)
  67 {
  68         r->flags = flags;
  69         r->pdc_connection_status = pdc_connection_status;
  70         r->trusted_dc_name = trusted_dc_name;
  71         r->tc_connection_status = tc_connection_status;
  72 }
  73 
  74 /*******************************************************************
  75  Inits a netr_NETLOGON_INFO_3 structure.
  76 ********************************************************************/
  77 
  78 static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
     /* [<][>][^][v][top][bottom][index][help] */
  79                                 uint32_t flags,
  80                                 uint32_t logon_attempts)
  81 {
  82         r->flags = flags;
  83         r->logon_attempts = logon_attempts;
  84 }
  85 
  86 /*************************************************************************
  87  _netr_LogonControl
  88  *************************************************************************/
  89 
  90 WERROR _netr_LogonControl(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
  91                           struct netr_LogonControl *r)
  92 {
  93         struct netr_LogonControl2Ex l;
  94 
  95         switch (r->in.level) {
  96         case 1:
  97                 break;
  98         case 2:
  99                 return WERR_NOT_SUPPORTED;
 100         default:
 101                 return WERR_UNKNOWN_LEVEL;
 102         }
 103 
 104         l.in.logon_server       = r->in.logon_server;
 105         l.in.function_code      = r->in.function_code;
 106         l.in.level              = r->in.level;
 107         l.in.data               = NULL;
 108         l.out.query             = r->out.info;
 109 
 110         return _netr_LogonControl2Ex(p, &l);
 111 }
 112 
 113 /****************************************************************************
 114 Send a message to smbd to do a sam synchronisation
 115 **************************************************************************/
 116 
 117 static void send_sync_message(void)
     /* [<][>][^][v][top][bottom][index][help] */
 118 {
 119         DEBUG(3, ("sending sam synchronisation message\n"));
 120         message_send_all(smbd_messaging_context(), MSG_SMB_SAM_SYNC, NULL, 0,
 121                          NULL);
 122 }
 123 
 124 /*************************************************************************
 125  _netr_LogonControl2
 126  *************************************************************************/
 127 
 128 WERROR _netr_LogonControl2(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 129                            struct netr_LogonControl2 *r)
 130 {
 131         struct netr_LogonControl2Ex l;
 132 
 133         l.in.logon_server       = r->in.logon_server;
 134         l.in.function_code      = r->in.function_code;
 135         l.in.level              = r->in.level;
 136         l.in.data               = r->in.data;
 137         l.out.query             = r->out.query;
 138 
 139         return _netr_LogonControl2Ex(p, &l);
 140 }
 141 
 142 /****************************************************************
 143  _netr_LogonControl2Ex
 144 ****************************************************************/
 145 
 146 WERROR _netr_LogonControl2Ex(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 147                              struct netr_LogonControl2Ex *r)
 148 {
 149         uint32 flags = 0x0;
 150         uint32 pdc_connection_status = 0x0;
 151         uint32 logon_attempts = 0x0;
 152         uint32 tc_status;
 153         fstring dc_name2;
 154         const char *dc_name = NULL;
 155         struct sockaddr_storage dc_ss;
 156         const char *domain = NULL;
 157         struct netr_NETLOGON_INFO_1 *info1;
 158         struct netr_NETLOGON_INFO_2 *info2;
 159         struct netr_NETLOGON_INFO_3 *info3;
 160         const char *fn;
 161 
 162         switch (p->hdr_req.opnum) {
 163                 case NDR_NETR_LOGONCONTROL:
 164                         fn = "_netr_LogonControl";
 165                         break;
 166                 case NDR_NETR_LOGONCONTROL2:
 167                         fn = "_netr_LogonControl2";
 168                         break;
 169                 case NDR_NETR_LOGONCONTROL2EX:
 170                         fn = "_netr_LogonControl2Ex";
 171                         break;
 172                 default:
 173                         return WERR_INVALID_PARAM;
 174         }
 175 
 176         tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
 177 
 178         switch (r->in.function_code) {
 179                 case NETLOGON_CONTROL_TC_QUERY:
 180                         domain = r->in.data->domain;
 181 
 182                         if ( !is_trusted_domain( domain ) )
 183                                 break;
 184 
 185                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
 186                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
 187                                 break;
 188                         }
 189 
 190                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
 191                         if (!dc_name) {
 192                                 return WERR_NOMEM;
 193                         }
 194 
 195                         tc_status = W_ERROR_V(WERR_OK);
 196 
 197                         break;
 198 
 199                 case NETLOGON_CONTROL_REDISCOVER:
 200                         domain = r->in.data->domain;
 201 
 202                         if ( !is_trusted_domain( domain ) )
 203                                 break;
 204 
 205                         if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
 206                                 tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
 207                                 break;
 208                         }
 209 
 210                         dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_name2);
 211                         if (!dc_name) {
 212                                 return WERR_NOMEM;
 213                         }
 214 
 215                         tc_status = W_ERROR_V(WERR_OK);
 216 
 217                         break;
 218 
 219                 default:
 220                         /* no idea what this should be */
 221                         DEBUG(0,("%s: unimplemented function level [%d]\n",
 222                                 fn, r->in.function_code));
 223                         return WERR_UNKNOWN_LEVEL;
 224         }
 225 
 226         /* prepare the response */
 227 
 228         switch (r->in.level) {
 229                 case 1:
 230                         info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
 231                         W_ERROR_HAVE_NO_MEMORY(info1);
 232 
 233                         init_netlogon_info1(info1,
 234                                             flags,
 235                                             pdc_connection_status);
 236                         r->out.query->info1 = info1;
 237                         break;
 238                 case 2:
 239                         info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
 240                         W_ERROR_HAVE_NO_MEMORY(info2);
 241 
 242                         init_netlogon_info2(info2,
 243                                             flags,
 244                                             pdc_connection_status,
 245                                             dc_name,
 246                                             tc_status);
 247                         r->out.query->info2 = info2;
 248                         break;
 249                 case 3:
 250                         info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
 251                         W_ERROR_HAVE_NO_MEMORY(info3);
 252 
 253                         init_netlogon_info3(info3,
 254                                             flags,
 255                                             logon_attempts);
 256                         r->out.query->info3 = info3;
 257                         break;
 258                 default:
 259                         return WERR_UNKNOWN_LEVEL;
 260         }
 261 
 262         if (lp_server_role() == ROLE_DOMAIN_BDC) {
 263                 send_sync_message();
 264         }
 265 
 266         return WERR_OK;
 267 }
 268 
 269 /*************************************************************************
 270  _netr_NetrEnumerateTrustedDomains
 271  *************************************************************************/
 272 
 273 WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 274                                          struct netr_NetrEnumerateTrustedDomains *r)
 275 {
 276         struct netr_Blob trusted_domains_blob;
 277         DATA_BLOB blob;
 278 
 279         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
 280 
 281         /* set up the Trusted Domain List response */
 282 
 283         blob = data_blob_talloc_zero(p->mem_ctx, 2);
 284         trusted_domains_blob.data = blob.data;
 285         trusted_domains_blob.length = blob.length;
 286 
 287         DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
 288 
 289         *r->out.trusted_domains_blob = trusted_domains_blob;
 290 
 291         return WERR_OK;
 292 }
 293 
 294 /******************************************************************
 295  gets a machine password entry.  checks access rights of the host.
