summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/drsuapi/dcesrv_drsuapi.c')
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.c1070
1 files changed, 1070 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
new file mode 100644
index 0000000..377cae4
--- /dev/null
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -0,0 +1,1070 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ endpoint server for the drsuapi pipe
+
+ Copyright (C) Stefan Metzmacher 2004
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_drsuapi.h"
+#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/common/common.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
+#include "libcli/security/security.h"
+#include "libcli/security/session.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "auth/auth.h"
+#include "param/param.h"
+#include "lib/messaging/irpc.h"
+
+#undef strcasecmp
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_DRS_REPL
+
+#define DRSUAPI_UNSUPPORTED(fname) do { \
+ DBG_WARNING(__location__ ": Unsupported DRS call %s\n", #fname); \
+ if (DEBUGLVL(DBGLVL_NOTICE)) NDR_PRINT_IN_DEBUG(fname, r); \
+ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); \
+} while (0)
+
+#define DCESRV_INTERFACE_DRSUAPI_BIND(context, iface) \
+ dcesrv_interface_drsuapi_bind(context, iface)
+static NTSTATUS dcesrv_interface_drsuapi_bind(struct dcesrv_connection_context *context,
+ const struct dcesrv_interface *iface)
+{
+ return dcesrv_interface_bind_require_privacy(context, iface);
+}
+
+/*
+ drsuapi_DsBind
+*/
+static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsBind *r)
+{
+ struct drsuapi_bind_state *b_state;
+ struct dcesrv_handle *handle;
+ struct drsuapi_DsBindInfoCtr *bind_info;
+ struct drsuapi_DsBindInfoCtr *local_info;
+ struct GUID site_guid, config_guid;
+ struct ldb_result *site_res, *config_res;
+ struct ldb_dn *server_site_dn, *config_dn;
+ static const char *site_attrs[] = { "objectGUID", NULL };
+ static const char *config_attrs[] = { "objectGUID", NULL };
+ struct ldb_result *ntds_res;
+ struct ldb_dn *ntds_dn;
+ static const char *ntds_attrs[] = { "ms-DS-ReplicationEpoch", NULL };
+ uint32_t pid;
+ uint32_t repl_epoch;
+ uint32_t supported_extensions;
+ uint32_t req_length;
+ int ret;
+ WERROR werr;
+
+ r->out.bind_info = NULL;
+ ZERO_STRUCTP(r->out.bind_handle);
+
+ b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
+ W_ERROR_HAVE_NO_MEMORY(b_state);
+
+ /* if this is a DC connecting, give them system level access */
+ werr = drs_security_level_check(dce_call, NULL, SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (W_ERROR_IS_OK(werr)) {
+ DBG_NOTICE("doing DsBind with system_session\n");
+ b_state->sam_ctx_system = dcesrv_samdb_connect_as_system(b_state, dce_call);
+ if (b_state->sam_ctx_system == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+ b_state->sam_ctx = b_state->sam_ctx_system;
+ } else {
+ b_state->sam_ctx = dcesrv_samdb_connect_as_user(b_state, dce_call);
+ if (b_state->sam_ctx == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+
+ /*
+ * an RODC also needs system samdb access for secret
+ * attribute replication
+ */
+ werr = drs_security_level_check(dce_call, NULL, SECURITY_RO_DOMAIN_CONTROLLER,
+ samdb_domain_sid(b_state->sam_ctx));
+ if (W_ERROR_IS_OK(werr)) {
+ DBG_NOTICE("doing DsBind as RODC\n");
+ b_state->sam_ctx_system =
+ dcesrv_samdb_connect_as_system(b_state, dce_call);
+ if (b_state->sam_ctx_system == NULL) {
+ return WERR_DS_UNAVAILABLE;
+ }
+ }
+ }
+
+ /*
+ * find out the guid of our own site
+ */
+ server_site_dn = samdb_server_site_dn(b_state->sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(server_site_dn);
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &site_res,
+ server_site_dn, LDB_SCOPE_BASE, site_attrs,
+ "(objectClass=*)");
+ if (ret != LDB_SUCCESS) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ if (site_res->count != 1) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ site_guid = samdb_result_guid(site_res->msgs[0], "objectGUID");
+
+ /*
+ * lookup the local servers Replication Epoch
+ */
+ ntds_dn = samdb_ntds_settings_dn(b_state->sam_ctx, mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(ntds_dn);
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &ntds_res,
+ ntds_dn, LDB_SCOPE_BASE, ntds_attrs,
+ "(objectClass=*)");
+ if (ret != LDB_SUCCESS) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ if (ntds_res->count != 1) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ repl_epoch = ldb_msg_find_attr_as_uint(ntds_res->msgs[0],
+ "ms-DS-ReplicationEpoch", 0);
+
+ /*
+ * The "process identifier" of the client.
