diff options
Diffstat (limited to 'source3/winbindd/winbindd_msrpc.c')
| -rw-r--r-- | source3/winbindd/winbindd_msrpc.c | 89 |
1 files changed, 55 insertions, 34 deletions
diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index 8986598daa..9ef0d87f5a 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -342,7 +342,7 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, DEBUG(3, ("msrpc_rids_to_names: domain %s\n", domain->name )); if (num_rids) { - sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_rids); + sids = talloc_array(mem_ctx, struct dom_sid, num_rids); if (sids == NULL) { return NT_STATUS_NO_MEMORY; } @@ -400,7 +400,7 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain, { struct rpc_pipe_client *samr_pipe; struct policy_handle dom_pol; - struct netr_SamInfo3 *user; + struct netr_SamInfo3 *user = NULL; TALLOC_CTX *tmp_ctx; NTSTATUS status; @@ -418,7 +418,9 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain, } /* try netsamlogon cache first */ - user = netsamlogon_cache_get(tmp_ctx, user_sid); + if (winbindd_use_cache()) { + user = netsamlogon_cache_get(tmp_ctx, user_sid); + } if (user != NULL) { DEBUG(5,("msrpc_query_user: Cache lookup succeeded for %s\n", sid_string_dbg(user_sid))); @@ -699,9 +701,9 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain, #define MAX_LOOKUP_RIDS 900 - *names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names); - *name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names); - *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, *num_names); + *names = talloc_zero_array(mem_ctx, char *, *num_names); + *name_types = talloc_zero_array(mem_ctx, uint32, *num_names); + *sid_mem = talloc_zero_array(mem_ctx, struct dom_sid, *num_names); for (j=0;j<(*num_names);j++) sid_compose(&(*sid_mem)[j], &domain->sid, rid_mem[j]); @@ -762,7 +764,7 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain, #include <ldap.h> -static int get_ldap_seq(const char *server, int port, uint32 *seq) +static int get_ldap_seq(const char *server, struct sockaddr_storage *ss, int port, uint32 *seq) { int ret = -1; struct timeval to; @@ -778,7 +780,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq) * search timeout doesn't seem to apply to doing an open as well. JRA. */ - ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout()); + ldp = ldap_open_with_timeout(server, ss, port, lp_ldap_timeout()); if (ldp == NULL) return -1; @@ -787,7 +789,7 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq) to.tv_usec = 0; if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)", - CONST_DISCARD(char **, attrs), 0, &to, &res)) + discard_const_p(char *, attrs), 0, &to, &res)) goto done; if (ldap_count_entries(ldp, res) != 1) @@ -822,7 +824,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq) char addr[INET6_ADDRSTRLEN]; print_sockaddr(addr, sizeof(addr), &domain->dcaddr); - if ((ret = get_ldap_seq(addr, LDAP_PORT, seq)) == 0) { + if ((ret = get_ldap_seq(addr, &domain->dcaddr, LDAP_PORT, seq)) == 0) { DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence " "number for Domain (%s) from DC (%s)\n", domain->name, addr)); @@ -1057,14 +1059,15 @@ static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, return status; } -typedef NTSTATUS (*lookup_sids_fn_t)(struct rpc_pipe_client *cli, +typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h, TALLOC_CTX *mem_ctx, struct policy_handle *pol, int num_sids, const struct dom_sid *sids, char ***pdomains, char ***pnames, - enum lsa_SidType **ptypes); + enum lsa_SidType **ptypes, + NTSTATUS *result); NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, @@ -1075,15 +1078,17 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, enum lsa_SidType **types) { NTSTATUS status; + NTSTATUS result; struct rpc_pipe_client *cli = NULL; + struct dcerpc_binding_handle *b = NULL; struct policy_handle lsa_policy; unsigned int orig_timeout; - lookup_sids_fn_t lookup_sids_fn = rpccli_lsa_lookup_sids; + lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids; if (domain->can_do_ncacn_ip_tcp) { status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); if (NT_STATUS_IS_OK(status)) { - lookup_sids_fn = rpccli_lsa_lookup_sids3; + lookup_sids_fn = dcerpc_lsa_lookup_sids3; goto lookup; } domain->can_do_ncacn_ip_tcp = false; @@ -1095,27 +1100,30 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, } lookup: + b = cli->binding_handle; + /* * This call can take a long time * allow the server to time out. * 35 seconds should do it. */ - orig_timeout = rpccli_set_timeout(cli, 35000); + orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); - status = lookup_sids_fn(cli, + status = lookup_sids_fn(b, mem_ctx, &lsa_policy, num_sids, sids, domains, names, - types); + types, + &result); /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); + dcerpc_binding_handle_set_timeout(b, orig_timeout); - if (NT_STATUS_V(status) == DCERPC_FAULT_ACCESS_DENIED || - NT_STATUS_V(status) == DCERPC_FAULT_SEC_PKG_ERROR) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1130,18 +1138,23 @@ NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, return status; } - return status; + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + return NT_STATUS_OK; } -typedef NTSTATUS (*lookup_names_fn_t)(struct rpc_pipe_client *cli, +typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, TALLOC_CTX *mem_ctx, struct policy_handle *pol, - int num_names, + uint32_t num_names, const char **names, const char ***dom_names, - int level, + enum lsa_LookupNamesLevel level, struct dom_sid **sids, - enum lsa_SidType **types); + enum lsa_SidType **types, + NTSTATUS *result); NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, @@ -1152,15 +1165,17 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, enum lsa_SidType **types) { NTSTATUS status; + NTSTATUS result; struct rpc_pipe_client *cli = NULL; + struct dcerpc_binding_handle *b = NULL; struct policy_handle lsa_policy; unsigned int orig_timeout = 0; - lookup_names_fn_t lookup_names_fn = rpccli_lsa_lookup_names; + lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names; if (domain->can_do_ncacn_ip_tcp) { status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); if (NT_STATUS_IS_OK(status)) { - lookup_names_fn = rpccli_lsa_lookup_names4; + lookup_names_fn = dcerpc_lsa_lookup_names4; goto lookup; } domain->can_do_ncacn_ip_tcp = false; @@ -1172,15 +1187,16 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, } lookup: + b = cli->binding_handle; /* * This call can take a long time * allow the server to time out. * 35 seconds should do it. */ - orig_timeout = rpccli_set_timeout(cli, 35000); + orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); - status = lookup_names_fn(cli, + status = lookup_names_fn(b, mem_ctx, &lsa_policy, num_names, @@ -1188,13 +1204,14 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, domains, 1, sids, - types); + types, + &result); /* And restore our original timeout. */ - rpccli_set_timeout(cli, orig_timeout); + dcerpc_binding_handle_set_timeout(b, orig_timeout); - if (NT_STATUS_V(status) == DCERPC_FAULT_ACCESS_DENIED || - NT_STATUS_V(status) == DCERPC_FAULT_SEC_PKG_ERROR) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { /* * This can happen if the schannel key is not * valid anymore, we need to invalidate the @@ -1209,7 +1226,11 @@ NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, return status; } - return status; + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + return NT_STATUS_OK; } /* the rpc backend methods are exposed via this structure */ |