#include "includes.h"
#include "winbindd.h"
#include "winbindd_rpc.h"
-
-#include "librpc/gen_ndr/cli_samr.h"
-#include "librpc/gen_ndr/srv_samr.h"
-#include "librpc/gen_ndr/cli_lsa.h"
-#include "librpc/gen_ndr/srv_lsa.h"
+#include "rpc_client/rpc_client.h"
+#include "librpc/gen_ndr/ndr_samr_c.h"
+#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "rpc_client/cli_samr.h"
#include "rpc_client/cli_lsarpc.h"
-#include "../libcli/security/dom_sid.h"
+#include "../libcli/security/security.h"
/* Query display info for a domain */
NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
uint32_t loop_count = 0;
uint32_t start_idx = 0;
uint32_t i = 0;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
*pnum_info = 0;
uint32_t total_size, returned_size;
union samr_DispInfo disp_info;
- get_query_dispinfo_params(loop_count,
- &max_entries,
- &max_size);
+ dcerpc_get_query_dispinfo_params(loop_count,
+ &max_entries,
+ &max_size);
- status = rpccli_samr_QueryDisplayInfo(samr_pipe,
+ status = dcerpc_samr_QueryDisplayInfo(b,
mem_ctx,
samr_policy,
1, /* level */
max_size,
&total_size,
&returned_size,
- &disp_info);
+ &disp_info,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- return status;
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
+ return result;
}
}
num_info += num_dom_users;
- info = TALLOC_REALLOC_ARRAY(mem_ctx,
+ info = talloc_realloc(mem_ctx,
info,
struct wbint_userinfo,
num_info);
}
dst->full_name = talloc_strdup(info, src->full_name.string);
- if (dst->full_name == NULL) {
+ if ((src->full_name.string != NULL) &&
+ (dst->full_name == NULL))
+ {
return NT_STATUS_NO_MEMORY;
}
sid_compose(&dst->group_sid, domain_sid,
DOMAIN_RID_USERS);
}
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
*pnum_info = num_info;
*pinfo = info;
struct rpc_pipe_client *samr_pipe,
struct policy_handle *samr_policy,
uint32_t *pnum_info,
- struct acct_info **pinfo)
+ struct wb_acct_info **pinfo)
{
- struct acct_info *info = NULL;
+ struct wb_acct_info *info = NULL;
uint32_t start = 0;
uint32_t num_info = 0;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
*pnum_info = 0;
uint32_t g;
/* start is updated by this call. */
- status = rpccli_samr_EnumDomainGroups(samr_pipe,
+ status = dcerpc_samr_EnumDomainGroups(b,
mem_ctx,
samr_policy,
&start,
&sam_array,
0xFFFF, /* buffer size? */
- &count);
+ &count,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
DEBUG(2,("query_user_list: failed to enum domain groups: %s\n",
- nt_errstr(status)));
- return status;
+ nt_errstr(result)));
+ return result;
}
}
- info = TALLOC_REALLOC_ARRAY(mem_ctx,
+ info = talloc_realloc(mem_ctx,
info,
- struct acct_info,
+ struct wb_acct_info,
num_info + count);
if (info == NULL) {
return NT_STATUS_NO_MEMORY;
}
num_info += count;
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
*pnum_info = num_info;
*pinfo = info;
struct rpc_pipe_client *samr_pipe,
struct policy_handle *samr_policy,
uint32_t *pnum_info,
- struct acct_info **pinfo)
+ struct wb_acct_info **pinfo)
{
- struct acct_info *info = NULL;
+ struct wb_acct_info *info = NULL;
uint32_t num_info = 0;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
*pnum_info = 0;
uint32_t start = num_info;
uint32_t g;
- status = rpccli_samr_EnumDomainAliases(samr_pipe,
+ status = dcerpc_samr_EnumDomainAliases(b,
mem_ctx,
samr_policy,
&start,
&sam_array,
0xFFFF, /* buffer size? */
- &count);
+ &count,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- return status;
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
+ return result;
}
}
