summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2011-03-11 12:48:11 +0100
committerJeremy Allison <jra@samba.org>2011-04-13 14:13:24 -0700
commit091fd0f0f74003847ab5dd72a48e8f2978a511a5 (patch)
tree7d9ee006e588e2309c7520aff9f5302367ca2074 /source3
parentef9d2b15e01d18dc2bf0379cc9a6df367812e287 (diff)
downloadsamba-091fd0f0f74003847ab5dd72a48e8f2978a511a5.tar.gz
samba-091fd0f0f74003847ab5dd72a48e8f2978a511a5.tar.bz2
samba-091fd0f0f74003847ab5dd72a48e8f2978a511a5.zip
s3: Add wbint_LookupSids
This will be called from wb_lookupsids to query remote DCs via lsa Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/librpc/idl/wbint.idl6
-rw-r--r--source3/winbindd/winbindd_dual_srv.c18
-rw-r--r--source3/winbindd/winbindd_proto.h5
-rw-r--r--source3/winbindd/winbindd_rpc.c98
4 files changed, 127 insertions, 0 deletions
diff --git a/source3/librpc/idl/wbint.idl b/source3/librpc/idl/wbint.idl
index 470fb8b7eb..ec37b381ff 100644
--- a/source3/librpc/idl/wbint.idl
+++ b/source3/librpc/idl/wbint.idl
@@ -23,6 +23,12 @@ interface wbint
[out,string,charset(UTF8)] char **name
);
+ NTSTATUS wbint_LookupSids(
+ [in] lsa_SidArray *sids,
+ [out,ref] lsa_RefDomainList *domains,
+ [out,ref] lsa_TransNameArray *names
+ );
+
NTSTATUS wbint_LookupName(
[in,string,charset(UTF8)] char *domain,
[in,string,charset(UTF8)] char *name,
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index f5a5739fe8..e95dac234b 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -59,6 +59,24 @@ NTSTATUS _wbint_LookupSid(struct pipes_struct *p, struct wbint_LookupSid *r)
return NT_STATUS_OK;
}
+NTSTATUS _wbint_LookupSids(struct pipes_struct *p, struct wbint_LookupSids *r)
+{
+ struct winbindd_domain *domain = wb_child_domain();
+
+ if (domain == NULL) {
+ return NT_STATUS_REQUEST_NOT_ACCEPTED;
+ }
+
+ /*
+ * This breaks the winbindd_domain->methods abstraction: This
+ * is only called for remote domains, and both winbindd_msrpc
+ * and winbindd_ad call into lsa_lookupsids anyway. Caching is
+ * done at the wbint RPC layer.
+ */
+ return rpc_lookup_sids(p->mem_ctx, domain, r->in.sids,
+ &r->out.domains, &r->out.names);
+}
+
NTSTATUS _wbint_LookupName(struct pipes_struct *p, struct wbint_LookupName *r)
{
struct winbindd_domain *domain = wb_child_domain();
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index a5b4a64643..d1007f420b 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -54,6 +54,11 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
const char ***domains,
struct dom_sid **sids,
enum lsa_SidType **types);
+NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct lsa_SidArray *sids,
+ struct lsa_RefDomainList **pdomains,
+ struct lsa_TransNameArray **pnames);
/* The following definitions come from winbindd/winbindd_cache.c */
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index ed7d994ca9..82599e7878 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -1033,3 +1033,101 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct lsa_SidArray *sids,
+ struct lsa_RefDomainList **pdomains,
+ struct lsa_TransNameArray **pnames)
+{
+ struct lsa_TransNameArray2 lsa_names2;
+ struct lsa_TransNameArray *names;
+ uint32_t i, count;
+ struct rpc_pipe_client *cli;
+ NTSTATUS status, result;
+
+ status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ domain->can_do_ncacn_ip_tcp = false;
+ return status;
+ }
+
+ ZERO_STRUCT(lsa_names2);
+ status = dcerpc_lsa_LookupSids3(cli->binding_handle,
+ mem_ctx,
+ sids,
+ pdomains,
+ &lsa_names2,
+ LSA_LOOKUP_NAMES_ALL,
+ &count,
+ LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES,
+ LSA_CLIENT_REVISION_2,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (NT_STATUS_IS_ERR(result)) {
+ return result;
+ }
+ names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ names->count = lsa_names2.count;
+ names->names = talloc_array(names, struct lsa_TranslatedName,
+ names->count);
+ if (names->names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (i=0; i<names->count; i++) {
+ names->names[i].sid_type = lsa_names2.names[i].sid_type;
+ names->names[i].name.string = talloc_move(
+ names->names, &lsa_names2.names[i].name.string);
+ names->names[i].sid_index = lsa_names2.names[i].sid_index;
+ }
+ *pnames = names;
+ return result;
+}
+
+NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct lsa_SidArray *sids,
+ struct lsa_RefDomainList **pdomains,
+ struct lsa_TransNameArray **pnames)
+{
+ struct lsa_TransNameArray *names;
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle lsa_policy;
+ uint32_t count;
+ NTSTATUS status, result;
+
+ if (domain->can_do_ncacn_ip_tcp) {
+ status = rpc_try_lookup_sids3(mem_ctx, domain, sids,
+ pdomains, pnames);
+ if (!NT_STATUS_IS_ERR(status)) {
+ return status;
+ }
+ }
+
+ status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ status = dcerpc_lsa_LookupSids(cli->binding_handle, mem_ctx,
+ &lsa_policy, sids, pdomains,
+ names, LSA_LOOKUP_NAMES_ALL,
+ &count, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (NT_STATUS_IS_ERR(result)) {
+ return result;
+ }
+ *pnames = names;
+ return result;
+}