diff options
Diffstat (limited to 'source3')
29 files changed, 331 insertions, 774 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 08a0c14311..bcffe0d0e4 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -278,8 +278,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ librpc/gen_ndr/ndr_samr.o \ librpc/gen_ndr/ndr_dssetup.o \ librpc/gen_ndr/ndr_notify.o \ - librpc/gen_ndr/ndr_xattr.o \ - librpc/gen_ndr/ndr_libnet_join.o + librpc/gen_ndr/ndr_xattr.o RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o @@ -368,7 +367,7 @@ LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \ libads/krb5_setpw.o libads/ldap_user.o \ libads/ads_struct.o libads/kerberos_keytab.o \ libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \ - libads/cldap.o libads/ldap_schema.o libads/util.o + libads/cldap.o libads/ldap_schema.o libads/util.o libads/ndr.o LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o @@ -397,7 +396,7 @@ RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \ $(RPC_CLIENT_OBJ1) rpc_client/cli_reg.o $(RPC_CLIENT_OBJ) \ rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \ - rpc_client/cli_ds.o rpc_client/cli_svcctl.o + rpc_client/cli_svcctl.o LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \ librpc/gen_ndr/cli_dfs.o \ @@ -507,7 +506,7 @@ RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) RPC_PARSE_OBJ = rpc_parse/parse_lsa.o $(RPC_PARSE_OBJ2) \ rpc_parse/parse_samr.o \ - rpc_parse/parse_ds.o rpc_parse/parse_spoolss.o \ + rpc_parse/parse_spoolss.o \ rpc_parse/parse_eventlog.o rpc_parse/parse_buffer.o \ rpc_parse/parse_ntsvcs.o rpc_parse/parse_svcctl.o $(REGOBJS_OBJ) @@ -715,7 +714,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \ rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ rpcclient/cmd_dfs.o \ - rpcclient/cmd_ds.o rpcclient/cmd_echo.o \ + rpcclient/cmd_dssetup.o rpcclient/cmd_echo.o \ rpcclient/cmd_shutdown.o rpcclient/cmd_test.o \ rpcclient/cmd_wkssvc.o \ $(DISPLAY_SEC_OBJ) $(DISPLAY_DSDCINFO_OBJ) @@ -773,7 +772,8 @@ LIBNETAPI_OBJ = $(LIBNETAPI_OBJ1) $(LIBNET_OBJ) \ $(SECRETS_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ) \ $(DCUTIL_OBJ) $(LIBADS_OBJ) -LIBNET_OBJ = libnet/libnet_conf.o libnet/libnet_join.o +LIBNET_OBJ = libnet/libnet_conf.o libnet/libnet_join.o \ + librpc/gen_ndr/ndr_libnet_join.o NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_domain.o utils/net_help.o \ utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \ diff --git a/source3/include/ads.h b/source3/include/ads.h index a75eaf80fc..d1047bbdc2 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -396,4 +396,11 @@ typedef struct { #define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" +/* Settings for the domainFunctionality attribute in the rootDSE */ + +#define DS_DOMAIN_FUNCTION_2000 0 +#define DS_DOMAIN_FUCNTION_2003_MIXED 1 +#define DS_DOMAIN_FUNCTION_2003 2 +#define DS_DOMAIN_FUNCTION_2008 3 + #endif /* _INCLUDE_ADS_H_ */ diff --git a/source3/include/includes.h b/source3/include/includes.h index c6d0885ad9..b7fcc10ab1 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -698,7 +698,6 @@ typedef char fstring[FSTRING_LEN]; #include "rpc_srvsvc.h" #include "rpc_spoolss.h" #include "rpc_eventlog.h" -#include "rpc_ds.h" #include "rpc_perfcount.h" #include "rpc_perfcount_defs.h" #include "librpc/gen_ndr/notify.h" diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h deleted file mode 100644 index 0278b61d89..0000000000 --- a/source3/include/rpc_ds.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB parameters and setup - Copyright (C) Gerald Carter 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef _RPC_DS_H /* _RPC_LSA_H */ -#define _RPC_DS_H - -/* Opcodes available on PIPE_NETLOGON */ - -#define DS_ENUM_DOM_TRUSTS 0x28 - -/* Settings for the domainFunctionality attribute in the rootDSE */ - -#define DS_DOMAIN_FUNCTION_2000 0 -#define DS_DOMAIN_FUCNTION_2003_MIXED 1 -#define DS_DOMAIN_FUNCTION_2003 2 - -typedef struct { - /* static portion of structure */ - uint32 netbios_ptr; - uint32 dns_ptr; - uint32 flags; - uint32 parent_index; - uint32 trust_type; - uint32 trust_attributes; - uint32 sid_ptr; - struct GUID guid; - - UNISTR2 netbios_domain; - UNISTR2 dns_domain; - DOM_SID2 sid; - -} DS_DOMAIN_TRUSTS; - -struct ds_domain_trust { - /* static portion of structure */ - uint32 flags; - uint32 parent_index; - uint32 trust_type; - uint32 trust_attributes; - struct GUID guid; - - DOM_SID sid; - char *netbios_domain; - char *dns_domain; -}; - -typedef struct { - - uint32 ptr; - uint32 max_count; - DS_DOMAIN_TRUSTS *trusts; - -} DS_DOMAIN_TRUSTS_CTR; - -/* Trust flags */ - -#define DS_DOMAIN_IN_FOREST 0x0001 /* domains in the forest to which - we belong; even different domain trees */ -#define DS_DOMAIN_DIRECT_OUTBOUND 0x0002 /* trusted domains */ -#define DS_DOMAIN_TREE_ROOT 0x0004 /* root of a forest */ -#define DS_DOMAIN_PRIMARY 0x0008 /* our domain */ -#define DS_DOMAIN_NATIVE_MODE 0x0010 /* native mode AD servers */ -#define DS_DOMAIN_DIRECT_INBOUND 0x0020 /* trusting domains */ - -/* Trust types */ - -#define DS_DOMAIN_TRUST_TYPE_DOWNLEVEL 0x00000001 -#define DS_DOMAIN_TRUST_TYPE_UPLEVEL 0x00000002 - -/* Trust attributes */ - -#define DS_DOMAIN_TRUST_ATTRIB_NON_TRANSITIVE 0x00000001 -#define DS_DOMAIN_TRUST_ATTRIB_UPLEVEL_ONLY 0x00000002 -#define DS_DOMAIN_TRUST_ATTRIB_QUARANTINED_DOMAIN 0x00000004 -#define DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE 0x00000008 -#define DS_DOMAIN_TRUST_ATTRIB_CROSS_ORG 0x00000010 -#define DS_DOMAIN_TRUST_ATTRIB_IN_FOREST 0x00000020 -#define DS_DOMAIN_TRUST_ATTRIB_EXTERNAL 0x00000040 - - - -/* DS_Q_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() request */ -typedef struct -{ - uint32 server_ptr; - UNISTR2 server; - uint32 flags; - -} DS_Q_ENUM_DOM_TRUSTS; - -/* DS_R_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() response */ -typedef struct -{ - uint32 num_domains; - DS_DOMAIN_TRUSTS_CTR domains; - - NTSTATUS status; - -} DS_R_ENUM_DOM_TRUSTS; - - -#endif /* _RPC_DS_H */ diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index 133aff3dd8..55f334b5e1 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -52,7 +52,7 @@ static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx, uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_WRITABLE_REQUIRED | DS_RETURN_DNS_NAME; - status = dsgetdcname(mem_ctx, NULL, domain_name, + status = dsgetdcname(mem_ctx, domain_name, NULL, NULL, flags, &info); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(mem_ctx, @@ -261,7 +261,7 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, } else { domain = lp_workgroup(); } - status = dsgetdcname(mem_ctx, NULL, domain, + status = dsgetdcname(mem_ctx, domain, NULL, NULL, flags, &info); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(mem_ctx, @@ -566,7 +566,7 @@ static WERROR NetGetJoinableOUsLocal(struct libnetapi_ctx *ctx, uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_RETURN_DNS_NAME; - status = dsgetdcname(ctx, NULL, domain, + status = dsgetdcname(ctx, domain, NULL, NULL, flags, &info); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(ctx, "%s", diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c new file mode 100644 index 0000000000..6324a22041 --- /dev/null +++ b/source3/libads/ndr.c @@ -0,0 +1,118 @@ +/* + Unix SMB/CIFS implementation. + + debug print helpers + + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r) +{ + ndr_print_uint32(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_DISABLE_KERBEROS", ADS_AUTH_DISABLE_KERBEROS, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_NO_BIND", ADS_AUTH_NO_BIND, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ANON_BIND", ADS_AUTH_ANON_BIND, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SIMPLE_BIND", ADS_AUTH_SIMPLE_BIND, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ALLOW_NTLMSSP", ADS_AUTH_ALLOW_NTLMSSP, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SIGN", ADS_AUTH_SASL_SIGN, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SEAL", ADS_AUTH_SASL_SEAL, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_FORCE", ADS_AUTH_SASL_FORCE, r); + ndr->depth--; +} + +void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r) +{ + if (!r) { return; } + + ndr_print_struct(ndr, name, "ads_struct"); + ndr->depth++; + ndr_print_bool(ndr, "is_mine", r->is_mine); + ndr_print_struct(ndr, name, "server"); + ndr->depth++; + ndr_print_string(ndr, "realm", r->server.realm); + ndr_print_string(ndr, "workgroup", r->server.workgroup); + ndr_print_string(ndr, "ldap_server", r->server.ldap_server); + ndr_print_bool(ndr, "foreign", r->server.foreign); + ndr->depth--; + ndr_print_struct(ndr, name, "auth"); + ndr->depth++; + ndr_print_string(ndr, "realm", r->auth.realm); +#ifdef DEBUG_PASSWORD + ndr_print_string(ndr, "password", r->auth.password); +#else + ndr_print_string(ndr, "password", "(PASSWORD ommited)"); +#endif + ndr_print_string(ndr, "user_name", r->auth.user_name); + ndr_print_string(ndr, "kdc_server", r->auth.kdc_server); + ndr_print_ads_auth_flags(ndr, "flags", r->auth.flags); + ndr_print_uint32(ndr, "time_offset", r->auth.time_offset); + ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire); + ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire); + ndr_print_time_t(ndr, "renewable", r->auth.renewable); + ndr->depth--; + ndr_print_struct(ndr, name, "config"); + ndr->depth++; + ndr_print_netr_DsR_DcFlags(ndr, "flags", r->config.flags); + ndr_print_string(ndr, "realm", r->config.realm); + ndr_print_string(ndr, "bind_path", r->config.bind_path); + ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name); + ndr_print_string(ndr, "server_site_name", r->config.server_site_name); + ndr_print_string(ndr, "client_site_name", r->config.client_site_name); + ndr_print_time_t(ndr, "current_time", r->config.current_time); + ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc); + ndr_print_string(ndr, "schema_path", r->config.schema_path); + ndr_print_string(ndr, "config_path", r->config.config_path); + ndr->depth--; +#ifdef HAVE_LDAP + ndr_print_struct(ndr, name, "ldap"); + ndr->depth++; + ndr_print_ptr(ndr, "ld", r->ldap.ld); + ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss); + ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt); + ndr_print_uint32(ndr, "port", r->ldap.port); + ndr_print_uint16(ndr, "wrap_type", r->ldap.wrap_type); +#ifdef HAVE_LDAP_SASL_WRAPPING + ndr_print_ptr(ndr, "sbiod", r->ldap.sbiod); +#endif /* HAVE_LDAP_SASL_WRAPPING */ + ndr_print_ptr(ndr, "mem_ctx", r->ldap.mem_ctx); + ndr_print_ptr(ndr, "wrap_ops", r->ldap.wrap_ops); + ndr_print_ptr(ndr, "wrap_private_data", r->ldap.wrap_private_data); + ndr_print_struct(ndr, name, "in"); + ndr->depth++; + ndr_print_uint32(ndr, "ofs", r->ldap.in.ofs); + ndr_print_uint32(ndr, "needed", r->ldap.in.needed); + ndr_print_uint32(ndr, "left", r->ldap.in.left); + ndr_print_uint32(ndr, "max_wrapped", r->ldap.in.max_wrapped); + ndr_print_uint32(ndr, "min_wrapped", r->ldap.in.min_wrapped); + ndr_print_uint32(ndr, "size", r->ldap.in.size); + ndr_print_array_uint8(ndr, "buf", r->ldap.in.buf, r->ldap.in.size); + ndr->depth--; + ndr_print_struct(ndr, name, "out"); + ndr->depth++; + ndr_print_uint32(ndr, "ofs", r->ldap.out.ofs); + ndr_print_uint32(ndr, "left", r->ldap.out.left); + ndr_print_uint32(ndr, "max_unwrapped", r->ldap.out.max_unwrapped); + ndr_print_uint32(ndr, "sig_size", r->ldap.out.sig_size); + ndr_print_uint32(ndr, "size", r->ldap.out.size); + ndr_print_array_uint8(ndr, "buf", r->ldap.out.buf, r->ldap.out.size); + ndr->depth--; + ndr->depth--; +#endif /* HAVE_LDAP */ + ndr->depth--; +} diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f83e0fbb60..3c6cea31bb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1173,7 +1173,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, if (!r->in.dc_name) { struct DS_DOMAIN_CONTROLLER_INFO *info; status = dsgetdcname(mem_ctx, - NULL, r->in.domain_name, NULL, NULL, @@ -1301,7 +1300,6 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, if (!r->in.dc_name) { struct DS_DOMAIN_CONTROLLER_INFO *info; status = dsgetdcname(mem_ctx, - NULL, r->in.domain_name, NULL, NULL, diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl index f485f8e26e..30b1119067 100644 --- a/source3/librpc/idl/netlogon.idl +++ b/source3/librpc/idl/netlogon.idl @@ -918,8 +918,7 @@ interface netlogon /*****************/ /* Function 0x14 */ - /* two unkown bits still: DS_IP_VERSION_AGNOSTIC and - * DS_TRY_NEXTCLOSEST_SITE - Guenther */ + /* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/ typedef [bitmap32bit] bitmap { DS_FORCE_REDISCOVERY = 0x00000001, @@ -937,6 +936,8 @@ interface netlogon DS_ONLY_LDAP_NEEDED = 0x00008000, DS_IS_FLAT_NAME = 0x00010000, DS_IS_DNS_NAME = 0x00020000, + DS_TRY_NEXTCLOSEST_SITE = 0x00040000, + DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000, DS_RETURN_DNS_NAME = 0x40000000, DS_RETURN_FLAT_NAME = 0x80000000 } netr_DsRGetDCName_flags; @@ -947,19 +948,21 @@ interface netlogon } netr_DsRGetDCNameInfo_AddressType; typedef [bitmap32bit] bitmap { - DS_SERVER_PDC = 0x00000001 /* NBT_SERVER_PDC */, - DS_SERVER_GC = 0x00000004 /* NBT_SERVER_GC */, - DS_SERVER_LDAP = 0x00000008 /* NBT_SERVER_LDAP */, - DS_SERVER_DS = 0x00000010 /* NBT_SERVER_DS */, - DS_SERVER_KDC = 0x00000020 /* NBT_SERVER_KDC */, - DS_SERVER_TIMESERV = 0x00000040 /* NBT_SERVER_TIMESERV */, - DS_SERVER_CLOSEST = 0x00000080 /* NBT_SERVER_CLOSEST */, - DS_SERVER_WRITABLE = 0x00000100 /* NBT_SERVER_WRITABLE */, - DS_SERVER_GOOD_TIMESERV = 0x00000200 /* NBT_SERVER_GOOD_TIMESERV */, - DS_SERVER_NDNC = 0x00000400, - DS_DNS_CONTROLLER = 0x20000000, - DS_DNS_DOMAIN = 0x40000000, - DS_DNS_FOREST = 0x80000000 + DS_SERVER_PDC = 0x00000001 /* NBT_SERVER_PDC */, + DS_SERVER_GC = 0x00000004 /* NBT_SERVER_GC */, + DS_SERVER_LDAP = 0x00000008 /* NBT_SERVER_LDAP */, + DS_SERVER_DS = 0x00000010 /* NBT_SERVER_DS */, + DS_SERVER_KDC = 0x00000020 /* NBT_SERVER_KDC */, + DS_SERVER_TIMESERV = 0x00000040 /* NBT_SERVER_TIMESERV */, + DS_SERVER_CLOSEST = 0x00000080 /* NBT_SERVER_CLOSEST */, + DS_SERVER_WRITABLE = 0x00000100 /* NBT_SERVER_WRITABLE */, + DS_SERVER_GOOD_TIMESERV = 0x00000200 /* NBT_SERVER_GOOD_TIMESERV */, + DS_SERVER_NDNC = 0x00000400, + DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800, + DS_SERVER_FULL_SECRET_DOMAIN_6 = 0x00001000, + DS_DNS_CONTROLLER = 0x20000000, + DS_DNS_DOMAIN = 0x40000000, + DS_DNS_FOREST = 0x80000000 } netr_DsR_DcFlags; typedef struct { diff --git a/source3/librpc/ndr/ndr_misc.c b/source3/librpc/ndr/ndr_misc.c index c806298ce5..79761b9251 100644 --- a/source3/librpc/ndr/ndr_misc.c +++ b/source3/librpc/ndr/ndr_misc.c @@ -85,84 +85,3 @@ void ndr_print_server_id(struct ndr_print *ndr, const char *name, const struct s #endif ndr->depth--; } - -void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r) -{ - if (!r) { return; } - - ndr_print_struct(ndr, name, "ads_struct"); - ndr->depth++; - ndr_print_bool(ndr, "is_mine", r->is_mine); - ndr_print_struct(ndr, name, "server"); - ndr->depth++; - ndr_print_string(ndr, "realm", r->server.realm); - ndr_print_string(ndr, "workgroup", r->server.workgroup); - ndr_print_string(ndr, "ldap_server", r->server.ldap_server); - ndr_print_bool(ndr, "foreign", r->server.foreign); - ndr->depth--; - ndr_print_struct(ndr, name, "auth"); - ndr->depth++; - ndr_print_string(ndr, "realm", r->auth.realm); -#ifdef DEBUG_PASSWORD - ndr_print_string(ndr, "password", r->auth.password); -#else - ndr_print_string(ndr, "password", "(PASSWORD ommited)"); -#endif - ndr_print_string(ndr, "user_name", r->auth.user_name); - ndr_print_string(ndr, "kdc_server", r->auth.kdc_server); - ndr_print_uint32(ndr, "flags", r->auth.flags); - ndr_print_uint32(ndr, "time_offset", r->auth.time_offset); - ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire); - ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire); - ndr_print_time_t(ndr, "renewable", r->auth.renewable); - ndr->depth--; - ndr_print_struct(ndr, name, "config"); - ndr->depth++; - ndr_print_uint32(ndr, "flags", r->config.flags); - ndr_print_string(ndr, "realm", r->config.realm); - ndr_print_string(ndr, "bind_path", r->config.bind_path); - ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name); - ndr_print_string(ndr, "server_site_name", r->config.server_site_name); - ndr_print_string(ndr, "client_site_name", r->config.client_site_name); - ndr_print_time_t(ndr, "current_time", r->config.current_time); - ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc); - ndr_print_string(ndr, "schema_path", r->config.schema_path); - ndr_print_string(ndr, "config_path", r->config.config_path); - ndr->depth--; -#ifdef HAVE_LDAP - ndr_print_struct(ndr, name, "ldap"); - ndr->depth++; - ndr_print_ptr(ndr, "ld", r->ldap.ld); - ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss); - ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt); - ndr_print_uint32(ndr, "port", r->ldap.port); - ndr_print_uint16(ndr, "wrap_type", r->ldap.wrap_type); -#ifdef HAVE_LDAP_SASL_WRAPPING - ndr_print_ptr(ndr, "sbiod", r->ldap.sbiod); -#endif /* HAVE_LDAP_SASL_WRAPPING */ - ndr_print_ptr(ndr, "mem_ctx", r->ldap.mem_ctx); - ndr_print_ptr(ndr, "wrap_ops", r->ldap.wrap_ops); - ndr_print_ptr(ndr, "wrap_private_data", r->ldap.wrap_private_data); - ndr_print_struct(ndr, name, "in"); - ndr->depth++; - ndr_print_uint32(ndr, "ofs", r->ldap.in.ofs); - ndr_print_uint32(ndr, "needed", r->ldap.in.needed); - ndr_print_uint32(ndr, "left", r->ldap.in.left); - ndr_print_uint32(ndr, "max_wrapped", r->ldap.in.max_wrapped); - ndr_print_uint32(ndr, "min_wrapped", r->ldap.in.min_wrapped); - ndr_print_uint32(ndr, "size", r->ldap.in.size); - ndr_print_array_uint8(ndr, "buf", r->ldap.in.buf, r->ldap.in.size); - ndr->depth--; - ndr_print_struct(ndr, name, "out"); - ndr->depth++; - ndr_print_uint32(ndr, "ofs", r->ldap.out.ofs); - ndr_print_uint32(ndr, "left", r->ldap.out.left); - ndr_print_uint32(ndr, "max_unwrapped", r->ldap.out.max_unwrapped); - ndr_print_uint32(ndr, "sig_size", r->ldap.out.sig_size); - ndr_print_uint32(ndr, "size", r->ldap.out.size); - ndr_print_array_uint8(ndr, "buf", r->ldap.out.buf, r->ldap.out.size); - ndr->depth--; - ndr->depth--; -#endif /* HAVE_LDAP */ - ndr->depth--; -} diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 2a66d51400..e0be76cc85 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -891,72 +891,27 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx, } /******************************************************************** -********************************************************************/ - -NTSTATUS dsgetdcname_remote(TALLOC_CTX *mem_ctx, - const char *computer_name, - const char *domain_name, - struct GUID *domain_guid, - const char *site_name, - uint32_t flags, - struct DS_DOMAIN_CONTROLLER_INFO **info) -{ - WERROR werr; - NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; - struct cli_state *cli = NULL; - struct rpc_pipe_client *pipe_cli = NULL; - - status = cli_full_connection(&cli, NULL, computer_name, - NULL, 0, - "IPC$", "IPC", - "", - "", - "", - 0, Undefined, NULL); - - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, - &status); - if (!pipe_cli) { - goto done; - } - - werr = rpccli_netlogon_dsr_getdcname(pipe_cli, - mem_ctx, - computer_name, - domain_name, - domain_guid, - NULL, - flags, - info); - status = werror_to_ntstatus(werr); - - done: - cli_rpc_pipe_close(pipe_cli); - if (cli) { - cli_shutdown(cli); - } - - return status; -} + dsgetdcname. -/******************************************************************** + This will be the only public function here. ********************************************************************/ -NTSTATUS dsgetdcname_local(TALLOC_CTX *mem_ctx, - const char *computer_name, - const char *domain_name, - struct GUID *domain_guid, - const char *site_name, - uint32_t flags, - struct DS_DOMAIN_CONTROLLER_INFO **info) +NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, + const char *domain_name, + struct GUID *domain_guid, + const char *site_name, + uint32_t flags, + struct DS_DOMAIN_CONTROLLER_INFO **info) { NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; struct DS_DOMAIN_CONTROLLER_INFO *myinfo = NULL; + DEBUG(10,("dsgetdcname: domain_name: %s, " + "domain_guid: %s, site_name: %s, flags: 0x%08x\n", + domain_name, + domain_guid ? GUID_string(mem_ctx, domain_guid) : "(null)", + site_name, flags)); + *info = NULL; if (!check_allowed_required_flags(flags)) { @@ -991,44 +946,3 @@ NTSTATUS dsgetdcname_local(TALLOC_CTX *mem_ctx, return status; } - -/******************************************************************** - dsgetdcname. - - This will be the only public function here. -********************************************************************/ - -NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, - const char *computer_name, - const char *domain_name, - struct GUID *domain_guid, - const char *site_name, - uint32_t flags, - struct DS_DOMAIN_CONTROLLER_INFO **info) -{ - DEBUG(10,("dsgetdcname: computer_name: %s, domain_name: %s, " - "domain_guid: %s, site_name: %s, flags: 0x%08x\n", - computer_name, domain_name, - domain_guid ? GUID_string(mem_ctx, domain_guid) : "(null)", - site_name, flags)); - - *info = NULL; - - if (computer_name) { - return dsgetdcname_remote(mem_ctx, - computer_name, - domain_name, - domain_guid, - site_name, - flags, - info); - } - - return dsgetdcname_local(mem_ctx, - computer_name, - domain_name, - domain_guid, - site_name, - flags, - info); -} diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index b24e198bc5..b7febcce0c 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -209,16 +209,16 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp) struct winbindd_request request; struct winbindd_response response; - if (!name || !grp) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialize request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!name || !grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + /* dst is already null terminated from the memset above */ strncpy(request.data.groupname, name, sizeof(request.data.groupname)-1); @@ -254,16 +254,16 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) struct winbindd_request request; struct winbindd_response response; - if (!grp) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialize request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!grp) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + request.data.gid = gid; wbc_status = wbcRequestResponse(WINBINDD_GETGRGID, diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index f5f553c4c6..0519d8bf9f 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -311,16 +311,16 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, char *domain_name = NULL; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - if (!dom_sid || (num_rids == 0)) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - /* Initialise request */ ZERO_STRUCT(request); ZERO_STRUCT(response); + if (!dom_sid || (num_rids == 0)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + wbc_status = wbcSidToString(dom_sid, &sid_string); BAIL_ON_WBC_ERROR(wbc_status); diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 42a9943523..304e49cf55 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -59,11 +59,7 @@ wbcErr wbcRequestResponse(int cmd, wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; NSS_STATUS nss_status; - if (!request || !response) { - wbc_status = WBC_ERR_INVALID_PARAM; - BAIL_ON_WBC_ERROR(wbc_status); - } - + /* for some calls the request and/or response cna be NULL */ nss_status = winbindd_request_response(cmd, request, response); diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c deleted file mode 100644 index c9724dec7b..0000000000 --- a/source3/rpc_client/cli_ds.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - Copyright (C) Gerald Carter 2002, - Copyright (C) Jeremy Allison 2005. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" - -/* implementations of client side DsXXX() functions */ - -/******************************************************************** - Enumerate trusted domains in an AD forest -********************************************************************/ - -NTSTATUS rpccli_ds_enum_domain_trusts(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *server, uint32 flags, - struct ds_domain_trust **trusts, - uint32 *num_domains) -{ - prs_struct qbuf, rbuf; - DS_Q_ENUM_DOM_TRUSTS q; - DS_R_ENUM_DOM_TRUSTS r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - init_q_ds_enum_domain_trusts( &q, server, flags ); - - CLI_DO_RPC( cli, mem_ctx, PI_NETLOGON, DS_ENUM_DOM_TRUSTS, - q, r, - qbuf, rbuf, - ds_io_q_enum_domain_trusts, - ds_io_r_enum_domain_trusts, - NT_STATUS_UNSUCCESSFUL); - - result = r.status; - - if ( NT_STATUS_IS_OK(result) ) { - int i; - - *num_domains = r.num_domains; - if (r.num_domains) { - *trusts = TALLOC_ARRAY(mem_ctx, struct ds_domain_trust, r.num_domains); - - if (*trusts == NULL) { - return NT_STATUS_NO_MEMORY; - } - } else { - *trusts = NULL; - } - - for ( i=0; i< *num_domains; i++ ) { - (*trusts)[i].flags = r.domains.trusts[i].flags; - (*trusts)[i].parent_index = r.domains.trusts[i].parent_index; - (*trusts)[i].trust_type = r.domains.trusts[i].trust_type; - (*trusts)[i].trust_attributes = r.domains.trusts[i].trust_attributes; - (*trusts)[i].guid = r.domains.trusts[i].guid; - - if (r.domains.trusts[i].sid_ptr) { - sid_copy(&(*trusts)[i].sid, &r.domains.trusts[i].sid.sid); - } else { - ZERO_STRUCT((*trusts)[i].sid); - } - - if (r.domains.trusts[i].netbios_ptr) { - (*trusts)[i].netbios_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].netbios_domain ); - } else { - (*trusts)[i].netbios_domain = NULL; - } - - if (r.domains.trusts[i].dns_ptr) { - (*trusts)[i].dns_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].dns_domain ); - } else { - (*trusts)[i].dns_domain = NULL; - } - } - } - - return result; -} diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c deleted file mode 100644 index 3cf4156278..0000000000 --- a/source3/rpc_parse/parse_ds.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - - * Copyright (C) Gerald Carter 2002-2003 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" - -/************************************************************************ - initialize a DS_ENUM_DOM_TRUSTS structure -************************************************************************/ - -bool init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server, uint32 flags ) -{ - q->flags = flags; - - if ( server && *server ) - q->server_ptr = 1; - else - q->server_ptr = 0; - - init_unistr2( &q->server, server, UNI_STR_TERMINATE); - - return True; -} - -/************************************************************************ -************************************************************************/ - -static bool ds_io_domain_trusts( const char *desc, DS_DOMAIN_TRUSTS *trust, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr"); - depth++; - - if ( !prs_uint32( "netbios_ptr", ps, depth, &trust->netbios_ptr ) ) - return False; - - if ( !prs_uint32( "dns_ptr", ps, depth, &trust->dns_ptr ) ) - return False; - - if ( !prs_uint32( "flags", ps, depth, &trust->flags ) ) - return False; - - if ( !prs_uint32( "parent_index", ps, depth, &trust->parent_index ) ) - return False; - - if ( !prs_uint32( "trust_type", ps, depth, &trust->trust_type ) ) - return False; - - if ( !prs_uint32( "trust_attributes", ps, depth, &trust->trust_attributes ) ) - return False; - - if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) ) - return False; - - if ( !smb_io_uuid("guid", &trust->guid, ps, depth) ) - return False; - - return True; -} - -/************************************************************************ -************************************************************************/ - -static bool ds_io_dom_trusts_ctr( const char *desc, DS_DOMAIN_TRUSTS_CTR *ctr, prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr"); - depth++; - - if ( !prs_uint32( "ptr", ps, depth, &ctr->ptr ) ) - return False; - - if ( !prs_uint32( "max_count", ps, depth, &ctr->max_count ) ) - return False; - - /* are we done? */ - - if ( ctr->max_count == 0 ) - return True; - - /* allocate the domain trusts array are parse it */ - - ctr->trusts = TALLOC_ARRAY(ps->mem_ctx, DS_DOMAIN_TRUSTS, ctr->max_count); - - if ( !ctr->trusts ) - return False; - - /* this stinks; the static portion o fthe structure is read here and then - we need another loop to read the UNISTR2's and SID's */ - - for ( i=0; i<ctr->max_count;i++ ) { - if ( !ds_io_domain_trusts("domain_trusts", &ctr->trusts[i], ps, depth) ) - return False; - } - - for ( i=0; i<ctr->max_count; i++ ) { - - if ( !smb_io_unistr2("netbios_domain", &ctr->trusts[i].netbios_domain, ctr->trusts[i].netbios_ptr, ps, depth) ) - return False; - - if(!prs_align(ps)) - return False; - - if ( !smb_io_unistr2("dns_domain", &ctr->trusts[i].dns_domain, ctr->trusts[i].dns_ptr, ps, depth) ) - return False; - - if(!prs_align(ps)) - return False; - - if ( ctr->trusts[i].sid_ptr ) { - if ( !smb_io_dom_sid2("sid", &ctr->trusts[i].sid, ps, depth ) ) - return False; - } - } - - return True; -} - -/************************************************************************ - initialize a DS_ENUM_DOM_TRUSTS request -************************************************************************/ - -bool ds_io_q_enum_domain_trusts( const char *desc, DS_Q_ENUM_DOM_TRUSTS *q_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "ds_io_q_enum_domain_trusts"); - depth++; - - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32( "server_ptr", ps, depth, &q_u->server_ptr ) ) - return False; - - if ( !smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth) ) - return False; - - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32( "flags", ps, depth, &q_u->flags ) ) - return False; - - return True; -} - -/************************************************************************ -************************************************************************/ - -bool ds_io_r_enum_domain_trusts( const char *desc, DS_R_ENUM_DOM_TRUSTS *r_u, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "ds_io_r_enum_domain_trusts"); - depth++; - - if(!prs_align(ps)) - return False; - - if ( !prs_uint32( "num_domains", ps, depth, &r_u->num_domains ) ) - return False; - - if ( r_u->num_domains ) { - if ( !ds_io_dom_trusts_ctr("domains", &r_u->domains, ps, depth) ) - return False; - } - - if(!prs_align(ps)) - return False; - - if ( !prs_ntstatus("status", ps, depth, &r_u->status ) ) - return False; - - return True; -} diff --git a/source3/rpc_server/srv_eventlog_lib.c b/source3/rpc_server/srv_eventlog_lib.c index 4e996ee19b..269e2f318e 100644 --- a/source3/rpc_server/srv_eventlog_lib.c +++ b/source3/rpc_server/srv_eventlog_lib.c @@ -140,15 +140,14 @@ int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention ) return True if we made enough room to accommodate needed bytes ********************************************************************/ -bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, - bool whack_by_date ) +static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, + bool whack_by_date ) { int start_record, i, new_start; int end_record; int nbytes, reclen, len, Retention, MaxSize; int tresv1, trecnum, timegen, timewr; TDB_DATA key, ret; - TALLOC_CTX *mem_ctx = NULL; time_t current_time, exp_time; /* discard some eventlogs */ @@ -156,10 +155,7 @@ bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, /* read eventlogs from oldest_entry -- there can't be any discontinuity in recnos, although records not necessarily guaranteed to have successive times */ /* */ - mem_ctx = talloc_init( "make_way_for_eventlogs" ); /* Homage to BPG */ - if ( mem_ctx == NULL ) - return False; /* can't allocate memory indicates bigger problems */ /* lock */ tdb_lock_bystring_with_timeout( the_tdb, EVT_NEXT_RECORD, 1 ); /* read */ diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 0ea34e54ad..7af8219a3e 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -486,7 +486,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) done: TALLOC_FREE(ctx); - return true; + return ret; } /******************************************************************** diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 6d9859a9ae..30ef02bee8 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -335,43 +335,6 @@ static bool api_net_sam_logon_ex(pipes_struct *p) return True; } - -/************************************************************************* - api_ds_enum_dom_trusts: - *************************************************************************/ - -#if 0 /* JERRY */ -static bool api_ds_enum_dom_trusts(pipes_struct *p) -{ - DS_Q_ENUM_DOM_TRUSTS q_u; - DS_R_ENUM_DOM_TRUSTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n")); - return False; - } - - r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u); - - if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n")); - return False; - } - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - return True; -} -#endif /* JERRY */ - /******************************************************************* array of \PIPE\NETLOGON operations ********************************************************************/ @@ -387,9 +350,6 @@ static struct api_struct api_net_cmds [] = { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl }, { "NET_SAMLOGON_EX" , NET_SAMLOGON_EX , api_net_sam_logon_ex }, -#if 0 /* JERRY */ - { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts } -#endif /* JERRY */ }; void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns ) diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 904ee17f51..5003af8ce7 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1130,7 +1130,7 @@ NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_L _ds_enum_dom_trusts *************************************************************************/ #if 0 /* JERRY -- not correct */ -NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u, + NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u, DS_R_ENUM_DOM_TRUSTS *r_u) { NTSTATUS status = NT_STATUS_OK; diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index de2e33732d..e0103e6b58 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -319,7 +319,6 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r &admin_account); status = dsgetdcname(p->mem_ctx, - NULL, r->in.domain_name, NULL, NULL, diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_dssetup.c index 477ff863dd..6ec58e9388 100644 --- a/source3/rpcclient/cmd_ds.c +++ b/source3/rpcclient/cmd_dssetup.c @@ -9,12 +9,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -57,31 +57,6 @@ static WERROR cmd_ds_dsrole_getprimarydominfo(struct rpc_pipe_client *cli, return werr; } -static NTSTATUS cmd_ds_enum_domain_trusts(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) -{ - NTSTATUS result; - uint32 flags = DS_DOMAIN_IN_FOREST; - struct ds_domain_trust *trusts = NULL; - unsigned int num_domains = 0; - int i; - - if (argc > 1) { - flags = atoi(argv[1]); - } - - result = rpccli_ds_enum_domain_trusts( cli, mem_ctx, cli->cli->desthost, flags, - &trusts, &num_domains ); - - printf( "%d domains returned\n", num_domains ); - - for (i=0; i<num_domains; i++ ) - printf("%s (%s)\n", trusts[i].dns_domain, trusts[i].netbios_domain); - - return result; -} - /* List of commands exported by this module */ struct cmd_set ds_commands[] = { @@ -89,7 +64,6 @@ struct cmd_set ds_commands[] = { { "LSARPC-DS" }, { "dsroledominfo", RPC_RTYPE_WERROR, NULL, cmd_ds_dsrole_getprimarydominfo, PI_DSSETUP, NULL, "Get Primary Domain Information", "" }, - { "dsenumdomtrusts", RPC_RTYPE_NTSTATUS, cmd_ds_enum_domain_trusts, NULL, PI_NETLOGON, NULL, "Enumerate all trusted domains in an AD forest", "" }, { NULL } }; diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 731c3de268..aad538a0ee 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -739,6 +739,75 @@ static WERROR cmd_netlogon_dsr_getforesttrustinfo(struct rpc_pipe_client *cli, return werr; } +static WERROR cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + WERROR werr = WERR_GENERAL_FAILURE; + const char *server_name = cli->cli->desthost; + struct netr_Blob blob; + + + if (argc < 1 || argc > 3) { + fprintf(stderr, "Usage: %s <server_name>\n", argv[0]); + return WERR_OK; + } + + if (argc >= 2) { + server_name = argv[1]; + } + + status = rpccli_netr_NetrEnumerateTrustedDomains(cli, mem_ctx, + server_name, + &blob, + &werr); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (W_ERROR_IS_OK(werr)) { + printf("success\n"); + dump_data(1, blob.data, blob.length); + } + done: + return werr; +} + +static WERROR cmd_netlogon_enumtrusteddomainsex(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + WERROR werr = WERR_GENERAL_FAILURE; + const char *server_name = cli->cli->desthost; + struct netr_DomainTrustList list; + + if (argc < 1 || argc > 3) { + fprintf(stderr, "Usage: %s <server_name>\n", argv[0]); + return WERR_OK; + } + + if (argc >= 2) { + server_name = argv[1]; + } + + status = rpccli_netr_NetrEnumerateTrustedDomainsEx(cli, mem_ctx, + server_name, + &list, + &werr); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (W_ERROR_IS_OK(werr)) { + printf("success\n"); + } + done: + return werr; +} + + /* List of commands exported by this module */ @@ -761,7 +830,10 @@ struct cmd_set