+ * According to the WSPP docs, section 5.35, this is
+ * for informational and debugging purposes only.
+ * The assignment is implementation specific.
+ */
+ pid = 0;
+
+ /*
+ * store the clients bind_guid
+ */
+ if (r->in.bind_guid) {
+ b_state->remote_bind_guid = *r->in.bind_guid;
+ }
+
+ /*
+ * store the clients bind_info
+ */
+ if (r->in.bind_info) {
+ b_state->remote_info = r->in.bind_info;
+ }
+
+ /*
+ * fill in our local bind info
+ */
+ local_info = talloc_zero(mem_ctx, struct drsuapi_DsBindInfoCtr);
+ W_ERROR_HAVE_NO_MEMORY(local_info);
+
+ /*
+ * Fill in supported extensions
+ */
+ supported_extensions = 0;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+#if 0 /* we don't support MSZIP compression (only decompression) */
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+#endif
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+#if 0 /* we don't support XPRESS compression yet */
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS;
+#endif
+ supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10;
+
+ /*
+ * There is a chance for r->in.bind_info == NULL
+ * Currently we don't care, since it seems to be used nowhere else.
+ * But we need a request length. So use 28 as default.
+ */
+ req_length = 28;
+ if (r->in.bind_info) {
+ req_length = r->in.bind_info->length;
+ }
+
+ /*
+ * fill 28 or 48 info, depends on request
+ */
+ if (req_length < 48) {
+ local_info->length = 28;
+ local_info->info.info28.supported_extensions = supported_extensions;
+ local_info->info.info28.site_guid = site_guid;
+ local_info->info.info28.pid = pid;
+ local_info->info.info28.repl_epoch = repl_epoch;
+ } else {
+ local_info->length = 48;
+ local_info->info.info48.supported_extensions = supported_extensions;
+ local_info->info.info48.site_guid = site_guid;
+ local_info->info.info48.pid = pid;
+ local_info->info.info48.repl_epoch = repl_epoch;
+
+ local_info->info.info48.supported_extensions_ext = 0;
+ local_info->info.info48.supported_extensions_ext |= DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2;
+
+ /*
+ * find out the guid of our own site
+ */
+ config_dn = ldb_get_config_basedn(b_state->sam_ctx);
+ W_ERROR_HAVE_NO_MEMORY(config_dn);
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &config_res,
+ config_dn, LDB_SCOPE_BASE, config_attrs,
+ "(objectClass=*)");
+ if (ret != LDB_SUCCESS) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ if (config_res->count != 1) {
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+ config_guid = samdb_result_guid(config_res->msgs[0], "objectGUID");
+ local_info->info.info48.config_dn_guid = config_guid;
+ }
+
+ /*
+ * set local_info
+ */
+ b_state->local_info = local_info;
+
+ /*
+ * set bind_info
+ */
+ bind_info = local_info;
+
+ /*
+ * allocate a bind handle
+ */
+ handle = dcesrv_handle_create(dce_call, DRSUAPI_BIND_HANDLE);
+ W_ERROR_HAVE_NO_MEMORY(handle);
+ handle->data = talloc_steal(handle, b_state);
+
+ /*
+ * prepare reply
+ */
+ r->out.bind_info = bind_info;
+ *r->out.bind_handle = handle->wire_handle;
+
+ return WERR_OK;
+}
+
+
+/*
+ drsuapi_DsUnbind
+*/
+static WERROR dcesrv_drsuapi_DsUnbind(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsUnbind *r)
+{
+ struct dcesrv_handle *h;
+
+ *r->out.bind_handle = *r->in.bind_handle;
+
+ DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+
+ talloc_free(h);
+
+ ZERO_STRUCTP(r->out.bind_handle);
