2001-05-07 05:03:40 +00:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
2001-05-07 05:03:40 +00:00
Winbind daemon - miscellaneous other functions
2002-01-10 11:28:14 +00:00
Copyright ( C ) Tim Potter 2000
Copyright ( C ) Andrew Bartlett 2002
2009-12-21 15:11:55 +01:00
2001-05-07 05:03:40 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2001-05-07 05:03:40 +00:00
( at your option ) any later version .
2009-12-21 15:11:55 +01:00
2001-05-07 05:03:40 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-12-21 15:11:55 +01:00
2001-05-07 05:03:40 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2001-05-07 05:03:40 +00:00
*/
2003-11-12 01:51:10 +00:00
# include "includes.h"
2001-05-07 05:03:40 +00:00
# include "winbindd.h"
2011-08-17 12:05:26 +02:00
# include "libcli/security/dom_sid.h"
2001-05-07 05:03:40 +00:00
2002-07-15 10:35:28 +00:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_WINBIND
2017-12-13 08:53:16 +01:00
static char * get_trust_type_string ( TALLOC_CTX * mem_ctx ,
struct winbindd_tdc_domain * tdc ,
struct winbindd_domain * domain )
{
enum netr_SchannelType secure_channel_type = SEC_CHAN_NULL ;
char * s = NULL ;
2008-03-25 16:58:40 -07:00
2017-12-13 08:53:16 +01:00
if ( domain ! = NULL ) {
secure_channel_type = domain - > secure_channel_type ;
}
2008-03-25 16:58:40 -07:00
2017-12-13 08:53:16 +01:00
switch ( secure_channel_type ) {
case SEC_CHAN_NULL : {
if ( domain = = NULL ) {
DBG_ERR ( " Missing domain [%s] \n " ,
tdc - > domain_name ) ;
return NULL ;
}
if ( domain - > routing_domain = = NULL ) {
DBG_ERR ( " Missing routing for domain [%s] \n " ,
tdc - > domain_name ) ;
return NULL ;
}
s = talloc_asprintf ( mem_ctx , " Routed (via %s) " ,
domain - > routing_domain - > name ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
2008-03-25 16:58:40 -07:00
2017-12-13 08:53:16 +01:00
case SEC_CHAN_LOCAL :
s = talloc_strdup ( mem_ctx , " Local " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
2008-03-25 16:58:40 -07:00
2017-12-13 08:53:16 +01:00
case SEC_CHAN_WKSTA :
s = talloc_strdup ( mem_ctx , " Workstation " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
case SEC_CHAN_BDC : {
int role = lp_server_role ( ) ;
if ( role = = ROLE_DOMAIN_PDC ) {
s = talloc_strdup ( mem_ctx , " PDC " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
if ( role = = ROLE_DOMAIN_BDC ) {
s = talloc_strdup ( mem_ctx , " BDC " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
s = talloc_strdup ( mem_ctx , " RWDC " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
case SEC_CHAN_RODC :
s = talloc_strdup ( mem_ctx , " RODC " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
case SEC_CHAN_DNS_DOMAIN :
if ( tdc - > trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN ) {
s = talloc_strdup ( mem_ctx , " External " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
if ( tdc - > trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST ) {
s = talloc_strdup ( mem_ctx , " In Forest " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
if ( tdc - > trust_attribs & LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL ) {
s = talloc_strdup ( mem_ctx , " External " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
if ( tdc - > trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE ) {
s = talloc_strdup ( mem_ctx , " Forest " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