netlogon_commands[] = { { "change_trust_pw", RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw, NULL, PI_NETLOGON, NULL, "Change Trust Account Password", "" }, { "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, PI_NETLOGON, NULL, "Get trust rid", "" }, { "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, "Enumerate trusted domains", "" }, + { "dsenumdomtrusts", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, "Enumerate all trusted domains in an AD forest", "" }, { "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, PI_NETLOGON, NULL, "Deregister DNS records", "" }, + { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, PI_NETLOGON, NULL, "Enumerate trusted domains", "" }, + { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, PI_NETLOGON, NULL, "Enumerate trusted domains", "" }, { NULL } }; diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c index 765971fba3..8c01b5b4ba 100644 --- a/source3/utils/net_lookup.c +++ b/source3/utils/net_lookup.c @@ -401,7 +401,7 @@ static int net_lookup_dsgetdcname(int argc, const char **argv) site_name = sitename_fetch(domain_name); } - status = dsgetdcname(mem_ctx, NULL, domain_name, NULL, site_name, + status = dsgetdcname(mem_ctx, domain_name, NULL, site_name, flags, &info); if (!NT_STATUS_IS_OK(status)) { d_printf("failed with: %s\n", nt_errstr(status)); diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 6bf6e6c68f..c4c1278d73 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -164,9 +164,9 @@ struct winbindd_domain { fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */ fstring forest_name; /* Name of the AD forest we're in */ DOM_SID sid; /* SID for this domain */ - uint32 domain_flags; /* Domain flags from rpc_ds.h */ - uint32 domain_type; /* Domain type from rpc_ds.h */ - uint32 domain_trust_attribs; /* Trust attribs from rpc_ds.h */ + uint32 domain_flags; /* Domain flags from netlogon.h */ + uint32 domain_type; /* Domain type from netlogon.h */ + uint32 domain_trust_attribs; /* Trust attribs from netlogon.h */ bool initialized; /* Did we already ask for the domain mode? */ bool native_mode; /* is this a win2k domain in native mode ? */ bool active_directory; /* is this a win2k active directory ? */ diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index f963669825..db7ceca04d 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1157,12 +1157,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, DOM_SID **dom_sids) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - struct ds_domain_trust *domains = NULL; - int count = 0; + struct netr_DomainTrustList trusts; int i; uint32 flags; struct rpc_pipe_client *cli; - uint32 fr_flags = (DS_DOMAIN_IN_FOREST | DS_DOMAIN_TREE_ROOT); + uint32 fr_flags = (NETR_TRUST_FLAG_IN_FOREST | NETR_TRUST_FLAG_TREEROOT); int ret_count; DEBUG(3,("ads: trusted_domains\n")); @@ -1179,11 +1178,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, if ( domain->primary || ((domain->domain_flags&fr_flags) == fr_flags) ) { - flags = DS_DOMAIN_DIRECT_OUTBOUND | - DS_DOMAIN_DIRECT_INBOUND | - DS_DOMAIN_IN_FOREST; + flags = NETR_TRUST_FLAG_OUTBOUND | + NETR_TRUST_FLAG_INBOUND | + NETR_TRUST_FLAG_IN_FOREST; } else { - flags = DS_DOMAIN_IN_FOREST; + flags = NETR_TRUST_FLAG_IN_FOREST; } result = cm_connect_netlogon(domain, &cli); @@ -1194,29 +1193,27 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, domain->name, nt_errstr(result))); return NT_STATUS_UNSUCCESSFUL; } - - if ( NT_STATUS_IS_OK(result) ) { - result = rpccli_ds_enum_domain_trusts(cli, mem_ctx, - cli->cli->desthost, - flags, &domains, - (unsigned int *)&count); - } - - if ( NT_STATUS_IS_OK(result) && count) { + + result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx, + cli->cli->desthost, + flags, + &trusts, + NULL); + if ( NT_STATUS_IS_OK(result) && trusts.count) { /* Allocate memory for trusted domain names and sids */ - if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, count)) ) { + if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) { DEBUG(0, ("trusted_domains: out of memory\n")); return NT_STATUS_NO_MEMORY; } - if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, count)) ) { + if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) { DEBUG(0, ("trusted_domains: out of memory\n")); return NT_STATUS_NO_MEMORY; } - if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, count)) ) { + if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, trusts.count)) ) { DEBUG(0, ("trusted_domains: out of memory\n")); return NT_STATUS_NO_MEMORY; } @@ -1225,7 +1222,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, ret_count = 0; - for (i = 0; i < count; i++) { + for (i = 0; i < trusts.count; i++) { struct winbindd_domain d; /* drop external trusts if this is not our primary @@ -1233,24 +1230,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, domains may be less that the ones actually trusted by the DC. */ - if ( (domains[i].trust_attributes == DS_DOMAIN_TRUST_ATTRIB_QUARANTINED_DOMAIN) && + if ( (trusts.array[i].trust_attributes == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) && !domain->primary ) { DEBUG(10,("trusted_domains: Skipping external trusted domain " "%s because it is outside of our primary domain\n", - domains[i].netbios_domain)); + trusts.array[i].netbios_name)); continue; } - (*names)[ret_count] = domains[i].netbios_domain; - (*alt_names)[ret_count] = domains[i].dns_domain; - sid_copy(&(*dom_sids)[ret_count], &domains[i].sid); + (*names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].netbios_name); + (*alt_names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].dns_name); + sid_copy(&(*dom_sids)[ret_count], trusts.array[i].sid); /* add to the trusted domain cache */ - fstrcpy( d.name, domains[i].netbios_domain ); - fstrcpy( d.alt_name, domains[i].dns_domain ); - sid_copy( &d.sid, &domains[i].sid ); + fstrcpy( d.name, trusts.array[i].netbios_name); + fstrcpy( d.alt_name, trusts.array[i].dns_name); + sid_copy( &d.sid, trusts.array[i].sid); /* This gets a little tricky. If we are following a transitive forest trust, then @@ -1269,9 +1266,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, we have the current trust flags and attributes */ - d.domain_flags = domains[i].flags; - d.domain_type = domains[i].trust_type; - d.domain_trust_attribs = domains[i].trust_attributes; + d.domain_flags = trusts.array[i].trust_flags; + d.domain_type = trusts.array[i].trust_type; + d.domain_trust_attribs = trusts.array[i].trust_attributes; } else { /* Look up the record in the cache */ struct winbindd_tdc_domain *parent; diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 94910072c3..66787a0d6d 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1716,12 +1716,11 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain ) { struct winbindd_domain *our_domain; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - struct ds_domain_trust *domains = NULL; - int count = 0; + struct netr_DomainTrustList trusts; int i; - uint32 flags = (DS_DOMAIN_IN_FOREST | - DS_DOMAIN_DIRECT_OUTBOUND | - DS_DOMAIN_DIRECT_INBOUND); + uint32 flags = (NETR_TRUST_FLAG_IN_FOREST | + NETR_TRUST_FLAG_OUTBOUND | + NETR_TRUST_FLAG_INBOUND); struct rpc_pipe_client *cli; TALLOC_CTX *mem_ctx = NULL; @@ -1763,27 +1762,35 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain ) return False; } - result = rpccli_ds_enum_domain_trusts(cli, mem_ctx, - cli->cli->desthost, - flags, &domains, - (unsigned int *)&count); + result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx, + cli->cli->desthost, + flags, + &trusts, + NULL); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("set_dc_type_and_flags_trustinfo: " + "failed to query trusted domain list: %s\n", + nt_errstr(result))); + talloc_destroy(mem_ctx); + return false; + } /* Now find the domain name and get the flags */ - for ( i=0; i<count; i++ ) { - if ( strequal( domain->name, domains[i].netbios_domain ) ) { - domain->domain_flags = domains[i].flags; - domain->domain_type = domains[i].trust_type; - domain->domain_trust_attribs = domains[i].trust_attributes; - - if ( domain->domain_type == DS_DOMAIN_TRUST_TYPE_UPLEVEL ) + for ( i=0; i<trusts.count; i++ ) { + if ( strequal( domain->name, trusts.array[i].netbios_name) ) { + domain->domain_flags = trusts.array[i].trust_flags; + domain->domain_type = trusts.array[i].trust_type; + domain->domain_trust_attribs = trusts.array[i].trust_attributes; + + if ( domain->domain_type == NETR_TRUST_TYPE_UPLEVEL ) domain->active_directory = True; /* This flag is only set if the domain is *our* primary domain and the primary domain is in native mode */ - domain->native_mode = (domain->domain_flags & DS_DOMAIN_NATIVE_MODE); + domain->native_mode = (domain->domain_flags & NETR_TRUST_FLAG_NATIVE); DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s is %sin " "native mode.\n", domain->name, @@ -1930,7 +1937,7 @@ no_dssetup: fstrcpy(domain->forest_name, forest_name); if (strequal(domain->forest_name, domain->alt_name)) { - domain->domain_flags = DS_DOMAIN_TREE_ROOT; + domain->domain_flags = NETR_TRUST_FLAG_TREEROOT; } } diff --git a/source3/winbindd/winbindd_locator.c b/source3/winbindd/winbindd_locator.c index 05bd74af25..6b1cff99e0 100644 --- a/source3/winbindd/winbindd_locator.c +++ b/source3/winbindd/winbindd_locator.c @@ -67,7 +67,7 @@ static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain, DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid, state->request.domain_name)); - result = dsgetdcname(state->mem_ctx, NULL, state->request.domain_name, + result = dsgetdcname(state->mem_ctx, state->request.domain_name, NULL, NULL, state->request.flags, &info); if (!NT_STATUS_IS_OK(result)) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 98c9ae2ffe..ea9a07d388 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -964,7 +964,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, #ifdef HAVE_KRB5 if ((state->request.flags & WBFLAG_PAM_KRB5) && ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) && - (tdc_domain->trust_type & DS_DOMAIN_TRUST_TYPE_UPLEVEL)) { + (tdc_domain->trust_type & NETR_TRUST_TYPE_UPLEVEL)) { uid_t uid = -1; const char *cc = NULL; diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index f6bb5750ea..10779cd60a 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -218,7 +218,7 @@ static void add_trusted_domains( struct winbindd_domain *domain ) TALLOC_CTX *mem_ctx; struct winbindd_request *request; struct winbindd_response *response; - uint32 fr_flags = (DS_DOMAIN_TREE_ROOT|DS_DOMAIN_IN_FOREST); + uint32 fr_flags = (NETR_TRUST_FLAG_TREEROOT|NETR_TRUST_FLAG_IN_FOREST); struct trustdom_state *state; @@ -391,8 +391,8 @@ static void rescan_forest_root_trusts( void ) the domain_list() as our primary domain may not have been initialized. */ - if ( !(dom_list[i].trust_flags & DS_DOMAIN_TREE_ROOT) ) { - continue; + if ( !(dom_list[i].trust_flags & NETR_TRUST_FLAG_TREEROOT) ) { + continue; } /* Here's the forest root */ @@ -456,10 +456,10 @@ static void rescan_forest_trusts( void ) if ( d && (d->internal || d->primary ) ) continue; - - if ( (flags & DS_DOMAIN_DIRECT_INBOUND) && - (type == DS_DOMAIN_TRUST_TYPE_UPLEVEL) && - (attribs == DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE) ) + + if ( (flags & NETR_TRUST_FLAG_INBOUND) && + (type == NETR_TRUST_TYPE_UPLEVEL) && + (attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) ) { /* add the trusted domain if we don't know about it */ @@ -770,8 +770,8 @@ void check_domain_trusted( const char *name, const DOM_SID *user_sid ) forest trust */ domain->active_directory = True; - domain->domain_flags = DS_DOMAIN_DIRECT_OUTBOUND; - domain->domain_type = DS_DOMAIN_TRUST_TYPE_UPLEVEL; + domain->domain_flags = NETR_TRUST_FLAG_OUTBOUND; + domain->domain_type = NETR_TRUST_TYPE_UPLEVEL; domain->internal = False; domain->online = True; @@ -1408,7 +1408,7 @@ bool winbindd_can_contact_domain(struct winbindd_domain *domain) /* Can always contact a domain that is in out forest */ - if (tdc->trust_flags & DS_DOMAIN_IN_FOREST) { + if (tdc->trust_flags & NETR_TRUST_FLAG_IN_FOREST) { ret = true; goto done; } @@ -1420,7 +1420,7 @@ bool winbindd_can_contact_domain(struct winbindd_domain *domain) if (!IS_DC && domain->active_directory && - ((tdc->trust_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND)) + ((tdc->trust_flags & NETR_TRUST_FLAG_INBOUND) != NETR_TRUST_FLAG_INBOUND)) { DEBUG(10, ("winbindd_can_contact_domain: %s is an AD domain " "and we have no inbound trust.\n", domain->name)); |