From 28aa4bff8d6be031c6089fe5c7ab010f1cc48340 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Sep 2007 12:03:58 +0000 Subject: r25154: move winbindd code into winbindd/ metze (This used to be commit 3ac7566ae14c48ff9b0f6b232e0ec4b2f73df558) --- source3/winbindd/winbindd_rpc.c | 1111 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 1111 insertions(+) create mode 100644 source3/winbindd/winbindd_rpc.c (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c new file mode 100644 index 0000000000..6d2dd35080 --- /dev/null +++ b/source3/winbindd/winbindd_rpc.c @@ -0,0 +1,1111 @@ +/* + Unix SMB/CIFS implementation. + + Winbind rpc backend functions + + Copyright (C) Tim Potter 2000-2001,2003 + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Volker Lendecke 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "winbindd.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_WINBIND + + +/* Query display info for a domain. This returns enough information plus a + bit extra to give an overview of domain users for the User Manager + application. */ +static NTSTATUS query_user_list(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *num_entries, + WINBIND_USERINFO **info) +{ + NTSTATUS result; + POLICY_HND dom_pol; + unsigned int i, start_idx; + uint32 loop_count; + struct rpc_pipe_client *cli; + + DEBUG(3,("rpc: query_user_list\n")); + + *num_entries = 0; + *info = NULL; + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("query_user_list: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) + return result; + + i = start_idx = 0; + loop_count = 0; + + do { + uint32 num_dom_users, j; + uint32 max_entries, max_size; + SAM_DISPINFO_CTR ctr; + SAM_DISPINFO_1 info1; + + ZERO_STRUCT( ctr ); + ZERO_STRUCT( info1 ); + ctr.sam.info1 = &info1; + + /* this next bit is copied from net_user_list_internal() */ + + get_query_dispinfo_params(loop_count, &max_entries, + &max_size); + + result = rpccli_samr_query_dispinfo(cli, mem_ctx, &dom_pol, + &start_idx, 1, + &num_dom_users, + max_entries, max_size, + &ctr); + + loop_count++; + + *num_entries += num_dom_users; + + *info = TALLOC_REALLOC_ARRAY(mem_ctx, *info, WINBIND_USERINFO, + *num_entries); + + if (!(*info)) { + return NT_STATUS_NO_MEMORY; + } + + for (j = 0; j < num_dom_users; i++, j++) { + fstring username, fullname; + uint32 rid = ctr.sam.info1->sam[j].rid_user; + + unistr2_to_ascii( username, &(&ctr.sam.info1->str[j])->uni_acct_name, sizeof(username)-1); + unistr2_to_ascii( fullname, &(&ctr.sam.info1->str[j])->uni_full_name, sizeof(fullname)-1); + + (*info)[i].acct_name = talloc_strdup(mem_ctx, username ); + (*info)[i].full_name = talloc_strdup(mem_ctx, fullname ); + (*info)[i].homedir = NULL; + (*info)[i].shell = NULL; + sid_compose(&(*info)[i].user_sid, &domain->sid, rid); + + /* For the moment we set the primary group for + every user to be the Domain Users group. + There are serious problems with determining + the actual primary group for large domains. + This should really be made into a 'winbind + force group' smb.conf parameter or + something like that. */ + + sid_compose(&(*info)[i].group_sid, &domain->sid, + DOMAIN_GROUP_RID_USERS); + } + + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + return result; +} + +/* list all domain groups */ +static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *num_entries, + struct acct_info **info) +{ + POLICY_HND dom_pol; + NTSTATUS status; + uint32 start = 0; + struct rpc_pipe_client *cli; + + *num_entries = 0; + *info = NULL; + + DEBUG(3,("rpc: enum_dom_groups\n")); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("enum_domain_groups: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + status = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(status)) + return status; + + do { + struct acct_info *info2 = NULL; + uint32 count = 0; + TALLOC_CTX *mem_ctx2; + + mem_ctx2 = talloc_init("enum_dom_groups[rpc]"); + + /* start is updated by this call. */ + status = rpccli_samr_enum_dom_groups(cli, mem_ctx2, &dom_pol, + &start, + 0xFFFF, /* buffer size? */ + &info2, &count); + + if (!NT_STATUS_IS_OK(status) && + !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { + talloc_destroy(mem_ctx2); + break; + } + + (*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, + struct acct_info, + (*num_entries) + count); + if (! *info) { + talloc_destroy(mem_ctx2); + return NT_STATUS_NO_MEMORY; + } + + memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); + (*num_entries) += count; + talloc_destroy(mem_ctx2); + } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)); + + return NT_STATUS_OK; +} + +/* List all domain groups */ + +static NTSTATUS enum_local_groups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *num_entries, + struct acct_info **info) +{ + POLICY_HND dom_pol; + NTSTATUS result; + struct rpc_pipe_client *cli; + + *num_entries = 0; + *info = NULL; + + DEBUG(3,("rpc: enum_local_groups\n")); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("enum_local_groups: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) + return result; + + do { + struct acct_info *info2 = NULL; + uint32 count = 0, start = *num_entries; + TALLOC_CTX *mem_ctx2; + + mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]"); + + result = rpccli_samr_enum_als_groups( cli, mem_ctx2, &dom_pol, + &start, 0xFFFF, &info2, + &count); + + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) ) + { + talloc_destroy(mem_ctx2); + return result; + } + + (*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, + struct acct_info, + (*num_entries) + count); + if (! *info) { + talloc_destroy(mem_ctx2); + return NT_STATUS_NO_MEMORY; + } + + memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); + (*num_entries) += count; + talloc_destroy(mem_ctx2); + + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + return NT_STATUS_OK; +} + +/* convert a single name to a sid in a domain */ +NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + enum winbindd_cmd original_cmd, + const char *domain_name, + const char *name, + DOM_SID *sid, + enum lsa_SidType *type) +{ + NTSTATUS result; + DOM_SID *sids = NULL; + enum lsa_SidType *types = NULL; + char *full_name = NULL; + struct rpc_pipe_client *cli; + POLICY_HND lsa_policy; + + if (name == NULL || *name=='\0') { + full_name = talloc_asprintf(mem_ctx, "%s", domain_name); + } else if (domain_name == NULL || *domain_name == '\0') { + full_name = talloc_asprintf(mem_ctx, "%s", name); + } else { + full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain_name, name); + } + if (!full_name) { + DEBUG(0, ("talloc_asprintf failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(3,("rpc: name_to_sid name=%s\n", full_name)); + + ws_name_return( full_name, WB_REPLACE_CHAR ); + + DEBUG(3,("name_to_sid [rpc] %s for domain %s\n", full_name?full_name:"", domain_name )); + + result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + if (!NT_STATUS_IS_OK(result)) + return result; + + result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1, + (const char**) &full_name, NULL, 1, &sids, &types); + + if (!NT_STATUS_IS_OK(result)) + return