#include "winbindd/winbindd_proto.h"
#include "rpc_client/cli_pipe.h"
#include "ntdomain.h"
+#include "librpc/rpc/dcesrv_core.h"
#include "librpc/gen_ndr/ndr_winbind.h"
#include "librpc/gen_ndr/ndr_winbind_scompat.h"
#include "../librpc/gen_ndr/ndr_netlogon_c.h"
#include "rpc_client/cli_netlogon.h"
#include "rpc_client/util_netlogon.h"
#include "libsmb/dsgetdcname.h"
+#include "lib/global_contexts.h"
void _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r)
{
sid_compose(m->sid, d->sid, ids[i].rid);
m->status = ID_UNKNOWN;
- m->xid = (struct unixid) { .type = ids[i].type };
+ m->xid = (struct unixid) { .type = ids[i].type_hint };
}
status = dom->methods->sids_to_unixids(dom, id_map_ptrs);
for (i=0; i<num_ids; i++) {
struct id_map *m = id_map_ptrs[i];
+ if (m->status == ID_REQUIRE_TYPE) {
+ ids[i].xid.id = UINT32_MAX;
+ ids[i].xid.type = ID_TYPE_WB_REQUIRE_TYPE;
+ continue;
+ }
+
if (!idmap_unix_id_is_in_range(m->xid.id, dom)) {
DBG_DEBUG("id %"PRIu32" is out of range "
"%"PRIu32"-%"PRIu32" for domain %s\n",
}
for (i=0; i<r->in.num_ids; i++) {
- r->out.xids[i] = maps[i]->xid;
- sid_copy(&r->out.sids[i], maps[i]->sid);
+ if (maps[i]->status == ID_MAPPED) {
+ r->out.xids[i] = maps[i]->xid;
+ sid_copy(&r->out.sids[i], maps[i]->sid);
+ } else {
+ r->out.sids[i] = (struct dom_sid) { 0 };
+ }
}
TALLOC_FREE(maps);
r->in.rids->rids, r->in.rids->num_rids,
&domain_name, &names, &types);
reset_cm_connection_on_error(domain, NULL, status);
- if (!NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
return status;
}
NTSTATUS _winbind_SamLogon(struct pipes_struct *p,
struct winbind_SamLogon *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct dcesrv_connection *dcesrv_conn = dce_call->conn;
+ const struct tsocket_address *local_address =
+ dcesrv_connection_get_local_address(dcesrv_conn);
+ const struct tsocket_address *remote_address =
+ dcesrv_connection_get_remote_address(dcesrv_conn);
struct winbindd_domain *domain;
NTSTATUS status;
struct netr_IdentityInfo *identity_info = NULL;
union netr_Validation *validation = NULL;
bool interactive = false;
+ /*
+ * Make sure we start with authoritative=true,
+ * it will only set to false if we don't know the
+ * domain.
+ */
+ r->out.authoritative = true;
+
domain = wb_child_domain();
if (domain == NULL) {
return NT_STATUS_REQUEST_NOT_ACCEPTED;
0,
challenge,
lm_response, nt_response,
- p->remote_address,
- p->local_address,
+ remote_address,
+ local_address,
&r->out.authoritative,
true, /* skip_sam */
&flags,