Use rpccli_samr_QueryDomainInfo() in winbindd.

Guenther
(This used to be commit dd9fa33e968d4e641460fe1c6beb05dfe12fa918)

7 files changed, 106 insertions, 85 deletions

diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index c4c1278d73..b812d69aeb 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -301,15 +301,15 @@ struct winbindd_methods {
 	NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
 
 	/* return the lockout policy */
-	NTSTATUS (*lockout_policy)(struct winbindd_domain *domain, 
+	NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
  				   TALLOC_CTX *mem_ctx,
-				   SAM_UNK_INFO_12 *lockout_policy);
- 
+				   struct samr_DomInfo12 *lockout_policy);
+
 	/* return the lockout policy */
-	NTSTATUS (*password_policy)(struct winbindd_domain *domain, 
+	NTSTATUS (*password_policy)(struct winbindd_domain *domain,
 				    TALLOC_CTX *mem_ctx,
-				    SAM_UNK_INFO_1 *password_policy);
- 
+				    struct samr_DomInfo1 *password_policy);
+
 	/* enumerate trusted domains */
 	NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
 				    TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c293861492..f235e401e8 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -908,7 +908,9 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI
 	centry_free(centry);
 }
 
-static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
+static void wcache_save_lockout_policy(struct winbindd_domain *domain,
+				       NTSTATUS status,
+				       struct samr_DomInfo12 *lockout_policy)
 {
 	struct cache_entry *centry;
 
@@ -916,18 +918,20 @@ static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS
 	if (!centry)
 		return;
 
-	centry_put_nttime(centry, lockout_policy->duration);
-	centry_put_nttime(centry, lockout_policy->reset_count);
-	centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
+	centry_put_nttime(centry, lockout_policy->lockout_duration);
+	centry_put_nttime(centry, lockout_policy->lockout_window);
+	centry_put_uint16(centry, lockout_policy->lockout_threshold);
 
 	centry_end(centry, "LOC_POL/%s", domain->name);
-	
+
 	DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
 
 	centry_free(centry);
 }
 
-static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
+static void wcache_save_password_policy(struct winbindd_domain *domain,
+					NTSTATUS status,
+					struct samr_DomInfo1 *policy)
 {
 	struct cache_entry *centry;
 
@@ -935,14 +939,14 @@ static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS
 	if (!centry)
 		return;
 
-	centry_put_uint16(centry, policy->min_length_password);
-	centry_put_uint16(centry, policy->password_history);
+	centry_put_uint16(centry, policy->min_password_length);
+	centry_put_uint16(centry, policy->password_history_length);
 	centry_put_uint32(centry, policy->password_properties);
-	centry_put_nttime(centry, policy->expire);
-	centry_put_nttime(centry, policy->min_passwordage);
+	centry_put_nttime(centry, policy->max_password_age);
+	centry_put_nttime(centry, policy->min_password_age);
 
 	centry_end(centry, "PWD_POL/%s", domain->name);
-	
+
 	DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
 
 	centry_free(centry);
@@ -2131,55 +2135,56 @@ skip_save:
 /* get lockout policy */
 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
  			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_12 *policy){
+			       struct samr_DomInfo12 *policy)
+{
  	struct winbind_cache *cache = get_cache(domain);
  	struct cache_entry *centry = NULL;
  	NTSTATUS status;
- 
+
 	if (!cache->tdb)
 		goto do_query;
- 
+
 	centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
-	
+
 	if (!centry)
  		goto do_query;
- 
-	policy->duration = centry_nttime(centry);
-	policy->reset_count = centry_nttime(centry);
-	policy->bad_attempt_lockout = centry_uint16(centry);
- 
+
+	policy->lockout_duration = centry_nttime(centry);
+	policy->lockout_window = centry_nttime(centry);
+	policy->lockout_threshold = centry_uint16(centry);
+
  	status = centry->status;
- 
+
 	DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
 		domain->name, nt_errstr(status) ));
- 
+
  	centry_free(centry);
  	return status;
- 
+
 do_query:
 	ZERO_STRUCTP(policy);
- 
+
 	/* Return status value returned by seq number check */
 
  	if (!NT_STATUS_IS_OK(domain->last_status))
  		return domain->last_status;
-	
+
 	DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
 		domain->name ));
- 
-	status = domain->backend->lockout_policy(domain, mem_ctx, policy); 
- 
+
+	status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+
 	/* and save it */
  	refresh_sequence_number(domain, false);
 	wcache_save_lockout_policy(domain, status, policy);
- 
+
  	return status;
 }
- 
+
 /* get password policy */
 static NTSTATUS password_policy(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				SAM_UNK_INFO_1 *policy)
+				struct samr_DomInfo1 *policy)
 {
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
@@ -2187,17 +2192,17 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
 
 	if (!cache->tdb)
 		goto do_query;
- 
+
 	centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
-	
+
 	if (!centry)
 		goto do_query;
 
