2 * idmap_adex: Domain search interface
4 * Copyright (C) Gerald (Jerry) Carter 2007-2008
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "idmap_adex.h"
26 #define DBGC_CLASS DBGC_IDMAP
29 struct dc_info *prev, *next;
31 struct likewise_cell *domain_cell;
34 static struct dc_info *_dc_server_list = NULL;
37 /**********************************************************************
38 *********************************************************************/
40 static struct dc_info *dc_list_head(void)
42 return _dc_server_list;
45 /**********************************************************************
46 *********************************************************************/
48 static NTSTATUS dc_add_domain(const char *domain)
50 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
51 struct dc_info *dc = NULL;
54 return NT_STATUS_INVALID_PARAMETER;
57 DEBUG(10,("dc_add_domain: Attempting to add domain %s\n", domain));
59 /* Check for duplicates */
63 if (strequal (dc->dns_name, domain))
69 DEBUG(10,("dc_add_domain: %s already in list\n", domain));
73 dc = TALLOC_ZERO_P(NULL, struct dc_info);
74 BAIL_ON_PTR_ERROR(dc, nt_status);
76 dc->dns_name = talloc_strdup(dc, domain);
77 BAIL_ON_PTR_ERROR(dc->dns_name, nt_status);
79 DLIST_ADD_END(_dc_server_list, dc, struct dc_info*);
81 nt_status = NT_STATUS_OK;
83 DEBUG(5,("dc_add_domain: Successfully added %s\n", domain));
86 if (!NT_STATUS_IS_OK(nt_status)) {
88 DEBUG(0,("LWI: Failed to add new DC connection for %s (%s)\n",
89 domain, nt_errstr(nt_status)));
95 /**********************************************************************
96 *********************************************************************/
98 static void dc_server_list_destroy(void)
100 struct dc_info *dc = dc_list_head();
103 struct dc_info *p = dc->next;
105 cell_destroy(dc->domain_cell);
115 /**********************************************************************
116 *********************************************************************/
118 NTSTATUS domain_init_list(void)
120 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
121 struct winbindd_tdc_domain *domains = NULL;
122 size_t num_domains = 0;
125 if (_dc_server_list != NULL) {
126 dc_server_list_destroy();
131 nt_status = dc_add_domain(lp_realm());
132 BAIL_ON_NTSTATUS_ERROR(nt_status);
134 if (!wcache_tdc_fetch_list(&domains, &num_domains)) {
135 nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
136 BAIL_ON_NTSTATUS_ERROR(nt_status);
139 /* Add all domains with an incoming trust path */
141 for (i=0; i<num_domains; i++) {
142 uint32_t flags = (NETR_TRUST_FLAG_INBOUND|NETR_TRUST_FLAG_IN_FOREST);
144 /* We just require one of the flags to be set here */
146 if (domains[i].trust_flags & flags) {
147 nt_status = dc_add_domain(domains[i].dns_name);
148 BAIL_ON_NTSTATUS_ERROR(nt_status);
152 nt_status = NT_STATUS_OK;
155 if (!NT_STATUS_IS_OK(nt_status)) {
156 DEBUG(2,("LWI: Failed to initialize DC list (%s)\n",
157 nt_errstr(nt_status)));
160 TALLOC_FREE(domains);
165 /********************************************************************
166 *******************************************************************/
168 static NTSTATUS dc_do_search(struct dc_info *dc,
169 const char *search_base,
175 ADS_STATUS status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
176 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
178 status = cell_do_search(dc->domain_cell, search_base,
179 scope, expr, attrs, msg);
180 nt_status = ads_ntstatus(status);
185 /**********************************************************************
186 *********************************************************************/
188 static struct dc_info *dc_find_domain(const char *dns_domain)
190 struct dc_info *dc = dc_list_head();
196 if (strequal(dc->dns_name, dns_domain)) {
206 /**********************************************************************
207 *********************************************************************/
209 NTSTATUS dc_search_domains(struct likewise_cell **cell,
212 const struct dom_sid *sid)
214 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
215 TALLOC_CTX *frame = talloc_stackframe();
217 const char *attrs[] = { "*", NULL };
218 struct dc_info *dc = NULL;
219 const char *base = NULL;
222 nt_status = NT_STATUS_INVALID_PARAMETER;
223 BAIL_ON_NTSTATUS_ERROR(nt_status);
226 dns_domain = cell_dn_to_dns(dn);
227 BAIL_ON_PTR_ERROR(dns_domain, nt_status);
229 if ((dc = dc_find_domain(dns_domain)) == NULL) {
230 nt_status = NT_STATUS_TRUSTED_DOMAIN_FAILURE;
231 BAIL_ON_NTSTATUS_ERROR(nt_status);
234 /* Reparse the cell settings for the domain if necessary */
236 if (!dc->domain_cell) {
239 base_dn = ads_build_dn(dc->dns_name);
240 BAIL_ON_PTR_ERROR(base_dn, nt_status);
242 nt_status = cell_connect_dn(&dc->domain_cell, base_dn);
244 BAIL_ON_NTSTATUS_ERROR(nt_status);
246 nt_status = cell_lookup_settings(dc->domain_cell);
247 BAIL_ON_NTSTATUS_ERROR(nt_status);
249 /* By definition this is already part of a larger
250 forest-wide search scope */
252 cell_set_flags(dc->domain_cell, LWCELL_FLAG_SEARCH_FOREST);
255 /* Check whether we are operating in non-schema or RFC2307
258 if (cell_flags(dc->domain_cell) & LWCELL_FLAG_USE_RFC2307_ATTRS) {
259 nt_status = dc_do_search(dc, dn, LDAP_SCOPE_BASE,
260 "(objectclass=*)", attrs, msg);
262 const char *sid_str = NULL;
265 sid_str = sid_string_talloc(frame, sid);
266 BAIL_ON_PTR_ERROR(sid_str, nt_status);
268 filter = talloc_asprintf(frame, "(keywords=backLink=%s)",
270 BAIL_ON_PTR_ERROR(filter, nt_status);
272 base = cell_search_base(dc->domain_cell);
273 BAIL_ON_PTR_ERROR(base, nt_status);
275 nt_status = dc_do_search(dc, base, LDAP_SCOPE_SUBTREE,
278 BAIL_ON_NTSTATUS_ERROR(nt_status);
280 *cell = dc->domain_cell;
283 talloc_destroy(CONST_DISCARD(char*, base));
284 talloc_destroy(frame);