return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
+/* Constants and helper functions for determining domain trust types */
+
+enum trust_type {
+ EXTERNAL = 0,
+ FOREST,
+ IN_FOREST,
+ NONE,
+};
+
+const char *trust_type_strings[] = {"External",
+ "Forest",
+ "In Forest",
+ "None"};
+
+static enum trust_type get_trust_type(struct winbindd_tdc_domain *domain)
+{
+ if (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
+ return EXTERNAL;
+ else if (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)
+ return FOREST;
+ else if (((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) == NETR_TRUST_FLAG_IN_FOREST) &&
+ ((domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) == 0x0))
+ return IN_FOREST;
+ return NONE;
+}
+
+static const char *get_trust_type_string(struct winbindd_tdc_domain *domain)
+{
+ return trust_type_strings[get_trust_type(domain)];
+}
+
+static bool trust_is_inbound(struct winbindd_tdc_domain *domain)
+{
+ return (domain->trust_flags == 0x0) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) ==
+ NETR_TRUST_FLAG_IN_FOREST) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_INBOUND) ==
+ NETR_TRUST_FLAG_INBOUND);
+}
+
+static bool trust_is_outbound(struct winbindd_tdc_domain *domain)
+{
+ return (domain->trust_flags == 0x0) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) ==
+ NETR_TRUST_FLAG_IN_FOREST) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_OUTBOUND) ==
+ NETR_TRUST_FLAG_OUTBOUND);
+}
+
+static bool trust_is_transitive(struct winbindd_tdc_domain *domain)
+{
+ if ((domain->trust_attribs == NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE) ||
+ (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) ||
+ (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL))
+ return False;
+ return True;
+}
+
void winbindd_list_trusted_domains(struct winbindd_cli_state *state)
{
- struct winbindd_domain *d = NULL;
+ struct winbindd_tdc_domain *dom_list = NULL;
+ struct winbindd_tdc_domain *d = NULL;
+ size_t num_domains = 0;
int extra_data_len = 0;
char *extra_data = NULL;
+ int i = 0;
DEBUG(3, ("[%5lu]: list trusted domains\n",
(unsigned long)state->pid));
- for ( d=domain_list(); d; d=d->next ) {
+ if( !wcache_tdc_fetch_list( &dom_list, &num_domains )) {
+ request_error(state);
+ goto done;
+ }
+
+ for ( i = 0; i < num_domains; i++ ) {
+ struct winbindd_domain *domain;
+ bool is_online = true;
+
+ d = &dom_list[i];
+ domain = find_domain_from_name_noinit(d->domain_name);
+ if (domain) {
+ is_online = domain->online;
+ }
+
if ( !extra_data ) {
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\\%s\\%s",
- d->name, d->alt_name ? d->alt_name : d->name,
- sid_string_talloc(state->mem_ctx, &d->sid));
+ extra_data = talloc_asprintf(state->mem_ctx,
+ "%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s",
+ d->domain_name,
+ d->dns_name ? d->dns_name : d->domain_name,
+ sid_string_talloc(state->mem_ctx, &d->sid),
+ get_trust_type_string(d),
+ trust_is_transitive(d) ? "Yes" : "No",
+ trust_is_inbound(d) ? "Yes" : "No",
+ trust_is_outbound(d) ? "Yes" : "No",
+ is_online ? "Online" : "Offline" );
} else {
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\n%s\\%s\\%s",
- extra_data, d->name,
- d->alt_name ? d->alt_name : d->name,
- sid_string_talloc(state->mem_ctx, &d->sid));
+ extra_data = talloc_asprintf(state->mem_ctx,
+ "%s\n%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s",
+ extra_data,
+ d->domain_name,
+ d->dns_name ? d->dns_name : d->domain_name,
+ sid_string_talloc(state->mem_ctx, &d->sid),
+ get_trust_type_string(d),
+ trust_is_transitive(d) ? "Yes" : "No",
+ trust_is_inbound(d) ? "Yes" : "No",
+ trust_is_outbound(d) ? "Yes" : "No",
