summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_msrpc.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd/winbindd_msrpc.c')
-rw-r--r--source3/winbindd/winbindd_msrpc.c89
1 files changed, 55 insertions, 34 deletions
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
index 8986598daa..9ef0d87f5a 100644
--- a/source3/winbindd/winbindd_msrpc.c
+++ b/source3/winbindd/winbindd_msrpc.c
@@ -342,7 +342,7 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
DEBUG(3, ("msrpc_rids_to_names: domain %s\n", domain->name ));
if (num_rids) {
- sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_rids);
+ sids = talloc_array(mem_ctx, struct dom_sid, num_rids);
if (sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -400,7 +400,7 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
{
struct rpc_pipe_client *samr_pipe;
struct policy_handle dom_pol;
- struct netr_SamInfo3 *user;
+ struct netr_SamInfo3 *user = NULL;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
@@ -418,7 +418,9 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
}
/* try netsamlogon cache first */
- user = netsamlogon_cache_get(tmp_ctx, user_sid);
+ if (winbindd_use_cache()) {
+ user = netsamlogon_cache_get(tmp_ctx, user_sid);
+ }
if (user != NULL) {
DEBUG(5,("msrpc_query_user: Cache lookup succeeded for %s\n",
sid_string_dbg(user_sid)));
@@ -699,9 +701,9 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain,
#define MAX_LOOKUP_RIDS 900
- *names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names);
- *name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names);
- *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, *num_names);
+ *names = talloc_zero_array(mem_ctx, char *, *num_names);
+ *name_types = talloc_zero_array(mem_ctx, uint32, *num_names);
+ *sid_mem = talloc_zero_array(mem_ctx, struct dom_sid, *num_names);
for (j=0;j<(*num_names);j++)
sid_compose(&(*sid_mem)[j], &domain->sid, rid_mem[j]);
@@ -762,7 +764,7 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain,
#include <ldap.h>
-static int get_ldap_seq(const char *server, int port, uint32 *seq)
+static int get_ldap_seq(const char *server, struct sockaddr_storage *ss, int port, uint32 *seq)
{
int ret = -1;
struct timeval to;
@@ -778,7 +780,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
* search timeout doesn't seem to apply to doing an open as well. JRA.
*/
- ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout());
+ ldp = ldap_open_with_timeout(server, ss, port, lp_ldap_timeout());
if (ldp == NULL)
return -1;
@@ -787,7 +789,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq)
to.tv_usec = 0;
if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)",
- CONST_DISCARD(char **, attrs), 0, &to, &res))
+ discard_const_p(char *, attrs), 0, &to, &res))
goto done;
if (ldap_count_entries(ldp, res) != 1)
@@ -822,7 +824,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
char addr[INET6_ADDRSTRLEN];
print_sockaddr(addr, sizeof(addr), &domain->dcaddr);
- if ((ret = get_ldap_seq(addr, LDAP_PORT, seq)) == 0) {
+ if ((ret = get_ldap_seq(addr, &domain->dcaddr, LDAP_PORT, seq)) == 0) {
DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence "
"number for Domain (%s) from DC (%s)\n",
domain->name, addr));
@@ -1057,14 +1059,15 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
return status;
}
-typedef NTSTATUS (*lookup_sids_fn_t)(struct rpc_pipe_client *cli,
+typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
struct policy_handle *pol,
int num_sids,
const struct dom_sid *sids,
char ***pdomains,
char ***pnames,
- enum lsa_SidType **ptypes);
+ enum lsa_SidType **ptypes,
+ NTSTATUS *result);
NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
@@ -1075,15 +1078,17 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
enum lsa_SidType **types)
{
NTSTATUS status;
+ NTSTATUS result;
struct rpc_pipe_client *cli = NULL;
+ struct dcerpc_binding_handle *b = NULL;
struct policy_handle lsa_policy;
unsigned int orig_timeout;
- lookup_sids_fn_t lookup_sids_fn = rpccli_lsa_lookup_sids;
+ lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids;
if (domain->can_do_ncacn_ip_tcp) {
status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
if (NT_STATUS_IS_OK(status)) {
- lookup_sids_fn = rpccli_lsa_lookup_sids3;
+ lookup_sids_fn = dcerpc_lsa_lookup_sids3;
goto lookup;
}
domain->can_do_ncacn_ip_tcp = false;
@@ -1095,27 +1100,30 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
}
lookup:
+ b = cli->binding_handle;
+
/*
* This call can take a long time
* allow the server to time out.
* 35 seconds should do it.
*/
- orig_timeout = rpccli_set_timeout(cli, 35000);
+ orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000);
- status = lookup_sids_fn(cli,
+ status = lookup_sids_fn(b,
mem_ctx,
&lsa_policy,
num_sids,
sids,
domains,
names,
- types);
+ types,
+ &result);
/* And restore our original timeout. */
- rpccli_set_timeout(cli, orig_timeout);
+ dcerpc_binding_handle_set_timeout(b, orig_timeout);
- if (NT_STATUS_V(status) == DCERPC_FAULT_ACCESS_DENIED ||
- NT_STATUS_V(status) == DCERPC_FAULT_SEC_PKG_ERROR) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
@@ -1130,18 +1138,23 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
return status;
}
- return status;
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+
+ return NT_STATUS_OK;
}
-typedef NTSTATUS (*lookup_names_fn_t)(struct rpc_pipe_client *cli,
+typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h,
TALLOC_CTX *mem_ctx,
struct policy_handle *pol,
- int num_names,
+ uint32_t num_names,
const char **names,
const char ***dom_names,
- int level,
+ enum lsa_LookupNamesLevel level,
struct dom_sid **sids,
- enum lsa_SidType **types);
+ enum lsa_SidType **types,
+ NTSTATUS *result);
NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
@@ -1152,15 +1165,17 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
enum lsa_SidType **types)
{
NTSTATUS status;
+ NTSTATUS result;
struct rpc_pipe_client *cli = NULL;
+ struct dcerpc_binding_handle *b = NULL;
struct policy_handle lsa_policy;
unsigned int orig_timeout = 0;
- lookup_names_fn_t lookup_names_fn = rpccli_lsa_lookup_names;
+ lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names;
if (domain->can_do_ncacn_ip_tcp) {
status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
if (NT_STATUS_IS_OK(status)) {
- lookup_names_fn = rpccli_lsa_lookup_names4;
+ lookup_names_fn = dcerpc_lsa_lookup_names4;
goto lookup;
}
domain->can_do_ncacn_ip_tcp = false;
@@ -1172,15 +1187,16 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
}
lookup:
+ b = cli->binding_handle;
/*
* This call can take a long time
* allow the server to time out.
* 35 seconds should do it.
*/
- orig_timeout = rpccli_set_timeout(cli, 35000);
+ orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000);
- status = lookup_names_fn(cli,
+ status = lookup_names_fn(b,
mem_ctx,
&lsa_policy,
num_names,
@@ -1188,13 +1204,14 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
domains,
1,
sids,
- types);
+ types,
+ &result);
/* And restore our original timeout. */
- rpccli_set_timeout(cli, orig_timeout);
+ dcerpc_binding_handle_set_timeout(b, orig_timeout);
- if (NT_STATUS_V(status) == DCERPC_FAULT_ACCESS_DENIED ||
- NT_STATUS_V(status) == DCERPC_FAULT_SEC_PKG_ERROR) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
@@ -1209,7 +1226,11 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
return status;
}
- return status;
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+
+ return NT_STATUS_OK;
}
/* the rpc backend methods are exposed via this structure */