result; + + /* Return rid and type if lookup successful */ + + sid_copy(sid, &sids[0]); + *type = types[0]; + + return NT_STATUS_OK; +} + +/* + convert a domain SID to a user or group name +*/ +NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + char **domain_name, + char **name, + enum lsa_SidType *type) +{ + char **domains; + char **names; + enum lsa_SidType *types; + NTSTATUS result; + struct rpc_pipe_client *cli; + POLICY_HND lsa_policy; + + DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_static(sid), + domain->name )); + + result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(2,("msrpc_sid_to_name: cm_connect_lsa() failed (%s)\n", + nt_errstr(result))); + return result; + } + + + result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy, + 1, sid, &domains, &names, &types); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(2,("msrpc_sid_to_name: rpccli_lsa_lookup_sids() failed (%s)\n", + nt_errstr(result))); + return result; + } + + *type = (enum lsa_SidType)types[0]; + *domain_name = domains[0]; + *name = names[0]; + + ws_name_replace( *name, WB_REPLACE_CHAR ); + + DEBUG(5,("Mapped sid to [%s]\\[%s]\n", domains[0], *name)); + return NT_STATUS_OK; +} + +NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + uint32 *rids, + size_t num_rids, + char **domain_name, + char ***names, + enum lsa_SidType **types) +{ + char **domains; + NTSTATUS result; + struct rpc_pipe_client *cli; + POLICY_HND lsa_policy; + DOM_SID *sids; + size_t i; + char **ret_names; + + DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name )); + + if (num_rids) { + sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_rids); + if (sids == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + sids = NULL; + } + + for (i=0; isid, user_sid, &user_rid)) + return NT_STATUS_UNSUCCESSFUL; + + user_info->homedir = NULL; + user_info->shell = NULL; + user_info->primary_gid = (gid_t)-1; + + /* try netsamlogon cache first */ + + if ( (user = netsamlogon_cache_get( mem_ctx, user_sid )) != NULL ) + { + + DEBUG(5,("query_user: Cache lookup succeeded for %s\n", + sid_string_static(user_sid))); + + sid_compose(&user_info->user_sid, &domain->sid, user->user_rid); + sid_compose(&user_info->group_sid, &domain->sid, + user->group_rid); + + user_info->acct_name = unistr2_tdup(mem_ctx, + &user->uni_user_name); + user_info->full_name = unistr2_tdup(mem_ctx, + &user->uni_full_name); + + TALLOC_FREE(user); + + return NT_STATUS_OK; + } + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("query_user: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("query_user: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + /* no cache; hit the wire */ + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) + return result; + + /* Get user handle */ + result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, + &user_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + /* Get user info */ + result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol, + 0x15, &ctr); + + rpccli_samr_close(cli, mem_ctx, &user_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + sid_compose(&user_info->user_sid, &domain->sid, user_rid); + sid_compose(&user_info->group_sid, &domain->sid, + ctr->info.id21->group_rid); + user_info->acct_name = unistr2_tdup(mem_ctx, + &ctr->info.id21->uni_user_name); + user_info->full_name = unistr2_tdup(mem_ctx, + &ctr->info.id21->uni_full_name); + user_info->homedir = NULL; + user_info->shell = NULL; + user_info->primary_gid = (gid_t)-1; + + return NT_STATUS_OK; +} + +/* Lookup groups a user is a member of. I wish Unix had a call like this! */ +static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *user_sid, + uint32 *num_groups, DOM_SID **user_grpsids) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + POLICY_HND dom_pol, user_pol; + uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; + DOM_GID *user_groups; + unsigned int i; + fstring sid_string; + uint32 user_rid; + struct rpc_pipe_client *cli; + + DEBUG(3,("rpc: lookup_usergroups sid=%s\n", + sid_to_string(sid_string, user_sid))); + + if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) + return NT_STATUS_UNSUCCESSFUL; + + *num_groups = 0; + *user_grpsids = NULL; + + /* so lets see if we have a cached user_info_3 */ + result = lookup_usergroups_cached(domain, mem_ctx, user_sid, + num_groups, user_grpsids); + + if (NT_STATUS_IS_OK(result)) { + return NT_STATUS_OK; + } + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("lookup_usergroups: No incoming trust for domain %s\n", + domain->name)); + + /* Tell the cache manager not to remember this one */ + + return NT_STATUS_SYNCHRONIZATION_REQUIRED; + } + + /* no cache; hit the wire */ + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) + return result; + + /* Get user handle */ + result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol, + des_access, user_rid, &user_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + /* Query user rids */ + result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol, + num_groups, &user_groups); + + rpccli_samr_close(cli, mem_ctx, &user_pol); + + if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0) + return result; + + (*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_groups); + if (!(*user_grpsids)) + return NT_STATUS_NO_MEMORY; + + for (i=0;i<(*num_groups);i++) { + sid_copy(&((*user_grpsids)[i]), &domain->sid); + sid_append_rid(&((*user_grpsids)[i]), + user_groups[i].g_rid); + } + + return NT_STATUS_OK; +} + +NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 num_sids, const DOM_SID *sids, + uint32 *num_aliases, uint32 **alias_rids) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + POLICY_HND dom_pol; + DOM_SID2 *query_sids; + uint32 num_query_sids = 0; + int i; + struct rpc_pipe_client *cli; + uint32 *alias_rids_query, num_aliases_query; + int rangesize = MAX_SAM_ENTRIES_W2K; + uint32 total_sids = 0; + int num_queries = 1; + + *num_aliases = 0; + *alias_rids = NULL; + + DEBUG(3,("rpc: lookup_useraliases\n")); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("msrpc_lookup_useraliases: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) + return result; + + do { + /* prepare query */ + + num_query_sids = MIN(num_sids - total_sids, rangesize); + + DEBUG(10,("rpc: lookup_useraliases: entering query %d for %d sids\n", + num_queries, num_query_sids)); + + if (num_query_sids) { + query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids); + if (query_sids == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + query_sids = NULL; + } + + for (i=0; iname, + sid_to_string(sid_string, group_sid))); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + + if (!sid_peek_check_rid(&domain->sid, group_sid, &group_rid)) + return NT_STATUS_UNSUCCESSFUL; + + *num_names = 0; + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) + return result; + + result = rpccli_samr_open_group(cli, mem_ctx, &dom_pol, + des_access, group_rid, &group_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + /* Step #1: Get a list of user rids that are the members of the + group. */ + + /* This call can take a long time - allow the server to time out. + 35 seconds should do it. */ + + orig_timeout = cli_set_timeout(cli->cli, 35000); + + result = rpccli_samr_query_groupmem(cli, mem_ctx, + &group_pol, num_names, &rid_mem, + name_types); + + /* And restore our original timeout. */ + cli_set_timeout(cli->cli, orig_timeout); + + rpccli_samr_close(cli, mem_ctx, &group_pol); + + if (!NT_STATUS_IS_OK(result)) + return result; + + if (!