summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd.h6
-rw-r--r--source3/winbindd/winbindd_ads.c59
-rw-r--r--source3/winbindd/winbindd_cm.c43
-rw-r--r--source3/winbindd/winbindd_locator.c2
-rw-r--r--source3/winbindd/winbindd_pam.c2
-rw-r--r--source3/winbindd/winbindd_util.c22
6 files changed, 69 insertions, 65 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 6bf6e6c68f..c4c1278d73 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -164,9 +164,9 @@ struct winbindd_domain {
fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */
fstring forest_name; /* Name of the AD forest we're in */
DOM_SID sid; /* SID for this domain */
- uint32 domain_flags; /* Domain flags from rpc_ds.h */
- uint32 domain_type; /* Domain type from rpc_ds.h */
- uint32 domain_trust_attribs; /* Trust attribs from rpc_ds.h */
+ uint32 domain_flags; /* Domain flags from netlogon.h */
+ uint32 domain_type; /* Domain type from netlogon.h */
+ uint32 domain_trust_attribs; /* Trust attribs from netlogon.h */
bool initialized; /* Did we already ask for the domain mode? */
bool native_mode; /* is this a win2k domain in native mode ? */
bool active_directory; /* is this a win2k active directory ? */
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index f963669825..db7ceca04d 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1157,12 +1157,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DOM_SID **dom_sids)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct ds_domain_trust *domains = NULL;
- int count = 0;
+ struct netr_DomainTrustList trusts;
int i;
uint32 flags;
struct rpc_pipe_client *cli;
- uint32 fr_flags = (DS_DOMAIN_IN_FOREST | DS_DOMAIN_TREE_ROOT);
+ uint32 fr_flags = (NETR_TRUST_FLAG_IN_FOREST | NETR_TRUST_FLAG_TREEROOT);
int ret_count;
DEBUG(3,("ads: trusted_domains\n"));
@@ -1179,11 +1178,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
if ( domain->primary ||
((domain->domain_flags&fr_flags) == fr_flags) )
{
- flags = DS_DOMAIN_DIRECT_OUTBOUND |
- DS_DOMAIN_DIRECT_INBOUND |
- DS_DOMAIN_IN_FOREST;
+ flags = NETR_TRUST_FLAG_OUTBOUND |
+ NETR_TRUST_FLAG_INBOUND |
+ NETR_TRUST_FLAG_IN_FOREST;
} else {
- flags = DS_DOMAIN_IN_FOREST;
+ flags = NETR_TRUST_FLAG_IN_FOREST;
}
result = cm_connect_netlogon(domain, &cli);
@@ -1194,29 +1193,27 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
domain->name, nt_errstr(result)));
return NT_STATUS_UNSUCCESSFUL;
}
-
- if ( NT_STATUS_IS_OK(result) ) {
- result = rpccli_ds_enum_domain_trusts(cli, mem_ctx,
- cli->cli->desthost,
- flags, &domains,
- (unsigned int *)&count);
- }
-
- if ( NT_STATUS_IS_OK(result) && count) {
+
+ result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+ cli->cli->desthost,
+ flags,
+ &trusts,
+ NULL);
+ if ( NT_STATUS_IS_OK(result) && trusts.count) {
/* Allocate memory for trusted domain names and sids */
- if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, count)) ) {
+ if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
DEBUG(0, ("trusted_domains: out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
- if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, count)) ) {
+ if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
DEBUG(0, ("trusted_domains: out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
- if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, count)) ) {
+ if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, trusts.count)) ) {
DEBUG(0, ("trusted_domains: out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -1225,7 +1222,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
ret_count = 0;
- for (i = 0; i < count; i++) {
+ for (i = 0; i < trusts.count; i++) {
struct winbindd_domain d;
/* drop external trusts if this is not our primary
@@ -1233,24 +1230,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
domains may be less that the ones actually trusted
