#include "includes.h"
#include "winbindd.h"
#include "winbindd_rpc.h"
-
-#include "../librpc/gen_ndr/cli_samr.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/cli_samr.h"
-#include "../librpc/gen_ndr/srv_samr.h"
-#include "../librpc/gen_ndr/cli_lsa.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
#include "rpc_client/cli_lsarpc.h"
-#include "../librpc/gen_ndr/srv_lsa.h"
+#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/security.h"
+#include "passdb/machine_sid.h"
+#include "auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client **samr_pipe)
{
- static struct rpc_pipe_client *cli = NULL;
- struct auth_serversupplied_info *server_info = NULL;
+ struct rpc_pipe_client *cli = NULL;
+ struct auth_session_info *session_info = NULL;
NTSTATUS status;
- if (cli != NULL) {
- goto done;
- }
-
- if (server_info == NULL) {
- status = make_server_info_system(mem_ctx, &server_info);
+ if (session_info == NULL) {
+ status = make_session_info_system(mem_ctx, &session_info);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
+ DEBUG(0, ("open_samr_pipe: Could not create auth_session_info: %s\n",
nt_errstr(status)));
return status;
}
}
/* create a samr connection */
- status = rpc_pipe_open_internal(talloc_autofree_context(),
+ status = rpc_pipe_open_internal(mem_ctx,
&ndr_table_samr.syntax_id,
- rpc_samr_dispatch,
- server_info,
+ session_info,
+ NULL,
+ winbind_messaging_context(),
&cli);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
return status;
}
-done:
if (samr_pipe) {
*samr_pipe = cli;
}
struct rpc_pipe_client **samr_pipe,
struct policy_handle *samr_domain_hnd)
{
- NTSTATUS status;
+ NTSTATUS status, result;
struct policy_handle samr_connect_hnd;
+ struct dcerpc_binding_handle *b;
status = open_internal_samr_pipe(mem_ctx, samr_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = rpccli_samr_Connect2((*samr_pipe),
- mem_ctx,
+ b = (*samr_pipe)->binding_handle;
+
+ status = dcerpc_samr_Connect2(b, mem_ctx,
(*samr_pipe)->desthost,
SEC_FLAG_MAXIMUM_ALLOWED,
- &samr_connect_hnd);
+ &samr_connect_hnd,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
- status = rpccli_samr_OpenDomain((*samr_pipe),
- mem_ctx,
+ status = dcerpc_samr_OpenDomain(b, mem_ctx,
&samr_connect_hnd,
SEC_FLAG_MAXIMUM_ALLOWED,
&domain->sid,
- samr_domain_hnd);
+ samr_domain_hnd,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- return status;
+ return result;
}
static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client **lsa_pipe)
{
- static struct rpc_pipe_client *cli = NULL;
- struct auth_serversupplied_info *server_info = NULL;
+ struct rpc_pipe_client *cli = NULL;
+ struct auth_session_info *session_info = NULL;
NTSTATUS status;
- if (cli != NULL) {
- goto done;
- }
-
- if (server_info == NULL) {
- status = make_server_info_system(mem_ctx, &server_info);
+ if (session_info == NULL) {
+ status = make_session_info_system(mem_ctx, &session_info);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_lsa_pipe: Could not create auth_serversupplied_info: %s\n",
+ DEBUG(0, ("open_lsa_pipe: Could not create auth_session_info: %s\n",
nt_errstr(status)));
return status;
}
}
- /* create a samr connection */
- status = rpc_pipe_open_internal(talloc_autofree_context(),
+ /* create a lsa connection */
+ status = rpc_pipe_open_internal(mem_ctx,
&ndr_table_lsarpc.syntax_id,
- rpc_lsarpc_dispatch,
- server_info,
+ session_info,
+ NULL,
+ winbind_messaging_context(),
&cli);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n",
return status;
}
-done:
if (lsa_pipe) {
*lsa_pipe = cli;
}
static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t *pnum_info,
- struct acct_info **pinfo)
+ struct wb_acct_info **pinfo)
{
struct rpc_pipe_client *samr_pipe;
struct policy_handle dom_pol;
- struct acct_info *info = NULL;
+ struct wb_acct_info *info = NULL;
uint32_t num_info = 0;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_enum_dom_groups\n"));
goto error;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_enum_dom_groups(tmp_ctx,
samr_pipe,
&dom_pol,
}
error:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
return status;
struct wbint_userinfo *info = NULL;
uint32_t num_info = 0;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("samr_query_user_list\n"));
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_query_user_list(tmp_ctx,
samr_pipe,
&dom_pol,
}
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
struct rpc_pipe_client *samr_pipe;
struct policy_handle dom_pol;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_query_user\n"));
return NT_STATUS_NO_SUCH_USER;
}
- if (user_info) {
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t) -1;
- }
+ user_info->homedir = NULL;
+ user_info->shell = NULL;
+ user_info->primary_gid = (gid_t) -1;
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_query_user(tmp_ctx,
samr_pipe,
&dom_pol,
user_info);
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
struct netr_DomainTrust *trusts = NULL;
uint32_t num_trusts = 0;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("samr: trusted domains\n"));
goto done;
}
+ b = lsa_pipe->binding_handle;
+
status = rpc_trusted_domains(tmp_ctx,
lsa_pipe,
&lsa_policy,
}
done:
- if (is_valid_policy_hnd(&lsa_policy)) {
- rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ if (b && is_valid_policy_hnd(&lsa_policy)) {
+ dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
}
TALLOC_FREE(tmp_ctx);
uint32_t *name_types = NULL;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_lookup_groupmem\n"));
