summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd.h12
-rw-r--r--source3/winbindd/winbindd_async.c20
-rw-r--r--source3/winbindd/winbindd_cache.c83
-rw-r--r--source3/winbindd/winbindd_cm.c39
-rw-r--r--source3/winbindd/winbindd_dual.c33
-rw-r--r--source3/winbindd/winbindd_pam.c33
-rw-r--r--source3/winbindd/winbindd_passdb.c14
-rw-r--r--source3/winbindd/winbindd_reconnect.c4
-rw-r--r--source3/winbindd/winbindd_rpc.c123
-rw-r--r--source3/winbindd/winbindd_util.c6
10 files changed, 210 insertions, 157 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index c4c1278d73..b812d69aeb 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -301,15 +301,15 @@ struct winbindd_methods {
NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
/* return the lockout policy */
- NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
+ NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *lockout_policy);
-
+ struct samr_DomInfo12 *lockout_policy);
+
/* return the lockout policy */
- NTSTATUS (*password_policy)(struct winbindd_domain *domain,
+ NTSTATUS (*password_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *password_policy);
-
+ struct samr_DomInfo1 *password_policy);
+
/* enumerate trusted domains */
NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c
index ab32ee0c76..2ff5ef230d 100644
--- a/source3/winbindd/winbindd_async.c
+++ b/source3/winbindd/winbindd_async.c
@@ -283,9 +283,8 @@ static void lookupname_recv2(TALLOC_CTX *mem_ctx, bool success,
enum lsa_SidType type) =
(void (*)(void *, bool, const DOM_SID *, enum lsa_SidType))c;
DOM_SID sid;
- struct lookupname_state *s = talloc_get_type_abort( private_data,
+ struct lookupname_state *s = talloc_get_type_abort( private_data,
struct lookupname_state );
-
if (!success) {
DEBUG(5, ("Could not trigger lookup_name\n"));
@@ -311,7 +310,7 @@ static void lookupname_recv2(TALLOC_CTX *mem_ctx, bool success,
}
/********************************************************************
- This is the first callback after contacting our own domain
+ This is the first callback after contacting our own domain
********************************************************************/
static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
@@ -322,7 +321,7 @@ static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
enum lsa_SidType type) =
(void (*)(void *, bool, const DOM_SID *, enum lsa_SidType))c;
DOM_SID sid;
- struct lookupname_state *s = talloc_get_type_abort( private_data,
+ struct lookupname_state *s = talloc_get_type_abort( private_data,
struct lookupname_state );
if (!success) {
@@ -334,8 +333,8 @@ static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
if (response->result != WINBINDD_OK) {
/* Try again using the forest root */
struct winbindd_domain *root_domain = find_root_domain();
- struct winbindd_request request;
-
+ struct winbindd_request request;
+
if ( !root_domain ) {
DEBUG(5,("lookupname_recv: unable to determine forest root\n"));
cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
@@ -346,7 +345,7 @@ static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
request.cmd = WINBINDD_LOOKUPNAME;
fstrcpy( request.data.name.dom_name, s->dom_name );
- fstrcpy( request.data.name.name, s->name );
+ fstrcpy( request.data.name.name, s->name );
do_async_domain(mem_ctx, root_domain, &request, lookupname_recv2,
(void *)cont, s);
@@ -381,7 +380,7 @@ void winbindd_lookupname_async(TALLOC_CTX *mem_ctx,
{
struct winbindd_request request;
struct winbindd_domain *domain;
- struct lookupname_state *s;
+ struct lookupname_state *s;
if ( (domain = find_lookup_domain_from_name(dom_name)) == NULL ) {
DEBUG(5, ("Could not find domain for name '%s'\n", dom_name));
@@ -403,6 +402,11 @@ void winbindd_lookupname_async(TALLOC_CTX *mem_ctx,
s->dom_name = talloc_strdup( s, dom_name );
s->name = talloc_strdup( s, name );
+ if (!s->dom_name || !s->name) {
+ cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+ return;
+ }
+
s->caller_private_data = private_data;
do_async_domain(mem_ctx, domain, &request, lookupname_recv,
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c293861492..f235e401e8 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -908,7 +908,9 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI
centry_free(centry);
}
-static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
+static void wcache_save_lockout_policy(struct winbindd_domain *domain,
+ NTSTATUS status,
+ struct samr_DomInfo12 *lockout_policy)
{
struct cache_entry *centry;
@@ -916,18 +918,20 @@ static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS
if (!centry)
return;
- centry_put_nttime(centry, lockout_policy->duration);
- centry_put_nttime(centry, lockout_policy->reset_count);
- centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
+ centry_put_nttime(centry, lockout_policy->lockout_duration);
+ centry_put_nttime(centry, lockout_policy->lockout_window);
+ centry_put_uint16(centry, lockout_policy->lockout_threshold);
centry_end(centry, "LOC_POL/%s", domain->name);