+
+ return WERR_OK;
+}
+
+
+/*
+ drsuapi_DsReplicaSync
+*/
+static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaSync *r)
+{
+ WERROR status;
+ uint32_t timeout;
+
+ status = drs_security_level_check(dce_call, "DsReplicaSync", SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.level != 1) {
+ DBG_ERR("DsReplicaSync called with unsupported level %d\n", r->in.level);
+ return WERR_DS_DRA_INVALID_PARAMETER;
+ }
+
+ if (r->in.req->req1.options & DRSUAPI_DRS_ASYNC_OP) {
+ timeout = IRPC_CALL_TIMEOUT;
+ } else {
+ /*
+ * use Infinite time for timeout in case
+ * the caller made a sync call
+ */
+ timeout = IRPC_CALL_TIMEOUT_INF;
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+ r, NDR_DRSUAPI_DSREPLICASYNC,
+ &ndr_table_drsuapi,
+ "dreplsrv", "DsReplicaSync",
+ timeout);
+
+ return WERR_OK;
+}
+
+
+/*
+ drsuapi_DsReplicaAdd
+*/
+static WERROR dcesrv_drsuapi_DsReplicaAdd(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaAdd *r)
+{
+ WERROR status;
+
+ status = drs_security_level_check(dce_call, "DsReplicaAdd", SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+ r, NDR_DRSUAPI_DSREPLICAADD,
+ &ndr_table_drsuapi,
+ "dreplsrv", "DsReplicaAdd",
+ IRPC_CALL_TIMEOUT);
+
+ return WERR_OK;
+}
+
+
+/*
+ drsuapi_DsReplicaDel
+*/
+static WERROR dcesrv_drsuapi_DsReplicaDel(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaDel *r)
+{
+ WERROR status;
+
+ status = drs_security_level_check(dce_call, "DsReplicaDel", SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+ r, NDR_DRSUAPI_DSREPLICADEL,
+ &ndr_table_drsuapi,
+ "dreplsrv", "DsReplicaDel",
+ IRPC_CALL_TIMEOUT);
+
+ return WERR_OK;
+}
+
+
+/*
+ drsuapi_DsReplicaModify
+*/
+static WERROR dcesrv_drsuapi_DsReplicaMod(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaMod *r)
+{
+ WERROR status;
+
+ status = drs_security_level_check(dce_call, "DsReplicaMod", SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx,
+ r, NDR_DRSUAPI_DSREPLICAMOD,
+ &ndr_table_drsuapi,
+ "dreplsrv", "DsReplicaMod",
+ IRPC_CALL_TIMEOUT);
+
+ return WERR_OK;
+}
+
+
+/*
+ DRSUAPI_VERIFY_NAMES
+*/
+static WERROR dcesrv_DRSUAPI_VERIFY_NAMES(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DRSUAPI_VERIFY_NAMES *r)
+{
+ DRSUAPI_UNSUPPORTED(DRSUAPI_VERIFY_NAMES);
+}
+
+
+/*
+ drsuapi_DsGetMemberships
+*/
+static WERROR dcesrv_drsuapi_DsGetMemberships(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsGetMemberships *r)
+{
+ DRSUAPI_UNSUPPORTED(drsuapi_DsGetMemberships);
+}
+
+
+/*
+ DRSUAPI_INTER_DOMAIN_MOVE
+*/
+static WERROR dcesrv_DRSUAPI_INTER_DOMAIN_MOVE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DRSUAPI_INTER_DOMAIN_MOVE *r)
+{
+ DRSUAPI_UNSUPPORTED(DRSUAPI_INTER_DOMAIN_MOVE);
+}
+
+
+/*
+ drsuapi_DsGetNT4ChangeLog
+*/
+static WERROR dcesrv_drsuapi_DsGetNT4ChangeLog(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsGetNT4ChangeLog *r)
+{
+ DRSUAPI_UNSUPPORTED(drsuapi_DsGetNT4ChangeLog);
+}
+
+/*
+ drsuapi_DsCrackNames
+*/
+static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsCrackNames *r)
+{
+ struct drsuapi_bind_state *b_state;
+ struct dcesrv_handle *h;
+
+ *r->out.level_out = r->in.level;
+
+ DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+ b_state = h->data;
+
+ r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsNameCtr);
+ W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
+
+ switch (r->in.level) {
+ case 1: {
