Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1959 lines
48 KiB

  1. /*++
  2. Copyright (c) 1987-1991 Microsoft Corporation
  3. Module Name:
  4. nlrepl.c
  5. Abstract:
  6. The database replication functions called either from LSA OR SAM.
  7. The actual code resides in netlogon.dll.
  8. Author:
  9. Madan Appiah (Madana)
  10. Environment:
  11. User mode only.
  12. Contains NT-specific code.
  13. Requires ANSI C extensions: slash-slash comments, long external names.
  14. Revision History:
  15. 14-Apr-1992 (madana)
  16. Created.
  17. --*/
  18. #include <nt.h> // needed for NTSTATUS
  19. #include <ntrtl.h> // needed for nturtl.h
  20. #include <nturtl.h> // needed for windows.h
  21. #include <windows.h> // win32 typedefs
  22. #include <crypt.h> // samsrv.h will need this
  23. #include <ntlsa.h> // needed for POLICY_LSA_SERVER_ROLE
  24. #include <samrpc.h>
  25. #include <samisrv.h> // needed for SECURITY_DB_TYPE etc.
  26. #include <winsock2.h> // needed for SOCKET defn's
  27. #include <nlrepl.h> // proto types
  28. typedef NTSTATUS
  29. (*PI_NetNotifyDelta) (
  31. IN LARGE_INTEGER ModificationCount,
  34. IN ULONG ObjectRid,
  35. IN PSID ObjectSid,
  36. IN PUNICODE_STRING ObjectName,
  37. IN DWORD ReplicationImmediately,
  39. );
  40. typedef NTSTATUS
  41. (*PI_NetNotifyRole) (
  43. );
  44. typedef NTSTATUS
  45. (*PI_NetNotifyMachineAccount) (
  46. IN ULONG ObjectRid,
  47. IN PSID DomainSid,
  48. IN ULONG OldUserAccountControl,
  49. IN ULONG NewUserAccountControl,
  51. );
  52. typedef NTSTATUS
  53. (*PI_NetNotifyTrustedDomain) (
  54. IN PSID HostedDomainSid,
  55. IN PSID TrustedDomainSid,
  56. IN BOOLEAN IsDeletion
  57. );
  58. typedef NTSTATUS
  59. (*PI_NetNotifyNetlogonDllHandle) (
  60. IN PHANDLE Role
  61. );
  62. typedef NTSTATUS
  63. (*PI_NetLogonSetServiceBits)(
  64. IN DWORD ServiceBitsOfInterest,
  65. IN DWORD ServiceBits
  66. );
  67. typedef NTSTATUS
  68. (*PI_NetLogonGetSerialNumber) (
  70. IN PSID DomainSid,
  71. OUT PLARGE_INTEGER SerialNumber
  72. );
  73. typedef NTSTATUS
  74. (*PI_NetLogonLdapLookup)(
  75. IN PVOID Filter,
  76. OUT PVOID *Response,
  77. OUT PULONG ResponseSize
  78. );
  79. typedef NTSTATUS
  80. (*PI_NetLogonLdapLookupEx)(
  81. IN PVOID Filter,
  82. IN PVOID SockAddr,
  83. OUT PVOID *Response,
  84. OUT PULONG ResponseSize
  85. );
  86. typedef VOID
  87. (*PI_NetLogonFree)(
  88. IN PVOID Buffer
  89. );
  90. typedef NET_API_STATUS
  91. (*PI_DsGetDcCache)(
  92. IN LPCWSTR NetbiosDomainName OPTIONAL,
  93. IN LPCWSTR DnsDomainName OPTIONAL,
  94. OUT PBOOLEAN InNt4Domain,
  95. OUT LPDWORD InNt4DomainTime
  96. );
  97. typedef NET_API_STATUS
  98. (*PDsrGetDcName)(
  99. IN LPWSTR ComputerName OPTIONAL,
  100. IN LPWSTR DomainName OPTIONAL,
  101. IN GUID *DomainGuid OPTIONAL,
  102. IN GUID *SiteGuid OPTIONAL,
  103. IN ULONG Flags,
  104. OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
  105. );
  106. typedef NET_API_STATUS
  107. (*PDsrGetDcNameEx2)(
  108. IN LPWSTR ComputerName OPTIONAL,
  109. IN LPCWSTR AccountName OPTIONAL,
  110. IN ULONG AllowableAccountControlBits,
  111. IN LPWSTR DomainName OPTIONAL,
  112. IN GUID *DomainGuid OPTIONAL,
  114. IN ULONG Flags,
  115. OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
  116. );
  117. typedef NTSTATUS
  118. (*PI_NetNotifyDsChange)(
  119. IN NL_DS_CHANGE_TYPE DsChangeType
  120. );
  121. typedef NTSTATUS
  122. (*PI_NetLogonReadChangeLog)(
  123. IN PVOID InContext,
  124. IN ULONG InContextSize,
  125. IN ULONG ChangeBufferSize,
  126. OUT PVOID *ChangeBuffer,
  127. OUT PULONG BytesRead,
  128. OUT PVOID *OutContext,
  129. OUT PULONG OutContextSize
  130. );
  131. typedef NTSTATUS
  132. (*PI_NetLogonNewChangeLog)(
  133. OUT HANDLE *ChangeLogHandle
  134. );
  135. typedef NTSTATUS
  136. (*PI_NetLogonAppendChangeLog)(
  137. IN HANDLE ChangeLogHandle,
  138. IN PVOID ChangeBuffer,
  139. IN ULONG ChangeBufferSize
  140. );
  141. typedef NTSTATUS
  142. (*PI_NetLogonCloseChangeLog)(
  143. IN HANDLE ChangeLogHandle,
  144. IN BOOLEAN Commit
  145. );
  146. typedef NTSTATUS
  147. (*PI_NetLogonSendToSamOnPdc)(
  148. IN LPWSTR DomainName,
  149. IN LPBYTE OpaqueBuffer,
  150. IN ULONG OpaqueBufferSize
  151. );
  152. typedef NET_API_STATUS
  153. (*PI_NetLogonGetIpAddresses)(
  154. OUT PULONG IpAddressCount,
  155. OUT LPBYTE *IpAddresses
  156. );
  157. typedef NTSTATUS
  158. (*PI_NetLogonGetAuthDataEx)(
  159. IN LPWSTR HostedDomainName,
  160. IN LPWSTR TrustedDomainName,
  161. IN BOOLEAN ResetChannel,
  162. IN ULONG Flags,
  163. OUT LPWSTR *ServerName,
  164. OUT PNL_OS_VERSION ServerOsVersion,
  165. OUT LPWSTR *ServerPrincipleName,
  166. OUT PVOID *ClientContext,
  167. OUT PULONG AuthnLevel
  168. );
  169. typedef NTSTATUS
  170. (*PI_NetLogonGetDirectDomain)(
  171. IN LPWSTR HostedDomainName,
  172. IN LPWSTR TrustedDomainName,
  173. OUT LPWSTR *DirectDomainName
  174. );
  175. typedef NTSTATUS
  176. (*PI_NetNotifyNtdsDsaDeletion) (
  177. IN LPWSTR DnsDomainName,
  178. IN GUID *DomainGuid,
