source3/winbindd/winbindd_reconnect_ads.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Wrapper around winbindd_ads.c to centralize retry logic.
   5    Copyright (C) Christof Schmitt 2016
   6
   7    Based on winbindd_reconnect.c
   8    Copyright (C) Volker Lendecke 2005
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "winbindd.h"
  26
  27 #ifdef HAVE_ADS
  28
  29 #undef DBGC_CLASS
  30 #define DBGC_CLASS DBGC_WINBIND
  31
  32 extern struct winbindd_methods ads_methods;
  33
  34 /* List all users */
  35 static NTSTATUS query_user_list(struct winbindd_domain *domain,
  36                                 TALLOC_CTX *mem_ctx,
  37                                 uint32_t *num_entries,
  38                                 struct wbint_userinfo **info)
  39 {
  40         NTSTATUS result;
  41
  42         result = ads_methods.query_user_list(domain, mem_ctx,
  43                                              num_entries, info);
  44
  45         if (reconnect_need_retry(result, domain)) {
  46                 result = ads_methods.query_user_list(domain, mem_ctx,
  47                                                      num_entries, info);
  48         }
  49
  50         return result;
  51 }
  52
  53 /* list all domain groups */
  54 static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
  55                                 TALLOC_CTX *mem_ctx,
  56                                 uint32_t *num_entries,
  57                                 struct wb_acct_info **info)
  58 {
  59         NTSTATUS result;
  60
  61         result = ads_methods.enum_dom_groups(domain, mem_ctx,
  62                                              num_entries, info);
  63
  64         if (reconnect_need_retry(result, domain)) {
  65                 result = ads_methods.enum_dom_groups(domain, mem_ctx,
  66                                                      num_entries, info);
  67         }
  68
  69         return result;
  70 }
  71
  72 /* List all domain groups */
  73 static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
  74                                   TALLOC_CTX *mem_ctx,
  75                                   uint32_t *num_entries,
  76                                   struct wb_acct_info **info)
  77 {
  78         NTSTATUS result;
  79
  80         result = ads_methods.enum_local_groups(domain, mem_ctx,
  81                                                num_entries, info);
  82
  83         if (reconnect_need_retry(result, domain)) {
  84                 result = ads_methods.enum_local_groups(domain, mem_ctx,
  85                                                        num_entries, info);
  86         }
  87
  88         return result;
  89 }
  90
  91 /* convert a single name to a sid in a domain */
  92 static NTSTATUS name_to_sid(struct winbindd_domain *domain,
  93                             TALLOC_CTX *mem_ctx,
  94                             const char *domain_name,
  95                             const char *name,
  96                             uint32_t flags,
  97                             struct dom_sid *sid,
  98                             enum lsa_SidType *type)
  99 {
 100         NTSTATUS result;
 101
 102         result = ads_methods.name_to_sid(domain, mem_ctx, domain_name, name,
 103                                          flags, sid, type);
 104
 105         if (reconnect_need_retry(result, domain)) {
 106                 result = ads_methods.name_to_sid(domain, mem_ctx,
 107                                                  domain_name, name, flags,
 108                                                  sid, type);
 109         }
 110
 111         return result;
 112 }
 113
 114 /*
 115   convert a domain SID to a user or group name
 116 */
 117 static NTSTATUS sid_to_name(struct winbindd_domain *domain,
 118                             TALLOC_CTX *mem_ctx,
 119                             const struct dom_sid *sid,
 120                             char **domain_name,
 121                             char **name,
 122                             enum lsa_SidType *type)
 123 {
 124         NTSTATUS result;
 125
 126         result = ads_methods.sid_to_name(domain, mem_ctx, sid,
 127                                          domain_name, name, type);
 128
 129         if (reconnect_need_retry(result, domain))
 130                 result = ads_methods.sid_to_name(domain, mem_ctx, sid,
 131                                                  domain_name, name, type);
 132
 133         return result;
 134 }
 135
 136 static NTSTATUS rids_to_names(struct winbindd_domain *domain,
 137                               TALLOC_CTX *mem_ctx,
 138                               const struct dom_sid *sid,
 139                               uint32_t *rids,
 140                               size_t num_rids,
 141                               char **domain_name,
 142                               char ***names,
 143                               enum lsa_SidType **types)
 144 {
 145         NTSTATUS result;
 146
 147         result = ads_methods.rids_to_names(domain, mem_ctx, sid,
 148                                            rids, num_rids,
 149                                            domain_name, names, types);
 150         if (reconnect_need_retry(result, domain)) {
 151                 result = ads_methods.rids_to_names(domain, mem_ctx, sid,
 152                                                    rids, num_rids, domain_name,
 153                                                    names, types);
 154         }
 155
 156         return result;
 157 }
 158
 159 /* Lookup groups a user is a member of.  I wish Unix had a call like this! */
