diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-07-23 02:56:51 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:01:16 -0500 |
commit | dc25ec5ce736b21cdcccddff12e6c9d9c0706df8 (patch) | |
tree | 4d2cad905540139f8575c7cfb3de34a54dc076e5 | |
parent | ae0115d8dbf05c52c631ea915f036a2129cd033e (diff) | |
download | samba-dc25ec5ce736b21cdcccddff12e6c9d9c0706df8.tar.gz samba-dc25ec5ce736b21cdcccddff12e6c9d9c0706df8.tar.bz2 samba-dc25ec5ce736b21cdcccddff12e6c9d9c0706df8.zip |
r23995: Work to allow mimir's libnet code to be called from winbind.
We now setup a libnet_ctx for each domain. We should then be able to
replace/merge some more of the winbind code with libnet calls,
referencing domain->libnet_ctx.
Andrew Bartlett
(This used to be commit bad2dc14d704be59300f619c84694c11620559e0)
-rw-r--r-- | source4/winbind/wb_cmd_list_trustdom.c | 2 | ||||
-rw-r--r-- | source4/winbind/wb_cmd_lookupname.c | 4 | ||||
-rw-r--r-- | source4/winbind/wb_cmd_lookupsid.c | 4 | ||||
-rw-r--r-- | source4/winbind/wb_cmd_userdomgroups.c | 13 | ||||
-rw-r--r-- | source4/winbind/wb_cmd_usersids.c | 4 | ||||
-rw-r--r-- | source4/winbind/wb_connect_sam.c | 10 | ||||
-rw-r--r-- | source4/winbind/wb_init_domain.c | 59 | ||||
-rw-r--r-- | source4/winbind/wb_sam_logon.c | 4 | ||||
-rw-r--r-- | source4/winbind/wb_server.h | 10 |
9 files changed, 53 insertions, 57 deletions
diff --git a/source4/winbind/wb_cmd_list_trustdom.c b/source4/winbind/wb_cmd_list_trustdom.c index d849658d7b..83bd517a02 100644 --- a/source4/winbind/wb_cmd_list_trustdom.c +++ b/source4/winbind/wb_cmd_list_trustdom.c @@ -81,7 +81,7 @@ static void cmd_list_trustdoms_recv_domain(struct composite_context *ctx) state->ctx->status = wb_sid2domain_recv(ctx, &domain); if (!composite_is_ok(state->ctx)) return; - tree = dcerpc_smb_tree(domain->lsa_pipe->conn); + tree = dcerpc_smb_tree(domain->libnet_ctx->lsa.pipe->conn); if (composite_nomem(tree, state->ctx)) return; ctx = wb_init_lsa_send(state, domain); diff --git a/source4/winbind/wb_cmd_lookupname.c b/source4/winbind/wb_cmd_lookupname.c index 8eed5b2d71..9839e2cd80 100644 --- a/source4/winbind/wb_cmd_lookupname.c +++ b/source4/winbind/wb_cmd_lookupname.c @@ -76,8 +76,8 @@ static void lookupname_recv_domain(struct composite_context *ctx) state->ctx->status = wb_sid2domain_recv(ctx, &domain); if (!composite_is_ok(state->ctx)) return; - ctx = wb_lsa_lookupnames_send(state, domain->lsa_pipe, - domain->lsa_policy_handle, 1, &state->name); + ctx = wb_lsa_lookupnames_send(state, domain->libnet_ctx->lsa.pipe, + &domain->libnet_ctx->lsa.handle, 1, &state->name); composite_continue(state->ctx, ctx, lookupname_recv_sids, state); } diff --git a/source4/winbind/wb_cmd_lookupsid.c b/source4/winbind/wb_cmd_lookupsid.c index e555c4ba8c..2d72ae2072 100644 --- a/source4/winbind/wb_cmd_lookupsid.c +++ b/source4/winbind/wb_cmd_lookupsid.c @@ -76,8 +76,8 @@ static void lookupsid_recv_domain(struct composite_context *ctx) state->ctx->status = wb_sid2domain_recv(ctx, &domain); if (!composite_is_ok(state->ctx)) return; - ctx = wb_lsa_lookupsids_send(state, domain->lsa_pipe, - domain->lsa_policy_handle, 1, &state->sid); + ctx = wb_lsa_lookupsids_send(state, domain->libnet_ctx->lsa.pipe, + &domain->libnet_ctx->lsa.handle, 1, &state->sid); composite_continue(state->ctx, ctx, lookupsid_recv_names, state); } diff --git a/source4/winbind/wb_cmd_userdomgroups.c b/source4/winbind/wb_cmd_userdomgroups.c index d6091b745e..649fe489cc 100644 --- a/source4/winbind/wb_cmd_userdomgroups.c +++ b/source4/winbind/wb_cmd_userdomgroups.c @@ -59,11 +59,12 @@ struct composite_context *wb_cmd_userdomgroups_send(TALLOC_CTX *mem_ctx, state->user_rid = sid->sub_auths[sid->num_auths-1]; ctx = wb_sid2domain_send(state, service, sid); - if (ctx == NULL) goto failed; - ctx->async.fn = userdomgroups_recv_domain; - ctx->async.private_data = state; - return result; + composite_continue(state->ctx, ctx, userdomgroups_recv_domain, state); + + if (ctx) { + return result; + } failed: talloc_free(result); @@ -80,8 +81,8 @@ static void userdomgroups_recv_domain(struct composite_context *ctx) state->ctx->status = wb_sid2domain_recv(ctx, &domain); if (!composite_is_ok(state->ctx)) return; - ctx = wb_samr_userdomgroups_send(state, domain->samr_pipe, - domain->domain_handle, + ctx = wb_samr_userdomgroups_send(state, domain->libnet_ctx->samr.pipe, + &domain->libnet_ctx->samr.handle, state->user_rid); composite_continue(state->ctx, ctx, userdomgroups_recv_rids, state); diff --git a/source4/winbind/wb_cmd_usersids.c b/source4/winbind/wb_cmd_usersids.c index f967dc83d9..b414cf6313 100644 --- a/source4/winbind/wb_cmd_usersids.c +++ b/source4/winbind/wb_cmd_usersids.c @@ -122,11 +122,11 @@ static void usersids_recv_domain(struct composite_context *ctx) state->rids.count = 0; state->rids.ids = NULL; - state->r.in.domain_handle = domain->domain_handle; + state->r.in.domain_handle = &domain->libnet_ctx->samr.handle; state->r.in.sids = &state->lsa_sids; state->r.out.rids = &state->rids; - req = dcerpc_samr_GetAliasMembership_send(domain->samr_pipe, state, + req = dcerpc_samr_GetAliasMembership_send(domain->libnet_ctx->samr.pipe, state, &state->r); composite_continue_rpc(state->ctx, req, usersids_recv_aliases, state); } diff --git a/source4/winbind/wb_connect_sam.c b/source4/winbind/wb_connect_sam.c index 935ba266d3..e9adce9c19 100644 --- a/source4/winbind/wb_connect_sam.c +++ b/source4/winbind/wb_connect_sam.c @@ -70,7 +70,7 @@ struct composite_context *wb_connect_samr_send(TALLOC_CTX *mem_ctx, ctx = dcerpc_secondary_auth_connection_send(domain->netlogon_pipe, domain->samr_binding, &dcerpc_table_samr, - domain->schannel_creds); + domain->libnet_ctx->cred); composite_continue(state->ctx, ctx, connect_samr_recv_pipe, state); return result; @@ -145,8 +145,8 @@ static void connect_samr_recv_open(struct rpc_request *req) NTSTATUS wb_connect_samr_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, struct dcerpc_pipe **samr_pipe, - struct policy_handle **connect_handle, - struct policy_handle **domain_handle) + struct policy_handle *connect_handle, + struct policy_handle *domain_handle) { NTSTATUS status = composite_wait(c); if (NT_STATUS_IS_OK(status)) { @@ -154,8 +154,8 @@ NTSTATUS wb_connect_samr_recv(struct composite_context *c, talloc_get_type(c->private_data, struct connect_samr_state); *samr_pipe = talloc_steal(mem_ctx, state->samr_pipe); - *connect_handle = talloc_steal(mem_ctx, state->connect_handle); - *domain_handle = talloc_steal(mem_ctx, state->domain_handle); + *connect_handle = *state->connect_handle; + *domain_handle = *state->domain_handle; } talloc_free(c); return status; diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index cdc1491f2b..eabb23dd45 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -142,25 +142,26 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, state->domain->dc_name = dom_info->dcs[0].name; state->domain->dc_address = dom_info->dcs[0].address; + state->domain->libnet_ctx = libnet_context_init(service->task->event_ctx); + /* Create a credentials structure */ - state->domain->schannel_creds = cli_credentials_init(state->domain); - if (state->domain->schannel_creds == NULL) goto failed; + state->domain->libnet_ctx->cred = cli_credentials_init(state->domain); + if (state->domain->libnet_ctx->cred == NULL) goto failed; - cli_credentials_set_event_context(state->domain->schannel_creds, service->task->event_ctx); + cli_credentials_set_event_context(state->domain->libnet_ctx->cred, service->task->event_ctx); - cli_credentials_set_conf(state->domain->schannel_creds); + cli_credentials_set_conf(state->domain->libnet_ctx->cred); /* Connect the machine account to the credentials */ state->ctx->status = - cli_credentials_set_machine_account(state->domain-> - schannel_creds); + cli_credentials_set_machine_account(state->domain->libnet_ctx->cred); if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed; state->domain->netlogon_binding = init_domain_binding(state, &dcerpc_table_netlogon); state->domain->netlogon_pipe = NULL; - if ((!cli_credentials_is_anonymous(state->domain->schannel_creds)) && + if ((!cli_credentials_is_anonymous(state->domain->libnet_ctx->cred)) && ((lp_server_role() == ROLE_DOMAIN_MEMBER) || (lp_server_role() == ROLE_DOMAIN_CONTROLLER)) && (dom_sid_equal(state->domain->info->sid, @@ -179,7 +180,7 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, ctx = dcerpc_pipe_connect_b_send(state, state->domain->netlogon_binding, &dcerpc_table_netlogon, - state->domain->schannel_creds, + state->domain->libnet_ctx->cred, service->task->event_ctx); if (composite_nomem(ctx, state->ctx)) { @@ -220,14 +221,14 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx) state->domain->lsa_binding->flags |= (DCERPC_SIGN); } - state->domain->lsa_pipe = NULL; + state->domain->libnet_ctx->lsa.pipe = NULL; /* this will make the secondary connection on the same IPC$ share, secured with SPNEGO or NTLMSSP */ ctx = dcerpc_secondary_auth_connection_send(state->domain->netlogon_pipe, state->domain->lsa_binding, &dcerpc_table_lsarpc, - state->domain->schannel_creds + state->domain->libnet_ctx->cred ); composite_continue(state->ctx, ctx, init_domain_recv_lsa_pipe, state); } @@ -253,7 +254,7 @@ static bool retry_with_schannel(struct init_domain_state *state, ctx = dcerpc_secondary_auth_connection_send(state->domain->netlogon_pipe, binding, table, - state->domain->schannel_creds); + state->domain->libnet_ctx->cred); composite_continue(state->ctx, ctx, continuation, state); return true; } else { @@ -271,7 +272,7 @@ static void init_domain_recv_lsa_pipe(struct composite_context *ctx) struct init_domain_state); state->ctx->status = dcerpc_secondary_auth_connection_recv(ctx, state->domain, - &state->domain->lsa_pipe); + &state->domain->libnet_ctx->lsa.pipe); if (NT_STATUS_EQUAL(state->ctx->status, NT_STATUS_LOGON_FAILURE)) { if (retry_with_schannel(state, state->domain->lsa_binding, &dcerpc_table_lsarpc, @@ -281,21 +282,19 @@ static void init_domain_recv_lsa_pipe(struct composite_context *ctx) } if (!composite_is_ok(state->ctx)) return; - talloc_steal(state->domain, state->domain->lsa_pipe); - talloc_steal(state->domain->lsa_pipe, state->domain->lsa_binding); - - state->domain->lsa_policy_handle = talloc(state, struct policy_handle); - if (composite_nomem(state->domain->lsa_policy_handle, state->ctx)) return; + talloc_steal(state->domain->libnet_ctx, state->domain->libnet_ctx->lsa.pipe); + talloc_steal(state->domain->libnet_ctx->lsa.pipe, state->domain->lsa_binding); + ZERO_STRUCT(state->domain->libnet_ctx->lsa.handle); state->lsa_openpolicy.in.system_name = talloc_asprintf(state, "\\\\%s", - dcerpc_server_name(state->domain->lsa_pipe)); + dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe)); ZERO_STRUCT(state->objectattr); state->lsa_openpolicy.in.attr = &state->objectattr; state->lsa_openpolicy.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - state->lsa_openpolicy.out.handle = state->domain->lsa_policy_handle; + state->lsa_openpolicy.out.handle = &state->domain->libnet_ctx->lsa.handle; - req = dcerpc_lsa_OpenPolicy2_send(state->domain->lsa_pipe, state, + req = dcerpc_lsa_OpenPolicy2_send(state->domain->libnet_ctx->lsa.pipe, state, &state->lsa_openpolicy); composite_continue_rpc(state->ctx, req, init_domain_recv_lsa_policy, state); @@ -323,10 +322,10 @@ static void init_domain_recv_lsa_policy(struct rpc_request *req) state->ctx->status = state->lsa_openpolicy.out.result; if (!composite_is_ok(state->ctx)) return; - state->queryinfo.in.handle = state->domain->lsa_policy_handle; + state->queryinfo.in.handle = &state->domain->libnet_ctx->lsa.handle; state->queryinfo.in.level = LSA_POLICY_INFO_ACCOUNT_DOMAIN; - req = dcerpc_lsa_QueryInfoPolicy_send(state->domain->lsa_pipe, state, + req = dcerpc_lsa_QueryInfoPolicy_send(state->domain->libnet_ctx->lsa.pipe, state, &state->queryinfo); composite_continue_rpc(state->ctx, req, init_domain_recv_queryinfo, state); @@ -349,7 +348,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req) if (strcasecmp(state->domain->info->name, dominfo->name.string) != 