2 Unix SMB/CIFS implementation.
4 Winbind daemon - miscellaneous other functions
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_WINBIND
29 extern pstring global_myname
;
31 /************************************************************************
32 Routine to get the trust account password for a domain
33 ************************************************************************/
34 static BOOL
_get_trust_account_password(char *domain
, unsigned char *ret_pwd
,
35 time_t *pass_last_set_time
)
37 if (!secrets_fetch_trust_account_password(domain
, ret_pwd
, pass_last_set_time
)) {
44 /* Check the machine account password is valid */
46 enum winbindd_result
winbindd_check_machine_acct(struct winbindd_cli_state
*state
)
48 NTSTATUS result
= NT_STATUS_UNSUCCESSFUL
;
49 uchar trust_passwd
[16];
51 struct cli_state
*cli
;
52 DEBUG(3, ("[%5d]: check machine account\n", state
->pid
));
54 /* Get trust account password */
57 if (!_get_trust_account_password(lp_workgroup(), trust_passwd
,
59 result
= NT_STATUS_INTERNAL_ERROR
;
63 /* This call does a cli_nt_setup_creds() which implicitly checks
64 the trust account password. */
66 /* Don't shut this down - it belongs to the connection cache code */
67 result
= cm_get_netlogon_cli(lp_workgroup(), trust_passwd
, &cli
);
69 if (!NT_STATUS_IS_OK(result
)) {
70 DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
74 /* There is a race condition between fetching the trust account
75 password and the periodic machine password change. So it's
76 possible that the trust account password has been changed on us.
77 We are returned NT_STATUS_ACCESS_DENIED if this happens. */
81 if ((num_retries
< MAX_RETRIES
) &&
82 NT_STATUS_V(result
) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED
)) {
87 /* Pass back result code - zero for success, other values for
90 DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result
) ?
94 state
->response
.data
.auth
.nt_status
= NT_STATUS_V(result
);
95 fstrcpy(state
->response
.data
.auth
.nt_status_string
, nt_errstr(result
));
96 fstrcpy(state
->response
.data
.auth
.error_string
, nt_errstr(result
));
97 state
->response
.data
.auth
.pam_error
= nt_status_to_pam(result
);
99 DEBUG(NT_STATUS_IS_OK(result
) ? 5 : 2, ("Checking the trust account password returned %s\n",
100 state
->response
.data
.auth
.nt_status_string
));
102 return NT_STATUS_IS_OK(result
) ? WINBINDD_OK
: WINBINDD_ERROR
;
105 enum winbindd_result
winbindd_list_trusted_domains(struct winbindd_cli_state
108 struct winbindd_domain
*domain
;
109 int total_entries
= 0, extra_data_len
= 0;
110 char *ted
, *extra_data
= NULL
;
112 DEBUG(3, ("[%5d]: list trusted domains\n", state
->pid
));
114 /* We need to refresh the trusted domain list as the domains may
115 have changed since we last looked. There may be a sequence
116 number or something we should use but I haven't found it yet. */
120 for(domain
= domain_list(); domain
; domain
= domain
->next
) {
122 /* Skip own domain */
124 if (strequal(domain
->name
, lp_workgroup())) continue;
126 /* Add domain to list */
129 ted
= Realloc(extra_data
, sizeof(fstring
) *
133 DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
134 SAFE_FREE(extra_data
);
135 return WINBINDD_ERROR
;
139 memcpy(&extra_data
[extra_data_len
], domain
->name
,
140 strlen(domain
->name
));
142 extra_data_len
+= strlen(domain
->name
);
143 extra_data
[extra_data_len
++] = ',';
147 if (extra_data_len
> 1)
148 extra_data
[extra_data_len
- 1] = '\0';
149 state
->response
.extra_data
= extra_data
;
150 state
->response
.length
+= extra_data_len
;
157 enum winbindd_result
winbindd_show_sequence(struct winbindd_cli_state
*state
)
159 struct winbindd_domain
*domain
;
160 char *extra_data
= NULL
;
162 DEBUG(3, ("[%5d]: show sequence\n", state
->pid
));
164 extra_data
= strdup("");
166 /* this makes for a very simple data format, and is easily parsable as well
167 if that is ever needed */
168 for (domain
= domain_list(); domain
; domain
= domain
->next
) {
171 domain
->methods
->sequence_number(domain
, &domain
->sequence_number
);
173 if (DOM_SEQUENCE_NONE
== (unsigned)domain
->sequence_number
) {
174 asprintf(&s
,"%s%s : DISCONNECTED\n", extra_data
,
177 asprintf(&s
,"%s%s : %u\n", extra_data
,
178 domain
->name
, (unsigned)domain
->sequence_number
);
184 state
->response
.extra_data
= extra_data
;
185 state
->response
.length
+= strlen(extra_data
);
190 enum winbindd_result
winbindd_ping(struct winbindd_cli_state
193 DEBUG(3, ("[%5d]: ping\n", state
->pid
));
198 /* List various tidbits of information */
200 enum winbindd_result
winbindd_info(struct winbindd_cli_state
*state
)
203 DEBUG(3, ("[%5d]: request misc info\n", state
->pid
));
205 state
->response
.data
.info
.winbind_separator
= *lp_winbind_separator();
206 fstrcpy(state
->response
.data
.info
.samba_version
, VERSION
);
211 /* Tell the client the current interface version */
213 enum winbindd_result
winbindd_interface_version(struct winbindd_cli_state
*state
)
216 DEBUG(3, ("[%5d]: request interface version\n", state
->pid
));
218 state
->response
.data
.interface_version
= WINBIND_INTERFACE_VERSION
;
223 /* What domain are we a member of? */
225 enum winbindd_result
winbindd_domain_name(struct winbindd_cli_state
*state
)
228 DEBUG(3, ("[%5d]: request domain name\n", state
->pid
));
230 fstrcpy(state
->response
.data
.domain_name
, lp_workgroup());