Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1744 lines
45 KiB

  1. /*++
  2. Copyright (c) 1987-1991 Microsoft Corporation
  3. Module Name:
  4. nlrepl.c
  5. Abstract:
  6. The database replication functions called either from LSA OR SAM.
  7. The actual code resides in netlogon.dll.
  8. Author:
  9. Madan Appiah (Madana)
  10. Environment:
  11. User mode only.
  12. Contains NT-specific code.
  13. Requires ANSI C extensions: slash-slash comments, long external names.
  14. Revision History:
  15. 14-Apr-1992 (madana)
  16. Created.
  17. --*/
  18. #include <nt.h> // needed for NTSTATUS
  19. #include <ntrtl.h> // needed for nturtl.h
  20. #include <nturtl.h> // needed for windows.h
  21. #include <windows.h> // win32 typedefs
  22. #include <crypt.h> // samsrv.h will need this
  23. #include <ntlsa.h> // needed for POLICY_LSA_SERVER_ROLE
  24. #include <samrpc.h>
  25. #include <samisrv.h> // needed for SECURITY_DB_TYPE etc.
  26. #include <winsock2.h> // needed for SOCKET defn's
  27. #include <nlrepl.h> // proto types
  28. typedef NTSTATUS
  29. (*PI_NetNotifyDelta) (
  30. IN SECURITY_DB_TYPE DbType,
  31. IN LARGE_INTEGER ModificationCount,
  32. IN SECURITY_DB_DELTA_TYPE DeltaType,
  33. IN SECURITY_DB_OBJECT_TYPE ObjectType,
  34. IN ULONG ObjectRid,
  35. IN PSID ObjectSid,
  36. IN PUNICODE_STRING ObjectName,
  37. IN DWORD ReplicationImmediately,
  38. IN PSAM_DELTA_DATA MemberId
  39. );
  40. typedef NTSTATUS
  41. (*PI_NetNotifyRole) (
  42. IN POLICY_LSA_SERVER_ROLE Role
  43. );
  44. typedef NTSTATUS
  45. (*PI_NetNotifyMachineAccount) (
  46. IN ULONG ObjectRid,
  47. IN PSID DomainSid,
  48. IN ULONG OldUserAccountControl,
  49. IN ULONG NewUserAccountControl,
  50. IN PUNICODE_STRING ObjectName
  51. );
  52. typedef NTSTATUS
  53. (*PI_NetNotifyTrustedDomain) (
  54. IN PSID HostedDomainSid,
  55. IN PSID TrustedDomainSid,
  56. IN BOOLEAN IsDeletion
  57. );
  58. typedef NTSTATUS
  59. (*PI_NetNotifyNetlogonDllHandle) (
  60. IN PHANDLE Role
  61. );
  62. typedef NTSTATUS
  63. (*PI_NetLogonSetServiceBits)(
  64. IN DWORD ServiceBitsOfInterest,
  65. IN DWORD ServiceBits
  66. );
  67. typedef NTSTATUS
  68. (*PI_NetLogonGetSerialNumber) (
  69. IN SECURITY_DB_TYPE DbType,
  70. IN PSID DomainSid,
  71. OUT PLARGE_INTEGER SerialNumber
  72. );
  73. typedef NTSTATUS
  74. (*PI_NetLogonLdapLookupEx)(
  75. IN PVOID Filter,
  76. IN PVOID SockAddr,
  77. OUT PVOID *Response,
  78. OUT PULONG ResponseSize
  79. );
  80. typedef VOID
  81. (*PI_NetLogonFree)(
  82. IN PVOID Buffer
  83. );
  84. typedef NET_API_STATUS
  85. (*PI_DsGetDcCache)(
  86. IN LPCWSTR NetbiosDomainName OPTIONAL,
  87. IN LPCWSTR DnsDomainName OPTIONAL,
  88. OUT PBOOLEAN InNt4Domain,
  89. OUT LPDWORD InNt4DomainTime
  90. );
  91. typedef NET_API_STATUS
  92. (*PDsrGetDcNameEx2)(
  93. IN LPWSTR ComputerName OPTIONAL,
  94. IN LPCWSTR AccountName OPTIONAL,
  95. IN ULONG AllowableAccountControlBits,
  96. IN LPWSTR DomainName OPTIONAL,
  97. IN GUID *DomainGuid OPTIONAL,
  98. IN LPWSTR SiteName OPTIONAL,
  99. IN ULONG Flags,
  100. OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
  101. );
  102. typedef NTSTATUS
  103. (*PI_NetNotifyDsChange)(
  104. IN NL_DS_CHANGE_TYPE DsChangeType
  105. );
  106. typedef NTSTATUS
  107. (*PI_NetLogonReadChangeLog)(
  108. IN PVOID InContext,
  109. IN ULONG InContextSize,
  110. IN ULONG ChangeBufferSize,
  111. OUT PVOID *ChangeBuffer,
  112. OUT PULONG BytesRead,
  113. OUT PVOID *OutContext,
  114. OUT PULONG OutContextSize
  115. );
  116. typedef NTSTATUS
  117. (*PI_NetLogonNewChangeLog)(
  118. OUT HANDLE *ChangeLogHandle
  119. );
  120. typedef NTSTATUS
  121. (*PI_NetLogonAppendChangeLog)(
  122. IN HANDLE ChangeLogHandle,
  123. IN PVOID ChangeBuffer,
  124. IN ULONG ChangeBufferSize
  125. );
  126. typedef NTSTATUS
  127. (*PI_NetLogonCloseChangeLog)(
  128. IN HANDLE ChangeLogHandle,
  129. IN BOOLEAN Commit
  130. );
  131. typedef NTSTATUS
  132. (*PI_NetLogonSendToSamOnPdc)(
  133. IN LPWSTR DomainName,
  134. IN LPBYTE OpaqueBuffer,
  135. IN ULONG OpaqueBufferSize
  136. );
  137. typedef NET_API_STATUS
  138. (*PI_NetLogonGetIpAddresses)(
  139. OUT PULONG IpAddressCount,
  140. OUT LPBYTE *IpAddresses
  141. );
  142. typedef NTSTATUS
  143. (*PI_NetLogonGetAuthDataEx)(
  144. IN LPWSTR HostedDomainName OPTIONAL,
  145. IN LPWSTR TrustedDomainName,
  146. IN ULONG Flags,
  147. IN PLARGE_INTEGER FailedSessionSetupTime OPTIONAL,
  148. OUT LPWSTR *OurClientPrincipleName,
  149. OUT PVOID *ClientContext OPTIONAL,
  150. OUT LPWSTR *ServerName,
  151. OUT PNL_OS_VERSION ServerOsVersion,
  152. OUT PULONG AuthnLevel,
  153. OUT PLARGE_INTEGER SessionSetupTime
