diff options
| -rw-r--r-- | source3/Makefile.in | 1 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/cli_wbint.c | 146 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/cli_wbint.h | 8 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/ndr_wbint.c | 51 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/ndr_wbint.h | 5 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/srv_wbint.c | 82 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/srv_wbint.h | 2 | ||||
| -rw-r--r-- | source3/librpc/gen_ndr/wbint.h | 8 | ||||
| -rw-r--r-- | source3/librpc/idl/wbint.idl | 3 | ||||
| -rw-r--r-- | source3/winbindd/winbindd.c | 3 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_check_machine_acct.c | 88 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_domain.c | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_dual_srv.c | 52 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_misc.c | 68 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 6 |
15 files changed, 451 insertions, 76 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 5e3e7ebcc0..b944ef9e85 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1213,6 +1213,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_getdcname.o \ winbindd/winbindd_list_users.o \ winbindd/winbindd_list_groups.o \ + winbindd/winbindd_check_machine_acct.o \ auth/token_util.o \ ../nsswitch/libwbclient/wb_reqtrans.o \ smbd/connection.o diff --git a/source3/librpc/gen_ndr/cli_wbint.c b/source3/librpc/gen_ndr/cli_wbint.c index 6037b72db1..1b1152904d 100644 --- a/source3/librpc/gen_ndr/cli_wbint.c +++ b/source3/librpc/gen_ndr/cli_wbint.c @@ -2929,3 +2929,149 @@ NTSTATUS rpccli_wbint_LookupRids(struct rpc_pipe_client *cli, return r.out.result; } +struct rpccli_wbint_CheckMachineAccount_state { + struct wbint_CheckMachineAccount orig; + struct wbint_CheckMachineAccount tmp; + TALLOC_CTX *out_mem_ctx; + NTSTATUS (*dispatch_recv)(struct tevent_req *req, TALLOC_CTX *mem_ctx); +}; + +static void rpccli_wbint_CheckMachineAccount_done(struct tevent_req *subreq); + +struct tevent_req *rpccli_wbint_CheckMachineAccount_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct rpc_pipe_client *cli) +{ + struct tevent_req *req; + struct rpccli_wbint_CheckMachineAccount_state *state; + struct tevent_req *subreq; + + req = tevent_req_create(mem_ctx, &state, + struct rpccli_wbint_CheckMachineAccount_state); + if (req == NULL) { + return NULL; + } + state->out_mem_ctx = NULL; + state->dispatch_recv = cli->dispatch_recv; + + /* In parameters */ + + /* Out parameters */ + + /* Result */ + ZERO_STRUCT(state->orig.out.result); + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_CheckMachineAccount, &state->orig); + } + + /* make a temporary copy, that we pass to the dispatch function */ + state->tmp = state->orig; + + subreq = cli->dispatch_send(state, ev, cli, + &ndr_table_wbint, + NDR_WBINT_CHECKMACHINEACCOUNT, + &state->tmp); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, rpccli_wbint_CheckMachineAccount_done, req); + return req; +} + +static void rpccli_wbint_CheckMachineAccount_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct rpccli_wbint_CheckMachineAccount_state *state = tevent_req_data( + req, struct rpccli_wbint_CheckMachineAccount_state); + NTSTATUS status; + TALLOC_CTX *mem_ctx; + + if (state->out_mem_ctx) { + mem_ctx = state->out_mem_ctx; + } else { + mem_ctx = state; + } + + status = state->dispatch_recv(subreq, mem_ctx); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + + /* Copy out parameters */ + + /* Copy result */ + state->orig.out.result = state->tmp.out.result; + + /* Reset temporary structure */ + ZERO_STRUCT(state->tmp); + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_CheckMachineAccount, &state->orig); + } + + tevent_req_done(req); +} + +NTSTATUS rpccli_wbint_CheckMachineAccount_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + NTSTATUS *result) +{ + struct rpccli_wbint_CheckMachineAccount_state *state = tevent_req_data( + req, struct rpccli_wbint_CheckMachineAccount_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + /* Steal possbile out parameters to the callers context */ + talloc_steal(mem_ctx, state->out_mem_ctx); + + /* Return result */ + *result = state->orig.out.result; + + tevent_req_received(req); + return NT_STATUS_OK; +} + +NTSTATUS rpccli_wbint_CheckMachineAccount(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx) +{ + struct wbint_CheckMachineAccount r; + NTSTATUS status; + + /* In parameters */ + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_CheckMachineAccount, &r); + } + + status = cli->dispatch(cli, + mem_ctx, + &ndr_table_wbint, + NDR_WBINT_CHECKMACHINEACCOUNT, + &r); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_CheckMachineAccount, &r); + } + + if (NT_STATUS_IS_ERR(status)) { + return status; + } + + /* Return variables */ + + /* Return result */ + return r.out.result; +} + diff --git a/source3/librpc/gen_ndr/cli_wbint.h b/source3/librpc/gen_ndr/cli_wbint.h index c535dbbd38..3b61687a88 100644 --- a/source3/librpc/gen_ndr/cli_wbint.h +++ b/source3/librpc/gen_ndr/cli_wbint.h @@ -232,4 +232,12 @@ NTSTATUS rpccli_wbint_LookupRids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct wbint_RidArray *rids /* [in] [ref] */, struct wbint_Principals *names /* [out] [ref] */); +struct tevent_req *rpccli_wbint_CheckMachineAccount_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct rpc_pipe_client *cli); +NTSTATUS rpccli_wbint_CheckMachineAccount_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + NTSTATUS *result); +NTSTATUS rpccli_wbint_CheckMachineAccount(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx); #endif /* __CLI_WBINT__ */ diff --git a/source3/librpc/gen_ndr/ndr_wbint.c b/source3/librpc/gen_ndr/ndr_wbint.c index 5f294d0b44..2d5e5c46ca 100644 --- a/source3/librpc/gen_ndr/ndr_wbint.c +++ b/source3/librpc/gen_ndr/ndr_wbint.c @@ -2111,6 +2111,47 @@ _PUBLIC_ void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name ndr->depth--; } +static enum ndr_err_code ndr_push_wbint_CheckMachineAccount(struct ndr_push *ndr, int flags, const struct wbint_CheckMachineAccount *r) +{ + if (flags & NDR_IN) { + } + if (flags & NDR_OUT) { + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_wbint_CheckMachineAccount(struct ndr_pull *ndr, int flags, struct wbint_CheckMachineAccount *r) +{ + if (flags & NDR_IN) { + } + if (flags & NDR_OUT) { + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_CheckMachineAccount *r) +{ + ndr_print_struct(ndr, name, "wbint_CheckMachineAccount"); + ndr->depth++; + if (flags & NDR_SET_VALUES) { + ndr->flags |= LIBNDR_PRINT_SET_VALUES; + } + if (flags & NDR_IN) { + ndr_print_struct(ndr, "in", "wbint_CheckMachineAccount"); + ndr->depth++; + ndr->depth--; + } + if (flags & NDR_OUT) { + ndr_print_struct(ndr, "out", "wbint_CheckMachineAccount"); + ndr->depth++; + ndr_print_NTSTATUS(ndr, "result", r->out.result); + ndr->depth--; + } + ndr->depth--; +} + static const struct ndr_interface_call wbint_calls[] = { { "wbint_Ping", @@ -2256,6 +2297,14 @@ static const struct ndr_interface_call wbint_calls[] = { (ndr_print_function_t) ndr_print_wbint_LookupRids, false, }, + { + "wbint_CheckMachineAccount", + sizeof(struct wbint_CheckMachineAccount), + (ndr_push_flags_fn_t) ndr_push_wbint_CheckMachineAccount, + (ndr_pull_flags_fn_t) ndr_pull_wbint_CheckMachineAccount, + (ndr_print_function_t) ndr_print_wbint_CheckMachineAccount, + false, + }, { NULL, 0, NULL, NULL, NULL, false } }; @@ -2285,7 +2334,7 @@ const struct ndr_interface_table ndr_table_wbint = { NDR_WBINT_VERSION }, .helpstring = NDR_WBINT_HELPSTRING, - .num_calls = 18, + .num_calls = 19, .calls = wbint_calls, .endpoints = &wbint_endpoints, .authservices = &wbint_authservices diff --git a/source3/librpc/gen_ndr/ndr_wbint.h b/source3/librpc/gen_ndr/ndr_wbint.h index 35286d4b2c..d7cfbf0020 100644 --- a/source3/librpc/gen_ndr/ndr_wbint.h +++ b/source3/librpc/gen_ndr/ndr_wbint.h @@ -47,7 +47,9 @@ extern const struct ndr_interface_table ndr_table_wbint; #define NDR_WBINT_LOOKUPRIDS (0x11) -#define NDR_WBINT_CALL_COUNT (18) +#define NDR_WBINT_CHECKMACHINEACCOUNT (0x12) + +#define NDR_WBINT_CALL_COUNT (19) enum ndr_err_code ndr_push_wbint_userinfo(struct ndr_push *ndr, int ndr_flags, const struct wbint_userinfo *r); enum ndr_err_code ndr_pull_wbint_userinfo(struct ndr_pull *ndr, int ndr_flags, struct wbint_userinfo *r); void ndr_print_wbint_userinfo(struct ndr_print *ndr, const char *name, const struct wbint_userinfo *r); @@ -84,4 +86,5 @@ void ndr_print_wbint_QueryUserList(struct ndr_print *ndr, const char *name, int void ndr_print_wbint_QueryGroupList(struct ndr_print *ndr, const char *name, int flags, const struct wbint_QueryGroupList *r); void ndr_print_wbint_DsGetDcName(struct ndr_print *ndr, const char *name, int flags, const struct wbint_DsGetDcName *r); void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct wbint_LookupRids *r); +void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_CheckMachineAccount *r); #endif /* _HEADER_NDR_wbint */ diff --git a/source3/librpc/gen_ndr/srv_wbint.c b/source3/librpc/gen_ndr/srv_wbint.c index cc62b4067b..a55a9a7145 100644 --- a/source3/librpc/gen_ndr/srv_wbint.c +++ b/source3/librpc/gen_ndr/srv_wbint.c @@ -1464,9 +1464,82 @@ static bool api_wbint_LookupRids(pipes_struct *p) return true; } +static bool api_wbint_CheckMachineAccount(pipes_struct *p) +{ + const struct ndr_interface_call *call; + struct ndr_pull *pull; + struct ndr_push *push; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + struct wbint_CheckMachineAccount *r; + + call = &ndr_table_wbint.calls[NDR_WBINT_CHECKMACHINEACCOUNT]; + + r = talloc(talloc_tos(), struct wbint_CheckMachineAccount); + if (r == NULL) { + return false; + } + + if (!prs_data_blob(&p->in_data.data, &blob, r)) { + talloc_free(r); + return false; + } + + pull = ndr_pull_init_blob(&blob, r, NULL); + if (pull == NULL) { + talloc_free(r); + return false; + } + + pull->flags |= LIBNDR_FLAG_REF_ALLOC; + ndr_err = call->ndr_pull(pull, NDR_IN, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(r); + return false; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_CheckMachineAccount, r); + } + + r->out.result = _wbint_CheckMachineAccount(p, r); + + if (p->rng_fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_CheckMachineAccount, r); + } + + push = ndr_push_init_ctx(r, NULL); + if (push == NULL) { + talloc_free(r); + return false; + } + + ndr_err = call->ndr_push(push, NDR_OUT, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(r); + return false; + } + + blob = ndr_push_blob(push); + if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) { + talloc_free(r); + return false; + } + + talloc_free(r); + + return true; +} + /* Tables */ -static struct api_struct api_wbint_cmds[] = +static struct api_struct api_wbint_cmds[] = { {"WBINT_PING", NDR_WBINT_PING, api_wbint_Ping}, {"WBINT_LOOKUPSID", NDR_WBINT_LOOKUPSID, api_wbint_LookupSid}, @@ -1486,6 +1559,7 @@ static struct api_struct api_wbint_cmds[] = {"WBINT_QUERYGROUPLIST", NDR_WBINT_QUERYGROUPLIST, api_wbint_QueryGroupList}, {"WBINT_DSGETDCNAME", NDR_WBINT_DSGETDCNAME, api_wbint_DsGetDcName}, {"WBINT_LOOKUPRIDS", NDR_WBINT_LOOKUPRIDS, api_wbint_LookupRids}, + {"WBINT_CHECKMACHINEACCOUNT", NDR_WBINT_CHECKMACHINEACCOUNT, api_wbint_CheckMachineAccount}, }; void wbint_get_pipe_fns(struct api_struct **fns, int *n_fns) @@ -1733,6 +1807,12 @@ NTSTATUS rpc_wbint_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, co return NT_STATUS_OK; } + case NDR_WBINT_CHECKMACHINEACCOUNT: { + struct wbint_CheckMachineAccount *r = (struct wbint_CheckMachineAccount *)_r; + r->out.result = _wbint_CheckMachineAccount(cli->pipes_struct, r); + return NT_STATUS_OK; + } + default: return NT_STATUS_NOT_IMPLEMENTED; } diff --git a/source3/librpc/gen_ndr/srv_wbint.h b/source3/librpc/gen_ndr/srv_wbint.h index c0c3a03326..bd56f698aa 100644 --- a/source3/librpc/gen_ndr/srv_wbint.h +++ b/source3/librpc/gen_ndr/srv_wbint.h @@ -19,6 +19,7 @@ NTSTATUS _wbint_QueryUserList(pipes_struct *p, struct wbint_QueryUserList *r); NTSTATUS _wbint_QueryGroupList(pipes_struct *p, struct wbint_QueryGroupList *r); NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r); NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r); +NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r); void wbint_get_pipe_fns(struct api_struct **fns, int *n_fns); NTSTATUS rpc_wbint_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const struct ndr_interface_table *table, uint32_t opnum, void *r); void _wbint_Ping(pipes_struct *p, struct wbint_Ping *r); @@ -39,5 +40,6 @@ NTSTATUS _wbint_QueryUserList(pipes_struct *p, struct wbint_QueryUserList *r); NTSTATUS _wbint_QueryGroupList(pipes_struct *p, struct wbint_QueryGroupList *r); NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r); NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r); +NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r); NTSTATUS rpc_wbint_init(void); #endif /* __SRV_WBINT__ */ diff --git a/source3/librpc/gen_ndr/wbint.h b/source3/librpc/gen_ndr/wbint.h index fa2301143f..87ce4794d8 100644 --- a/source3/librpc/gen_ndr/wbint.h +++ b/source3/librpc/gen_ndr/wbint.h @@ -270,4 +270,12 @@ struct wbint_LookupRids { }; + +struct wbint_CheckMachineAccount { + struct { + NTSTATUS result; + } out; + +}; + #endif /* _HEADER_wbint */ diff --git a/source3/librpc/idl/wbint.idl b/source3/librpc/idl/wbint.idl index 826ba37a87..05bd7b1fb3 100644 --- a/source3/librpc/idl/wbint.idl +++ b/source3/librpc/idl/wbint.idl @@ -143,4 +143,7 @@ interface wbint [in] wbint_RidArray *rids, [out] wbint_Principals *names ); + + NTSTATUS wbint_CheckMachineAccount( + ); }
\ No newline at end of file diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index e5468e38a9..7c1281247e 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -446,7 +446,6 @@ static struct winbindd_dispatch_table { /* Miscellaneous */ - { WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" }, { WINBINDD_INFO, winbindd_info, "INFO" }, { WINBINDD_INTERFACE_VERSION, winbindd_interface_version, "INTERFACE_VERSION" }, @@ -537,6 +536,8 @@ static struct winbindd_async_dispatch_table async_nonpriv_table[] = { winbindd_list_users_send, winbindd_list_users_recv }, { WINBINDD_LIST_GROUPS, "LIST_GROUPS", winbindd_list_groups_send, winbindd_list_groups_recv }, + { WINBINDD_CHECK_MACHACC, "CHECK_MACHACC", + winbindd_check_machine_acct_send, winbindd_check_machine_acct_recv }, { 0, NULL, NULL, NULL } }; diff --git a/source3/winbindd/winbindd_check_machine_acct.c b/source3/winbindd/winbindd_check_machine_acct.c new file mode 100644 index 0000000000..e3505cb352 --- /dev/null +++ b/source3/winbindd/winbindd_check_machine_acct.c @@ -0,0 +1,88 @@ +/* + Unix SMB/CIFS implementation. + async implementation of WINBINDD_CHECK_MACHINE_ACCT + Copyright (C) Volker Lendecke 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" +#include "librpc/gen_ndr/cli_wbint.h" + +struct winbindd_check_machine_acct_state { + uint8_t dummy; +}; + +static void winbindd_check_machine_acct_done(struct tevent_req *subreq); + +struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request) +{ + struct tevent_req *req, *subreq; + struct winbindd_check_machine_acct_state *state; + struct winbindd_domain *domain; + + req = tevent_req_create(mem_ctx, &state, + struct winbindd_check_machine_acct_state); + if (req == NULL) { + return NULL; + } + + domain = find_our_domain(); + if (domain->internal) { + /* + * Internal domains are passdb based, we can always + * contact them. + */ + tevent_req_done(req); + return tevent_req_post(req, ev); + } + + subreq = rpccli_wbint_CheckMachineAccount_send(state, ev, + domain->child.rpccli); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, winbindd_check_machine_acct_done, req); + return req; +} + +static void winbindd_check_machine_acct_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct winbindd_check_machine_acct_state *state = tevent_req_data( + req, struct winbindd_check_machine_acct_state); + NTSTATUS status, result; + + status = rpccli_wbint_CheckMachineAccount_recv(subreq, state, &result); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + if (!NT_STATUS_IS_OK(result)) { + tevent_req_nterror(req, result); + return; + } + tevent_req_done(req); +} + +NTSTATUS winbindd_check_machine_acct_recv(struct tevent_req *req, + struct winbindd_response *presp) +{ + return tevent_req_simple_recv_ntstatus(req); +} diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c index 96cbf6f746..ad3d6d7916 100644 --- a/source3/winbindd/winbindd_domain.c +++ b/source3/winbindd/winbindd_domain.c @@ -75,10 +75,6 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = { .struct_cmd = WINBINDD_PAM_CHAUTHTOK, .struct_fn = winbindd_dual_pam_chauthtok, },{ - .name = "CHECK_MACHACC", - .struct_cmd = WINBINDD_CHECK_MACHACC, - .struct_fn = winbindd_dual_check_machine_acct, - },{ .name = "DUAL_USERINFO", .struct_cmd = WINBINDD_DUAL_USERINFO, .struct_fn = winbindd_dual_userinfo, diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 3b6107a398..b36bfbf93b 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -395,3 +395,55 @@ NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r) r->out.names->principals = result; return NT_STATUS_OK; } + +NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, + struct wbint_CheckMachineAccount *r) +{ + struct winbindd_domain *domain; + int num_retries = 0; + NTSTATUS status; + +again: + domain = wb_child_domain(); + if (domain == NULL) { + return NT_STATUS_REQUEST_NOT_ACCEPTED; + } + + invalidate_cm_connection(&domain->conn); + + { + struct rpc_pipe_client *netlogon_pipe; + status = cm_connect_netlogon(domain, &netlogon_pipe); + } + + /* There is a race condition between fetching the trust account + password and the periodic machine password change. So it's + possible that the trust account password has been changed on us. + We are returned NT_STATUS_ACCESS_DENIED if this happens. */ + +#define MAX_RETRIES 3 + + if ((num_retries < MAX_RETRIES) + && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + num_retries++; + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + goto done; + } + + /* Pass back result code - zero for success, other values for + specific failures. */ + + DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? + "good" : "bad")); + + done: + DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2, + ("Checking the trust account password returned %s\n", + nt_errstr(status))); + + return status; +} diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c index 606a4e105b..9e62a1b102 100644 --- a/source3/winbindd/winbindd_misc.c +++ b/source3/winbindd/winbindd_misc.c @@ -26,74 +26,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/* Check the machine account password is valid */ - -void winbindd_check_machine_acct(struct winbindd_cli_state *state) -{ - DEBUG(3, ("[%5lu]: check machine account\n", - (unsigned long)state->pid)); - - sendto_domain(state, find_our_domain()); -} - -enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *domain, - struct winbindd_cli_state *state) -{ - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - int num_retries = 0; - struct winbindd_domain *contact_domain; - - DEBUG(3, ("[%5lu]: check machine account\n", (unsigned long)state->pid)); - - /* Get trust account password */ - - again: - - contact_domain = find_our_domain(); - - /* This call does a cli_nt_setup_creds() which implicitly checks - the trust account password. */ - - invalidate_cm_connection(&contact_domain->conn); - - { - struct rpc_pipe_client *netlogon_pipe; - result = cm_connect_netlogon(contact_domain, &netlogon_pipe); - } - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("could not open handle to NETLOGON pipe\n")); - goto done; - } - - /* There is a race condition between fetching the trust account - password and the periodic machine password change. So it's - possible that the trust account password has been changed on us. - We are returned NT_STATUS_ACCESS_DENIED if this happens. */ - -#define MAX_RETRIES 8 - - if ((num_retries < MAX_RETRIES) && - NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { - num_retries++; - goto again; - } - - /* Pass back result code - zero for success, other values for - specific failures. */ - - DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ? - "good" : "bad")); - - done: - set_auth_errors(state->response, result); - - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Checking the trust account password returned %s\n", - state->response->data.auth.nt_status_string)); - - return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; -} - /* Constants and helper functions for determining domain trust types */ enum trust_type { diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 086fa52563..9675430ec2 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -962,5 +962,11 @@ struct tevent_req *winbindd_list_groups_send(TALLOC_CTX *mem_ctx, NTSTATUS winbindd_list_groups_recv(struct tevent_req *req, struct winbindd_response *response); +struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request); +NTSTATUS winbindd_check_machine_acct_recv(struct tevent_req *req, + struct winbindd_response *presp); #endif /* _WINBINDD_PROTO_H_ */ |