search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()
[Samba.git] / source3 / winbindd / winbindd_misc.c
blob964190e7c62fdb41877f843a6cf230d10bac165d
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind daemon - miscellaneous other functions
5
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Bartlett 2002
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "winbindd.h"
25 #include "libcli/security/dom_sid.h"
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_WINBIND
29
30 static char *get_trust_type_string(TALLOC_CTX *mem_ctx,
31 struct winbindd_tdc_domain *tdc,
32 struct winbindd_domain *domain)
33 {
34 enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL;
35 char *s = NULL;
36
37 if (domain != NULL) {
38 secure_channel_type = domain->secure_channel_type;
39 }
40
41 switch (secure_channel_type) {
42 case SEC_CHAN_NULL: {
43 if (domain == NULL) {
44 DBG_ERR("Missing domain [%s]\n",
45 tdc->domain_name);
46 return NULL;
47 }
48 if (domain->routing_domain == NULL) {
49 DBG_ERR("Missing routing for domain [%s]\n",
50 tdc->domain_name);
51 return NULL;
52 }
53 s = talloc_asprintf(mem_ctx, "Routed (via %s)",
54 domain->routing_domain->name);
55 if (s == NULL) {
56 return NULL;
57 }
58 break;
59 }
60
61 case SEC_CHAN_LOCAL:
62 s = talloc_strdup(mem_ctx, "Local");
63 if (s == NULL) {
64 return NULL;
65 }
66 break;
67
68 case SEC_CHAN_WKSTA:
69 s = talloc_strdup(mem_ctx, "Workstation");
70 if (s == NULL) {
71 return NULL;
72 }
73 break;
74
75 case SEC_CHAN_BDC: {
76 int role = lp_server_role();
77
78 if (role == ROLE_DOMAIN_PDC) {
79 s = talloc_strdup(mem_ctx, "PDC");
80 if (s == NULL) {
81 return NULL;
82 }
83 break;
84 }
85
86 if (role == ROLE_DOMAIN_BDC) {
87 s = talloc_strdup(mem_ctx, "BDC");
88 if (s == NULL) {
89 return NULL;
90 }
91 break;
92 }
93
94 s = talloc_strdup(mem_ctx, "RWDC");
95 if (s == NULL) {
96 return NULL;
97 }
98 break;
99 }
100
101 case SEC_CHAN_RODC:
102 s = talloc_strdup(mem_ctx, "RODC");
103 if (s == NULL) {
104 return NULL;
105 }
106 break;
107
108 case SEC_CHAN_DNS_DOMAIN:
109 if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) {
110 s = talloc_strdup(mem_ctx, "External");
111 if (s == NULL) {
112 return NULL;
113 }
114 break;
115 }
116 if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
117 s = talloc_strdup(mem_ctx, "In Forest");
118 if (s == NULL) {
119 return NULL;
120 }
121 break;
122 }
123 if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) {
124 s = talloc_strdup(mem_ctx, "External");
125 if (s == NULL) {
126 return NULL;
127 }
128 break;
129 }
130 if (tdc->trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
131 s = talloc_strdup(mem_ctx, "Forest");
132 if (s == NULL) {
133 return NULL;
134 }
135 break;
136 }
137 s = talloc_strdup(mem_ctx, "External");
138 if (s == NULL) {
139 return NULL;
140 }
141 break;
142
143 case SEC_CHAN_DOMAIN:
144 s = talloc_strdup(mem_ctx, "External");
145 if (s == NULL) {
146 return NULL;
147 }
148 break;
149
150 default:
151 DBG_ERR("Unhandled secure_channel_type %d for domain[%s]\n",
152 secure_channel_type, tdc->domain_name);
153 return NULL;
154 }
155
156 return s;
157 }
158
159 static bool trust_is_inbound(struct winbindd_tdc_domain *domain)
160 {
161 if (domain->trust_flags & NETR_TRUST_FLAG_INBOUND) {
162 return true;
163 }
164 return false;
165 }
166
167 static bool trust_is_outbound(struct winbindd_tdc_domain *domain)
168 {
169 if (domain->trust_flags & NETR_TRUST_FLAG_OUTBOUND) {
170 return true;
171 }
172 return false;
173 }
174
175 static bool trust_is_transitive(struct winbindd_tdc_domain *domain)
176 {
177 bool transitive = false;
178
179 /*
180 * Beware: order matters
181 */
182
183 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
184 transitive = true;
185 }
186
187 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