}
s = talloc_strdup ( mem_ctx , " External " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
case SEC_CHAN_DOMAIN :
s = talloc_strdup ( mem_ctx , " External " ) ;
if ( s = = NULL ) {
return NULL ;
}
break ;
default :
DBG_ERR ( " Unhandled secure_channel_type %d for domain[%s] \n " ,
secure_channel_type , tdc - > domain_name ) ;
return NULL ;
}
return s ;
2008-03-25 16:58:40 -07:00
}
static bool trust_is_inbound ( struct winbindd_tdc_domain * domain )
{
2017-11-28 17:44:41 +01:00
if ( domain - > trust_flags & NETR_TRUST_FLAG_INBOUND ) {
return true ;
}
return false ;
2008-03-25 16:58:40 -07:00
}
static bool trust_is_outbound ( struct winbindd_tdc_domain * domain )
{
2017-11-28 17:46:03 +01:00
if ( domain - > trust_flags & NETR_TRUST_FLAG_OUTBOUND ) {
return true ;
}
return false ;
2008-03-25 16:58:40 -07:00
}
static bool trust_is_transitive ( struct winbindd_tdc_domain * domain )
{
2017-11-28 17:32:59 +01:00
bool transitive = false ;
/*
* Beware : order matters
*/
if ( domain - > trust_attribs & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST ) {
transitive = true ;
}
if ( domain - > trust_attribs & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE ) {
transitive = true ;
}
if ( domain - > trust_attribs & LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE ) {
transitive = false ;
}
if ( domain - > trust_attribs & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN ) {
transitive = false ;
}
if ( domain - > trust_flags & NETR_TRUST_FLAG_PRIMARY ) {
transitive = true ;
}
return transitive ;
2008-03-25 16:58:40 -07:00
}
2018-05-04 21:19:06 +02:00
bool winbindd_list_trusted_domains ( struct winbindd_cli_state * state )
2001-05-07 05:03:40 +00:00
{
2008-03-25 16:58:40 -07:00
struct winbindd_tdc_domain * dom_list = NULL ;
size_t num_domains = 0 ;
2007-05-06 19:17:30 +00:00
int extra_data_len = 0 ;
char * extra_data = NULL ;
2008-03-25 16:58:40 -07:00
int i = 0 ;
2018-05-04 21:19:06 +02:00
bool ret = false ;
2009-12-21 15:11:55 +01:00
2005-06-08 22:10:34 +00:00
DEBUG ( 3 , ( " [%5lu]: list trusted domains \n " ,
( unsigned long ) state - > pid ) ) ;
2008-03-25 16:58:40 -07:00
if ( ! wcache_tdc_fetch_list ( & dom_list , & num_domains ) ) {
goto done ;
}
2009-12-28 13:49:01 +01:00
extra_data = talloc_strdup ( state - > mem_ctx , " " ) ;
if ( extra_data = = NULL ) {
goto done ;
}
2008-03-25 16:58:40 -07:00
for ( i = 0 ; i < num_domains ; i + + ) {
2008-04-22 15:29:53 -05:00
struct winbindd_domain * domain ;
bool is_online = true ;
2016-02-22 15:18:26 +01:00
struct winbindd_tdc_domain * d = NULL ;
2017-12-13 08:53:16 +01:00
char * trust_type = NULL ;
2008-04-22 15:29:53 -05:00
2008-03-25 16:58:40 -07:00
d = & dom_list [ i ] ;
2008-04-22 15:29:53 -05:00
domain = find_domain_from_name_noinit ( d - > domain_name ) ;
if ( domain ) {
is_online = domain - > online ;
}
2017-12-13 08:53:16 +01:00
trust_type = get_trust_type_string ( talloc_tos ( ) , d , domain ) ;
if ( trust_type = = NULL ) {
continue ;
}
2009-12-28 13:49:01 +01:00
extra_data = talloc_asprintf_append_buffer (
extra_data ,
" %s \\ %s \\ %s \\ %s \\ %s \\ %s \\ %s \\ %s \n " ,
d - > domain_name ,
2013-02-21 12:14:55 +01:00
d - > dns_name ? d - > dns_name : " " ,
2009-12-28 13:49:01 +01:00
sid_string_talloc ( state - > mem_ctx , & d - > sid ) ,
2017-12-13 08:53:16 +01:00
trust_type ,
2009-12-28 13:49:01 +01:00