  179. IN GUID *DsaGuid,
  180. IN LPWSTR DnsHostName
  181. );
  182. typedef NET_API_STATUS
  183. (*PI_NetLogonAddressToSiteName)(
  184. IN PSOCKET_ADDRESS SocketAddress,
  185. OUT LPWSTR *SiteName
  186. );
  187. //
  188. // Global status
  189. //
  190. HANDLE NetlogonDllHandle = NULL;
  191. PI_NetNotifyDelta pI_NetNotifyDelta = NULL;
  192. PI_NetNotifyRole pI_NetNotifyRole = NULL;
  193. PI_NetNotifyMachineAccount pI_NetNotifyMachineAccount = NULL;
  194. PI_NetNotifyTrustedDomain pI_NetNotifyTrustedDomain = NULL;
  195. PI_NetLogonSetServiceBits pI_NetLogonSetServiceBits = NULL;
  196. PI_NetLogonGetSerialNumber pI_NetLogonGetSerialNumber = NULL;
  197. PI_NetLogonLdapLookup pI_NetLogonLdapLookup = NULL;
  198. PI_NetLogonLdapLookupEx pI_NetLogonLdapLookupEx = NULL;
  199. PI_NetLogonFree pI_NetLogonFree = NULL;
  200. PI_DsGetDcCache pI_DsGetDcCache = NULL;
  201. PDsrGetDcName pDsrGetDcName = NULL;
  202. PDsrGetDcNameEx2 pDsrGetDcNameEx2 = NULL;
  203. PI_NetNotifyDsChange pI_NetNotifyDsChange = NULL;
  204. PI_NetLogonReadChangeLog pI_NetLogonReadChangeLog = NULL;
  205. PI_NetLogonNewChangeLog pI_NetLogonNewChangeLog = NULL;
  206. PI_NetLogonAppendChangeLog pI_NetLogonAppendChangeLog = NULL;
  207. PI_NetLogonCloseChangeLog pI_NetLogonCloseChangeLog = NULL;
  208. PI_NetLogonSendToSamOnPdc pI_NetLogonSendToSamOnPdc = NULL;
  209. PI_NetLogonGetIpAddresses pI_NetLogonGetIpAddresses = NULL;
  210. PI_NetLogonGetAuthDataEx pI_NetLogonGetAuthDataEx = NULL;
  211. PI_NetLogonGetDirectDomain pI_NetLogonGetDirectDomain = NULL;
  212. PI_NetNotifyNtdsDsaDeletion pI_NetNotifyNtdsDsaDeletion = NULL;
  213. PI_NetLogonAddressToSiteName pI_NetLogonAddressToSiteName = NULL;
  215. NlLoadNetlogonDll(
  216. VOID
  217. )
  218. /*++
  219. Routine Description:
  220. This function loads the netlogon.dll module if it is not loaded
  221. already. If the network is not installed then netlogon.dll will not
  222. present in the system and the LoadLibrary will fail.
  223. Arguments:
  224. None
  225. Return Value:
  226. NT Status code.
  227. --*/
  228. {
  229. static NTSTATUS DllLoadStatus = STATUS_SUCCESS;
  230. PI_NetNotifyNetlogonDllHandle pI_NetNotifyNetlogonDllHandle = NULL;
  231. HANDLE DllHandle = NULL;
  232. //
  233. // If we've tried to load the DLL before and it failed,
  234. // return the same error code again.
  235. //
  236. if( DllLoadStatus != STATUS_SUCCESS ) {
  237. goto Cleanup;
  238. }
  239. //
  240. // Load netlogon.dll
  241. //
  242. DllHandle = LoadLibraryA( "Netlogon" );
  243. if ( DllHandle == NULL ) {
  244. #if DBG
  245. DWORD DbgError;
  246. DbgError = GetLastError();
  247. DbgPrint("[Security Process] can't load netlogon.dll %d \n",
  248. DbgError);
  249. #endif // DBG
  250. DllLoadStatus = STATUS_DLL_NOT_FOUND;
  251. goto Cleanup;
  252. }
  253. //
  254. // Macro to grab the address of the named procedure from netlogon.dll
  255. //
  256. #if DBG
  257. #define GRAB_ADDRESS( _X ) \
  258. p##_X = (P##_X) GetProcAddress( DllHandle, #_X ); \
  259. \
  260. if ( p##_X == NULL ) { \
  261. DbgPrint("[security process] can't load " #_X " procedure. %ld\n", GetLastError()); \
  263. goto Cleanup; \
  264. }
  265. #else // DBG
  266. #define GRAB_ADDRESS( _X ) \
  267. p##_X = (P##_X) GetProcAddress( DllHandle, #_X ); \
  268. \
  269. if ( p##_X == NULL ) { \
  271. goto Cleanup; \
  272. }
  273. #endif // DBG
  274. //
  275. // Get the addresses of the required procedures.
  276. //
  277. GRAB_ADDRESS( I_NetNotifyDelta );
  278. GRAB_ADDRESS( I_NetNotifyRole );
  279. GRAB_ADDRESS( I_NetNotifyMachineAccount );
  280. GRAB_ADDRESS( I_NetNotifyTrustedDomain );
  281. GRAB_ADDRESS( I_NetLogonSetServiceBits );
  282. GRAB_ADDRESS( I_NetLogonGetSerialNumber );
  283. GRAB_ADDRESS( I_NetLogonLdapLookup );
  284. GRAB_ADDRESS( I_NetLogonLdapLookupEx );
  285. GRAB_ADDRESS( I_NetLogonFree );
  286. GRAB_ADDRESS( I_DsGetDcCache );
  287. GRAB_ADDRESS( DsrGetDcName );
  288. GRAB_ADDRESS( DsrGetDcNameEx2 );
  289. GRAB_ADDRESS( I_NetNotifyDsChange );
  290. GRAB_ADDRESS( I_NetLogonReadChangeLog );
  291. GRAB_ADDRESS( I_NetLogonNewChangeLog );
  292. GRAB_ADDRESS( I_NetLogonAppendChangeLog );
  293. GRAB_ADDRESS( I_NetLogonCloseChangeLog );
  294. GRAB_ADDRESS( I_NetLogonSendToSamOnPdc );
  295. GRAB_ADDRESS( I_NetLogonGetIpAddresses );
  296. GRAB_ADDRESS( I_NetLogonGetAuthDataEx );
  297. GRAB_ADDRESS( I_NetLogonGetDirectDomain );
  298. GRAB_ADDRESS( I_NetNotifyNtdsDsaDeletion );
  299. GRAB_ADDRESS( I_NetLogonAddressToSiteName );
  300. //
  301. // Find the address of the I_NetNotifyNetlogonDllHandle procedure.
  302. // This is an optional procedure so don't complain if it isn't there.
  303. //
  304. pI_NetNotifyNetlogonDllHandle = (PI_NetNotifyNetlogonDllHandle)
  305. GetProcAddress( DllHandle, "I_NetNotifyNetlogonDllHandle" );
  306. DllLoadStatus = STATUS_SUCCESS;
  307. Cleanup:
  308. if (DllLoadStatus == STATUS_SUCCESS) {
  309. NetlogonDllHandle = DllHandle;
  310. //
  311. // Notify Netlogon that we've loaded it.
