summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_misc.c
diff options
context:
space:
mode:
authorSteven Danneman <steven.danneman@isilon.com>2008-03-25 16:58:40 -0700
committerGerald W. Carter <jerry@samba.org>2008-03-31 13:40:58 -0500
commit2b70174e1bcef3b34acb406c9f8d79b0ec0cacfa (patch)
tree9964645d38bf0190f8f6ec286faac5cae9e92e11 /source3/winbindd/winbindd_misc.c
parent223071f01de8d85b594bab7c1f8514386da11281 (diff)
downloadsamba-2b70174e1bcef3b34acb406c9f8d79b0ec0cacfa.tar.gz
samba-2b70174e1bcef3b34acb406c9f8d79b0ec0cacfa.tar.bz2
samba-2b70174e1bcef3b34acb406c9f8d79b0ec0cacfa.zip
Augmented "wbinfo -m" to list additional information about the type, direction, and transitivty of trusts.
* added several helper functions to convert the trust_flags field in the winbindd_tdc_domain to more useful administrator ideas of trust type, trust direction, and trust transitivity. * converted winbindd_list_trusted_domains() to enumerate the trusted domain cache, instead of the domain list, and return additional trust information to the calling process * modified wbinfo to pretty print this additional trust information when a new --verbose switch is given with -m. Thus "wbinfo -m" and "wbinfo -all-domains" output as before, but "wbinfo --verbose -m" prints extra trust info. * updated some comments and fixed typos (This used to be commit e7827bb6afa264c12ecdc0858f49707ca3d6104f)
Diffstat (limited to 'source3/winbindd/winbindd_misc.c')
-rw-r--r--source3/winbindd/winbindd_misc.c104
1 files changed, 91 insertions, 13 deletions
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index c22da3e8ef..93986d174e 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -97,27 +97,104 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *do
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
+/* Constants and helper functions for determining domain trust types */
+
+enum trust_type {
+ EXTERNAL = 0,
+ FOREST,
+ IN_FOREST,
+ NONE,
+};
+
+const char *trust_type_strings[] = {"External",
+ "Forest",
+ "In Forest",
+ "None"};
+
+static enum trust_type get_trust_type(struct winbindd_tdc_domain *domain)
+{
+ if (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
+ return EXTERNAL;
+ else if (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE)
+ return FOREST;
+ else if (((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) == NETR_TRUST_FLAG_IN_FOREST) &&
+ ((domain->trust_flags & NETR_TRUST_FLAG_PRIMARY) == 0x0))
+ return IN_FOREST;
+ return NONE;
+}
+
+static const char *get_trust_type_string(struct winbindd_tdc_domain *domain)
+{
+ return trust_type_strings[get_trust_type(domain)];
+}
+
+static bool trust_is_inbound(struct winbindd_tdc_domain *domain)
+{
+ return (domain->trust_flags == 0x0) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) ==
+ NETR_TRUST_FLAG_IN_FOREST) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_INBOUND) ==
+ NETR_TRUST_FLAG_INBOUND);
+}
+
+static bool trust_is_outbound(struct winbindd_tdc_domain *domain)
+{
+ return (domain->trust_flags == 0x0) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_IN_FOREST) ==
+ NETR_TRUST_FLAG_IN_FOREST) ||
+ ((domain->trust_flags & NETR_TRUST_FLAG_OUTBOUND) ==
+ NETR_TRUST_FLAG_OUTBOUND);
+}
+
+static bool trust_is_transitive(struct winbindd_tdc_domain *domain)
+{
+ if ((domain->trust_attribs == NETR_TRUST_ATTRIBUTE_NON_TRANSITIVE) ||
+ (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) ||
+ (domain->trust_attribs == NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL))
+ return False;
+ return True;
+}
+
void winbindd_list_trusted_domains(struct winbindd_cli_state *state)
{
- struct winbindd_domain *d = NULL;
+ struct winbindd_tdc_domain *dom_list = NULL;
+ struct winbindd_tdc_domain *d = NULL;
+ size_t num_domains = 0;
int extra_data_len = 0;
char *extra_data = NULL;
+ int i = 0;
DEBUG(3, ("[%5lu]: list trusted domains\n",
(unsigned long)state->pid));
- for ( d=domain_list(); d; d=d->next ) {
+ if( !wcache_tdc_fetch_list( &dom_list, &num_domains )) {
+ request_error(state);
+ goto done;
+ }
+
+ for ( i = 0; i < num_domains; i++ ) {
+ d = &dom_list[i];
if ( !extra_data ) {
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\\%s\\%s",
- d->name, d->alt_name ? d->alt_name : d->name,
- sid_string_talloc(state->mem_ctx, &d->sid));
+ extra_data = talloc_asprintf(state->mem_ctx,
+ "%s\\%s\\%s\\%s\\%s\\%s\\%s",
+ d->domain_name,
+ d->dns_name ? d->dns_name : d->domain_name,
+ sid_string_talloc(state->mem_ctx, &d->sid),
+ get_trust_type_string(d),
+ trust_is_transitive(d) ? "Yes" : "No",
+ trust_is_inbound(d) ? "Yes" : "No",
+ trust_is_outbound(d) ? "Yes" : "No");
} else {
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\n%s\\%s\\%s",
- extra_data, d->name,
- d->alt_name ? d->alt_name : d->name,
- sid_string_talloc(state->mem_ctx, &d->sid));
+ extra_data = talloc_asprintf(state->mem_ctx,
+ "%s\n%s\\%s\\%s\\%s\\%s\\%s\\%s",
+ extra_data,
+ d->domain_name,
+ d->dns_name ? d->dns_name : d->domain_name,
+ sid_string_talloc(state->mem_ctx, &d->sid),
+ get_trust_type_string(d),
+ trust_is_transitive(d) ? "Yes" : "No",
+ trust_is_inbound(d) ? "Yes" : "No",
+ trust_is_outbound(d) ? "Yes" : "No");
}
}
@@ -131,9 +208,10 @@ void winbindd_list_trusted_domains(struct winbindd_cli_state *state)
state->response.length += extra_data_len+1;
}
- TALLOC_FREE( extra_data );
-
request_ok(state);
+done:
+ TALLOC_FREE( dom_list );
+ TALLOC_FREE( extra_data );
}
enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
generated by cgit (git 2.34.1) at 2024-06-02 14:51:42 +0000