  154. );
  155. typedef NTSTATUS
  156. (*PI_NetNotifyNtdsDsaDeletion) (
  157. IN LPWSTR DnsDomainName,
  158. IN GUID *DomainGuid,
  159. IN GUID *DsaGuid,
  160. IN LPWSTR DnsHostName
  161. );
  162. typedef NET_API_STATUS
  163. (*PI_NetLogonAddressToSiteName)(
  164. IN PSOCKET_ADDRESS SocketAddress,
  165. OUT LPWSTR *SiteName
  166. );
  167. //
  168. // Global status
  169. //
  170. HANDLE NetlogonDllHandle = NULL;
  171. PI_NetNotifyDelta pI_NetNotifyDelta = NULL;
  172. PI_NetNotifyRole pI_NetNotifyRole = NULL;
  173. PI_NetNotifyMachineAccount pI_NetNotifyMachineAccount = NULL;
  174. PI_NetNotifyTrustedDomain pI_NetNotifyTrustedDomain = NULL;
  175. PI_NetLogonSetServiceBits pI_NetLogonSetServiceBits = NULL;
  176. PI_NetLogonGetSerialNumber pI_NetLogonGetSerialNumber = NULL;
  177. PI_NetLogonLdapLookupEx pI_NetLogonLdapLookupEx = NULL;
  178. PI_NetLogonFree pI_NetLogonFree = NULL;
  179. PI_DsGetDcCache pI_DsGetDcCache = NULL;
  180. PDsrGetDcNameEx2 pDsrGetDcNameEx2 = NULL;
  181. PI_NetNotifyDsChange pI_NetNotifyDsChange = NULL;
  182. PI_NetLogonReadChangeLog pI_NetLogonReadChangeLog = NULL;
  183. PI_NetLogonNewChangeLog pI_NetLogonNewChangeLog = NULL;
  184. PI_NetLogonAppendChangeLog pI_NetLogonAppendChangeLog = NULL;
  185. PI_NetLogonCloseChangeLog pI_NetLogonCloseChangeLog = NULL;
  186. PI_NetLogonSendToSamOnPdc pI_NetLogonSendToSamOnPdc = NULL;
  187. PI_NetLogonGetIpAddresses pI_NetLogonGetIpAddresses = NULL;
  188. PI_NetLogonGetAuthDataEx pI_NetLogonGetAuthDataEx = NULL;
  189. PI_NetNotifyNtdsDsaDeletion pI_NetNotifyNtdsDsaDeletion = NULL;
  190. PI_NetLogonAddressToSiteName pI_NetLogonAddressToSiteName = NULL;
  191. NTSTATUS
  192. NlLoadNetlogonDll(
  193. VOID
  194. )
  195. /*++
  196. Routine Description:
  197. This function loads the netlogon.dll module if it is not loaded
  198. already. If the network is not installed then netlogon.dll will not
  199. present in the system and the LoadLibrary will fail.
  200. Arguments:
  201. None
  202. Return Value:
  203. NT Status code.
  204. --*/
  205. {
  206. static NTSTATUS DllLoadStatus = STATUS_SUCCESS;
  207. PI_NetNotifyNetlogonDllHandle pI_NetNotifyNetlogonDllHandle = NULL;
  208. HANDLE DllHandle = NULL;
  209. //
  210. // If we've tried to load the DLL before and it failed,
  211. // return the same error code again.
  212. //
  213. if( DllLoadStatus != STATUS_SUCCESS ) {
  214. goto Cleanup;
  215. }
  216. //
  217. // Load netlogon.dll
  218. //
  219. DllHandle = LoadLibraryA( "Netlogon" );
  220. if ( DllHandle == NULL ) {
  221. #if DBG
  222. DWORD DbgError;
  223. DbgError = GetLastError();
  224. DbgPrint("[Security Process] can't load netlogon.dll %d \n",
  225. DbgError);
  226. #endif // DBG
  227. DllLoadStatus = STATUS_DLL_NOT_FOUND;
  228. goto Cleanup;
  229. }
  230. //
  231. // Macro to grab the address of the named procedure from netlogon.dll
  232. //
  233. #if DBG
  234. #define GRAB_ADDRESS( _X ) \
  235. p##_X = (P##_X) GetProcAddress( DllHandle, #_X ); \
  236. \
  237. if ( p##_X == NULL ) { \
  238. DbgPrint("[security process] can't load " #_X " procedure. %ld\n", GetLastError()); \
  239. DllLoadStatus = STATUS_PROCEDURE_NOT_FOUND;\
  240. goto Cleanup; \
  241. }
  242. #else // DBG
  243. #define GRAB_ADDRESS( _X ) \
  244. p##_X = (P##_X) GetProcAddress( DllHandle, #_X ); \
  245. \
  246. if ( p##_X == NULL ) { \
  247. DllLoadStatus = STATUS_PROCEDURE_NOT_FOUND;\
  248. goto Cleanup; \
  249. }
  250. #endif // DBG
  251. //
  252. // Get the addresses of the required procedures.
  253. //
  254. GRAB_ADDRESS( I_NetNotifyDelta );
  255. GRAB_ADDRESS( I_NetNotifyRole );
  256. GRAB_ADDRESS( I_NetNotifyMachineAccount );
  257. GRAB_ADDRESS( I_NetNotifyTrustedDomain );
  258. GRAB_ADDRESS( I_NetLogonSetServiceBits );
  259. GRAB_ADDRESS( I_NetLogonGetSerialNumber );
  260. GRAB_ADDRESS( I_NetLogonLdapLookupEx );
  261. GRAB_ADDRESS( I_NetLogonFree );
  262. GRAB_ADDRESS( I_DsGetDcCache );
  263. GRAB_ADDRESS( DsrGetDcNameEx2 );
  264. GRAB_ADDRESS( I_NetNotifyDsChange );
  265. GRAB_ADDRESS( I_NetLogonReadChangeLog );
  266. GRAB_ADDRESS( I_NetLogonNewChangeLog );
  267. GRAB_ADDRESS( I_NetLogonAppendChangeLog );
  268. GRAB_ADDRESS( I_NetLogonCloseChangeLog );
  269. GRAB_ADDRESS( I_NetLogonSendToSamOnPdc );
  270. GRAB_ADDRESS( I_NetLogonGetIpAddresses );
  271. GRAB_ADDRESS( I_NetLogonGetAuthDataEx );
  272. GRAB_ADDRESS( I_NetNotifyNtdsDsaDeletion );
  273. GRAB_ADDRESS( I_NetLogonAddressToSiteName );
  274. //
  275. // Find the address of the I_NetNotifyNetlogonDllHandle procedure.
  276. // This is an optional procedure so don't complain if it isn't there.
