#include "includes.h"
#include "winbindd.h"
+#include "../librpc/gen_ndr/cli_samr.h"
+#include "../librpc/gen_ndr/cli_lsa.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
static NTSTATUS query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- WINBIND_USERINFO **info)
+ struct wbint_userinfo **info)
{
NTSTATUS result;
struct policy_handle dom_pol;
*num_entries += num_dom_users;
- *info = TALLOC_REALLOC_ARRAY(mem_ctx, *info, WINBIND_USERINFO,
+ *info = TALLOC_REALLOC_ARRAY(mem_ctx, *info,
+ struct wbint_userinfo,
*num_entries);
if (!(*info)) {
for (j = 0; j < num_dom_users; i++, j++) {
uint32_t rid = disp_info.info1.entries[j].rid;
+ struct samr_DispEntryGeneral *src;
+ struct wbint_userinfo *dst;
- (*info)[i].acct_name = talloc_strdup(mem_ctx,
- disp_info.info1.entries[j].account_name.string);
- (*info)[i].full_name = talloc_strdup(mem_ctx,
- disp_info.info1.entries[j].full_name.string);
- (*info)[i].homedir = NULL;
- (*info)[i].shell = NULL;
- sid_compose(&(*info)[i].user_sid, &domain->sid, rid);
+ src = &(disp_info.info1.entries[j]);
+ dst = &((*info)[i]);
+
+ dst->acct_name = talloc_strdup(
+ mem_ctx, src->account_name.string);
+ dst->full_name = talloc_strdup(
+ mem_ctx, src->full_name.string);
+ dst->homedir = NULL;
+ dst->shell = NULL;
+ sid_compose(&dst->user_sid, &domain->sid, rid);
/* For the moment we set the primary group for
every user to be the Domain Users group.
force group' smb.conf parameter or
something like that. */
- sid_compose(&(*info)[i].group_sid, &domain->sid,
+ sid_compose(&dst->group_sid, &domain->sid,
DOMAIN_GROUP_RID_USERS);
}
DOM_SID *sids = NULL;
enum lsa_SidType *types = NULL;
char *full_name = NULL;
- struct rpc_pipe_client *cli;
- struct policy_handle lsa_policy;
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
char *mapped_name = NULL;
- unsigned int orig_timeout;
if (name == NULL || *name=='\0') {
full_name = talloc_asprintf(mem_ctx, "%s", domain_name);
DEBUG(3,("name_to_sid [rpc] %s for domain %s\n",
full_name?full_name:"", domain_name ));
- result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
- if (!NT_STATUS_IS_OK(result))
- return result;
-
- /*
- * This call can take a long time
- * allow the server to time out.
- * 35 seconds should do it.
- */
- orig_timeout = rpccli_set_timeout(cli, 35000);
-
- result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1,
- (const char**) &full_name, NULL, 1, &sids, &types);
-
- /* And restore our original timeout. */
- rpccli_set_timeout(cli, orig_timeout);
-
+ result = winbindd_lookup_names(mem_ctx, domain, 1,
+ (const char **)&full_name, NULL,
+ &sids, &types);
if (!NT_STATUS_IS_OK(result))
return result;
char **names;
enum lsa_SidType *types = NULL;
NTSTATUS result;
- struct rpc_pipe_client *cli;
- struct policy_handle lsa_policy;
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
char *mapped_name = NULL;
- unsigned int orig_timeout;
DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_dbg(sid),
domain->name ));
- result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ result = winbindd_lookup_sids(mem_ctx,
+ domain,
+ 1,
+ sid,
+ &domains,
+ &names,
+ &types);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(2,("msrpc_sid_to_name: cm_connect_lsa() failed (%s)\n",
- nt_errstr(result)));
+ DEBUG(2,("msrpc_sid_to_name: failed to lookup sids: %s\n",
+ nt_errstr(result)));
return result;
}
- /*
- * This call can take a long time
- * allow the server to time out.
- * 35 seconds should do it.
- */
- orig_timeout = rpccli_set_timeout(cli, 35000);
-
- result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,
- 1, sid, &domains, &names, &types);
-
- /* And restore our original timeout. */
- rpccli_set_timeout(cli, orig_timeout);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(2,("msrpc_sid_to_name: rpccli_lsa_lookup_sids() failed (%s)\n",
- nt_errstr(result)));
- return result;
- }
-
*type = (enum lsa_SidType)types[0];
*domain_name = domains[0];
*name = names[0];
{
char **domains;
NTSTATUS result;
- struct rpc_pipe_client *cli;
- struct policy_handle lsa_policy;
DOM_SID *sids;
size_t i;
char **ret_names;
- unsigned int orig_timeout;
DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name ));
}
}
- result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- /*
- * This call can take a long time
- * allow the server to time out.
- * 35 seconds should do it.