- info = TALLOC_REALLOC_ARRAY(mem_ctx,
+ info = talloc_realloc(mem_ctx,
info,
- struct acct_info,
+ struct wb_acct_info,
num_info + count);
if (info == NULL) {
return NT_STATUS_NO_MEMORY;
}
num_info += count;
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
*pnum_info = num_info;
*pinfo = info;
struct policy_handle user_policy;
union samr_UserInfo *info = NULL;
uint32_t user_rid;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
return NT_STATUS_UNSUCCESSFUL;
}
/* Get user handle */
- status = rpccli_samr_OpenUser(samr_pipe,
+ status = dcerpc_samr_OpenUser(b,
mem_ctx,
samr_policy,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
- &user_policy);
+ &user_policy,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
/* Get user info */
- status = rpccli_samr_QueryUserInfo(samr_pipe,
+ status = dcerpc_samr_QueryUserInfo(b,
mem_ctx,
&user_policy,
0x15,
- &info);
-
- rpccli_samr_Close(samr_pipe, mem_ctx, &user_policy);
-
+ &info,
+ &result);
+ {
+ NTSTATUS _result;
+ dcerpc_samr_Close(b, mem_ctx, &user_policy, &_result);
+ }
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
sid_compose(&user_info->user_sid, domain_sid, user_rid);
sid_compose(&user_info->group_sid, domain_sid,
user_info->full_name = talloc_strdup(user_info,
info->info21.full_name.string);
- if (user_info->acct_name == NULL) {
+ if ((info->info21.full_name.string != NULL) &&
+ (user_info->acct_name == NULL))
+ {
return NT_STATUS_NO_MEMORY;
}
struct dom_sid *user_grpsids = NULL;
uint32_t num_groups = 0, i;
uint32_t user_rid;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
return NT_STATUS_UNSUCCESSFUL;
}
/* Get user handle */
- status = rpccli_samr_OpenUser(samr_pipe,
+ status = dcerpc_samr_OpenUser(b,
mem_ctx,
samr_policy,
SEC_FLAG_MAXIMUM_ALLOWED,
user_rid,
- &user_policy);
+ &user_policy,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
/* Query user rids */
- status = rpccli_samr_GetGroupsForUser(samr_pipe,
+ status = dcerpc_samr_GetGroupsForUser(b,
mem_ctx,
&user_policy,
- &rid_array);
+ &rid_array,
+ &result);
num_groups = rid_array->count;
- rpccli_samr_Close(samr_pipe, mem_ctx, &user_policy);
+ {
+ NTSTATUS _result;
+ dcerpc_samr_Close(b, mem_ctx, &user_policy, &_result);
+ }
- if (!NT_STATUS_IS_OK(status) || num_groups == 0) {
+ if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result) || num_groups == 0) {
+ return result;
+ }
user_grpsids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_groups);
if (user_grpsids == NULL) {
uint32_t rangesize = MAX_SAM_ENTRIES_W2K;
uint32_t i;
struct samr_Ids alias_rids_query;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
do {
/* prepare query */
sid_array.num_sids = num_query_sids;
/* do request */
- status = rpccli_samr_GetAliasMembership(samr_pipe,
+ status = dcerpc_samr_GetAliasMembership(b,
mem_ctx,
samr_policy,
&sid_array,
- &alias_rids_query);
+ &alias_rids_query,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
/* process output */
for (i = 0; i < alias_rids_query.count; i++) {
struct samr_Ids tmp_types;
uint32_t j, r;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
return NT_STATUS_UNSUCCESSFUL;
switch(type) {
case SID_NAME_DOM_GRP:
{
- struct samr_RidTypeArray *rids = NULL;
+ struct samr_RidAttrArray *rids = NULL;
- status = rpccli_samr_OpenGroup(samr_pipe,
+ status = dcerpc_samr_OpenGroup(b,
mem_ctx,
samr_policy,
SEC_FLAG_MAXIMUM_ALLOWED,
group_rid,
- &group_policy);
+ &group_policy,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
/*
* Step #1: Get a list of user rids that are the members of the group.