by the DC. */
- if ( (domains[i].trust_attributes == DS_DOMAIN_TRUST_ATTRIB_QUARANTINED_DOMAIN) &&
+ if ( (trusts.array[i].trust_attributes == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
!domain->primary )
{
DEBUG(10,("trusted_domains: Skipping external trusted domain "
"%s because it is outside of our primary domain\n",
- domains[i].netbios_domain));
+ trusts.array[i].netbios_name));
continue;
}
- (*names)[ret_count] = domains[i].netbios_domain;
- (*alt_names)[ret_count] = domains[i].dns_domain;
- sid_copy(&(*dom_sids)[ret_count], &domains[i].sid);
+ (*names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].netbios_name);
+ (*alt_names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].dns_name);
+ sid_copy(&(*dom_sids)[ret_count], trusts.array[i].sid);
/* add to the trusted domain cache */
- fstrcpy( d.name, domains[i].netbios_domain );
- fstrcpy( d.alt_name, domains[i].dns_domain );
- sid_copy( &d.sid, &domains[i].sid );
+ fstrcpy( d.name, trusts.array[i].netbios_name);
+ fstrcpy( d.alt_name, trusts.array[i].dns_name);
+ sid_copy( &d.sid, trusts.array[i].sid);
/* This gets a little tricky. If we are
following a transitive forest trust, then
@@ -1269,9 +1266,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
we have the current trust flags and
attributes */
- d.domain_flags = domains[i].flags;
- d.domain_type = domains[i].trust_type;
- d.domain_trust_attribs = domains[i].trust_attributes;
+ d.domain_flags = trusts.array[i].trust_flags;
+ d.domain_type = trusts.array[i].trust_type;
+ d.domain_trust_attribs = trusts.array[i].trust_attributes;
} else {
/* Look up the record in the cache */
struct winbindd_tdc_domain *parent;
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 94910072c3..66787a0d6d 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1716,12 +1716,11 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
{
struct winbindd_domain *our_domain;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct ds_domain_trust *domains = NULL;
- int count = 0;
+ struct netr_DomainTrustList trusts;
int i;
- uint32 flags = (DS_DOMAIN_IN_FOREST |
- DS_DOMAIN_DIRECT_OUTBOUND |
- DS_DOMAIN_DIRECT_INBOUND);
+ uint32 flags = (NETR_TRUST_FLAG_IN_FOREST |
+ NETR_TRUST_FLAG_OUTBOUND |
+ NETR_TRUST_FLAG_INBOUND);
struct rpc_pipe_client *cli;
TALLOC_CTX *mem_ctx = NULL;
@@ -1763,27 +1762,35 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
return False;
}
- result = rpccli_ds_enum_domain_trusts(cli, mem_ctx,
- cli->cli->desthost,
- flags, &domains,
- (unsigned int *)&count);
+ result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+ cli->cli->desthost,
+ flags,
+ &trusts,
+ NULL);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(0,("set_dc_type_and_flags_trustinfo: "
+ "failed to query trusted domain list: %s\n",
+ nt_errstr(result)));
+ talloc_destroy(mem_ctx);
+ return false;
+ }
/* Now find the domain name and get the flags */
- for ( i=0; i<count; i++ ) {
- if ( strequal( domain->name, domains[i].netbios_domain ) ) {
- domain->domain_flags = domains[i].flags;
- domain->domain_type = domains[i].trust_type;
- domain->domain_trust_attribs = domains[i].trust_attributes;
-
- if ( domain->domain_type == DS_DOMAIN_TRUST_TYPE_UPLEVEL )
+ for ( i=0; i<trusts.count; i++ ) {
+ if ( strequal( domain->name, trusts.array[i].netbios_name) ) {
+ domain->domain_flags = trusts.array[i].trust_flags;
+ domain->domain_type = trusts.array[i].trust_type;
+ domain->domain_trust_attribs = trusts.array[i].trust_attributes;
+
+ if ( domain->domain_type == NETR_TRUST_TYPE_UPLEVEL )
domain->active_directory = True;
/* This flag is only set if the domain is *our*
primary domain and the primary domain is in
native mode */
- domain->native_mode = (domain->domain_flags & DS_DOMAIN_NATIVE_MODE);
+ domain->native_mode = (domain->domain_flags & NETR_TRUST_FLAG_NATIVE);
DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s is %sin "
"native mode.\n", domain->name,
@@ -1930,7 +1937,7 @@ no_dssetup:
fstrcpy(domain->forest_name, forest_name);
if (strequal(domain->forest_name, domain->alt_name)) {
- domain->domain_flags = DS_DOMAIN_TREE_ROOT;
+ domain->domain_flags = NETR_TRUST_FLAG_TREEROOT;
}
}
diff --git a/source3/winbindd/winbindd_locator.c b/source3/winbindd/winbindd_locator.c
index 05bd74af25..6b1cff99e0 100644
--- a/source3/winbindd/winbindd_locator.c
+++ b/source3/winbindd/winbindd_locator.c
@@ -67,7 +67,7 @@ static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain,
DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid,
state->request.domain_name));
- result = dsgetdcname(state->mem_ctx, NULL, state->request.domain_name,
+ result = dsgetdcname(state->mem_ctx, state->request.domain_name,
NULL, NULL, state->request.flags, &info);
if (!NT_STATUS_IS_OK(result)) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 98c9ae2ffe..ea9a07d388 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -964,7 +964,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
#ifdef HAVE_KRB5
if ((state->request.flags & WBFLAG_PAM_KRB5) &&
((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
- (tdc_domain->trust_type & DS_DOMAIN_TRUST_TYPE_UPLEVEL)) {
+ (tdc_domain->trust_type & NETR_TRUST_TYPE_UPLEVEL)) {
uid_t uid = -1;
const char *cc = NULL;
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index f6bb5750ea..10779cd60a 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -218,7 +218,7 @@ static void add_trusted_domains( struct winbindd_domain *domain )
TALLOC_CTX *mem_ctx;
struct winbindd_request *request;
struct winbindd_response *response;
- uint32 fr_flags = (DS_DOMAIN_TREE_ROOT|DS_DOMAIN_IN_FOREST);
+ uint32 fr_flags = (NETR_TRUST_FLAG_TREEROOT|NETR_TRUST_FLAG_IN_FOREST);
struct trustdom_state *state;
@@ -391,8 +391,8 @@ static void rescan_forest_root_trusts( void )
the domain_list() as our primary domain may not
have been initialized. */
- if ( !(dom_list[i].trust_flags & DS_DOMAIN_TREE_ROOT) ) {
- continue;
+ if ( !(dom_list[i].trust_flags & NETR_TRUST_FLAG_TREEROOT) ) {
+ continue;
}
/* Here's the forest root */
@@ -456,10 +456,10 @@ static void rescan_forest_trusts( void )
if ( d && (d->internal || d->primary ) )
continue;
-
- if ( (flags & DS_DOMAIN_DIRECT_INBOUND) &&
- (type == DS_DOMAIN_TRUST_TYPE_UPLEVEL) &&
- (attribs == DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE) )
+
+ if ( (flags & NETR_TRUST_FLAG_INBOUND) &&
+ (type == NETR_TRUST_TYPE_UPLEVEL) &&
+ (attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
{
/* add the trusted domain if we don't know
about it */
@@ -770,8 +770,8 @@ void check_domain_trusted( const char *name, const DOM_SID *user_sid )
forest trust */
domain->active_directory = True;
- domain->domain_flags = DS_DOMAIN_DIRECT_OUTBOUND;
- domain->domain_type = DS_DOMAIN_TRUST_TYPE_UPLEVEL;
+ domain->domain_flags = NETR_TRUST_FLAG_OUTBOUND;
+ domain->domain_type = NETR_TRUST_TYPE_UPLEVEL;
domain->internal = False;
domain->online = True;
@@ -1408,7 +1408,7 @@ bool winbindd_can_contact_domain(struct winbindd_domain *domain)
/* Can always contact a domain that is in out forest */
- if (tdc->trust_flags & DS_DOMAIN_IN_FOREST) {
+ if (tdc->trust_flags & NETR_TRUST_FLAG_IN_FOREST) {
ret = true;
goto done;
}
@@ -1420,7 +1420,7 @@ bool winbindd_can_contact_domain(struct winbindd_domain *domain)
if (!IS_DC &&
domain->active_directory &&
- ((tdc->trust_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND))
+ ((tdc->trust_flags & NETR_TRUST_FLAG_INBOUND) != NETR_TRUST_FLAG_INBOUND))
{
DEBUG(10, ("winbindd_can_contact_domain: %s is an AD domain "
"and we have no inbound trust.\n", domain->name));
generated by cgit (git 2.34.1) at 2025-01-09 00:48:07 +0000