From e0779e2d3bb29c16fc4215e78cda8764bce15767 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 2 Aug 2007 13:08:39 +0000 Subject: r24127: Set the Domain SID into the libnet context, and have libnet_UserInfo return full SIDs for the user SID and primary group sid. This should help kai with his getpwnam work in winbind. Andrew Bartlett (This used to be commit 078671d5015c63e4bcd96815e150dae918763b83) --- source4/libnet/libnet.h | 5 +++-- source4/libnet/libnet_domain.c | 4 ++++ source4/libnet/libnet_user.c | 3 +++ source4/libnet/libnet_user.h | 2 ++ source4/torture/libnet/libnet_domain.c | 12 +++++++----- source4/winbind/wb_init_domain.c | 1 + 6 files changed, 20 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/libnet/libnet.h b/source4/libnet/libnet.h index 27472e0d0d..9f91778542 100644 --- a/source4/libnet/libnet.h +++ b/source4/libnet/libnet.h @@ -28,7 +28,8 @@ struct libnet_context { /* samr connection parameters - opened handles and related properties */ struct { struct dcerpc_pipe *pipe; - const char *name; + char *name; + struct dom_sid *sid; uint32_t access_mask; struct policy_handle handle; struct policy_handle connect_handle; @@ -38,7 +39,7 @@ struct libnet_context { /* lsa connection parameters - opened handles and related properties */ struct { struct dcerpc_pipe *pipe; - const char *name; + char *name; uint32_t access_mask; struct policy_handle handle; } lsa; diff --git a/source4/libnet/libnet_domain.c b/source4/libnet/libnet_domain.c index 500d5f817d..3de281d625 100644 --- a/source4/libnet/libnet_domain.c +++ b/source4/libnet/libnet_domain.c @@ -361,6 +361,7 @@ NTSTATUS libnet_DomainOpenSamr_recv(struct composite_context *c, struct libnet_c libnet functions */ ctx->samr.connect_handle = s->connect_handle; ctx->samr.handle = s->domain_handle; + ctx->samr.sid = talloc_steal(ctx, s->lookup.out.sid); ctx->samr.name = talloc_steal(ctx, s->domain_name.string); ctx->samr.access_mask = s->access_mask; } @@ -844,7 +845,10 @@ NTSTATUS libnet_DomainCloseSamr_recv(struct composite_context *c, struct libnet_ /* domain policy handle closed successfully */ ZERO_STRUCT(ctx->samr.handle); + talloc_free(ctx->samr.name); + talloc_free(ctx->samr.sid); ctx->samr.name = NULL; + ctx->samr.sid = NULL; io->out.error_string = talloc_asprintf(mem_ctx, "Success"); diff --git a/source4/libnet/libnet_user.c b/source4/libnet/libnet_user.c index 7cdd171d29..fe303620fe 100644 --- a/source4/libnet/libnet_user.c +++ b/source4/libnet/libnet_user.c @@ -773,6 +773,9 @@ NTSTATUS libnet_UserInfo_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, s = talloc_get_type(c->private_data, struct user_info_state); info = &s->userinfo.out.info.info21; + r->out.user_sid = dom_sid_add_rid(mem_ctx, s->ctx->samr.sid, info->rid); + r->out.primary_group_sid = dom_sid_add_rid(mem_ctx, s->ctx->samr.sid, info->primary_gid); + /* string fields */ r->out.account_name = talloc_steal(mem_ctx, info->account_name.string); r->out.full_name = talloc_steal(mem_ctx, info->full_name.string); diff --git a/source4/libnet/libnet_user.h b/source4/libnet/libnet_user.h index 2973915c00..3bbe1cc65e 100644 --- a/source4/libnet/libnet_user.h +++ b/source4/libnet/libnet_user.h @@ -92,6 +92,8 @@ struct libnet_UserInfo { const char *domain_name; } in; struct { + struct dom_sid *user_sid; + struct dom_sid *primary_group_sid; const char *account_name; const char *full_name; const char *description; diff --git a/source4/torture/libnet/libnet_domain.c b/source4/torture/libnet/libnet_domain.c index c337514aa6..7023988f9b 100644 --- a/source4/torture/libnet/libnet_domain.c +++ b/source4/torture/libnet/libnet_domain.c @@ -34,7 +34,7 @@ static BOOL test_opendomain_samr(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct lsa_String *domname, - uint32_t *access_mask) + uint32_t *access_mask, struct dom_sid **sid) { NTSTATUS status; struct policy_handle h, domain_handle; @@ -69,7 +69,7 @@ static BOOL test_opendomain_samr(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r3.in.connect_handle = &h; r3.in.access_mask = *access_mask; - r3.in.sid = r2.out.sid; + r3.in.sid = *sid = r2.out.sid; r3.out.domain_handle = &domain_handle; printf("opening domain\n"); @@ -320,6 +320,7 @@ BOOL torture_domain_close_samr(struct torture_context *torture) struct policy_handle h; struct dcerpc_pipe *p; struct libnet_DomainClose r; + struct dom_sid *sid; bindstr = torture_setting_string(torture, "binding", NULL); status = dcerpc_parse_binding(torture, bindstr, &binding); @@ -347,18 +348,19 @@ BOOL torture_domain_close_samr(struct torture_context *torture) goto done; } - domain_name.string = lp_workgroup(); + domain_name.string = talloc_strdup(mem_ctx, lp_workgroup()); - if (!test_opendomain_samr(p, torture, &h, &domain_name, &access_mask)) { + if (!test_opendomain_samr(p, torture, &h, &domain_name, &access_mask, &sid)) { d_printf("failed to open domain on samr service\n"); ret = False; goto done; } ctx->samr.pipe = p; - ctx->samr.name = domain_name.string; + ctx->samr.name = talloc_steal(ctx, domain_name.string); ctx->samr.access_mask = access_mask; ctx->samr.handle = h; + ctx->samr.sid = talloc_steal(ctx, sid); /* we have to use pipe's event context, otherwise the call will hang indefinitely - this wouldn't be the case if pipe was opened by means of libnet call */ diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 54b1589e27..96810e0e2c 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -396,6 +396,7 @@ static void init_domain_recv_samr(struct composite_context *ctx) talloc_steal(state->domain->libnet_ctx->samr.pipe, state->domain->samr_binding); state->domain->libnet_ctx->samr.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; state->domain->libnet_ctx->samr.name = state->domain->info->name; + state->domain->libnet_ctx->samr.sid = state->domain->info->sid; state->domain->ldap_conn = ldap4_new_connection(state->domain, state->ctx->event_ctx); -- cgit