 296  ******************************************************************/
 297 
 298 static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct,
     /* [<][>][^][v][top][bottom][index][help] */
 299                           uint16_t sec_chan_type, uint32_t *rid)
 300 {
 301         struct samu *sampass = NULL;
 302         const uint8 *pass;
 303         bool ret;
 304         uint32 acct_ctrl;
 305 
 306 #if 0
 307         char addr[INET6_ADDRSTRLEN];
 308 
 309     /*
 310      * Currently this code is redundent as we already have a filter
 311      * by hostname list. What this code really needs to do is to
 312      * get a hosts allowed/hosts denied list from the SAM database
 313      * on a per user basis, and make the access decision there.
 314      * I will leave this code here for now as a reminder to implement
 315      * this at a later date. JRA.
 316      */
 317 
 318         if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(),
 319                         client_name(get_client_fd()),
 320                         client_addr(get_client_fd(),addr,sizeof(addr)))) {
 321                 DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct));
 322                 return False;
 323         }
 324 #endif /* 0 */
 325 
 326         if ( !(sampass = samu_new( NULL )) ) {
 327                 return NT_STATUS_NO_MEMORY;
 328         }
 329 
 330         /* JRA. This is ok as it is only used for generating the challenge. */
 331         become_root();
 332         ret = pdb_getsampwnam(sampass, mach_acct);
 333         unbecome_root();
 334 
 335         if (!ret) {
 336                 DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
 337                 TALLOC_FREE(sampass);
 338                 return NT_STATUS_ACCESS_DENIED;
 339         }
 340 
 341         acct_ctrl = pdb_get_acct_ctrl(sampass);
 342         if (acct_ctrl & ACB_DISABLED) {
 343                 DEBUG(0,("get_md4pw: Workstation %s: account is disabled\n", mach_acct));
 344                 TALLOC_FREE(sampass);
 345                 return NT_STATUS_ACCOUNT_DISABLED;
 346         }
 347 
 348         if (!(acct_ctrl & ACB_SVRTRUST) &&
 349             !(acct_ctrl & ACB_WSTRUST) &&
 350             !(acct_ctrl & ACB_DOMTRUST))
 351         {
 352                 DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
 353                 TALLOC_FREE(sampass);
 354                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 355         }
 356 
 357         switch (sec_chan_type) {
 358                 case SEC_CHAN_BDC:
 359                         if (!(acct_ctrl & ACB_SVRTRUST)) {
 360                                 DEBUG(0,("get_md4pw: Workstation %s: BDC secure channel requested "
 361                                          "but not a server trust account\n", mach_acct));
 362                                 TALLOC_FREE(sampass);
 363                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 364                         }
 365                         break;
 366                 case SEC_CHAN_WKSTA:
 367                         if (!(acct_ctrl & ACB_WSTRUST)) {
 368                                 DEBUG(0,("get_md4pw: Workstation %s: WORKSTATION secure channel requested "
 369                                          "but not a workstation trust account\n", mach_acct));
 370                                 TALLOC_FREE(sampass);
 371                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 372                         }
 373                         break;
 374                 case SEC_CHAN_DOMAIN:
 375                         if (!(acct_ctrl & ACB_DOMTRUST)) {
 376                                 DEBUG(0,("get_md4pw: Workstation %s: DOMAIN secure channel requested "
 377                                          "but not a interdomain trust account\n", mach_acct));
 378                                 TALLOC_FREE(sampass);
 379                                 return NT_STATUS_NO_TRUST_SAM_ACCOUNT;
 380                         }
 381                         break;
 382                 default:
 383                         break;
 384         }
 385 
 386         if ((pass = pdb_get_nt_passwd(sampass)) == NULL) {
 387                 DEBUG(0,("get_md4pw: Workstation %s: account does not have a password\n", mach_acct));
 388                 TALLOC_FREE(sampass);
 389                 return NT_STATUS_LOGON_FAILURE;
 390         }
 391 
 392         memcpy(md4pw, pass, 16);
 393         dump_data(5, (uint8 *)md4pw, 16);
 394 
 395         if (rid) {
 396                 *rid = pdb_get_user_rid(sampass);
 397         }
 398 
 399         TALLOC_FREE(sampass);
 400 
 401         return NT_STATUS_OK;
 402 
 403 
 404 }
 405 
 406 /*************************************************************************
 407  _netr_ServerReqChallenge
 408  *************************************************************************/
 409 
 410 NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 411                                   struct netr_ServerReqChallenge *r)
 412 {
 413         if (!p->dc) {
 414                 p->dc = TALLOC_ZERO_P(p, struct dcinfo);
 415                 if (!p->dc) {
 416                         return NT_STATUS_NO_MEMORY;
 417                 }
 418         } else {
 419                 DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
 420                 ZERO_STRUCTP(p->dc);
 421         }
 422 
 423         fstrcpy(p->dc->remote_machine, r->in.computer_name);
 424 
 425         /* Save the client challenge to the server. */
 426         memcpy(p->dc->clnt_chal.data, r->in.credentials->data,
 427                 sizeof(r->in.credentials->data));
 428 
 429         /* Create a server challenge for the client */
 430         /* Set this to a random value. */
 431         generate_random_buffer(p->dc->srv_chal.data, 8);
 432 
 433         /* set up the LSA REQUEST CHALLENGE response */
 434         init_net_r_req_chal(r->out.return_credentials, &p->dc->srv_chal);
 435 
 436         p->dc->challenge_sent = True;
 437 
 438         return NT_STATUS_OK;
