Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Wrapper around winbindd_ads.c to centralize retry logic.
5 : Copyright (C) Christof Schmitt 2016
6 :
7 : Based on winbindd_reconnect.c
8 : Copyright (C) Volker Lendecke 2005
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "winbindd.h"
26 :
27 : #ifdef HAVE_ADS
28 :
29 : #undef DBGC_CLASS
30 : #define DBGC_CLASS DBGC_WINBIND
31 :
32 : extern struct winbindd_methods ads_methods;
33 :
34 0 : static bool ldap_reconnect_need_retry(NTSTATUS status,
35 : struct winbindd_domain *domain)
36 : {
37 0 : if (NT_STATUS_IS_OK(status)) {
38 0 : return false;
39 : }
40 :
41 0 : if (!NT_STATUS_IS_ERR(status)) {
42 0 : return false;
43 : }
44 :
45 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
46 0 : return false;
47 : }
48 :
49 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
50 0 : return false;
51 : }
52 :
53 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_GROUP)) {
54 0 : return false;
55 : }
56 :
57 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_ALIAS)) {
58 0 : return false;
59 : }
60 :
61 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_MEMBER)) {
62 0 : return false;
63 : }
64 :
65 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN)) {
66 0 : return false;
67 : }
68 :
69 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_PRIVILEGE)) {
70 0 : return false;
71 : }
72 :
73 0 : if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MEMORY)) {
74 0 : return false;
75 : }
76 :
77 0 : return true;
78 : }
79 :
80 : /* List all users */
81 0 : static NTSTATUS query_user_list(struct winbindd_domain *domain,
82 : TALLOC_CTX *mem_ctx,
83 : uint32_t **rids)
84 : {
85 : NTSTATUS result;
86 :
87 0 : result = ads_methods.query_user_list(domain, mem_ctx, rids);
88 :
89 0 : if (ldap_reconnect_need_retry(result, domain)) {
90 0 : result = ads_methods.query_user_list(domain, mem_ctx, rids);
91 : }
92 :
93 0 : return result;
94 : }
95 :
96 : /* list all domain groups */
97 0 : static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
98 : TALLOC_CTX *mem_ctx,
99 : uint32_t *num_entries,
100 : struct wb_acct_info **info)
101 : {
102 : NTSTATUS result;
103 :
104 0 : result = ads_methods.enum_dom_groups(domain, mem_ctx,
105 : num_entries, info);
106 :
107 0 : if (ldap_reconnect_need_retry(result, domain)) {
108 0 : result = ads_methods.enum_dom_groups(domain, mem_ctx,
109 : num_entries, info);
110 : }
111 :
112 0 : return result;
113 : }
114 :
115 : /* List all domain groups */
116 0 : static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
117 : TALLOC_CTX *mem_ctx,
118 : uint32_t *num_entries,
119 : struct wb_acct_info **info)
120 : {
121 : NTSTATUS result;
122 :
123 0 : result = ads_methods.enum_local_groups(domain, mem_ctx,
124 : num_entries, info);
125 :
126 0 : if (ldap_reconnect_need_retry(result, domain)) {
127 0 : result = ads_methods.enum_local_groups(domain, mem_ctx,
128 : num_entries, info);
129 : }
130 :
131 0 : return result;
132 : }
133 :
134 : /* convert a single name to a sid in a domain */
135 0 : static NTSTATUS name_to_sid(struct winbindd_domain *domain,
136 : TALLOC_CTX *mem_ctx,
137 : const char *domain_name,
138 : const char *name,
139 : uint32_t flags,
140 : const char **pdom_name,
141 : struct dom_sid *sid,
142 : enum lsa_SidType *type)
143 : {
144 : NTSTATUS result;
145 :
146 0 : result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
147 : flags, pdom_name, sid, type);
148 :
149 0 : if (reconnect_need_retry(result, domain)) {
150 0 : result = ads_methods.name_to_sid(domain, mem_ctx,
151 : domain_name, name, flags,
152 : pdom_name, sid, type);
153 : }
154 :
155 0 : return result;
156 : }
157 :
158 : /*
159 : convert a domain SID to a user or group name
160 : */
161 0 : static NTSTATUS sid_to_name(struct winbindd_domain *domain,
162 : TALLOC_CTX *mem_ctx,
163 : const struct dom_sid *sid,
164 : char **domain_name,
165 : char **name,
166 : enum lsa_SidType *type)
167 : {
168 : NTSTATUS result;
169 :
170 0 : result = ads_methods.sid_to_name(domain, mem_ctx, sid,
171 : domain_name, name, type);
172 :
173 0 : if (reconnect_need_retry(result, domain))
174 0 : result = ads_methods.sid_to_name(domain, mem_ctx, sid,
175 : domain_name, name, type);
176 :
177 0 : return result;
178 : }
179 :
180 0 : static NTSTATUS rids_to_names(struct winbindd_domain *domain,
181 : TALLOC_CTX *mem_ctx,