*num_names) { + names = NULL; + name_types = NULL; + sid_mem = NULL; + return NT_STATUS_OK; + } + + /* Step #2: Convert list of rids into list of usernames. Do this + in bunches of ~1000 to avoid crashing NT4. It looks like there + is a buffer overflow or something like that lurking around + somewhere. */ + +#define MAX_LOOKUP_RIDS 900 + + *names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names); + *name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names); + *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, *num_names); + + for (j=0;j<(*num_names);j++) + sid_compose(&(*sid_mem)[j], &domain->sid, rid_mem[j]); + + if (*num_names>0 && (!*names || !*name_types)) + return NT_STATUS_NO_MEMORY; + + for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) { + int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS); + uint32 tmp_num_names = 0; + char **tmp_names = NULL; + uint32 *tmp_types = NULL; + + /* Lookup a chunk of rids */ + + result = rpccli_samr_lookup_rids(cli, mem_ctx, + &dom_pol, + num_lookup_rids, + &rid_mem[i], + &tmp_num_names, + &tmp_names, &tmp_types); + + /* see if we have a real error (and yes the + STATUS_SOME_UNMAPPED is the one returned from 2k) */ + + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) + return result; + + /* Copy result into array. The talloc system will take + care of freeing the temporary arrays later on. */ + + memcpy(&(*names)[i], tmp_names, sizeof(char *) * + tmp_num_names); + + memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) * + tmp_num_names); + + total_names += tmp_num_names; + } + + *num_names = total_names; + + return NT_STATUS_OK; +} + +#ifdef HAVE_LDAP + +#include + +static int get_ldap_seq(const char *server, int port, uint32 *seq) +{ + int ret = -1; + struct timeval to; + const char *attrs[] = {"highestCommittedUSN", NULL}; + LDAPMessage *res = NULL; + char **values = NULL; + LDAP *ldp = NULL; + + *seq = DOM_SEQUENCE_NONE; + + /* + * Parameterised (5) second timeout on open. This is needed as the + * search timeout doesn't seem to apply to doing an open as well. JRA. + */ + + ldp = ldap_open_with_timeout(server, port, lp_ldap_timeout()); + if (ldp == NULL) + return -1; + + /* Timeout if no response within 20 seconds. */ + to.tv_sec = 10; + to.tv_usec = 0; + + if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)", + CONST_DISCARD(char **, attrs), 0, &to, &res)) + goto done; + + if (ldap_count_entries(ldp, res) != 1) + goto done; + + values = ldap_get_values(ldp, res, "highestCommittedUSN"); + if (!values || !values[0]) + goto done; + + *seq = atoi(values[0]); + ret = 0; + + done: + + if (values) + ldap_value_free(values); + if (res) + ldap_msgfree(res); + if (ldp) + ldap_unbind(ldp); + return ret; +} + +/********************************************************************** + Get the sequence number for a Windows AD native mode domain using + LDAP queries. +**********************************************************************/ + +static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq) +{ + int ret = -1; + fstring ipstr; + + fstrcpy( ipstr, inet_ntoa(domain->dcaddr.sin_addr)); + if ((ret = get_ldap_seq( ipstr, LDAP_PORT, seq)) == 0) { + DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence " + "number for Domain (%s) from DC (%s)\n", + domain->name, ipstr)); + } + return ret; +} + +#endif /* HAVE_LDAP */ + +/* find the sequence number for a domain */ +static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) +{ + TALLOC_CTX *mem_ctx; + SAM_UNK_CTR ctr; + NTSTATUS result; + POLICY_HND dom_pol; + BOOL got_seq_num = False; + struct rpc_pipe_client *cli; + + DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name)); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("sequence_number: No incoming trust for domain %s\n", + domain->name)); + *seq = time(NULL); + return NT_STATUS_OK; + } + + *seq = DOM_SEQUENCE_NONE; + + if (!(mem_ctx = talloc_init("sequence_number[rpc]"))) + return NT_STATUS_NO_MEMORY; + +#ifdef HAVE_LDAP + if ( domain->active_directory ) + { + int res; + + DEBUG(8,("using get_ldap_seq() to retrieve the " + "sequence number\n")); + + res = get_ldap_sequence_number( domain, seq ); + if (res == 0) + { + result = NT_STATUS_OK; + DEBUG(10,("domain_sequence_number: LDAP for " + "domain %s is %u\n", + domain->name, *seq)); + goto done; + } + + DEBUG(10,("domain_sequence_number: failed to get LDAP " + "sequence number for domain %s\n", + domain->name )); + } +#endif /* HAVE_LDAP */ + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + /* Query domain info */ + + result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr); + + if (NT_STATUS_IS_OK(result)) { + *seq = ctr.info.inf8.seq_num; + got_seq_num = True; + goto seq_num; + } + + /* retry with info-level 2 in case the dc does not support info-level 8 + * (like all older samba2 and samba3 dc's - Guenther */ + + result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr); + + if (NT_STATUS_IS_OK(result)) { + *seq = ctr.info.inf2.seq_num; + got_seq_num = True; + } + + seq_num: + if (got_seq_num) { + DEBUG(10,("domain_sequence_number: for domain %s is %u\n", + domain->name, (unsigned)*seq)); + } else { + DEBUG(10,("domain_sequence_number: failed to get sequence " + "number (%u) for domain %s\n", + (unsigned)*seq, domain->name )); + } + + done: + + talloc_destroy(mem_ctx); + + return result; +} + +/* get a list of trusted domains */ +static NTSTATUS trusted_domains(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 *num_domains, + char ***names, + char ***alt_names, + DOM_SID **dom_sids) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint32 enum_ctx = 0; + struct rpc_pipe_client *cli; + POLICY_HND lsa_policy; + + DEBUG(3,("rpc: trusted_domains\n")); + + *num_domains = 0; + *names = NULL; + *alt_names = NULL; + *dom_sids = NULL; + + result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); + if (!NT_STATUS_IS_OK(result)) + return result; + + result = STATUS_MORE_ENTRIES; + + while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { + uint32 start_idx, num; + char **tmp_names; + DOM_SID *tmp_sids; + int i; + + result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, + &lsa_policy, &enum_ctx, + &num, &tmp_names, + &tmp_sids); + + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) + break; + + start_idx = *num_domains; + *num_domains += num; + *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names, + char *, *num_domains); + *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids, + DOM_SID, *num_domains); + *alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names, + char *, *num_domains); + if ((*names == NULL) || (*dom_sids == NULL) || + (*alt_names == NULL)) + return NT_STATUS_NO_MEMORY; + + for (i=0; iname)); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("msrpc_lockout_policy: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_NOT_SUPPORTED; + } + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + *lockout_policy = ctr.info.inf12; + + DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n", + ctr.info.inf12.bad_attempt_lockout)); + + done: + + return result; +} + +/* find the password policy for a domain */ +NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + SAM_UNK_INFO_1 *password_policy) +{ + NTSTATUS result; + struct rpc_pipe_client *cli; + POLICY_HND dom_pol; + SAM_UNK_CTR ctr; + + DEBUG(10,("rpc: fetch password policy for %s\n", domain->name)); + + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("msrpc_password_policy: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_NOT_SUPPORTED; + } + + result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + *password_policy = ctr.info.inf1; + + DEBUG(10,("msrpc_password_policy: min_length_password %d\n", + ctr.info.inf1.min_length_password)); + + done: + + return result; +} + + +/* the rpc backend methods are exposed via this structure */ +struct winbindd_methods msrpc_methods = { + False, + query_user_list, + enum_dom_groups, + enum_local_groups, + msrpc_name_to_sid, + msrpc_sid_to_name, + msrpc_rids_to_names, + query_user, + lookup_usergroups, + msrpc_lookup_useraliases, + lookup_groupmem, + sequence_number, + msrpc_lockout_policy, + msrpc_password_policy, + trusted_domains, +}; -- cgit From c97fe37ea3d92a631e8da17c21dafae1db15e97b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Sep 2007 14:37:35 +0000 Subject: r25294: Tidy up callers of unistr2_to_ascii() to pass sizeof(target_area) to the maxeln parameter instead of sizeof(target_area) - 1 (or even sizeof(fstring) - 1 in some places. I hope these were really all there were. Michael (This used to be commit 9a28be220df622322857dfe102fa35e108f932dc) --- source3/winbindd/winbindd_rpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 6d2dd35080..283b4f36e9 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -96,8 +96,8 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, fstring username, fullname; uint32 rid = ctr.sam.info1->sam[j].rid_user; - unistr2_to_ascii( username, &(&ctr.sam.info1->str[j])->uni_acct_name, sizeof(username)-1); - unistr2_to_ascii( fullname, &(&ctr.sam.info1->str[j])->uni_full_name, sizeof(fullname)-1); + unistr2_to_ascii( username, &(&ctr.sam.info1->str[j])->uni_acct_name, sizeof(username)); + unistr2_to_ascii( fullname, &(&ctr.sam.info1->str[j])->uni_full_name, sizeof(fullname)); (*info)[i].acct_name = talloc_strdup(mem_ctx, username ); (*info)[i].full_name = talloc_strdup(mem_ctx, fullname ); -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/winbindd/winbindd_rpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 283b4f36e9..7035f6bffb 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -869,7 +869,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) SAM_UNK_CTR ctr; NTSTATUS result; POLICY_HND dom_pol; - BOOL got_seq_num = False; + bool got_seq_num = False; struct rpc_pipe_client *cli; DEBUG(10,("rpc: fetch sequence_number for %s\n", domain->name)); -- cgit From f88b7a076be74a29a3bf876b4e2705f4a1ecf42b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Oct 2007 14:16:54 -0700 Subject: This is a large patch (sorry). Migrate from struct in_addr to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd) --- source3/winbindd/winbindd_rpc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 7035f6bffb..55212a84b8 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -843,20 +843,20 @@ static int get_ldap_seq(const char *server, int port, uint32 *seq) /********************************************************************** Get the sequence number for a Windows AD native mode domain using - LDAP queries. + LDAP queries. **********************************************************************/ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq) { int ret = -1; - fstring ipstr; + char addr[INET6_ADDRSTRLEN]; - fstrcpy( ipstr, inet_ntoa(domain->dcaddr.sin_addr)); - if ((ret = get_ldap_seq( ipstr, LDAP_PORT, seq)) == 0) { + print_sockaddr(addr, sizeof(addr), &domain->dcaddr); + if ((ret = get_ldap_seq(addr, LDAP_PORT, seq)) == 0) { DEBUG(3, ("get_ldap_sequence_number: Retrieved sequence " - "number for Domain (%s) from DC (%s)\n", - domain->name, ipstr)); - } + "number for Domain (%s) from DC (%s)\n", + domain->name, addr)); + } return ret; } @@ -877,7 +877,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) if ( !winbindd_can_contact_domain( domain ) ) { DEBUG(10,("sequence_number: No incoming trust for domain %s\n", domain->name)); - *seq = time(NULL); + *seq = time(NULL); return NT_STATUS_OK; } -- cgit From 6b6655edd90850d09c7711fc3b9fe98271e3e625 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Nov 2007 14:35:30 -0800 Subject: Remove pstrings from everything except srv_spoolss_nt.c. Jeremy. (This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988) --- source3/winbindd/winbindd_rpc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 55212a84b8..dd45060412 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -436,9 +436,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, sid_compose(&user_info->group_sid, &domain->sid, user->group_rid); - user_info->acct_name = unistr2_tdup(mem_ctx, + user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_user_name); - user_info->full_name = unistr2_tdup(mem_ctx, + user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_full_name); TALLOC_FREE(user); @@ -484,9 +484,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, sid_compose(&user_info->user_sid, &domain->sid, user_rid); sid_compose(&user_info->group_sid, &domain->sid, ctr->info.id21->group_rid); - user_info->acct_name = unistr2_tdup(mem_ctx, + user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, &ctr->info.id21->uni_user_name); - user_info->full_name = unistr2_tdup(mem_ctx, + user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, &ctr->info.id21->uni_full_name); user_info->homedir = NULL; user_info->shell = NULL; -- cgit From 900288a2b86abd247f9eb4cd15dc5617a17cfef1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:11:36 +0100 Subject: Replace sid_string_static by sid_string_dbg in DEBUGs (This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09) --- source3/winbindd/winbindd_rpc.