 439 }
 440 
 441 /*************************************************************************
 442  _netr_ServerAuthenticate
 443  Create the initial credentials.
 444  *************************************************************************/
 445 
 446 NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 447                                   struct netr_ServerAuthenticate *r)
 448 {
 449         NTSTATUS status;
 450         struct netr_Credential srv_chal_out;
 451 
 452         if (!p->dc || !p->dc->challenge_sent) {
 453                 return NT_STATUS_ACCESS_DENIED;
 454         }
 455 
 456         status = get_md4pw((char *)p->dc->mach_pw,
 457                            r->in.account_name,
 458                            r->in.secure_channel_type,
 459                            NULL);
 460         if (!NT_STATUS_IS_OK(status)) {
 461                 DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
 462                         "get password for machine account %s "
 463                         "from client %s: %s\n",
 464                         r->in.account_name,
 465                         r->in.computer_name,
 466                         nt_errstr(status) ));
 467                 /* always return NT_STATUS_ACCESS_DENIED */
 468                 return NT_STATUS_ACCESS_DENIED;
 469         }
 470 
 471         /* From the client / server challenges and md4 password, generate sess key */
 472         creds_server_init(0,                    /* No neg flags. */
 473                         p->dc,
 474                         &p->dc->clnt_chal,      /* Stored client chal. */
 475                         &p->dc->srv_chal,       /* Stored server chal. */
 476                         p->dc->mach_pw,
 477                         &srv_chal_out);
 478 
 479         /* Check client credentials are valid. */
 480         if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
 481                 DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth "
 482                         "request from client %s machine account %s\n",
 483                         r->in.computer_name,
 484                         r->in.account_name));
 485                 return NT_STATUS_ACCESS_DENIED;
 486         }
 487 
 488         fstrcpy(p->dc->mach_acct, r->in.account_name);
 489         fstrcpy(p->dc->remote_machine, r->in.computer_name);
 490         p->dc->authenticated = True;
 491 
 492         /* set up the LSA AUTH response */
 493         /* Return the server credentials. */
 494 
 495         memcpy(r->out.return_credentials->data, &srv_chal_out.data,
 496                sizeof(r->out.return_credentials->data));
 497 
 498         return NT_STATUS_OK;
 499 }
 500 
 501 /*************************************************************************
 502  _netr_ServerAuthenticate3
 503  *************************************************************************/
 504 
 505 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 506                                    struct netr_ServerAuthenticate3 *r)
 507 {
 508         NTSTATUS status;
 509         uint32_t srv_flgs;
 510         /* r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags,
 511          * so use a copy to avoid destroying the client values. */
 512         uint32_t in_neg_flags = *r->in.negotiate_flags;
 513         struct netr_Credential srv_chal_out;
 514         const char *fn;
 515 
 516         /* According to Microsoft (see bugid #6099)
 517          * Windows 7 looks at the negotiate_flags
 518          * returned in this structure *even if the
 519          * call fails with access denied* ! So in order
 520          * to allow Win7 to connect to a Samba NT style
 521          * PDC we set the flags before we know if it's
 522          * an error or not.
 523          */
 524 
 525         /* 0x000001ff */
 526         srv_flgs = NETLOGON_NEG_ACCOUNT_LOCKOUT |
 527                    NETLOGON_NEG_PERSISTENT_SAMREPL |
 528                    NETLOGON_NEG_ARCFOUR |
 529                    NETLOGON_NEG_PROMOTION_COUNT |
 530                    NETLOGON_NEG_CHANGELOG_BDC |
 531                    NETLOGON_NEG_FULL_SYNC_REPL |
 532                    NETLOGON_NEG_MULTIPLE_SIDS |
 533                    NETLOGON_NEG_REDO |
 534                    NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL;
 535 
 536         /* Ensure we support strong (128-bit) keys. */
 537         if (in_neg_flags & NETLOGON_NEG_STRONG_KEYS) {
 538                 srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
 539         }
 540 
 541         if (lp_server_schannel() != false) {
 542                 srv_flgs |= NETLOGON_NEG_SCHANNEL;
 543         }
 544 
 545         switch (p->hdr_req.opnum) {
 546                 case NDR_NETR_SERVERAUTHENTICATE2:
 547                         fn = "_netr_ServerAuthenticate2";
 548                         break;
 549                 case NDR_NETR_SERVERAUTHENTICATE3:
 550                         fn = "_netr_ServerAuthenticate3";
 551                         break;
 552                 default:
 553                         return NT_STATUS_INTERNAL_ERROR;
 554         }
 555 
 556         /* We use this as the key to store the creds: */
 557         /* r->in.computer_name */
 558 
 559         if (!p->dc || !p->dc->challenge_sent) {
 560                 DEBUG(0,("%s: no challenge sent to client %s\n", fn,
 561                         r->in.computer_name));
 562                 status = NT_STATUS_ACCESS_DENIED;
 563                 goto out;
 564         }
 565 
 566         if ( (lp_server_schannel() == true) &&
 567              ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
 568 
 569                 /* schannel must be used, but client did not offer it. */
 570                 DEBUG(0,("%s: schannel required but client failed "
 571                         "to offer it. Client was %s\n",
 572                         fn, r->in.account_name));
 573                 status = NT_STATUS_ACCESS_DENIED;
 574                 goto out;
 575         }
 576 
 577         status = get_md4pw((char *)p->dc->mach_pw,
 578                            r->in.account_name,
 579                            r->in.secure_channel_type,
 580                            r->out.rid);
 581         if (!NT_STATUS_IS_OK(status)) {
 582                 DEBUG(0,("%s: failed to get machine password for "
 583                         "account %s: %s\n",
 584                         fn, r->in.account_name, nt_errstr(status) ));
 585                 /* always return NT_STATUS_ACCESS_DENIED */
 586                 status = NT_STATUS_ACCESS_DENIED;
 587                 goto out;
 588         }
 589 
