2 Unix SMB/CIFS implementation.
4 Winbind daemon - miscellaneous other functions
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Bartlett 2002
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "libcli/security/dom_sid.h"
28 #define DBGC_CLASS DBGC_WINBIND
30 /* Constants and helper functions for determining domain trust types */
39 const char *trust_type_strings[] = {"External",
44 static enum trust_type get_trust_type(struct winbindd_tdc_domain *domain)
46 if (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
48 else if (domain->trust_attribs == LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)
50 else if (((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) == NETR_TRUST_FLAG_IN_FOREST) &&
51 ((domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) == 0x0))
56 static const char *get_trust_type_string(struct winbindd_tdc_domain *domain)
58 return trust_type_strings[get_trust_type(domain)];
61 static bool trust_is_inbound(struct winbindd_tdc_domain *domain)
63 if (domain->trust_flags & NETR_TRUST_FLAG_INBOUND) {
69 static bool trust_is_outbound(struct winbindd_tdc_domain *domain)
71 return (domain->trust_flags == 0x0) ||
72 ((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) ==
73 NETR_TRUST_FLAG_IN_FOREST) ||
74 ((domain->trust_flags & NETR_TRUST_FLAG_OUTBOUND) ==
75 NETR_TRUST_FLAG_OUTBOUND);
78 static bool trust_is_transitive(struct winbindd_tdc_domain *domain)
80 bool transitive = false;
83 * Beware: order matters
86 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
90 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) {
94 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE) {
98 if (domain->trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) {
102 if (domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) {
109 void winbindd_list_trusted_domains(struct winbindd_cli_state *state)
111 struct winbindd_tdc_domain *dom_list = NULL;
112 size_t num_domains = 0;
113 int extra_data_len = 0;
114 char *extra_data = NULL;
117 DEBUG(3, ("[%5lu]: list trusted domains\n",
118 (unsigned long)state->pid));
120 if( !wcache_tdc_fetch_list( &dom_list, &num_domains )) {
121 request_error(state);
125 extra_data = talloc_strdup(state->mem_ctx, "");
126 if (extra_data == NULL) {
127 request_error(state);
131 for ( i = 0; i < num_domains; i++ ) {
132 struct winbindd_domain *domain;
133 bool is_online = true;
134 struct winbindd_tdc_domain *d = NULL;
137 domain = find_domain_from_name_noinit(d->domain_name);
139 is_online = domain->online;
141 extra_data = talloc_asprintf_append_buffer(
143 "%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s\n",
145 d->dns_name ? d->dns_name : "",
146 sid_string_talloc(state->mem_ctx, &d->sid),
147 get_trust_type_string(d),
148 trust_is_transitive(d) ? "Yes" : "No",
149 trust_is_inbound(d) ? "Yes" : "No",
150 trust_is_outbound(d) ? "Yes" : "No",
151 is_online ? "Online" : "Offline" );
154 state->response->data.num_entries = num_domains;
156 extra_data_len = strlen(extra_data);
157 if (extra_data_len > 0) {
159 /* Strip the last \n */
160 extra_data[extra_data_len-1] = '\0';
162 state->response->extra_data.data = extra_data;
163 state->response->length += extra_data_len;
168 TALLOC_FREE( dom_list );
171 enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
172 struct winbindd_cli_state *state)
175 int extra_data_len = 0;
178 bool have_own_domain = False;
179 struct netr_DomainTrustList trusts;
181 DEBUG(3, ("[%5lu]: list trusted domains\n",
182 (unsigned long)state->pid));
184 result = wb_cache_trusted_domains(domain, state->mem_ctx, &trusts);
186 if (!NT_STATUS_IS_OK(result)) {
187 DEBUG(3, ("winbindd_dual_list_trusted_domains: trusted_domains returned %s\n",
188 nt_errstr(result) ));
189 return WINBINDD_ERROR;
192 extra_data = talloc_strdup(state->mem_ctx, "");
194 for (i=0; i<trusts.count; i++) {
196 if (trusts.array[i].sid == NULL) {
199 if (dom_sid_equal(trusts.array[i].sid, &global_sid_NULL)) {
203 extra_data = talloc_asprintf_append_buffer(
204 extra_data, "%s\\%s\\%s\\%u\\%u\\%u\n",
205 trusts.array[i].netbios_name, trusts.array[i].dns_name,
206 sid_string_talloc(state->mem_ctx, trusts.array[i].sid),
207 trusts.array[i].trust_flags,
208 (uint32_t)trusts.array[i].trust_type,
209 trusts.array[i].trust_attributes);
212 /* add our primary domain */
214 for (i=0; i<trusts.count; i++) {
215 if (strequal(trusts.array[i].netbios_name, domain->name)) {
216 have_own_domain = True;
221 if (state->request->data.list_all_domains && !have_own_domain) {
222 extra_data = talloc_asprintf_append_buffer(
223 extra_data, "%s\\%s\\%s\n", domain->name,
224 domain->alt_name != NULL ?