+ switch(r->in.req->req1.format_offered){
+ case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX:
+ case DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT_NAME_SANS_DOMAIN:
+ case DRSUAPI_DS_NAME_FORMAT_STRING_SID_NAME:
+ case DRSUAPI_DS_NAME_FORMAT_ALT_SECURITY_IDENTITIES_NAME:
+ case DRSUAPI_DS_NAME_FORMAT_MAP_SCHEMA_GUID:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_NCS:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_GLOBAL_CATALOG_SERVERS:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_WITH_DCS_IN_SITE:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_FOR_DOMAIN_IN_SITE:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_DOMAINS_IN_SITE:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_SERVERS_IN_SITE:
+ case DRSUAPI_DS_NAME_FORMAT_LIST_SITES:
+ case DRSUAPI_DS_NAME_FORMAT_UPN_AND_ALTSECID:
+ case DRSUAPI_DS_NAME_FORMAT_UPN_FOR_LOGON:
+ DBG_ERR("DsCrackNames: Unsupported operation requested: %X\n",
+ r->in.req->req1.format_offered);
+ return WERR_OK;
+ case DRSUAPI_DS_NAME_FORMAT_LIST_INFO_FOR_SERVER:
+ return dcesrv_drsuapi_ListInfoServer(b_state->sam_ctx, mem_ctx, &r->in.req->req1, &r->out.ctr->ctr1);
+ case DRSUAPI_DS_NAME_FORMAT_LIST_ROLES:
+ return dcesrv_drsuapi_ListRoles(b_state->sam_ctx, mem_ctx,
+ &r->in.req->req1, &r->out.ctr->ctr1);
+ default:/* format_offered is in the enum drsuapi_DsNameFormat*/
+ return dcesrv_drsuapi_CrackNamesByNameFormat(b_state->sam_ctx, mem_ctx,
+ &r->in.req->req1, &r->out.ctr->ctr1);
+ }
+ }
+ }
+ return WERR_INVALID_LEVEL;
+}
+
+
+/*
+ drsuapi_DsRemoveDSServer
+*/
+static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsRemoveDSServer *r)
+{
+ struct drsuapi_bind_state *b_state;
+ struct dcesrv_handle *h;
+ struct ldb_dn *ntds_dn;
+ int ret;
+ bool ok;
+ WERROR status;
+
+ *r->out.level_out = 1;
+
+ status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER, NULL);
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+
+ DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+ b_state = h->data;
+
+ switch (r->in.level) {
+ case 1:
+ ntds_dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, r->in.req->req1.server_dn);
+ W_ERROR_HAVE_NO_MEMORY(ntds_dn);
+
+ ok = ldb_dn_validate(ntds_dn);
+ if (!ok) {
+ return WERR_FOOBAR;
+ }
+
+ /* TODO: it's likely that we need more checks here */
+
+ ok = ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings");
+ if (!ok) {
+ return WERR_FOOBAR;
+ }
+
+ if (r->in.req->req1.commit) {
+ ret = dsdb_delete(b_state->sam_ctx, ntds_dn, DSDB_TREE_DELETE);
+ if (ret != LDB_SUCCESS) {
+ return WERR_FOOBAR;
+ }
+ }
+
+ return WERR_OK;
+ default:
+ break;
+ }
+
+ return WERR_FOOBAR;
+}
+
+
+/*
+ DRSUAPI_REMOVE_DS_DOMAIN
+*/
+static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DRSUAPI_REMOVE_DS_DOMAIN *r)
+{
+ DRSUAPI_UNSUPPORTED(DRSUAPI_REMOVE_DS_DOMAIN);
+}
+
+/* Obtain the site name from a server DN */
+static const char *result_site_name(struct ldb_dn *server_dn)
+{
+ /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+ const struct ldb_val *val = ldb_dn_get_component_val(server_dn, 2);
+ const char *name = ldb_dn_get_component_name(server_dn, 2);
+
+ if (!name || (ldb_attr_cmp(name, "cn") != 0)) {
+ /* Ensure this matches the format. This gives us a
+ * bit more confidence that a 'cn' value will be a
+ * ascii string */
+ return NULL;
+ }
+ if (val) {
+ return (char *)val->data;
+ }
+ return NULL;