 590         /* From the client / server challenges and md4 password, generate sess key */
 591         creds_server_init(in_neg_flags,
 592                         p->dc,
 593                         &p->dc->clnt_chal,      /* Stored client chal. */
 594                         &p->dc->srv_chal,       /* Stored server chal. */
 595                         p->dc->mach_pw,
 596                         &srv_chal_out);
 597 
 598         /* Check client credentials are valid. */
 599         if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
 600                 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth "
 601                         "request from client %s machine account %s\n",
 602                         fn, r->in.computer_name,
 603                         r->in.account_name));
 604                 status = NT_STATUS_ACCESS_DENIED;
 605                 goto out;
 606         }
 607         /* set up the LSA AUTH 2 response */
 608         memcpy(r->out.return_credentials->data, &srv_chal_out.data,
 609                sizeof(r->out.return_credentials->data));
 610 
 611         fstrcpy(p->dc->mach_acct, r->in.account_name);
 612         fstrcpy(p->dc->remote_machine, r->in.computer_name);
 613         fstrcpy(p->dc->domain, lp_workgroup() );
 614 
 615         p->dc->authenticated = True;
 616 
 617         /* Store off the state so we can continue after client disconnect. */
 618         become_root();
 619         secrets_store_schannel_session_info(p->mem_ctx,
 620                                             r->in.computer_name,
 621                                             p->dc);
 622         unbecome_root();
 623         status = NT_STATUS_OK;
 624 
 625   out:
 626 
 627         *r->out.negotiate_flags = srv_flgs;
 628         return status;
 629 }
 630 
 631 /*************************************************************************
 632  _netr_ServerAuthenticate2
 633  *************************************************************************/
 634 
 635 NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 636                                    struct netr_ServerAuthenticate2 *r)
 637 {
 638         struct netr_ServerAuthenticate3 a;
 639         uint32_t rid;
 640 
 641         a.in.server_name                = r->in.server_name;
 642         a.in.account_name               = r->in.account_name;
 643         a.in.secure_channel_type        = r->in.secure_channel_type;
 644         a.in.computer_name              = r->in.computer_name;
 645         a.in.credentials                = r->in.credentials;
 646         a.in.negotiate_flags            = r->in.negotiate_flags;
 647 
 648         a.out.return_credentials        = r->out.return_credentials;
 649         a.out.rid                       = &rid;
 650         a.out.negotiate_flags           = r->out.negotiate_flags;
 651 
 652         return _netr_ServerAuthenticate3(p, &a);
 653 }
 654 
 655 /*************************************************************************
 656  _netr_ServerPasswordSet
 657  *************************************************************************/
 658 
 659 NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 660                                  struct netr_ServerPasswordSet *r)
 661 {
 662         NTSTATUS status = NT_STATUS_OK;
 663         fstring remote_machine;
 664         struct samu *sampass=NULL;
 665         bool ret = False;
 666         unsigned char pwd[16];
 667         int i;
 668         uint32 acct_ctrl;
 669         struct netr_Authenticator cred_out;
 670         const uchar *old_pw;
 671 
 672         DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
 673 
 674         /* We need the remote machine name for the creds lookup. */
 675         fstrcpy(remote_machine, r->in.computer_name);
 676 
 677         if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
 678                 /* 'server schannel = yes' should enforce use of
 679                    schannel, the client did offer it in auth2, but
 680                    obviously did not use it. */
 681                 DEBUG(0,("_netr_ServerPasswordSet: client %s not using schannel for netlogon\n",
 682                         remote_machine ));
 683                 return NT_STATUS_ACCESS_DENIED;
 684         }
 685 
 686         if (!p->dc) {
 687                 /* Restore the saved state of the netlogon creds. */
 688                 become_root();
 689                 ret = secrets_restore_schannel_session_info(p, remote_machine,
 690                                                             &p->dc);
 691                 unbecome_root();
 692                 if (!ret) {
 693                         return NT_STATUS_INVALID_HANDLE;
 694                 }
 695         }
 696 
 697         if (!p->dc || !p->dc->authenticated) {
 698                 return NT_STATUS_INVALID_HANDLE;
 699         }
 700 
 701         DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
 702                         remote_machine, p->dc->mach_acct));
 703 
 704         /* Step the creds chain forward. */
 705         if (!netlogon_creds_server_step(p->dc, r->in.credential, &cred_out)) {
 706                 DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
 707                         "request from client %s machine account %s\n",
 708                         remote_machine, p->dc->mach_acct ));
 709                 return NT_STATUS_INVALID_PARAMETER;
 710         }
 711 
 712         /* We must store the creds state after an update. */
 713         sampass = samu_new( NULL );
 714         if (!sampass) {
 715                 return NT_STATUS_NO_MEMORY;
 716         }
 717 
 718         become_root();
 719         secrets_store_schannel_session_info(p, remote_machine, p->dc);
 720         ret = pdb_getsampwnam(sampass, p->dc->mach_acct);
 721         unbecome_root();
 722 
 723         if (!ret) {
 724                 TALLOC_FREE(sampass);
 725                 return NT_STATUS_ACCESS_DENIED;
 726         }
 727 
 728         /* Ensure the account exists and is a machine account. */
 729 
 730         acct_ctrl = pdb_get_acct_ctrl(sampass);
 731 
 732         if (!(acct_ctrl & ACB_WSTRUST ||
 733                       acct_ctrl & ACB_SVRTRUST ||
 734                       acct_ctrl & ACB_DOMTRUST)) {
 735                 TALLOC_FREE(sampass);
 736                 return NT_STATUS_NO_SUCH_USER;
 737         }
 738 
 739         if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
 740                 TALLOC_FREE(sampass);
 741                 return NT_STATUS_ACCOUNT_DISABLED;
 742         }
 743 
 744         des_crypt112_16(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
 745 
 746         DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
