2005-09-22 22:35:08 +04:00
/*
Unix SMB / CIFS implementation .
Main winbindd server routines
Copyright ( C ) Stefan Metzmacher 2005
Copyright ( C ) Andrew Tridgell 2005
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2005-09-22 22:35:08 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2005-09-22 22:35:08 +04:00
*/
2007-06-02 15:38:27 +04:00
# include "nsswitch/winbind_nss_config.h"
2006-01-12 12:38:35 +03:00
# include "nsswitch/winbindd_nss.h"
2007-07-23 06:56:51 +04:00
# include "libnet/libnet.h"
2005-09-22 22:35:08 +04:00
2006-01-31 03:48:57 +03:00
# define WINBINDD_SAMBA3_SOCKET "pipe"
2005-09-22 22:35:08 +04:00
/* the privileged socket is in smbd_tmp_dir() */
# define WINBINDD_SAMBA3_PRIVILEGED_SOCKET "winbind_pipe"
/* this struct stores global data for the winbind task */
struct wbsrv_service {
struct task_server * task ;
2005-10-08 21:45:27 +04:00
2005-10-19 17:45:44 +04:00
const struct dom_sid * primary_sid ;
2005-10-09 16:50:35 +04:00
struct wbsrv_domain * domains ;
} ;
r10852: Continuation-based programming can become a bit spaghetti...
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2005-10-10 00:32:24 +04:00
struct wbsrv_samconn {
struct wbsrv_domain * domain ;
void * private_data ;
struct composite_context ( * seqnum_send ) ( struct wbsrv_samconn * ) ;
NTSTATUS ( * seqnum_recv ) ( struct composite_context * , uint64_t * ) ;
} ;
2005-11-06 02:46:57 +03:00
struct wb_dom_info {
2005-10-09 16:50:35 +04:00
const char * name ;
2005-11-06 02:46:57 +03:00
const char * dns_name ;
2005-10-09 16:50:35 +04:00
const struct dom_sid * sid ;
2005-11-06 02:46:57 +03:00
2007-05-25 15:59:52 +04:00
int num_dcs ;
struct nbt_dc_name * dcs ;
2005-11-06 02:46:57 +03:00
} ;
struct wbsrv_domain {
struct wbsrv_domain * next , * prev ;
struct wb_dom_info * info ;
2005-10-08 21:45:27 +04:00
2007-05-25 15:59:52 +04:00
/* Details for the server we are currently talking to */
const char * dc_address ;
const char * dc_name ;
2007-07-23 06:56:51 +04:00
struct libnet_context * libnet_ctx ;
2007-05-25 12:04:39 +04:00
struct dcerpc_binding * lsa_binding ;
2005-10-16 02:01:15 +04:00
2007-05-25 12:04:39 +04:00
struct dcerpc_binding * samr_binding ;
r10852: Continuation-based programming can become a bit spaghetti...
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2005-10-10 00:32:24 +04:00
2005-10-24 13:34:12 +04:00
struct ldap_connection * ldap_conn ;
2005-10-08 21:45:27 +04:00
struct dcerpc_pipe * netlogon_pipe ;
2007-05-25 12:04:39 +04:00
struct dcerpc_binding * netlogon_binding ;
2005-09-22 22:35:08 +04:00
} ;
/*
state of a listen socket and it ' s protocol information
*/
struct wbsrv_listen_socket {
const char * socket_path ;
struct wbsrv_service * service ;
BOOL privileged ;
} ;
/*
state of an open winbind connection
*/
struct wbsrv_connection {
/* stream connection we belong to */
struct stream_connection * conn ;
/* the listening socket we belong to, it holds protocol hooks */
struct wbsrv_listen_socket * listen_socket ;
/* storage for protocol specific data */
void * protocol_private_data ;
/* how many calls are pending */
uint32_t pending_calls ;
2006-01-12 12:38:35 +03:00
struct packet_context * packet ;
2005-09-22 22:35:08 +04:00
} ;
2006-01-12 12:38:35 +03:00
# define WBSRV_SAMBA3_SET_STRING(dest, src) do { \
strncpy ( dest , src , sizeof ( dest ) - 1 ) ; \
} while ( 0 )
2005-09-22 22:35:08 +04:00
/*
state of one request
NOTE about async replies :
if the backend wants to reply later :
2005-09-26 01:01:56 +04:00
- it should set the WBSRV_CALL_FLAGS_REPLY_ASYNC flag , and may set a
talloc_destructor on the this structure or on the private_data ( if it ' s a
talloc child of this structure ) , so that wbsrv_terminate_connection
called by another call clean up the whole connection correct .
- When the backend is ready to reply it should call wbsrv_send_reply ( call ) ,
wbsrv_send_reply implies talloc_free ( call ) , so the backend should use
talloc_reference ( call ) , if it needs it later .
- If wbsrv_send_reply doesn ' t return NT_STATUS_OK , the backend function
should call , wbsrv_terminate_connection ( call - > wbconn , nt_errstr ( status ) ) ;
return ;
2005-09-22 22:35:08 +04:00
*/
2006-01-12 12:38:35 +03:00
struct wbsrv_samba3_call {
2005-09-22 22:35:08 +04:00
# define WBSRV_CALL_FLAGS_REPLY_ASYNC 0x00000001
uint32_t flags ;
/* the connection the call belongs to */
struct wbsrv_connection * wbconn ;
2006-01-12 12:38:35 +03:00
/* the backend should use this event context */
struct event_context * event_ctx ;
/* here the backend can store stuff like composite_context's ... */
2005-09-22 22:35:08 +04:00
void * private_data ;
2006-01-12 12:38:35 +03:00
/* the request structure of the samba3 protocol */
struct winbindd_request request ;
/* the response structure of the samba3 protocol*/
struct winbindd_response response ;
2005-09-22 22:35:08 +04:00
} ;
2005-12-28 18:38:36 +03:00
2006-01-03 20:27:33 +03:00
struct netr_LMSessionKey ;
struct netr_UserSessionKey ;
2006-07-31 19:38:18 +04:00
struct winbind_SamLogon ;
2006-01-03 20:27:33 +03:00
2006-03-14 18:03:25 +03:00
# include "winbind/wb_async_helpers.h"
2005-12-28 18:38:36 +03:00
# include "winbind/wb_proto.h"