summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd.h5
-rw-r--r--source3/winbindd/winbindd_ads.c83
-rw-r--r--source3/winbindd/winbindd_cache.c13
-rw-r--r--source3/winbindd/winbindd_misc.c48
-rw-r--r--source3/winbindd/winbindd_passdb.c72
-rw-r--r--source3/winbindd/winbindd_reconnect.c12
-rw-r--r--source3/winbindd/winbindd_rpc.c47
7 files changed, 98 insertions, 182 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index a589ecc0cc..ea791234fb 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -313,10 +313,7 @@ struct winbindd_methods {
/* enumerate trusted domains */
NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids);
+ struct netr_DomainTrustList *trusts);
};
/* Filled out by IDMAP backends */
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 039c59e339..b0ca9b8176 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1257,13 +1257,9 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- struct netr_DomainTrustList trusts;
int i;
uint32 flags;
struct rpc_pipe_client *cli;
@@ -1272,10 +1268,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(3,("ads: trusted_domains\n"));
- *num_domains = 0;
- *alt_names = NULL;
- *names = NULL;
- *dom_sids = NULL;
+ ZERO_STRUCTP(trusts);
/* If this is our primary domain or a root in our forest,
query for all trusts. If not, then just look for domain
@@ -1303,36 +1296,20 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
cli->desthost,
flags,
- &trusts,
+ trusts,
NULL);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
- if (trusts.count == 0) {
+ if (trusts->count == 0) {
return NT_STATUS_OK;
}
- /* Allocate memory for trusted domain names and sids */
-
- if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
- DEBUG(0, ("trusted_domains: out of memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
- DEBUG(0, ("trusted_domains: out of memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, trusts.count)) ) {
- DEBUG(0, ("trusted_domains: out of memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
/* Copy across names and sids */
ret_count = 0;
- for (i = 0; i < trusts.count; i++) {
+ for (i = 0; i < trusts->count; i++) {
+ struct netr_DomainTrust *trust = &trusts->array[i];
struct winbindd_domain d;
ZERO_STRUCT(d);
@@ -1344,39 +1321,23 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
* by the DC.
*/
- if ((trusts.array[i].trust_attributes
+ if ((trust->trust_attributes
== NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
!domain->primary )
{
DEBUG(10,("trusted_domains: Skipping external trusted "
"domain %s because it is outside of our "
"primary domain\n",
- trusts.array[i].netbios_name));
+ trust->netbios_name));
continue;
}
- /*
- * We must check that the SID of each trusted domain
- * was returned to work around a bug in Windows:
- * http://support.microsoft.com/kb/922832
- */
-
- (*names)[ret_count] = CONST_DISCARD(
- char *, trusts.array[i].netbios_name);
- (*alt_names)[ret_count] = CONST_DISCARD(
- char *, trusts.array[i].dns_name);
- if (trusts.array[i].sid) {
- sid_copy(&(*dom_sids)[ret_count], trusts.array[i].sid);
- } else {
- sid_copy(&(*dom_sids)[ret_count], &global_sid_NULL);
- }
-
/* add to the trusted domain cache */
- fstrcpy( d.name, trusts.array[i].netbios_name);
- fstrcpy( d.alt_name, trusts.array[i].dns_name);
- if (trusts.array[i].sid) {
- sid_copy( &d.sid, trusts.array[i].sid);
+ fstrcpy(d.name, trust->netbios_name);
+ fstrcpy(d.alt_name, trust->dns_name);
+ if (trust->sid) {
+ sid_copy(&d.sid, trust->sid);
} else {
sid_copy(&d.sid, &global_sid_NULL);
}
@@ -1387,10 +1348,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
"trust flags for domain %s\n",
domain->name, d.alt_name));
- d.domain_flags = trusts.array[i].trust_flags;
- d.domain_type = trusts.array[i].trust_type;
- d.domain_trust_attribs =
- trusts.array[i].trust_attributes;
+ d.domain_flags = trust->trust_flags;
+ d.domain_type = trust->trust_type;
+ d.domain_trust_attribs = trust->trust_attributes;
wcache_tdc_add_domain( &d );
ret_count++;
@@ -1403,16 +1363,16 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
struct winbindd_tdc_domain *exist = NULL;
exist = wcache_tdc_fetch_domain(
- NULL, trusts.array[i].netbios_name);
+ talloc_tos(), trust->netbios_name);
if (!exist) {
DEBUG(10,("trusted_domains(ads): Searching "
"trusted domain list of %s and "
"storing trust flags for domain "
"%s\n", domain->name, d.alt_name));
