summaryrefslogtreecommitdiff
path: root/source3/nsswitch/winbindd_rpc.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch/winbindd_rpc.c')
-rw-r--r--source3/nsswitch/winbindd_rpc.c669
1 files changed, 262 insertions, 407 deletions
diff --git a/source3/nsswitch/winbindd_rpc.c b/source3/nsswitch/winbindd_rpc.c
index 854688da4e..2b4c020d88 100644
--- a/source3/nsswitch/winbindd_rpc.c
+++ b/source3/nsswitch/winbindd_rpc.c
@@ -37,37 +37,20 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
uint32 *num_entries,
WINBIND_USERINFO **info)
{
- CLI_POLICY_HND *hnd;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS result;
POLICY_HND dom_pol;
- BOOL got_dom_pol = False;
- uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
- unsigned int i, start_idx, retry;
+ unsigned int i, start_idx;
uint32 loop_count;
+ struct rpc_pipe_client *cli;
DEBUG(3,("rpc: query_user_list\n"));
*num_entries = 0;
*info = NULL;
- retry = 0;
- do {
- /* Get sam handle */
-
- if ( !NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)) )
- return result;
-
- /* Get domain handle */
-
- result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
- des_access, &domain->sid, &dom_pol);
-
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
-
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_dom_pol = True;
+ return result;
i = start_idx = 0;
loop_count = 0;
@@ -83,28 +66,30 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
ZERO_STRUCT( info1 );
ctr.sam.info1 = &info1;
- if (!(ctx2 = talloc_init("winbindd enum_users"))) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ if (!(ctx2 = talloc_init("winbindd enum_users")))
+ return NT_STATUS_NO_MEMORY;
/* this next bit is copied from net_user_list_internal() */
- get_query_dispinfo_params( loop_count, &max_entries, &max_size );
+ get_query_dispinfo_params(loop_count, &max_entries,
+ &max_size);
- result = cli_samr_query_dispinfo(hnd->cli, mem_ctx, &dom_pol,
- &start_idx, 1, &num_dom_users, max_entries, max_size, &ctr);
+ result = rpccli_samr_query_dispinfo(cli, mem_ctx, &dom_pol,
+ &start_idx, 1,
+ &num_dom_users,
+ max_entries, max_size,
+ &ctr);
loop_count++;
*num_entries += num_dom_users;
- *info = TALLOC_REALLOC_ARRAY( mem_ctx, *info, WINBIND_USERINFO, *num_entries);
+ *info = TALLOC_REALLOC_ARRAY(mem_ctx, *info, WINBIND_USERINFO,
+ *num_entries);
if (!(*info)) {
- result = NT_STATUS_NO_MEMORY;
talloc_destroy(ctx2);
- goto done;
+ return NT_STATUS_NO_MEMORY;
}
for (j = 0; j < num_dom_users; i++, j++) {
@@ -116,7 +101,7 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
(*info)[i].acct_name = talloc_strdup(mem_ctx, username );
(*info)[i].full_name = talloc_strdup(mem_ctx, fullname );
- (*info)[i].user_sid = rid_to_talloced_sid(domain, mem_ctx, rid );
+ sid_compose(&(*info)[i].user_sid, &domain->sid, rid);
/* For the moment we set the primary group for
every user to be the Domain Users group.