- */
- orig_timeout = rpccli_set_timeout(cli, 35000);
-
- result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,
- num_rids, sids, &domains,
- names, types);
-
- /* And restore our original timeout. */
- rpccli_set_timeout(cli, orig_timeout);
+ result = winbindd_lookup_sids(mem_ctx,
+ domain,
+ num_rids,
+ sids,
+ &domains,
+ names,
+ types);
if (!NT_STATUS_IS_OK(result) &&
!NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
static NTSTATUS query_user(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const DOM_SID *user_sid,
- WINBIND_USERINFO *user_info)
+ struct wbint_userinfo *user_info)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct policy_handle dom_pol, user_pol;
return NT_STATUS_OK;
}
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("query_user: No incoming trust for domain %s\n",
- domain->name));
- return NT_STATUS_OK;
- }
-
- if ( !winbindd_can_contact_domain( domain ) ) {
- DEBUG(10,("query_user: No incoming trust for domain %s\n",
- domain->name));
- return NT_STATUS_OK;
- }
-
/* no cache; hit the wire */
result = cm_connect_sam(domain, mem_ctx, &cli, &dom_pol);
/* Lookup group membership given a rid. */
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ const DOM_SID *group_sid,
+ enum lsa_SidType type,
+ uint32 *num_names,
DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
+ struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 enum_ctx = 0;
DEBUG(3,("rpc: trusted_domains\n"));
- *num_domains = 0;
- *names = NULL;
- *alt_names = NULL;
- *dom_sids = NULL;
+ ZERO_STRUCTP(trusts);
result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(result))
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
- start_idx = *num_domains;
- *num_domains += dom_list.count;
- *names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
- char *, *num_domains);
- *dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
- DOM_SID, *num_domains);
- *alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names,
- char *, *num_domains);
- if ((*names == NULL) || (*dom_sids == NULL) ||
- (*alt_names == NULL))
+ start_idx = trusts->count;
+ trusts->count += dom_list.count;
+
+ trusts->array = talloc_realloc(
+ mem_ctx, trusts->array, struct netr_DomainTrust,
+ trusts->count);
+ if (trusts->array == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
for (i=0; i<dom_list.count; i++) {
- (*names)[start_idx+i] = CONST_DISCARD(char *, dom_list.domains[i].name.string);
- (*dom_sids)[start_idx+i] = *dom_list.domains[i].sid;
- (*alt_names)[start_idx+i] = talloc_strdup(mem_ctx, "");
+ struct netr_DomainTrust *trust = &trusts->array[i];
+ struct dom_sid *sid;
+
+ ZERO_STRUCTP(trust);
+
+ trust->netbios_name = talloc_move(
+ trusts->array,
+ &dom_list.domains[i].name.string);
+ trust->dns_name = NULL;
+
+ sid = talloc(trusts->array, struct dom_sid);
+ if (sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sid_copy(sid, dom_list.domains[i].sid);
+ trust->sid = sid;
}
}
return result;
return result;
}
+typedef NTSTATUS (*lookup_sids_fn_t)(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_sids,
+ const DOM_SID *sids,
+ char ***pdomains,
+ char ***pnames,
+ enum lsa_SidType **ptypes);
+
+NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ uint32_t num_sids,
+ const struct dom_sid *sids,
+ char ***domains,
+ char ***names,
+ enum lsa_SidType **types)
+{
+ NTSTATUS status;
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle lsa_policy;
+ unsigned int orig_timeout;
+ lookup_sids_fn_t lookup_sids_fn = rpccli_lsa_lookup_sids;
+
+ if (domain->can_do_ncacn_ip_tcp) {
+ status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
+ if (NT_STATUS_IS_OK(status)) {
+ lookup_sids_fn = rpccli_lsa_lookup_sids3;
+ goto lookup;
+ }
+ domain->can_do_ncacn_ip_tcp = false;
+ }
+ status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ lookup:
+ /*
+ * This call can take a long time
+ * allow the server to time out.
+ * 35 seconds should do it.
+ */
+ orig_timeout = rpccli_set_timeout(cli, 35000);
+
+ status = lookup_sids_fn(cli,
+ mem_ctx,
+ &lsa_policy,
+ num_sids,
+ sids,
+ domains,
+ names,
+ types);
+
+ /* And restore our original timeout. */
+ rpccli_set_timeout(cli, orig_timeout);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return status;
+}
+
+typedef NTSTATUS (*lookup_names_fn_t)(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *pol,
+ int num_names,
+ const char **names,
+ const char ***dom_names,
+ int level,
+ struct dom_sid **sids,
+ enum lsa_SidType **types);
+
+NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ uint32_t num_names,
+ const char **names,
+ const char ***domains,
+ struct dom_sid **sids,
+ enum lsa_SidType **types)
+{
+ NTSTATUS status;
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle lsa_policy;
+ unsigned int orig_timeout = 0;
+ lookup_names_fn_t lookup_names_fn = rpccli_lsa_lookup_names;
+
+ if (domain->can_do_ncacn_ip_tcp) {
+ status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
+ if (NT_STATUS_IS_OK(status)) {
+ lookup_names_fn = rpccli_lsa_lookup_names4;
+ goto lookup;
+ }
+ domain->can_do_ncacn_ip_tcp = false;
+ }
+ status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ lookup:
+
+ /*
+ * This call can take a long time
+ * allow the server to time out.
+ * 35 seconds should do it.
+ * NB
+ * only do this when the undelying transport is named pipe.
+ */
+ if (cli->transport->transport == NCACN_NP) {
+ orig_timeout = rpccli_set_timeout(cli, 35000);
+ }
+
+ status = lookup_names_fn(cli,
+ mem_ctx,
+ &lsa_policy,
+ num_names,
+ (const char **) names,
+ domains,
+ 1,
+ sids,
+ types);
+
+ /* And restore our original timeout. */
+ if (cli->transport->transport == NCACN_NP) {
+ rpccli_set_timeout(cli, orig_timeout);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return status;
+}
/* the rpc backend methods are exposed via this structure */
struct winbindd_methods msrpc_methods = {