- d.domain_flags = trusts.array[i].trust_flags;
- d.domain_type = trusts.array[i].trust_type;
+ d.domain_flags = trust->trust_flags;
+ d.domain_type = trust->trust_type;
d.domain_trust_attribs =
- trusts.array[i].trust_attributes;
+ trust->trust_attributes;
wcache_tdc_add_domain( &d );
ret_count++;
@@ -1433,7 +1393,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
"trust flags for domain %s\n",
domain->name, d.alt_name));
- parent = wcache_tdc_fetch_domain(NULL, domain->name);
+ parent = wcache_tdc_fetch_domain(talloc_tos(),
+ domain->name);
if (parent) {
d.domain_flags = parent->trust_flags;
d.domain_type = parent->trust_type;
@@ -1450,8 +1411,6 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
ret_count++;
}
}
- *num_domains = ret_count;
-
return result;
}
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 169824b6b1..ddbd9d9d5b 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2446,18 +2446,10 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
* Guenther */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
NTSTATUS status;
- (*num_domains) = 0;
- (*dom_sids) = NULL;
- (*names) = NULL;
- (*alt_names) = NULL;
-
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
@@ -2466,8 +2458,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
- names, alt_names, dom_sids);
+ status = domain->backend->trusted_domains(domain, mem_ctx, trusts);
/* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
* so that the generic centry handling still applies correctly -
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index c665140647..ac8f1a7dfd 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -148,20 +148,18 @@ done:
enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
struct winbindd_cli_state *state)
{
- uint32 i, num_domains;
- char **names, **alt_names;
- DOM_SID *sids;
+ int i;
int extra_data_len = 0;
char *extra_data;
NTSTATUS result;
bool have_own_domain = False;
+ struct netr_DomainTrustList trusts;
DEBUG(3, ("[%5lu]: list trusted domains\n",
(unsigned long)state->pid));
result = domain->methods->trusted_domains(domain, state->mem_ctx,
- &num_domains, &names,
- &alt_names, &sids);
+ &trusts);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("winbindd_dual_list_trusted_domains: trusted_domains returned %s\n",
@@ -171,45 +169,37 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
extra_data = talloc_strdup(state->mem_ctx, "");
- if (num_domains > 0)
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\\%s\\%s",
- names[0], alt_names[0] ? alt_names[0] : names[0],
- sid_string_talloc(state->mem_ctx, &sids[0]));
-
- for (i=1; i<num_domains; i++)
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\n%s\\%s\\%s",
- extra_data, names[i],
- alt_names[i] ? alt_names[i] : names[i],
- sid_string_talloc(state->mem_ctx, &sids[i]));
+ for (i=0; i<trusts.count; i++) {
+ extra_data = talloc_asprintf_append_buffer(
+ extra_data, "%s\\%s\\%s\n",
+ trusts.array[i].netbios_name,
+ trusts.array[i].dns_name,
+ sid_string_talloc(state->mem_ctx,
+ trusts.array[i].sid));
+ }
/* add our primary domain */
- for (i=0; i<num_domains; i++) {
- if (strequal(names[i], domain->name)) {
+ for (i=0; i<trusts.count; i++) {
+ if (strequal(trusts.array[i].netbios_name, domain->name)) {
have_own_domain = True;
break;
}
}
if (state->request->data.list_all_domains && !have_own_domain) {
- extra_data = talloc_asprintf(
- state->mem_ctx, "%s\n%s\\%s\\%s",
- extra_data, domain->name,
+ extra_data = talloc_asprintf_append_buffer(
+ extra_data, "%s\\%s\\%s\n", domain->name,
domain->alt_name ? domain->alt_name : domain->name,
sid_string_talloc(state->mem_ctx, &domain->sid));
}
- /* This is a bit excessive, but the extra data sooner or later will be
- talloc'ed */
+ extra_data_len = strlen(extra_data);
+ if (extra_data_len > 0) {
- extra_data_len = 0;
- if (extra_data != NULL) {
- extra_data_len = strlen(extra_data);
- }
+ /* Strip the last \n */
+ extra_data[extra_data_len-1] = '\0';
- if (extra_data_len > 0) {
state->response->extra_data.data = extra_data;
state->response->length += extra_data_len+1;
}
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index c23f87dcd5..34b5990a3f 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -398,16 +398,10 @@ static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ TALLOC_CTX *mem_ctx,
+ struct netr_DomainTrustList *trusts)
{
- *num_domains = 0;
- *names = NULL;
- *alt_names = NULL;
