#include "includes.h"
#include "winbindd.h"
-#include "../librpc/gen_ndr/cli_netlogon.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_netlogon_c.h"
#include "../libds/common/flags.h"
#include "ads.h"
#include "secrets.h"
+#include "../libcli/ldap/ldap_ndr.h"
+#include "../libcli/security/security.h"
+#include "../libds/common/flag_mapping.h"
+#include "passdb.h"
#ifdef HAVE_ADS
}
}
- /* we don't want this to affect the users ccache */
- setenv("KRB5CCNAME", "MEMORY:winbind_ccache", 1);
-
ads = ads_init(domain->alt_name, domain->name, NULL);
if (!ads) {
DEBUG(1,("ads_init for domain %s failed\n", domain->name));
return NULL;
}
+ /* we don't want ads operations to affect the default ccache */
+ ads->auth.ccache_name = SMB_STRDUP("MEMORY:winbind_ccache");
+
/* the machine acct password might have change - fetch it every time */
SAFE_FREE(ads->auth.password);
return NULL;
}
ads->auth.realm = SMB_STRDUP( ads->server.realm );
- strupper_m( ads->auth.realm );
+ if (!strupper_m( ads->auth.realm )) {
+ ads_destroy( &ads );
+ return NULL;
+ }
}
else {
struct winbindd_domain *our_domain = domain;
if ( our_domain->alt_name[0] != '\0' ) {
ads->auth.realm = SMB_STRDUP( our_domain->alt_name );
- strupper_m( ads->auth.realm );
+ if (!strupper_m( ads->auth.realm )) {
+ ads_destroy( &ads );
+ return NULL;
+ }
}
else
ads->auth.realm = SMB_STRDUP( lp_realm() );
}
rc = ads_search_retry(ads, &res, "(objectCategory=user)", attrs);
- if (!ADS_ERR_OK(rc) || !res) {
+ if (!ADS_ERR_OK(rc)) {
DEBUG(1,("query_user_list ads_search: %s\n", ads_errstr(rc)));
+ status = ads_ntstatus(rc);
+ } else if (!res) {
+ DEBUG(1,("query_user_list ads_search returned NULL res\n"));
+
goto done;
}
goto done;
}
- (*pinfo) = TALLOC_ZERO_ARRAY(mem_ctx, struct wbint_userinfo, count);
+ (*pinfo) = talloc_zero_array(mem_ctx, struct wbint_userinfo, count);
if (!*pinfo) {
status = NT_STATUS_NO_MEMORY;
goto done;
const char *gecos = NULL;
gid_t primary_gid = (gid_t)-1;
- /*
- * Don't use our variable "ads" in this call here, every call
- * to nss_get_info_cached can destroy the connection inside
- * the domain.
- */
status = nss_get_info_cached(domain, &info->user_sid, mem_ctx,
- ads_cached_connection(domain),
- msg, &info->homedir, &info->shell,
+ &info->homedir, &info->shell,
&gecos, &primary_gid);
if (!NT_STATUS_IS_OK(status)) {
/*
static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- struct acct_info **info)
+ struct wb_acct_info **info)
{
ADS_STRUCT *ads = NULL;
const char *attrs[] = {"userPrincipalName", "sAMAccountName",
}
rc = ads_search_retry(ads, &res, filter, attrs);
- if (!ADS_ERR_OK(rc) || !res) {
+ if (!ADS_ERR_OK(rc)) {
+ status = ads_ntstatus(rc);
DEBUG(1,("enum_dom_groups ads_search: %s\n", ads_errstr(rc)));
goto done;
+ } else if (!res) {
+ DEBUG(1,("enum_dom_groups ads_search returned NULL res\n"));
+ goto done;
}
count = ads_count_replies(ads, res);
goto done;
}
- (*info) = TALLOC_ZERO_ARRAY(mem_ctx, struct acct_info, count);
+ (*info) = talloc_zero_array(mem_ctx, struct wb_acct_info, count);
if (!*info) {
status = NT_STATUS_NO_MEMORY;
goto done;
static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- struct acct_info **info)
+ struct wb_acct_info **info)
{
/*
* This is a stub function only as we returned the domain
/* try netsamlogon cache first */
- if ( (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL )
+ if ( (user = netsamlogon_cache_get( mem_ctx, sid )) != NULL )
{
DEBUG(5,("query_user: Cache lookup succeeded for %s\n",
sid_string_dbg(sid)));
info->acct_name = talloc_strdup(mem_ctx, user->base.account_name.string);