 747         for(i = 0; i < sizeof(pwd); i++)
 748                 DEBUG(100,("%02X ", pwd[i]));
 749         DEBUG(100,("\n"));
 750 
 751         old_pw = pdb_get_nt_passwd(sampass);
 752 
 753         if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
 754                 /* Avoid backend modificiations and other fun if the
 755                    client changed the password to the *same thing* */
 756 
 757                 ret = True;
 758         } else {
 759 
 760                 /* LM password should be NULL for machines */
 761                 if (!pdb_set_lanman_passwd(sampass, NULL, PDB_CHANGED)) {
 762                         TALLOC_FREE(sampass);
 763                         return NT_STATUS_NO_MEMORY;
 764                 }
 765 
 766                 if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
 767                         TALLOC_FREE(sampass);
 768                         return NT_STATUS_NO_MEMORY;
 769                 }
 770 
 771                 if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
 772                         TALLOC_FREE(sampass);
 773                         /* Not quite sure what this one qualifies as, but this will do */
 774                         return NT_STATUS_UNSUCCESSFUL;
 775                 }
 776 
 777                 become_root();
 778                 status = pdb_update_sam_account(sampass);
 779                 unbecome_root();
 780         }
 781 
 782         /* set up the LSA Server Password Set response */
 783 
 784         memcpy(r->out.return_authenticator, &cred_out,
 785                sizeof(*(r->out.return_authenticator)));
 786 
 787         TALLOC_FREE(sampass);
 788         return status;
 789 }
 790 
 791 /*************************************************************************
 792  _netr_LogonSamLogoff
 793  *************************************************************************/
 794 
 795 NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 796                               struct netr_LogonSamLogoff *r)
 797 {
 798         if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
 799                 /* 'server schannel = yes' should enforce use of
 800                    schannel, the client did offer it in auth2, but
 801                    obviously did not use it. */
 802                 DEBUG(0,("_netr_LogonSamLogoff: client %s not using schannel for netlogon\n",
 803                         get_remote_machine_name() ));
 804                 return NT_STATUS_ACCESS_DENIED;
 805         }
 806 
 807 
 808         /* Using the remote machine name for the creds store: */
 809         /* r->in.computer_name */
 810 
 811         if (!p->dc) {
 812                 /* Restore the saved state of the netlogon creds. */
 813                 bool ret;
 814 
 815                 become_root();
 816                 ret = secrets_restore_schannel_session_info(
 817                         p, r->in.computer_name, &p->dc);
 818                 unbecome_root();
 819                 if (!ret) {
 820                         return NT_STATUS_INVALID_HANDLE;
 821                 }
 822         }
 823 
 824         if (!p->dc || !p->dc->authenticated) {
 825                 return NT_STATUS_INVALID_HANDLE;
 826         }
 827 
 828         /* checks and updates credentials.  creates reply credentials */
 829         if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
 830                 DEBUG(2,("_netr_LogonSamLogoff: netlogon_creds_server_step failed. Rejecting auth "
 831                         "request from client %s machine account %s\n",
 832                         r->in.computer_name, p->dc->mach_acct ));
 833                 return NT_STATUS_INVALID_PARAMETER;
 834         }
 835 
 836         /* We must store the creds state after an update. */
 837         become_root();
 838         secrets_store_schannel_session_info(p, r->in.computer_name, p->dc);
 839         unbecome_root();
 840 
 841         return NT_STATUS_OK;
 842 }
 843 
 844 /*************************************************************************
 845  _netr_LogonSamLogon
 846  *************************************************************************/
 847 
 848 NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
 849                              struct netr_LogonSamLogon *r)
 850 {
 851         NTSTATUS status = NT_STATUS_OK;
 852         struct netr_SamInfo3 *sam3 = NULL;
 853         union netr_LogonLevel *logon = r->in.logon;
 854         fstring nt_username, nt_domain, nt_workstation;
 855         auth_usersupplied_info *user_info = NULL;
 856         auth_serversupplied_info *server_info = NULL;
 857         struct auth_context *auth_context = NULL;
 858         uint8_t pipe_session_key[16];
 859         bool process_creds = true;
 860         const char *fn;
 861 
 862         switch (p->hdr_req.opnum) {
 863                 case NDR_NETR_LOGONSAMLOGON:
 864                         process_creds = true;
 865                         fn = "_netr_LogonSamLogon";
 866                         break;
 867                 case NDR_NETR_LOGONSAMLOGONEX:
 868                         fn = "_netr_LogonSamLogonEx";
 869                 default:
 870                         fn = "";
 871                         process_creds = false;
 872         }
 873 
 874         if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
 875                 /* 'server schannel = yes' should enforce use of
 876                    schannel, the client did offer it in auth2, but
 877                    obviously did not use it. */
 878                 DEBUG(0,("%s: client %s not using schannel for netlogon\n",
 879                         fn, get_remote_machine_name() ));
 880                 return NT_STATUS_ACCESS_DENIED;
 881         }
 882 
 883         *r->out.authoritative = true; /* authoritative response */
 884         if (r->in.validation_level != 2 && r->in.validation_level != 3) {
 885                 DEBUG(0,("%s: bad validation_level value %d.\n",
 886                         fn, (int)r->in.validation_level));
 887                 return NT_STATUS_INVALID_INFO_CLASS;
 888         }
 889 
 890         sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
 891         if (!sam3) {
 892                 return NT_STATUS_NO_MEMORY;
 893         }
 894 
 895         /* store the user information, if there is any. */
 896         r->out.validation->sam3 = sam3;
 897 
 898         if (process_creds) {
 899 
 900                 /* Get the remote machine name for the creds store. */
 901                 /* Note this is the remote machine this request is coming from (member server),
 902                    not neccessarily the workstation name the user is logging onto.
