2 Unix SMB/CIFS implementation.
3 Main winbindd samba3 server routines
5 Copyright (C) Stefan Metzmacher 2005
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "smbd/service_stream.h"
25 #include "nsswitch/winbind_nss_config.h"
26 #include "nsswitch/winbindd_nss.h"
27 #include "winbind/wb_server.h"
28 #include "winbind/wb_samba3_protocol.h"
29 #include "winbind/wb_async_helpers.h"
30 #include "librpc/gen_ndr/nbt.h"
31 #include "libcli/raw/libcliraw.h"
32 #include "libcli/composite/composite.h"
33 #include "libcli/smb_composite/smb_composite.h"
34 #include "include/version.h"
35 #include "lib/events/events.h"
36 #include "librpc/gen_ndr/ndr_netlogon.h"
38 NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call)
40 s3call->response.result = WINBINDD_OK;
41 s3call->response.data.interface_version = WINBIND_INTERFACE_VERSION;
45 NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call)
47 s3call->response.result = WINBINDD_OK;
48 s3call->response.data.info.winbind_separator = *lp_winbind_separator();
49 WBSRV_SAMBA3_SET_STRING(s3call->response.data.info.samba_version, SAMBA_VERSION_STRING);
53 NTSTATUS wbsrv_samba3_domain_name(struct wbsrv_samba3_call *s3call)
55 s3call->response.result = WINBINDD_OK;
56 WBSRV_SAMBA3_SET_STRING(s3call->response.data.domain_name, lp_workgroup());
60 NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
62 s3call->response.result = WINBINDD_OK;
63 WBSRV_SAMBA3_SET_STRING(s3call->response.data.netbios_name, lp_netbios_name());
67 NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
69 s3call->response.result = WINBINDD_OK;
70 s3call->response.extra_data = smbd_tmp_path(s3call,
71 WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
72 NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data);
76 NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call)
78 s3call->response.result = WINBINDD_OK;
82 static void checkmachacc_recv_creds(struct composite_context *ctx);
84 NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call)
86 struct composite_context *ctx;
88 DEBUG(5, ("wbsrv_samba3_check_machacc called\n"));
90 ctx = wb_cmd_checkmachacc_send(s3call->call);
91 NT_STATUS_HAVE_NO_MEMORY(ctx);
93 ctx->async.fn = checkmachacc_recv_creds;
94 ctx->async.private_data = s3call;
95 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
99 static void checkmachacc_recv_creds(struct composite_context *ctx)
101 struct wbsrv_samba3_call *s3call =
102 talloc_get_type(ctx->async.private_data,
103 struct wbsrv_samba3_call);
106 status = wb_cmd_checkmachacc_recv(ctx);
107 if (NT_STATUS_IS_OK(status)) {
108 s3call->response.result = WINBINDD_OK;
110 struct winbindd_response *resp = &s3call->response;
111 resp->result = WINBINDD_ERROR;
112 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
114 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
116 resp->data.auth.pam_error = nt_status_to_pam(status);
118 status = wbsrv_send_reply(s3call->call);
119 if (!NT_STATUS_IS_OK(status)) {
120 wbsrv_terminate_connection(s3call->call->wbconn,
121 "wbsrv_queue_reply() failed");
126 static void getdcname_recv_dc(struct composite_context *ctx);
128 NTSTATUS wbsrv_samba3_getdcname(struct wbsrv_samba3_call *s3call)
130 struct composite_context *ctx;
131 struct wbsrv_service *service =
132 s3call->call->wbconn->listen_socket->service;
134 DEBUG(5, ("wbsrv_samba3_getdcname called\n"));
136 ctx = wb_cmd_getdcname_send(service, service->domains,
137 s3call->request.domain_name);
138 NT_STATUS_HAVE_NO_MEMORY(ctx);
140 ctx->async.fn = getdcname_recv_dc;
141 ctx->async.private_data = s3call;
142 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
146 static void getdcname_recv_dc(struct composite_context *ctx)
148 struct wbsrv_samba3_call *s3call =