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index dd45060412..ffb47692cb 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -313,8 +313,8 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, struct rpc_pipe_client *cli; POLICY_HND lsa_policy; - DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_static(sid), - domain->name )); + DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_dbg(sid), + domain->name )); result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); if (!NT_STATUS_IS_OK(result)) { @@ -409,13 +409,11 @@ static NTSTATUS query_user(struct winbindd_domain *domain, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND dom_pol, user_pol; SAM_USERINFO_CTR *ctr; - fstring sid_string; uint32 user_rid; NET_USER_INFO_3 *user; struct rpc_pipe_client *cli; - DEBUG(3,("rpc: query_user sid=%s\n", - sid_to_string(sid_string, user_sid))); + DEBUG(3,("rpc: query_user sid=%s\n", sid_string_dbg(user_sid))); if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) return NT_STATUS_UNSUCCESSFUL; @@ -430,7 +428,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, { DEBUG(5,("query_user: Cache lookup succeeded for %s\n", - sid_string_static(user_sid))); + sid_string_dbg(user_sid))); sid_compose(&user_info->user_sid, &domain->sid, user->user_rid); sid_compose(&user_info->group_sid, &domain->sid, @@ -506,12 +504,10 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; DOM_GID *user_groups; unsigned int i; - fstring sid_string; uint32 user_rid; struct rpc_pipe_client *cli; - DEBUG(3,("rpc: lookup_usergroups sid=%s\n", - sid_to_string(sid_string, user_sid))); + DEBUG(3,("rpc: lookup_usergroups sid=%s\n", sid_string_dbg(user_sid))); if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) return NT_STATUS_UNSUCCESSFUL; @@ -677,12 +673,11 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 *rid_mem = NULL; uint32 group_rid; unsigned int j; - fstring sid_string; struct rpc_pipe_client *cli; unsigned int orig_timeout; DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name, - sid_to_string(sid_string, group_sid))); + sid_string_dbg(group_sid))); if ( !winbindd_can_contact_domain( domain ) ) { DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n", -- cgit From 4093b0632cda821f331f9ff50c51aa63c799292f Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Fri, 4 Jan 2008 13:34:10 -0600 Subject: Add a missing check for dealing with a one-way trust in query_user(). (This used to be commit f89e356bdaa203ef0a3ce6b8bd52170afa68a2c9) --- source3/winbindd/winbindd_rpc.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index ffb47692cb..f5e1226447 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -456,6 +456,12 @@ static NTSTATUS query_user(struct winbindd_domain *domain, return NT_STATUS_OK; } + if ( !winbindd_can_contact_domain( domain ) ) { + DEBUG(10,("query_user: No incoming trust for domain %s\n", + domain->name)); + return NT_STATUS_OK; + } + /* no cache; hit the wire */ result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol); -- cgit From 6fa81523f86c5e136bf3ab2c5b0c9032570d3b96 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 11 Jan 2008 22:44:33 -0800 Subject: Ensure we don't access an uninitialized variable (CID 535 - actually false but easy to shut up :-). Jeremy. (This used to be commit 4038bb3a9485943db58d9fe30947e11522ce283d) --- source3/winbindd/winbindd_rpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index f5e1226447..34ba0498e0 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -308,7 +308,7 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, { char **domains; char **names; - enum lsa_SidType *types; + enum lsa_SidType *types = NULL; NTSTATUS result; struct rpc_pipe_client *cli; POLICY_HND lsa_policy; -- cgit From 5334b364c21599fe055b32bbbd1e8cf7488b1fa7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jan 2008 12:39:20 +0100 Subject: Remove rpccli_samr_close and use pidl generated function instead. Guenther (This used to be commit 64f0889401855ab76953bfae5db4fe4df19ad8a5) --- source3/winbindd/winbindd_rpc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 34ba0498e0..47a8d430b2 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -480,7 +480,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol, 0x15, &ctr); - rpccli_samr_close(cli, mem_ctx, &user_pol); + rpccli_samr_Close(cli, mem_ctx, &user_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -555,7 +555,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol, num_groups, &user_groups); - rpccli_samr_close(cli, mem_ctx, &user_pol); + rpccli_samr_Close(cli, mem_ctx, &user_pol); if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0) return result; @@ -721,7 +721,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, /* And restore our original timeout. */ cli_set_timeout(cli->cli, orig_timeout); - rpccli_samr_close(cli, mem_ctx, &group_pol); + rpccli_samr_Close(cli, mem_ctx, &group_pol); if (!NT_STATUS_IS_OK(result)) return result; -- cgit From 482eaa8e5cccd716be07f5eb1536097452214790 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 1 Feb 2008 11:24:01 +0100 Subject: Use rpccli_samr_OpenGroup() all over the place. Guenther (This used to be commit d019fc69a986937880121c2587d3fe37f995edae) --- source3/winbindd/winbindd_rpc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 47a8d430b2..b8f1982868 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -700,8 +700,11 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!NT_STATUS_IS_OK(result)) return result; - result = rpccli_samr_open_group(cli, mem_ctx, &dom_pol, - des_access, group_rid, &group_pol); + result = rpccli_samr_OpenGroup(cli, mem_ctx, + &dom_pol, + des_access, + group_rid, + &group_pol); if (!NT_STATUS_IS_OK(result)) return result; -- cgit From 37b56c0113263a741c62100cd4b13388cb2a83fa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 1 Feb 2008 11:57:53 +0100 Subject: Use rpccli_samr_OpenUser() all over the place. Guenther (This used to be commit da90eb7653554d242da83ed98adae35ced3a2938) --- source3/winbindd/winbindd_rpc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index b8f1982868..0d937ef30e 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -469,9 +469,11 @@ static NTSTATUS query_user(struct winbindd_domain *domain, return result; /* Get user handle */ - result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, - &user_pol); + result = rpccli_samr_OpenUser(cli, mem_ctx, + &dom_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, + &user_pol); if (!NT_STATUS_IS_OK(result)) return result; @@ -545,8 +547,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, return result; /* Get user handle */ - result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol, - des_access, user_rid, &user_pol); + result = rpccli_samr_OpenUser(cli, mem_ctx, + &dom_pol, + des_access, + user_rid, + &user_pol); if (!NT_STATUS_IS_OK(result)) return result; -- cgit From 0c6b6b461c0cad6943fe24fd76f9723b749dc15c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 5 Feb 2008 02:45:51 +0100 Subject: Use rpccli_samr_GetAliasMembership() in winbindd and rpcclient. Guenther (This used to be commit 5c167162856fd1e13a3e04423cfc0cc936ae26b0) --- source3/winbindd/winbindd_rpc.