@@ -126,19 +111,14 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
force group' smb.conf parameter or
something like that. */
- (*info)[i].group_sid = rid_to_talloced_sid(domain,
- mem_ctx, DOMAIN_GROUP_RID_USERS);
+ sid_compose(&(*info)[i].group_sid, &domain->sid,
+ DOMAIN_GROUP_RID_USERS);
}
talloc_destroy(ctx2);
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- done:
-
- if (got_dom_pol)
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
return result;
}
@@ -148,28 +128,17 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
uint32 *num_entries,
struct acct_info **info)
{
- uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
- CLI_POLICY_HND *hnd;
POLICY_HND dom_pol;
NTSTATUS status;
uint32 start = 0;
- int retry;
- NTSTATUS result;
+ struct rpc_pipe_client *cli;
*num_entries = 0;
*info = NULL;
DEBUG(3,("rpc: enum_dom_groups\n"));
- retry = 0;
- do {
- if (!NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)))
- return result;
-
- status = cli_samr_open_domain(hnd->cli, mem_ctx,
- &hnd->pol, des_access, &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(status) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
-
+ status = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(status))
return status;
@@ -181,10 +150,10 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
mem_ctx2 = talloc_init("enum_dom_groups[rpc]");
/* start is updated by this call. */
- status = cli_samr_enum_dom_groups(hnd->cli, mem_ctx2, &dom_pol,
- &start,
- 0xFFFF, /* buffer size? */
- &info2, &count);
+ status = rpccli_samr_enum_dom_groups(cli, mem_ctx2, &dom_pol,
+ &start,
+ 0xFFFF, /* buffer size? */
+ &info2, &count);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
@@ -192,11 +161,13 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
break;
}
- (*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, struct acct_info, (*num_entries) + count);
+ (*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info,
+ struct acct_info,
+ (*num_entries) + count);
if (! *info) {
talloc_destroy(mem_ctx2);
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ break;
}
memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2));
@@ -204,9 +175,7 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
talloc_destroy(mem_ctx2);
} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
- return status;
+ return NT_STATUS_OK;
}
/* List all domain groups */
@@ -216,25 +185,17 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
uint32 *num_entries,
struct acct_info **info)
{
- uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
- CLI_POLICY_HND *hnd;
POLICY_HND dom_pol;
NTSTATUS result;
- int retry;
+ struct rpc_pipe_client *cli;
*num_entries = 0;
*info = NULL;
- retry = 0;
- do {
- if ( !NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)) )
- return result;
-
- result = cli_samr_open_domain( hnd->cli, mem_ctx, &hnd->pol,
- des_access, &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
+ DEBUG(3,("rpc: enum_local_groups\n"));
- if ( !NT_STATUS_IS_OK(result))
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
+ if (!NT_STATUS_IS_OK(result))
return result;
do {
@@ -244,31 +205,32 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]");
- result = cli_samr_enum_als_groups( hnd->cli, mem_ctx2, &dom_pol,
- &start, 0xFFFF, &info2, &count);
+ result = rpccli_samr_enum_als_groups( cli, mem_ctx2, &dom_pol,
+ &start, 0xFFFF, &info2,
+ &count);
- if ( !NT_STATUS_IS_OK(result)
- && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) )
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) )
{
talloc_destroy(mem_ctx2);
- break;
+ return result;
}
- (*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, struct acct_info, (*num_entries) + count);
+ (*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info,
+ struct acct_info,
+ (*num_entries) + count);
if (! *info) {
talloc_destroy(mem_ctx2);
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
return NT_STATUS_NO_MEMORY;
}
memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2));
(*num_entries) += count;
talloc_destroy(mem_ctx2);
- } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- return result;
+ return NT_STATUS_OK;
}
/* convert a single name to a sid in a domain */
@@ -279,12 +241,12 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
DOM_SID *sid,
enum SID_NAME_USE *type)
{
- CLI_POLICY_HND *hnd;
NTSTATUS result;
DOM_SID *sids = NULL;
uint32 *types = NULL;
const char *full_name;
- int retry;
+ struct rpc_pipe_client *cli;
+ POLICY_HND lsa_policy;
if(name == NULL || *name=='\0') {
DEBUG(3,("rpc: name_to_sid name=%s\n", domain_name));
@@ -300,25 +262,22 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", name?name:"", domain_name ));
- retry = 0;
- do {
- if (!NT_STATUS_IS_OK(result = cm_get_lsa_handle(domain, &hnd))) {