+}
+
+/*
+ drsuapi_DsGetDomainControllerInfo
+*/
+static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_state *b_state,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsGetDomainControllerInfo *r)
+{
+ struct ldb_dn *sites_dn;
+ struct ldb_result *res;
+
+ const char *attrs_account_1[] = { "cn", "dnsHostName", NULL };
+ const char *attrs_account_2[] = { "cn", "dnsHostName", "objectGUID", NULL };
+
+ const char *attrs_none[] = { NULL };
+
+ const char *attrs_site[] = { "objectGUID", NULL };
+
+ const char *attrs_ntds[] = { "options", "objectGUID", NULL };
+
+ const char *attrs_1[] = { "serverReference", "cn", "dnsHostName", NULL };
+ const char *attrs_2[] = { "serverReference", "cn", "dnsHostName", "objectGUID", NULL };
+ const char **attrs;
+
+ struct drsuapi_DsGetDCInfoCtr1 *ctr1;
+ struct drsuapi_DsGetDCInfoCtr2 *ctr2;
+ struct drsuapi_DsGetDCInfoCtr3 *ctr3;
+
+ int ret;
+ unsigned int i;
+
+ *r->out.level_out = r->in.req->req1.level;
+ r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsGetDCInfoCtr);
+ W_ERROR_HAVE_NO_MEMORY(r->out.ctr);
+
+ switch (*r->out.level_out) {
+ case -1:
+ /* this level is not like the others */
+ return WERR_INVALID_LEVEL;
+ case 1:
+ attrs = attrs_1;
+ break;
+ case 2:
+ case 3:
+ attrs = attrs_2;
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx);
+ if (!sites_dn) {
+ return WERR_DS_OBJ_NOT_FOUND;
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs,
+ "(&(objectClass=server)(serverReference=*))");
+
+ if (ret) {
+ DBG_WARNING("searching for servers in sites DN %s failed: %s\n",
+ ldb_dn_get_linearized(sites_dn), ldb_errstring(b_state->sam_ctx));
+ return WERR_GEN_FAILURE;
+ }
+
+ switch (*r->out.level_out) {
+ case 1:
+ ctr1 = &r->out.ctr->ctr1;
+ ctr1->count = res->count;
+ ctr1->array = talloc_zero_array(mem_ctx,
+ struct drsuapi_DsGetDCInfo1,
+ res->count);
+ for (i=0; i < res->count; i++) {
+ struct ldb_dn *domain_dn;
+ struct ldb_result *res_domain;
+ struct ldb_result *res_account;
+ struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+
+ struct ldb_dn *ref_dn
+ = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
+ mem_ctx, res->msgs[i],
+ "serverReference");
+
+ if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+ LDB_SCOPE_BASE, attrs_account_1,
+ "(&(objectClass=computer)(userAccountControl:"LDB_OID_COMPARATOR_AND":=%u))",
+ UF_SERVER_TRUST_ACCOUNT);
+ if (ret == LDB_SUCCESS && res_account->count == 1) {
+ const char *errstr;
+ ctr1->array[i].dns_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+ ctr1->array[i].netbios_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+ ctr1->array[i].computer_dn
+ = ldb_dn_get_linearized(res_account->msgs[0]->dn);
+
+ /* Determine if this is the PDC */
+ ret = samdb_search_for_parent_domain(b_state->sam_ctx,
+ mem_ctx, res_account->msgs[0]->dn,
+ &domain_dn, &errstr);
+
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+ LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+ ldb_dn_get_linearized(ntds_dn));
+ if (ret) {
+ return WERR_GEN_FAILURE;
+ }
+ if (res_domain->count == 1) {
+ ctr1->array[i].is_pdc = true;
+ }
+ }
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for computer DN %s failed: %s\n",
+ ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ /* Look at server DN and extract site component */
+ ctr1->array[i].site_name = result_site_name(res->msgs[i]->dn);