 160 static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 161                                   TALLOC_CTX *mem_ctx,
 162                                   const struct dom_sid *user_sid,
 163                                   uint32_t *num_groups,
 164                                   struct dom_sid **user_gids)
 165 {
 166         NTSTATUS result;
 167
 168         result = ads_methods.lookup_usergroups(domain, mem_ctx, user_sid,
 169                                                num_groups, user_gids);
 170
 171         if (reconnect_need_retry(result, domain)) {
 172                 result = ads_methods.lookup_usergroups(domain, mem_ctx,
 173                                                        user_sid, num_groups,
 174                                                        user_gids);
 175         }
 176
 177         return result;
 178 }
 179
 180 static NTSTATUS lookup_useraliases(struct winbindd_domain *domain,
 181                                    TALLOC_CTX *mem_ctx,
 182                                    uint32_t num_sids,
 183                                    const struct dom_sid *sids,
 184                                    uint32_t *num_aliases, uint32_t **alias_rids)
 185 {
 186         NTSTATUS result;
 187
 188         result = ads_methods.lookup_useraliases(domain, mem_ctx, num_sids, sids,
 189                                                 num_aliases, alias_rids);
 190
 191         if (reconnect_need_retry(result, domain)) {
 192                 result = ads_methods.lookup_useraliases(domain, mem_ctx,
 193                                                         num_sids, sids,
 194                                                         num_aliases,
 195                                                         alias_rids);
 196         }
 197
 198         return result;
 199 }
 200
 201 /* Lookup group membership given a rid.   */
 202 static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 203                                 TALLOC_CTX *mem_ctx,
 204                                 const struct dom_sid *group_sid,
 205                                 enum lsa_SidType type,
 206                                 uint32_t *num_names,
 207                                 struct dom_sid **sid_mem, char ***names,
 208                                 uint32_t **name_types)
 209 {
 210         NTSTATUS result;
 211
 212         result = ads_methods.lookup_groupmem(domain, mem_ctx, group_sid, type,
 213                                              num_names, sid_mem, names,
 214                                              name_types);
 215
 216         if (reconnect_need_retry(result, domain)) {
 217                 result = ads_methods.lookup_groupmem(domain, mem_ctx, group_sid,
 218                                                      type, num_names, sid_mem,
 219                                                      names, name_types);
 220         }
 221
 222         return result;
 223 }
 224
 225 /* find the sequence number for a domain */
 226 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32_t *seq)
 227 {
 228         NTSTATUS result;
 229
 230         result = ads_methods.sequence_number(domain, seq);
 231
 232         if (reconnect_need_retry(result, domain)) {
 233                 result = ads_methods.sequence_number(domain, seq);
 234         }
 235
 236         return result;
 237 }
 238
 239 /* find the lockout policy of a domain */
 240 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 241                                TALLOC_CTX *mem_ctx,
 242                                struct samr_DomInfo12 *policy)
 243 {
 244         NTSTATUS result;
 245
 246         result = ads_methods.lockout_policy(domain, mem_ctx, policy);
 247
 248         if (reconnect_need_retry(result, domain)) {
 249                 result = ads_methods.lockout_policy(domain, mem_ctx, policy);
 250         }
 251
 252         return result;
 253 }
 254
 255 /* find the password policy of a domain */
 256 static NTSTATUS password_policy(struct winbindd_domain *domain,
 257                                 TALLOC_CTX *mem_ctx,
 258                                 struct samr_DomInfo1 *policy)
 259 {
 260         NTSTATUS result;
 261
 262         result = ads_methods.password_policy(domain, mem_ctx, policy);
 263
 264         if (reconnect_need_retry(result, domain)) {
 265                 result = ads_methods.password_policy(domain, mem_ctx, policy);
 266         }
 267
 268         return result;
 269 }
 270
 271 /* get a list of trusted domains */
 272 static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 273                                 TALLOC_CTX *mem_ctx,
 274                                 struct netr_DomainTrustList *trusts)
 275 {
 276         NTSTATUS result;
 277
 278         result = ads_methods.trusted_domains(domain, mem_ctx, trusts);
 279
 280         if (reconnect_need_retry(result, domain)) {
 281                 result = ads_methods.trusted_domains(domain, mem_ctx, trusts);
 282         }
 283
 284         return result;
 285 }
 286
 287 /* the rpc backend methods are exposed via this structure */
 288 struct winbindd_methods reconnect_ads_methods = {
 289         true,
 290         query_user_list,
 291         enum_dom_groups,
 292         enum_local_groups,
 293         name_to_sid,
 294         sid_to_name,
 295         rids_to_names,
 296         lookup_usergroups,
 297         lookup_useraliases,
 298         lookup_groupmem,
 299         sequence_number,
 300         lockout_policy,
 301         password_policy,
 302         trusted_domains,
 303 };
 304
 305 #endif