char ***names,
enum lsa_SidType **types);
- /* lookup user info for a given SID */
- NTSTATUS (*query_user)(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info);
-
/* lookup all groups that a user is a member of. The backend
can also choose to lookup by username or rid for this
function */
domain_name, names, types);
}
-/* If you are looking for "dn_lookup": Yes, it used to be here!
- * It has gone now since it was a major speed bottleneck in
- * lookup_groupmem (its only use). It has been replaced by
- * an rpc lookup sids call... R.I.P. */
-
-/* Lookup user information from a rid */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- struct wbint_userinfo *info)
-{
- ADS_STRUCT *ads = NULL;
- const char *attrs[] = { "*", NULL };
- ADS_STATUS rc;
- int count;
- LDAPMessage *msg = NULL;
- char *ldap_exp;
- char *sidstr;
- uint32_t group_rid;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- struct netr_SamInfo3 *user = NULL;
- gid_t gid = -1;
- int ret;
- char *full_name;
-
- DEBUG(3,("ads: query_user\n"));
-
- info->homedir = NULL;
- info->shell = NULL;
-
- /* try netsamlogon cache first */
-
- if ( (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL )
- {
- DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
- sid_string_dbg(sid)));
-
- sid_compose(&info->user_sid, &domain->sid, user->base.rid);
- sid_compose(&info->group_sid, &domain->sid, user->base.primary_gid);
-
- info->acct_name = talloc_strdup(mem_ctx, user->base.account_name.string);
- info->full_name = talloc_strdup(mem_ctx, user->base.full_name.string);
-
- nss_get_info_cached( domain, sid, mem_ctx,
- &info->homedir, &info->shell, &info->full_name,
- &gid );
- info->primary_gid = gid;
-
- TALLOC_FREE(user);
-
- if (info->full_name == NULL) {
- /* this might fail so we don't check the return code */
- wcache_query_user_fullname(domain,
- mem_ctx,
- sid,
- &info->full_name);
- }
-
- return NT_STATUS_OK;
- }
-
- if ( !winbindd_can_contact_domain(domain)) {
- DEBUG(8,("query_user: No incoming trust from domain %s\n",
- domain->name));
-
- /* We still need to generate some basic information
- about the user even if we cannot contact the
- domain. Most of this stuff we can deduce. */
-
- sid_copy( &info->user_sid, sid );
-
- /* Assume "Domain Users" for the primary group */
-
- sid_compose(&info->group_sid, &domain->sid, DOMAIN_RID_USERS );
-
- /* Try to fill in what the nss_info backend can do */
-
- nss_get_info_cached( domain, sid, mem_ctx,
- &info->homedir, &info->shell, &info->full_name,
- &gid);
- info->primary_gid = gid;
-
- return NT_STATUS_OK;
- }
-
- /* no cache...do the query */
-
- if ( (ads = ads_cached_connection(domain)) == NULL ) {
- domain->last_status = NT_STATUS_SERVER_DISABLED;
- return NT_STATUS_SERVER_DISABLED;
- }
-
- sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
-
- ret = asprintf(&ldap_exp, "(objectSid=%s)", sidstr);
- TALLOC_FREE(sidstr);
- if (ret == -1) {
- return NT_STATUS_NO_MEMORY;
- }
- rc = ads_search_retry(ads, &msg, ldap_exp, attrs);
- SAFE_FREE(ldap_exp);
- if (!ADS_ERR_OK(rc)) {
- DEBUG(1,("query_user(sid=%s) ads_search: %s\n",
- sid_string_dbg(sid), ads_errstr(rc)));
- return ads_ntstatus(rc);
- } else if (!msg) {
- DEBUG(1,("query_user(sid=%s) ads_search returned NULL res\n",
- sid_string_dbg(sid)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- count = ads_count_replies(ads, msg);
- if (count != 1) {
- DEBUG(1,("query_user(sid=%s): Not found\n",
- sid_string_dbg(sid)));
- ads_msgfree(ads, msg);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- info->acct_name = ads_pull_username(ads, mem_ctx, msg);
-
- if (!ads_pull_uint32(ads, msg, "primaryGroupID", &group_rid)) {
- DEBUG(1,("No primary group for %s !?\n",
- sid_string_dbg(sid)));
- ads_msgfree(ads, msg);
- return NT_STATUS_NO_SUCH_USER;
- }
- sid_copy(&info->user_sid, sid);
- sid_compose(&info->group_sid, &domain->sid, group_rid);
-
- /*
- * We have to fetch the "name" attribute before doing the
- * nss_get_info_cached call. nss_get_info_cached might destroy
- * the ads struct, potentially invalidating the ldap message.