  312. //
  313. if( pI_NetNotifyNetlogonDllHandle != NULL ) {
  314. (VOID) (*pI_NetNotifyNetlogonDllHandle)( &NetlogonDllHandle );
  315. }
  316. } else {
  317. if ( DllHandle != NULL ) {
  318. FreeLibrary( DllHandle );
  319. }
  320. }
  321. return( DllLoadStatus );
  322. }
  324. I_NetNotifyDelta (
  326. IN LARGE_INTEGER ModificationCount,
  329. IN ULONG ObjectRid,
  330. IN PSID ObjectSid,
  331. IN PUNICODE_STRING ObjectName,
  332. IN DWORD ReplicationImmediately,
  333. IN PSAM_DELTA_DATA MemberId
  334. )
  335. /*++
  336. Routine Description:
  337. This function is called by the SAM and LSA services after each
  338. change is made to the SAM and LSA databases. The services describe
  339. the type of object that is modified, the type of modification made
  340. on the object, the serial number of this modification etc. This
  341. information is stored for later retrieval when a BDC or member
  342. server wants a copy of this change. See the description of
  343. I_NetSamDeltas for a description of how the change log is used.
  344. Add a change log entry to circular change log maintained in cache as
  345. well as on the disk and update the head and tail pointers
  346. It is assumed that Tail points to a block where this new change log
  347. entry may be stored.
  348. NOTE: The actual code is in netlogon.dll. This wrapper function
  349. will determine whether the network is installed, if so, it calls the
  350. actual worker function after loading the netlogon.dll module. If the
  351. network is not installed then this will function will return with
  352. appropriate error code.
  353. Arguments:
  354. DbType - Type of the database that has been modified.
  355. ModificationCount - The value of the DomainModifiedCount field for the
  356. domain following the modification.
  357. DeltaType - The type of modification that has been made on the object.
  358. ObjectType - The type of object that has been modified.
  359. ObjectRid - The relative ID of the object that has been modified.
  360. This parameter is valid only when the object type specified is
  361. either SecurityDbObjectSamUser, SecurityDbObjectSamGroup or
  362. SecurityDbObjectSamAlias otherwise this parameter is set to zero.
  363. ObjectSid - The SID of the object that has been modified. If the object
  364. modified is in a SAM database, ObjectSid is the DomainId of the Domain
  365. containing the object.
  366. ObjectName - The name of the secret object when the object type
  367. specified is SecurityDbObjectLsaSecret or the old name of the object
  368. when the object type specified is either SecurityDbObjectSamUser,
  369. SecurityDbObjectSamGroup or SecurityDbObjectSamAlias and the delta
  370. type is SecurityDbRename otherwise this parameter is set to NULL.
  371. ReplicateImmediately - TRUE if the change should be immediately
  372. replicated to all BDCs. A password change should set the flag
  373. TRUE.
  374. MemberId - This parameter is specified when group/alias membership
  375. is modified. This structure will then point to the member's ID that
  376. has been updated.
  377. Return Value:
  378. STATUS_SUCCESS - The Service completed successfully.
  379. --*/
  380. {
  381. NTSTATUS NtStatus;
  382. //
  383. // Load netlogon.dll if it hasn't already been loaded.
  384. //
  385. if( NetlogonDllHandle == NULL ) {
  386. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  387. return( NtStatus );
  388. }
  389. }
  390. NtStatus = (*pI_NetNotifyDelta)(
  391. DbType,
  392. ModificationCount,
  393. DeltaType,
  394. ObjectType,
  395. ObjectRid,
  396. ObjectSid,
  397. ObjectName,
  398. ReplicationImmediately,
  399. MemberId
  400. );
  401. return( STATUS_SUCCESS );
  402. }
  404. I_NetNotifyRole(
  406. )
  407. /*++
  408. Routine Description:
  409. This function is called by the LSA service upon LSA initialization
  410. and when LSA changes domain role. This routine will initialize the
  411. change log cache if the role specified is PDC or delete the change
  412. log cache if the role specified is other than PDC.
  413. When this function initializing the change log if the change log
  414. currently exists on disk, the cache will be initialized from disk.
  415. LSA should treat errors from this routine as non-fatal. LSA should
  416. log the errors so they may be corrected then continue
  417. initialization. However, LSA should treat the system databases as
  418. read-only in this case.
  419. NOTE: The actual code is in netlogon.dll. This wrapper function
  420. will determine whether the network is installed, if so, it calls the
  421. actual worker function after loading the netlogon.dll module. If the
  422. network is not installed then this will function will return with
  423. appropriate error code.
  424. Arguments:
  425. Role - Current role of the server.
  426. Return Value:
  427. STATUS_SUCCESS - The Service completed successfully.
  428. --*/
  429. {
  430. NTSTATUS NtStatus;
  431. //
  432. // Load netlogon.dll if it hasn't already been loaded.
  433. //
  434. if( NetlogonDllHandle == NULL ) {
  435. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  436. return( NtStatus );
  437. }
  438. }
  439. NtStatus = (*pI_NetNotifyRole)(
  440. Role
  441. );
  442. #if DBG
  443. if( !NT_SUCCESS(NtStatus) ) {
  444. DbgPrint("[Security Process] I_NetNotifyRole returns 0x%lx \n",
  445. NtStatus);
  446. }
  447. #endif // DBG
  448. return( STATUS_SUCCESS );
  449. }
  451. I_NetNotifyMachineAccount (
  452. IN ULONG ObjectRid,
  453. IN PSID DomainSid,
  454. IN ULONG OldUserAccountControl,
  455. IN ULONG NewUserAccountControl,
  456. IN PUNICODE_STRING ObjectName
  457. )
  458. /*++
  459. Routine Description:
  460. This function is called by the SAM to indicate that the account type
  461. of a machine account has changed. Specifically, if
  463. USER_SERVER_TRUST_ACCOUNT change for a particular account, this
  464. routine is called to let Netlogon know of the account change.
  465. NOTE: The actual code is in netlogon.dll. This wrapper function
  466. will determine whether the network is installed, if so, it calls the
  467. actual worker function after loading the netlogon.dll module. If the
  468. network is not installed then this will function will return with
  469. appropriate error code.
  470. Arguments:
  471. ObjectRid - The relative ID of the object that has been modified.
  472. DomainSid - Specifies the SID of the Domain containing the object.
  473. OldUserAccountControl - Specifies the previous value of the
  474. UserAccountControl field of the user.
  475. NewUserAccountControl - Specifies the new (current) value of the
  476. UserAccountControl field of the user.
  477. ObjectName - The name of the account being changed.
  478. Return Value:
  479. Status of the operation.
  480. --*/
  481. {
  482. NTSTATUS NtStatus;
  483. //
  484. // Load netlogon.dll if it hasn't already been loaded.
  485. //
  486. if( NetlogonDllHandle == NULL ) {
  487. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  488. return( NtStatus );
  489. }
  490. }
  491. NtStatus = (*pI_NetNotifyMachineAccount)(
  492. ObjectRid,
  493. DomainSid,
  494. OldUserAccountControl,
  495. NewUserAccountControl,
  496. ObjectName );
  497. #if DBG
  498. if( !NT_SUCCESS(NtStatus) ) {
  499. DbgPrint("[Security Process] I_NetNotifyMachineAccount returns 0x%lx\n",
  500. NtStatus);
  501. }
  502. #endif // DBG
  503. return( NtStatus );
  504. }
  506. I_NetNotifyTrustedDomain (
  507. IN PSID HostedDomainSid,
  508. IN PSID TrustedDomainSid,
  509. IN BOOLEAN IsDeletion
  510. )
  511. /*++
  512. Routine Description:
  513. This function is called by the LSA to indicate that a trusted domain
  514. object has changed.