  277. //
  278. pI_NetNotifyNetlogonDllHandle = (PI_NetNotifyNetlogonDllHandle)
  279. GetProcAddress( DllHandle, "I_NetNotifyNetlogonDllHandle" );
  280. DllLoadStatus = STATUS_SUCCESS;
  281. Cleanup:
  282. if (DllLoadStatus == STATUS_SUCCESS) {
  283. NetlogonDllHandle = DllHandle;
  284. //
  285. // Notify Netlogon that we've loaded it.
  286. //
  287. if( pI_NetNotifyNetlogonDllHandle != NULL ) {
  288. (VOID) (*pI_NetNotifyNetlogonDllHandle)( &NetlogonDllHandle );
  289. }
  290. } else {
  291. if ( DllHandle != NULL ) {
  292. FreeLibrary( DllHandle );
  293. }
  294. }
  295. return( DllLoadStatus );
  296. }
  297. NTSTATUS
  298. I_NetNotifyDelta (
  299. IN SECURITY_DB_TYPE DbType,
  300. IN LARGE_INTEGER ModificationCount,
  301. IN SECURITY_DB_DELTA_TYPE DeltaType,
  302. IN SECURITY_DB_OBJECT_TYPE ObjectType,
  303. IN ULONG ObjectRid,
  304. IN PSID ObjectSid,
  305. IN PUNICODE_STRING ObjectName,
  306. IN DWORD ReplicationImmediately,
  307. IN PSAM_DELTA_DATA MemberId
  308. )
  309. /*++
  310. Routine Description:
  311. This function is called by the SAM and LSA services after each
  312. change is made to the SAM and LSA databases. The services describe
  313. the type of object that is modified, the type of modification made
  314. on the object, the serial number of this modification etc. This
  315. information is stored for later retrieval when a BDC or member
  316. server wants a copy of this change. See the description of
  317. I_NetSamDeltas for a description of how the change log is used.
  318. Add a change log entry to circular change log maintained in cache as
  319. well as on the disk and update the head and tail pointers
  320. It is assumed that Tail points to a block where this new change log
  321. entry may be stored.
  322. NOTE: The actual code is in netlogon.dll. This wrapper function
  323. will determine whether the network is installed, if so, it calls the
  324. actual worker function after loading the netlogon.dll module. If the
  325. network is not installed then this will function will return with
  326. appropriate error code.
  327. Arguments:
  328. DbType - Type of the database that has been modified.
  329. ModificationCount - The value of the DomainModifiedCount field for the
  330. domain following the modification.
  331. DeltaType - The type of modification that has been made on the object.
  332. ObjectType - The type of object that has been modified.
  333. ObjectRid - The relative ID of the object that has been modified.
  334. This parameter is valid only when the object type specified is
  335. either SecurityDbObjectSamUser, SecurityDbObjectSamGroup or
  336. SecurityDbObjectSamAlias otherwise this parameter is set to zero.
  337. ObjectSid - The SID of the object that has been modified. If the object
  338. modified is in a SAM database, ObjectSid is the DomainId of the Domain
  339. containing the object.
  340. ObjectName - The name of the secret object when the object type
  341. specified is SecurityDbObjectLsaSecret or the old name of the object
  342. when the object type specified is either SecurityDbObjectSamUser,
  343. SecurityDbObjectSamGroup or SecurityDbObjectSamAlias and the delta
  344. type is SecurityDbRename otherwise this parameter is set to NULL.
  345. ReplicateImmediately - TRUE if the change should be immediately
  346. replicated to all BDCs. A password change should set the flag
  347. TRUE.
  348. MemberId - This parameter is specified when group/alias membership
  349. is modified. This structure will then point to the member's ID that
  350. has been updated.
  351. Return Value:
  352. STATUS_SUCCESS - The Service completed successfully.
  353. --*/
  354. {
  355. NTSTATUS NtStatus;
  356. //
  357. // Load netlogon.dll if it hasn't already been loaded.
  358. //
  359. if( NetlogonDllHandle == NULL ) {
  360. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  361. return( NtStatus );
  362. }
  363. }
  364. NtStatus = (*pI_NetNotifyDelta)(
  365. DbType,
  366. ModificationCount,
  367. DeltaType,
  368. ObjectType,
  369. ObjectRid,
  370. ObjectSid,
  371. ObjectName,
  372. ReplicationImmediately,
  373. MemberId
  374. );
  375. return( STATUS_SUCCESS );
  376. }
  377. NTSTATUS
  378. I_NetNotifyRole(
  379. IN POLICY_LSA_SERVER_ROLE Role
  380. )
  381. /*++
  382. Routine Description:
  383. This function is called by the LSA service upon LSA initialization
  384. and when LSA changes domain role. This routine will initialize the
  385. change log cache if the role specified is PDC or delete the change
  386. log cache if the role specified is other than PDC.
  387. When this function initializing the change log if the change log
  388. currently exists on disk, the cache will be initialized from disk.
  389. LSA should treat errors from this routine as non-fatal. LSA should
  390. log the errors so they may be corrected then continue
  391. initialization. However, LSA should treat the system databases as
  392. read-only in this case.
  393. NOTE: The actual code is in netlogon.dll. This wrapper function
  394. will determine whether the network is installed, if so, it calls the
  395. actual worker function after loading the netlogon.dll module. If the
  396. network is not installed then this will function will return with
  397. appropriate error code.
  398. Arguments:
  399. Role - Current role of the server.
  400. Return Value:
  401. STATUS_SUCCESS - The Service completed successfully.
  402. --*/
  403. {
  404. NTSTATUS NtStatus;
  405. //
  406. // Load netlogon.dll if it hasn't already been loaded.
  407. //
  408. if( NetlogonDllHandle == NULL ) {
  409. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  410. return( NtStatus );
  411. }
  412. }
  413. NtStatus = (*pI_NetNotifyRole)(
  414. Role
  415. );
  416. #if DBG
  417. if( !NT_SUCCESS(NtStatus) ) {
  418. DbgPrint("[Security Process] I_NetNotifyRole returns 0x%lx \n",
  419. NtStatus);
  420. }
  421. #endif // DBG
  422. return( STATUS_SUCCESS );
  423. }
  424. NTSTATUS
  425. I_NetNotifyMachineAccount (
  426. IN ULONG ObjectRid,
  427. IN PSID DomainSid,
  428. IN ULONG OldUserAccountControl,
  429. IN ULONG NewUserAccountControl,
  430. IN PUNICODE_STRING ObjectName
  431. )
  432. /*++
  433. Routine Description:
  434. This function is called by the SAM to indicate that the account type
  435. of a machine account has changed. Specifically, if
  436. USER_INTERDOMAIN_TRUST_ACCOUNT, USER_WORKSTATION_TRUST_ACCOUNT, or
  437. USER_SERVER_TRUST_ACCOUNT change for a particular account, this
  438. routine is called to let Netlogon know of the account change.