-
+
DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
centry_free(centry);
}
-static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
+static void wcache_save_password_policy(struct winbindd_domain *domain,
+ NTSTATUS status,
+ struct samr_DomInfo1 *policy)
{
struct cache_entry *centry;
@@ -935,14 +939,14 @@ static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS
if (!centry)
return;
- centry_put_uint16(centry, policy->min_length_password);
- centry_put_uint16(centry, policy->password_history);
+ centry_put_uint16(centry, policy->min_password_length);
+ centry_put_uint16(centry, policy->password_history_length);
centry_put_uint32(centry, policy->password_properties);
- centry_put_nttime(centry, policy->expire);
- centry_put_nttime(centry, policy->min_passwordage);
+ centry_put_nttime(centry, policy->max_password_age);
+ centry_put_nttime(centry, policy->min_password_age);
centry_end(centry, "PWD_POL/%s", domain->name);
-
+
DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
centry_free(centry);
@@ -2131,55 +2135,56 @@ skip_save:
/* get lockout policy */
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy){
+ struct samr_DomInfo12 *policy)
+{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
NTSTATUS status;
-
+
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
-
+
if (!centry)
goto do_query;
-
- policy->duration = centry_nttime(centry);
- policy->reset_count = centry_nttime(centry);
- policy->bad_attempt_lockout = centry_uint16(centry);
-
+
+ policy->lockout_duration = centry_nttime(centry);
+ policy->lockout_window = centry_nttime(centry);
+ policy->lockout_threshold = centry_uint16(centry);
+
status = centry->status;
-
+
DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
domain->name, nt_errstr(status) ));
-
+
centry_free(centry);
return status;
-
+
do_query:
ZERO_STRUCTP(policy);
-
+
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
-
- status = domain->backend->lockout_policy(domain, mem_ctx, policy);
-
+
+ status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+
/* and save it */
refresh_sequence_number(domain, false);
wcache_save_lockout_policy(domain, status, policy);
-
+
return status;
}
-
+
/* get password policy */
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
struct winbind_cache *cache = get_cache(domain);
struct cache_entry *centry = NULL;
@@ -2187,17 +2192,17 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
if (!cache->tdb)
goto do_query;
-
+
centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
-
+
if (!centry)
goto do_query;
- policy->min_length_password = centry_uint16(centry);
- policy->password_history = centry_uint16(centry);
+ policy->min_password_length = centry_uint16(centry);
+ policy->password_history_length = centry_uint16(centry);
policy->password_properties = centry_uint32(centry);
- policy->expire = centry_nttime(centry);
- policy->min_passwordage = centry_nttime(centry);
+ policy->max_password_age = centry_nttime(centry);
+ policy->min_password_age = centry_nttime(centry);
status = centry->status;
@@ -2214,11 +2219,11 @@ do_query:
if (!NT_STATUS_IS_OK(domain->last_status))
return domain->last_status;
-
+
DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
- status = domain->backend->password_policy(domain, mem_ctx, policy);
+ status = domain->backend->password_policy(domain, mem_ctx, policy);
/* and save it */
refresh_sequence_number(domain, false);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 66787a0d6d..7bc449c90d 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2109,13 +2109,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
"pipe: user %s\\%s\n", domain->name,
domain_name, machine_account));
- result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &conn->sam_connect_handle);
+ result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
+ conn->samr_pipe->cli->desthost,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
goto open_domain;
}
- DEBUG(10,("cm_connect_sam: ntlmssp-sealed rpccli_samr_connect "
+ DEBUG(10,("cm_connect_sam: ntlmssp-sealed rpccli_samr_Connect2 "
"failed for domain %s, error was %s. Trying schannel\n",
domain->name, nt_errstr(result) ));
cli_rpc_pipe_close(conn->samr_pipe);
@@ -2143,13 +2144,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
DEBUG(10,("cm_connect_sam: connected to SAMR pipe for domain %s using "
"schannel.\n", domain->name ));
- result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &conn->sam_connect_handle);
+ result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
+ conn->samr_pipe->cli->desthost,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &conn->sam_connect_handle);
if (NT_STATUS_IS_OK(result)) {
goto open_domain;
}
- DEBUG(10,("cm_connect_sam: schannel-sealed rpccli_samr_connect failed "
+ DEBUG(10,("cm_connect_sam: schannel-sealed rpccli_samr_Connect2 failed "
"for domain %s, error was %s. Trying anonymous\n",
domain->name, nt_errstr(result) ));
cli_rpc_pipe_close(conn->samr_pipe);
