search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-server: Remove duplicate logic
[samba4-gss.git] / source3 / libads / cldap.c
blob688fa759f94cefe323a1ed92805ca44d6e28bcfc
1 /*
2 Samba Unix/Linux SMB client library
3 net ads cldap functions
4 Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
5 Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
6 Copyright (C) 2008 Guenther Deschner (gd@samba.org)
7 Copyright (C) 2009 Stefan Metzmacher (metze@samba.org)
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "../libcli/cldap/cldap.h"
25 #include "../librpc/gen_ndr/ndr_netlogon.h"
26 #include "../lib/tsocket/tsocket.h"
27 #include "../lib/util/tevent_ntstatus.h"
28 #include "libads/cldap.h"
29
30 struct cldap_multi_netlogon_state {
31 struct tevent_context *ev;
32 const struct tsocket_address * const *servers;
33 int num_servers;
34 const char *domain;
35 const char *hostname;
36 unsigned ntversion;
37 int min_servers;
38
39 struct cldap_socket **cldap;
40 struct tevent_req **subreqs;
41 int num_sent;
42 int num_received;
43 int num_good_received;
44 struct cldap_netlogon *ios;
45 struct netlogon_samlogon_response **responses;
46 };
47
48 static void cldap_multi_netlogon_done(struct tevent_req *subreq);
49 static void cldap_multi_netlogon_next(struct tevent_req *subreq);
50
51 /****************************************************************
52 ****************************************************************/
53
54 #define RETURN_ON_FALSE(x) if (!(x)) return false;
55
56 bool check_cldap_reply_required_flags(uint32_t ret_flags,
57 uint32_t req_flags)
58 {
59 if (req_flags == 0) {
60 return true;
61 }
62
63 if (req_flags & DS_PDC_REQUIRED)
64 RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
65
66 if (req_flags & DS_GC_SERVER_REQUIRED)
67 RETURN_ON_FALSE(ret_flags & NBT_SERVER_GC);
68
69 if (req_flags & DS_ONLY_LDAP_NEEDED)
70 RETURN_ON_FALSE(ret_flags & NBT_SERVER_LDAP);
71
72 if ((req_flags & DS_DIRECTORY_SERVICE_REQUIRED) ||
73 (req_flags & DS_DIRECTORY_SERVICE_PREFERRED))
74 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS);
75
76 if (req_flags & DS_KDC_REQUIRED)
77 RETURN_ON_FALSE(ret_flags & NBT_SERVER_KDC);
78
79 if (req_flags & DS_TIMESERV_REQUIRED)
80 RETURN_ON_FALSE(ret_flags & NBT_SERVER_TIMESERV);
81
82 if (req_flags & DS_WEB_SERVICE_REQUIRED)
83 RETURN_ON_FALSE(ret_flags & NBT_SERVER_ADS_WEB_SERVICE);
84
85 if (req_flags & DS_WRITABLE_REQUIRED)
86 RETURN_ON_FALSE(ret_flags & NBT_SERVER_WRITABLE);
87
88 if (req_flags & DS_DIRECTORY_SERVICE_6_REQUIRED)
89 RETURN_ON_FALSE(ret_flags & (NBT_SERVER_SELECT_SECRET_DOMAIN_6
90 |NBT_SERVER_FULL_SECRET_DOMAIN_6));
91
92 if (req_flags & DS_DIRECTORY_SERVICE_8_REQUIRED)
93 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_8);
94
95 if (req_flags & DS_DIRECTORY_SERVICE_9_REQUIRED)
96 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_9);
97
98 if (req_flags & DS_DIRECTORY_SERVICE_10_REQUIRED)
99 RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_10);
100
101 return true;
102 }
103
104 /*
105 * Do a parallel cldap ping to the servers. The first "min_servers"
106 * are fired directly, the remaining ones in 100msec intervals. If
107 * "min_servers" responses came in successfully, we immediately reply,
108 * not waiting for the remaining ones.