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 0d937ef30e..7e35759348 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -585,11 +585,10 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND dom_pol; - DOM_SID2 *query_sids; uint32 num_query_sids = 0; int i; struct rpc_pipe_client *cli; - uint32 *alias_rids_query, num_aliases_query; + struct samr_Ids alias_rids_query; int rangesize = MAX_SAM_ENTRIES_W2K; uint32 total_sids = 0; int num_queries = 1; @@ -611,6 +610,9 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, do { /* prepare query */ + struct lsa_SidArray sid_array; + + ZERO_STRUCT(sid_array); num_query_sids = MIN(num_sids - total_sids, rangesize); @@ -618,45 +620,48 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, num_queries, num_query_sids)); if (num_query_sids) { - query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids); - if (query_sids == NULL) { + sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_query_sids); + if (sid_array.sids == NULL) { return NT_STATUS_NO_MEMORY; } } else { - query_sids = NULL; + sid_array.sids = NULL; } for (i=0; i Date: Tue, 5 Feb 2008 10:58:37 +0100 Subject: Use rpccli_samr_QueryGroupMember() all over the place. Guenther (This used to be commit 1793ed10df7f403b85a4e52c67cbfb277b23b30b) --- source3/winbindd/winbindd_rpc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 7e35759348..a318199b62 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -691,6 +691,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, unsigned int j; struct rpc_pipe_client *cli; unsigned int orig_timeout; + struct samr_RidTypeArray *rids = NULL; DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name, sid_string_dbg(group_sid))); @@ -727,9 +728,9 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, orig_timeout = cli_set_timeout(cli->cli, 35000); - result = rpccli_samr_query_groupmem(cli, mem_ctx, - &group_pol, num_names, &rid_mem, - name_types); + result = rpccli_samr_QueryGroupMember(cli, mem_ctx, + &group_pol, + &rids); /* And restore our original timeout. */ cli_set_timeout(cli->cli, orig_timeout); @@ -739,6 +740,9 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (!NT_STATUS_IS_OK(result)) return result; + *num_names = rids->count; + rid_mem = rids->rids; + if (!*num_names) { names = NULL; name_types = NULL; -- cgit From 742fd39b7a9ecfe30b01e323a9ce1c2375c5d076 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 5 Feb 2008 17:25:07 +0100 Subject: Use rpccli_samr_QueryDomainInfo() in winbindd. Guenther (This used to be commit dd9fa33e968d4e641460fe1c6beb05dfe12fa918) --- source3/winbindd/winbindd_rpc.c | 54 +++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 21 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index a318199b62..98e4077a4d 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -884,7 +884,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq) static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) { TALLOC_CTX *mem_ctx; - SAM_UNK_CTR ctr; + union samr_DomainInfo *info = NULL; NTSTATUS result; POLICY_HND dom_pol; bool got_seq_num = False; @@ -935,21 +935,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) /* Query domain info */ - result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr); + result = rpccli_samr_QueryDomainInfo(cli, mem_ctx, + &dom_pol, + 8, + &info); if (NT_STATUS_IS_OK(result)) { - *seq = ctr.info.inf8.seq_num; + *seq = info->info8.sequence_num; got_seq_num = True; goto seq_num; } /* retry with info-level 2 in case the dc does not support info-level 8 - * (like all older samba2 and samba3 dc's - Guenther */ + * (like all older samba2 and samba3 dc's) - Guenther */ + + result = rpccli_samr_QueryDomainInfo(cli, mem_ctx, + &dom_pol, + 2, + &info); - result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr); - if (NT_STATUS_IS_OK(result)) { - *seq = ctr.info.inf2.seq_num; + *seq = info->info2.sequence_num; got_seq_num = True; } @@ -1033,14 +1039,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, } /* find the lockout policy for a domain */ -NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, +NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - SAM_UNK_INFO_12 *lockout_policy) + struct samr_DomInfo12 *lockout_policy) { NTSTATUS result; struct rpc_pipe_client *cli; POLICY_HND dom_pol; - SAM_UNK_CTR ctr; + union samr_DomainInfo *info = NULL; DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name)); @@ -1055,15 +1061,18 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, goto done; } - result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr); + result = rpccli_samr_QueryDomainInfo(cli, mem_ctx, + &dom_pol, + 12, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - *lockout_policy = ctr.info.inf12; + *lockout_policy = info->info12; - DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n", - ctr.info.inf12.bad_attempt_lockout)); + DEBUG(10,("msrpc_lockout_policy: lockout_threshold %d\n", + info->info12.lockout_threshold)); done: @@ -1071,14 +1080,14 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, } /* find the password policy for a domain */ -NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, +NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - SAM_UNK_INFO_1 *password_policy) + struct samr_DomInfo1 *password_policy) { NTSTATUS result; struct rpc_pipe_client *cli; POLICY_HND dom_pol; - SAM_UNK_CTR ctr; + union samr_DomainInfo *info = NULL; DEBUG(10,("rpc: fetch password policy for %s\n", domain->name)); @@ -1093,15 +1102,18 @@ NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, goto done; } - result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr); + result = rpccli_samr_QueryDomainInfo(cli, mem_ctx, + &dom_pol, + 1, + &info); if (!NT_STATUS_IS_OK(result)) { goto done; } - *password_policy = ctr.info.inf1; + *password_policy = info->info1; - DEBUG(10,("msrpc_password_policy: min_length_password %d\n", - ctr.info.inf1.min_length_password)); + DEBUG(10,("msrpc_password_policy: min_length_password %d\n", + info->info1.min_password_length)); done: -- cgit From 1c788bc36561842d08c3f62b5d3145dbe74db620 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 6 Feb 2008 16:19:20 +0100 Subject: Use rpccli_samr_GetGroupsForUser() all over the place. Guenther (This used to be commit d1c669920e88e7fecd13101c4ddfe45354c5ecdb) --- source3/winbindd/winbindd_rpc.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 98e4077a4d..8e196e50ec 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -510,7 +510,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND dom_pol, user_pol; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; - DOM_GID *user_groups; + struct samr_RidWithAttributeArray *rid_array = NULL; unsigned int i; uint32 user_rid; struct rpc_pipe_client *cli; @@ -557,8 +557,10 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, return result; /* Query user rids */ - result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol, - num_groups, &user_groups); + result = rpccli_samr_GetGroupsForUser(cli, mem_ctx, + &user_pol, + &rid_array); + *num_groups = rid_array->count; rpccli_samr_Close(cli, mem_ctx, &user_pol); @@ -572,9 +574,9 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, for (i=0;i<(*num_groups);i++) { sid_copy(&((*user_grpsids)[i]), &domain->sid); sid_append_rid(&((*user_grpsids)[i]), - user_groups[i].g_rid); + rid_array->rids[i].rid); } - + return NT_STATUS_OK; } -- cgit From 781776d8643ba649a3c52978ff7e07511b43572d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 7 Feb 2008 20:46:02 +0100 Subject: Use rpccli_samr_QueryDisplayInfo() all over the place. Guenther (This used to be commit 66b79add353bf7a09f304eac5274cb89b23d7b06) --- source3/winbindd/winbindd_rpc.