trust_is_transitive ( d ) ? " Yes " : " No " ,
trust_is_inbound ( d ) ? " Yes " : " No " ,
trust_is_outbound ( d ) ? " Yes " : " No " ,
is_online ? " Online " : " Offline " ) ;
2017-12-13 08:53:16 +01:00
TALLOC_FREE ( trust_type ) ;
2007-05-06 19:17:30 +00:00
}
2010-04-03 14:16:19 +02:00
state - > response - > data . num_entries = num_domains ;
2009-12-28 13:49:01 +01:00
extra_data_len = strlen ( extra_data ) ;
2007-05-06 19:17:30 +00:00
if ( extra_data_len > 0 ) {
2009-12-28 13:49:01 +01:00
/* Strip the last \n */
extra_data [ extra_data_len - 1 ] = ' \0 ' ;
2009-06-14 12:41:46 +02:00
state - > response - > extra_data . data = extra_data ;
2009-12-28 13:49:01 +01:00
state - > response - > length + = extra_data_len ;
2007-05-06 19:17:30 +00:00
}
2018-05-04 21:19:06 +02:00
ret = true ;
2008-03-25 16:58:40 -07:00
done :
TALLOC_FREE ( dom_list ) ;
2018-05-04 21:19:06 +02:00
return ret ;
2005-06-08 22:10:34 +00:00
}
2001-05-07 05:03:40 +00:00
2005-06-08 22:10:34 +00:00
enum winbindd_result winbindd_dual_list_trusted_domains ( struct winbindd_domain * domain ,
struct winbindd_cli_state * state )
{
2009-12-28 15:51:36 +01:00
int i ;
2005-06-08 22:10:34 +00:00
int extra_data_len = 0 ;
char * extra_data ;
NTSTATUS result ;
2007-10-18 17:40:25 -07:00
bool have_own_domain = False ;
2009-12-28 15:51:36 +01:00
struct netr_DomainTrustList trusts ;
2001-05-07 05:03:40 +00:00
2005-06-08 22:10:34 +00:00
DEBUG ( 3 , ( " [%5lu]: list trusted domains \n " ,
( unsigned long ) state - > pid ) ) ;
2001-11-15 03:29:00 +00:00
2016-10-07 16:31:40 -07:00
result = wb_cache_trusted_domains ( domain , state - > mem_ctx , & trusts ) ;
2005-06-08 22:10:34 +00:00
2006-06-29 18:01:25 +00:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 3 , ( " winbindd_dual_list_trusted_domains: trusted_domains returned %s \n " ,
nt_errstr ( result ) ) ) ;
2006-10-18 16:09:42 +00:00
return WINBINDD_ERROR ;
2006-06-29 18:01:25 +00:00
}
2005-06-08 22:10:34 +00:00
extra_data = talloc_strdup ( state - > mem_ctx , " " ) ;
2009-12-28 15:51:36 +01:00
for ( i = 0 ; i < trusts . count ; i + + ) {
2011-07-25 12:38:27 +02:00
if ( trusts . array [ i ] . sid = = NULL ) {
continue ;
}
2011-08-17 12:05:26 +02:00
if ( dom_sid_equal ( trusts . array [ i ] . sid , & global_sid_NULL ) ) {
continue ;
}
2011-07-25 12:38:27 +02:00
2009-12-28 15:51:36 +01:00
extra_data = talloc_asprintf_append_buffer (
2016-02-10 00:38:11 +02:00
extra_data , " %s \\ %s \\ %s \\ %u \\ %u \\ %u \n " ,
trusts . array [ i ] . netbios_name , trusts . array [ i ] . dns_name ,
sid_string_talloc ( state - > mem_ctx , trusts . array [ i ] . sid ) ,
trusts . array [ i ] . trust_flags ,
( uint32_t ) trusts . array [ i ] . trust_type ,
trusts . array [ i ] . trust_attributes ) ;
2009-12-28 15:51:36 +01:00
}
2007-12-15 21:49:15 +01:00
2006-02-03 22:19:41 +00:00
/* add our primary domain */
2009-12-21 15:11:55 +01:00
2009-12-28 15:51:36 +01:00
for ( i = 0 ; i < trusts . count ; i + + ) {
if ( strequal ( trusts . array [ i ] . netbios_name , domain - > name ) ) {
2006-02-03 22:19:41 +00:00
have_own_domain = True ;
break ;
}
}
2009-05-07 22:46:27 +02:00
if ( state - > request - > data . list_all_domains & & ! have_own_domain ) {
2009-12-28 15:51:36 +01:00
extra_data = talloc_asprintf_append_buffer (
extra_data , " %s \\ %s \\ %s \n " , domain - > name ,
2013-02-25 09:31:12 +01:00
domain - > alt_name ! = NULL ?
