summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd.c7
-rw-r--r--source3/nsswitch/winbindd_glue.c79
-rw-r--r--source3/nsswitch/winbindd_group.c2
-rw-r--r--source3/nsswitch/winbindd_util.c17
4 files changed, 88 insertions, 17 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 9d315a0811..9dd995b4ae 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -644,6 +644,13 @@ int main(int argc, char **argv)
BOOL interactive = False;
int opt, new_debuglevel = -1;
+ /* Must be root */
+
+ if(geteuid() != (uid_t)0) {
+ fprintf(stderr, "Must have effective user id of zero.\n");
+ exit(1);
+ }
+
/* Set environment variable so we don't recursively call ourselves.
This may also be useful interactively. */
SETENV(WINBINDD_DONT_ENV, "1", 1);
diff --git a/source3/nsswitch/winbindd_glue.c b/source3/nsswitch/winbindd_glue.c
index 9007e8c275..6f55e564f4 100644
--- a/source3/nsswitch/winbindd_glue.c
+++ b/source3/nsswitch/winbindd_glue.c
@@ -47,6 +47,9 @@ BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access,
/* Initialise RPC connection */
+ if (!cli_initialise(pol->cli))
+ goto done;
+
ZERO_STRUCT(creds);
creds.pwd.null_pwd = 1;
@@ -168,16 +171,62 @@ BOOL wb_samr_close(CLI_POLICY_HND *hnd)
/****************************************************************************
samr_connect glue
****************************************************************************/
-BOOL wb_samr_connect(char *srv_name, uint32 access_mask,
- CLI_POLICY_HND *connect_pol)
+BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol)
{
- uint32 ret;
+ struct nmb_name calling, called;
+ struct ntuser_creds creds;
+ struct in_addr dest_ip;
+ fstring dest_host;
+ uint32 result = NT_STATUS_UNSUCCESSFUL;
+ extern pstring global_myname;
- ret = cli_samr_connect(connect_pol->cli, connect_pol->mem_ctx,
- srv_name, access_mask,
- &connect_pol->handle);
+ ZERO_STRUCTP(pol);
- return (ret == NT_STATUS_NOPROBLEMO);
+ pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state));
+ pol->mem_ctx = talloc_init();
+
+ if (!pol->cli || !pol->mem_ctx)
+ return False;
+
+ /* Initialise RPC connection */
+
+ if (!cli_initialise(pol->cli))
+ goto done;
+
+ ZERO_STRUCT(creds);
+ creds.pwd.null_pwd = 1;
+
+ cli_init_creds(pol->cli, &creds);
+
+ /* Establish a SMB connection */
+
+ if (!resolve_srv_name(server, dest_host, &dest_ip)) {
+ goto done;
+ }
+
+ make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
+ make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
+
+ if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling,
+ &called, "IPC$", "IPC", False, True)) {
+ goto done;
+ }
+
+ if (!cli_nt_session_open (pol->cli, PIPE_SAMR)) {
+ goto done;
+ }
+
+ result = cli_samr_connect(pol->cli, pol->mem_ctx, server,
+ access_mask, &pol->handle);
+
+ done:
+ if (result != NT_STATUS_NOPROBLEMO && pol->cli) {
+ if (pol->cli->initialised)
+ cli_shutdown(pol->cli);
+ free(pol->cli);
+ }
+
+ return (result == NT_STATUS_NOPROBLEMO);
}
@@ -198,6 +247,7 @@ BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms,
if (ret == NT_STATUS_NOPROBLEMO) {
domain_pol->cli = connect_pol->cli;
+ domain_pol->mem_ctx = connect_pol->mem_ctx;
return True;
}
@@ -222,8 +272,12 @@ uint32 wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx,
uint32 size, struct acct_info **sam,
uint32 *num_sam_groups)
{
- DEBUG(0,("unimplemented samr_enum_dom_groups\n"));
- return -1;
+ uint32 ret;
+
+ ret = cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle,
+ start_idx, size, sam, num_sam_groups);
+
+ return (ret == NT_STATUS_NOPROBLEMO);
}
/****************************************************************************
@@ -328,7 +382,12 @@ BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid,
!= NT_STATUS_NOPROBLEMO)
goto done;
- /* do a samr_query_lookup_rids() */
+ if ((result = cli_samr_lookup_rids(pol->cli, pol->mem_ctx,
+ &pol->handle, 1000, /* ??? */
+ *num_names, *rid_mem,
+ num_names, names, name_types))
+ != NT_STATUS_NOPROBLEMO)
+ goto done;
done:
if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol);
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index b56d2787d6..ed4db07dda 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -522,8 +522,6 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
memcpy(&name_list[ent->num_sam_entries],
sam_grp_entries,
num_entries * sizeof(struct acct_info));
-
- safe_free(sam_grp_entries);
}
ent->num_sam_entries += num_entries;
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index b838dd0145..3d8fbd3da8 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -327,8 +327,7 @@ static BOOL get_any_dc_name(char *domain, fstring srv_name)
dc_ip = ip_list[i];
free(ip_list);
- if (!lookup_pdc_name(global_myname, lp_workgroup(),
- &dc_ip, server_state.controller))
+ if (!lookup_pdc_name(global_myname, lp_workgroup(), &dc_ip, srv_name))
return False;
return True;
@@ -366,6 +365,8 @@ void establish_connections(BOOL force_reestablish)
if (!get_any_dc_name(lp_workgroup(),
server_state.controller)) {
+ DEBUG(3, ("could not find any domain controllers "
+ "for domain %s\n", lp_workgroup()));
return;
}
@@ -374,8 +375,10 @@ void establish_connections(BOOL force_reestablish)
// server_state.pwdb_initialised = pwdb_initialise(False);
server_state.pwdb_initialised = True;
- if (!server_state.pwdb_initialised)
+ if (!server_state.pwdb_initialised) {
+ DEBUG(3, ("could not initialise pwdb\n"));
return;
+ }
}
/* Open lsa handle if it isn't already open */
@@ -387,7 +390,11 @@ void establish_connections(BOOL force_reestablish)
False, SEC_RIGHTS_MAXIMUM_ALLOWED,
&server_state.lsa_handle);
- if (!server_state.lsa_handle_open) return;
+ if (!server_state.lsa_handle_open) {
+ DEBUG(0, ("error opening lsa handle on dc %s\n",
+ server_state.controller));
+ return;
+ }
/* Now we can talk to the server we can get some info */
@@ -436,7 +443,7 @@ BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain)
/* Look for domain name */
- if (res && domains && sids) {
+ if (!res && domains && sids) {
int found = False;
int i;