- return result;
- }
-
- result = cli_lsa_lookup_names(hnd->cli, mem_ctx, &hnd->pol, 1,
- &full_name, &sids, &types);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) &&
- hnd && hnd->cli && hnd->cli->fd == -1);
+ result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
+ result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1,
+ &full_name, &sids, &types);
+ if (!NT_STATUS_IS_OK(result))
+ return result;
+
/* Return rid and type if lookup successful */
- if (NT_STATUS_IS_OK(result)) {
- sid_copy(sid, &sids[0]);
- *type = (enum SID_NAME_USE)types[0];
- }
+ sid_copy(sid, &sids[0]);
+ *type = (enum SID_NAME_USE)types[0];
- return result;
+ return NT_STATUS_OK;
}
/*
@@ -331,34 +290,30 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
char **name,
enum SID_NAME_USE *type)
{
- CLI_POLICY_HND *hnd;
char **domains;
char **names;
uint32 *types;
NTSTATUS result;
- int retry;
+ struct rpc_pipe_client *cli;
+ POLICY_HND lsa_policy;
DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_static(sid),
domain->name ));
- retry = 0;
- do {
- if (!NT_STATUS_IS_OK(result = cm_get_lsa_handle(domain, &hnd)))
- return result;
-
- result = cli_lsa_lookup_sids(hnd->cli, mem_ctx, &hnd->pol,
- 1, sid, &domains, &names, &types);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) &&
- hnd && hnd->cli && hnd->cli->fd == -1);
+ result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ if (!NT_STATUS_IS_OK(result))
+ return result;
- if (NT_STATUS_IS_OK(result)) {
- *type = (enum SID_NAME_USE)types[0];
- *domain_name = domains[0];
- *name = names[0];
- DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
- }
+ result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,
+ 1, sid, &domains, &names, &types);
+ if (!NT_STATUS_IS_OK(result))
+ return result;
- return result;
+ *type = (enum SID_NAME_USE)types[0];
+ *domain_name = domains[0];
+ *name = names[0];
+ DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name));
+ return NT_STATUS_OK;
}
/* Lookup user information from a rid or username. */
@@ -367,20 +322,19 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
const DOM_SID *user_sid,
WINBIND_USERINFO *user_info)
{
- CLI_POLICY_HND *hnd = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND dom_pol, user_pol;
- BOOL got_dom_pol = False, got_user_pol = False;
SAM_USERINFO_CTR *ctr;
- int retry;
fstring sid_string;
uint32 user_rid;
NET_USER_INFO_3 *user;
+ struct rpc_pipe_client *cli;
- DEBUG(3,("rpc: query_user rid=%s\n", sid_to_string(sid_string, user_sid)));
- if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) {
- goto done;
- }
+ DEBUG(3,("rpc: query_user rid=%s\n",
+ sid_to_string(sid_string, user_sid)));
+
+ if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid))
+ return NT_STATUS_UNSUCCESSFUL;
/* try netsamlogon cache first */
@@ -389,12 +343,15 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
sid_string_static(user_sid)));
-
- user_info->user_sid = rid_to_talloced_sid( domain, mem_ctx, user_rid );
- user_info->group_sid = rid_to_talloced_sid( domain, mem_ctx, user->group_rid );
+
+ sid_compose(&user_info->user_sid, &domain->sid, user_rid);
+ sid_compose(&user_info->group_sid, &domain->sid,
+ user->group_rid);
- user_info->acct_name = unistr2_tdup(mem_ctx, &user->uni_user_name);
- user_info->full_name = unistr2_tdup(mem_ctx, &user->uni_full_name);
+ user_info->acct_name = unistr2_tdup(mem_ctx,
+ &user->uni_user_name);
+ user_info->full_name = unistr2_tdup(mem_ctx,
+ &user->uni_full_name);
SAFE_FREE(user);
@@ -403,82 +360,59 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
/* no cache; hit the wire */
- retry = 0;
- do {
- /* Get sam handle; if we fail here there is no hope */
-
- if (!NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)))
- goto done;
-
- /* Get domain handle */
-
- result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) &&
- hnd && hnd->cli && hnd->cli->fd == -1);
-
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_dom_pol = True;
+ return result;
/* Get user handle */
- result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
+ result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_user_pol = True;
+ return result;
/* Get user info */
- result = cli_samr_query_userinfo(hnd->cli, mem_ctx, &user_pol,
- 0x15, &ctr);
+ result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol,
+ 0x15, &ctr);
- if (!NT_STATUS_IS_OK(result))
- goto done;
+ rpccli_samr_close(cli, mem_ctx, &user_pol);
- cli_samr_close(hnd->cli, mem_ctx, &user_pol);
- got_user_pol = False;
+ if (!NT_STATUS_IS_OK(result))
+ return result;
- user_info->user_sid = rid_to_talloced_sid(domain, mem_ctx, user_rid);
- user_info->group_sid = rid_to_talloced_sid(domain, mem_ctx, ctr->info.id21->group_rid);
+ sid_compose(&user_info->user_sid, &domain->sid, user_rid);
