diff options
-rw-r--r-- | nsswitch/libwbclient/wbc_pam.c | 45 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbclient.h | 14 | ||||
-rw-r--r-- | nsswitch/wbinfo.c | 34 | ||||
-rw-r--r-- | nsswitch/winbind_struct_protocol.h | 4 | ||||
-rw-r--r-- | source3/Makefile.in | 1 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/cli_wbint.c | 130 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/cli_wbint.h | 8 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_wbint.c | 51 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_wbint.h | 11 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/srv_wbint.c | 80 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/srv_wbint.h | 2 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/wbint.h | 8 | ||||
-rw-r--r-- | source3/librpc/idl/wbint.idl | 3 | ||||
-rw-r--r-- | source3/winbindd/winbindd.c | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_dual_srv.c | 48 | ||||
-rw-r--r-- | source3/winbindd/winbindd_ping_dc.c | 96 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 7 |
17 files changed, 538 insertions, 6 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 7a66a7fe82..00863a0d54 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -5,6 +5,7 @@ Copyright (C) Gerald (Jerry) Carter 2007 Copyright (C) Guenther Deschner 2008 + Copyright (C) Volker Lendecke 2009 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -570,6 +571,50 @@ wbcErr wbcChangeTrustCredentials(const char *domain, return wbc_status; } +/* + * Trigger a no-op NETLOGON call. Lightweight version of + * wbcCheckTrustCredentials + */ +wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (domain) { + /* + * the current protocol doesn't support + * specifying a domain + */ + wbc_status = WBC_ERR_NOT_IMPLEMENTED; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_PING_DC, + &request, + &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + /* Trigger an extended logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error) diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index eea71ab86b..33a4ace75c 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -4,6 +4,7 @@ Winbind client API Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Volker Lendecke 2009 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -1214,6 +1215,19 @@ wbcErr wbcCheckTrustCredentials(const char *domain, wbcErr wbcChangeTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error); + /********************************************************** * Helper functions **********************************************************/ diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index d3d9250e81..45d8684bad 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -5,6 +5,7 @@ Copyright (C) Tim Potter 2000-2003 Copyright (C) Andrew Bartlett 2002-2007 + Copyright (C) Volker Lendecke 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -779,6 +780,30 @@ static bool wbinfo_change_secret(const char *domain) return true; } +/* Check DC connection */ + +static bool wbinfo_ping_dc(void) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcAuthErrorInfo *error = NULL; + + wbc_status = wbcPingDc(NULL, &error); + + d_printf("checking the NETLOGON dc connection %s\n", + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); + + if (wbc_status == WBC_ERR_AUTH_ERROR) { + d_fprintf(stderr, "error code was %s (0x%x)\n", + error->nt_string, error->nt_status); + wbcFreeMemory(error); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + return true; +} + /* Convert uid to sid */ static bool wbinfo_uid_to_sid(uid_t uid) @@ -1710,6 +1735,7 @@ enum { OPT_VERBOSE, OPT_ONLINESTATUS, OPT_CHANGE_USER_PASSWORD, + OPT_PING_DC, OPT_SID_TO_FULLNAME, OPT_NTLMV2, OPT_LANMAN @@ -1759,6 +1785,8 @@ int main(int argc, char **argv, char **envp) { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "change-secret", 'c', POPT_ARG_NONE, 0, 'c', "Change shared secret" }, + { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC, + "Check the NETLOGON connection" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" }, @@ -1995,6 +2023,12 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_PING_DC: + if (!wbinfo_ping_dc()) { + d_fprintf(stderr, "Could not ping our DC\n"); + goto done; + } + break; case 'm': if (!wbinfo_list_domains(false, verbose)) { d_fprintf(stderr, diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index 3056e25905..4d27d5283c 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -47,8 +47,9 @@ typedef char fstring[FSTRING_LEN]; /* Update this when you change the interface. * 21: added WINBINDD_GETPWSID * added WINBINDD_GETSIDALIASES + * 22: added WINBINDD_PING_DC */ -#define WINBIND_INTERFACE_VERSION 21 +#define WINBIND_INTERFACE_VERSION 22 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment. On a 64bit Linux box, we have to support a constant structure size @@ -119,6 +120,7 @@ enum winbindd_cmd { WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ WINBINDD_CHANGE_MACHACC, /* Change machine account pw */ + WINBINDD_PING_DC, /* Ping the DC through NETLOGON */ WINBINDD_PING, /* Just tell me winbind is running */ WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ diff --git a/source3/Makefile.in b/source3/Makefile.in index 071cb8cf94..59ffa24e27 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1225,6 +1225,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_list_groups.o \ winbindd/winbindd_check_machine_acct.o \ winbindd/winbindd_change_machine_acct.o \ + winbindd/winbindd_ping_dc.o \ winbindd/winbindd_set_mapping.o \ winbindd/winbindd_remove_mapping.o \ winbindd/winbindd_set_hwm.o \ diff --git a/source3/librpc/gen_ndr/cli_wbint.c b/source3/librpc/gen_ndr/cli_wbint.c index 3115a20d9d..592b27b50d 100644 --- a/source3/librpc/gen_ndr/cli_wbint.c +++ b/source3/librpc/gen_ndr/cli_wbint.c @@ -2901,6 +2901,136 @@ NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli, return r.out.result; } +struct rpccli_wbint_PingDc_state { + struct wbint_PingDc orig; + struct wbint_PingDc tmp; + TALLOC_CTX *out_mem_ctx; + NTSTATUS (*dispatch_recv)(struct tevent_req *req, TALLOC_CTX *mem_ctx); +}; + +static void rpccli_wbint_PingDc_done(struct tevent_req *subreq); + +struct tevent_req *rpccli_wbint_PingDc_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct rpc_pipe_client *cli) +{ + struct tevent_req *req; + struct rpccli_wbint_PingDc_state *state; + struct tevent_req *subreq; + + req = tevent_req_create(mem_ctx, &state, + struct rpccli_wbint_PingDc_state); + if (req == NULL) { + return NULL; + } + state->out_mem_ctx = NULL; + state->dispatch_recv = cli->dispatch_recv; + + /* In parameters */ + + /* Out parameters */ + + /* Result */ + ZERO_STRUCT(state->orig.out.result); + + /* make a temporary copy, that we pass to the dispatch function */ + state->tmp = state->orig; + + subreq = cli->dispatch_send(state, ev, cli, + &ndr_table_wbint, + NDR_WBINT_PINGDC, + &state->tmp); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, rpccli_wbint_PingDc_done, req); + return req; +} + +static void rpccli_wbint_PingDc_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct rpccli_wbint_PingDc_state *state = tevent_req_data( + req, struct rpccli_wbint_PingDc_state); + NTSTATUS status; + TALLOC_CTX *mem_ctx; + + if (state->out_mem_ctx) { + mem_ctx = state->out_mem_ctx; + } else { + mem_ctx = state; + } + + status = state->dispatch_recv(subreq, mem_ctx); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + + /* Copy out parameters */ + + /* Copy result */ + state->orig.out.result = state->tmp.out.result; + + /* Reset temporary