  439. NOTE: The actual code is in netlogon.dll. This wrapper function
  440. will determine whether the network is installed, if so, it calls the
  441. actual worker function after loading the netlogon.dll module. If the
  442. network is not installed then this will function will return with
  443. appropriate error code.
  444. Arguments:
  445. ObjectRid - The relative ID of the object that has been modified.
  446. DomainSid - Specifies the SID of the Domain containing the object.
  447. OldUserAccountControl - Specifies the previous value of the
  448. UserAccountControl field of the user.
  449. NewUserAccountControl - Specifies the new (current) value of the
  450. UserAccountControl field of the user.
  451. ObjectName - The name of the account being changed.
  452. Return Value:
  453. Status of the operation.
  454. --*/
  455. {
  456. NTSTATUS NtStatus;
  457. //
  458. // Load netlogon.dll if it hasn't already been loaded.
  459. //
  460. if( NetlogonDllHandle == NULL ) {
  461. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  462. return( NtStatus );
  463. }
  464. }
  465. NtStatus = (*pI_NetNotifyMachineAccount)(
  466. ObjectRid,
  467. DomainSid,
  468. OldUserAccountControl,
  469. NewUserAccountControl,
  470. ObjectName );
  471. #if DBG
  472. if( !NT_SUCCESS(NtStatus) ) {
  473. DbgPrint("[Security Process] I_NetNotifyMachineAccount returns 0x%lx\n",
  474. NtStatus);
  475. }
  476. #endif // DBG
  477. return( NtStatus );
  478. }
  479. NTSTATUS
  480. I_NetNotifyTrustedDomain (
  481. IN PSID HostedDomainSid,
  482. IN PSID TrustedDomainSid,
  483. IN BOOLEAN IsDeletion
  484. )
  485. /*++
  486. Routine Description:
  487. This function is called by the LSA to indicate that a trusted domain
  488. object has changed.
  489. This function is called for both PDC and BDC.
  490. Arguments:
  491. HostedDomainSid - Domain SID of the domain the trust is from.
  492. TrustedDomainSid - Domain SID of the domain the trust is to.
  493. IsDeletion - TRUE if the trusted domain object was deleted.
  494. FALSE if the trusted domain object was created or modified.
  495. Return Value:
  496. Status of the operation.
  497. --*/
  498. {
  499. NTSTATUS NtStatus;
  500. //
  501. // Load netlogon.dll if it hasn't already been loaded.
  502. //
  503. if( NetlogonDllHandle == NULL ) {
  504. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  505. return( NtStatus );
  506. }
  507. }
  508. NtStatus = (*pI_NetNotifyTrustedDomain)(
  509. HostedDomainSid,
  510. TrustedDomainSid,
  511. IsDeletion );
  512. #if DBG
  513. if( !NT_SUCCESS(NtStatus) ) {
  514. DbgPrint("[Security Process] I_NetNotifyTrustedDomain returns 0x%lx\n",
  515. NtStatus);
  516. }
  517. #endif // DBG
  518. return( NtStatus );
  519. }
  520. NTSTATUS
  521. I_NetLogonSetServiceBits(
  522. IN DWORD ServiceBitsOfInterest,
  523. IN DWORD ServiceBits
  524. )
  525. /*++
  526. Routine Description:
  527. Inidcates whether this DC is currently running the specified service.
  528. For instance,
  529. I_NetLogonSetServiceBits( DS_KDC_FLAG, DS_KDC_FLAG );
  530. tells Netlogon the KDC is running. And
  531. I_NetLogonSetServiceBits( DS_KDC_FLAG, 0 );
  532. tells Netlogon the KDC is not running.
  533. Arguments:
  534. ServiceBitsOfInterest - A mask of the service bits being changed, set,
  535. or reset by this call. Only the following flags are valid:
  536. DS_KDC_FLAG
  537. DS_DS_FLAG
  538. DS_TIMESERV_FLAG
  539. ServiceBits - A mask indicating what the bits specified by ServiceBitsOfInterest
  540. should be set to.
  541. Return Value:
  542. STATUS_SUCCESS - Success.
  543. STATUS_INVALID_PARAMETER - The parameters have extaneous bits set.
  544. STATUS_DLL_NOT_FOUND - Netlogon.dll could not be loaded.
  545. --*/
  546. {
  547. NTSTATUS NtStatus;
  548. //
  549. // Load netlogon.dll if it hasn't already been loaded.
  550. //
  551. if( NetlogonDllHandle == NULL ) {
  552. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  553. return( NtStatus );
  554. }
  555. }
  556. NtStatus = (*pI_NetLogonSetServiceBits)(
  557. ServiceBitsOfInterest,
  558. ServiceBits );
  559. #if DBG
  560. if( !NT_SUCCESS(NtStatus) ) {
  561. DbgPrint("[Security Process] I_NetLogonSetServiceBits returns 0x%lx\n",
  562. NtStatus);
  563. }
  564. #endif // DBG
  565. return( NtStatus );
  566. }
  567. NTSTATUS
  568. I_NetLogonGetSerialNumber (
  569. IN SECURITY_DB_TYPE DbType,
  570. IN PSID DomainSid,
  571. OUT PLARGE_INTEGER SerialNumber
  572. )
  573. /*++
  574. Routine Description:
  575. This function is called by the SAM and LSA services when they startup
  576. to get the current serial number written to the changelog.
  577. Arguments:
  578. DbType - Type of the database that has been modified.
  579. DomainSid - For the SAM and builtin database, this specifies the DomainId of
  580. the domain whose serial number is to be returned.
  581. SerialNumber - Returns the latest set value of the DomainModifiedCount
  582. field for the domain.
  583. Return Value:
  584. STATUS_SUCCESS - The Service completed successfully.
  585. STATUS_INVALID_DOMAIN_ROLE - This machine is not the PDC.
  586. STATUS_DLL_NOT_FOUND - Netlogon.dll could not be loaded.
  587. --*/
  588. {
  589. NTSTATUS NtStatus;
  590. //
  591. // Load netlogon.dll if it hasn't already been loaded.
  592. //
  593. if( NetlogonDllHandle == NULL ) {
  594. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  595. return( NtStatus );
  596. }
  597. }
  598. NtStatus = (*pI_NetLogonGetSerialNumber)(
  599. DbType,
  600. DomainSid,
  601. SerialNumber );
  602. #if DBG
  603. if( !NT_SUCCESS(NtStatus) ) {
  604. DbgPrint("[Security Process] I_NetLogonGetSerialNumber returns 0x%lx\n",
  605. NtStatus);
  606. }
  607. #endif // DBG
  608. return( NtStatus );
  609. }
  610. NTSTATUS
  611. I_NetLogonLdapLookupEx(
  612. IN PVOID Filter,
  613. IN PVOID SockAddr,
  614. OUT PVOID *Response,
  615. OUT PULONG ResponseSize
  616. )
  617. /*++
  618. Routine Description:
  619. This routine builds a response to an LDAP ping of a DC. DsGetDcName does
  620. such a ping to ensure the DC is functional and still meets the requirements
  621. of the DsGetDcName. DsGetDcName does an LDAP lookup of the NULL DN asking
  622. for attribute "Netlogon". The DS turns that into a call to this routine
  623. passing in the filter parameter.