0) { DEBUG(2, ("Expected domain name %s, DC %s said %s\n", state->domain->info->name, - dcerpc_server_name(state->domain->lsa_pipe), + dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), dominfo->name.string)); composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); return; @@ -358,7 +357,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req) if (!dom_sid_equal(state->domain->info->sid, dominfo->sid)) { DEBUG(2, ("Expected domain sid %s, DC %s said %s\n", dom_sid_string(state, state->domain->info->sid), - dcerpc_server_name(state->domain->lsa_pipe), + dcerpc_server_name(state->domain->libnet_ctx->lsa.pipe), dom_sid_string(state, dominfo->sid))); composite_error(state->ctx, NT_STATUS_INVALID_DOMAIN_STATE); return; @@ -370,7 +369,7 @@ static void init_domain_recv_queryinfo(struct rpc_request *req) * it needed schannel, then we need that here too) */ state->domain->samr_binding->flags = state->domain->lsa_binding->flags; - state->domain->samr_pipe = NULL; + state->domain->libnet_ctx->samr.pipe = NULL; ctx = wb_connect_samr_send(state, state->domain); composite_continue(state->ctx, ctx, init_domain_recv_samr, state); @@ -387,12 +386,12 @@ static void init_domain_recv_samr(struct composite_context *ctx) state->ctx->status = wb_connect_samr_recv( ctx, state->domain, - &state->domain->samr_pipe, - &state->domain->samr_handle, - &state->domain->domain_handle); + &state->domain->libnet_ctx->samr.pipe, + &state->domain->libnet_ctx->samr.handle, + &state->domain->libnet_ctx->samr.handle); if (!composite_is_ok(state->ctx)) return; - talloc_steal(state->domain->samr_pipe, state->domain->samr_binding); + talloc_steal(state->domain->libnet_ctx->samr.pipe, state->domain->samr_binding); state->domain->ldap_conn = ldap4_new_connection(state->domain, state->ctx->event_ctx); @@ -419,7 +418,7 @@ static void init_domain_recv_ldapconn(struct composite_context *ctx) state->domain->dc_name); state->ctx->status = ldap_bind_sasl(state->domain->ldap_conn, - state->domain->schannel_creds); + state->domain->libnet_ctx->cred); DEBUG(0, ("ldap_bind returned %s\n", nt_errstr(state->ctx->status))); } diff --git a/source4/winbind/wb_sam_logon.c b/source4/winbind/wb_sam_logon.c index 669d63f791..c9203c8bec 100644 --- a/source4/winbind/wb_sam_logon.c +++ b/source4/winbind/wb_sam_logon.c @@ -85,14 +85,14 @@ static void wb_sam_logon_recv_domain(struct composite_context *creq) s->ctx->status = wb_sid2domain_recv(creq, &domain); if (!composite_is_ok(s->ctx)) return; - s->creds_state = cli_credentials_get_netlogon_creds(domain->schannel_creds); + s->creds_state = cli_credentials_get_netlogon_creds(domain->libnet_ctx->cred); creds_client_authenticator(s->creds_state, &s->auth1); s->r.in.server_name = talloc_asprintf(s, "\\\\%s", dcerpc_server_name(domain->netlogon_pipe)); if (composite_nomem(s->r.in.server_name, s->ctx)) return; - s->r.in.computer_name = cli_credentials_get_workstation(domain->schannel_creds); + s->r.in.computer_name = cli_credentials_get_workstation(domain->libnet_ctx->cred); s->r.in.credential = &s->auth1; s->r.in.return_authenticator = &s->auth2; s->r.in.logon_level = s->req->in.logon_level; diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h index 47ebcb2371..a9b63dd266 100644 --- a/source4/winbind/wb_server.h +++ b/source4/winbind/wb_server.h @@ -21,7 +21,7 @@ #include "nsswitch/winbind_nss_config.h" #include "nsswitch/winbindd_nss.h" - +#include "libnet/libnet.h" #define WINBINDD_SAMBA3_SOCKET "pipe" @@ -62,20 +62,16 @@ struct wbsrv_domain { const char *dc_address; const char *dc_name; - struct dcerpc_pipe *lsa_pipe; - struct policy_handle *lsa_policy_handle; + struct libnet_context *libnet_ctx; + struct dcerpc_binding *lsa_binding; - struct dcerpc_pipe *samr_pipe; - struct policy_handle *samr_handle; - struct policy_handle *domain_handle; struct dcerpc_binding *samr_binding; struct ldap_connection *ldap_conn; struct dcerpc_pipe *netlogon_pipe; struct dcerpc_binding *netlogon_binding; - struct cli_credentials *schannel_creds; }; /* |