  515. This function is called for both PDC and BDC.
  516. Arguments:
  517. HostedDomainSid - Domain SID of the domain the trust is from.
  518. TrustedDomainSid - Domain SID of the domain the trust is to.
  519. IsDeletion - TRUE if the trusted domain object was deleted.
  520. FALSE if the trusted domain object was created or modified.
  521. Return Value:
  522. Status of the operation.
  523. --*/
  524. {
  525. NTSTATUS NtStatus;
  526. //
  527. // Load netlogon.dll if it hasn't already been loaded.
  528. //
  529. if( NetlogonDllHandle == NULL ) {
  530. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  531. return( NtStatus );
  532. }
  533. }
  534. NtStatus = (*pI_NetNotifyTrustedDomain)(
  535. HostedDomainSid,
  536. TrustedDomainSid,
  537. IsDeletion );
  538. #if DBG
  539. if( !NT_SUCCESS(NtStatus) ) {
  540. DbgPrint("[Security Process] I_NetNotifyTrustedDomain returns 0x%lx\n",
  541. NtStatus);
  542. }
  543. #endif // DBG
  544. return( NtStatus );
  545. }
  547. I_NetLogonSetServiceBits(
  548. IN DWORD ServiceBitsOfInterest,
  549. IN DWORD ServiceBits
  550. )
  551. /*++
  552. Routine Description:
  553. Inidcates whether this DC is currently running the specified service.
  554. For instance,
  555. I_NetLogonSetServiceBits( DS_KDC_FLAG, DS_KDC_FLAG );
  556. tells Netlogon the KDC is running. And
  557. I_NetLogonSetServiceBits( DS_KDC_FLAG, 0 );
  558. tells Netlogon the KDC is not running.
  559. Arguments:
  560. ServiceBitsOfInterest - A mask of the service bits being changed, set,
  561. or reset by this call. Only the following flags are valid:
  562. DS_KDC_FLAG
  563. DS_DS_FLAG
  565. ServiceBits - A mask indicating what the bits specified by ServiceBitsOfInterest
  566. should be set to.
  567. Return Value:
  568. STATUS_SUCCESS - Success.
  569. STATUS_INVALID_PARAMETER - The parameters have extaneous bits set.
  570. STATUS_DLL_NOT_FOUND - Netlogon.dll could not be loaded.
  571. --*/
  572. {
  573. NTSTATUS NtStatus;
  574. //
  575. // Load netlogon.dll if it hasn't already been loaded.
  576. //
  577. if( NetlogonDllHandle == NULL ) {
  578. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  579. return( NtStatus );
  580. }
  581. }
  582. NtStatus = (*pI_NetLogonSetServiceBits)(
  583. ServiceBitsOfInterest,
  584. ServiceBits );
  585. #if DBG
  586. if( !NT_SUCCESS(NtStatus) ) {
  587. DbgPrint("[Security Process] I_NetLogonSetServiceBits returns 0x%lx\n",
  588. NtStatus);
  589. }
  590. #endif // DBG
  591. return( NtStatus );
  592. }
  594. I_NetLogonGetSerialNumber (
  596. IN PSID DomainSid,
  597. OUT PLARGE_INTEGER SerialNumber
  598. )
  599. /*++
  600. Routine Description:
  601. This function is called by the SAM and LSA services when they startup
  602. to get the current serial number written to the changelog.
  603. Arguments:
  604. DbType - Type of the database that has been modified.
  605. DomainSid - For the SAM and builtin database, this specifies the DomainId of
  606. the domain whose serial number is to be returned.
  607. SerialNumber - Returns the latest set value of the DomainModifiedCount
  608. field for the domain.
  609. Return Value:
  610. STATUS_SUCCESS - The Service completed successfully.
  611. STATUS_INVALID_DOMAIN_ROLE - This machine is not the PDC.
  612. STATUS_DLL_NOT_FOUND - Netlogon.dll could not be loaded.
  613. --*/
  614. {
  615. NTSTATUS NtStatus;
  616. //
  617. // Load netlogon.dll if it hasn't already been loaded.
  618. //
  619. if( NetlogonDllHandle == NULL ) {
  620. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  621. return( NtStatus );
  622. }
  623. }
  624. NtStatus = (*pI_NetLogonGetSerialNumber)(
  625. DbType,
  626. DomainSid,
  627. SerialNumber );
  628. #if DBG
  629. if( !NT_SUCCESS(NtStatus) ) {
  630. DbgPrint("[Security Process] I_NetLogonGetSerialNumber returns 0x%lx\n",
  631. NtStatus);
  632. }
  633. #endif // DBG
  634. return( NtStatus );
  635. }
  637. I_NetLogonLdapLookup(
  638. IN PVOID Filter,
  639. OUT PVOID *Response,
  640. OUT PULONG ResponseSize
  641. )
  642. /*++
  643. Routine Description:
  644. This routine builds a response to an LDAP ping of a DC. DsGetDcName does
  645. such a ping to ensure the DC is functional and still meets the requirements
  646. of the DsGetDcName. DsGetDcName does an LDAP lookup of the NULL DN asking
  647. for attribute "Netlogon". The DS turns that into a call to this routine
  648. passing in the filter parameter.
  649. Arguments:
  650. Filter - Filter describing the query. The filter is built by the DsGetDcName
  651. client, so we can limit the flexibility significantly. The filter is:
  652. Response - Returns a pointer to an allocated buffer containing
  653. the response to return to the caller. This response is a binary blob
  654. which should be returned to the caller bit-for-bit intact.
  655. The buffer should be freed be calling I_NetLogonFree.
  656. ResponseSize - Size (in bytes) of the returned message.
  657. Return Value:
  658. STATUS_SUCCESS -- The response was returned in the supplied buffer.
  659. STATUS_INVALID_PARAMETER -- The filter was invalid.
  660. --*/
  661. {
  662. NTSTATUS NtStatus;
  663. //
  664. // Load netlogon.dll if it hasn't already been loaded.
  665. //
  666. if( NetlogonDllHandle == NULL ) {
  667. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  668. return( NtStatus );
  669. }
  670. }
  671. NtStatus = (*pI_NetLogonLdapLookup)(
  672. Filter,
  673. Response,
  674. ResponseSize );
  675. #if DBG
  676. if( !NT_SUCCESS(NtStatus) ) {
  677. DbgPrint("[Security Process] I_NetLogonLdapLookup returns 0x%lx\n",
  678. NtStatus);
  679. }
  680. #endif // DBG
  681. return( NtStatus );
  682. }
  684. I_NetLogonLdapLookupEx(
  685. IN PVOID Filter,
  686. IN PVOID SockAddr,
  687. OUT PVOID *Response,
  688. OUT PULONG ResponseSize
  689. )
  690. /*++
  691. Routine Description:
  692. This routine builds a response to an LDAP ping of a DC. DsGetDcName does
  693. such a ping to ensure the DC is functional and still meets the requirements
  694. of the DsGetDcName. DsGetDcName does an LDAP lookup of the NULL DN asking
  695. for attribute "Netlogon". The DS turns that into a call to this routine
  696. passing in the filter parameter.
  697. Arguments:
  698. Filter - Filter describing the query. The filter is built by the DsGetDcName
  699. client, so we can limit the flexibility significantly. The filter is:
  700. SockAddr - Address of the client that sent the ping.
  701. Response - Returns a pointer to an allocated buffer containing
  702. the response to return to the caller. This response is a binary blob
  703. which should be returned to the caller bit-for-bit intact.