  624. Arguments:
  625. Filter - Filter describing the query. The filter is built by the DsGetDcName
  626. client, so we can limit the flexibility significantly. The filter is:
  627. SockAddr - Address of the client that sent the ping.
  628. Response - Returns a pointer to an allocated buffer containing
  629. the response to return to the caller. This response is a binary blob
  630. which should be returned to the caller bit-for-bit intact.
  631. The buffer should be freed be calling I_NetLogonFree.
  632. ResponseSize - Size (in bytes) of the returned message.
  633. Return Value:
  634. STATUS_SUCCESS -- The response was returned in the supplied buffer.
  635. STATUS_INVALID_PARAMETER -- The filter was invalid.
  636. --*/
  637. {
  638. NTSTATUS NtStatus;
  639. //
  640. // Load netlogon.dll if it hasn't already been loaded.
  641. //
  642. if( NetlogonDllHandle == NULL ) {
  643. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  644. return( NtStatus );
  645. }
  646. }
  647. NtStatus = (*pI_NetLogonLdapLookupEx)(
  648. Filter,
  649. SockAddr,
  650. Response,
  651. ResponseSize );
  652. #ifdef notdef // Failures occur frequently in nature
  653. #if DBG
  654. if( !NT_SUCCESS(NtStatus) ) {
  655. DbgPrint("[Security Process] I_NetLogonLdapLookupEx returns 0x%lx\n",
  656. NtStatus);
  657. }
  658. #endif // DBG
  659. #endif // notdef
  660. return( NtStatus );
  661. }
  662. VOID
  663. I_NetLogonFree(
  664. IN PVOID Buffer
  665. )
  666. /*++
  667. Routine Description:
  668. Free any buffer allocated by Netlogon and returned to an in-process caller.
  669. Arguments:
  670. Buffer - Buffer to deallocate.
  671. Return Value:
  672. None.
  673. --*/
  674. {
  675. NTSTATUS NtStatus;
  676. //
  677. // Load netlogon.dll if it hasn't already been loaded.
  678. //
  679. if( NetlogonDllHandle == NULL ) {
  680. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  681. return;
  682. }
  683. }
  684. (*pI_NetLogonFree)( Buffer );
  685. }
  686. NET_API_STATUS
  687. I_DsGetDcCache(
  688. IN LPCWSTR NetbiosDomainName OPTIONAL,
  689. IN LPCWSTR DnsDomainName OPTIONAL,
  690. OUT PBOOLEAN InNt4Domain,
  691. OUT LPDWORD InNt4DomainTime
  692. )
  693. /*++
  694. Routine Description:
  695. This routine finds a domain entry that matches the caller's query.
  696. Arguments:
  697. NetbiosDomainName - Specifies the Netbios name of the domain to find.
  698. DnsDomainName - Specifies the Dns name of the domain to find.
  699. At least one of the above parameters should be non-NULL.
  700. InNt4Domain - Returns true if the domain is an NT 4.0 domain.
  701. InNt4DomainTime - Returns the GetTickCount time of when the domain was
  702. detected to be an NT 4.0 domain.
  703. Return Value:
  704. NO_ERROR: Information is returned about the domain.
  705. ERROR_NO_SUCH_DOMAIN: cached information is not available for this domain.
  706. --*/
  707. {
  708. NTSTATUS NtStatus;
  709. NET_API_STATUS NetStatus;
  710. //
  711. // Load netlogon.dll if it hasn't already been loaded.
  712. //
  713. if( NetlogonDllHandle == NULL ) {
  714. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  715. return( NtStatus );
  716. }
  717. }
  718. NetStatus = (*pI_DsGetDcCache)(
  719. NetbiosDomainName,
  720. DnsDomainName,
  721. InNt4Domain,
  722. InNt4DomainTime );
  723. return( NetStatus );
  724. }
  725. NET_API_STATUS
  726. DsrGetDcNameEx2(
  727. IN LPWSTR ComputerName OPTIONAL,
  728. IN LPWSTR AccountName OPTIONAL,
  729. IN ULONG AllowableAccountControlBits,
  730. IN LPWSTR DomainName OPTIONAL,
  731. IN GUID *DomainGuid OPTIONAL,
  732. IN LPWSTR SiteName OPTIONAL,
  733. IN ULONG Flags,
  734. OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
  735. )
  736. /*++
  737. Routine Description:
  738. Same as DsGetDcNameW except:
  739. AccountName - Account name to pass on the ping request.
  740. If NULL, no account name will be sent.
  741. AllowableAccountControlBits - Mask of allowable account types for AccountName.
  742. * This is the RPC server side implementation.
  743. Arguments:
  744. Same as DsGetDcNameW except as above.
  745. Return Value:
  746. Same as DsGetDcNameW except as above.
  747. --*/
  748. {
  749. NTSTATUS NtStatus;
  750. NET_API_STATUS NetStatus;
  751. //
  752. // Load netlogon.dll if it hasn't already been loaded.
  753. //
  754. if( NetlogonDllHandle == NULL ) {
  755. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  756. return( NtStatus );
  757. }
  758. }
  759. NetStatus = (*pDsrGetDcNameEx2)(
  760. ComputerName,
  761. AccountName,
  762. AllowableAccountControlBits,
  763. DomainName,
  764. DomainGuid,
  765. SiteName,
  766. Flags,
  767. DomainControllerInfo );
  768. return( NetStatus );
  769. }
  770. NTSTATUS
  771. I_NetNotifyDsChange(
  772. IN NL_DS_CHANGE_TYPE DsChangeType
  773. )
  774. /*++
  775. Routine Description:
  776. This function is called by the LSA to indicate that configuration information
  777. in the DS has changed.
  778. This function is called for both PDC and BDC.
  779. Arguments:
  780. DsChangeType - Indicates the type of information that has changed.
  781. Return Value:
  782. Status of the operation.
  783. --*/
  784. {
  785. NTSTATUS NtStatus;
  786. //
  787. // Load netlogon.dll if it hasn't already been loaded.
