smbns_netlogon.c revision 2
2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A * This module handles the primary domain controller location protocol. 2N/A * The document claims to be version 1.15 of the browsing protocol. It also 2N/A * claims to specify the mailslot protocol. 2N/A * The NETLOGON protocol uses \MAILSLOT\NET mailslots. The protocol 2N/A * specification is incomplete, contains errors and is out-of-date but 2N/A * it does provide some useful background information. The document 2N/A * doesn't mention the NETLOGON_SAMLOGON version of the protocol. 2N/A * Temporary. It should be removed once NBTD is integrated. 2N/A * smb_netlogon_request 2N/A * This is the entry point locating the resource domain PDC. A netlogon 2N/A * request is sent using the specified protocol on the specified network. 2N/A * Note that we need to know the domain SID in order to use the samlogon 2N/A * Netlogon responses are received asynchronously and eventually handled 2N/A * in smb_netlogon_receive. 2N/A * smb_netlogon_receive 2N/A * This is where we handle all incoming NetLogon messages. Currently, we 2N/A * ignore requests from anyone else. We are only interested in responses 2N/A * to our own requests. The NetLogonResponse provides the name of the PDC. 2N/A * If we don't already have a controller name, we use the name provided 2N/A * in the message. Otherwise we use the name already in the environment. 2N/A * The datagram->src.name is in oem codepage format. 2N/A * Therefore, we need to convert it to unicode and 2N/A * store it in multi-bytes format. 2N/A * PDC name (MBS), PDC name (Unicode), Domain name (unicode) 2N/A "NetLogonResponse: opcode %d decode error",
2N/A * PDC name, User name, Domain name (all unicode) 2N/A "NetLogonResponse: opcode %d decode error",
2N/A * skip past the "\\" prefix 2N/A * We don't respond to PDC discovery requests. 2N/A * smb_netlogon_query 2N/A * Build and send a LOGON_PRIMARY_QUERY to the MAILSLOT_NETLOGON. At some 2N/A * point we should receive a LOGON_PRIMARY_RESPONSE in the mailslot we 2N/A * specify in the request. 2N/A * struct NETLOGON_QUERY { 2N/A * unsigned short Opcode; # LOGON_PRIMARY_QUERY 2N/A * char ComputerName[]; # ASCII hostname. The response 2N/A * # is sent to <ComputerName>(00). 2N/A * char MailslotName[]; # MAILSLOT_NETLOGON 2N/A * char Pad[]; # Pad to short 2N/A * wchar_t ComputerName[] # UNICODE hostname 2N/A * DWORD NT_Version; # 0x00000001 2N/A * WORD LmNTToken; # 0xffff 2N/A * WORD Lm20Token; # 0xffff 2N/A * The (name_lengths & 1) part is to word align the name_lengths 2N/A * before the wc equiv strlen and the "+ 2" is to cover the two 2N/A * zero bytes that terminate the wchar string. 2N/A * smb_netlogon_samlogon 2N/A * The SamLogon version of the NetLogon request uses the workstation trust 2N/A * netr authentication. The trust account username is the hostname with a 2N/A * $ appended. The mailslot for this request is MAILSLOT_NTLOGON. At some 2N/A * we should receive a LOGON_SAM_LOGON_RESPONSE in the mailslot we 2N/A * specify in the request. 2N/A * struct NETLOGON_SAM_LOGON { 2N/A * unsigned short Opcode; # LOGON_SAM_LOGON_REQUEST 2N/A * unsigned short RequestCount; # 0 2N/A * wchar_t UnicodeComputerName; # hostname 2N/A * wchar_t UnicodeUserName; # hostname$ 2N/A * char *MailslotName; # response mailslot 2N/A * DWORD AllowableAccountControlBits; # 0x80 = WorkstationTrustAccount 2N/A * DWORD DomainSidSize; # domain sid length in bytes 2N/A * BYTE *DomainSid; # domain sid 2N/A * uint32_t NT_Version; # 0x00000001 2N/A * unsigned short LmNTToken; # 0xffff 2N/A * unsigned short Lm20Token; # 0xffff 2N/A * The username will be the trust account name on the PDC. 2N/A * Add 2 to wide-char equivalent strlen to cover the 2N/A * two zero bytes that terminate the wchar string. 2N/A * The domain SID is padded with 3 leading zeros. 2N/A 0,
/* RequestCount */ 2N/A 0x00000080,
/* AllowableAccountControlBits */ 2N/A 0x00000001,
/* NT_Version */ 2N/A 0xffff,
/* LmNTToken */ 2N/A 0xffff);
/* Lm20Token */ 2N/A * Send a query for each version of the protocol. 2N/A "SmbNetlogonSend: could not find %s<0x%X>",
2N/A * smb_netlogon_rdc_rsp 2N/A * This is where we process netlogon responses for the resource domain. 2N/A * The src_name is the real name of the remote machine. 2N/A /* set nbtd cache */ 2N/A * If we don't have any current DC, 2N/A * then use the new one of course. 2N/A * see if there is a DC in the 2N/A * Otherwise, just keep the old one.