@@ -2165,23 +2167,24 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
goto done;
}
- result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &conn->sam_connect_handle);
+ result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
+ conn->samr_pipe->cli->desthost,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &conn->sam_connect_handle);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("cm_connect_sam: rpccli_samr_connect failed "
+ DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed "
"for domain %s Error was %s\n",
domain->name, nt_errstr(result) ));
goto done;
}
open_domain:
- result = rpccli_samr_open_domain(conn->samr_pipe,
- mem_ctx,
- &conn->sam_connect_handle,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
- &domain->sid,
- &conn->sam_domain_handle);
+ result = rpccli_samr_OpenDomain(conn->samr_pipe,
+ mem_ctx,
+ &conn->sam_connect_handle,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ &domain->sid,
+ &conn->sam_domain_handle);
done:
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 15ca564c6a..2b756b24d1 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -34,20 +34,22 @@
#define DBGC_CLASS DBGC_WINBIND
extern bool override_logfile;
+extern struct winbindd_methods cache_methods;
/* Read some data from a client connection */
static void child_read_request(struct winbindd_cli_state *state)
{
- ssize_t len;
+ NTSTATUS status;
/* Read data */
- len = read_data(state->sock, (char *)&state->request,
- sizeof(state->request), NULL);
+ status = read_data(state->sock, (char *)&state->request,
+ sizeof(state->request));
- if (len != sizeof(state->request)) {
- DEBUG(len > 0 ? 0 : 3, ("Got invalid request length: %d\n", (int)len));
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("child_read_request: read_data failed: %s\n",
+ nt_errstr(status)));
state->finished = True;
return;
}
@@ -71,11 +73,12 @@ static void child_read_request(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.extra_data.data[state->request.extra_len] = '\0';
- len = read_data(state->sock, state->request.extra_data.data,
- state->request.extra_len, NULL);
+ status= read_data(state->sock, state->request.extra_data.data,
+ state->request.extra_len);
- if (len != state->request.extra_len) {
- DEBUG(0, ("Could not read extra data\n"));
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not read extra data: %s\n",
+ nt_errstr(status)));
state->finished = True;
return;
}
@@ -767,7 +770,7 @@ static void account_lockout_policy_handler(struct event_context *ctx,
(struct winbindd_child *)private_data;
TALLOC_CTX *mem_ctx = NULL;
struct winbindd_methods *methods;
- SAM_UNK_INFO_12 lockout_policy;
+ struct samr_DomInfo12 lockout_policy;
NTSTATUS result;
DEBUG(10,("account_lockout_policy_handler called\n"));
@@ -1081,6 +1084,16 @@ static bool fork_domain_child(struct winbindd_child *child)
child);
}
+ /* Special case for Winbindd on a Samba DC,
+ * We want to make sure the child can connect to smbd
+ * but not the main daemon */
+
+ if (child->domain && child->domain->internal && IS_DC) {
+ child->domain->internal = False;
+ child->domain->methods = &cache_methods;
+ child->domain->online = False;
+ }
+
while (1) {
int ret;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 59ca15a623..c1a277f9b5 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -324,7 +324,7 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
if (IS_DC) {
domain = find_domain_from_name_noinit(domain_name);
if (domain == NULL) {
- DEBUG(3, ("Authentication for domain [%s] refused"
+ DEBUG(3, ("Authentication for domain [%s] refused "
"as it is not a trusted domain\n",
domain_name));
}
@@ -370,7 +370,7 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_1 password_policy;
+ struct samr_DomInfo1 password_policy;
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(5,("fillup_password_policy: No inbound trust to "
@@ -386,28 +386,28 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
}
state->response.data.auth.policy.min_length_password =
- password_policy.min_length_password;
+ password_policy.min_password_length;
state->response.data.auth.policy.password_history =
- password_policy.password_history;
+ password_policy.password_history_length;
state->response.data.auth.policy.password_properties =
password_policy.password_properties;
state->response.data.auth.policy.expire =
- nt_time_to_unix_abs(&(password_policy.expire));
- state->response.data.auth.policy.min_passwordage =
- nt_time_to_unix_abs(&(password_policy.min_passwordage));
+ nt_time_to_unix_abs((NTTIME *)&(password_policy.max_password_age));
+ state->response.data.auth.policy.min_passwordage =
+ nt_time_to_unix_abs((NTTIME *)&(password_policy.min_password_age));
return NT_STATUS_OK;
}
static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint16 *max_allowed_bad_attempts)
+ uint16 *lockout_threshold)
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_12 lockout_policy;
+ struct samr_DomInfo12 lockout_policy;
- *max_allowed_bad_attempts = 0;
+ *lockout_threshold = 0;