  704. The buffer should be freed be calling I_NetLogonFree.
  705. ResponseSize - Size (in bytes) of the returned message.
  706. Return Value:
  707. STATUS_SUCCESS -- The response was returned in the supplied buffer.
  708. STATUS_INVALID_PARAMETER -- The filter was invalid.
  709. --*/
  710. {
  711. NTSTATUS NtStatus;
  712. //
  713. // Load netlogon.dll if it hasn't already been loaded.
  714. //
  715. if( NetlogonDllHandle == NULL ) {
  716. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  717. return( NtStatus );
  718. }
  719. }
  720. NtStatus = (*pI_NetLogonLdapLookupEx)(
  721. Filter,
  722. SockAddr,
  723. Response,
  724. ResponseSize );
  725. #ifdef notdef // Failures occur frequently in nature
  726. #if DBG
  727. if( !NT_SUCCESS(NtStatus) ) {
  728. DbgPrint("[Security Process] I_NetLogonLdapLookupEx returns 0x%lx\n",
  729. NtStatus);
  730. }
  731. #endif // DBG
  732. #endif // notdef
  733. return( NtStatus );
  734. }
  735. VOID
  736. I_NetLogonFree(
  737. IN PVOID Buffer
  738. )
  739. /*++
  740. Routine Description:
  741. Free any buffer allocated by Netlogon and returned to an in-process caller.
  742. Arguments:
  743. Buffer - Buffer to deallocate.
  744. Return Value:
  745. None.
  746. --*/
  747. {
  748. NTSTATUS NtStatus;
  749. //
  750. // Load netlogon.dll if it hasn't already been loaded.
  751. //
  752. if( NetlogonDllHandle == NULL ) {
  753. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  754. return;
  755. }
  756. }
  757. (*pI_NetLogonFree)( Buffer );
  758. }
  760. I_DsGetDcCache(
  761. IN LPCWSTR NetbiosDomainName OPTIONAL,
  762. IN LPCWSTR DnsDomainName OPTIONAL,
  763. OUT PBOOLEAN InNt4Domain,
  764. OUT LPDWORD InNt4DomainTime
  765. )
  766. /*++
  767. Routine Description:
  768. This routine finds a domain entry that matches the caller's query.
  769. Arguments:
  770. NetbiosDomainName - Specifies the Netbios name of the domain to find.
  771. DnsDomainName - Specifies the Dns name of the domain to find.
  772. At least one of the above parameters should be non-NULL.
  773. InNt4Domain - Returns true if the domain is an NT 4.0 domain.
  774. InNt4DomainTime - Returns the GetTickCount time of when the domain was
  775. detected to be an NT 4.0 domain.
  776. Return Value:
  777. NO_ERROR: Information is returned about the domain.
  778. ERROR_NO_SUCH_DOMAIN: cached information is not available for this domain.
  779. --*/
  780. {
  781. NTSTATUS NtStatus;
  782. NET_API_STATUS NetStatus;
  783. //
  784. // Load netlogon.dll if it hasn't already been loaded.
  785. //
  786. if( NetlogonDllHandle == NULL ) {
  787. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  788. return( NtStatus );
  789. }
  790. }
  791. NetStatus = (*pI_DsGetDcCache)(
  792. NetbiosDomainName,
  793. DnsDomainName,
  794. InNt4Domain,
  795. InNt4DomainTime );
  796. return( NetStatus );
  797. }
  799. DsrGetDcName(
  800. IN LPWSTR ComputerName OPTIONAL,
  801. IN LPWSTR DomainName OPTIONAL,
  802. IN GUID *DomainGuid OPTIONAL,
  803. IN GUID *SiteGuid OPTIONAL,
  804. IN ULONG Flags,
  805. OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
  806. )
  807. /*++
  808. Routine Description:
  809. Same as DsGetDcNameW except:
  810. * This is the RPC server side implementation.
  811. Arguments:
  812. Same as DsGetDcNameW except as above.
  813. Return Value:
  814. Same as DsGetDcNameW except as above.
  815. --*/
  816. {
  817. NTSTATUS NtStatus;
  818. NET_API_STATUS NetStatus;
  819. //
  820. // Load netlogon.dll if it hasn't already been loaded.
  821. //
  822. if( NetlogonDllHandle == NULL ) {
  823. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  824. return( NtStatus );
  825. }
  826. }
  827. NetStatus = (*pDsrGetDcName)(
  828. ComputerName,
  829. DomainName,
  830. DomainGuid,
  831. SiteGuid,
  832. Flags,
  833. DomainControllerInfo );
  834. return( NetStatus );
  835. }
  837. DsrGetDcNameEx2(
  838. IN LPWSTR ComputerName OPTIONAL,
  839. IN LPWSTR AccountName OPTIONAL,
  840. IN ULONG AllowableAccountControlBits,
  841. IN LPWSTR DomainName OPTIONAL,
  842. IN GUID *DomainGuid OPTIONAL,
  844. IN ULONG Flags,
  845. OUT PDOMAIN_CONTROLLER_INFOW *DomainControllerInfo
  846. )
  847. /*++
  848. Routine Description:
  849. Same as DsGetDcNameW except:
  850. AccountName - Account name to pass on the ping request.
  851. If NULL, no account name will be sent.
  852. AllowableAccountControlBits - Mask of allowable account types for AccountName.
  853. * This is the RPC server side implementation.
  854. Arguments:
  855. Same as DsGetDcNameW except as above.
  856. Return Value:
  857. Same as DsGetDcNameW except as above.
  858. --*/
  859. {
  860. NTSTATUS NtStatus;
  861. NET_API_STATUS NetStatus;
  862. //
  863. // Load netlogon.dll if it hasn't already been loaded.
  864. //
  865. if( NetlogonDllHandle == NULL ) {
  866. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  867. return( NtStatus );
  868. }
  869. }
  870. NetStatus = (*pDsrGetDcNameEx2)(
  871. ComputerName,
  872. AccountName,
  873. AllowableAccountControlBits,
  874. DomainName,
  875. DomainGuid,
  876. SiteName,
  877. Flags,
  878. DomainControllerInfo );
  879. return( NetStatus );
  880. }
  882. I_NetNotifyDsChange(
  883. IN NL_DS_CHANGE_TYPE DsChangeType
  884. )
  885. /*++
  886. Routine Description:
  887. This function is called by the LSA to indicate that configuration information
  888. in the DS has changed.
  889. This function is called for both PDC and BDC.
  890. Arguments:
  891. DsChangeType - Indicates the type of information that has changed.
  892. Return Value:
  893. Status of the operation.
  894. --*/
  895. {
  896. NTSTATUS NtStatus;
  897. //
  898. // Load netlogon.dll if it hasn't already been loaded.
