search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
[Samba.git] / source3 / winbindd / idmap_adex / likewise_cell.c
blob0e544e90f76374c7585685a0e8c7bb4d9b9aa4f7
1 /*
2 * idmap_adex: Support for AD Forests
3 *
4 * Copyright (C) Gerald (Jerry) Carter 2006-2008
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22 #include "ads.h"
23 #include "idmap.h"
24 #include "idmap_adex.h"
25 #include "secrets.h"
26 #include "../libcli/security/dom_sid.h"
27
28 #undef DBGC_CLASS
29 #define DBGC_CLASS DBGC_IDMAP
30
31 static struct likewise_cell *_lw_cell_list = NULL;
32
33 /**********************************************************************
34 Return the current HEAD of the list
35 *********************************************************************/
36
37 struct likewise_cell *cell_list_head(void)
38 {
39 return _lw_cell_list;
40 }
41
42
43 /**********************************************************************
44 *********************************************************************/
45
46 void cell_destroy(struct likewise_cell *c)
47 {
48 if (!c)
49 return;
50
51 if (c->conn)
52 ads_destroy(&c->conn);
53
54 talloc_destroy(c);
55 }
56
57 /**********************************************************************
58 Free all cell entries and reset the list head to NULL
59 *********************************************************************/
60
61 void cell_list_destroy(void)
62 {
63 struct likewise_cell *p = _lw_cell_list;
64
65 while (p) {
66 struct likewise_cell *q = p->next;
67
68 cell_destroy(p);
69
70 p = q;
71 }
72
73 _lw_cell_list = NULL;
74
75 return;
76 }
77
78 /**********************************************************************
79 Add a new cell structure to the list
80 *********************************************************************/
81
82 struct likewise_cell* cell_new(void)
83 {
84 struct likewise_cell *c;
85
86 /* Each cell struct is a TALLOC_CTX* */
87
88 c = talloc_zero(NULL, struct likewise_cell);
89 if (!c) {
90 DEBUG(0,("cell_new: memory allocation failure!\n"));
91 return NULL;
92 }
93
94 return c;
95 }
96
97 /**********************************************************************
98 Add a new cell structure to the list
99 *********************************************************************/
100
101 bool cell_list_add(struct likewise_cell * cell)
102 {
103 if (!cell) {
104 return false;
105 }
106
107 /* Always add to the end */
108
109 DLIST_ADD_END(_lw_cell_list, cell, struct likewise_cell *);
110
111 return true;
112 }
113
114 /**********************************************************************
115 Add a new cell structure to the list
116 *********************************************************************/
117
118 bool cell_list_remove(struct likewise_cell * cell)
119 {
120 if (!cell) {
121 return false;
122 }
123
124 /* Remove and drop the cell structure */
125
126 DLIST_REMOVE(_lw_cell_list, cell);
127 talloc_destroy(cell);
128
129 return true;
130 }
131
132 /**********************************************************************
133 Set the containing DNS domain for a cell
134 *********************************************************************/
135
136 void cell_set_dns_domain(struct likewise_cell *c, const char *dns_domain)
137 {
138 c->dns_domain = talloc_strdup(c, dns_domain);
139 }
140
141 /**********************************************************************
142 Set ADS connection for a cell
143 *********************************************************************/
144
145 void cell_set_connection(struct likewise_cell *c, ADS_STRUCT *ads)
146 {
147 c->conn = ads;
148 }
149
150 /**********************************************************************
151 *********************************************************************/
152
153 void cell_set_flags(struct likewise_cell *c, uint32_t flags)
154 {