- *dom_sids = NULL;
+ ZERO_STRUCTP(trusts);
return NT_STATUS_OK;
}
@@ -649,58 +643,44 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
/* get a list of trusted domains */
static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ TALLOC_CTX *mem_ctx,
+ struct netr_DomainTrustList *trusts)
{
NTSTATUS nt_status;
struct trustdom_info **domains;
int i;
- TALLOC_CTX *tmp_ctx;
-
- *num_domains = 0;
- *names = NULL;
- *alt_names = NULL;
- *dom_sids = NULL;
-
- if (!(tmp_ctx = talloc_init("trusted_domains"))) {
- return NT_STATUS_NO_MEMORY;
- }
- nt_status = pdb_enum_trusteddoms(tmp_ctx, num_domains, &domains);
+ nt_status = pdb_enum_trusteddoms(talloc_tos(), &trusts->count,
+ &domains);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(tmp_ctx);
return nt_status;
}
- if (*num_domains) {
- *names = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
- *alt_names = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
- *dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
+ if (trusts->count == 0) {
+ trusts->array = NULL;
+ return NT_STATUS_OK;
+ }
- if ((*alt_names == NULL) || (*names == NULL) || (*dom_sids == NULL)) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- *names = NULL;
- *alt_names = NULL;
- *dom_sids = NULL;
+ trusts->array = talloc_zero_array(
+ mem_ctx, struct netr_DomainTrust, trusts->count);
+ if (trusts->array == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- for (i=0; i<*num_domains; i++) {
- (*alt_names)[i] = NULL;
- if (!((*names)[i] = talloc_strdup((*names),
- domains[i]->name))) {
- TALLOC_FREE(tmp_ctx);
+ for (i=0; i<trusts->count; i++) {
+ struct dom_sid *sid;
+
+ trusts->array[i].netbios_name = talloc_move(
+ trusts->array, &domains[i]->name);
+ trusts->array[i].dns_name = NULL;
+
+ sid = talloc(trusts->array, struct dom_sid);
+ if (sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sid_copy(&(*dom_sids)[i], &domains[i]->sid);
+ sid_copy(sid, &domains[i]->sid);
+ trusts->array[i].sid = sid;
}
-
- TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index 3efd4a9428..bf6e577f29 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -279,21 +279,15 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
NTSTATUS result;
- result = msrpc_methods.trusted_domains(domain, mem_ctx,
- num_domains, names,
- alt_names, dom_sids);
+ result = msrpc_methods.trusted_domains(domain, mem_ctx, trusts);
if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))
result = msrpc_methods.trusted_domains(domain, mem_ctx,
- num_domains, names,
- alt_names, dom_sids);
+ trusts);
return result;
}
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index b802021f08..ffe488ac71 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -1032,10 +1032,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 enum_ctx = 0;
@@ -1044,10 +1041,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(3,("rpc: trusted_domains\n"));
- *num_domains = 0;
- *names = NULL;
- *alt_names = NULL;
- *dom_sids = NULL;
+ ZERO_STRUCTP(trusts);
result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(result))
@@ -1070,22 +1064,33 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
- start_idx = *num_domains;
- *num_domains += dom_list.count;
- *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
- char *, *num_domains);
- *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
- DOM_SID, *num_domains);
- *alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names,
- char *, *num_domains);
- if ((*names == NULL) || (*dom_sids == NULL) ||
- (*alt_names == NULL))
+ start_idx = trusts->count;
+ trusts->count += dom_list.count;
+
+ trusts->array = talloc_realloc(
+ mem_ctx, trusts->array, struct netr_DomainTrust,
+ trusts->count);
+ if (trusts->array == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
for (i=0; i<dom_list.count; i++) {
- (*names)[start_idx+i] = CONST_DISCARD(char *, dom_list.domains[i].name.string);
- (*dom_sids)[start_idx+i] = *dom_list.domains[i].sid;
- (*alt_names)[start_idx+i] = talloc_strdup(mem_ctx, "");
+ struct netr_DomainTrust *trust = &trusts->array[i];
+ struct dom_sid *sid;
+
+ ZERO_STRUCTP(trust);
+
+ trust->netbios_name = talloc_move(
+ trusts->array,
+ &dom_list.domains[i].name.string);
+ trust->dns_name = NULL;
+
+ sid = talloc(trusts->array, struct dom_sid);
+ if (sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sid_copy(sid, dom_list.domains[i].sid);
+ trust->sid = sid;
}
}
return result;