149 talloc_get_type(ctx->async.private_data,
150 struct wbsrv_samba3_call);
154 status = wb_cmd_getdcname_recv(ctx, s3call, &dcname);
155 if (!NT_STATUS_IS_OK(status)) goto done;
157 s3call->response.result = WINBINDD_OK;
158 WBSRV_SAMBA3_SET_STRING(s3call->response.data.dc_name, dcname);
161 if (!NT_STATUS_IS_OK(status)) {
162 struct winbindd_response *resp = &s3call->response;
163 resp->result = WINBINDD_ERROR;
164 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
166 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
168 resp->data.auth.pam_error = nt_status_to_pam(status);
171 status = wbsrv_send_reply(s3call->call);
172 if (!NT_STATUS_IS_OK(status)) {
173 wbsrv_terminate_connection(s3call->call->wbconn,
174 "wbsrv_queue_reply() failed");
179 static void userdomgroups_recv_groups(struct composite_context *ctx);
181 NTSTATUS wbsrv_samba3_userdomgroups(struct wbsrv_samba3_call *s3call)
183 struct composite_context *ctx;
186 DEBUG(5, ("wbsrv_samba3_userdomgroups called\n"));
188 sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
190 DEBUG(5, ("Could not parse sid %s\n",
191 s3call->request.data.sid));
192 return NT_STATUS_NO_MEMORY;
196 ctx = wb_cmd_userdomgroups_send(
197 s3call->call->wbconn->listen_socket->service, sid);
198 NT_STATUS_HAVE_NO_MEMORY(ctx);
200 ctx->async.fn = userdomgroups_recv_groups;
201 ctx->async.private_data = s3call;
202 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
206 static void userdomgroups_recv_groups(struct composite_context *ctx)
208 struct wbsrv_samba3_call *s3call =
209 talloc_get_type(ctx->async.private_data,
210 struct wbsrv_samba3_call);
212 struct dom_sid **sids;
216 status = wb_cmd_userdomgroups_recv(ctx, s3call, &num_sids, &sids);
217 if (!NT_STATUS_IS_OK(status)) goto done;
219 sids_string = talloc_strdup(s3call, "");
220 if (sids_string == NULL) {
221 status = NT_STATUS_NO_MEMORY;
225 for (i=0; i<num_sids; i++) {
226 sids_string = talloc_asprintf_append(
227 sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
230 if (sids_string == NULL) {
231 status = NT_STATUS_NO_MEMORY;
235 s3call->response.result = WINBINDD_OK;
236 s3call->response.extra_data = sids_string;
237 s3call->response.length += strlen(sids_string)+1;
238 s3call->response.data.num_entries = num_sids;
241 if (!NT_STATUS_IS_OK(status)) {
242 struct winbindd_response *resp = &s3call->response;
243 resp->result = WINBINDD_ERROR;
244 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
246 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
248 resp->data.auth.pam_error = nt_status_to_pam(status);
251 status = wbsrv_send_reply(s3call->call);
252 if (!NT_STATUS_IS_OK(status)) {
253 wbsrv_terminate_connection(s3call->call->wbconn,
254 "wbsrv_queue_reply() failed");
259 static void usersids_recv_sids(struct composite_context *ctx);
261 NTSTATUS wbsrv_samba3_usersids(struct wbsrv_samba3_call *s3call)
263 struct composite_context *ctx;
266 DEBUG(5, ("wbsrv_samba3_usersids called\n"));
268 sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
270 DEBUG(5, ("Could not parse sid %s\n",
271 s3call->request.data.sid));
272 return NT_STATUS_NO_MEMORY;
275 ctx = wb_cmd_usersids_send(
276 s3call->call->wbconn->listen_socket->service, sid);
277 NT_STATUS_HAVE_NO_MEMORY(ctx);
279 ctx->async.fn = usersids_recv_sids;
280 ctx->async.private_data = s3call;
281 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
285 static void usersids_recv_sids(struct composite_context *ctx)
287 struct wbsrv_samba3_call *s3call =
288 talloc_get_type(ctx->async.private_data,
289 struct wbsrv_samba3_call);
291 struct dom_sid **sids;
295 status = wb_cmd_usersids_recv(ctx, s3call, &num_sids, &sids);
296 if (!NT_STATUS_IS_OK(status)) goto done;