 903                 */
 904 
 905                 if (!p->dc) {
 906                         /* Restore the saved state of the netlogon creds. */
 907                         bool ret;
 908 
 909                         become_root();
 910                         ret = secrets_restore_schannel_session_info(
 911                                 p, r->in.computer_name, &p->dc);
 912                         unbecome_root();
 913                         if (!ret) {
 914                                 return NT_STATUS_INVALID_HANDLE;
 915                         }
 916                 }
 917 
 918                 if (!p->dc || !p->dc->authenticated) {
 919                         return NT_STATUS_INVALID_HANDLE;
 920                 }
 921 
 922                 /* checks and updates credentials.  creates reply credentials */
 923                 if (!netlogon_creds_server_step(p->dc, r->in.credential,  r->out.return_authenticator)) {
 924                         DEBUG(2,("%s: creds_server_step failed. Rejecting auth "
 925                                 "request from client %s machine account %s\n",
 926                                 fn, r->in.computer_name, p->dc->mach_acct ));
 927                         return NT_STATUS_INVALID_PARAMETER;
 928                 }
 929 
 930                 /* We must store the creds state after an update. */
 931                 become_root();
 932                 secrets_store_schannel_session_info(p, r->in.computer_name, p->dc);
 933                 unbecome_root();
 934         }
 935 
 936         switch (r->in.logon_level) {
 937         case NetlogonInteractiveInformation:
 938                 fstrcpy(nt_username,
 939                         logon->password->identity_info.account_name.string);
 940                 fstrcpy(nt_domain,
 941                         logon->password->identity_info.domain_name.string);
 942                 fstrcpy(nt_workstation,
 943                         logon->password->identity_info.workstation.string);
 944 
 945                 DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
 946                 break;
 947         case NetlogonNetworkInformation:
 948                 fstrcpy(nt_username,
 949                         logon->network->identity_info.account_name.string);
 950                 fstrcpy(nt_domain,
 951                         logon->network->identity_info.domain_name.string);
 952                 fstrcpy(nt_workstation,
 953                         logon->network->identity_info.workstation.string);
 954 
 955                 DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
 956                 break;
 957         default:
 958                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
 959                 return NT_STATUS_INVALID_INFO_CLASS;
 960         } /* end switch */
 961 
 962         DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
 963         fstrcpy(current_user_info.smb_name, nt_username);
 964         sub_set_smb_name(nt_username);
 965 
 966         DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
 967                 r->in.validation_level, nt_username));
 968 
 969         status = NT_STATUS_OK;
 970 
 971         switch (r->in.logon_level) {
 972         case NetlogonNetworkInformation:
 973         {
 974                 const char *wksname = nt_workstation;
 975 
 976                 status = make_auth_context_fixed(&auth_context,
 977                                                  logon->network->challenge);
 978                 if (!NT_STATUS_IS_OK(status)) {
 979                         return status;
 980                 }
 981 
 982                 /* For a network logon, the workstation name comes in with two
 983                  * backslashes in the front. Strip them if they are there. */
 984 
 985                 if (*wksname == '\\') wksname++;
 986                 if (*wksname == '\\') wksname++;
 987 
 988                 /* Standard challenge/response authenticaion */
 989                 if (!make_user_info_netlogon_network(&user_info,
 990                                                      nt_username, nt_domain,
 991                                                      wksname,
 992                                                      logon->network->identity_info.parameter_control,
 993                                                      logon->network->lm.data,
 994                                                      logon->network->lm.length,
 995                                                      logon->network->nt.data,
 996                                                      logon->network->nt.length)) {
 997                         status = NT_STATUS_NO_MEMORY;
 998                 }
 999                 break;
1000         }
1001         case NetlogonInteractiveInformation:
1002                 /* 'Interactive' authentication, supplies the password in its
1003                    MD4 form, encrypted with the session key.  We will convert
1004                    this to challenge/response for the auth subsystem to chew
1005                    on */
1006         {
1007                 uint8_t chal[8];
1008 
1009                 if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
1010                         return status;
1011                 }
1012 
1013                 auth_context->get_ntlm_challenge(auth_context, chal);
1014 
1015                 if (!make_user_info_netlogon_interactive(&user_info,
1016                                                          nt_username, nt_domain,
1017                                                          nt_workstation,
1018                                                          logon->password->identity_info.parameter_control,
1019                                                          chal,
1020                                                          logon->password->lmpassword.hash,
1021                                                          logon->password->ntpassword.hash,
1022                                                          p->dc->sess_key)) {
1023                         status = NT_STATUS_NO_MEMORY;
1024                 }
1025                 break;
1026         }
1027         default:
1028                 DEBUG(2,("SAM Logon: unsupported switch value\n"));
1029                 return NT_STATUS_INVALID_INFO_CLASS;
1030         } /* end switch */
1031 
1032         if ( NT_STATUS_IS_OK(status) ) {
1033                 status = auth_context->check_ntlm_password(auth_context,
1034                         user_info, &server_info);
1035         }
1036 
1037         (auth_context->free)(&auth_context);
1038         free_user_info(&user_info);
1039 
1040         DEBUG(5,("%s: check_password returned status %s\n",
1041                   fn, nt_errstr(status)));
1042 
1043         /* Check account and password */
1044 
1045         if (!NT_STATUS_IS_OK(status)) {
1046                 /* If we don't know what this domain is, we need to
1047                    indicate that we are not authoritative.  This
1048                    allows the client to decide if it needs to try
1049                    a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
1050                 if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
1051                      && !strequal(nt_domain, get_global_sam_name())
1052                      && !is_trusted_domain(nt_domain) )
1053                         *r->out.authoritative = false; /* We are not authoritative */
1054 
1055                 TALLOC_FREE(server_info);
1056                 return status;
1057         }
1058 
1059         if (server_info->guest) {
1060                 /* We don't like guest domain logons... */
1061                 DEBUG(5,("%s: Attempted domain logon as GUEST "
1062                          "denied.\n", fn));
1063                 TALLOC_FREE(server_info);
1064                 return NT_STATUS_LOGON_FAILURE;
1065         }
1066 
1067         /* This is the point at which, if the login was successful, that
1068            the SAM Local Security Authority should record that the user is
1069            logged in to the domain.  */
1070 
1071         if (process_creds) {
1072                 /* Get the pipe session key from the creds. */
1073                 memcpy(pipe_session_key, p->dc->sess_key, 16);
1074         } else {
1075                 /* Get the pipe session key from the schannel. */
1076                 if ((p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL)
1077                     || (p->auth.a_u.schannel_auth == NULL)) {
1078                         return NT_STATUS_INVALID_HANDLE;
1079                 }
1080                 memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
1081         }
1082 
1083         status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16, sam3);
1084         TALLOC_FREE(server_info);
1085         return status;
1086 }
1087 
1088 /*************************************************************************
1089  _netr_LogonSamLogonEx
1090  - no credential chaining. Map into net sam logon.