structure */ + ZERO_STRUCT(state->tmp); + + tevent_req_done(req); +} + +NTSTATUS rpccli_wbint_PingDc_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + NTSTATUS *result) +{ + struct rpccli_wbint_PingDc_state *state = tevent_req_data( + req, struct rpccli_wbint_PingDc_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + /* Steal possbile out parameters to the callers context */ + talloc_steal(mem_ctx, state->out_mem_ctx); + + /* Return result */ + *result = state->orig.out.result; + + tevent_req_received(req); + return NT_STATUS_OK; +} + +NTSTATUS rpccli_wbint_PingDc(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx) +{ + struct wbint_PingDc r; + NTSTATUS status; + + /* In parameters */ + + status = cli->dispatch(cli, + mem_ctx, + &ndr_table_wbint, + NDR_WBINT_PINGDC, + &r); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (NT_STATUS_IS_ERR(status)) { + return status; + } + + /* Return variables */ + + /* Return result */ + return r.out.result; +} + struct rpccli_wbint_SetMapping_state { struct wbint_SetMapping orig; struct wbint_SetMapping tmp; diff --git a/source3/librpc/gen_ndr/cli_wbint.h b/source3/librpc/gen_ndr/cli_wbint.h index b08ef3fef1..4528d43efc 100644 --- a/source3/librpc/gen_ndr/cli_wbint.h +++ b/source3/librpc/gen_ndr/cli_wbint.h @@ -248,6 +248,14 @@ NTSTATUS rpccli_wbint_ChangeMachineAccount_recv(struct tevent_req *req, NTSTATUS *result); NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx); +struct tevent_req *rpccli_wbint_PingDc_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct rpc_pipe_client *cli); +NTSTATUS rpccli_wbint_PingDc_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + NTSTATUS *result); +NTSTATUS rpccli_wbint_PingDc(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx); struct tevent_req *rpccli_wbint_SetMapping_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct rpc_pipe_client *cli, diff --git a/source3/librpc/gen_ndr/ndr_wbint.c b/source3/librpc/gen_ndr/ndr_wbint.c index 97b29761ee..50f781cc20 100644 --- a/source3/librpc/gen_ndr/ndr_wbint.c +++ b/source3/librpc/gen_ndr/ndr_wbint.c @@ -2232,6 +2232,47 @@ _PUBLIC_ void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const ndr->depth--; } +static enum ndr_err_code ndr_push_wbint_PingDc(struct ndr_push *ndr, int flags, const struct wbint_PingDc *r) +{ + if (flags & NDR_IN) { + } + if (flags & NDR_OUT) { + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_wbint_PingDc(struct ndr_pull *ndr, int flags, struct wbint_PingDc *r) +{ + if (flags & NDR_IN) { + } + if (flags & NDR_OUT) { + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_wbint_PingDc(struct ndr_print *ndr, const char *name, int flags, const struct wbint_PingDc *r) +{ + ndr_print_struct(ndr, name, "wbint_PingDc"); + ndr->depth++; + if (flags & NDR_SET_VALUES) { + ndr->flags |= LIBNDR_PRINT_SET_VALUES; + } + if (flags & NDR_IN) { + ndr_print_struct(ndr, "in", "wbint_PingDc"); + ndr->depth++; + ndr->depth--; + } + if (flags & NDR_OUT) { + ndr_print_struct(ndr, "out", "wbint_PingDc"); + ndr->depth++; + ndr_print_NTSTATUS(ndr, "result", r->out.result); + ndr->depth--; + } + ndr->depth--; +} + static enum ndr_err_code ndr_push_wbint_SetMapping(struct ndr_push *ndr, int flags, const struct wbint_SetMapping *r) { if (flags & NDR_IN) { @@ -2567,6 +2608,14 @@ static const struct ndr_interface_call wbint_calls[] = { false, }, { + "wbint_PingDc", + sizeof(struct wbint_PingDc), + (ndr_push_flags_fn_t) ndr_push_wbint_PingDc, + (ndr_pull_flags_fn_t) ndr_pull_wbint_PingDc, + (ndr_print_function_t) ndr_print_wbint_PingDc, + false, + }, + { "wbint_SetMapping", sizeof(struct wbint_SetMapping), (ndr_push_flags_fn_t) ndr_push_wbint_SetMapping, @@ -2619,7 +2668,7 @@ const struct ndr_interface_table ndr_table_wbint = { NDR_WBINT_VERSION }, .helpstring = NDR_WBINT_HELPSTRING, - .num_calls = 23, + .num_calls = 24, .calls = wbint_calls, .endpoints = &wbint_endpoints, .authservices = &wbint_authservices diff --git a/source3/librpc/gen_ndr/ndr_wbint.h b/source3/librpc/gen_ndr/ndr_wbint.h index e163ff3674..4a381ccfb2 100644 --- a/source3/librpc/gen_ndr/ndr_wbint.h +++ b/source3/librpc/gen_ndr/ndr_wbint.h @@ -51,13 +51,15 @@ extern const struct ndr_interface_table ndr_table_wbint; #define NDR_WBINT_CHANGEMACHINEACCOUNT (0x13) -#define NDR_WBINT_SETMAPPING (0x14) +#define NDR_WBINT_PINGDC (0x14) -#define NDR_WBINT_REMOVEMAPPING (0x15) +#define NDR_WBINT_SETMAPPING (0x15) -#define NDR_WBINT_SETHWM (0x16) +#define NDR_WBINT_REMOVEMAPPING (0x16) -#define NDR_WBINT_CALL_COUNT (23) +#define NDR_WBINT_SETHWM (0x17) + +#define NDR_WBINT_CALL_COUNT (24) enum ndr_err_code ndr_push_wbint_userinfo(struct ndr_push *ndr, int ndr_flags, const struct wbint_userinfo *r); enum ndr_err_code ndr_pull_wbint_userinfo(struct ndr_pull *ndr, int ndr_flags, struct wbint_userinfo *r); void ndr_print_wbint_userinfo(struct ndr_print *ndr, const char *name, const struct wbint_userinfo *r); @@ -99,6 +101,7 @@ void ndr_print_wbint_DsGetDcName(struct ndr_print *ndr, const char *name, int fl void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct wbint_LookupRids *r); void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_CheckMachineAccount *r); void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_ChangeMachineAccount *r); +void ndr_print_wbint_PingDc(struct ndr_print *ndr, const char *name, int flags, const struct wbint_PingDc *r); void ndr_print_wbint_SetMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetMapping *r); void ndr_print_wbint_RemoveMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_RemoveMapping *r); void ndr_print_wbint_SetHWM(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetHWM *r); diff --git a/source3/librpc/gen_ndr/srv_wbint.c b/source3/librpc/gen_ndr/srv_wbint.c index 0f39cd93e1..efd9be6b7a 100644 --- a/source3/librpc/gen_ndr/srv_wbint.c +++ b/source3/librpc/gen_ndr/srv_wbint.c @@ -1610,6 +1610,79 @@ static bool api_wbint_ChangeMachineAccount(pipes_struct *p) return true; } +static bool api_wbint_PingDc(pipes_struct *p) +{ + const struct ndr_interface_call *call; + struct ndr_pull *pull; + struct ndr_push *push; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + struct wbint_PingDc *r; + + call = &ndr_table_wbint.calls[NDR_WBINT_PINGDC]; + + r = talloc(talloc_tos(), struct wbint_PingDc); + if (r == NULL) { + return false; + } + + if (!prs_data_blob(&p->in_data.data, &blob, r)) { + talloc_free(r); + return false; + } + + pull = ndr_pull_init_blob(&blob, r, NULL); + if (pull == NULL) { + talloc_free(r); + return false; + } + + pull->flags |= LIBNDR_FLAG_REF_ALLOC; + ndr_err = call->ndr_pull(pull, NDR_IN, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(r); + return false; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_PingDc, r); + } + + r->out.result = _wbint_PingDc(p, r); + + if (p->rng_fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_PingDc, r); + } + + push = ndr_push_init_ctx(r, NULL); + if (push == NULL) { + talloc_free(r); + return false; + } + + ndr_err = call->ndr_push(push, NDR_OUT, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(r); + return false; + } + + blob = ndr_push_blob(push); + if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) { + talloc_free(r); + return false; + } + + talloc_free(r); + + return true; +} + static bool api_wbint_SetMapping(pipes_struct *p) { const struct ndr_interface_call *call; @@ -1853,6 +1926,7 @@ static struct api_struct