[PATCH v2 4/6] s3-rpc: add server support for mgmt_inq_princ_name

[David Disseldorp]

Return the servers service principle name, as defined in MS-RPCE
2.2.1.3.4. This method is called by the diskshadow.exe FSRVP client.

The service principle name is only returned when the server is an AD
member. An empty string is returned for DCERPC_AUTH_TYPE_NTLMSSP
requests. This behaviour matches Windows 8 and server 2012.

Signed-off-by: David Disseldorp <ddiss at samba.org>
---
 source3/rpc_server/mgmt/srv_mgmt_nt.c | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/source3/rpc_server/mgmt/srv_mgmt_nt.c b/source3/rpc_server/mgmt/srv_mgmt_nt.c
index c0a4122..5ae07d4 100644
--- a/source3/rpc_server/mgmt/srv_mgmt_nt.c
+++ b/source3/rpc_server/mgmt/srv_mgmt_nt.c
@@ -65,6 +65,33 @@ WERROR _mgmt_stop_server_listening(struct pipes_struct *p,
 WERROR _mgmt_inq_princ_name(struct pipes_struct *p,
 			    struct mgmt_inq_princ_name *r)
 {
-	p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
-	return WERR_NOT_SUPPORTED;
+	char *princ_name = discard_const_p(char, r->out.princ_name);
+	/*
+	 * Windows responds to WINNT with an empty string, and only handles
+	 * GSS_NEG and GSS_KERBEROS as an AD member.
+	 */
+
+	if (r->in.authn_proto == DCERPC_AUTH_TYPE_NTLMSSP) {
+		if (r->in.princ_name_size < 1) {
+			return WERR_INSUFFICIENT_BUFFER;
+		}
+		princ_name = '\0';
+	} else if ((lp_security() == SEC_ADS)
+			&& ((r->in.authn_proto == DCERPC_AUTH_TYPE_SPNEGO)
+			   || (r->in.authn_proto == DCERPC_AUTH_TYPE_KRB5))) {
+		int ret;
+		ret = snprintf(princ_name, r->in.princ_name_size, "%s$@%s",
+			       lp_netbios_name(), lp_realm());
+		if ((ret < 0) || (ret >= r->in.princ_name_size)) {
+			return WERR_INSUFFICIENT_BUFFER;
+		}
+	} else {
+		DEBUG(0, ("unsupported authn_proto %u\n",
+			  (unsigned)r->in.authn_proto));
+		return WERR_RPC_S_UNKNOWN_AUTHN_SERVICE;
+	}
+
+	DEBUG(6, ("returning principle name: %s\n", princ_name));
+
+	return WERR_OK;
 }
-- 
1.8.1.4