155 c->flags |= flags;
156 }
157
158 /**********************************************************************
159 *********************************************************************/
160
161 void cell_clear_flags(struct likewise_cell *c, uint32_t flags)
162 {
163 c->flags &= ~flags;
164 }
165
166 /**********************************************************************
167 Set the Cell's DN
168 *********************************************************************/
169
170 void cell_set_dn(struct likewise_cell *c, const char *dn)
171 {
172 if ( c->dn) {
173 talloc_free(c->dn);
174 c->dn = NULL;
175 }
176
177 c->dn = talloc_strdup(c, dn);
178 }
179
180 /**********************************************************************
181 *********************************************************************/
182
183 void cell_set_domain_sid(struct likewise_cell *c, struct dom_sid *sid)
184 {
185 sid_copy(&c->domain_sid, sid);
186 }
187
188 /*
189 * Query Routines
190 */
191
192 /**********************************************************************
193 *********************************************************************/
194
195 const char* cell_search_base(struct likewise_cell *c)
196 {
197 if (!c)
198 return NULL;
199
200 return talloc_asprintf(c, "cn=%s,%s", ADEX_CELL_RDN, c->dn);
201 }
202
203 /**********************************************************************
204 *********************************************************************/
205
206 bool cell_search_forest(struct likewise_cell *c)
207 {
208 uint32_t test_flags = LWCELL_FLAG_SEARCH_FOREST;
209
210 return ((c->flags & test_flags) == test_flags);
211 }
212
213 /**********************************************************************
214 *********************************************************************/
215
216 uint32_t cell_flags(struct likewise_cell *c)
217 {
218 if (!c)
219 return 0;
220
221 return c->flags;
222 }
223
224 /**********************************************************************
225 *********************************************************************/
226
227 const char *cell_dns_domain(struct likewise_cell *c)
228 {
229 if (!c)
230 return NULL;
231
232 return c->dns_domain;
233 }
234
235 /**********************************************************************
236 *********************************************************************/
237
238 ADS_STRUCT *cell_connection(struct likewise_cell *c)
239 {
240 if (!c)
241 return NULL;
242
243 return c->conn;
244 }
245
246 /*
247 * Connection functions
248 */
249
250 /********************************************************************
251 *******************************************************************/
252
253 NTSTATUS cell_connect(struct likewise_cell *c)
254 {
255 ADS_STRUCT *ads = NULL;
256 ADS_STATUS ads_status;
257 fstring dc_name;
258 struct sockaddr_storage dcip;
259 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
260
261 /* have to at least have the AD domain name */
262
263 if (!c->dns_domain) {
264 nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
265 BAIL_ON_NTSTATUS_ERROR(nt_status);
266 }
267
268 /* clear out any old information */
269
270 if (c->conn) {
271 ads_destroy(&c->conn);
272 c->conn = NULL;
273 }
274
275 /* now setup the new connection */
276
277 ads = ads_init(c->dns_domain, NULL, NULL);
278 BAIL_ON_PTR_ERROR(ads, nt_status);
279
280 ads->auth.password =
281 secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
282 ads->auth.realm = SMB_STRDUP(lp_realm());
283
284 /* Make the connection. We should already have an initial
285 TGT using the machine creds */
286
287 if (cell_flags(c) & LWCELL_FLAG_GC_CELL) {
288 ads_status = ads_connect_gc(ads);
289 } else {
290 /* Set up server affinity for normal cells and the client
291 site name cache */
292
293 if (!get_dc_name("", c->dns_domain, dc_name, &dcip)) {