+ ctr1->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+
+
+ ctr1->array[i].is_enabled = true;
+
+ }
+ break;
+ case 2:
+ ctr2 = &r->out.ctr->ctr2;
+ ctr2->count = res->count;
+ ctr2->array = talloc_zero_array(mem_ctx,
+ struct drsuapi_DsGetDCInfo2,
+ res->count);
+ for (i=0; i < res->count; i++) {
+ struct ldb_dn *domain_dn;
+ struct ldb_result *res_domain;
+ struct ldb_result *res_account;
+ struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+ struct ldb_result *res_ntds;
+ struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+ struct ldb_result *res_site;
+ struct ldb_dn *ref_dn
+ = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
+ mem_ctx, res->msgs[i],
+ "serverReference");
+
+ if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+ if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
+ LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
+ if (ret == LDB_SUCCESS && res_ntds->count == 1) {
+ ctr2->array[i].is_gc
+ = (ldb_msg_find_attr_as_uint(res_ntds->msgs[0], "options", 0) & DS_NTDSDSA_OPT_IS_GC);
+ ctr2->array[i].ntds_guid
+ = samdb_result_guid(res_ntds->msgs[0], "objectGUID");
+ ctr2->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for NTDS DN %s failed: %s\n",
+ ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
+ LDB_SCOPE_BASE, attrs_site, "objectClass=site");
+ if (ret == LDB_SUCCESS && res_site->count == 1) {
+ ctr2->array[i].site_guid
+ = samdb_result_guid(res_site->msgs[0], "objectGUID");
+ ctr2->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for site DN %s failed: %s\n",
+ ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+ LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
+ if (ret == LDB_SUCCESS && res_account->count == 1) {
+ const char *errstr;
+ ctr2->array[i].dns_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+ ctr2->array[i].netbios_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+ ctr2->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
+ ctr2->array[i].computer_guid
+ = samdb_result_guid(res_account->msgs[0], "objectGUID");
+
+ /* Determine if this is the PDC */
+ ret = samdb_search_for_parent_domain(b_state->sam_ctx,
+ mem_ctx, res_account->msgs[0]->dn,
+ &domain_dn, &errstr);
+
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+ LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+ ldb_dn_get_linearized(ntds_dn));
+ if (ret == LDB_SUCCESS && res_domain->count == 1) {
+ ctr2->array[i].is_pdc = true;
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for domain DN %s failed: %s\n",
+ ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx));
+ }
+ }
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for computer account DN %s failed: %s\n",
+ ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ /* Look at server DN and extract site component */
+ ctr2->array[i].site_name = result_site_name(res->msgs[i]->dn);
+ ctr2->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+ ctr2->array[i].server_guid
+ = samdb_result_guid(res->msgs[i], "objectGUID");
+
+ ctr2->array[i].is_enabled = true;
+
+ }
+ break;
+ case 3:
+ ctr3 = &r->out.ctr->ctr3;
+ ctr3->count = res->count;
+ ctr3->array = talloc_zero_array(mem_ctx,
+ struct drsuapi_DsGetDCInfo3,
+ res->count);
+ for (i=0; i<res->count; i++) {
+ struct ldb_dn *domain_dn;
+ struct ldb_result *res_domain;
+ struct ldb_result *res_account;
+ struct ldb_dn *ntds_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+ struct ldb_result *res_ntds;