  899. //
  900. if( NetlogonDllHandle == NULL ) {
  901. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  902. return( NtStatus );
  903. }
  904. }
  905. NtStatus = (*pI_NetNotifyDsChange)(
  906. DsChangeType
  907. );
  908. #if DBG
  909. if( !NT_SUCCESS(NtStatus) ) {
  910. DbgPrint("[Security Process] I_NetNotifyDsChange &ld returns 0x%lx \n",
  911. DsChangeType,
  912. NtStatus);
  913. }
  914. #endif // DBG
  915. return( NtStatus );
  916. }
  918. I_NetLogonReadChangeLog(
  919. IN PVOID InContext,
  920. IN ULONG InContextSize,
  921. IN ULONG ChangeBufferSize,
  922. OUT PVOID *ChangeBuffer,
  923. OUT PULONG BytesRead,
  924. OUT PVOID *OutContext,
  925. OUT PULONG OutContextSize
  926. )
  927. /*++
  928. Routine Description:
  929. This function returns a portion of the change log to the caller.
  930. The caller asks for the first portion of the change log by passing zero as
  931. the InContext/InContextSize. Each call passes out an OutContext that
  932. identifies the last change returned to the caller. That context can
  933. be passed in on a subsequent call to I_NetlogonReadChangeLog.
  934. Arguments:
  935. InContext - Opaque context describing the last entry to have been previously
  936. returned. Specify NULL to request the first entry.
  937. InContextSize - Size (in bytes) of InContext. Specify 0 to request the
  938. first entry.
  939. ChangeBufferSize - Specifies the size (in bytes) of the passed in ChangeBuffer.
  940. ChangeBuffer - Returns the next several entries from the change log.
  941. Buffer must be DWORD aligned.
  942. BytesRead - Returns the size (in bytes) of the entries returned in ChangeBuffer.
  943. OutContext - Returns an opaque context describing the last entry returned
  944. in ChangeBuffer. NULL is returned if no entries were returned.
  945. The buffer must be freed using I_NetLogonFree
  946. OutContextSize - Returns the size (in bytes) of OutContext.
  947. Return Value:
  948. STATUS_MORE_ENTRIES - More entries are available. This function should
  949. be called again to retrieve the remaining entries.
  950. STATUS_SUCCESS - No more entries are currently available. Some entries may
  951. have been returned on this call. This function need not be called again.
  952. However, the caller can determine if new change log entries were
  953. added to the log, by calling this function again passing in the returned
  954. context.
  955. STATUS_INVALID_PARAMETER - InContext is invalid.
  956. Either it is too short or the change log entry described no longer
  957. exists in the change log.
  958. STATUS_INVALID_DOMAIN_ROLE - Change log not initialized
  959. STATUS_NO_MEMORY - There is not enough memory to allocate OutContext.
  960. --*/
  961. {
  962. NTSTATUS NtStatus;
  963. //
  964. // Load netlogon.dll if it hasn't already been loaded.
  965. //
  966. if( NetlogonDllHandle == NULL ) {
  967. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  968. return( NtStatus );
  969. }
  970. }
  971. NtStatus = (*pI_NetLogonReadChangeLog)(
  972. InContext,
  973. InContextSize,
  974. ChangeBufferSize,
  975. ChangeBuffer,
  976. BytesRead,
  977. OutContext,
  978. OutContextSize
  979. );
  980. #if DBG
  981. if( !NT_SUCCESS(NtStatus) ) {
  982. DbgPrint("[Security Process] I_NetLogonReadChangeLog returns 0x%lx \n",
  983. NtStatus);
  984. }
  985. #endif // DBG
  986. return( NtStatus );
  987. }
  989. I_NetLogonNewChangeLog(
  990. OUT HANDLE *ChangeLogHandle
  991. )
  992. /*++
  993. Routine Description:
  994. This function opens a new changelog file for writing. The new changelog
  995. is a temporary file. The real change log will not be modified until
  996. I_NetLogonCloseChangeLog is called asking to Commit the changes.
  997. The caller should follow this call by Zero more calls to
  998. I_NetLogonAppendChangeLog followed by a call to I_NetLogonCloseChangeLog.
  999. Only one temporary change log can be active at once.
  1000. Arguments:
  1001. ChangeLogHandle - Returns a handle identifying the temporary change log.
  1002. Return Value:
  1003. STATUS_SUCCESS - The temporary change log has been successfully opened.
  1004. STATUS_INVALID_DOMAIN_ROLE - DC is neither PDC nor BDC.
  1005. STATUS_NO_MEMORY - Not enough memory to create the change log buffer.
  1006. Sundry file creation errors.
  1007. --*/
  1008. {
  1009. NTSTATUS NtStatus;
  1010. //
  1011. // Load netlogon.dll if it hasn't already been loaded.
  1012. //
  1013. if( NetlogonDllHandle == NULL ) {
  1014. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1015. return( NtStatus );
  1016. }
  1017. }
  1018. NtStatus = (*pI_NetLogonNewChangeLog)(
  1019. ChangeLogHandle
  1020. );
  1021. #if DBG
  1022. if( !NT_SUCCESS(NtStatus) ) {
  1023. DbgPrint("[Security Process] I_NetLogonNewChangeLog returns 0x%lx \n",
  1024. NtStatus);
  1025. }
  1026. #endif // DBG
  1027. return( NtStatus );
  1028. }
  1029. NTSTATUS
  1030. I_NetLogonAppendChangeLog(
  1031. IN HANDLE ChangeLogHandle,
  1032. IN PVOID ChangeBuffer,
  1033. IN ULONG ChangeBufferSize
  1034. )
  1035. /*++
  1036. Routine Description:
  1037. This function appends change log information to new changelog file.
  1038. The ChangeBuffer must be a change buffer returned from I_NetLogonReadChangeLog.
  1039. Care should be taken to ensure each call to I_NetLogonReadChangeLog is
  1040. exactly matched by one call to I_NetLogonAppendChangeLog.
  1041. Arguments:
  1042. ChangeLogHandle - A handle identifying the temporary change log.
  1043. ChangeBuffer - A buffer describing a set of changes returned from
  1044. I_NetLogonReadChangeLog.
  1045. ChangeBufferSize - Size (in bytes) of ChangeBuffer.
  1046. Return Value:
  1047. STATUS_SUCCESS - The temporary change log has been successfully opened.
  1048. STATUS_INVALID_DOMAIN_ROLE - DC is neither PDC nor BDC.
  1049. STATUS_INVALID_HANDLE - ChangeLogHandle is not valid.
  1050. STATUS_INVALID_PARAMETER - ChangeBuffer contains invalid data.
  1051. Sundry disk write errors.
  1052. --*/
  1053. {
  1054. NTSTATUS NtStatus;
  1055. //
  1056. // Load netlogon.dll if it hasn't already been loaded.
  1057. //
  1058. if( NetlogonDllHandle == NULL ) {
  1059. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1060. return( NtStatus );
  1061. }
  1062. }
  1063. NtStatus = (*pI_NetLogonAppendChangeLog)(
  1064. ChangeLogHandle,
  1065. ChangeBuffer,
  1066. ChangeBufferSize
  1067. );
  1068. #if DBG
  1069. if( !NT_SUCCESS(NtStatus) ) {
  1070. DbgPrint("[Security Process] I_NetLogonAppendChangeLog returns 0x%lx \n",
  1071. NtStatus);
  1072. }
  1073. #endif // DBG
  1074. return( NtStatus );
  1075. }
  1076. NTSTATUS
  1077. I_NetLogonCloseChangeLog(
  1078. IN HANDLE ChangeLogHandle,
  1079. IN BOOLEAN Commit
  1080. )
  1081. /*++
  1082. Routine Description:
  1083. This function closes a new changelog file.
  1084. Arguments:
  1085. ChangeLogHandle - A handle identifying the temporary change log.
  1086. Commit - If true, the specified changes are written to the primary change log.
  1087. If false, the specified change are deleted.
  1088. Return Value:
  1089. STATUS_SUCCESS - The temporary change log has been successfully opened.
  1090. STATUS_INVALID_DOMAIN_ROLE - DC is neither PDC nor BDC.
  1091. STATUS_INVALID_HANDLE - ChangeLogHandle is not valid.
  1092. --*/
  1093. {
  1094. NTSTATUS NtStatus;
  1095. //
  1096. // Load netlogon.dll if it hasn't already been loaded.