- */
- full_name = ads_pull_string(ads, mem_ctx, msg, "displayName");
- if (full_name == NULL) {
- full_name = ads_pull_string(ads, mem_ctx, msg, "name");
- }
-
- ads_msgfree(ads, msg);
- msg = NULL;
-
- status = nss_get_info_cached( domain, sid, mem_ctx,
- &info->homedir, &info->shell, &info->full_name,
- &gid);
- info->primary_gid = gid;
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("nss_get_info_cached failed: %s\n",
- nt_errstr(status)));
- return status;
- }
-
- if (info->full_name == NULL) {
- info->full_name = full_name;
- } else {
- TALLOC_FREE(full_name);
- }
-
- status = NT_STATUS_OK;
-
- DEBUG(3,("ads query_user gave %s\n", info->acct_name));
- return NT_STATUS_OK;
-}
-
/* Lookup groups a user is a member of - alternate method, for when
tokenGroups are not available. */
static NTSTATUS lookup_usergroups_member(struct winbindd_domain *domain,
name_to_sid,
sid_to_name,
rids_to_names,
- query_user,
lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
return result;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- struct netr_SamInfo3 *user;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
-
- DEBUG(3,("msrpc_query_user sid=%s\n", sid_string_dbg(user_sid)));
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if (user_info) {
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t)-1;
- }
-
- /* try netsamlogon cache first */
- user = netsamlogon_cache_get(tmp_ctx, user_sid);
- if (user != NULL) {
- DEBUG(5,("msrpc_query_user: Cache lookup succeeded for %s\n",
- sid_string_dbg(user_sid)));
-
- sid_compose(&user_info->user_sid, &domain->sid, user->base.rid);
- sid_compose(&user_info->group_sid, &domain->sid,
- user->base.primary_gid);
-
- user_info->acct_name = talloc_strdup(user_info,
- user->base.account_name.string);
- user_info->full_name = talloc_strdup(user_info,
- user->base.full_name.string);
-
- if (user_info->full_name == NULL) {
- /* this might fail so we don't check the return code */
- wcache_query_user_fullname(domain,
- mem_ctx,
- user_sid,
- &user_info->full_name);
- }
-
- status = NT_STATUS_OK;
- goto done;
- }
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("query_user: No incoming trust for domain %s\n",
- domain->name));
- /* Tell the cache manager not to remember this one */
- status = NT_STATUS_SYNCHRONIZATION_REQUIRED;
- goto done;
- }
-
- /* no cache; hit the wire */
- status = cm_connect_sam(domain, tmp_ctx, false, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = rpc_query_user(tmp_ctx,
- samr_pipe,
- &dom_pol,
- &domain->sid,
- user_sid,
- user_info);
-
-done:
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS msrpc_lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
msrpc_name_to_sid,
msrpc_sid_to_name,
msrpc_rids_to_names,
- msrpc_query_user,
msrpc_lookup_usergroups,
msrpc_lookup_useraliases,
msrpc_lookup_groupmem,
return result;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- NTSTATUS result;
-
- result = msrpc_methods.query_user(domain, mem_ctx, user_sid,
- user_info);
-
- if (reconnect_need_retry(result, domain))
- result = msrpc_methods.query_user(domain, mem_ctx, user_sid,
- user_info);
-
- return result;
-}
-
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
name_to_sid,
sid_to_name,
rids_to_names,
- query_user,
lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
return result;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- NTSTATUS result;
-
- result = ads_methods.query_user(domain, mem_ctx, user_sid, user_info);
-
- if (reconnect_need_retry(result, domain)) {
- result = ads_methods.query_user(domain, mem_ctx, user_sid,
- user_info);
- }
-
- return result;
-}
-
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
name_to_sid,
sid_to_name,
rids_to_names,
- query_user,
lookup_usergroups,
lookup_useraliases,
lookup_groupmem,
return status;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS sam_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status, result;
- struct dcerpc_binding_handle *b = NULL;
-
- DEBUG(3,("sam_query_user\n"));
-
- ZERO_STRUCT(dom_pol);
-
- /* Paranoia check */
- if (!sid_check_is_in_our_sam(user_sid)) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t) -1;
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- b = samr_pipe->binding_handle;
-
- status = rpc_query_user(tmp_ctx,
- samr_pipe,
- &dom_pol,
- &domain->sid,
- user_sid,
- user_info);
-
-done:
- if (b && is_valid_policy_hnd(&dom_pol)) {
- dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
- }
-
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- return NT_STATUS_NO_SUCH_USER;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
.name_to_sid = sam_name_to_sid,
.sid_to_name = sam_sid_to_name,
.rids_to_names = sam_rids_to_names,
- .query_user = builtin_query_user,
.lookup_usergroups = sam_lookup_usergroups,
.lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
.name_to_sid = sam_name_to_sid,
.sid_to_name = sam_sid_to_name,
.rids_to_names = sam_rids_to_names,
- .query_user = sam_query_user,
.lookup_usergroups = sam_lookup_usergroups,
.lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,