+ is_online ? "Online" : "Offline" );
}
}
state->response.length += extra_data_len+1;
}
- TALLOC_FREE( extra_data );
-
request_ok(state);
+done:
+ TALLOC_FREE( dom_list );
+ TALLOC_FREE( extra_data );
}
enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
return WINBINDD_OK;
}
+static void winbindd_getdcname_recv(void *private_data,
+ bool success,
+ struct winbind_get_dc_info *r)
+{
+ struct winbindd_cli_state *state =
+ talloc_get_type_abort(private_data, struct winbindd_cli_state);
+
+ if (!success) {
+ request_error(state);
+ return;
+ }
+
+ fstrcpy(state->response.data.dc_name, r->out.dc_info->name);
+
+ request_ok(state);
+}
+
void winbindd_getdcname(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
+ struct winbind_get_dc_info *r;
state->request.domain_name
[sizeof(state->request.domain_name)-1] = '\0';
return;
}
- sendto_domain(state, find_our_domain());
+ r = TALLOC_P(state->mem_ctx, struct winbind_get_dc_info);
+ if (!r) goto nomem;
+ r->in.level = TALLOC_P(r, enum winbind_dc_info_level);
+ if (!r->in.level) goto nomem;
+
+ *r->in.level = WINBIND_DC_INFO_LEVEL_COMPAT_NT4;
+ r->in.domain_name = state->request.domain_name;
+
+ winbindd_get_dc_info_async_domain(state->mem_ctx, find_our_domain(),
+ r, winbindd_getdcname_recv, state);
+ return;
+nomem:
+ request_error(state);
+ return;
+}
+
+static void winbindd_get_dc_info_recv(TALLOC_CTX *mem_ctx, bool success,
+ struct winbindd_ndr_call *c,
+ void *_r,
+ void *_cont,
+ void *private_data)
+{
+ void (*cont)(void *priv, bool succ, struct winbind_get_dc_info *r) =
+ (void (*)(void *, bool, struct winbind_get_dc_info*))_cont;
+ struct winbind_get_dc_info *r =
+ talloc_get_type_abort(_r, struct winbind_get_dc_info);
+
+ if (!success) {
+ DEBUG(5, ("Could not get dc_info\n"));
+ cont(private_data, False, r);
+ return;
+ }
+
+ if (r->out.result != WINBIND_STATUS_OK) {
+ DEBUG(5, ("get_dc_info returned an error:0x%08X\n",
+ r->out.result));
+ cont(private_data, False, r);
+ return;
+ }
+
+ cont(private_data, True, r);
}
-enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain,
- struct winbindd_cli_state *state)
+void winbindd_get_dc_info_async_domain(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct winbind_get_dc_info *r,
+ void (*cont)(void *private_data,
+ bool success,
+ struct winbind_get_dc_info *r),
+ void *private_data)
{
- const char *dcname_slash = NULL;
+ do_async_ndr_domain(mem_ctx, domain,
+ NDR_WINBIND_GET_DC_INFO, r,
+ winbindd_get_dc_info_recv, r,
+ (void *)cont, private_data);
+}
+
+void winbindd_get_dc_info_async_child(TALLOC_CTX *mem_ctx,
+ struct winbindd_child *child,
+ struct winbind_get_dc_info *r,
+ void (*cont)(void *private_data,
+ bool success,
+ struct winbind_get_dc_info *r),
+ void *private_data)
+{
+ do_async_ndr(mem_ctx, child,
+ NDR_WINBIND_GET_DC_INFO, r,
+ winbindd_get_dc_info_recv, r,
+ (void *)cont, private_data);
+}
+
+static void ndr_child_get_dc_info_comapt_nt4(struct winbindd_domain *domain,
+ struct winbindd_cli_state *state,
+ struct winbind_get_dc_info *r)
+{
+ const char *dcname_slash;
const char *p;
struct rpc_pipe_client *netlogon_pipe;
NTSTATUS result;
unsigned int orig_timeout;
struct winbindd_domain *req_domain;
- state->request.domain_name
- [sizeof(state->request.domain_name)-1] = '\0';
-
- DEBUG(3, ("[%5lu]: Get DC name for %s\n", (unsigned long)state->pid,
- state->request.domain_name));
+ DEBUG(3, ("Get DC name for '%s'\n", r->in.domain_name));
result = cm_connect_netlogon(domain, &netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("Can't contact the NETLOGON pipe\n"));
- return WINBINDD_ERROR;
+ r->out.result = WINBIND_STATUS_FOOBAR;
+ return;
}
/* This call can take a long time - allow the server to time out.