  788. //
  789. if( NetlogonDllHandle == NULL ) {
  790. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  791. return( NtStatus );
  792. }
  793. }
  794. NtStatus = (*pI_NetNotifyDsChange)(
  795. DsChangeType
  796. );
  797. #if DBG
  798. if( !NT_SUCCESS(NtStatus) ) {
  799. DbgPrint("[Security Process] I_NetNotifyDsChange &ld returns 0x%lx \n",
  800. DsChangeType,
  801. NtStatus);
  802. }
  803. #endif // DBG
  804. return( NtStatus );
  805. }
  806. NTSTATUS
  807. I_NetLogonReadChangeLog(
  808. IN PVOID InContext,
  809. IN ULONG InContextSize,
  810. IN ULONG ChangeBufferSize,
  811. OUT PVOID *ChangeBuffer,
  812. OUT PULONG BytesRead,
  813. OUT PVOID *OutContext,
  814. OUT PULONG OutContextSize
  815. )
  816. /*++
  817. Routine Description:
  818. This function returns a portion of the change log to the caller.
  819. The caller asks for the first portion of the change log by passing zero as
  820. the InContext/InContextSize. Each call passes out an OutContext that
  821. identifies the last change returned to the caller. That context can
  822. be passed in on a subsequent call to I_NetlogonReadChangeLog.
  823. Arguments:
  824. InContext - Opaque context describing the last entry to have been previously
  825. returned. Specify NULL to request the first entry.
  826. InContextSize - Size (in bytes) of InContext. Specify 0 to request the
  827. first entry.
  828. ChangeBufferSize - Specifies the size (in bytes) of the passed in ChangeBuffer.
  829. ChangeBuffer - Returns the next several entries from the change log.
  830. Buffer must be DWORD aligned.
  831. BytesRead - Returns the size (in bytes) of the entries returned in ChangeBuffer.
  832. OutContext - Returns an opaque context describing the last entry returned
  833. in ChangeBuffer. NULL is returned if no entries were returned.
  834. The buffer must be freed using I_NetLogonFree
  835. OutContextSize - Returns the size (in bytes) of OutContext.
  836. Return Value:
  837. STATUS_MORE_ENTRIES - More entries are available. This function should
  838. be called again to retrieve the remaining entries.
  839. STATUS_SUCCESS - No more entries are currently available. Some entries may
  840. have been returned on this call. This function need not be called again.
  841. However, the caller can determine if new change log entries were
  842. added to the log, by calling this function again passing in the returned
  843. context.
  844. STATUS_INVALID_PARAMETER - InContext is invalid.
  845. Either it is too short or the change log entry described no longer
  846. exists in the change log.
  847. STATUS_INVALID_DOMAIN_ROLE - Change log not initialized
  848. STATUS_NO_MEMORY - There is not enough memory to allocate OutContext.
  849. --*/
  850. {
  851. NTSTATUS NtStatus;
  852. //
  853. // Load netlogon.dll if it hasn't already been loaded.
  854. //
  855. if( NetlogonDllHandle == NULL ) {
  856. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  857. return( NtStatus );
  858. }
  859. }
  860. NtStatus = (*pI_NetLogonReadChangeLog)(
  861. InContext,
  862. InContextSize,
  863. ChangeBufferSize,
  864. ChangeBuffer,
  865. BytesRead,
  866. OutContext,
  867. OutContextSize
  868. );
  869. #if DBG
  870. if( !NT_SUCCESS(NtStatus) ) {
  871. DbgPrint("[Security Process] I_NetLogonReadChangeLog returns 0x%lx \n",
  872. NtStatus);
  873. }
  874. #endif // DBG
  875. return( NtStatus );
  876. }
  877. NTSTATUS
  878. I_NetLogonNewChangeLog(
  879. OUT HANDLE *ChangeLogHandle
  880. )
  881. /*++
  882. Routine Description:
  883. This function opens a new changelog file for writing. The new changelog
  884. is a temporary file. The real change log will not be modified until
  885. I_NetLogonCloseChangeLog is called asking to Commit the changes.
  886. The caller should follow this call by Zero more calls to
  887. I_NetLogonAppendChangeLog followed by a call to I_NetLogonCloseChangeLog.
  888. Only one temporary change log can be active at once.
  889. Arguments:
  890. ChangeLogHandle - Returns a handle identifying the temporary change log.
  891. Return Value:
  892. STATUS_SUCCESS - The temporary change log has been successfully opened.
  893. STATUS_INVALID_DOMAIN_ROLE - DC is neither PDC nor BDC.
  894. STATUS_NO_MEMORY - Not enough memory to create the change log buffer.
  895. Sundry file creation errors.
  896. --*/
  897. {
  898. NTSTATUS NtStatus;
  899. //
  900. // Load netlogon.dll if it hasn't already been loaded.
  901. //
  902. if( NetlogonDllHandle == NULL ) {
  903. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  904. return( NtStatus );
  905. }
  906. }
  907. NtStatus = (*pI_NetLogonNewChangeLog)(
  908. ChangeLogHandle
  909. );
  910. #if DBG
  911. if( !NT_SUCCESS(NtStatus) ) {
  912. DbgPrint("[Security Process] I_NetLogonNewChangeLog returns 0x%lx \n",
  913. NtStatus);
  914. }
  915. #endif // DBG
  916. return( NtStatus );
  917. }
  918. NTSTATUS
  919. I_NetLogonAppendChangeLog(
  920. IN HANDLE ChangeLogHandle,
  921. IN PVOID ChangeBuffer,
  922. IN ULONG ChangeBufferSize
  923. )
  924. /*++
  925. Routine Description:
  926. This function appends change log information to new changelog file.
  927. The ChangeBuffer must be a change buffer returned from I_NetLogonReadChangeLog.
  928. Care should be taken to ensure each call to I_NetLogonReadChangeLog is
  929. exactly matched by one call to I_NetLogonAppendChangeLog.
  930. Arguments:
  931. ChangeLogHandle - A handle identifying the temporary change log.
  932. ChangeBuffer - A buffer describing a set of changes returned from
  933. I_NetLogonReadChangeLog.
  934. ChangeBufferSize - Size (in bytes) of ChangeBuffer.
  935. Return Value:
  936. STATUS_SUCCESS - The temporary change log has been successfully opened.
  937. STATUS_INVALID_DOMAIN_ROLE - DC is neither PDC nor BDC.
  938. STATUS_INVALID_HANDLE - ChangeLogHandle is not valid.
  939. STATUS_INVALID_PARAMETER - ChangeBuffer contains invalid data.
  940. Sundry disk write errors.
  941. --*/
  942. {
  943. NTSTATUS NtStatus;
  944. //
  945. // Load netlogon.dll if it hasn't already been loaded.