methods = domain->methods;
@@ -416,7 +416,7 @@ static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain
return status;
}
- *max_allowed_bad_attempts = lockout_policy.bad_attempt_lockout;
+ *lockout_threshold = lockout_policy.lockout_threshold;
return NT_STATUS_OK;
}
@@ -427,7 +427,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
{
struct winbindd_methods *methods;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- SAM_UNK_INFO_1 password_policy;
+ struct samr_DomInfo1 password_policy;
*password_properties = 0;
@@ -1339,10 +1339,11 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
goto done;
}
- status_tmp = rpccli_samr_open_user(samr_pipe, state->mem_ctx,
- &samr_domain_handle,
- MAXIMUM_ALLOWED_ACCESS,
- my_info3->user_rid, &user_pol);
+ status_tmp = rpccli_samr_OpenUser(samr_pipe, state->mem_ctx,
+ &samr_domain_handle,
+ MAXIMUM_ALLOWED_ACCESS,
+ my_info3->user_rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(status_tmp)) {
DEBUG(3, ("could not open user handle on SAMR pipe: %s\n",
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 29db8be857..7c1d7bd71b 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -338,7 +338,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy)
+ struct samr_DomInfo12 *policy)
{
/* actually we have that */
return NT_STATUS_NOT_IMPLEMENTED;
@@ -346,14 +346,14 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
uint32 account_policy_temp;
- if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+ if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -385,8 +385,12 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
- init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist,
- password_properties, nt_expire, nt_min_age);
+ init_samr_DomInfo1(policy,
+ (uint16)min_pass_len,
+ (uint16)pass_hist,
+ password_properties,
+ nt_expire,
+ nt_min_age);
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index a1f96a0359..25debccc5a 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -247,7 +247,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* find the lockout policy of a domain */
static NTSTATUS lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *policy)
+ struct samr_DomInfo12 *policy)
{
NTSTATUS result;
@@ -262,7 +262,7 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
/* find the password policy of a domain */
static NTSTATUS password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *policy)
+ struct samr_DomInfo1 *policy)
{
NTSTATUS result;
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 47a8d430b2..98e4077a4d 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -469,9 +469,11 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
return result;
/* Get user handle */
- result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid,
- &user_pol);
+ result = rpccli_samr_OpenUser(cli, mem_ctx,
+ &dom_pol,
+ SEC_RIGHTS_MAXIMUM_ALLOWED,
+ user_rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -545,8 +547,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
return result;
/* Get user handle */
- result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol,
- des_access, user_rid, &user_pol);
+ result = rpccli_samr_OpenUser(cli, mem_ctx,
+ &dom_pol,
+ des_access,
+ user_rid,
+ &user_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -580,11 +585,10 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
POLICY_HND dom_pol;
- DOM_SID2 *query_sids;
uint32 num_query_sids = 0;
int i;
struct rpc_pipe_client *cli;
- uint32 *alias_rids_query, num_aliases_query;
+ struct samr_Ids alias_rids_query;
int rangesize = MAX_SAM_ENTRIES_W2K;
uint32 total_sids = 0;
int num_queries = 1;
@@ -606,6 +610,9 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
do {
/* prepare query */
+ struct lsa_SidArray sid_array;
+
+ ZERO_STRUCT(sid_array);
num_query_sids = MIN(num_sids - total_sids, rangesize);
@@ -613,45 +620,48 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
num_queries, num_query_sids));
if (num_query_sids) {
- query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids);
- if (query_sids == NULL) {
+ sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_query_sids);
+ if (sid_array.sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
} else {
- query_sids = NULL;
+ sid_array.sids = NULL;
}
for (i=0; i<num_query_sids; i++) {
- sid_copy(&query_sids[i].sid, &sids[total_sids++]);
- query_sids[i].num_auths = query_sids[i].sid.num_auths;
+ sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[total_sids++]);
+ if (sid_array.sids[i].sid) {
+ TALLOC_FREE(sid_array.sids);
+ return NT_STATUS_NO_MEMORY;
+ }
}
+ sid_array.num_sids = num_query_sids;
/* do request */
-
- result = rpccli_samr_query_useraliases(cli, mem_ctx, &dom_pol,
- num_query_sids, query_sids,
- &num_aliases_query,
- &alias_rids_query);
+ result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
+ &dom_pol,
+ &sid_array,
+ &alias_rids_query);
if (!NT_STATUS_IS_OK(result)) {
*num_aliases = 0;
*alias_rids = NULL;
- TALLOC_FREE(query_sids);