298 sids_string = talloc_strdup(s3call, "");
299 if (sids_string == NULL) {
300 status = NT_STATUS_NO_MEMORY;
304 for (i=0; i<num_sids; i++) {
305 sids_string = talloc_asprintf_append(
306 sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
307 if (sids_string == NULL) {
308 status = NT_STATUS_NO_MEMORY;
313 s3call->response.result = WINBINDD_OK;
314 s3call->response.extra_data = sids_string;
315 s3call->response.length += strlen(sids_string);
316 s3call->response.data.num_entries = num_sids;
318 /* Hmmmm. Nasty protocol -- who invented the zeros between the
319 * SIDs? Hmmm. Could have been me -- vl */
321 while (*sids_string != '\0') {
322 if ((*sids_string) == '\n') {
329 if (!NT_STATUS_IS_OK(status)) {
330 struct winbindd_response *resp = &s3call->response;
331 resp->result = WINBINDD_ERROR;
332 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
334 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
336 resp->data.auth.pam_error = nt_status_to_pam(status);
339 status = wbsrv_send_reply(s3call->call);
340 if (!NT_STATUS_IS_OK(status)) {
341 wbsrv_terminate_connection(s3call->call->wbconn,
342 "wbsrv_queue_reply() failed");
347 static void lookupname_recv_sid(struct composite_context *ctx);
349 NTSTATUS wbsrv_samba3_lookupname(struct wbsrv_samba3_call *s3call)
351 struct composite_context *ctx;
352 struct wbsrv_service *service =
353 s3call->call->wbconn->listen_socket->service;
355 DEBUG(5, ("wbsrv_samba3_lookupname called\n"));
357 ctx = wb_cmd_lookupname_send(service, service->domains,
358 s3call->request.data.name.dom_name,
359 s3call->request.data.name.name);
360 NT_STATUS_HAVE_NO_MEMORY(ctx);
362 /* setup the callbacks */
363 ctx->async.fn = lookupname_recv_sid;
364 ctx->async.private_data = s3call;
365 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
369 static void lookupname_recv_sid(struct composite_context *ctx)
371 struct wbsrv_samba3_call *s3call =
372 talloc_get_type(ctx->async.private_data,
373 struct wbsrv_samba3_call);
374 struct wb_sid_object *sid;
377 status = wb_cmd_lookupname_recv(ctx, s3call, &sid);
378 if (!NT_STATUS_IS_OK(status)) goto done;
380 s3call->response.result = WINBINDD_OK;
381 s3call->response.data.sid.type = sid->type;
382 WBSRV_SAMBA3_SET_STRING(s3call->response.data.sid.sid,
383 dom_sid_string(s3call, sid->sid));
386 if (!NT_STATUS_IS_OK(status)) {
387 struct winbindd_response *resp = &s3call->response;
388 resp->result = WINBINDD_ERROR;
389 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
391 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
393 resp->data.auth.pam_error = nt_status_to_pam(status);
396 status = wbsrv_send_reply(s3call->call);
397 if (!NT_STATUS_IS_OK(status)) {
398 wbsrv_terminate_connection(s3call->call->wbconn,
399 "wbsrv_queue_reply() failed");
404 static void lookupsid_recv_name(struct composite_context *ctx);
406 NTSTATUS wbsrv_samba3_lookupsid(struct wbsrv_samba3_call *s3call)
408 struct composite_context *ctx;
409 struct wbsrv_service *service =
410 s3call->call->wbconn->listen_socket->service;
413 DEBUG(5, ("wbsrv_samba3_lookupsid called\n"));
415 sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
417 DEBUG(5, ("Could not parse sid %s\n",
418 s3call->request.data.sid));
419 return NT_STATUS_NO_MEMORY;
422 ctx = wb_cmd_lookupsid_send(service, service->domains, sid);
423 NT_STATUS_HAVE_NO_MEMORY(ctx);
425 /* setup the callbacks */
426 ctx->async.fn = lookupsid_recv_name;
427 ctx->async.private_data = s3call;
428 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
432 static void lookupsid_recv_name(struct composite_context *ctx)
434 struct wbsrv_samba3_call *s3call =
435 talloc_get_type(ctx->async.private_data,
436 struct wbsrv_samba3_call);