  946. //
  947. if( NetlogonDllHandle == NULL ) {
  948. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  949. return( NtStatus );
  950. }
  951. }
  952. NtStatus = (*pI_NetLogonAppendChangeLog)(
  953. ChangeLogHandle,
  954. ChangeBuffer,
  955. ChangeBufferSize
  956. );
  957. #if DBG
  958. if( !NT_SUCCESS(NtStatus) ) {
  959. DbgPrint("[Security Process] I_NetLogonAppendChangeLog returns 0x%lx \n",
  960. NtStatus);
  961. }
  962. #endif // DBG
  963. return( NtStatus );
  964. }
  965. NTSTATUS
  966. I_NetLogonCloseChangeLog(
  967. IN HANDLE ChangeLogHandle,
  968. IN BOOLEAN Commit
  969. )
  970. /*++
  971. Routine Description:
  972. This function closes a new changelog file.
  973. Arguments:
  974. ChangeLogHandle - A handle identifying the temporary change log.
  975. Commit - If true, the specified changes are written to the primary change log.
  976. If false, the specified change are deleted.
  977. Return Value:
  978. STATUS_SUCCESS - The temporary change log has been successfully opened.
  979. STATUS_INVALID_DOMAIN_ROLE - DC is neither PDC nor BDC.
  980. STATUS_INVALID_HANDLE - ChangeLogHandle is not valid.
  981. --*/
  982. {
  983. NTSTATUS NtStatus;
  984. //
  985. // Load netlogon.dll if it hasn't already been loaded.
  986. //
  987. if( NetlogonDllHandle == NULL ) {
  988. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  989. return( NtStatus );
  990. }
  991. }
  992. NtStatus = (*pI_NetLogonCloseChangeLog)(
  993. ChangeLogHandle,
  994. Commit
  995. );
  996. #if DBG
  997. if( !NT_SUCCESS(NtStatus) ) {
  998. DbgPrint("[Security Process] I_NetLogonCloseChangeLog returns 0x%lx \n",
  999. NtStatus);
  1000. }
  1001. #endif // DBG
  1002. return( NtStatus );
  1003. }
  1004. NTSTATUS
  1005. I_NetLogonSendToSamOnPdc(
  1006. IN LPWSTR DomainName,
  1007. IN LPBYTE OpaqueBuffer,
  1008. IN ULONG OpaqueBufferSize
  1009. )
  1010. /*++
  1011. Routine Description:
  1012. This function sends an opaque buffer from SAM on a BDC to SAM on the PDC of
  1013. the specified domain.
  1014. The original use of this routine will be to allow the BDC to forward user
  1015. account password changes to the PDC.
  1016. Arguments:
  1017. DomainName - Identifies the hosted domain that this request applies to.
  1018. DomainName may be the Netbios domain name or the DNS domain name.
  1019. NULL implies the primary domain hosted by this DC.
  1020. OpaqueBuffer - Buffer to be passed to the SAM service on the PDC.
  1021. The buffer will be encrypted on the wire.
  1022. OpaqueBufferSize - Size (in bytes) of OpaqueBuffer.
  1023. Return Value:
  1024. STATUS_SUCCESS: Message successfully sent to PDC
  1025. STATUS_NO_MEMORY: There is not enough memory to complete the operation
  1026. STATUS_NO_SUCH_DOMAIN: DomainName does not correspond to a hosted domain
  1027. STATUS_NO_LOGON_SERVERS: PDC is not currently available
  1028. STATUS_NOT_SUPPORTED: PDC does not support this operation
  1029. --*/
  1030. {
  1031. NTSTATUS NtStatus;
  1032. //
  1033. // Load netlogon.dll if it hasn't already been loaded.
  1034. //
  1035. if( NetlogonDllHandle == NULL ) {
  1036. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1037. return( NtStatus );
  1038. }
  1039. }
  1040. NtStatus = (*pI_NetLogonSendToSamOnPdc)(
  1041. DomainName,
  1042. OpaqueBuffer,
  1043. OpaqueBufferSize );
  1044. #if DBG
  1045. if( !NT_SUCCESS(NtStatus) ) {
  1046. DbgPrint("[Security Process] I_NetLogonSendToSamOnPdc returns 0x%lx \n",
  1047. NtStatus);
  1048. }
  1049. #endif // DBG
  1050. return( NtStatus );
  1051. }
  1052. NET_API_STATUS
  1053. I_NetLogonGetIpAddresses(
  1054. OUT PULONG IpAddressCount,
  1055. OUT LPBYTE *IpAddresses
  1056. )
  1057. /*++
  1058. Routine Description:
  1059. Returns all of the IP Addresses assigned to this machine.
  1060. Arguments:
  1061. IpAddressCount - Returns the number of IP addresses assigned to this machine.
  1062. IpAddresses - Returns a buffer containing an array of SOCKET_ADDRESS
  1063. structures.
  1064. This buffer should be freed using I_NetLogonFree().
  1065. Return Value:
  1066. NO_ERROR - Success
  1067. ERROR_NOT_ENOUGH_MEMORY - There was not enough memory to complete the operation.
  1068. ERROR_NETLOGON_NOT_STARTED - Netlogon is not started.
  1069. --*/
  1070. {
  1071. NTSTATUS NtStatus;
  1072. NET_API_STATUS NetStatus;
  1073. //
  1074. // Load netlogon.dll if it hasn't already been loaded.
  1075. //
  1076. if( NetlogonDllHandle == NULL ) {
  1077. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1078. return( NtStatus );
  1079. }
  1080. }
  1081. NetStatus = (*pI_NetLogonGetIpAddresses)(
  1082. IpAddressCount,
  1083. IpAddresses );
  1084. return( NetStatus );
  1085. }
  1086. NTSTATUS
  1087. I_NetLogonGetAuthDataEx(
  1088. IN LPWSTR HostedDomainName OPTIONAL,
  1089. IN LPWSTR TrustedDomainName,
  1090. IN ULONG Flags,
  1091. IN PLARGE_INTEGER FailedSessionSetupTime OPTIONAL,
  1092. OUT LPWSTR *OurClientPrincipleName,
  1093. OUT PVOID *ClientContext OPTIONAL,
  1094. OUT LPWSTR *ServerName,
  1095. OUT PNL_OS_VERSION ServerOsVersion,
  1096. OUT PULONG AuthnLevel,
  1097. OUT PLARGE_INTEGER SessionSetupTime
  1098. )
  1099. /*++
  1100. Routine Description:
  1101. This function returns the data that a caller could passed to
  1102. RpcBindingSetAuthInfoW to do an RPC call using the Netlogon security package.
  1103. The returned data is valid for the life of Netlogon's secure channel to
  1104. the current DC. There is no way for the caller to determine that lifetime.
  1105. So, the caller should be prepared for access to be denied and respond to that
  1106. by calling I_NetLogonGetAuthData again. This condition is indicated by passing
  1107. the previuosly used client context that resulted in denied access.
  1108. Once the returned data is passed to RpcBindingSetAuthInfoW, the data should
  1109. not be deallocated until after the binding handle is closed.