}
if (pnum_names) {
- pnum_names = 0;
+ *pnum_names = 0;
}
tmp_ctx = talloc_stackframe();
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_lookup_groupmem(tmp_ctx,
samr_pipe,
&dom_pol,
}
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- struct acct_info **info)
+ struct wb_acct_info **info)
{
/* BUILTIN doesn't have domain groups */
*num_entries = 0;
static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t *pnum_info,
- struct acct_info **pinfo)
+ struct wb_acct_info **pinfo)
{
struct rpc_pipe_client *samr_pipe;
struct policy_handle dom_pol;
- struct acct_info *info = NULL;
+ struct wb_acct_info *info = NULL;
uint32_t num_info = 0;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("samr: enum local groups\n"));
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_enum_local_groups(mem_ctx,
samr_pipe,
&dom_pol,
}
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
struct dom_sid sid;
enum lsa_SidType type;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_name_to_sid\n"));
goto done;
}
+ b = lsa_pipe->binding_handle;
+
status = rpc_name_to_sid(tmp_ctx,
lsa_pipe,
&lsa_policy,
}
done:
- if (is_valid_policy_hnd(&lsa_policy)) {
- rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ if (b && is_valid_policy_hnd(&lsa_policy)) {
+ dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
}
TALLOC_FREE(tmp_ctx);
char *name = NULL;
enum lsa_SidType type;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_sid_to_name\n"));
goto done;
}
+ b = lsa_pipe->binding_handle;
+
status = rpc_sid_to_name(tmp_ctx,
lsa_pipe,
&lsa_policy,
}
done:
- if (is_valid_policy_hnd(&lsa_policy)) {
- rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ if (b && is_valid_policy_hnd(&lsa_policy)) {
+ dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
}
TALLOC_FREE(tmp_ctx);
static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
+ const struct dom_sid *domain_sid,
uint32 *rids,
size_t num_rids,
char **pdomain_name,
char *domain_name = NULL;
char **names = NULL;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_rids_to_names for %s\n", domain->name));
ZERO_STRUCT(lsa_policy);
/* Paranoia check */
- if (!sid_check_is_in_builtin(sid) &&
- !sid_check_is_in_our_domain(sid) &&
- !sid_check_is_in_unix_users(sid) &&
- !sid_check_is_unix_users(sid) &&
- !sid_check_is_in_unix_groups(sid) &&
- !sid_check_is_unix_groups(sid) &&
- !sid_check_is_in_wellknown_domain(sid)) {
+ if (!sid_check_is_builtin(domain_sid) &&
+ !sid_check_is_our_sam(domain_sid) &&
+ !sid_check_is_unix_users(domain_sid) &&
+ !sid_check_is_unix_groups(domain_sid) &&
+ !sid_check_is_in_wellknown_domain(domain_sid)) {
DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
- "lookup SID %s\n", sid_string_dbg(sid)));
+ "lookup SID %s\n", sid_string_dbg(domain_sid)));
return NT_STATUS_NONE_MAPPED;
}
goto done;
}
+ b = lsa_pipe->binding_handle;
+
status = rpc_rids_to_names(tmp_ctx,
lsa_pipe,
&lsa_policy,
domain,
- sid,
+ domain_sid,
rids,
num_rids,
&domain_name,
}
done:
- if (is_valid_policy_hnd(&lsa_policy)) {
- rpccli_lsa_Close(lsa_pipe, mem_ctx, &lsa_policy);
+ if (b && is_valid_policy_hnd(&lsa_policy)) {
+ dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
}
TALLOC_FREE(tmp_ctx);
struct policy_handle dom_pol;
union samr_DomainInfo *info = NULL;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_lockout_policy\n"));
goto error;
}
- status = rpccli_samr_QueryDomainInfo(samr_pipe,
+ b = samr_pipe->binding_handle;
+
+ status = dcerpc_samr_QueryDomainInfo(b,
mem_ctx,
&dom_pol,
- 12,
- &info);
+ DomainLockoutInformation,
+ &info,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
goto error;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto error;
+ }
*lockout_policy = info->info12;
error:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
struct policy_handle dom_pol;
union samr_DomainInfo *info = NULL;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_password_policy\n"));
goto error;
}
- status = rpccli_samr_QueryDomainInfo(samr_pipe,
+ b = samr_pipe->binding_handle;
+
+ status = dcerpc_samr_QueryDomainInfo(b,
mem_ctx,
&dom_pol,
- 1,
- &info);
+ DomainPasswordInformation,
+ &info,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
goto error;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto error;
+ }
*passwd_policy = info->info1;
error:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
struct dom_sid *user_grpsids = NULL;
uint32_t num_groups = 0;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_lookup_usergroups\n"));
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_lookup_usergroups(tmp_ctx,
samr_pipe,
&dom_pol,
}
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
uint32_t num_aliases = 0;
uint32_t *alias_rids = NULL;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_lookup_useraliases\n"));
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_lookup_useraliases(tmp_ctx,
samr_pipe,
&dom_pol,
}
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, mem_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);
struct policy_handle dom_pol;
uint32_t seq;
TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("samr: sequence number\n"));
goto done;
}
+ b = samr_pipe->binding_handle;
+
status = rpc_sequence_number(tmp_ctx,
samr_pipe,
&dom_pol,
*pseq = seq;
}
done:
- if (is_valid_policy_hnd(&dom_pol)) {
- rpccli_samr_Close(samr_pipe, tmp_ctx, &dom_pol);
+ if (b && is_valid_policy_hnd(&dom_pol)) {
+ dcerpc_samr_Close(b, tmp_ctx, &dom_pol, &result);
}
TALLOC_FREE(tmp_ctx);