info->full_name = talloc_strdup(mem_ctx, user->base.full_name.string);
- nss_get_info_cached( domain, sid, mem_ctx, NULL, NULL,
+ nss_get_info_cached( domain, sid, mem_ctx,
&info->homedir, &info->shell, &info->full_name,
&gid );
info->primary_gid = gid;
/* Try to fill in what the nss_info backend can do */
- nss_get_info_cached( domain, sid, mem_ctx, NULL, NULL,
+ nss_get_info_cached( domain, sid, mem_ctx,
&info->homedir, &info->shell, &info->full_name,
&gid);
info->primary_gid = gid;
return NT_STATUS_SERVER_DISABLED;
}
- sidstr = sid_binstring(talloc_tos(), sid);
+ sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid);
ret = asprintf(&ldap_exp, "(objectSid=%s)", sidstr);
TALLOC_FREE(sidstr);
}
rc = ads_search_retry(ads, &msg, ldap_exp, attrs);
SAFE_FREE(ldap_exp);
- if (!ADS_ERR_OK(rc) || !msg) {
+ if (!ADS_ERR_OK(rc)) {
DEBUG(1,("query_user(sid=%s) ads_search: %s\n",
sid_string_dbg(sid), ads_errstr(rc)));
return ads_ntstatus(rc);
+ } else if (!msg) {
+ DEBUG(1,("query_user(sid=%s) ads_search returned NULL res\n",
+ sid_string_dbg(sid)));
+ return NT_STATUS_INTERNAL_ERROR;
}
count = ads_count_replies(ads, msg);
ads_msgfree(ads, msg);
msg = NULL;
- status = nss_get_info_cached( domain, sid, mem_ctx, ads, msg,
+ status = nss_get_info_cached( domain, sid, mem_ctx,
&info->homedir, &info->shell, &info->full_name,
&gid);
info->primary_gid = gid;
rc = ads_search_retry(ads, &res, ldap_exp, group_attrs);
- if (!ADS_ERR_OK(rc) || !res) {
+ if (!ADS_ERR_OK(rc)) {
DEBUG(1,("lookup_usergroups ads_search member=%s: %s\n", user_dn, ads_errstr(rc)));
return ads_ntstatus(rc);
+ } else if (!res) {
+ DEBUG(1,("lookup_usergroups ads_search returned NULL res\n"));
+ return NT_STATUS_INTERNAL_ERROR;
}
+
count = ads_count_replies(ads, res);
*user_sids = NULL;
goto done;
}
- group_sids = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, num_strings + 1);
+ group_sids = talloc_zero_array(mem_ctx, struct dom_sid, num_strings + 1);
if (!group_sids) {
status = NT_STATUS_NO_MEMORY;
goto done;
goto done;
}
- if ((sidbinstr = sid_binstring(talloc_tos(), group_sid)) == NULL) {
+ if ((sidbinstr = ldap_encode_ndr_dom_sid(talloc_tos(), group_sid)) == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
* cache. Only the rest is passed to the lsa_lookup_sids call. */
if (num_members) {
- (*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, num_members);
- (*names) = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_members);
- (*name_types) = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_members);
- (sid_mem_nocache) = TALLOC_ZERO_ARRAY(tmp_ctx, struct dom_sid, num_members);
+ (*sid_mem) = talloc_zero_array(mem_ctx, struct dom_sid, num_members);
+ (*names) = talloc_zero_array(mem_ctx, char *, num_members);
+ (*name_types) = talloc_zero_array(mem_ctx, uint32, num_members);
+ (sid_mem_nocache) = talloc_zero_array(tmp_ctx, struct dom_sid, num_members);
if ((members == NULL) || (*sid_mem == NULL) ||
(*names == NULL) || (*name_types == NULL) ||
struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ WERROR werr;
int i;
uint32 flags;
struct rpc_pipe_client *cli;
int ret_count;
+ struct dcerpc_binding_handle *b;
DEBUG(3,("ads: trusted_domains\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+ b = cli->binding_handle;
+
+ result = dcerpc_netr_DsrEnumerateDomainTrusts(b, mem_ctx,
cli->desthost,
flags,
trusts,
- NULL);
+ &werr);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
+
+ if (!W_ERROR_IS_OK(werr)) {
+ return werror_to_ntstatus(werr);
+ }
if (trusts->count == 0) {
return NT_STATUS_OK;
}