109 */
110
111 struct tevent_req *cldap_multi_netlogon_send(
112 TALLOC_CTX *mem_ctx, struct tevent_context *ev,
113 const struct tsocket_address * const *servers, int num_servers,
114 const char *domain, const char *hostname, unsigned ntversion,
115 int min_servers)
116 {
117 struct tevent_req *req, *subreq;
118 struct cldap_multi_netlogon_state *state;
119 int i;
120
121 req = tevent_req_create(mem_ctx, &state,
122 struct cldap_multi_netlogon_state);
123 if (req == NULL) {
124 return NULL;
125 }
126 state->ev = ev;
127 state->servers = servers;
128 state->num_servers = num_servers;
129 state->domain = domain;
130 state->hostname = hostname;
131 state->ntversion = ntversion;
132 state->min_servers = min_servers;
133
134 if (min_servers > num_servers) {
135 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
136 return tevent_req_post(req, ev);
137 }
138
139 state->subreqs = talloc_zero_array(state,
140 struct tevent_req *,
141 num_servers);
142 if (tevent_req_nomem(state->subreqs, req)) {
143 return tevent_req_post(req, ev);
144 }
145
146 state->cldap = talloc_zero_array(state,
147 struct cldap_socket *,
148 num_servers);
149 if (tevent_req_nomem(state->cldap, req)) {
150 return tevent_req_post(req, ev);
151 }
152
153 state->responses = talloc_zero_array(state,
154 struct netlogon_samlogon_response *,
155 num_servers);
156 if (tevent_req_nomem(state->responses, req)) {
157 return tevent_req_post(req, ev);
158 }
159
160 state->ios = talloc_array(state->responses,
161 struct cldap_netlogon,
162 num_servers);
163 if (tevent_req_nomem(state->ios, req)) {
164 return tevent_req_post(req, ev);
165 }
166
167 for (i=0; i<num_servers; i++) {
168 NTSTATUS status;
169
170 status = cldap_socket_init(state->cldap,
171 NULL, /* local_addr */
172 state->servers[i],
173 &state->cldap[i]);
174 if (!NT_STATUS_IS_OK(status)) {
175 /*
176 * Don't error out all sends just
177 * because one cldap_socket_init() failed.
178 * Log it here, and the cldap_netlogon_send()
179 * will catch it (with in.dest_address == NULL)
180 * and correctly error out in
181 * cldap_multi_netlogon_done(). This still allows
182 * the other requests to be concurrently sent.
183 */
184 DBG_NOTICE("cldap_socket_init failed for %s "
185 " error %s\n",
186 tsocket_address_string(state->servers[i],
187 req),
188 nt_errstr(status));
189 }
190
191 state->ios[i] = (struct cldap_netlogon){
192 .in.realm = domain, .in.version = ntversion};
193 }
194
195 for (i=0; i<min_servers; i++) {
196 state->subreqs[i] = cldap_netlogon_send(state->subreqs,
197 state->ev,
198 state->cldap[i],
199 &state->ios[i]);
200 if (tevent_req_nomem(state->subreqs[i], req)) {
201 return tevent_req_post(req, ev);
202 }
203 tevent_req_set_callback(
204 state->subreqs[i], cldap_multi_netlogon_done, req);
205 }
206 state->num_sent = min_servers;
207
208 if (state->num_sent < state->num_servers) {
209 /*
210 * After 100 milliseconds fire the next one
211 */
212 subreq = tevent_wakeup_send(state, state->ev,
213 timeval_current_ofs(0, 100000));
214 if (tevent_req_nomem(subreq, req)) {
215 return tevent_req_post(req, ev);
216 }
217 tevent_req_set_callback(subreq, cldap_multi_netlogon_next,
218 req);
219 }
220
221 return req;
222 }
223
224 static void cldap_multi_netlogon_done(struct tevent_req *subreq)
225 {
226 struct tevent_req *req = tevent_req_callback_data(
227 subreq, struct tevent_req);
228 struct cldap_multi_netlogon_state *state = tevent_req_data(
229 req, struct cldap_multi_netlogon_state);
230 NTSTATUS status;
231 struct netlogon_samlogon_response *response = NULL;
232 int i;
233
234 for (i=0; i<state->num_sent; i++) {
235 if (state->subreqs[i] == subreq) {
236 break;
237 }
238 }
239 if (i == state->num_sent) {
240 /*
241 * Got a response we did not fire...
242 */
243 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
244 return;
245 }
246 state->subreqs[i] = NULL;
247
248 response = talloc_zero(state, struct netlogon_samlogon_response);
249 if (tevent_req_nomem(response, req)) {
250 return;
251 }
252
253 status = cldap_netlogon_recv(subreq, response,
254 &state->ios[i]);
255 TALLOC_FREE(subreq);
256 state->num_received += 1;
257
258 if (NT_STATUS_IS_OK(status)) {
259 *response = state->ios[i].out.netlogon;
260 state->responses[i] = talloc_move(state->responses,
261 &response);
262 state->num_good_received += 1;
263 }
264
265 if ((state->num_received == state->num_servers) ||
266 (state->num_good_received >= state->min_servers)) {
267 tevent_req_done(req);
268 return;
269 }
270 }
271
272 static void cldap_multi_netlogon_next(struct tevent_req *subreq)
273 {
274 struct tevent_req *req = tevent_req_callback_data(
275 subreq, struct tevent_req);
276 struct cldap_multi_netlogon_state *state = tevent_req_data(
277 req, struct cldap_multi_netlogon_state);
278 bool ret;
279
280 ret = tevent_wakeup_recv(subreq);