1091  *************************************************************************/
1092 
1093 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1094                                struct netr_LogonSamLogonEx *r)
1095 {
1096         struct netr_LogonSamLogon q;
1097 
1098         /* Only allow this if the pipe is protected. */
1099         if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1100                 DEBUG(0,("_netr_LogonSamLogonEx: client %s not using schannel for netlogon\n",
1101                         get_remote_machine_name() ));
1102                 return NT_STATUS_INVALID_PARAMETER;
1103         }
1104 
1105         q.in.server_name        = r->in.server_name;
1106         q.in.computer_name      = r->in.computer_name;
1107         q.in.logon_level        = r->in.logon_level;
1108         q.in.logon              = r->in.logon;
1109         q.in.validation_level   = r->in.validation_level;
1110         /* we do not handle the flags */
1111         /*                      = r->in.flags; */
1112 
1113         q.out.validation        = r->out.validation;
1114         q.out.authoritative     = r->out.authoritative;
1115         /* we do not handle the flags */
1116         /*                      = r->out.flags; */
1117 
1118         return _netr_LogonSamLogon(p, &q);
1119 }
1120 
1121 /*************************************************************************
1122  _ds_enum_dom_trusts
1123  *************************************************************************/
1124 #if 0   /* JERRY -- not correct */
1125  NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
     /* [<][>][^][v][top][bottom][index][help] */
1126                              DS_R_ENUM_DOM_TRUSTS *r_u)
1127 {
1128         NTSTATUS status = NT_STATUS_OK;
1129 
1130         /* TODO: According to MSDN, the can only be executed against a
1131            DC or domain member running Windows 2000 or later.  Need
1132            to test against a standalone 2k server and see what it
1133            does.  A windows 2000 DC includes its own domain in the
1134            list.  --jerry */
1135 
1136         return status;
1137 }
1138 #endif  /* JERRY */
1139 
1140 
1141 /****************************************************************
1142 ****************************************************************/
1143 
1144 WERROR _netr_LogonUasLogon(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1145                            struct netr_LogonUasLogon *r)
1146 {
1147         p->rng_fault_state = true;
1148         return WERR_NOT_SUPPORTED;
1149 }
1150 
1151 /****************************************************************
1152 ****************************************************************/
1153 
1154 WERROR _netr_LogonUasLogoff(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1155                             struct netr_LogonUasLogoff *r)
1156 {
1157         p->rng_fault_state = true;
1158         return WERR_NOT_SUPPORTED;
1159 }
1160 
1161 /****************************************************************
1162 ****************************************************************/
1163 
1164 NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1165                               struct netr_DatabaseDeltas *r)
1166 {
1167         p->rng_fault_state = true;
1168         return NT_STATUS_NOT_IMPLEMENTED;
1169 }
1170 
1171 /****************************************************************
1172 ****************************************************************/
1173 
1174 NTSTATUS _netr_DatabaseSync(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1175                             struct netr_DatabaseSync *r)
1176 {
1177         p->rng_fault_state = true;
1178         return NT_STATUS_NOT_IMPLEMENTED;
1179 }
1180 
1181 /****************************************************************
1182 ****************************************************************/
1183 
1184 NTSTATUS _netr_AccountDeltas(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1185                              struct netr_AccountDeltas *r)
1186 {
1187         p->rng_fault_state = true;
1188         return NT_STATUS_NOT_IMPLEMENTED;
1189 }
1190 
1191 /****************************************************************
1192 ****************************************************************/
1193 
1194 NTSTATUS _netr_AccountSync(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1195                            struct netr_AccountSync *r)
1196 {
1197         p->rng_fault_state = true;
1198         return NT_STATUS_NOT_IMPLEMENTED;
1199 }
1200 
1201 /****************************************************************
1202 ****************************************************************/
1203 
1204 WERROR _netr_GetDcName(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1205                        struct netr_GetDcName *r)
1206 {
1207         p->rng_fault_state = true;
1208         return WERR_NOT_SUPPORTED;
1209 }
1210 
1211 /****************************************************************
1212 ****************************************************************/
1213 
1214 WERROR _netr_GetAnyDCName(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1215                           struct netr_GetAnyDCName *r)
1216 {
1217         p->rng_fault_state = true;
1218         return WERR_NOT_SUPPORTED;
1219 }
1220 
1221 /****************************************************************
1222 ****************************************************************/
1223 
1224 NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1225                              struct netr_DatabaseSync2 *r)
1226 {
1227         p->rng_fault_state = true;
1228         return NT_STATUS_NOT_IMPLEMENTED;
1229 }
1230 
1231 /****************************************************************
1232 ****************************************************************/
1233 
1234 NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1235                             struct netr_DatabaseRedo *r)
1236 {
1237         p->rng_fault_state = true;
1238         return NT_STATUS_NOT_IMPLEMENTED;
1239 }
1240 
1241 /****************************************************************
1242 ****************************************************************/
1243 
1244 WERROR _netr_DsRGetDCName(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1245                           struct netr_DsRGetDCName *r)
1246 {
1247         p->rng_fault_state = true;
1248         return WERR_NOT_SUPPORTED;
1249 }
1250 
1251 /****************************************************************
1252 ****************************************************************/
1253 
1254 NTSTATUS _netr_LogonGetCapabilities(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1255                                     struct netr_LogonGetCapabilities *r)
1256 {
1257         return NT_STATUS_NOT_IMPLEMENTED;
1258 }
1259 
1260 /****************************************************************
1261 ****************************************************************/
1262 
1263 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1264                                      struct netr_NETRLOGONSETSERVICEBITS *r)
1265 {
1266         p->rng_fault_state = true;
1267         return WERR_NOT_SUPPORTED;
1268 }
1269 
1270 /****************************************************************
1271 ****************************************************************/
1272 
1273 WERROR _netr_LogonGetTrustRid(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1274                               struct netr_LogonGetTrustRid *r)
1275 {
1276         p->rng_fault_state = true;
1277         return WERR_NOT_SUPPORTED;
1278 }
1279 
1280 /****************************************************************
1281 ****************************************************************/
1282 
1283 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1284                                           struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
1285 {
1286         p->rng_fault_state = true;
