From a3306e352dad74c3c6ce441610defc472d570f4f Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Tue, 6 Oct 2009 18:26:33 +0200 Subject: [PATCH] s3-winbindd: add wbint_ChangeMachineAccount implementation. Guenther --- source3/Makefile.in | 1 + source3/librpc/gen_ndr/cli_wbint.c | 146 ++++++++++++++++++ source3/librpc/gen_ndr/cli_wbint.h | 8 + source3/librpc/gen_ndr/ndr_wbint.c | 51 +++++- source3/librpc/gen_ndr/ndr_wbint.h | 11 +- source3/librpc/gen_ndr/srv_wbint.c | 80 ++++++++++ source3/librpc/gen_ndr/srv_wbint.h | 2 + source3/librpc/gen_ndr/wbint.h | 8 + source3/librpc/idl/wbint.idl | 5 +- source3/winbindd/winbindd.c | 2 + source3/winbindd/winbindd_cache.c | 1 + .../winbindd/winbindd_change_machine_acct.c | 93 +++++++++++ source3/winbindd/winbindd_dual_srv.c | 62 ++++++++ source3/winbindd/winbindd_proto.h | 7 + 14 files changed, 471 insertions(+), 6 deletions(-) create mode 100644 source3/winbindd/winbindd_change_machine_acct.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 694985ff683..90faadf0016 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1221,6 +1221,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_list_users.o \ winbindd/winbindd_list_groups.o \ winbindd/winbindd_check_machine_acct.o \ + winbindd/winbindd_change_machine_acct.o \ winbindd/winbindd_set_mapping.o \ winbindd/winbindd_remove_mapping.o \ winbindd/winbindd_set_hwm.o \ diff --git a/source3/librpc/gen_ndr/cli_wbint.c b/source3/librpc/gen_ndr/cli_wbint.c index 3e5fc441d59..ecf83631925 100644 --- a/source3/librpc/gen_ndr/cli_wbint.c +++ b/source3/librpc/gen_ndr/cli_wbint.c @@ -3075,6 +3075,152 @@ NTSTATUS rpccli_wbint_CheckMachineAccount(struct rpc_pipe_client *cli, return r.out.result; } +struct rpccli_wbint_ChangeMachineAccount_state { + struct wbint_ChangeMachineAccount orig; + struct wbint_ChangeMachineAccount tmp; + TALLOC_CTX *out_mem_ctx; + NTSTATUS (*dispatch_recv)(struct tevent_req *req, TALLOC_CTX *mem_ctx); +}; + +static void rpccli_wbint_ChangeMachineAccount_done(struct tevent_req *subreq); + +struct tevent_req *rpccli_wbint_ChangeMachineAccount_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct rpc_pipe_client *cli) +{ + struct tevent_req *req; + struct rpccli_wbint_ChangeMachineAccount_state *state; + struct tevent_req *subreq; + + req = tevent_req_create(mem_ctx, &state, + struct rpccli_wbint_ChangeMachineAccount_state); + if (req == NULL) { + return NULL; + } + state->out_mem_ctx = NULL; + state->dispatch_recv = cli->dispatch_recv; + + /* In parameters */ + + /* Out parameters */ + + /* Result */ + ZERO_STRUCT(state->orig.out.result); + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_ChangeMachineAccount, &state->orig); + } + + /* make a temporary copy, that we pass to the dispatch function */ + state->tmp = state->orig; + + subreq = cli->dispatch_send(state, ev, cli, + &ndr_table_wbint, + NDR_WBINT_CHANGEMACHINEACCOUNT, + &state->tmp); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, rpccli_wbint_ChangeMachineAccount_done, req); + return req; +} + +static void rpccli_wbint_ChangeMachineAccount_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct rpccli_wbint_ChangeMachineAccount_state *state = tevent_req_data( + req, struct rpccli_wbint_ChangeMachineAccount_state); + NTSTATUS status; + TALLOC_CTX *mem_ctx; + + if (state->out_mem_ctx) { + mem_ctx = state->out_mem_ctx; + } else { + mem_ctx = state; + } + + status = state->dispatch_recv(subreq, mem_ctx); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + + /* Copy out parameters */ + + /* Copy result */ + state->orig.out.result = state->tmp.out.result; + + /* Reset temporary structure */ + ZERO_STRUCT(state->tmp); + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_ChangeMachineAccount, &state->orig); + } + + tevent_req_done(req); +} + +NTSTATUS rpccli_wbint_ChangeMachineAccount_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + NTSTATUS *result) +{ + struct rpccli_wbint_ChangeMachineAccount_state *state = tevent_req_data( + req, struct rpccli_wbint_ChangeMachineAccount_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + /* Steal possbile out parameters to the callers context */ + talloc_steal(mem_ctx, state->out_mem_ctx); + + /* Return result */ + *result = state->orig.out.result; + + tevent_req_received(req); + return NT_STATUS_OK; +} + +NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx) +{ + struct wbint_ChangeMachineAccount r; + NTSTATUS status; + + /* In parameters */ + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_ChangeMachineAccount, &r); + } + + status = cli->dispatch(cli, + mem_ctx, + &ndr_table_wbint, + NDR_WBINT_CHANGEMACHINEACCOUNT, + &r); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_ChangeMachineAccount, &r); + } + + if (NT_STATUS_IS_ERR(status)) { + return status; + } + + /* Return variables */ + + /* Return result */ + return r.out.result; +} + struct rpccli_wbint_SetMapping_state { struct wbint_SetMapping orig; struct wbint_SetMapping tmp; diff --git a/source3/librpc/gen_ndr/cli_wbint.h b/source3/librpc/gen_ndr/cli_wbint.h index 7d7c2bcdaca..b08ef3fef14 100644 --- a/source3/librpc/gen_ndr/cli_wbint.h +++ b/source3/librpc/gen_ndr/cli_wbint.h @@ -240,6 +240,14 @@ NTSTATUS rpccli_wbint_CheckMachineAccount_recv(struct tevent_req *req, NTSTATUS *result); NTSTATUS rpccli_wbint_CheckMachineAccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx); +struct tevent_req *rpccli_wbint_ChangeMachineAccount_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct rpc_pipe_client *cli); +NTSTATUS rpccli_wbint_ChangeMachineAccount_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + NTSTATUS *result); +NTSTATUS rpccli_wbint_ChangeMachineAccount(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx); struct tevent_req *rpccli_wbint_SetMapping_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct rpc_pipe_client *cli, diff --git a/source3/librpc/gen_ndr/ndr_wbint.c b/source3/librpc/gen_ndr/ndr_wbint.c index 77e3a447867..7c6aac987be 100644 --- a/source3/librpc/gen_ndr/ndr_wbint.c +++ b/source3/librpc/gen_ndr/ndr_wbint.c @@ -2190,6 +2190,47 @@ _PUBLIC_ void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const c ndr->depth--; } +static enum ndr_err_code ndr_push_wbint_ChangeMachineAccount(struct ndr_push *ndr, int flags, const struct wbint_ChangeMachineAccount *r) +{ + if (flags & NDR_IN) { + } + if (flags & NDR_OUT) { + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_wbint_ChangeMachineAccount(struct ndr_pull *ndr, int flags, struct wbint_ChangeMachineAccount *r) +{ + if (flags & NDR_IN) { + } + if (flags & NDR_OUT) { + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_ChangeMachineAccount *r) +{ + ndr_print_struct(ndr, name, "wbint_ChangeMachineAccount"); + ndr->depth++; + if (flags & NDR_SET_VALUES) { + ndr->flags |= LIBNDR_PRINT_SET_VALUES; + } + if (flags & NDR_IN) { + ndr_print_struct(ndr, "in", "wbint_ChangeMachineAccount"); + ndr->depth++; + ndr->depth--; + } + if (flags & NDR_OUT) { + ndr_print_struct(ndr, "out", "wbint_ChangeMachineAccount"); + ndr->depth++; + ndr_print_NTSTATUS(ndr, "result", r->out.result); + ndr->depth--; + } + ndr->depth--; +} + static enum ndr_err_code ndr_push_wbint_SetMapping(struct ndr_push *ndr, int flags, const struct wbint_SetMapping *r) { if (flags & NDR_IN) { @@ -2516,6 +2557,14 @@ static const struct ndr_interface_call wbint_calls[] = { (ndr_print_function_t) ndr_print_wbint_CheckMachineAccount, false, }, + { + "wbint_ChangeMachineAccount", + sizeof(struct wbint_ChangeMachineAccount), + (ndr_push_flags_fn_t) ndr_push_wbint_ChangeMachineAccount, + (ndr_pull_flags_fn_t) ndr_pull_wbint_ChangeMachineAccount, + (ndr_print_function_t) ndr_print_wbint_ChangeMachineAccount, + false, + }, { "wbint_SetMapping", sizeof(struct wbint_SetMapping), @@ -2569,7 +2618,7 @@ const struct ndr_interface_table ndr_table_wbint = { NDR_WBINT_VERSION }, .helpstring = NDR_WBINT_HELPSTRING, - .num_calls = 22, + .num_calls = 23, .calls = wbint_calls, .endpoints = &wbint_endpoints, .authservices = &wbint_authservices diff --git a/source3/librpc/gen_ndr/ndr_wbint.h b/source3/librpc/gen_ndr/ndr_wbint.h index 5cefc94162c..e163ff36747 100644 --- a/source3/librpc/gen_ndr/ndr_wbint.h +++ b/source3/librpc/gen_ndr/ndr_wbint.h @@ -49,13 +49,15 @@ extern const struct ndr_interface_table ndr_table_wbint; #define NDR_WBINT_CHECKMACHINEACCOUNT (0x12) -#define NDR_WBINT_SETMAPPING (0x13) +#define NDR_WBINT_CHANGEMACHINEACCOUNT (0x13) -#define NDR_WBINT_REMOVEMAPPING (0x14) +#define NDR_WBINT_SETMAPPING (0x14) -#define NDR_WBINT_SETHWM (0x15) +#define NDR_WBINT_REMOVEMAPPING (0x15) -#define NDR_WBINT_CALL_COUNT (22) +#define NDR_WBINT_SETHWM (0x16) + +#define NDR_WBINT_CALL_COUNT (23) enum ndr_err_code ndr_push_wbint_userinfo(struct ndr_push *ndr, int ndr_flags, const struct wbint_userinfo *r); enum ndr_err_code ndr_pull_wbint_userinfo(struct ndr_pull *ndr, int ndr_flags, struct wbint_userinfo *r); void ndr_print_wbint_userinfo(struct ndr_print *ndr, const char *name, const struct wbint_userinfo *r); @@ -96,6 +98,7 @@ void ndr_print_wbint_QueryGroupList(struct ndr_print *ndr, const char *name, int void ndr_print_wbint_DsGetDcName(struct ndr_print *ndr, const char *name, int flags, const struct wbint_DsGetDcName *r); void ndr_print_wbint_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct wbint_LookupRids *r); void ndr_print_wbint_CheckMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_CheckMachineAccount *r); +void ndr_print_wbint_ChangeMachineAccount(struct ndr_print *ndr, const char *name, int flags, const struct wbint_ChangeMachineAccount *r); void ndr_print_wbint_SetMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetMapping *r); void ndr_print_wbint_RemoveMapping(struct ndr_print *ndr, const char *name, int flags, const struct wbint_RemoveMapping *r); void ndr_print_wbint_SetHWM(struct ndr_print *ndr, const char *name, int flags, const struct wbint_SetHWM *r); diff --git a/source3/librpc/gen_ndr/srv_wbint.c b/source3/librpc/gen_ndr/srv_wbint.c index b3b535bc9cb..0f39cd93e19 100644 --- a/source3/librpc/gen_ndr/srv_wbint.c +++ b/source3/librpc/gen_ndr/srv_wbint.c @@ -1537,6 +1537,79 @@ static bool api_wbint_CheckMachineAccount(pipes_struct *p) return true; } +static bool api_wbint_ChangeMachineAccount(pipes_struct *p) +{ + const struct ndr_interface_call *call; + struct ndr_pull *pull; + struct ndr_push *push; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + struct wbint_ChangeMachineAccount *r; + + call = &ndr_table_wbint.calls[NDR_WBINT_CHANGEMACHINEACCOUNT]; + + r = talloc(talloc_tos(), struct wbint_ChangeMachineAccount); + if (r == NULL) { + return false; + } + + if (!prs_data_blob(&p->in_data.data, &blob, r)) { + talloc_free(r); + return false; + } + + pull = ndr_pull_init_blob(&blob, r, NULL); + if (pull == NULL) { + talloc_free(r); + return false; + } + + pull->flags |= LIBNDR_FLAG_REF_ALLOC; + ndr_err = call->ndr_pull(pull, NDR_IN, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(r); + return false; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_IN_DEBUG(wbint_ChangeMachineAccount, r); + } + + r->out.result = _wbint_ChangeMachineAccount(p, r); + + if (p->rng_fault_state) { + talloc_free(r); + /* Return true here, srv_pipe_hnd.c will take care */ + return true; + } + + if (DEBUGLEVEL >= 10) { + NDR_PRINT_OUT_DEBUG(wbint_ChangeMachineAccount, r); + } + + push = ndr_push_init_ctx(r, NULL); + if (push == NULL) { + talloc_free(r); + return false; + } + + ndr_err = call->ndr_push(push, NDR_OUT, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(r); + return false; + } + + blob = ndr_push_blob(push); + if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) { + talloc_free(r); + return false; + } + + talloc_free(r); + + return true; +} + static bool api_wbint_SetMapping(pipes_struct *p) { const struct ndr_interface_call *call; @@ -1779,6 +1852,7 @@ static struct api_struct api_wbint_cmds[] = {"WBINT_DSGETDCNAME", NDR_WBINT_DSGETDCNAME, api_wbint_DsGetDcName}, {"WBINT_LOOKUPRIDS", NDR_WBINT_LOOKUPRIDS, api_wbint_LookupRids}, {"WBINT_CHECKMACHINEACCOUNT", NDR_WBINT_CHECKMACHINEACCOUNT, api_wbint_CheckMachineAccount}, + {"WBINT_CHANGEMACHINEACCOUNT", NDR_WBINT_CHANGEMACHINEACCOUNT, api_wbint_ChangeMachineAccount}, {"WBINT_SETMAPPING", NDR_WBINT_SETMAPPING, api_wbint_SetMapping}, {"WBINT_REMOVEMAPPING", NDR_WBINT_REMOVEMAPPING, api_wbint_RemoveMapping}, {"WBINT_SETHWM", NDR_WBINT_SETHWM, api_wbint_SetHWM}, @@ -2035,6 +2109,12 @@ NTSTATUS rpc_wbint_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, co return NT_STATUS_OK; } + case NDR_WBINT_CHANGEMACHINEACCOUNT: { + struct wbint_ChangeMachineAccount *r = (struct wbint_ChangeMachineAccount *)_r; + r->out.result = _wbint_ChangeMachineAccount(cli->pipes_struct, r); + return NT_STATUS_OK; + } + case NDR_WBINT_SETMAPPING: { struct wbint_SetMapping *r = (struct wbint_SetMapping *)_r; r->out.result = _wbint_SetMapping(cli->pipes_struct, r); diff --git a/source3/librpc/gen_ndr/srv_wbint.h b/source3/librpc/gen_ndr/srv_wbint.h index 70738fcacf9..c8c04fb3cc6 100644 --- a/source3/librpc/gen_ndr/srv_wbint.h +++ b/source3/librpc/gen_ndr/srv_wbint.h @@ -20,6 +20,7 @@ NTSTATUS _wbint_QueryGroupList(pipes_struct *p, struct wbint_QueryGroupList *r); NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r); NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r); NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r); +NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r); NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r); NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r); NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r); @@ -44,6 +45,7 @@ NTSTATUS _wbint_QueryGroupList(pipes_struct *p, struct wbint_QueryGroupList *r); NTSTATUS _wbint_DsGetDcName(pipes_struct *p, struct wbint_DsGetDcName *r); NTSTATUS _wbint_LookupRids(pipes_struct *p, struct wbint_LookupRids *r); NTSTATUS _wbint_CheckMachineAccount(pipes_struct *p, struct wbint_CheckMachineAccount *r); +NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, struct wbint_ChangeMachineAccount *r); NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r); NTSTATUS _wbint_RemoveMapping(pipes_struct *p, struct wbint_RemoveMapping *r); NTSTATUS _wbint_SetHWM(pipes_struct *p, struct wbint_SetHWM *r); diff --git a/source3/librpc/gen_ndr/wbint.h b/source3/librpc/gen_ndr/wbint.h index 894e851ed12..1c6cdbc2199 100644 --- a/source3/librpc/gen_ndr/wbint.h +++ b/source3/librpc/gen_ndr/wbint.h @@ -294,6 +294,14 @@ struct wbint_CheckMachineAccount { }; +struct wbint_ChangeMachineAccount { + struct { + NTSTATUS result; + } out; + +}; + + struct wbint_SetMapping { struct { struct dom_sid *sid;/* [ref] */ diff --git a/source3/librpc/idl/wbint.idl b/source3/librpc/idl/wbint.idl index af59cb6b750..1f0192e73cd 100644 --- a/source3/librpc/idl/wbint.idl +++ b/source3/librpc/idl/wbint.idl @@ -147,6 +147,9 @@ interface wbint NTSTATUS wbint_CheckMachineAccount( ); + NTSTATUS wbint_ChangeMachineAccount( + ); + typedef [public] enum { WBINT_ID_TYPE_NOT_SPECIFIED, WBINT_ID_TYPE_UID, @@ -169,4 +172,4 @@ interface wbint [in] wbint_IdType type, [in] hyper id ); -} \ No newline at end of file +} diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index f0160fcb78f..e09374c5cb1 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -547,6 +547,8 @@ static struct winbindd_async_dispatch_table async_priv_table[] = { winbindd_remove_mapping_send, winbindd_remove_mapping_recv }, { WINBINDD_SET_HWM, "SET_HWM", winbindd_set_hwm_send, winbindd_set_hwm_recv }, + { WINBINDD_CHANGE_MACHACC, "CHANGE_MACHACC", + winbindd_change_machine_acct_send, winbindd_change_machine_acct_recv }, { 0, NULL, NULL, NULL } }; diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 543b8b12b75..c4bc936a5d6 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4360,6 +4360,7 @@ static bool wcache_opnum_cacheable(uint32_t opnum) case NDR_WBINT_ALLOCATEUID: case NDR_WBINT_ALLOCATEGID: case NDR_WBINT_CHECKMACHINEACCOUNT: + case NDR_WBINT_CHANGEMACHINEACCOUNT: return false; } return true; diff --git a/source3/winbindd/winbindd_change_machine_acct.c b/source3/winbindd/winbindd_change_machine_acct.c new file mode 100644 index 00000000000..a49315d1be9 --- /dev/null +++ b/source3/winbindd/winbindd_change_machine_acct.c @@ -0,0 +1,93 @@ +/* + Unix SMB/CIFS implementation. + async implementation of WINBINDD_CHANGE_MACHINE_ACCT + Copyright (C) Volker Lendecke 2009 + Copyright (C) Guenther Deschner 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "winbindd.h" +#include "librpc/gen_ndr/cli_wbint.h" + +struct winbindd_change_machine_acct_state { + uint8_t dummy; +}; + +static void winbindd_change_machine_acct_done(struct tevent_req *subreq); + +struct tevent_req *winbindd_change_machine_acct_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request) +{ + struct tevent_req *req, *subreq; + struct winbindd_change_machine_acct_state *state; + struct winbindd_domain *domain; + + req = tevent_req_create(mem_ctx, &state, + struct winbindd_change_machine_acct_state); + if (req == NULL) { + return NULL; + } + + domain = find_domain_from_name(request->domain_name); + if (domain == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_SUCH_DOMAIN); + return tevent_req_post(req, ev); + } + if (domain->internal) { + /* + * Internal domains are passdb based, we can always + * contact them. + */ + tevent_req_done(req); + return tevent_req_post(req, ev); + } + + subreq = rpccli_wbint_ChangeMachineAccount_send(state, ev, + domain->child.rpccli); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, winbindd_change_machine_acct_done, req); + return req; +} + +static void winbindd_change_machine_acct_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct winbindd_change_machine_acct_state *state = tevent_req_data( + req, struct winbindd_change_machine_acct_state); + NTSTATUS status, result; + + status = rpccli_wbint_ChangeMachineAccount_recv(subreq, state, &result); + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return; + } + if (!NT_STATUS_IS_OK(result)) { + tevent_req_nterror(req, result); + return; + } + tevent_req_done(req); +} + +NTSTATUS winbindd_change_machine_acct_recv(struct tevent_req *req, + struct winbindd_response *presp) +{ + return tevent_req_simple_recv_ntstatus(req); +} diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 337486107f6..f0bbee9f318 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -4,6 +4,7 @@ In-Child server implementation of the routines defined in wbint.idl Copyright (C) Volker Lendecke 2009 + Copyright (C) Guenther Deschner 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -448,6 +449,67 @@ again: return status; } +NTSTATUS _wbint_ChangeMachineAccount(pipes_struct *p, + struct wbint_ChangeMachineAccount *r) +{ + struct winbindd_domain *domain; + int num_retries = 0; + NTSTATUS status; + struct rpc_pipe_client *netlogon_pipe; + TALLOC_CTX *tmp_ctx; + +again: + domain = wb_child_domain(); + if (domain == NULL) { + return NT_STATUS_REQUEST_NOT_ACCEPTED; + } + + invalidate_cm_connection(&domain->conn); + + { + status = cm_connect_netlogon(domain, &netlogon_pipe); + } + + /* There is a race condition between fetching the trust account + password and the periodic machine password change. So it's + possible that the trust account password has been changed on us. + We are returned NT_STATUS_ACCESS_DENIED if this happens. */ + +#define MAX_RETRIES 3 + + if ((num_retries < MAX_RETRIES) + && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + num_retries++; + goto again; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + goto done; + } + + tmp_ctx = talloc_new(p->mem_ctx); + + status = trust_pw_find_change_and_store_it(netlogon_pipe, + tmp_ctx, + domain->name); + talloc_destroy(tmp_ctx); + + /* Pass back result code - zero for success, other values for + specific failures. */ + + DEBUG(3,("domain %s secret %s\n", domain->name, + NT_STATUS_IS_OK(status) ? "changed" : "unchanged")); + + done: + DEBUG(NT_STATUS_IS_OK(status) ? 5 : 2, + ("Changing the trust account password for domain %s returned %s\n", + domain->name, nt_errstr(status))); + + return status; +} + + NTSTATUS _wbint_SetMapping(pipes_struct *p, struct wbint_SetMapping *r) { struct id_map map; diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 307225877fd..21feddf6d65 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -995,6 +995,13 @@ struct tevent_req *winbindd_check_machine_acct_send(TALLOC_CTX *mem_ctx, NTSTATUS winbindd_check_machine_acct_recv(struct tevent_req *req, struct winbindd_response *presp); +struct tevent_req *winbindd_change_machine_acct_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request); +NTSTATUS winbindd_change_machine_acct_recv(struct tevent_req *req, + struct winbindd_response *presp); + struct tevent_req *winbindd_set_mapping_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct winbindd_cli_state *cli, -- 2.34.1