+ TALLOC_FREE(sid_array.sids);
goto done;
}
/* process output */
- for (i=0; i<num_aliases_query; i++) {
+ for (i=0; i<alias_rids_query.count; i++) {
size_t na = *num_aliases;
- if (!add_rid_to_array_unique(mem_ctx, alias_rids_query[i],
+ if (!add_rid_to_array_unique(mem_ctx, alias_rids_query.ids[i],
alias_rids, &na)) {
return NT_STATUS_NO_MEMORY;
}
*num_aliases = na;
}
- TALLOC_FREE(query_sids);
+ TALLOC_FREE(sid_array.sids);
num_queries++;
@@ -681,6 +691,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
unsigned int j;
struct rpc_pipe_client *cli;
unsigned int orig_timeout;
+ struct samr_RidTypeArray *rids = NULL;
DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name,
sid_string_dbg(group_sid)));
@@ -700,8 +711,11 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result))
return result;
- result = rpccli_samr_open_group(cli, mem_ctx, &dom_pol,
- des_access, group_rid, &group_pol);
+ result = rpccli_samr_OpenGroup(cli, mem_ctx,
+ &dom_pol,
+ des_access,
+ group_rid,
+ &group_pol);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -714,9 +728,9 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
orig_timeout = cli_set_timeout(cli->cli, 35000);
- result = rpccli_samr_query_groupmem(cli, mem_ctx,
- &group_pol, num_names, &rid_mem,
- name_types);
+ result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
+ &group_pol,
+ &rids);
/* And restore our original timeout. */
cli_set_timeout(cli->cli, orig_timeout);
@@ -726,6 +740,9 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result))
return result;
+ *num_names = rids->count;
+ rid_mem = rids->rids;
+
if (!*num_names) {
names = NULL;
name_types = NULL;
@@ -867,7 +884,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
{
TALLOC_CTX *mem_ctx;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
NTSTATUS result;
POLICY_HND dom_pol;
bool got_seq_num = False;
@@ -918,21 +935,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* Query domain info */
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 8,
+ &info);
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf8.seq_num;
+ *seq = info->info8.sequence_num;
got_seq_num = True;
goto seq_num;
}
/* retry with info-level 2 in case the dc does not support info-level 8
- * (like all older samba2 and samba3 dc's - Guenther */
+ * (like all older samba2 and samba3 dc's) - Guenther */
+
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 2,
+ &info);
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr);
-
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf2.seq_num;
+ *seq = info->info2.sequence_num;
got_seq_num = True;
}
@@ -1016,14 +1039,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
}
/* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
+NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_12 *lockout_policy)
+ struct samr_DomInfo12 *lockout_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
POLICY_HND dom_pol;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name));
@@ -1038,15 +1061,18 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
goto done;
}
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 12,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- *lockout_policy = ctr.info.inf12;
+ *lockout_policy = info->info12;
- DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n",
- ctr.info.inf12.bad_attempt_lockout));
+ DEBUG(10,("msrpc_lockout_policy: lockout_threshold %d\n",
+ info->info12.lockout_threshold));
done:
@@ -1054,14 +1080,14 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
}
/* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
+NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- SAM_UNK_INFO_1 *password_policy)
+ struct samr_DomInfo1 *password_policy)
{
NTSTATUS result;
struct rpc_pipe_client *cli;
POLICY_HND dom_pol;
- SAM_UNK_CTR ctr;
+ union samr_DomainInfo *info = NULL;
DEBUG(10,("rpc: fetch password policy for %s\n", domain->name));
@@ -1076,15 +1102,18 @@ NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
goto done;
}
- result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr);
+ result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+ &dom_pol,
+ 1,
+ &info);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- *password_policy = ctr.info.inf1;
+ *password_policy = info->info1;
- DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
- ctr.info.inf1.min_length_password));
+ DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
+ info->info1.min_password_length));
done:
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 10779cd60a..7933ecf63e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -82,9 +82,6 @@ static bool is_internal_domain(const DOM_SID *sid)
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_builtin(sid);
-
return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
}
@@ -93,9 +90,6 @@ static bool is_in_internal_domain(const DOM_SID *sid)
if (sid == NULL)
return False;
- if ( IS_DC )
- return sid_check_is_in_builtin(sid);
-
return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
}