diff options
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd.c | 7 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_glue.c | 79 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 2 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 17 |
4 files changed, 88 insertions, 17 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 9d315a0811..9dd995b4ae 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -644,6 +644,13 @@ int main(int argc, char **argv) BOOL interactive = False; int opt, new_debuglevel = -1; + /* Must be root */ + + if(geteuid() != (uid_t)0) { + fprintf(stderr, "Must have effective user id of zero.\n"); + exit(1); + } + /* Set environment variable so we don't recursively call ourselves. This may also be useful interactively. */ SETENV(WINBINDD_DONT_ENV, "1", 1); diff --git a/source3/nsswitch/winbindd_glue.c b/source3/nsswitch/winbindd_glue.c index 9007e8c275..6f55e564f4 100644 --- a/source3/nsswitch/winbindd_glue.c +++ b/source3/nsswitch/winbindd_glue.c @@ -47,6 +47,9 @@ BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access, /* Initialise RPC connection */ + if (!cli_initialise(pol->cli)) + goto done; + ZERO_STRUCT(creds); creds.pwd.null_pwd = 1; @@ -168,16 +171,62 @@ BOOL wb_samr_close(CLI_POLICY_HND *hnd) /**************************************************************************** samr_connect glue ****************************************************************************/ -BOOL wb_samr_connect(char *srv_name, uint32 access_mask, - CLI_POLICY_HND *connect_pol) +BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol) { - uint32 ret; + struct nmb_name calling, called; + struct ntuser_creds creds; + struct in_addr dest_ip; + fstring dest_host; + uint32 result = NT_STATUS_UNSUCCESSFUL; + extern pstring global_myname; - ret = cli_samr_connect(connect_pol->cli, connect_pol->mem_ctx, - srv_name, access_mask, - &connect_pol->handle); + ZERO_STRUCTP(pol); - return (ret == NT_STATUS_NOPROBLEMO); + pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state)); + pol->mem_ctx = talloc_init(); + + if (!pol->cli || !pol->mem_ctx) + return False; + + /* Initialise RPC connection */ + + if (!cli_initialise(pol->cli)) + goto done; + + ZERO_STRUCT(creds); + creds.pwd.null_pwd = 1; + + cli_init_creds(pol->cli, &creds); + + /* Establish a SMB connection */ + + if (!resolve_srv_name(server, dest_host, &dest_ip)) { + goto done; + } + + make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20); + make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); + + if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling, + &called, "IPC$", "IPC", False, True)) { + goto done; + } + + if (!cli_nt_session_open (pol->cli, PIPE_SAMR)) { + goto done; + } + + result = cli_samr_connect(pol->cli, pol->mem_ctx, server, + access_mask, &pol->handle); + + done: + if (result != NT_STATUS_NOPROBLEMO && pol->cli) { + if (pol->cli->initialised) + cli_shutdown(pol->cli); + free(pol->cli); + } + + return (result == NT_STATUS_NOPROBLEMO); } @@ -198,6 +247,7 @@ BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms, if (ret == NT_STATUS_NOPROBLEMO) { domain_pol->cli = connect_pol->cli; + domain_pol->mem_ctx = connect_pol->mem_ctx; return True; } @@ -222,8 +272,12 @@ uint32 wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx, uint32 size, struct acct_info **sam, uint32 *num_sam_groups) { - DEBUG(0,("unimplemented samr_enum_dom_groups\n")); - return -1; + uint32 ret; + + ret = cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle, + start_idx, size, sam, num_sam_groups); + + return (ret == NT_STATUS_NOPROBLEMO); } /**************************************************************************** @@ -328,7 +382,12 @@ BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid, != NT_STATUS_NOPROBLEMO) goto done; - /* do a samr_query_lookup_rids() */ + if ((result = cli_samr_lookup_rids(pol->cli, pol->mem_ctx, + &pol->handle, 1000, /* ??? */ + *num_names, *rid_mem, + num_names, names, name_types)) + != NT_STATUS_NOPROBLEMO) + goto done; done: if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index b56d2787d6..ed4db07dda 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -522,8 +522,6 @@ static BOOL get_sam_group_entries(struct getent_state *ent) memcpy(&name_list[ent->num_sam_entries], sam_grp_entries, num_entries * sizeof(struct acct_info)); - - safe_free(sam_grp_entries); } ent->num_sam_entries += num_entries; diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index b838dd0145..3d8fbd3da8 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -327,8 +327,7 @@ static BOOL get_any_dc_name(char *domain, fstring srv_name) dc_ip = ip_list[i]; free(ip_list); - if (!lookup_pdc_name(global_myname, lp_workgroup(), - &dc_ip, server_state.controller)) + if (!lookup_pdc_name(global_myname, lp_workgroup(), &dc_ip, srv_name)) return False; return True; @@ -366,6 +365,8 @@ void establish_connections(BOOL force_reestablish) if (!get_any_dc_name(lp_workgroup(), server_state.controller)) { + DEBUG(3, ("could not find any domain controllers " + "for domain %s\n", lp_workgroup())); return; } @@ -374,8 +375,10 @@ void establish_connections(BOOL force_reestablish) // server_state.pwdb_initialised = pwdb_initialise(False); server_state.pwdb_initialised = True; - if (!server_state.pwdb_initialised) + if (!server_state.pwdb_initialised) { + DEBUG(3, ("could not initialise pwdb\n")); return; + } } /* Open lsa handle if it isn't already open */ @@ -387,7 +390,11 @@ void establish_connections(BOOL force_reestablish) False, SEC_RIGHTS_MAXIMUM_ALLOWED, &server_state.lsa_handle); - if (!server_state.lsa_handle_open) return; + if (!server_state.lsa_handle_open) { + DEBUG(0, ("error opening lsa handle on dc %s\n", + server_state.controller)); + return; + } /* Now we can talk to the server we can get some info */ @@ -436,7 +443,7 @@ BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain) /* Look for domain name */ - if (res && domains && sids) { + if (!res && domains && sids) { int found = False; int i; |