orig_timeout = cli_set_timeout(netlogon_pipe->cli, 35000);
- req_domain = find_domain_from_name_noinit(state->request.domain_name);
+ /*
+ * if the requested domain name matches the current one
+ * we need to use GetDCName(), because GetAnyDCName() only
+ * works for trusted domains
+ */
+ req_domain = find_domain_from_name_noinit(r->in.domain_name);
if (req_domain == domain) {
result = rpccli_netr_GetDcName(netlogon_pipe,
- state->mem_ctx,
+ r,
domain->dcname,
- state->request.domain_name,
+ r->in.domain_name,
&dcname_slash,
&werr);
} else {
result = rpccli_netr_GetAnyDCName(netlogon_pipe,
- state->mem_ctx,
+ r,
domain->dcname,
- state->request.domain_name,
+ r->in.domain_name,
&dcname_slash,
&werr);
}
if (!NT_STATUS_IS_OK(result)) {
DEBUG(5,("Error requesting DCname for domain %s: %s\n",
- state->request.domain_name, nt_errstr(result)));
- return WINBINDD_ERROR;
+ r->in.domain_name, nt_errstr(result)));
+ r->out.result = WINBIND_STATUS_FOOBAR;
+ return;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(5, ("Error requesting DCname for domain %s: %s\n",
- state->request.domain_name, dos_errstr(werr)));
- return WINBINDD_ERROR;
+ r->in.domain_name, dos_errstr(werr)));
+ r->out.result = WINBIND_STATUS_FOOBAR;
+ return;
}
p = dcname_slash;
p+=1;
}
- fstrcpy(state->response.data.dc_name, p);
- return WINBINDD_OK;
+ r->out.dc_info->name = talloc_strdup(r, p);
+ if (!r->out.dc_info->name) {
+ r->out.result = WINBIND_STATUS_NO_MEMORY;
+ return;
+ }
+ r->out.result = WINBIND_STATUS_OK;
+}
+
+void winbindd_ndr_domain_child_get_dc_info(struct winbindd_domain *domain,
+ struct winbindd_cli_state *state)
+{
+ struct winbind_get_dc_info *r;
+
+ r = talloc_get_type_abort(state->c.ndr.r,
+ struct winbind_get_dc_info);
+
+ switch (*r->in.level) {
+ case WINBIND_DC_INFO_LEVEL_COMPAT_NT4:
+ ndr_child_get_dc_info_comapt_nt4(domain, state, r);
+ return;
+
+ case WINBIND_DC_INFO_LEVEL_COMPAT_DS:
+ r->out.result = WINBIND_STATUS_INVALID_LEVEL;
+ return;
+ }
+
+ r->out.result = WINBIND_STATUS_UNKNOWN_LEVEL;
+ return;
+}
+
+static void winbindd_get_domain_info_recv(TALLOC_CTX *mem_ctx, bool success,
+ struct winbindd_ndr_call *c,
+ void *_r,
+ void *_cont,
+ void *private_data)
+{
+ void (*cont)(void *priv, bool succ, struct winbind_get_domain_info *r) =
+ (void (*)(void *, bool, struct winbind_get_domain_info*))_cont;
+ struct winbind_get_domain_info *r =
+ talloc_get_type_abort(_r, struct winbind_get_domain_info);
+
+ if (!success) {
+ DEBUG(5, ("Could not get domain_info\n"));
+ cont(private_data, False, r);
+ return;
+ }
+
+ if (r->out.result != WINBIND_STATUS_OK) {
+ DEBUG(5, ("get_domain_info returned an error:0x%08X\n",
+ r->out.result));
+ cont(private_data, False, r);
+ return;
+ }
+
+ cont(private_data, True, r);
+}
+
+void winbindd_get_domain_info_async(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct winbind_get_domain_info *r,
+ void (*cont)(void *private_data,
+ bool success,
+ struct winbind_get_domain_info *r),
+ void *private_data)
+{
+ do_async_ndr_domain(mem_ctx, domain,
+ NDR_WINBIND_GET_DOMAIN_INFO, r,
+ winbindd_get_domain_info_recv, r,
+ (void *)cont, private_data);
}
struct sequence_state {
void winbindd_ping(struct winbindd_cli_state *state)
{
+ if (lp_parm_bool(-1, "winbindd", "ping_our_domain", False)) {
+ sendto_domain(state, find_our_domain());
+ return;
+ }
+
DEBUG(3, ("[%5lu]: ping\n", (unsigned long)state->pid));
request_ok(state);
}
+enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
+ struct winbindd_cli_state *state)
+{
+ DEBUG(3, ("[%5lu]: (dual) ping\n", (unsigned long)state->pid));
+ return WINBINDD_OK;
+}
+
/* List various tidbits of information */
void winbindd_info(struct winbindd_cli_state *state)
git.samba.org / metze / samba / wb-ndr.git / blobdiff