  1110. Arguments:
  1111. HostedDomainName - Identifies the hosted domain that this request applies to.
  1112. May be the Netbios domain name or the DNS domain name.
  1113. NULL implies the primary domain hosted by this machine.
  1114. TrustedDomainName - Identifies the domain the trust relationship is to.
  1115. May be the Netbios domain name or the DNS domain name.
  1116. Flags - Flags defining which ClientContext to return:
  1117. NL_DIRECT_TRUST_REQUIRED: Indicates that STATUS_NO_SUCH_DOMAIN should be returned
  1118. if TrustedDomainName is not directly trusted.
  1119. NL_RETURN_CLOSEST_HOP: Indicates that for indirect trust, the "closest hop"
  1120. session should be returned rather than the actual session
  1121. NL_ROLE_PRIMARY_OK: Indicates that if this is a PDC, it's OK to return
  1122. the client session to the primary domain.
  1123. NL_REQUIRE_DOMAIN_IN_FOREST - Indicates that STATUS_NO_SUCH_DOMAIN should be
  1124. returned if TrustedDomainName is not a domain in the forest.
  1125. FailedSessionSetupTime - The time of the previous session setup to the server
  1126. that the caller detected as no longer available. If this parameter is
  1127. passed, the secure channel will be reset by this routine unless the timestamp
  1128. on the current secure channel is different from the one passed by the caller
  1129. (in which case the secure channel got already reset between the two calls to
  1130. this routine).
  1131. OurClientPrincipleName - The principle name of this machine (which is a client as far
  1132. as authenication is concerned). This is the ServerPrincipleName parameter to pass
  1133. to RpcBindingSetAuthInfo. Must be freed using NetApiBufferFree.
  1134. ClientContext - Authentication data for ServerName to pass as AuthIdentity to
  1135. RpcBindingSetAuthInfo. Must be freed using I_NetLogonFree.
  1136. Note this OUT parameter is NULL if ServerName doesn't support this
  1137. functionality.
  1138. ServerName - UNC name of a DC in the trusted domain.
  1139. The caller should RPC to the named DC. This DC is the only DC that has the server
  1140. side context associated with the returned ClientContext. The buffer must be freed
  1141. using NetApiBufferFree.
  1142. ServerOsVersion - Returns the operating system version of the DC named ServerName.
  1143. AuthnLevel - Authentication level Netlogon will use for its secure channel. This value
  1144. will be one of:
  1145. RPC_C_AUTHN_LEVEL_PKT_PRIVACY: Sign and seal
  1146. RPC_C_AUTHN_LEVEL_PKT_INTEGRITY: Sign only
  1147. The caller can ignore this value and independently choose an authentication level.
  1148. SessionSetupTime - The time of the secure channel session setup to the server.
  1149. Return Value:
  1150. STATUS_SUCCESS: The auth data was successfully returned.
  1151. STATUS_NO_MEMORY: There is not enough memory to complete the operation
  1152. STATUS_NETLOGON_NOT_STARTED: Netlogon is not running
  1153. STATUS_NO_SUCH_DOMAIN: HostedDomainName does not correspond to a hosted domain, OR
  1154. TrustedDomainName is not a trusted domain corresponding to Flags.
  1155. STATUS_NO_LOGON_SERVERS: No DCs are not currently available
  1156. --*/
  1157. {
  1158. NTSTATUS NtStatus;
  1159. //
  1160. // Load netlogon.dll if it hasn't already been loaded.
  1161. //
  1162. if( NetlogonDllHandle == NULL ) {
  1163. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1164. return( NtStatus );
  1165. }
  1166. }
  1167. NtStatus = (*pI_NetLogonGetAuthDataEx)(
  1168. HostedDomainName,
  1169. TrustedDomainName,
  1170. Flags,
  1171. FailedSessionSetupTime,
  1172. OurClientPrincipleName,
  1173. ClientContext,
  1174. ServerName,
  1175. ServerOsVersion,
  1176. AuthnLevel,
  1177. SessionSetupTime );
  1178. return( NtStatus );
  1179. }
  1180. NTSTATUS
  1181. I_NetNotifyNtdsDsaDeletion (
  1182. IN LPWSTR DnsDomainName,
  1183. IN GUID *DomainGuid,
  1184. IN GUID *DsaGuid,
  1185. IN LPWSTR DnsHostName
  1186. )
  1187. /*++
  1188. Routine Description:
  1189. This function is called by the DS to indicate that a NTDS-DSA object
  1190. is being deleted.
  1191. This function is called on the DC that the object is originally deleted on.
  1192. It is not called when the deletion is replicated to other DCs.
  1193. Arguments:
  1194. DnsDomainName - DNS domain name of the domain the DC was in.
  1195. This need not be a domain hosted by this DC.
  1196. DomainGuid - Domain Guid of the domain specified by DnsDomainName
  1197. DsaGuid - GUID of the NtdsDsa object that is being deleted.
  1198. DnsHostName - DNS host name of the DC whose NTDS-DSA object is being deleted.
  1199. Return Value:
  1200. Status of the operation.
  1201. --*/
  1202. {
  1203. NTSTATUS NtStatus;
  1204. //
  1205. // Load netlogon.dll if it hasn't already been loaded.
  1206. //
  1207. if( NetlogonDllHandle == NULL ) {
  1208. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1209. return( NtStatus );
  1210. }
  1211. }
  1212. NtStatus = (*pI_NetNotifyNtdsDsaDeletion)(
  1213. DnsDomainName,
  1214. DomainGuid,
  1215. DsaGuid,
  1216. DnsHostName );
  1217. #if DBG
  1218. if( !NT_SUCCESS(NtStatus) ) {
  1219. DbgPrint("[Security Process] I_NetNotifyNtdsDsaDeletion returns 0x%lx \n",
  1220. NtStatus);
  1221. }
  1222. #endif // DBG
  1223. return( NtStatus );
  1224. }
  1225. NET_API_STATUS
  1226. I_NetLogonAddressToSiteName(
  1227. IN PSOCKET_ADDRESS SocketAddress,
  1228. OUT LPWSTR *SiteName
  1229. )
  1230. /*++
  1231. Routine Description:
  1232. This function translates a socket addresses to site name.
  1233. Arguments:
  1234. SocketAddress -- the requested socket address
  1235. SiteName -- the corresponding site name
  1236. Return Value:
  1237. Status of the operation.
  1238. --*/
  1239. {
  1240. NTSTATUS NtStatus;
  1241. NET_API_STATUS NetStatus;
  1242. //
  1243. // Load netlogon.dll if it hasn't already been loaded.
  1244. //
  1245. if( NetlogonDllHandle == NULL ) {
  1246. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1247. return( NtStatus );
  1248. }
  1249. }
  1250. NetStatus = (*pI_NetLogonAddressToSiteName)(SocketAddress,
  1251. SiteName );
  1252. return( NetStatus );
  1253. }