  1097. //
  1098. if( NetlogonDllHandle == NULL ) {
  1099. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1100. return( NtStatus );
  1101. }
  1102. }
  1103. NtStatus = (*pI_NetLogonCloseChangeLog)(
  1104. ChangeLogHandle,
  1105. Commit
  1106. );
  1107. #if DBG
  1108. if( !NT_SUCCESS(NtStatus) ) {
  1109. DbgPrint("[Security Process] I_NetLogonCloseChangeLog returns 0x%lx \n",
  1110. NtStatus);
  1111. }
  1112. #endif // DBG
  1113. return( NtStatus );
  1114. }
  1115. NTSTATUS
  1116. I_NetLogonSendToSamOnPdc(
  1117. IN LPWSTR DomainName,
  1118. IN LPBYTE OpaqueBuffer,
  1119. IN ULONG OpaqueBufferSize
  1120. )
  1121. /*++
  1122. Routine Description:
  1123. This function sends an opaque buffer from SAM on a BDC to SAM on the PDC of
  1124. the specified domain.
  1125. The original use of this routine will be to allow the BDC to forward user
  1126. account password changes to the PDC.
  1127. Arguments:
  1128. DomainName - Identifies the hosted domain that this request applies to.
  1129. DomainName may be the Netbios domain name or the DNS domain name.
  1130. NULL implies the primary domain hosted by this DC.
  1131. OpaqueBuffer - Buffer to be passed to the SAM service on the PDC.
  1132. The buffer will be encrypted on the wire.
  1133. OpaqueBufferSize - Size (in bytes) of OpaqueBuffer.
  1134. Return Value:
  1135. STATUS_SUCCESS: Message successfully sent to PDC
  1136. STATUS_NO_MEMORY: There is not enough memory to complete the operation
  1137. STATUS_NO_SUCH_DOMAIN: DomainName does not correspond to a hosted domain
  1138. STATUS_NO_LOGON_SERVERS: PDC is not currently available
  1139. STATUS_NOT_SUPPORTED: PDC does not support this operation
  1140. --*/
  1141. {
  1142. NTSTATUS NtStatus;
  1143. //
  1144. // Load netlogon.dll if it hasn't already been loaded.
  1145. //
  1146. if( NetlogonDllHandle == NULL ) {
  1147. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1148. return( NtStatus );
  1149. }
  1150. }
  1151. NtStatus = (*pI_NetLogonSendToSamOnPdc)(
  1152. DomainName,
  1153. OpaqueBuffer,
  1154. OpaqueBufferSize );
  1155. #if DBG
  1156. if( !NT_SUCCESS(NtStatus) ) {
  1157. DbgPrint("[Security Process] I_NetLogonSendToSamOnPdc returns 0x%lx \n",
  1158. NtStatus);
  1159. }
  1160. #endif // DBG
  1161. return( NtStatus );
  1162. }
  1164. I_NetLogonGetIpAddresses(
  1165. OUT PULONG IpAddressCount,
  1166. OUT LPBYTE *IpAddresses
  1167. )
  1168. /*++
  1169. Routine Description:
  1170. Returns all of the IP Addresses assigned to this machine.
  1171. Arguments:
  1172. IpAddressCount - Returns the number of IP addresses assigned to this machine.
  1173. IpAddresses - Returns a buffer containing an array of SOCKET_ADDRESS
  1174. structures.
  1175. This buffer should be freed using I_NetLogonFree().
  1176. Return Value:
  1177. NO_ERROR - Success
  1178. ERROR_NOT_ENOUGH_MEMORY - There was not enough memory to complete the operation.
  1179. ERROR_NETLOGON_NOT_STARTED - Netlogon is not started.
  1180. --*/
  1181. {
  1182. NTSTATUS NtStatus;
  1183. NET_API_STATUS NetStatus;
  1184. //
  1185. // Load netlogon.dll if it hasn't already been loaded.
  1186. //
  1187. if( NetlogonDllHandle == NULL ) {
  1188. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1189. return( NtStatus );
  1190. }
  1191. }
  1192. NetStatus = (*pI_NetLogonGetIpAddresses)(
  1193. IpAddressCount,
  1194. IpAddresses );
  1195. return( NetStatus );
  1196. }
  1197. NTSTATUS
  1198. I_NetLogonGetAuthDataEx(
  1199. IN LPWSTR HostedDomainName,
  1200. IN LPWSTR TrustedDomainName,
  1201. IN BOOLEAN ResetChannel,
  1202. IN ULONG Flags,
  1203. OUT LPWSTR *ServerName,
  1204. OUT PNL_OS_VERSION ServerOsVersion,
  1205. OUT LPWSTR *ServerPrincipleName,
  1206. OUT PVOID *ClientContext,
  1207. OUT PULONG AuthnLevel
  1208. )
  1209. /*++
  1210. Routine Description:
  1211. This function returns the data that a caller could passed to
  1212. RpcBindingSetAuthInfoW to do an RPC call using the Netlogon security package.
  1213. The returned data is valid for the life of Netlogon's secure channel to
  1214. the current DC. There is no way for the caller to determine that lifetime.
  1215. So, the caller should be prepared for access to be denied and respond to that
  1216. by calling I_NetLogonGetAuthData again.
  1217. Once the returned data is passed to RpcBindingSetAuthInfoW, the data should
  1218. not be deallocated until after the binding handle is closed.
  1219. Arguments:
  1220. HostedDomainName - Identifies the hosted domain that this request applies to.
  1221. DomainName may be the Netbios domain name or the DNS domain name.
  1222. NULL implies the primary domain hosted by this machine.
  1223. TrustedDomainName - Identifies the domain the trust relationship is to.
  1224. DomainName may be the Netbios domain name or the DNS domain name.
  1225. ResetChannel - If true, specifies that the netlogon secure channel
  1226. is to be reset.
  1227. Flags - Flags defining which ClientContext to return:
  1228. NL_DIRECT_TRUST_REQUIRED: Indicates that STATUS_NO_SUCH_DOMAIN should be returned
  1229. if TrustedDomainName is not directly trusted.
  1230. NL_RETURN_CLOSEST_HOP: Indicates that for indirect trust, the "closest hop"
  1231. session should be returned rather than the actual session
  1232. NL_ROLE_PRIMARY_OK: Indicates that if this is a PDC, it's OK to return
  1233. the client session to the primary domain.
  1234. NL_REQUIRE_DOMAIN_IN_FOREST - Indicates that STATUS_NO_SUCH_DOMAIN should be returned
  1235. if TrustedDomainName is not a domain in the forest.
  1236. ServerName - UNC name of a DC in the trusted domain.
  1237. The caller should RPC to the named DC. This DC is the only DC
  1238. that has the server side context associated with the ClientContext
  1239. given below.