-	policy->min_length_password = centry_uint16(centry);
-	policy->password_history = centry_uint16(centry);
+	policy->min_password_length = centry_uint16(centry);
+	policy->password_history_length = centry_uint16(centry);
 	policy->password_properties = centry_uint32(centry);
-	policy->expire = centry_nttime(centry);
-	policy->min_passwordage = centry_nttime(centry);
+	policy->max_password_age = centry_nttime(centry);
+	policy->min_password_age = centry_nttime(centry);
 
 	status = centry->status;
 
@@ -2214,11 +2219,11 @@ do_query:
 
 	if (!NT_STATUS_IS_OK(domain->last_status))
 		return domain->last_status;
-	
+
 	DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
 		domain->name ));
 
-	status = domain->backend->password_policy(domain, mem_ctx, policy); 
+	status = domain->backend->password_policy(domain, mem_ctx, policy);
 
 	/* and save it */
 	refresh_sequence_number(domain, false);
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 48f37af4d0..2b756b24d1 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -770,7 +770,7 @@ static void account_lockout_policy_handler(struct event_context *ctx,
 		(struct winbindd_child *)private_data;
 	TALLOC_CTX *mem_ctx = NULL;
 	struct winbindd_methods *methods;
-	SAM_UNK_INFO_12 lockout_policy;
+	struct samr_DomInfo12 lockout_policy;
 	NTSTATUS result;
 
 	DEBUG(10,("account_lockout_policy_handler called\n"));
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 9435a328dd..c1a277f9b5 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -370,7 +370,7 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
 {
 	struct winbindd_methods *methods;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_INFO_1 password_policy;
+	struct samr_DomInfo1 password_policy;
 
 	if ( !winbindd_can_contact_domain( domain ) ) {
 		DEBUG(5,("fillup_password_policy: No inbound trust to "
@@ -386,28 +386,28 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
 	}
 
 	state->response.data.auth.policy.min_length_password =
-		password_policy.min_length_password;
+		password_policy.min_password_length;
 	state->response.data.auth.policy.password_history =
-		password_policy.password_history;
+		password_policy.password_history_length;
 	state->response.data.auth.policy.password_properties =
 		password_policy.password_properties;
 	state->response.data.auth.policy.expire	=
-		nt_time_to_unix_abs(&(password_policy.expire));
-	state->response.data.auth.policy.min_passwordage = 
-		nt_time_to_unix_abs(&(password_policy.min_passwordage));
+		nt_time_to_unix_abs((NTTIME *)&(password_policy.max_password_age));
+	state->response.data.auth.policy.min_passwordage =
+		nt_time_to_unix_abs((NTTIME *)&(password_policy.min_password_age));
 
 	return NT_STATUS_OK;
 }
 
 static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain, 
 							 TALLOC_CTX *mem_ctx, 
-							 uint16 *max_allowed_bad_attempts)
+							 uint16 *lockout_threshold)
 {
 	struct winbindd_methods *methods;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_INFO_12 lockout_policy;
+	struct samr_DomInfo12 lockout_policy;
 
-	*max_allowed_bad_attempts = 0;
+	*lockout_threshold = 0;
 
 	methods = domain->methods;
 
@@ -416,7 +416,7 @@ static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain
 		return status;
 	}
 
-	*max_allowed_bad_attempts = lockout_policy.bad_attempt_lockout;
+	*lockout_threshold = lockout_policy.lockout_threshold;
 
 	return NT_STATUS_OK;
 }
@@ -427,7 +427,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
 {
 	struct winbindd_methods *methods;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_INFO_1 password_policy;
+	struct samr_DomInfo1 password_policy;
 
 	*password_properties = 0;
 