188 transitive = true;
189 }
190
191 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) {
192 transitive = false;
193 }
194
195 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) {
196 transitive = false;
197 }
198
199 if (domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) {
200 transitive = true;
201 }
202
203 return transitive;
204 }
205
206 void winbindd_list_trusted_domains(struct winbindd_cli_state *state)
207 {
208 struct winbindd_tdc_domain *dom_list = NULL;
209 size_t num_domains = 0;
210 int extra_data_len = 0;
211 char *extra_data = NULL;
212 int i = 0;
213
214 DEBUG(3, ("[%5lu]: list trusted domains\n",
215 (unsigned long)state->pid));
216
217 if( !wcache_tdc_fetch_list( &dom_list, &num_domains )) {
218 request_error(state);
219 goto done;
220 }
221
222 extra_data = talloc_strdup(state->mem_ctx, "");
223 if (extra_data == NULL) {
224 request_error(state);
225 goto done;
226 }
227
228 for ( i = 0; i < num_domains; i++ ) {
229 struct winbindd_domain *domain;
230 bool is_online = true;
231 struct winbindd_tdc_domain *d = NULL;
232 char *trust_type = NULL;
233
234 d = &dom_list[i];
235 domain = find_domain_from_name_noinit(d->domain_name);
236 if (domain) {
237 is_online = domain->online;
238 }
239
240 trust_type = get_trust_type_string(talloc_tos(), d, domain);
241 if (trust_type == NULL) {
242 continue;
243 }
244
245 extra_data = talloc_asprintf_append_buffer(
246 extra_data,
247 "%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s\n",
248 d->domain_name,
249 d->dns_name ? d->dns_name : "",
250 sid_string_talloc(state->mem_ctx, &d->sid),
251 trust_type,
252 trust_is_transitive(d) ? "Yes" : "No",
253 trust_is_inbound(d) ? "Yes" : "No",
254 trust_is_outbound(d) ? "Yes" : "No",
255 is_online ? "Online" : "Offline" );
256
257 TALLOC_FREE(trust_type);
258 }
259
260 state->response->data.num_entries = num_domains;
261
262 extra_data_len = strlen(extra_data);
263 if (extra_data_len > 0) {
264
265 /* Strip the last \n */
266 extra_data[extra_data_len-1] = '\0';
267
268 state->response->extra_data.data = extra_data;
269 state->response->length += extra_data_len;
270 }
271
272 request_ok(state);
273 done:
274 TALLOC_FREE( dom_list );
275 }
276
277 enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
278 struct winbindd_cli_state *state)
279 {
280 int i;
281 int extra_data_len = 0;
282 char *extra_data;
283 NTSTATUS result;
284 bool have_own_domain = False;
285 struct netr_DomainTrustList trusts;
286
287 DEBUG(3, ("[%5lu]: list trusted domains\n",
288 (unsigned long)state->pid));
289
290 result = wb_cache_trusted_domains(domain, state->mem_ctx, &trusts);
291
292 if (!NT_STATUS_IS_OK(result)) {
293 DEBUG(3, ("winbindd_dual_list_trusted_domains: trusted_domains returned %s\n",
294 nt_errstr(result) ));
295 return WINBINDD_ERROR;
296 }
297
298 extra_data = talloc_strdup(state->mem_ctx, "");
299
300 for (i=0; i<trusts.count; i++) {
301
302 if (trusts.array[i].sid == NULL) {
303 continue;
304 }
305 if (dom_sid_equal(trusts.array[i].sid, &global_sid_NULL)) {
306 continue;
307 }
308
309 extra_data = talloc_asprintf_append_buffer(
310 extra_data, "%s\\%s\\%s\\%u\\%u\\%u\n",
311 trusts.array[i].netbios_name, trusts.array[i].dns_name,
312 sid_string_talloc(state->mem_ctx, trusts.array[i].sid),
313 trusts.array[i].trust_flags,
314 (uint32_t)trusts.array[i].trust_type,
315 trusts.array[i].trust_attributes);
316 }
317
318 /* add our primary domain */
319
320 for (i=0; i<trusts.count; i++) {
321 if (strequal(trusts.array[i].netbios_name, domain->name)) {
322 have_own_domain = True;
323 break;
324 }
325 }
326
327 if (state->request->data.list_all_domains && !have_own_domain) {
328 extra_data = talloc_asprintf_append_buffer(
329 extra_data, "%s\\%s\\%s\n", domain->name,
330 domain->alt_name != NULL ?
331 domain->alt_name :
332 domain->name,
333 sid_string_talloc(state->mem_ctx, &domain->sid));
334 }
335
336 extra_data_len = strlen(extra_data);
337 if (extra_data_len > 0) {
338
339 /* Strip the last \n */
340 extra_data[extra_data_len-1] = '\0';
341
342 state->response->extra_data.data = extra_data;
343 state->response->length += extra_data_len;
344 }
345
346 return WINBINDD_OK;
347 }
348
349 struct domain_info_state {
350 struct winbindd_domain *domain;
351 struct winbindd_cli_state *cli;
352 struct winbindd_request ping_request;
353 };
354
355 static void domain_info_done(struct tevent_req *req);
356
357 void winbindd_domain_info(struct winbindd_cli_state *cli)
358 {
359 struct domain_info_state *state;
360 struct winbindd_domain *domain;
361 struct tevent_req *req;
362
363 DEBUG(3, ("[%5lu]: domain_info [%s]\n", (unsigned long)cli->pid,
364 cli->request->domain_name));
365
366 domain = find_domain_from_name_noinit(cli->request->domain_name);
367
368 if (domain == NULL) {
369 DEBUG(3, ("Did not find domain [%s]\n",
370 cli->request->domain_name));
371 request_error(cli);
372 return;
373 }
374
375 if (domain->initialized) {
376 fstrcpy(cli->response->data.domain_info.name,
377 domain->name);
378 fstrcpy(cli->response->data.domain_info.alt_name,
379 domain->alt_name);
380 sid_to_fstring(cli->response->data.domain_info.sid,
381 &domain->sid);
382 cli->response->data.domain_info.native_mode =
383 domain->native_mode;
384 cli->response->data.domain_info.active_directory =
385 domain->active_directory;
386 cli->response->data.domain_info.primary =
387 domain->primary;
388 request_ok(cli);
389 return;
390 }
391
392 state = talloc_zero(cli->mem_ctx, struct domain_info_state);
393 if (state == NULL) {
394 DEBUG(0, ("talloc failed\n"));
395 request_error(cli);
396 return;
397 }
398
399 state->cli = cli;
400 state->domain = domain;
401 state->ping_request.cmd = WINBINDD_PING;
402
403 /*
404 * Send a ping down. This implicitly initializes the domain.
405 */
406
407 req = wb_domain_request_send(state, server_event_context(),
408 domain, &state->ping_request);
409 if (req == NULL) {
410 DEBUG(3, ("wb_domain_request_send failed\n"));
411 request_error(cli);
412 return;
413 }
414 tevent_req_set_callback(req, domain_info_done, state);
415 }
416
417 static void domain_info_done(struct tevent_req *req)
418 {
419 struct domain_info_state *state = tevent_req_callback_data(
420 req, struct domain_info_state);
421 struct winbindd_response *response;
422 int ret, err;
423
424 ret = wb_domain_request_recv(req, req, &response, &err);
425 TALLOC_FREE(req);
426 if (ret == -1) {
427 DEBUG(10, ("wb_domain_request failed: %s\n", strerror(errno)));
428 request_error(state->cli);
429 return;
430 }
431 if (!state->domain->initialized) {
432 DEBUG(5, ("wb_domain_request did not initialize domain %s\n",
433 state->domain->name));
434 request_error(state->cli);
435 return;
436 }
437
438 fstrcpy(state->cli->response->data.domain_info.name,
439 state->domain->name);
440 fstrcpy(state->cli->response->data.domain_info.alt_name,
441 state->domain->alt_name);
442 sid_to_fstring(state->cli->response->data.domain_info.sid,
443 &state->domain->sid);
444
445 state->cli->response->data.domain_info.native_mode =
446 state->domain->native_mode;
447 state->cli->response->data.domain_info.active_directory =
448 state->domain->active_directory;
449 state->cli->response->data.domain_info.primary =
450 state->domain->primary;
451
452 request_ok(state->cli);
453 }
454
455 void winbindd_dc_info(struct winbindd_cli_state *cli)
456 {
457 struct winbindd_domain *domain;
458 char *dc_name, *dc_ip;
459
460 cli->request->domain_name[sizeof(cli->request->domain_name)-1] = '\0';
461
462 DEBUG(3, ("[%5lu]: domain_info [%s]\n", (unsigned long)cli->pid,
463 cli->request->domain_name));
464
465 if (cli->request->domain_name[0] != '\0') {
466 domain = find_trust_from_name_noinit(
467 cli->request->domain_name);
468 if (domain == NULL) {
469 DEBUG(10, ("Could not find domain %s\n",
470 cli->request->domain_name));
471 request_error(cli);
472 return;
473 }
474 } else {
475 domain = find_our_domain();
476 }
477
478 if (!fetch_current_dc_from_gencache(
479 talloc_tos(), domain->name, &dc_name, &dc_ip)) {
480 DEBUG(10, ("fetch_current_dc_from_gencache(%s) failed\n",
481 domain->name));
482 request_error(cli);
483 return;
484 }
485
486 cli->response->data.num_entries = 1;
487 cli->response->extra_data.data = talloc_asprintf(
488 cli->mem_ctx, "%s\n%s\n", dc_name, dc_ip);
489
490 TALLOC_FREE(dc_name);
491 TALLOC_FREE(dc_ip);
492
493 if (cli->response->extra_data.data == NULL) {
494 request_error(cli);
495 return;
496 }
497
498 /* must add one to length to copy the 0 for string termination */
499 cli->response->length +=
500 strlen((char *)cli->response->extra_data.data) + 1;
501
502 request_ok(cli);
503 }
504
505 /* List various tidbits of information */
506
507 void winbindd_info(struct winbindd_cli_state *state)
508 {
509
510 DEBUG(3, ("[%5lu]: request misc info\n", (unsigned long)state->pid));
511
512 state->response->data.info.winbind_separator = *lp_winbind_separator();
513 fstrcpy(state->response->data.info.samba_version, samba_version_string());
514 request_ok(state);
515 }
516
517 /* Tell the client the current interface version */
518
519 void winbindd_interface_version(struct winbindd_cli_state *state)
520 {
521 DEBUG(3, ("[%5lu]: request interface version (version = %d)\n",
522 (unsigned long)state->pid, WINBIND_INTERFACE_VERSION));
523
524 state->response->data.interface_version = WINBIND_INTERFACE_VERSION;
525 request_ok(state);
526 }
527
528 /* What domain are we a member of? */
529
530 void winbindd_domain_name(struct winbindd_cli_state *state)
531 {
532 DEBUG(3, ("[%5lu]: request domain name\n", (unsigned long)state->pid));
533
534 fstrcpy(state->response->data.domain_name, lp_workgroup());
535 request_ok(state);
536 }
537
538 /* What's my name again? */
539
540 void winbindd_netbios_name(struct winbindd_cli_state *state)
541 {
542 DEBUG(3, ("[%5lu]: request netbios name\n",
543 (unsigned long)state->pid));
544
545 fstrcpy(state->response->data.netbios_name, lp_netbios_name());
546 request_ok(state);
547 }
548
549 /* Where can I find the privileged pipe? */
550
551 void winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
552 {
553 char *priv_dir;
554 DEBUG(3, ("[%5lu]: request location of privileged pipe\n",
555 (unsigned long)state->pid));
556
557 priv_dir = get_winbind_priv_pipe_dir();
558 state->response->extra_data.data = talloc_move(state->mem_ctx,
559 &priv_dir);
560
561 /* must add one to length to copy the 0 for string termination */
562 state->response->length +=
563 strlen((char *)state->response->extra_data.data) + 1;
564
565 request_ok(state);
566 }
567
Samba GIT mirror