domain - > alt_name :
domain - > name ,
2007-12-15 21:49:15 +01:00
sid_string_talloc ( state - > mem_ctx , & domain - > sid ) ) ;
2006-02-03 22:19:41 +00:00
}
2005-06-08 22:10:34 +00:00
2009-12-28 15:51:36 +01:00
extra_data_len = strlen ( extra_data ) ;
if ( extra_data_len > 0 ) {
2005-06-08 22:10:34 +00:00
2009-12-28 15:51:36 +01:00
/* Strip the last \n */
extra_data [ extra_data_len - 1 ] = ' \0 ' ;
2005-06-08 22:10:34 +00:00
2009-06-14 12:41:46 +02:00
state - > response - > extra_data . data = extra_data ;
2016-03-10 12:17:43 +01:00
state - > response - > length + = extra_data_len ;
2003-01-15 17:39:47 +00:00
}
2002-01-11 05:33:45 +00:00
2005-06-08 22:10:34 +00:00
return WINBINDD_OK ;
2001-05-07 05:03:40 +00:00
}
2002-01-10 10:23:54 +00:00
2018-05-02 18:27:23 +02:00
bool winbindd_dc_info ( struct winbindd_cli_state * cli )
2011-01-10 17:25:00 +01:00
{
struct winbindd_domain * domain ;
char * dc_name , * dc_ip ;
2011-03-16 17:55:37 +01:00
cli - > request - > domain_name [ sizeof ( cli - > request - > domain_name ) - 1 ] = ' \0 ' ;
2011-01-10 17:25:00 +01:00
DEBUG ( 3 , ( " [%5lu]: domain_info [%s] \n " , ( unsigned long ) cli - > pid ,
cli - > request - > domain_name ) ) ;
if ( cli - > request - > domain_name [ 0 ] ! = ' \0 ' ) {
2017-11-30 13:04:56 +01:00
domain = find_trust_from_name_noinit (
2011-01-10 17:25:00 +01:00
cli - > request - > domain_name ) ;
if ( domain = = NULL ) {
2017-06-23 16:25:27 +02:00
DEBUG ( 10 , ( " Could not find domain %s \n " ,
cli - > request - > domain_name ) ) ;
2018-05-02 18:27:23 +02:00
return false ;
2011-01-10 17:25:00 +01:00
}
} else {
domain = find_our_domain ( ) ;
}
if ( ! fetch_current_dc_from_gencache (
talloc_tos ( ) , domain - > name , & dc_name , & dc_ip ) ) {
DEBUG ( 10 , ( " fetch_current_dc_from_gencache(%s) failed \n " ,
domain - > name ) ) ;
2018-05-02 18:27:23 +02:00
return false ;
2011-01-10 17:25:00 +01:00
}
cli - > response - > data . num_entries = 1 ;
cli - > response - > extra_data . data = talloc_asprintf (
cli - > mem_ctx , " %s \n %s \n " , dc_name , dc_ip ) ;
TALLOC_FREE ( dc_name ) ;
TALLOC_FREE ( dc_ip ) ;
if ( cli - > response - > extra_data . data = = NULL ) {
2018-05-02 18:27:23 +02:00
return false ;
2011-01-10 17:25:00 +01:00
}
/* must add one to length to copy the 0 for string termination */
cli - > response - > length + =
strlen ( ( char * ) cli - > response - > extra_data . data ) + 1 ;
2018-05-02 18:27:23 +02:00
return true ;
2011-01-10 17:25:00 +01:00
}
2018-05-02 16:38:14 +02:00
bool winbindd_ping ( struct winbindd_cli_state * state )
2018-04-18 17:29:51 +02:00
{
DEBUG ( 3 , ( " [%5lu]: ping \n " , ( unsigned long ) state - > pid ) ) ;
2018-05-02 16:38:14 +02:00
return true ;
2018-04-18 17:29:51 +02:00
}
2002-01-10 11:28:14 +00:00
/* List various tidbits of information */
2018-05-02 16:36:49 +02:00
bool winbindd_info ( struct winbindd_cli_state * state )
2002-01-10 11:28:14 +00:00
{
2003-07-22 04:31:20 +00:00
DEBUG ( 3 , ( " [%5lu]: request misc info \n " , ( unsigned long ) state - > pid ) ) ;
2002-01-10 11:28:14 +00:00
2009-06-14 12:41:46 +02:00
state - > response - > data . info . winbind_separator = * lp_winbind_separator ( ) ;
fstrcpy ( state - > response - > data . info . samba_version , samba_version_string ( ) ) ;
2018-05-02 16:36:49 +02:00
return true ;
2002-01-10 11:28:14 +00:00
}
2002-01-26 09:52:55 +00:00
/* Tell the client the current interface version */
2002-01-10 11:28:14 +00:00
2018-05-02 15:26:55 +02:00
bool winbindd_interface_version ( struct winbindd_cli_state * state )
2002-01-10 11:28:14 +00:00
{
2014-01-22 12:49:44 +00:00
DEBUG ( 3 , ( " [%5lu]: request interface version (version = %d) \n " ,
( unsigned long ) state - > pid , WINBIND_INTERFACE_VERSION ) ) ;
2009-12-21 15:11:55 +01:00
2009-06-14 12:41:46 +02:00
state - > response - > data . interface_version = WINBIND_INTERFACE_VERSION ;
2018-05-02 15:26:55 +02:00
return true ;
2002-01-10 11:28:14 +00:00
}
2002-01-26 09:52:55 +00:00
/* What domain are we a member of? */
2018-05-02 16:39:20 +02:00
bool winbindd_domain_name ( struct winbindd_cli_state * state )
2002-01-26 09:52:55 +00:00
{
2003-07-22 04:31:20 +00:00
DEBUG ( 3 , ( " [%5lu]: request domain name \n " , ( unsigned long ) state - > pid ) ) ;
2009-12-21 15:11:55 +01:00
2009-06-14 12:41:46 +02:00
fstrcpy ( state - > response - > data . domain_name , lp_workgroup ( ) ) ;
2018-05-02 16:39:20 +02:00
return true ;
2002-01-26 09:52:55 +00:00
}
2003-01-28 12:07:02 +00:00
/* What's my name again? */
2018-05-02 18:25:00 +02:00
bool winbindd_netbios_name ( struct winbindd_cli_state * state )
2003-01-28 12:07:02 +00:00
{
2005-06-20 13:42:29 +00:00
DEBUG ( 3 , ( " [%5lu]: request netbios name \n " ,
( unsigned long ) state - > pid ) ) ;
2009-12-21 15:11:55 +01:00
2011-06-09 15:31:03 +10:00
fstrcpy ( state - > response - > data . netbios_name , lp_netbios_name ( ) ) ;
2018-05-02 18:25:00 +02:00
return true ;
2003-01-28 12:07:02 +00:00
}
2003-03-24 09:54:13 +00:00
2009-10-19 09:47:33 +02:00
/* Where can I find the privileged pipe? */
2003-03-24 09:54:13 +00:00
2018-05-02 20:27:43 +02:00
bool winbindd_priv_pipe_dir ( struct winbindd_cli_state * state )
2003-03-24 09:54:13 +00:00
{
2009-05-12 17:47:22 +02:00
char * priv_dir ;
2005-06-20 13:42:29 +00:00
DEBUG ( 3 , ( " [%5lu]: request location of privileged pipe \n " ,
( unsigned long ) state - > pid ) ) ;
2009-12-21 15:11:55 +01:00
2009-05-12 17:47:22 +02:00
priv_dir = get_winbind_priv_pipe_dir ( ) ;
2009-06-14 12:41:46 +02:00
state - > response - > extra_data . data = talloc_move ( state - > mem_ctx ,
2009-05-12 17:47:22 +02:00
& priv_dir ) ;
2003-03-24 09:54:13 +00:00
/* must add one to length to copy the 0 for string termination */
2009-06-14 12:41:46 +02:00
state - > response - > length + =
strlen ( ( char * ) state - > response - > extra_data . data ) + 1 ;
2003-03-24 09:54:13 +00:00
2018-05-02 20:27:43 +02:00
return true ;
2003-03-24 09:54:13 +00:00
}
2007-08-29 12:43:23 +00:00