  1240. The buffer must be freed using I_NetLogonFree.
  1241. ServerOsVersion - Returns the operating system version of the machine named ServerName
  1242. ServerPrincipleName - ServerPrincipleName to pass to RpcBindingSetAutInfo.
  1243. (See note above about when this data can be deallocated.)
  1244. The buffer must be freed using I_NetLogonFree.
  1245. ClientContext - Authentication data to pass as AuthIdentity to RpcBindingSetAutInfo.
  1246. (See note above about when this data can be deallocated.)
  1247. The buffer must be freed using I_NetLogonFree.
  1248. AuthnLevel - Authentication level Netlogon will use for its secure
  1249. channel. This value will be one of:
  1250. RPC_C_AUTHN_LEVEL_PKT_PRIVACY: Sign and seal
  1252. The caller can ignore this value and independently choose an authentication
  1253. level.
  1254. Return Value:
  1255. STATUS_SUCCESS: The auth data was successfully returned.
  1256. STATUS_NO_MEMORY: There is not enough memory to complete the operation
  1257. STATUS_NETLOGON_NOT_STARTED: Netlogon is not running
  1258. STATUS_NO_SUCH_DOMAIN: HostedDomainName does not correspond to a hosted domain, OR
  1259. TrustedDomainName is not a trusted domain.
  1260. STATUS_NO_LOGON_SERVERS: No DCs are not currently available
  1261. STATUS_NOT_SUPPORTED: DC does not support this operation
  1262. Probably because the DC in the trusted domain is running NT 4.0,
  1263. or Netlogon on this machine is configured to neither sign nor seal.
  1264. --*/
  1265. {
  1266. NTSTATUS NtStatus;
  1267. //
  1268. // Load netlogon.dll if it hasn't already been loaded.
  1269. //
  1270. if( NetlogonDllHandle == NULL ) {
  1271. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1272. return( NtStatus );
  1273. }
  1274. }
  1275. NtStatus = (*pI_NetLogonGetAuthDataEx)(
  1276. HostedDomainName,
  1277. TrustedDomainName,
  1278. ResetChannel,
  1279. Flags,
  1280. ServerName,
  1281. ServerOsVersion,
  1282. ServerPrincipleName,
  1283. ClientContext,
  1284. AuthnLevel );
  1285. return( NtStatus );
  1286. }
  1287. NTSTATUS
  1288. I_NetLogonGetDirectDomain(
  1289. IN LPWSTR HostedDomainName,
  1290. IN LPWSTR TrustedDomainName,
  1291. OUT LPWSTR *DirectDomainName
  1292. )
  1293. /*++
  1294. Routine Description:
  1295. This function returns the name of a domain in the enterprise and returns
  1296. the name of a domain that is one hop closer.
  1297. Arguments:
  1298. HostedDomainName - Identifies the hosted domain that this request applies to.
  1299. DomainName may be the Netbios domain name or the DNS domain name.
  1300. NULL implies the primary domain hosted by this machine.
  1301. TrustedDomainName - Identifies the domain the trust relationship is to.
  1302. DomainName may be the Netbios domain name or the DNS domain name.
  1303. DirectDomainName - Returns the DNS domain name of the domain that is
  1304. one hop closer to TrustedDomainName. If there is a direct trust to
  1305. TrustedDomainName, NULL is returned.
  1306. The buffer must be freed using I_NetLogonFree.
  1307. Return Value:
  1308. STATUS_SUCCESS: The auth data was successfully returned.
  1309. STATUS_NO_MEMORY: There is not enough memory to complete the operation
  1310. STATUS_NETLOGON_NOT_STARTED: Netlogon is not running
  1311. STATUS_NO_SUCH_DOMAIN: HostedDomainName does not correspond to a hosted domain, OR
  1312. TrustedDomainName is not a trusted domain.
  1313. --*/
  1314. {
  1315. NTSTATUS NtStatus;
  1316. //
  1317. // Load netlogon.dll if it hasn't already been loaded.
  1318. //
  1319. if( NetlogonDllHandle == NULL ) {
  1320. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1321. return( NtStatus );
  1322. }
  1323. }
  1324. NtStatus = (*pI_NetLogonGetDirectDomain)(
  1325. HostedDomainName,
  1326. TrustedDomainName,
  1327. DirectDomainName );
  1328. #if DBG
  1329. if( !NT_SUCCESS(NtStatus) ) {
  1330. DbgPrint("[Security Process] I_NetLogonGetDirectDomain returns 0x%lx \n",
  1331. NtStatus);
  1332. }
  1333. #endif // DBG
  1334. return( NtStatus );
  1335. }
  1336. NTSTATUS
  1337. I_NetNotifyNtdsDsaDeletion (
  1338. IN LPWSTR DnsDomainName,
  1339. IN GUID *DomainGuid,
  1340. IN GUID *DsaGuid,
  1341. IN LPWSTR DnsHostName
  1342. )
  1343. /*++
  1344. Routine Description:
  1345. This function is called by the DS to indicate that a NTDS-DSA object
  1346. is being deleted.
  1347. This function is called on the DC that the object is originally deleted on.
  1348. It is not called when the deletion is replicated to other DCs.
  1349. Arguments:
  1350. DnsDomainName - DNS domain name of the domain the DC was in.
  1351. This need not be a domain hosted by this DC.
  1352. DomainGuid - Domain Guid of the domain specified by DnsDomainName
  1353. DsaGuid - GUID of the NtdsDsa object that is being deleted.
  1354. DnsHostName - DNS host name of the DC whose NTDS-DSA object is being deleted.
  1355. Return Value:
  1356. Status of the operation.
  1357. --*/
  1358. {
  1359. NTSTATUS NtStatus;
  1360. //
  1361. // Load netlogon.dll if it hasn't already been loaded.
  1362. //
  1363. if( NetlogonDllHandle == NULL ) {
  1364. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1365. return( NtStatus );
  1366. }
  1367. }
  1368. NtStatus = (*pI_NetNotifyNtdsDsaDeletion)(
  1369. DnsDomainName,
  1370. DomainGuid,
  1371. DsaGuid,
  1372. DnsHostName );
  1373. #if DBG
  1374. if( !NT_SUCCESS(NtStatus) ) {
  1375. DbgPrint("[Security Process] I_NetNotifyNtdsDsaDeletion returns 0x%lx \n",
  1376. NtStatus);
  1377. }
  1378. #endif // DBG
  1379. return( NtStatus );
  1380. }
  1382. I_NetLogonAddressToSiteName(
  1383. IN PSOCKET_ADDRESS SocketAddress,
  1384. OUT LPWSTR *SiteName
  1385. )
  1386. /*++
  1387. Routine Description:
  1388. This function translates a socket addresses to site name.
  1389. Arguments:
  1390. SocketAddress -- the requested socket address
  1391. SiteName -- the corresponding site name
  1392. Return Value:
  1393. Status of the operation.
  1394. --*/
  1395. {
  1396. NTSTATUS NtStatus;
  1397. NET_API_STATUS NetStatus;
  1398. //
  1399. // Load netlogon.dll if it hasn't already been loaded.
  1400. //
  1401. if( NetlogonDllHandle == NULL ) {
  1402. if( (NtStatus = NlLoadNetlogonDll()) != STATUS_SUCCESS ) {
  1403. return( NtStatus );
  1404. }
  1405. }
  1406. NetStatus = (*pI_NetLogonAddressToSiteName)(SocketAddress,
  1407. SiteName );
  1408. return( NetStatus );
  1409. }