1287         return WERR_NOT_SUPPORTED;
1288 }
1289 
1290 /****************************************************************
1291 ****************************************************************/
1292 
1293 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1294                                           struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
1295 {
1296         p->rng_fault_state = true;
1297         return WERR_NOT_SUPPORTED;
1298 }
1299 
1300 /****************************************************************
1301 ****************************************************************/
1302 
1303 WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1304                             struct netr_DsRGetDCNameEx *r)
1305 {
1306         p->rng_fault_state = true;
1307         return WERR_NOT_SUPPORTED;
1308 }
1309 
1310 /****************************************************************
1311 ****************************************************************/
1312 
1313 WERROR _netr_DsRGetSiteName(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1314                             struct netr_DsRGetSiteName *r)
1315 {
1316         p->rng_fault_state = true;
1317         return WERR_NOT_SUPPORTED;
1318 }
1319 
1320 /****************************************************************
1321 ****************************************************************/
1322 
1323 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1324                                   struct netr_LogonGetDomainInfo *r)
1325 {
1326         p->rng_fault_state = true;
1327         return NT_STATUS_NOT_IMPLEMENTED;
1328 }
1329 
1330 /****************************************************************
1331 ****************************************************************/
1332 
1333 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1334                                   struct netr_ServerPasswordSet2 *r)
1335 {
1336         p->rng_fault_state = true;
1337         return NT_STATUS_NOT_IMPLEMENTED;
1338 }
1339 
1340 /****************************************************************
1341 ****************************************************************/
1342 
1343 WERROR _netr_ServerPasswordGet(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1344                                struct netr_ServerPasswordGet *r)
1345 {
1346         p->rng_fault_state = true;
1347         return WERR_NOT_SUPPORTED;
1348 }
1349 
1350 /****************************************************************
1351 ****************************************************************/
1352 
1353 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1354                                 struct netr_NETRLOGONSENDTOSAM *r)
1355 {
1356         p->rng_fault_state = true;
1357         return WERR_NOT_SUPPORTED;
1358 }
1359 
1360 /****************************************************************
1361 ****************************************************************/
1362 
1363 WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1364                                     struct netr_DsRAddressToSitenamesW *r)
1365 {
1366         p->rng_fault_state = true;
1367         return WERR_NOT_SUPPORTED;
1368 }
1369 
1370 /****************************************************************
1371 ****************************************************************/
1372 
1373 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1374                              struct netr_DsRGetDCNameEx2 *r)
1375 {
1376         p->rng_fault_state = true;
1377         return WERR_NOT_SUPPORTED;
1378 }
1379 
1380 /****************************************************************
1381 ****************************************************************/
1382 
1383 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1384                                                  struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
1385 {
1386         p->rng_fault_state = true;
1387         return WERR_NOT_SUPPORTED;
1388 }
1389 
1390 /****************************************************************
1391 ****************************************************************/
1392 
1393 WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1394                                            struct netr_NetrEnumerateTrustedDomainsEx *r)
1395 {
1396         p->rng_fault_state = true;
1397         return WERR_NOT_SUPPORTED;
1398 }
1399 
1400 /****************************************************************
1401 ****************************************************************/
1402 
1403 WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1404                                       struct netr_DsRAddressToSitenamesExW *r)
1405 {
1406         p->rng_fault_state = true;
1407         return WERR_NOT_SUPPORTED;
1408 }
1409 
1410 /****************************************************************
1411 ****************************************************************/
1412 
1413 WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1414                                    struct netr_DsrGetDcSiteCoverageW *r)
1415 {
1416         p->rng_fault_state = true;
1417         return WERR_NOT_SUPPORTED;
1418 }
1419 
1420 /****************************************************************
1421 ****************************************************************/
1422 
1423 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1424                                       struct netr_DsrEnumerateDomainTrusts *r)
1425 {
1426         p->rng_fault_state = true;
1427         return WERR_NOT_SUPPORTED;
1428 }
1429 
1430 /****************************************************************
1431 ****************************************************************/
1432 
1433 WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1434                                          struct netr_DsrDeregisterDNSHostRecords *r)
1435 {
1436         p->rng_fault_state = true;
1437         return WERR_NOT_SUPPORTED;
1438 }
1439 
1440 /****************************************************************
1441 ****************************************************************/
1442 
1443 NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1444                                        struct netr_ServerTrustPasswordsGet *r)
1445 {
1446         p->rng_fault_state = true;
1447         return NT_STATUS_NOT_IMPLEMENTED;
1448 }
1449 
1450 /****************************************************************
1451 ****************************************************************/
1452 
1453 WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1454                                           struct netr_DsRGetForestTrustInformation *r)
1455 {
1456         p->rng_fault_state = true;
1457         return WERR_NOT_SUPPORTED;
1458 }
1459 
1460 /****************************************************************
1461 ****************************************************************/
1462 
1463 WERROR _netr_GetForestTrustInformation(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1464                                        struct netr_GetForestTrustInformation *r)
1465 {
1466         p->rng_fault_state = true;
1467         return WERR_NOT_SUPPORTED;
1468 }
1469 
1470 /****************************************************************
1471 ****************************************************************/
1472 
1473 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1474                                       struct netr_LogonSamLogonWithFlags *r)
1475 {
1476         p->rng_fault_state = true;
1477         return NT_STATUS_NOT_IMPLEMENTED;
1478 }
1479 
1480 /****************************************************************
1481 ****************************************************************/
1482 
1483 NTSTATUS _netr_ServerGetTrustInfo(pipes_struct *p,
     /* [<][>][^][v][top][bottom][index][help] */
1484                                   struct netr_ServerGetTrustInfo *r)
1485 {
1486         p->rng_fault_state = true;
1487         return NT_STATUS_NOT_IMPLEMENTED;
1488 }
1489 

/* [<][>][^][v][top][bottom][index][help] */