227 sid_string_talloc(state->mem_ctx, &domain->sid));
230 extra_data_len = strlen(extra_data);
231 if (extra_data_len > 0) {
233 /* Strip the last \n */
234 extra_data[extra_data_len-1] = '\0';
236 state->response->extra_data.data = extra_data;
237 state->response->length += extra_data_len;
243 struct domain_info_state {
244 struct winbindd_domain *domain;
245 struct winbindd_cli_state *cli;
246 struct winbindd_request ping_request;
249 static void domain_info_done(struct tevent_req *req);
251 void winbindd_domain_info(struct winbindd_cli_state *cli)
253 struct domain_info_state *state;
254 struct winbindd_domain *domain;
255 struct tevent_req *req;
257 DEBUG(3, ("[%5lu]: domain_info [%s]\n", (unsigned long)cli->pid,
258 cli->request->domain_name));
260 domain = find_domain_from_name_noinit(cli->request->domain_name);
262 if (domain == NULL) {
263 DEBUG(3, ("Did not find domain [%s]\n",
264 cli->request->domain_name));
269 if (domain->initialized) {
270 fstrcpy(cli->response->data.domain_info.name,
272 fstrcpy(cli->response->data.domain_info.alt_name,
274 sid_to_fstring(cli->response->data.domain_info.sid,
276 cli->response->data.domain_info.native_mode =
278 cli->response->data.domain_info.active_directory =
279 domain->active_directory;
280 cli->response->data.domain_info.primary =
286 state = talloc_zero(cli->mem_ctx, struct domain_info_state);
288 DEBUG(0, ("talloc failed\n"));
294 state->domain = domain;
295 state->ping_request.cmd = WINBINDD_PING;
298 * Send a ping down. This implicitly initializes the domain.
301 req = wb_domain_request_send(state, server_event_context(),
302 domain, &state->ping_request);
304 DEBUG(3, ("wb_domain_request_send failed\n"));
308 tevent_req_set_callback(req, domain_info_done, state);
311 static void domain_info_done(struct tevent_req *req)
313 struct domain_info_state *state = tevent_req_callback_data(
314 req, struct domain_info_state);
315 struct winbindd_response *response;
318 ret = wb_domain_request_recv(req, req, &response, &err);
321 DEBUG(10, ("wb_domain_request failed: %s\n", strerror(errno)));
322 request_error(state->cli);
325 if (!state->domain->initialized) {
326 DEBUG(5, ("wb_domain_request did not initialize domain %s\n",
327 state->domain->name));
328 request_error(state->cli);
332 fstrcpy(state->cli->response->data.domain_info.name,
333 state->domain->name);
334 fstrcpy(state->cli->response->data.domain_info.alt_name,
335 state->domain->alt_name);
336 sid_to_fstring(state->cli->response->data.domain_info.sid,
337 &state->domain->sid);
339 state->cli->response->data.domain_info.native_mode =
340 state->domain->native_mode;
341 state->cli->response->data.domain_info.active_directory =
342 state->domain->active_directory;
343 state->cli->response->data.domain_info.primary =
344 state->domain->primary;
346 request_ok(state->cli);
349 void winbindd_dc_info(struct winbindd_cli_state *cli)
351 struct winbindd_domain *domain;
352 char *dc_name, *dc_ip;
354 cli->request->domain_name[sizeof(cli->request->domain_name)-1] = '\0';
356 DEBUG(3, ("[%5lu]: domain_info [%s]\n", (unsigned long)cli->pid,
357 cli->request->domain_name));
359 if (cli->request->domain_name[0] != '\0') {
360 domain = find_trust_from_name_noinit(
361 cli->request->domain_name);
362 if (domain == NULL) {
363 DEBUG(10, ("Could not find domain %s\n",
364 cli->request->domain_name));
369 domain = find_our_domain();
372 if (!fetch_current_dc_from_gencache(
373 talloc_tos(), domain->name, &dc_name, &dc_ip)) {
374 DEBUG(10, ("fetch_current_dc_from_gencache(%s) failed\n",
380 cli->response->data.num_entries = 1;
381 cli->response->extra_data.data = talloc_asprintf(
382 cli->mem_ctx, "%s\n%s\n", dc_name, dc_ip);
384 TALLOC_FREE(dc_name);
387 if (cli->response->extra_data.data == NULL) {
392 /* must add one to length to copy the 0 for string termination */
393 cli->response->length +=
394 strlen((char *)cli->response->extra_data.data) + 1;
399 /* List various tidbits of information */
401 void winbindd_info(struct winbindd_cli_state *state)
404 DEBUG(3, ("[%5lu]: request misc info\n", (unsigned long)state->pid));
406 state->response->data.info.winbind_separator = *lp_winbind_separator();
407 fstrcpy(state->response->data.info.samba_version, samba_version_string());
411 /* Tell the client the current interface version */
413 void winbindd_interface_version(struct winbindd_cli_state *state)
415 DEBUG(3, ("[%5lu]: request interface version (version = %d)\n",
416 (unsigned long)state->pid, WINBIND_INTERFACE_VERSION));
418 state->response->data.interface_version = WINBIND_INTERFACE_VERSION;
422 /* What domain are we a member of? */
424 void winbindd_domain_name(struct winbindd_cli_state *state)
426 DEBUG(3, ("[%5lu]: request domain name\n", (unsigned long)state->pid));
428 fstrcpy(state->response->data.domain_name, lp_workgroup());
432 /* What's my name again? */
434 void winbindd_netbios_name(struct winbindd_cli_state *state)
436 DEBUG(3, ("[%5lu]: request netbios name\n",
437 (unsigned long)state->pid));
439 fstrcpy(state->response->data.netbios_name, lp_netbios_name());
443 /* Where can I find the privileged pipe? */
445 void winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
448 DEBUG(3, ("[%5lu]: request location of privileged pipe\n",
449 (unsigned long)state->pid));
451 priv_dir = get_winbind_priv_pipe_dir();
452 state->response->extra_data.data = talloc_move(state->mem_ctx,
455 /* must add one to length to copy the 0 for string termination */
456 state->response->length +=
457 strlen((char *)state->response->extra_data.data) + 1;