+ struct ldb_dn *site_dn = ldb_dn_copy(mem_ctx, res->msgs[i]->dn);
+ struct ldb_result *res_site;
+ bool is_rodc;
+ struct ldb_dn *ref_dn
+ = ldb_msg_find_attr_as_dn(b_state->sam_ctx,
+ mem_ctx, res->msgs[i],
+ "serverReference");
+
+ if (!ntds_dn || !ldb_dn_add_child_fmt(ntds_dn, "CN=NTDS Settings")) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ /* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
+ if (!site_dn || !ldb_dn_remove_child_components(site_dn, 2)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_ntds, ntds_dn,
+ LDB_SCOPE_BASE, attrs_ntds, "objectClass=nTDSDSA");
+ if (ret == LDB_SUCCESS && res_ntds->count == 1) {
+ ctr3->array[i].is_gc
+ = (ldb_msg_find_attr_as_uint(res_ntds->msgs[0], "options", 0) & DS_NTDSDSA_OPT_IS_GC);
+ ctr3->array[i].ntds_guid
+ = samdb_result_guid(res_ntds->msgs[0], "objectGUID");
+ ctr3->array[i].ntds_dn = ldb_dn_get_linearized(res_ntds->msgs[0]->dn);
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for NTDS DN %s failed: %s\n",
+ ldb_dn_get_linearized(ntds_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_site, site_dn,
+ LDB_SCOPE_BASE, attrs_site, "objectClass=site");
+ if (ret == LDB_SUCCESS && res_site->count == 1) {
+ ctr3->array[i].site_guid
+ = samdb_result_guid(res_site->msgs[0], "objectGUID");
+ ctr3->array[i].site_dn = ldb_dn_get_linearized(res_site->msgs[0]->dn);
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for site DN %s failed: %s\n",
+ ldb_dn_get_linearized(site_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_account, ref_dn,
+ LDB_SCOPE_BASE, attrs_account_2, "objectClass=computer");
+ if (ret == LDB_SUCCESS && res_account->count == 1) {
+ const char *errstr;
+ ctr3->array[i].dns_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "dNSHostName", NULL);
+ ctr3->array[i].netbios_name
+ = ldb_msg_find_attr_as_string(res_account->msgs[0], "cn", NULL);
+ ctr3->array[i].computer_dn = ldb_dn_get_linearized(res_account->msgs[0]->dn);
+ ctr3->array[i].computer_guid
+ = samdb_result_guid(res_account->msgs[0], "objectGUID");
+
+ /* Determine if this is the PDC */
+ ret = samdb_search_for_parent_domain(b_state->sam_ctx,
+ mem_ctx, res_account->msgs[0]->dn,
+ &domain_dn, &errstr);
+
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res_domain, domain_dn,
+ LDB_SCOPE_BASE, attrs_none, "fSMORoleOwner=%s",
+ ldb_dn_get_linearized(ntds_dn));
+ if (ret == LDB_SUCCESS && res_domain->count == 1) {
+ ctr3->array[i].is_pdc = true;
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for domain DN %s failed: %s\n",
+ ldb_dn_get_linearized(domain_dn), ldb_errstring(b_state->sam_ctx));
+ }
+ }
+ }
+ if ((ret != LDB_SUCCESS) && (ret != LDB_ERR_NO_SUCH_OBJECT)) {
+ DBG_INFO("warning: searching for computer account DN %s failed: %s\n",
+ ldb_dn_get_linearized(ref_dn), ldb_errstring(b_state->sam_ctx));
+ }
+
+ /* Look at server DN and extract site component */
+ ctr3->array[i].site_name = result_site_name(res->msgs[i]->dn);
+ ctr3->array[i].server_dn = ldb_dn_get_linearized(res->msgs[i]->dn);
+ ctr3->array[i].server_guid
+ = samdb_result_guid(res->msgs[i], "objectGUID");
+
+ ctr3->array[i].is_enabled = true;
+
+ /* rodc? */
+ ret = samdb_is_rodc(b_state->sam_ctx, &ctr3->array[i].server_guid, &is_rodc);
+ if (ret == LDB_SUCCESS && is_rodc) {
+ ctr3->array[i].is_rodc = true;
+ }
+ }