182 : const struct dom_sid *sid,
183 : uint32_t *rids,
184 : size_t num_rids,
185 : char **domain_name,
186 : char ***names,
187 : enum lsa_SidType **types)
188 : {
189 : NTSTATUS result;
190 :
191 0 : result = ads_methods.rids_to_names(domain, mem_ctx, sid,
192 : rids, num_rids,
193 : domain_name, names, types);
194 0 : if (reconnect_need_retry(result, domain)) {
195 0 : result = ads_methods.rids_to_names(domain, mem_ctx, sid,
196 : rids, num_rids, domain_name,
197 : names, types);
198 : }
199 :
200 0 : return result;
201 : }
202 :
203 : /* Lookup groups a user is a member of. I wish Unix had a call like this! */
204 0 : static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
205 : TALLOC_CTX *mem_ctx,
206 : const struct dom_sid *user_sid,
207 : uint32_t *num_groups,
208 : struct dom_sid **user_gids)
209 : {
210 : NTSTATUS result;
211 :
212 0 : result = ads_methods.lookup_usergroups(domain, mem_ctx, user_sid,
213 : num_groups, user_gids);
214 :
215 0 : if (ldap_reconnect_need_retry(result, domain)) {
216 0 : result = ads_methods.lookup_usergroups(domain, mem_ctx,
217 : user_sid, num_groups,
218 : user_gids);
219 : }
220 :
221 0 : return result;
222 : }
223 :
224 0 : static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
225 : TALLOC_CTX *mem_ctx,
226 : uint32_t num_sids,
227 : const struct dom_sid *sids,
228 : uint32_t *num_aliases, uint32_t **alias_rids)
229 : {
230 : NTSTATUS result;
231 :
232 0 : result = ads_methods.lookup_useraliases(domain, mem_ctx, num_sids, sids,
233 : num_aliases, alias_rids);
234 :
235 0 : if (reconnect_need_retry(result, domain)) {
236 0 : result = ads_methods.lookup_useraliases(domain, mem_ctx,
237 : num_sids, sids,
238 : num_aliases,
239 : alias_rids);
240 : }
241 :
242 0 : return result;
243 : }
244 :
245 : /* Lookup group membership given a rid. */
246 0 : static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
247 : TALLOC_CTX *mem_ctx,
248 : const struct dom_sid *group_sid,
249 : enum lsa_SidType type,
250 : uint32_t *num_names,
251 : struct dom_sid **sid_mem, char ***names,
252 : uint32_t **name_types)
253 : {
254 : NTSTATUS result;
255 :
256 0 : result = ads_methods.lookup_groupmem(domain, mem_ctx, group_sid, type,
257 : num_names, sid_mem, names,
258 : name_types);
259 :
260 0 : if (ldap_reconnect_need_retry(result, domain)) {
261 0 : result = ads_methods.lookup_groupmem(domain, mem_ctx, group_sid,
262 : type, num_names, sid_mem,
263 : names, name_types);
264 : }
265 :
266 0 : return result;
267 : }
268 :
269 : /* find the lockout policy of a domain */
270 0 : static NTSTATUS lockout_policy(struct winbindd_domain *domain,
271 : TALLOC_CTX *mem_ctx,
272 : struct samr_DomInfo12 *policy)
273 : {
274 : NTSTATUS result;
275 :
276 0 : result = ads_methods.lockout_policy(domain, mem_ctx, policy);
277 :
278 0 : if (reconnect_need_retry(result, domain)) {
279 0 : result = ads_methods.lockout_policy(domain, mem_ctx, policy);
280 : }
281 :
282 0 : return result;
283 : }
284 :
285 : /* find the password policy of a domain */
286 0 : static NTSTATUS password_policy(struct winbindd_domain *domain,
287 : TALLOC_CTX *mem_ctx,
288 : struct samr_DomInfo1 *policy)
289 : {
290 : NTSTATUS result;
291 :
292 0 : result = ads_methods.password_policy(domain, mem_ctx, policy);
293 :
294 0 : if (reconnect_need_retry(result, domain)) {
295 0 : result = ads_methods.password_policy(domain, mem_ctx, policy);
296 : }
297 :
298 0 : return result;
299 : }
300 :
301 : /* get a list of trusted domains */
302 0 : static NTSTATUS trusted_domains(struct winbindd_domain *domain,
303 : TALLOC_CTX *mem_ctx,
304 : struct netr_DomainTrustList *trusts)
305 : {
306 : NTSTATUS result;
307 :
308 0 : result = ads_methods.trusted_domains(domain, mem_ctx, trusts);
309 :
310 0 : if (reconnect_need_retry(result, domain)) {
311 0 : result = ads_methods.trusted_domains(domain, mem_ctx, trusts);
312 : }
313 :
314 0 : return result;
315 : }
316 :
317 : /* the rpc backend methods are exposed via this structure */
318 : struct winbindd_methods reconnect_ads_methods = {
319 : true,
320 : query_user_list,
321 : enum_dom_groups,
322 : enum_local_groups,
323 : name_to_sid,
324 : sid_to_name,
325 : rids_to_names,
326 : lookup_usergroups,
327 : lookup_useraliases,
328 : lookup_groupmem,
329 : lockout_policy,
330 : password_policy,
331 : trusted_domains,
332 : };
333 :
334 : #endif
|