+ sid_compose(&user_info->group_sid, &domain->sid,
+ ctr->info.id21->group_rid);
user_info->acct_name = unistr2_tdup(mem_ctx,
&ctr->info.id21->uni_user_name);
user_info->full_name = unistr2_tdup(mem_ctx,
&ctr->info.id21->uni_full_name);
- done:
- /* Clean up policy handles */
- if (got_user_pol)
- cli_samr_close(hnd->cli, mem_ctx, &user_pol);
-
- if (got_dom_pol)
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
- return result;
+ return NT_STATUS_OK;
}
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID ***user_grpsids)
+ uint32 *num_groups, DOM_SID **user_grpsids)
{
- CLI_POLICY_HND *hnd;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND dom_pol, user_pol;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
- BOOL got_dom_pol = False, got_user_pol = False;
DOM_GID *user_groups;
unsigned int i;
- unsigned int retry;
fstring sid_string;
uint32 user_rid;
NET_USER_INFO_3 *user;
+ struct rpc_pipe_client *cli;
+
+ DEBUG(3,("rpc: lookup_usergroups sid=%s\n",
+ sid_to_string(sid_string, user_sid)));
- DEBUG(3,("rpc: lookup_usergroups sid=%s\n", sid_to_string(sid_string, user_sid)));
+ if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid))
+ return NT_STATUS_UNSUCCESSFUL;
*num_groups = 0;
*user_grpsids = NULL;
@@ -492,9 +426,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
*num_groups = user->num_groups;
- (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID*, *num_groups);
+ (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
for (i=0;i<(*num_groups);i++) {
- (*user_grpsids)[i] = rid_to_talloced_sid(domain, mem_ctx, user->gids[i].g_rid);
+ sid_copy(&((*user_grpsids)[i]), &domain->sid);
+ sid_append_rid(&((*user_grpsids)[i]),
+ user->gids[i].g_rid);
}
SAFE_FREE(user);
@@ -504,124 +440,73 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
/* no cache; hit the wire */
- retry = 0;
- do {
- /* Get sam handle; if we fail here there is no hope */
-
- if (!NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)))
- goto done;
-
- /* Get domain handle */
-
- result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
- des_access, &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) &&
- hnd && hnd->cli && hnd->cli->fd == -1);
-
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_dom_pol = True;
-
-
- if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) {
- goto done;
- }
+ return result;
/* Get user handle */
- result = cli_samr_open_user(hnd->cli, mem_ctx, &dom_pol,
+ result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol,
des_access, user_rid, &user_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_user_pol = True;
+ return result;
/* Query user rids */
- result = cli_samr_query_usergroups(hnd->cli, mem_ctx, &user_pol,
+ result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
num_groups, &user_groups);
+ rpccli_samr_close(cli, mem_ctx, &user_pol);
+
if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
- goto done;
+ return result;
- (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID *, *num_groups);
- if (!(*user_grpsids)) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups);
+ if (!(*user_grpsids))
+ return NT_STATUS_NO_MEMORY;
for (i=0;i<(*num_groups);i++) {
- (*user_grpsids)[i] = rid_to_talloced_sid(domain, mem_ctx, user_groups[i].g_rid);
+ sid_copy(&((*user_grpsids)[i]), &domain->sid);
+ sid_append_rid(&((*user_grpsids)[i]),
+ user_groups[i].g_rid);
}
- done:
- /* Clean up policy handles */
- if (got_user_pol)
- cli_samr_close(hnd->cli, mem_ctx, &user_pol);
-
- if (got_dom_pol)
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
- return result;
+ return NT_STATUS_OK;
}
NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 num_sids, DOM_SID **sids,
+ uint32 num_sids, const DOM_SID *sids,
uint32 *num_aliases, uint32 **alias_rids)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- CLI_POLICY_HND *hnd;
- BOOL got_dom_pol = False;
POLICY_HND dom_pol;
DOM_SID2 *sid2;
- int i, retry;
+ int i;
+ struct rpc_pipe_client *cli;
*num_aliases = 0;
*alias_rids = NULL;
- retry = 0;
- do {
- /* Get sam handle; if we fail here there is no hope */
-
- if (!NT_STATUS_IS_OK(result = cm_get_sam_handle(domain,
- &hnd)))
- goto done;
-
- /* Get domain handle */
-
- result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) &&
- hnd && hnd->cli && hnd->cli->fd == -1);
+ DEBUG(3,("rpc: lookup_useraliases\n"));
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_dom_pol = True;
+ return result;
sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
- if (sid2 == NULL) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ if (sid2 == NULL)
+ return NT_STATUS_NO_MEMORY;
for (i=0; i<num_sids; i++) {
- sid_copy(&sid2[i].sid, sids[i]);
+ sid_copy(&sid2[i].sid, &sids[i]);
sid2[i].num_auths = sid2[i].sid.num_auths;
}