api_wbint_cmds[] = {"WBINT_LOOKUPRIDS", NDR_WBINT_LOOKUPRIDS, api_wbint_LookupRids}, {"WBINT_CHECKMACHINEACCOUNT", NDR_WBINT_CHECKMACHINEACCOUNT, api_wbint_CheckMachineAccount}, {"WBINT_CHANGEMACHINEACCOUNT", NDR_WBINT_CHANGEMACHINEACCOUNT, api_wbint_ChangeMachineAccount}, + {"WBINT_PINGDC", NDR_WBINT_PINGDC, api_wbint_PingDc}, {"WBINT_SETMAPPING", NDR_WBINT_SETMAPPING, api_wbint_SetMapping}, {"WBINT_REMOVEMAPPING", NDR_WBINT_REMOVEMAPPING, api_wbint_RemoveMapping}, {"WBINT_SETHWM", NDR_WBINT_SETHWM, api_wbint_SetHWM}, @@ -2115,6 +2189,12 @@ NTSTATUS rpc_wbint_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, co return NT_STATUS_OK; } + case NDR_WBINT_PINGDC: { + struct wbint_PingDc *r = (struct wbint_PingDc *)_r; + r->out.result = _wbint_PingDc(cli->pipes_struct, r); + return NT_STATUS_OK; + } + case NDR_WBINT_SETMAPPING: { struct wbint_SetMapping *r = (struct wbint_SetMapping *)_r; r->out.result = _wbint_SetMapping(cli->pipes_struct, r); diff --git a/source3/librpc/gen_ndr/srv_wbint.h b/source3/librpc/gen_ndr/srv_wbint.h index c8c04fb3cc..716f1ac9d1 100644 --- a/source3/librpc/gen_ndr/srv_wbint.h +++ b/source3/librpc/gen_ndr/srv_wbint.h @@ -21,6 +21,7 @@ NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r); NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r); NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r); NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r); +NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r); NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r); NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r); NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r); @@ -46,6 +47,7 @@ NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r); NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r); NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r); NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r); +NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r); NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r); NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r); NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r); diff --git a/source3/librpc/gen_ndr/wbint.h b/source3/librpc/gen_ndr/wbint.h index 962a87ea26..96b7800624 100644 --- a/source3/librpc/gen_ndr/wbint.h +++ b/source3/librpc/gen_ndr/wbint.h @@ -303,6 +303,14 @@ struct wbint_ChangeMachineAccount { }; +struct wbint_PingDc { + struct { + NTSTATUS result; + } out; + +}; + + struct wbint_SetMapping { struct { struct dom_sid *sid;/* [ref] */ diff --git a/source3/librpc/idl/wbint.idl b/source3/librpc/idl/wbint.idl index e44f179723..432d59e086 100644 --- a/source3/librpc/idl/wbint.idl +++ b/source3/librpc/idl/wbint.idl @@ -150,6 +150,9 @@ interface wbint NTSTATUS wbint_ChangeMachineAccount( ); + NTSTATUS wbint_PingDc( + ); + typedef [public] enum { WBINT_ID_TYPE_NOT_SPECIFIED, WBINT_ID_TYPE_UID, diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index e09374c5cb..597957d9d6 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -532,6 +532,8 @@ static struct winbindd_async_dispatch_table async_nonpriv_table[] = { winbindd_list_groups_send, winbindd_list_groups_recv }, { WINBINDD_CHECK_MACHACC, "CHECK_MACHACC", winbindd_check_machine_acct_send, winbindd_check_machine_acct_recv }, + { WINBINDD_PING_DC, "PING_DC", + winbindd_ping_dc_send, winbindd_ping_dc_recv }, { 0, NULL, NULL, NULL } }; diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index cecbb61051..b247d5a233 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -510,6 +510,54 @@ again: return status; } +NTSTATUS _wbint_PingDc(pipes_struct *p, struct wbint_PingDc *r) +{ + NTSTATUS status; + struct winbindd_domain *domain; + struct rpc_pipe_client *netlogon_pipe; + union netr_CONTROL_QUERY_INFORMATION info; + WERROR werr; + fstring logon_server; + + domain = wb_child_domain(); + if (domain == NULL) { + return NT_STATUS_REQUEST_NOT_ACCEPTED; + } + + status = cm_connect_netlogon(domain, &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + return status; + } + + fstr_sprintf(logon_server, "\\\\%s", domain->dcname); + + /* + * This provokes a WERR_NOT_SUPPORTED error message. This is + * documented in the wspp docs. I could not get a successful + * call to work, but the main point here is testing that the + * netlogon pipe works. + */ + status = rpccli_netr_LogonControl(netlogon_pipe, p->mem_ctx, + logon_server, NETLOGON_CONTROL_QUERY, + 2, &info, &werr); + + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { + DEBUG(2, ("rpccli_netr_LogonControl timed out\n")); + invalidate_cm_connection(&domain->conn); + return status; + } + + if (!NT_STATUS_EQUAL(status, NT_STATUS_CTL_FILE_NOT_SUPPORTED)) { + DEBUG(2, ("rpccli_netr_LogonControl returned %s, expected " + "NT_STATUS_CTL_FILE_NOT_SUPPORTED\n", + nt_errstr(status))); + return status; + } + + DEBUG(5, ("winbindd_dual_ping_dc succeeded\n")); + return NT_STATUS_OK; +} NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r) { diff --git a/source3/winbindd/winbindd_ping_dc.c b/source3/winbindd/winbindd_ping_dc.c new file mode 100644 index 0000000000..e06e5896c2 --- /dev/null +++ b/source3/winbindd/winbindd_ping_dc.c @@ -0,0 +1,96 @@ +/* + Unix SMB/CIFS implementation. + async implementation of WINBINDD_PING_DC + Copyright (C) Volker Lendecke 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" +#include "librpc/gen_ndr/cli_wbint.h" + +struct winbindd_ping_dc_state { + uint8_t dummy; +}; + +static void winbindd_ping_dc_done(struct tevent_req *subreq); + +struct tevent_req *winbindd_ping_dc_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request) +{ + struct tevent_req *req, *subreq; + struct winbindd_ping_dc_state *state; + struct winbindd_domain *domain; + + req = tevent_req_create(mem_ctx, &state, + struct winbindd_ping_dc_state); + if (req == NULL) { + return NULL; + } + + if (request->domain_name[0] == '\0') { + /* preserve old behavior, when no domain name is given */ + domain = find_our_domain(); + } else { + domain = find_domain_from_name(request->domain_name); + } + if (domain == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN); + return tevent_req_post(req, ev); + } + if (domain->internal) { + /* + * Internal domains are passdb based, we can always + * contact them. + */ + tevent_req_done(req); + return tevent_req_post(req, ev); + } + + subreq = rpccli_wbint_PingDc_send(state, ev, domain->child.rpccli); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, winbindd_ping_dc_done, req); + return req; +} + +static void winbindd_ping_dc_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct winbindd_ping_dc_state *state = tevent_req_data( + req, struct winbindd_ping_dc_state); + NTSTATUS status, result; + + status = rpccli_wbint_PingDc_recv(subreq, state, &result); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + if (!NT_STATUS_IS_OK(result)) { + tevent_req_nterror(req, result); + return; + } + tevent_req_done(req); +} + +NTSTATUS winbindd_ping_dc_recv(struct tevent_req *req, + struct winbindd_response *presp) +{ + return tevent_req_simple_recv_ntstatus(req); +} diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 5a03f5d3b8..fab31ba60b 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -848,6 +848,13 @@ struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx, NTSTATUS winbindd_check_machine_acct_recv(struct tevent_req *req, struct winbindd_response *presp); +struct tevent_req *winbindd_ping_dc_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request); +NTSTATUS winbindd_ping_dc_recv(struct tevent_req *req, + struct winbindd_response *presp); + struct tevent_req *winbindd_change_machine_acct_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct winbindd_cli_state *cli, |