+
+/* find the sequence number for a domain */
+static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
+{
+ ADS_STRUCT *ads = NULL;
+ ADS_STATUS rc;
+
+ DEBUG(3,("ads: fetch sequence_number for %s\n", domain->name));
+
+ *seq = DOM_SEQUENCE_NONE;
+
+ ads = ads_cached_connection(domain);
+
+ if (!ads) {
+ domain->last_status = NT_STATUS_SERVER_DISABLED;
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ rc = ads_USN(ads, seq);
+
+ if (!ADS_ERR_OK(rc)) {
+
+ /* its a dead connection ; don't destroy it
+ through since ads_USN() has already done
+ that indirectly */
+
+ domain->private = NULL;
+ }
+ return ads_ntstatus(rc);
+}
+
+/* get a list of trusted domains */
+static NTSTATUS trusted_domains(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_domains,
+ char ***names,
+ char ***alt_names,
+ DOM_SID **dom_sids)
+{
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ DS_DOMAIN_TRUSTS *domains = NULL;
+ int count = 0;
+ int i;
+ struct cli_state *cli = NULL;
+ /* i think we only need our forest and downlevel trusted domains */
+ uint32 flags = DS_DOMAIN_IN_FOREST | DS_DOMAIN_DIRECT_OUTBOUND;
+ char *contact_domain_name;
+
+ DEBUG(3,("ads: trusted_domains\n"));
+
+ *num_domains = 0;
+ *alt_names = NULL;
+ *names = NULL;
+ *dom_sids = NULL;
+
+ contact_domain_name = *domain->alt_name ? domain->alt_name : domain->name;
+ if ( !NT_STATUS_IS_OK(result = cm_fresh_connection(contact_domain_name, PI_NETLOGON, &cli)) ) {
+ DEBUG(5, ("trusted_domains: Could not open a connection to %s for PIPE_NETLOGON (%s)\n",
+ contact_domain_name, nt_errstr(result)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if ( NT_STATUS_IS_OK(result) )
+ result = cli_ds_enum_domain_trusts( cli, mem_ctx, cli->desthost, flags, &domains, (unsigned int *)&count );
+
+ if ( NT_STATUS_IS_OK(result) && count) {
+
+ /* Allocate memory for trusted domain names and sids */
+
+ if ( !(*names = (char **)talloc(mem_ctx, sizeof(char *) * count)) ) {
+ DEBUG(0, ("trusted_domains: out of memory\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if ( !(*alt_names = (char **)talloc(mem_ctx, sizeof(char *) * count)) ) {
+ DEBUG(0, ("trusted_domains: out of memory\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if ( !(*dom_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * count)) ) {
+ DEBUG(0, ("trusted_domains: out of memory\n"));
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* Copy across names and sids */
+
+ for (i = 0; i < count; i++) {
+ fstring tmp;
+ fstring tmp2;
+
+ (*names)[i] = NULL;
+ (*alt_names)[i] = NULL;
+ ZERO_STRUCT( (*dom_sids)[i] );
+
+ if ( domains[i].netbios_ptr ) {
+ unistr2_to_ascii(tmp, &domains[i].netbios_domain, sizeof(tmp) - 1);
+ (*names)[i] = talloc_strdup(mem_ctx, tmp);
+ }
+
+ if ( domains[i].dns_ptr ) {
+ unistr2_to_ascii(tmp2, &domains[i].dns_domain, sizeof(tmp2) - 1);
+ (*alt_names)[i] = talloc_strdup(mem_ctx, tmp2);
+ }
+
+ /* sometimes we will get back a NULL SID from this call */
+
+ if ( domains[i].sid_ptr )
+ sid_copy(&(*dom_sids)[i], &domains[i].sid.sid);
+ }
+
+ *num_domains = count;
+ }
+
+done:
+
+ SAFE_FREE( domains );
+
+ /* remove connection; This is a special case to the \NETLOGON pipe */
+
+ if ( cli )
+ cli_shutdown( cli );
+
+ return result;
+}
+
+/* find the domain sid for a domain */
+static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
+{
+ ADS_STRUCT *ads;
+ ADS_STATUS rc;
+
+ DEBUG(3,("ads: domain_sid\n"));
+
+ ads = ads_cached_connection(domain);
+
+ if (!ads) {
+ domain->last_status = NT_STATUS_SERVER_DISABLED;
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ rc = ads_domain_sid(ads, sid);
+
+ if (!ADS_ERR_OK(rc)) {
+
+ /* its a dead connection; don't destroy it though
+ since that has already been done indirectly
+ by ads_domain_sid() */
+
+ domain->private = NULL;
+ }
+
+ return ads_ntstatus(rc);
+}
+
+
+/* find alternate names list for the domain - for ADS this is the
+ netbios name */
+static NTSTATUS alternate_name(struct winbindd_domain *domain)
+{
+ ADS_STRUCT *ads;
+ ADS_STATUS rc;
+ TALLOC_CTX *ctx;
+ char *workgroup;
+
+ DEBUG(3,("ads: alternate_name\n"));
+
+ ads = ads_cached_connection(domain);
+
+ if (!ads) {
+ domain->last_status = NT_STATUS_SERVER_DISABLED;
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!(ctx = talloc_init("alternate_name"))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ rc = ads_workgroup_name(ads, ctx, &workgroup);
+
+ if (ADS_ERR_OK(rc)) {
+ fstrcpy(domain->name, workgroup);
+ fstrcpy(domain->alt_name, ads->config.realm);
+ strupper_m(domain->alt_name);
+ strupper_m(domain->name);
+ }
+
+ talloc_destroy(ctx);
+
+ return ads_ntstatus(rc);
+}
+