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+ return WERR_OK;
+}
+
+/*
+ drsuapi_DsGetDomainControllerInfo
+*/
+static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsGetDomainControllerInfo *r)
+{
+ struct dcesrv_handle *h;
+ struct drsuapi_bind_state *b_state;
+ DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+ b_state = h->data;
+
+ switch (r->in.level) {
+ case 1:
+ return dcesrv_drsuapi_DsGetDomainControllerInfo_1(b_state, mem_ctx, r);
+ }
+
+ return WERR_INVALID_LEVEL;
+}
+
+
+
+/*
+ drsuapi_DsExecuteKCC
+*/
+static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsExecuteKCC *r)
+{
+ WERROR status;
+ uint32_t timeout;
+ status = drs_security_level_check(dce_call, "DsExecuteKCC", SECURITY_DOMAIN_CONTROLLER, NULL);
+
+ if (!W_ERROR_IS_OK(status)) {
+ return status;
+ }
+ if (r->in.req->ctr1.taskID != 0) {
+ return WERR_INVALID_PARAMETER;
+ }
+ if (r->in.req->ctr1.flags & DRSUAPI_DS_EXECUTE_KCC_ASYNCHRONOUS_OPERATION) {
+ timeout = IRPC_CALL_TIMEOUT;
+ } else {
+ /*
+ * use Infinite time for timeout in case
+ * the caller made a sync call
+ */
+ timeout = IRPC_CALL_TIMEOUT_INF;
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSEXECUTEKCC,
+ &ndr_table_drsuapi, "kccsrv", "DsExecuteKCC",
+ timeout);
+ DBG_DEBUG("Forwarded the call to execute the KCC\n");
+ return WERR_OK;
+}
+
+
+/*
+ drsuapi_DsReplicaGetInfo
+*/
+static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaGetInfo *r)
+{
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
+ enum security_user_level level;
+
+ if (!lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
+ "drs", "disable_sec_check", false)) {
+ level = security_session_user_level(session_info, NULL);
+ if (level < SECURITY_DOMAIN_CONTROLLER) {
+ DBG_WARNING(__location__ ": Administrator access required for DsReplicaGetInfo\n");
+ security_token_debug(DBGC_DRS_REPL, 2,
+ session_info->security_token);
+ return WERR_DS_DRA_ACCESS_DENIED;
+ }
+ }
+
+ dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO,
+ &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo",
+ IRPC_CALL_TIMEOUT);
+
+ return WERR_OK;
+}
+
+
+/*
+ DRSUAPI_ADD_SID_HISTORY
+*/
+static WERROR dcesrv_DRSUAPI_ADD_SID_HISTORY(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DRSUAPI_ADD_SID_HISTORY *r)
+{
+ DRSUAPI_UNSUPPORTED(DRSUAPI_ADD_SID_HISTORY);
+}
+
+/*
+ drsuapi_DsGetMemberships2
+*/
+static WERROR dcesrv_drsuapi_DsGetMemberships2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsGetMemberships2 *r)
+{
+ DRSUAPI_UNSUPPORTED(drsuapi_DsGetMemberships2);
+}
+
+/*
+ DRSUAPI_REPLICA_VERIFY_OBJECTS
+*/
+static WERROR dcesrv_DRSUAPI_REPLICA_VERIFY_OBJECTS(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DRSUAPI_REPLICA_VERIFY_OBJECTS *r)
+{
+ DRSUAPI_UNSUPPORTED(DRSUAPI_REPLICA_VERIFY_OBJECTS);
+}
+
+
+/*
+ DRSUAPI_GET_OBJECT_EXISTENCE
+*/
+static WERROR dcesrv_DRSUAPI_GET_OBJECT_EXISTENCE(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct DRSUAPI_GET_OBJECT_EXISTENCE *r)
+{
+ DRSUAPI_UNSUPPORTED(DRSUAPI_GET_OBJECT_EXISTENCE);
+}
+
+
+/*
+ drsuapi_QuerySitesByCost
+*/
+static WERROR dcesrv_drsuapi_QuerySitesByCost(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_QuerySitesByCost *r)
+{
+ DRSUAPI_UNSUPPORTED(drsuapi_QuerySitesByCost);
+}
+
+
+/* include the generated boilerplate */
+#include "librpc/gen_ndr/ndr_drsuapi_s.c"
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-17 10:33:53 +0000