281 TALLOC_FREE(subreq);
282 if (!ret) {
283 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
284 return;
285 }
286
287 subreq = cldap_netlogon_send(state->subreqs,
288 state->ev,
289 state->cldap[state->num_sent],
290 &state->ios[state->num_sent]);
291 if (tevent_req_nomem(subreq, req)) {
292 return;
293 }
294 tevent_req_set_callback(subreq, cldap_multi_netlogon_done, req);
295 state->subreqs[state->num_sent] = subreq;
296 state->num_sent += 1;
297
298 if (state->num_sent < state->num_servers) {
299 /*
300 * After 100 milliseconds fire the next one
301 */
302 subreq = tevent_wakeup_send(state, state->ev,
303 timeval_current_ofs(0, 100000));
304 if (tevent_req_nomem(subreq, req)) {
305 return;
306 }
307 tevent_req_set_callback(subreq, cldap_multi_netlogon_next,
308 req);
309 }
310 }
311
312 NTSTATUS cldap_multi_netlogon_recv(
313 struct tevent_req *req, TALLOC_CTX *mem_ctx,
314 struct netlogon_samlogon_response ***responses)
315 {
316 struct cldap_multi_netlogon_state *state = tevent_req_data(
317 req, struct cldap_multi_netlogon_state);
318 NTSTATUS status;
319
320 if (tevent_req_is_nterror(req, &status) &&
321 !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
322 return status;
323 }
324 /*
325 * If we timeout, give back what we have so far
326 */
327 *responses = talloc_move(mem_ctx, &state->responses);
328 return NT_STATUS_OK;
329 }
330
331 NTSTATUS cldap_multi_netlogon(
332 TALLOC_CTX *mem_ctx,
333 const struct tsocket_address * const *servers,
334 int num_servers,
335 const char *domain, const char *hostname, unsigned ntversion,
336 int min_servers, struct timeval timeout,
337 struct netlogon_samlogon_response ***responses)
338 {
339 struct tevent_context *ev;
340 struct tevent_req *req;
341 NTSTATUS status = NT_STATUS_NO_MEMORY;
342
343 ev = samba_tevent_context_init(talloc_tos());
344 if (ev == NULL) {
345 goto fail;
346 }
347 req = cldap_multi_netlogon_send(
348 ev, ev, servers, num_servers, domain, hostname, ntversion,
349 min_servers);
350 if (req == NULL) {
351 goto fail;
352 }
353 if (!tevent_req_set_endtime(req, ev, timeout)) {
354 goto fail;
355 }
356 if (!tevent_req_poll_ntstatus(req, ev, &status)) {
357 goto fail;
358 }
359 status = cldap_multi_netlogon_recv(req, mem_ctx, responses);
360 fail:
361 TALLOC_FREE(ev);
362 return status;
363 }
364
365 /*******************************************************************
366 do a cldap netlogon query. Always 389/udp
367 *******************************************************************/
368
369 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
370 struct sockaddr_storage *ss,
371 const char *realm,
372 uint32_t nt_version,
373 struct netlogon_samlogon_response **_reply)
374 {
375 NTSTATUS status;
376 char addrstr[INET6_ADDRSTRLEN];
377 const char *dest_str;
378 struct tsocket_address *dest_addr;
379 const struct tsocket_address * const *dest_addrs;
380 struct netlogon_samlogon_response **responses = NULL;
381 int ret;
382
383 dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
384
385 ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
386 dest_str, LDAP_PORT,
387 &dest_addr);
388 if (ret != 0) {
389 status = map_nt_error_from_unix(errno);
390 DEBUG(2,("Failed to create cldap tsocket_address for %s - %s\n",
391 dest_str, nt_errstr(status)));
392 return false;
393 }
394
395 dest_addrs = (const struct tsocket_address * const *)&dest_addr;
396
397 status = cldap_multi_netlogon(talloc_tos(),
398 dest_addrs, 1,
399 realm, NULL,
400 nt_version, 1,
401 timeval_current_ofs(MAX(3,lp_ldap_timeout()/2), 0),
402 &responses);
403 if (!NT_STATUS_IS_OK(status)) {
404 DBG_NOTICE("cldap_multi_netlogon failed: %s\n",
405 nt_errstr(status));
406 return false;
407 }
408 if (responses == NULL || responses[0] == NULL) {
409 DBG_NOTICE("did not get a reply\n");
410 TALLOC_FREE(responses);
411 return false;
412 }
413 *_reply = talloc_move(mem_ctx, &responses[0]);
414
415 return true;
416 }
417
418 /*******************************************************************
419 do a cldap netlogon query. Always 389/udp
420 *******************************************************************/
421
422 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
423 struct sockaddr_storage *ss,
424 const char *realm,
425 struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
426 {
427 uint32_t nt_version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
428 struct netlogon_samlogon_response *reply = NULL;
429 bool ret;
430
431 ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
432 if (!ret) {
433 return false;
434 }
435
436 if (reply->ntver != NETLOGON_NT_VERSION_5EX) {
437 DEBUG(0,("ads_cldap_netlogon_5: nt_version mismatch: 0x%08x\n",
438 reply->ntver));
439 return false;
440 }
441
442 *reply5 = reply->data.nt5_ex;
443
444 return true;
445 }
GSS-enabled samba4