From 3475c25714ee6267bf056f7b23c421c6d8eb5d76 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Tue, 8 May 2001 03:52:07 +0000
Subject: Misc fixes to get winbindd working.  We can now do a 'getent passwd'
 and 'getent group' and have most things working. (This used to be commit
 a7728bfa52291ec3149fbb704d7b30689af83e7c)

---
 source3/nsswitch/winbindd.c       |  7 ++++
 source3/nsswitch/winbindd_glue.c  | 79 ++++++++++++++++++++++++++++++++++-----
 source3/nsswitch/winbindd_group.c |  2 -
 source3/nsswitch/winbindd_util.c  | 17 ++++++---
 4 files changed, 88 insertions(+), 17 deletions(-)

(limited to 'source3/nsswitch')

diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 9d315a0811..9dd995b4ae 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -644,6 +644,13 @@ int main(int argc, char **argv)
 	BOOL interactive = False;
 	int opt, new_debuglevel = -1;
 
+	/* Must be root */
+
+	if(geteuid() != (uid_t)0) {
+		fprintf(stderr, "Must have effective user id of zero.\n");
+		exit(1);
+	}
+
 	/* Set environment variable so we don't recursively call ourselves.
 	   This may also be useful interactively. */
 	SETENV(WINBINDD_DONT_ENV, "1", 1);
diff --git a/source3/nsswitch/winbindd_glue.c b/source3/nsswitch/winbindd_glue.c
index 9007e8c275..6f55e564f4 100644
--- a/source3/nsswitch/winbindd_glue.c
+++ b/source3/nsswitch/winbindd_glue.c
@@ -47,6 +47,9 @@ BOOL wb_lsa_open_policy(char *server, BOOL sec_qos, uint32 des_access,
 
 	/* Initialise RPC connection */
 
+	if (!cli_initialise(pol->cli))
+		goto done;
+
 	ZERO_STRUCT(creds);
 	creds.pwd.null_pwd = 1;
 
@@ -168,16 +171,62 @@ BOOL wb_samr_close(CLI_POLICY_HND *hnd)
 /****************************************************************************
 samr_connect glue
 ****************************************************************************/
-BOOL wb_samr_connect(char *srv_name, uint32 access_mask, 
-		  CLI_POLICY_HND *connect_pol)
+BOOL wb_samr_connect(char *server, uint32 access_mask, CLI_POLICY_HND *pol)
 {
-	uint32 ret;
+	struct nmb_name calling, called;
+	struct ntuser_creds creds;
+	struct in_addr dest_ip;
+	fstring dest_host;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
+	extern pstring global_myname;
 
-	ret = cli_samr_connect(connect_pol->cli, connect_pol->mem_ctx, 
-			       srv_name, access_mask,
-			       &connect_pol->handle);
+	ZERO_STRUCTP(pol);
 
-	return (ret == NT_STATUS_NOPROBLEMO);
+	pol->cli = (struct cli_state *)malloc(sizeof(struct cli_state));
+	pol->mem_ctx = talloc_init();
+
+	if (!pol->cli || !pol->mem_ctx)
+		return False;
+
+	/* Initialise RPC connection */
+
+	if (!cli_initialise(pol->cli))
+		goto done;
+
+	ZERO_STRUCT(creds);
+	creds.pwd.null_pwd = 1;
+
+	cli_init_creds(pol->cli, &creds);
+
+	/* Establish a SMB connection */
+
+	if (!resolve_srv_name(server, dest_host, &dest_ip)) {
+		goto done;
+	}
+
+	make_nmb_name(&called, dns_to_netbios_name(dest_host), 0x20);
+	make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0);
+
+	if (!cli_establish_connection(pol->cli, dest_host, &dest_ip, &calling, 
+				      &called, "IPC$", "IPC", False, True)) {
+		goto done;
+	}
+	
+	if (!cli_nt_session_open (pol->cli, PIPE_SAMR)) {
+		goto done;
+	}
+
+	result = cli_samr_connect(pol->cli, pol->mem_ctx, server, 
+				  access_mask, &pol->handle);
+
+ done:
+	if (result != NT_STATUS_NOPROBLEMO && pol->cli) {
+		if (pol->cli->initialised)
+			cli_shutdown(pol->cli);
+		free(pol->cli);
+	}
+
+	return (result == NT_STATUS_NOPROBLEMO);
 }
 