*/
- status = rpccli_samr_QueryGroupMember(samr_pipe,
+ status = dcerpc_samr_QueryGroupMember(b,
mem_ctx,
&group_policy,
- &rids);
-
- rpccli_samr_Close(samr_pipe, mem_ctx, &group_policy);
+ &rids,
+ &result);
+ {
+ NTSTATUS _result;
+ dcerpc_samr_Close(b, mem_ctx, &group_policy, &_result);
+ }
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+
if (rids == NULL || rids->count == 0) {
pnum_names = 0;
sid_array.num_sids = 1;
sid_array.sids = &sid_ptr;
- status = rpccli_samr_GetAliasMembership(samr_pipe,
+ status = dcerpc_samr_GetAliasMembership(b,
mem_ctx,
samr_policy,
&sid_array,
- &rids_query);
+ &rids_query,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
if (rids_query.count == 0) {
pnum_names = 0;
sid_compose(&sid_mem[j], domain_sid, rid_mem[j]);
}
- status = rpccli_samr_LookupRids(samr_pipe,
+ status = dcerpc_samr_LookupRids(b,
mem_ctx,
samr_policy,
num_names,
rid_mem,
&tmp_names,
- &tmp_types);
+ &tmp_types,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
- return status;
+ return status;
+ }
+
+ if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
+ return result;
}
}
{
union samr_DomainInfo *info = NULL;
bool got_seq_num = false;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = samr_pipe->binding_handle;
/* query domain info */
- status = rpccli_samr_QueryDomainInfo(samr_pipe,
+ status = dcerpc_samr_QueryDomainInfo(b,
mem_ctx,
samr_policy,
8,
- &info);
- if (NT_STATUS_IS_OK(status)) {
+ &info,
+ &result);
+ if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
*pseq = info->info8.sequence_num;
got_seq_num = true;
goto seq_num;
/* retry with info-level 2 in case the dc does not support info-level 8
* (like all older samba2 and samba3 dc's) - Guenther */
- status = rpccli_samr_QueryDomainInfo(samr_pipe,
+ status = dcerpc_samr_QueryDomainInfo(b,
mem_ctx,
samr_policy,
2,
- &info);
- if (NT_STATUS_IS_OK(status)) {
+ &info,
+ &result);
+ if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
*pseq = info->general.sequence_num;
got_seq_num = true;
+ goto seq_num;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto seq_num;
}
+ status = result;
+
seq_num:
if (got_seq_num) {
DEBUG(10,("domain_sequence_number: for domain %s is %u\n",
struct netr_DomainTrust *array = NULL;
uint32_t enum_ctx = 0;
uint32_t count = 0;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = lsa_pipe->binding_handle;
do {
struct lsa_DomainList dom_list;
* We don't run into deadlocks here, cause winbind_off() is
* called in the main function.
*/
- status = rpccli_lsa_EnumTrustDom(lsa_pipe,
+ status = dcerpc_lsa_EnumTrustDom(b,
mem_ctx,
lsa_policy,
&enum_ctx,
&dom_list,
- (uint32_t) -1);
+ (uint32_t) -1,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- return status;
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
+ return result;
}
}
sid_copy(sid, dom_list.domains[i].sid);
trust->sid = sid;
}
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
*pnum_trusts = count;
*ptrusts = array;
return NT_STATUS_OK;
}
+
+static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct lsa_SidArray *sids,
+ struct lsa_RefDomainList **pdomains,
+ struct lsa_TransNameArray **pnames)
+{
+ struct lsa_TransNameArray2 lsa_names2;
+ struct lsa_TransNameArray *names;
+ uint32_t i, count;
+ struct rpc_pipe_client *cli;
+ NTSTATUS status, result;
+
+ status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ domain->can_do_ncacn_ip_tcp = false;
+ return status;
+ }
+
+ ZERO_STRUCT(lsa_names2);
+ status = dcerpc_lsa_LookupSids3(cli->binding_handle,
+ mem_ctx,
+ sids,
+ pdomains,
+ &lsa_names2,
+ LSA_LOOKUP_NAMES_ALL,
+ &count,
+ LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES,
+ LSA_CLIENT_REVISION_2,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (NT_STATUS_IS_ERR(result)) {
+ return result;
+ }
+ names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ names->count = lsa_names2.count;
+ names->names = talloc_array(names, struct lsa_TranslatedName,
+ names->count);
+ if (names->names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ for (i=0; i<names->count; i++) {
+ names->names[i].sid_type = lsa_names2.names[i].sid_type;
+ names->names[i].name.string = talloc_move(
+ names->names, &lsa_names2.names[i].name.string);
+ names->names[i].sid_index = lsa_names2.names[i].sid_index;
+ }
+ *pnames = names;
+ return result;
+}
+
+NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct lsa_SidArray *sids,
+ struct lsa_RefDomainList **pdomains,
+ struct lsa_TransNameArray **pnames)
+{
+ struct lsa_TransNameArray *names;
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle lsa_policy;
+ uint32_t count;
+ NTSTATUS status, result;
+
+ if (domain->can_do_ncacn_ip_tcp) {
+ status = rpc_try_lookup_sids3(mem_ctx, domain, sids,
+ pdomains, pnames);
+ if (!NT_STATUS_IS_ERR(status)) {
+ return status;
+ }
+ }
+
+ status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ status = dcerpc_lsa_LookupSids(cli->binding_handle, mem_ctx,
+ &lsa_policy, sids, pdomains,
+ names, LSA_LOOKUP_NAMES_ALL,
+ &count, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (NT_STATUS_IS_ERR(result)) {
+ return result;
+ }
+ *pnames = names;
+ return result;
+}