- result = cli_samr_query_useraliases(hnd->cli, mem_ctx, &dom_pol,
- num_sids, sid2,
- num_aliases, alias_rids);
-
- done:
+ result = rpccli_samr_query_useraliases(cli, mem_ctx, &dom_pol,
+ num_sids, sid2,
+ num_aliases, alias_rids);
- if (got_dom_pol)
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
return result;
}
@@ -630,71 +515,54 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID ***sid_mem, char ***names,
+ DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{
- CLI_POLICY_HND *hnd = NULL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 i, total_names = 0;
POLICY_HND dom_pol, group_pol;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
- BOOL got_dom_pol = False, got_group_pol = False;
uint32 *rid_mem = NULL;
uint32 group_rid;
- int retry;
unsigned int j;
fstring sid_string;
+ struct rpc_pipe_client *cli;
- DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name, sid_to_string(sid_string, group_sid)));
+ DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name,
+ sid_to_string(sid_string, group_sid)));
- if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid)) {
- goto done;
- }
+ if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid))
+ return NT_STATUS_UNSUCCESSFUL;
*num_names = 0;
- retry = 0;
- do {
- /* Get sam handle */
- if (!NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)))
- goto done;
-
- /* Get domain handle */
-
- result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
- des_access, &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
-
- if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_dom_pol = True;
-
- /* Get group handle */
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
+ if (!NT_STATUS_IS_OK(result))
+ return result;
- result = cli_samr_open_group(hnd->cli, mem_ctx, &dom_pol,
- des_access, group_rid, &group_pol);
+ result = rpccli_samr_open_group(cli, mem_ctx, &dom_pol,
+ des_access, group_rid, &group_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
-
- got_group_pol = True;
+ return result;
/* Step #1: Get a list of user rids that are the members of the
group. */
- result = cli_samr_query_groupmem(hnd->cli, mem_ctx,
- &group_pol, num_names, &rid_mem,
- name_types);
+ result = rpccli_samr_query_groupmem(cli, mem_ctx,
+ &group_pol, num_names, &rid_mem,
+ name_types);
+
+ rpccli_samr_close(cli, mem_ctx, &group_pol);
if (!NT_STATUS_IS_OK(result))
- goto done;
+ return result;
if (!*num_names) {
names = NULL;
name_types = NULL;
sid_mem = NULL;
- goto done;
+ return NT_STATUS_OK;
}
/* Step #2: Convert list of rids into list of usernames. Do this
@@ -706,16 +574,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
*names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names);
*name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names);
- *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID *, *num_names);
+ *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, *num_names);
- for (j=0;j<(*num_names);j++) {
- (*sid_mem)[j] = rid_to_talloced_sid(domain, mem_ctx, (rid_mem)[j]);
- }
+ for (j=0;j<(*num_names);j++)
+ sid_compose(&(*sid_mem)[j], &domain->sid, rid_mem[j]);
- if (*num_names>0 && (!*names || !*name_types)) {
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
+ if (*num_names>0 && (!*names || !*name_types))
+ return NT_STATUS_NO_MEMORY;
for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);
@@ -725,18 +590,19 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
/* Lookup a chunk of rids */
- result = cli_samr_lookup_rids(hnd->cli, mem_ctx,
- &dom_pol,
- num_lookup_rids,
- &rid_mem[i],
- &tmp_num_names,
- &tmp_names, &tmp_types);
+ result = rpccli_samr_lookup_rids(cli, mem_ctx,
+ &dom_pol,
+ num_lookup_rids,
+ &rid_mem[i],
+ &tmp_num_names,
+ &tmp_names, &tmp_types);
- /* see if we have a real error (and yes the STATUS_SOME_UNMAPPED is
- the one returned from 2k) */
+ /* see if we have a real error (and yes the
+ STATUS_SOME_UNMAPPED is the one returned from 2k) */
- if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED))
- goto done;
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
+ return result;
/* Copy result into array. The talloc system will take
care of freeing the temporary arrays later on. */
@@ -752,16 +618,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
*num_names = total_names;
- result = NT_STATUS_OK;
-
-done:
- if (got_group_pol)
- cli_samr_close(hnd->cli, mem_ctx, &group_pol);
-
- if (got_dom_pol)
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
- return result;
+ return NT_STATUS_OK;
}
#ifdef HAVE_LDAP
@@ -780,11 +637,12 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
*seq = DOM_SEQUENCE_NONE;
/*
- * Parameterised (5) second timeout on open. This is needed as the search timeout
- * doesn't seem to apply to doing an open as well. JRA.