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 8e196e50ec..edcdd5f049 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -63,24 +63,26 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, do { uint32 num_dom_users, j; uint32 max_entries, max_size; - SAM_DISPINFO_CTR ctr; - SAM_DISPINFO_1 info1; + uint32_t total_size, returned_size; - ZERO_STRUCT( ctr ); - ZERO_STRUCT( info1 ); - ctr.sam.info1 = &info1; + union samr_DispInfo disp_info; /* this next bit is copied from net_user_list_internal() */ get_query_dispinfo_params(loop_count, &max_entries, &max_size); - result = rpccli_samr_query_dispinfo(cli, mem_ctx, &dom_pol, - &start_idx, 1, - &num_dom_users, - max_entries, max_size, - &ctr); - + result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx, + &dom_pol, + 1, + start_idx, + max_entries, + max_size, + &total_size, + &returned_size, + &disp_info); + num_dom_users = disp_info.info1.count; + start_idx += disp_info.info1.count; loop_count++; *num_entries += num_dom_users; @@ -93,14 +95,13 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain, } for (j = 0; j < num_dom_users; i++, j++) { - fstring username, fullname; - uint32 rid = ctr.sam.info1->sam[j].rid_user; - - unistr2_to_ascii( username, &(&ctr.sam.info1->str[j])->uni_acct_name, sizeof(username)); - unistr2_to_ascii( fullname, &(&ctr.sam.info1->str[j])->uni_full_name, sizeof(fullname)); - - (*info)[i].acct_name = talloc_strdup(mem_ctx, username ); - (*info)[i].full_name = talloc_strdup(mem_ctx, fullname ); + + uint32_t rid = disp_info.info1.entries[j].rid; + + (*info)[i].acct_name = talloc_strdup(mem_ctx, + disp_info.info1.entries[j].account_name.string); + (*info)[i].full_name = talloc_strdup(mem_ctx, + disp_info.info1.entries[j].full_name.string); (*info)[i].homedir = NULL; (*info)[i].shell = NULL; sid_compose(&(*info)[i].user_sid, &domain->sid, rid); -- cgit From 7329bd24f97688597d5c61dcf00fb39f302654fe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 10:59:31 +0100 Subject: Fix winbindd msrpc_lookup_useraliases. Guenther (This used to be commit e196e527ae47a75f6cac09b9f89aa5619047d4d2) --- source3/winbindd/winbindd_rpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index edcdd5f049..fa9c1bc58d 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -633,7 +633,7 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, for (i=0; i Date: Tue, 12 Feb 2008 18:13:30 +0100 Subject: Use rpccli_samr_QueryUserInfo in net and winbindd. Guenther (This used to be commit a9ff6760901a489ff8877717bdd5a2218154498f) --- source3/winbindd/winbindd_rpc.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index fa9c1bc58d..2703f2f64a 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -409,7 +409,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND dom_pol, user_pol; - SAM_USERINFO_CTR *ctr; + union samr_UserInfo *info = NULL; uint32 user_rid; NET_USER_INFO_3 *user; struct rpc_pipe_client *cli; @@ -480,8 +480,10 @@ static NTSTATUS query_user(struct winbindd_domain *domain, return result; /* Get user info */ - result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol, - 0x15, &ctr); + result = rpccli_samr_QueryUserInfo(cli, mem_ctx, + &user_pol, + 0x15, + &info); rpccli_samr_Close(cli, mem_ctx, &user_pol); @@ -490,11 +492,11 @@ static NTSTATUS query_user(struct winbindd_domain *domain, sid_compose(&user_info->user_sid, &domain->sid, user_rid); sid_compose(&user_info->group_sid, &domain->sid, - ctr->info.id21->group_rid); - user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, - &ctr->info.id21->uni_user_name); - user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, - &ctr->info.id21->uni_full_name); + info->info21.primary_gid); + user_info->acct_name = talloc_strdup(mem_ctx, + info->info21.account_name.string); + user_info->full_name = talloc_strdup(mem_ctx, + info->info21.full_name.string); user_info->homedir = NULL; user_info->shell = NULL; user_info->primary_gid = (gid_t)-1; -- cgit From 0ba3d44f7321cb235eb214194395d5da02824690 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 13 Feb 2008 00:25:40 +0100 Subject: Use rpccli_lsa_EnumTrustDom all over the place. Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9) --- source3/winbindd/winbindd_rpc.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 2703f2f64a..326ff61122 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -1008,22 +1008,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, result = STATUS_MORE_ENTRIES; while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - uint32 start_idx, num; + uint32 start_idx; char **tmp_names; DOM_SID *tmp_sids; int i; + struct lsa_DomainList dom_list; - result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, - &lsa_policy, &enum_ctx, - &num, &tmp_names, - &tmp_sids); + result = rpccli_lsa_EnumTrustDom(cli, mem_ctx, + &lsa_policy, + &enum_ctx, + &dom_list, + (uint32_t)-1); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) break; start_idx = *num_domains; - *num_domains += num; + *num_domains += dom_list.count; *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names, char *, *num_domains); *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids, @@ -1035,8 +1037,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; for (i=0; i Date: Wed, 13 Feb 2008 01:29:52 +0100 Subject: Fix the build of winbindd, sorry. Guenther (This used to be commit c62c89c8f0d1ff8e384b88b3b192aa96f0b2183e) --- source3/winbindd/winbindd_rpc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 326ff61122..473d2a52a4 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -1009,8 +1009,6 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { uint32 start_idx; - char **tmp_names; - DOM_SID *tmp_sids; int i; struct lsa_DomainList dom_list; @@ -1036,9 +1034,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, (*alt_names == NULL)) return NT_STATUS_NO_MEMORY; - for (i=0; i Date: Wed, 13 Feb 2008 10:49:55 +0100 Subject: Convert last caller (in winbindd) to rpccli_samr_LookupRids. Guenther (This used to be commit 34c2566f026dbde4da10e2fc10c6960260eb6044) --- source3/winbindd/winbindd_rpc.c | 48 +++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 23 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 473d2a52a4..8136175efe 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -693,7 +693,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; uint32 *rid_mem = NULL; uint32 group_rid; - unsigned int j; + unsigned int j, r; struct rpc_pipe_client *cli; unsigned int orig_timeout; struct samr_RidTypeArray *rids = NULL; @@ -772,38 +772,40 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if (*num_names>0 && (!*names || !