 
@@ -198,6 +247,7 @@ BOOL wb_samr_open_domain(CLI_POLICY_HND *connect_pol, uint32 ace_perms,
 
 	if (ret == NT_STATUS_NOPROBLEMO) {
 		domain_pol->cli = connect_pol->cli;
+		domain_pol->mem_ctx = connect_pol->mem_ctx;
 		return True;
 	}
 
@@ -222,8 +272,12 @@ uint32 wb_samr_enum_dom_groups(CLI_POLICY_HND *pol, uint32 *start_idx,
 			       uint32 size, struct acct_info **sam,
 			       uint32 *num_sam_groups)
 {
-	DEBUG(0,("unimplemented samr_enum_dom_groups\n"));
-	return -1;
+	uint32 ret;
+
+	ret = cli_samr_enum_dom_groups(pol->cli, pol->mem_ctx, &pol->handle,
+				       start_idx, size, sam, num_sam_groups);
+
+	return (ret == NT_STATUS_NOPROBLEMO);
 }
 
 /****************************************************************************
@@ -328,7 +382,12 @@ BOOL wb_sam_query_groupmem(CLI_POLICY_HND *pol, uint32 group_rid,
 	    != NT_STATUS_NOPROBLEMO)
 		goto done;
 
-	/* do a samr_query_lookup_rids() */
+	if ((result = cli_samr_lookup_rids(pol->cli, pol->mem_ctx,
+					   &pol->handle, 1000, /* ??? */
+					   *num_names, *rid_mem,
+					   num_names, names, name_types))
+	    != NT_STATUS_NOPROBLEMO)
+		goto done;
 
  done:
 	if (got_group_pol) cli_samr_close(pol->cli, pol->mem_ctx, &group_pol);
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index b56d2787d6..ed4db07dda 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -522,8 +522,6 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
 			memcpy(&name_list[ent->num_sam_entries],
 			       sam_grp_entries, 
 			       num_entries * sizeof(struct acct_info));
-
-			safe_free(sam_grp_entries);
 		}
 
 		ent->num_sam_entries += num_entries;
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index b838dd0145..3d8fbd3da8 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -327,8 +327,7 @@ static BOOL get_any_dc_name(char *domain, fstring srv_name)
 	dc_ip = ip_list[i];
 	free(ip_list);
 		
-	if (!lookup_pdc_name(global_myname, lp_workgroup(),
-			     &dc_ip, server_state.controller))
+	if (!lookup_pdc_name(global_myname, lp_workgroup(), &dc_ip, srv_name))
 		return False;
 
 	return True;
@@ -366,6 +365,8 @@ void establish_connections(BOOL force_reestablish)
 
 		if (!get_any_dc_name(lp_workgroup(), 
 				     server_state.controller)) {
+			DEBUG(3, ("could not find any domain controllers "
+				  "for domain %s\n", lp_workgroup()));
 			return;
 		}
 
@@ -374,8 +375,10 @@ void establish_connections(BOOL force_reestablish)
 //		server_state.pwdb_initialised = pwdb_initialise(False);
 		server_state.pwdb_initialised = True;
 
-		if (!server_state.pwdb_initialised) 
+		if (!server_state.pwdb_initialised) {
+			DEBUG(3, ("could not initialise pwdb\n"));
 			return;
+		}
 	}
 
 	/* Open lsa handle if it isn't already open */
@@ -387,7 +390,11 @@ void establish_connections(BOOL force_reestablish)
 					   False, SEC_RIGHTS_MAXIMUM_ALLOWED,
 					   &server_state.lsa_handle);
 
-		if (!server_state.lsa_handle_open) return;
+		if (!server_state.lsa_handle_open) {
+			DEBUG(0, ("error opening lsa handle on dc %s\n",
+				  server_state.controller));
+			return;
+		}
 
 		/* Now we can talk to the server we can get some info */
 
@@ -436,7 +443,7 @@ BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain)
     
     /* Look for domain name */
     
-    if (res && domains && sids) {
+    if (!res && domains && sids) {
             int found = False;
             int i;
 	    
-- 
cgit