+ * Parameterised (5) second timeout on open. This is needed as the
+ * search timeout doesn't seem to apply to doing an open as well. JRA.
*/
- if ((ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout())) == NULL)
+ ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout());
+ if (ldp == NULL)
return -1;
/* Timeout if no response within 20 seconds. */
@@ -792,7 +650,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
to.tv_usec = 0;
if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)",
- CONST_DISCARD(char **, &attrs[0]), 0, &to, &res))
+ CONST_DISCARD(char **, attrs), 0, &to, &res))
goto done;
if (ldap_count_entries(ldp, res) != 1)
@@ -838,8 +696,10 @@ static int get_ldap_sequence_number( const char* domain, uint32 *seq)
for (i = 0; i < count; i++) {
fstring ipstr;
- /* since the is an LDAP lookup, default to the LDAP_PORT is not set */
- port = (ip_list[i].port!= PORT_NONE) ? ip_list[i].port : LDAP_PORT;
+ /* since the is an LDAP lookup, default to the LDAP_PORT is
+ * not set */
+ port = (ip_list[i].port!= PORT_NONE) ?
+ ip_list[i].port : LDAP_PORT;
fstrcpy( ipstr, inet_ntoa(ip_list[i].ip) );
@@ -850,12 +710,14 @@ static int get_ldap_sequence_number( const char* domain, uint32 *seq)
goto done;
/* add to failed connection cache */
- add_failed_connection_entry( domain, ipstr, NT_STATUS_UNSUCCESSFUL );
+ add_failed_connection_entry( domain, ipstr,
+ NT_STATUS_UNSUCCESSFUL );
}
done:
if ( ret == 0 ) {
- DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence number for Domain (%s) from DC (%s:%d)\n",
+ DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence "
+ "number for Domain (%s) from DC (%s:%d)\n",
domain, inet_ntoa(ip_list[i].ip), port));
}
@@ -870,14 +732,12 @@ done:
static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
{
TALLOC_CTX *mem_ctx;
- CLI_POLICY_HND *hnd;
SAM_UNK_CTR ctr;
NTSTATUS result;
POLICY_HND dom_pol;
- BOOL got_dom_pol = False;
BOOL got_seq_num = False;
- uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
int retry;
+ struct rpc_pipe_client *cli;
DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name));
@@ -887,41 +747,39 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
return NT_STATUS_NO_MEMORY;
retry = 0;
- do {
-#ifdef HAVE_LDAP
- if ( domain->native_mode )
- {
- DEBUG(8,("using get_ldap_seq() to retrieve the sequence number\n"));
-
- if ( get_ldap_sequence_number( domain->name, seq ) == 0 ) {
- result = NT_STATUS_OK;
- DEBUG(10,("domain_sequence_number: LDAP for domain %s is %u\n",
- domain->name, *seq));
- goto done;
- }
- DEBUG(10,("domain_sequence_number: failed to get LDAP sequence number for domain %s\n",
- domain->name ));
- }
-#endif /* HAVE_LDAP */
- /* Get sam handle */
- if (!NT_STATUS_IS_OK(result = cm_get_sam_handle(domain, &hnd)))
+#ifdef HAVE_LDAP
+ if ( domain->native_mode )
+ {
+ int res;
+
+ DEBUG(8,("using get_ldap_seq() to retrieve the "
+ "sequence number\n"));
+
+ res = get_ldap_sequence_number( domain->name, seq );
+ if (res == 0)
+ {
+ result = NT_STATUS_OK;
+ DEBUG(10,("domain_sequence_number: LDAP for "
+ "domain %s is %u\n",
+ domain->name, *seq));
goto done;
+ }
- /* Get domain handle */
- result = cli_samr_open_domain(hnd->cli, mem_ctx, &hnd->pol,
- des_access, &domain->sid, &dom_pol);
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
+ DEBUG(10,("domain_sequence_number: failed to get LDAP "
+ "sequence number for domain %s\n",
+ domain->name ));
+ }
+#endif /* HAVE_LDAP */
- if (!NT_STATUS_IS_OK(result))
+ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
+ if (!NT_STATUS_IS_OK(result)) {
goto done;
-
- got_dom_pol = True;
+ }
/* Query domain info */
- result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
- 8, &ctr);
