sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
samba-mirror/source/nsswitch/winbindd_misc.c

153 lines
4.3 KiB
C
Raw Blame History

/*
Unix SMB/Netbios implementation.
Version 2.0
Winbind daemon - miscellaneous other functions
Copyright (C) Tim Potter 2000
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "winbindd.h"
extern pstring global_myname;
/************************************************************************
Routine to get the trust account password for a domain
************************************************************************/
static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;
size_t size;
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
size != sizeof(*pass))
return False;
if (pass_last_set_time)
*pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
SAFE_FREE(pass);
return True;
}
/* Check the machine account password is valid */
enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uchar trust_passwd[16];
int num_retries = 0;
struct cli_state *cli;
DEBUG(3, ("[%5d]: check machine account\n", state->pid));
/* Get trust account password */
again:
if (!_get_trust_account_password(lp_workgroup(), trust_passwd,
NULL)) {
result = NT_STATUS_INTERNAL_ERROR;
goto done;
}
/* This call does a cli_nt_setup_creds() which implicitly checks
the trust account password. */
result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
goto done;
}
cli_shutdown(cli);
/* There is a race condition between fetching the trust account
password and joining the domain so it's possible that the trust
account password has been changed on us. We are returned
NT_STATUS_ACCESS_DENIED if this happens. */
#define MAX_RETRIES 8
if ((num_retries < MAX_RETRIES) &&
NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
num_retries++;
goto again;
}
/* Pass back result code - zero for success, other values for
specific failures. */
DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ?
"good" : "bad"));
done:
state->response.data.num_entries = NT_STATUS_V(result);
return WINBINDD_OK;
}
enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
*state)
{
struct winbindd_domain *domain;
int total_entries = 0, extra_data_len = 0;
char *ted, *extra_data = NULL;
DEBUG(3, ("[%5d]: list trusted domains\n", state->pid));
if (domain_list == NULL)
get_domain_info();
for(domain = domain_list; domain; domain = domain->next) {
/* Skip own domain */
if (strequal(domain->name, lp_workgroup())) continue;
/* Add domain to list */
total_entries++;
ted = Realloc(extra_data, sizeof(fstring) *
total_entries);
if (!ted) {
DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
SAFE_FREE(extra_data);
return WINBINDD_ERROR;
} else
extra_data = ted;
memcpy(&extra_data[extra_data_len], domain->name,
strlen(domain->name));
extra_data_len += strlen(domain->name);
extra_data[extra_data_len++] = ',';
}
if (extra_data) {
if (extra_data_len > 1)
extra_data[extra_data_len - 1] = '\0';
state->response.extra_data = extra_data;
state->response.length += extra_data_len;
}
return WINBINDD_OK;
}
View Git Blame Copy Permalink