437 struct wb_sid_object *sid;
440 status = wb_cmd_lookupsid_recv(ctx, s3call, &sid);
441 if (!NT_STATUS_IS_OK(status)) goto done;
443 s3call->response.result = WINBINDD_OK;
444 s3call->response.data.name.type = sid->type;
445 WBSRV_SAMBA3_SET_STRING(s3call->response.data.name.dom_name,
447 WBSRV_SAMBA3_SET_STRING(s3call->response.data.name.name, sid->name);
450 if (!NT_STATUS_IS_OK(status)) {
451 struct winbindd_response *resp = &s3call->response;
452 resp->result = WINBINDD_ERROR;
453 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
455 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
457 resp->data.auth.pam_error = nt_status_to_pam(status);
460 status = wbsrv_send_reply(s3call->call);
461 if (!NT_STATUS_IS_OK(status)) {
462 wbsrv_terminate_connection(s3call->call->wbconn,
463 "wbsrv_queue_reply() failed");
468 NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
470 s3call->response.result = WINBINDD_ERROR;
475 static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
476 char **domain, char **user)
478 char *p = strchr(domuser, *lp_winbind_separator());
481 *domain = talloc_strdup(mem_ctx, lp_workgroup());
483 *domain = talloc_strndup(mem_ctx, domuser,
484 PTR_DIFF(p, domuser));
488 *user = talloc_strdup(mem_ctx, domuser);
490 return ((*domain != NULL) && (*user != NULL));
494 static void pam_auth_crap_recv(struct composite_context *ctx);
496 NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
498 struct composite_context *ctx;
500 DATA_BLOB chal, nt_resp, lm_resp;
502 DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
504 chal.data = s3call->request.data.auth_crap.chal;
505 chal.length = sizeof(s3call->request.data.auth_crap.chal);
506 nt_resp.data = s3call->request.data.auth_crap.nt_resp;
507 nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
508 lm_resp.data = s3call->request.data.auth_crap.lm_resp;
509 lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
511 ctx = wb_cmd_pam_auth_crap_send(
513 s3call->request.data.auth_crap.domain,
514 s3call->request.data.auth_crap.user,
515 s3call->request.data.auth_crap.workstation,
516 chal, nt_resp, lm_resp);
517 NT_STATUS_HAVE_NO_MEMORY(ctx);
519 ctx->async.fn = pam_auth_crap_recv;
520 ctx->async.private_data = s3call;
521 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
525 static void pam_auth_crap_recv(struct composite_context *ctx)
527 struct wbsrv_samba3_call *s3call =
528 talloc_get_type(ctx->async.private_data,
529 struct wbsrv_samba3_call);
530 struct winbindd_response *resp = &s3call->response;
533 struct netr_UserSessionKey user_session_key;
534 struct netr_LMSessionKey lm_key;
536 status = wb_cmd_pam_auth_crap_recv(ctx, s3call, &info3,
537 &user_session_key, &lm_key);
538 if (!NT_STATUS_IS_OK(status)) goto done;
540 if (s3call->request.flags & WBFLAG_PAM_USER_SESSION_KEY) {
541 memcpy(s3call->response.data.auth.user_session_key,
542 &user_session_key.key,
543 sizeof(s3call->response.data.auth.user_session_key));
546 if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) {
547 s3call->response.extra_data = info3.data;
548 s3call->response.length += info3.length;
551 if (s3call->request.flags & WBFLAG_PAM_LMKEY) {
552 memcpy(s3call->response.data.auth.first_8_lm_hash,
554 sizeof(s3call->response.data.auth.first_8_lm_hash));
557 resp->result = WINBINDD_OK;
560 if (!NT_STATUS_IS_OK(status)) {
561 resp->result = WINBINDD_ERROR;
562 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
564 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
566 resp->data.auth.pam_error = nt_status_to_pam(status);
569 status = wbsrv_send_reply(s3call->call);
570 if (!NT_STATUS_IS_OK(status)) {
571 wbsrv_terminate_connection(s3call->call->wbconn,
572 "wbsrv_queue_reply() failed");