+ result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr);
if (NT_STATUS_IS_OK(result)) {
*seq = ctr.info.inf8.seq_num.low;
@@ -932,8 +790,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* retry with info-level 2 in case the dc does not support info-level 8
* (like all older samba2 and samba3 dc's - Guenther */
- result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
- 2, &ctr);
+ result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr);
if (NT_STATUS_IS_OK(result)) {
*seq = ctr.info.inf2.seq_num.low;
@@ -942,17 +799,16 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
seq_num:
if (got_seq_num) {
- DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)*seq));
+ DEBUG(10,("domain_sequence_number: for domain %s is %u\n",
+ domain->name, (unsigned)*seq));
} else {
- DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n",
- (unsigned)*seq, domain->name ));
+ DEBUG(10,("domain_sequence_number: failed to get sequence "
+ "number (%u) for domain %s\n",
+ (unsigned)*seq, domain->name ));
}
done:
- if (got_dom_pol)
- cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
-
talloc_destroy(mem_ctx);
return result;
@@ -966,10 +822,10 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
char ***alt_names,
DOM_SID **dom_sids)
{
- CLI_POLICY_HND *hnd;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 enum_ctx = 0;
- int retry;
+ struct rpc_pipe_client *cli;
+ POLICY_HND lsa_policy;
DEBUG(3,("rpc: trusted_domains\n"));
@@ -978,46 +834,45 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
*alt_names = NULL;
*dom_sids = NULL;
- retry = 0;
- do {
- if (!NT_STATUS_IS_OK(result = cm_get_lsa_handle(find_our_domain(), &hnd)))
- goto done;
+ result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ if (!NT_STATUS_IS_OK(result))
+ return result;
- result = STATUS_MORE_ENTRIES;
-
- while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
- uint32 start_idx, num;
- char **tmp_names;
- DOM_SID *tmp_sids;
- int i;
-
- result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx,
- &hnd->pol, &enum_ctx,
- &num, &tmp_names,
- &tmp_sids);
-
- if (!NT_STATUS_IS_OK(result) &&
- !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
- break;
-
- start_idx = *num_domains;
- *num_domains += num;
- *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
- char *, *num_domains);
- *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
- DOM_SID,
- *num_domains);
- if ((*names == NULL) || (*dom_sids == NULL))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num; i++) {
- (*names)[start_idx+i] = tmp_names[i];
- (*dom_sids)[start_idx+i] = tmp_sids[i];
- }
- }
- } while (!NT_STATUS_IS_OK(result) && (retry++ < 1) && hnd && hnd->cli && hnd->cli->fd == -1);
+ result = STATUS_MORE_ENTRIES;
-done:
+ while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
+ uint32 start_idx, num;
+ char **tmp_names;
+ DOM_SID *tmp_sids;
+ int i;
+
+ result = rpccli_lsa_enum_trust_dom(cli, mem_ctx,
+ &lsa_policy, &enum_ctx,
+ &num, &tmp_names,
+ &tmp_sids);
+
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
+ break;
+
+ start_idx = *num_domains;
+ *num_domains += num;
+ *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
+ char *, *num_domains);
+ *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
+ DOM_SID, *num_domains);
+ *alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names,
+ char *, *num_domains);
+ if ((*names == NULL) || (*dom_sids == NULL) ||
+ (*alt_names == NULL))
+ return NT_STATUS_NO_MEMORY;
+
+ for (i=0; i<num; i++) {
+ (*names)[start_idx+i] = tmp_names[i];
+ (*dom_sids)[start_idx+i] = tmp_sids[i];
+ (*alt_names)[start_idx+i] = talloc_strdup(mem_ctx, "");
+ }
+ }
return result;
}
generated by cgit (git 2.34.1) at 2024-11-12 04:38:42 +0000