294 nt_status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
295 BAIL_ON_NTSTATUS_ERROR(nt_status);
296 }
297
298 ads_status = ads_connect(ads);
299 }
300
301
302 c->conn = ads;
303
304 nt_status = ads_ntstatus(ads_status);
305
306 done:
307 if (!NT_STATUS_IS_OK(nt_status)) {
308 ads_destroy(&ads);
309 c->conn = NULL;
310 }
311
312 return nt_status;
313 }
314
315 /********************************************************************
316 *******************************************************************/
317
318 NTSTATUS cell_connect_dn(struct likewise_cell **c, const char *dn)
319 {
320 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
321 struct likewise_cell *new_cell = NULL;
322 char *dns_domain = NULL;
323
324 if (*c || !dn) {
325 nt_status = NT_STATUS_INVALID_PARAMETER;
326 BAIL_ON_NTSTATUS_ERROR(nt_status);
327 }
328
329 if ((new_cell = cell_new()) == NULL) {
330 nt_status = NT_STATUS_NO_MEMORY;
331 BAIL_ON_NTSTATUS_ERROR(nt_status);
332 }
333
334 /* Set the DNS domain, dn, etc ... and add it to the list */
335
336 dns_domain = cell_dn_to_dns(dn);
337 cell_set_dns_domain(new_cell, dns_domain);
338 SAFE_FREE(dns_domain);
339
340 cell_set_dn(new_cell, dn);
341
342 nt_status = cell_connect(new_cell);
343 BAIL_ON_NTSTATUS_ERROR(nt_status);
344
345 *c = new_cell;
346
347 done:
348 if (!NT_STATUS_IS_OK(nt_status)) {
349 DEBUG(1,("LWI: Failled to connect to cell \"%s\" (%s)\n",
350 dn ? dn : "NULL", nt_errstr(nt_status)));
351 talloc_destroy(new_cell);
352 }
353
354 return nt_status;
355 }
356
357
358 /********************************************************************
359 *******************************************************************/
360
361 #define MAX_SEARCH_COUNT 2
362
363 ADS_STATUS cell_do_search(struct likewise_cell *c,
364 const char *search_base,
365 int scope,
366 const char *expr,
367 const char **attrs,
368 LDAPMessage ** msg)
369 {
370 int search_count = 0;
371 ADS_STATUS status;
372 NTSTATUS nt_status;
373
374 /* check for a NULL connection */
375
376 if (!c->conn) {
377 nt_status = cell_connect(c);
378 if (!NT_STATUS_IS_OK(nt_status)) {
379 status = ADS_ERROR_NT(nt_status);
380 return status;
381 }
382 }
383
384 DEBUG(10, ("cell_do_search: Base = %s, Filter = %s, Scope = %d, GC = %s\n",
385 search_base, expr, scope,
386 c->conn->server.gc ? "yes" : "no"));
387
388 /* we try multiple times in case the ADS_STRUCT is bad
389 and we need to reconnect */
390
391 while (search_count < MAX_SEARCH_COUNT) {
392 *msg = NULL;
393 status = ads_do_search(c->conn, search_base,
394 scope, expr, attrs, msg);
395 if (ADS_ERR_OK(status)) {
396 if (DEBUGLEVEL >= 10) {
397 LDAPMessage *e = NULL;
398
399 int n = ads_count_replies(c->conn, *msg);
400
401 DEBUG(10,("cell_do_search: Located %d entries\n", n));
402
403 for (e=ads_first_entry(c->conn, *msg);
404 e!=NULL;
405 e = ads_next_entry(c->conn, e))
406 {
407 char *dn = ads_get_dn(c->conn, talloc_tos(), e);
408
409 DEBUGADD(10,(" dn: %s\n", dn ? dn : "<NULL>"));
410 TALLOC_FREE(dn);
411 }
412 }
413
414 return status;
415 }
416
417
418 DEBUG(5, ("cell_do_search: search[%d] failed (%s)\n",
419 search_count, ads_errstr(status)));
420
421 search_count++;
422
423 /* Houston, we have a problem */
424
425 if (status.error_type == ENUM_ADS_ERROR_LDAP) {
426 switch (status.err.rc) {
427 case LDAP_TIMELIMIT_EXCEEDED:
428 case LDAP_TIMEOUT:
429 case -1: /* we get this error if we cannot contact
430 the LDAP server */
431 nt_status = cell_connect(c);
432 if (!NT_STATUS_IS_OK(nt_status)) {
433 status = ADS_ERROR_NT(nt_status);
434 return status;
435 }
436 break;
437 default:
438 /* we're all done here */
439 return status;
440 }
441 }
442 }
443
444 DEBUG(5, ("cell_do_search: exceeded maximum search count!\n"));
445
446 return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
447 }
Samba GIT mirror