*name_types)) return NT_STATUS_NO_MEMORY; - for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) { - int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS); - uint32 tmp_num_names = 0; - char **tmp_names = NULL; - uint32 *tmp_types = NULL; + for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) { + int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS); + struct lsa_Strings tmp_names; + struct samr_Ids tmp_types; - /* Lookup a chunk of rids */ + /* Lookup a chunk of rids */ - result = rpccli_samr_lookup_rids(cli, mem_ctx, - &dom_pol, - num_lookup_rids, - &rid_mem[i], - &tmp_num_names, - &tmp_names, &tmp_types); + result = rpccli_samr_LookupRids(cli, mem_ctx, + &dom_pol, + num_lookup_rids, + &rid_mem[i], + &tmp_names, + &tmp_types); /* see if we have a real error (and yes the STATUS_SOME_UNMAPPED is the one returned from 2k) */ - + if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) return result; - - /* Copy result into array. The talloc system will take - care of freeing the temporary arrays later on. */ - memcpy(&(*names)[i], tmp_names, sizeof(char *) * - tmp_num_names); + /* Copy result into array. The talloc system will take + care of freeing the temporary arrays later on. */ - memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) * - tmp_num_names); - - total_names += tmp_num_names; + if (tmp_names.count != tmp_types.count) { + return NT_STATUS_UNSUCCESSFUL; + } + + for (r=0; r Date: Wed, 13 Feb 2008 11:08:49 +0100 Subject: Convert last caller (in winbindd) to rpccli_samr_EnumDomainGroups. Guenther (This used to be commit 8890bc481f60cd42d96b240b2ed8e34bc3d81f13) --- source3/winbindd/winbindd_rpc.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 8136175efe..53928225fa 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -150,19 +150,22 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, return status; do { - struct acct_info *info2 = NULL; + struct samr_SamArray *sam_array = NULL; uint32 count = 0; TALLOC_CTX *mem_ctx2; + int g; mem_ctx2 = talloc_init("enum_dom_groups[rpc]"); /* start is updated by this call. */ - status = rpccli_samr_enum_dom_groups(cli, mem_ctx2, &dom_pol, - &start, - 0xFFFF, /* buffer size? */ - &info2, &count); + status = rpccli_samr_EnumDomainGroups(cli, mem_ctx2, + &dom_pol, + &start, + &sam_array, + 0xFFFF, /* buffer size? */ + &count); - if (!NT_STATUS_IS_OK(status) && + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { talloc_destroy(mem_ctx2); break; @@ -176,7 +179,13 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); + for (g=0; g < count; g++) { + + fstrcpy((*info)[*num_entries + g].acct_name, + sam_array->entries[g].name.string); + (*info)[*num_entries + g].rid = sam_array->entries[g].idx; + } + (*num_entries) += count; talloc_destroy(mem_ctx2); } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)); -- cgit From ce7d5975b48e538779c5bd10f45677b0ea23ae80 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 13 Feb 2008 11:15:40 +0100 Subject: Convert last caller (in winbindd) to rpccli_samr_EnumDomainAliases. Guenther (This used to be commit 33a97b447c1875bf1cd5a703871a84a7fb359fec) --- source3/winbindd/winbindd_rpc.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 53928225fa..585923410f 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -220,18 +220,21 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, return result; do { - struct acct_info *info2 = NULL; + struct samr_SamArray *sam_array = NULL; uint32 count = 0, start = *num_entries; TALLOC_CTX *mem_ctx2; + int g; mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]"); - result = rpccli_samr_enum_als_groups( cli, mem_ctx2, &dom_pol, - &start, 0xFFFF, &info2, - &count); - + result = rpccli_samr_EnumDomainAliases(cli, mem_ctx2, + &dom_pol, + &start, + &sam_array, + 0xFFFF, /* buffer size? */ + &count); if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) ) + !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) ) { talloc_destroy(mem_ctx2); return result; @@ -245,7 +248,13 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2)); + for (g=0; g < count; g++) { + + fstrcpy((*info)[*num_entries + g].acct_name, + sam_array->entries[g].name.string); + (*info)[*num_entries + g].rid = sam_array->entries[g].idx; + } + (*num_entries) += count; talloc_destroy(mem_ctx2); -- cgit From c25958a046bbcfc13db200430e505ac4ee9b3f27 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sun, 17 Feb 2008 02:08:12 +0100 Subject: Use netr_SamInfo3 everywhere in winbindd. Guenther (This used to be commit d9502eb75395131d5a8130ff2c4ebace106cb974) --- source3/winbindd/winbindd_rpc.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 585923410f..f818772ce7 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -429,7 +429,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, POLICY_HND dom_pol, user_pol; union samr_UserInfo *info = NULL; uint32 user_rid; - NET_USER_INFO_3 *user; + struct netr_SamInfo3 *user; struct rpc_pipe_client *cli; DEBUG(3,("rpc: query_user sid=%s\n", sid_string_dbg(user_sid))); @@ -449,14 +449,14 @@ static NTSTATUS query_user(struct winbindd_domain *domain, DEBUG(5,("query_user: Cache lookup succeeded for %s\n", sid_string_dbg(user_sid))); - sid_compose(&user_info->user_sid, &domain->sid, user->user_rid); + sid_compose(&user_info->user_sid, &domain->sid, user->base.rid); sid_compose(&user_info->group_sid, &domain->sid, - user->group_rid); + user->base.primary_gid); - user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, - &user->uni_user_name); - user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, - &user->uni_full_name); + user_info->acct_name = talloc_strdup(mem_ctx, + user->base.account_name.string); + user_info->full_name = talloc_strdup(mem_ctx, + user->base.full_name.string); TALLOC_FREE(user); -- cgit From 7269a504fdd06fbbe24c2df8e084b41382d71269 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 27 Feb 2008 19:38:48 +0100 Subject: Add my copyright. Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97) --- source3/winbindd/winbindd_rpc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index f818772ce7..2a7704c8a5 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -6,6 +6,7 @@ Copyright (C) Tim Potter 2000-2001,2003 Copyright (C) Andrew Tridgell 2001 Copyright (C) Volker Lendecke 2005 + Copyright (C) Guenther Deschner 2008 (pidl conversion) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From e1102b8f48aeebe7d4e730d2b432a1503b425210 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 19 Apr 2008 23:27:35 +0200 Subject: Introduce rpccli_set_timeout() Reduce dependency on "cli" member of rpc_pipe_client struct (This used to be commit 2e4c1ba38963cffe4c3f25ab24bc28975f2fc291) --- source3/winbindd/winbindd_rpc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/winbindd/winbindd_rpc.c') diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 2a7704c8a5..bb79d7ec12 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -750,14 +750,14 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, /* This call can take a long time - allow the server to time out. 35 seconds should do it. */ - orig_timeout = cli_set_timeout(cli->cli, 35000); + orig_timeout = rpccli_set_timeout(cli, 35000); result = rpccli_samr_QueryGroupMember(cli, mem_ctx, &group_pol, &rids); /* And restore our original timeout. */ - cli_set_timeout(cli->cli, orig_timeout); + rpccli_set_timeout(cli, orig_timeout); rpccli_samr_Close(cli, mem_ctx, &group_pol); -- cgit