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 29db8be857..7c1d7bd71b 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -338,7 +338,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 
 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_12 *policy)
+			       struct samr_DomInfo12 *policy)
 {
 	/* actually we have that */
 	return NT_STATUS_NOT_IMPLEMENTED;
@@ -346,14 +346,14 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 
 static NTSTATUS password_policy(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				SAM_UNK_INFO_1 *policy)
+				struct samr_DomInfo1 *policy)
 {
 	uint32 min_pass_len,pass_hist,password_properties;
 	time_t u_expire, u_min_age;
 	NTTIME nt_expire, nt_min_age;
 	uint32 account_policy_temp;
 
-	if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+	if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -385,8 +385,12 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
 	unix_to_nt_time_abs(&nt_expire, u_expire);
 	unix_to_nt_time_abs(&nt_min_age, u_min_age);
 
-	init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 
-	               password_properties, nt_expire, nt_min_age);
+	init_samr_DomInfo1(policy,
+			   (uint16)min_pass_len,
+			   (uint16)pass_hist,
+			   password_properties,
+			   nt_expire,
+			   nt_min_age);
 
 	return NT_STATUS_OK;
 }
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index a1f96a0359..25debccc5a 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -247,7 +247,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 /* find the lockout policy of a domain */
 static NTSTATUS lockout_policy(struct winbindd_domain *domain, 
 			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_12 *policy)
+			       struct samr_DomInfo12 *policy)
 {
 	NTSTATUS result;
 
@@ -262,7 +262,7 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 /* find the password policy of a domain */
 static NTSTATUS password_policy(struct winbindd_domain *domain, 
 				TALLOC_CTX *mem_ctx,
-				SAM_UNK_INFO_1 *policy)
+				struct samr_DomInfo1 *policy)
 {
  	NTSTATUS result;
  
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index a318199b62..98e4077a4d 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -884,7 +884,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 {
 	TALLOC_CTX *mem_ctx;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 	NTSTATUS result;
 	POLICY_HND dom_pol;
 	bool got_seq_num = False;
@@ -935,21 +935,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 
 	/* Query domain info */
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     8,
+					     &info);
 
 	if (NT_STATUS_IS_OK(result)) {
-		*seq = ctr.info.inf8.seq_num;
+		*seq = info->info8.sequence_num;
 		got_seq_num = True;
 		goto seq_num;
 	}
 
 	/* retry with info-level 2 in case the dc does not support info-level 8
-	 * (like all older samba2 and samba3 dc's - Guenther */
+	 * (like all older samba2 and samba3 dc's) - Guenther */
+
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     2,
+					     &info);
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr);
-	
 	if (NT_STATUS_IS_OK(result)) {
-		*seq = ctr.info.inf2.seq_num;
+		*seq = info->info2.sequence_num;
 		got_seq_num = True;
 	}
 
@@ -1033,14 +1039,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 }
 
 /* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, 
+NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 			      TALLOC_CTX *mem_ctx,
-			      SAM_UNK_INFO_12 *lockout_policy)
+			      struct samr_DomInfo12 *lockout_policy)
 {
 	NTSTATUS result;
 	struct rpc_pipe_client *cli;
 	POLICY_HND dom_pol;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 
 	DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name));
 
@@ -1055,15 +1061,18 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     12,
+					     &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	*lockout_policy = ctr.info.inf12;
+	*lockout_policy = info->info12;
 
-	DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n", 
-		ctr.info.inf12.bad_attempt_lockout));
+	DEBUG(10,("msrpc_lockout_policy: lockout_threshold %d\n",
+		info->info12.lockout_threshold));
 
   done:
 
@@ -1071,14 +1080,14 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 }
 
 /* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, 
+NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
 			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_1 *password_policy)
+			       struct samr_DomInfo1 *password_policy)
 {
 	NTSTATUS result;
 	struct rpc_pipe_client *cli;
 	POLICY_HND dom_pol;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 
 	DEBUG(10,("rpc: fetch password policy for %s\n", domain->name));
 
@@ -1093,15 +1102,18 @@ NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     1,
+					     &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	*password_policy = ctr.info.inf1;
+	*password_policy = info->info1;
 
-	DEBUG(10,("msrpc_password_policy: min_length_password %d\n", 
-		ctr.info.inf1.min_length_password));
+	DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
+		info->info1.min_password_length));
 
   done: