X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=source3%2Fwinbindd%2Fwinbindd_samr.c;h=3b9377f7299f82614817952ad01a37bb1ae95fc2;hb=233779cce4f47799d5912f362faadcd564bbf096;hp=35d4c001819d980ab89acf8bf8a5443793455d8f;hpb=b4160af73646f48073778b610938c9f67a5f6e39;p=kamenim%2Fsamba-autobuild%2F.git diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c index 35d4c001819..3b9377f7299 100644 --- a/source3/winbindd/winbindd_samr.c +++ b/source3/winbindd/winbindd_samr.c @@ -26,13 +26,15 @@ #include "includes.h" #include "winbindd.h" #include "winbindd_rpc.h" - -#include "../librpc/gen_ndr/cli_samr.h" +#include "rpc_client/rpc_client.h" +#include "../librpc/gen_ndr/ndr_samr_c.h" #include "rpc_client/cli_samr.h" -#include "../librpc/gen_ndr/srv_samr.h" -#include "../librpc/gen_ndr/cli_lsa.h" +#include "../librpc/gen_ndr/ndr_lsa_c.h" #include "rpc_client/cli_lsarpc.h" -#include "../librpc/gen_ndr/srv_lsa.h" +#include "rpc_server/rpc_ncacn_np.h" +#include "../libcli/security/security.h" +#include "passdb/machine_sid.h" +#include "auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -40,16 +42,12 @@ static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx, struct rpc_pipe_client **samr_pipe) { - static struct rpc_pipe_client *cli = NULL; - struct auth_serversupplied_info *server_info = NULL; + struct rpc_pipe_client *cli = NULL; + struct auth_serversupplied_info *session_info = NULL; NTSTATUS status; - if (cli != NULL) { - goto done; - } - - if (server_info == NULL) { - status = make_server_info_system(mem_ctx, &server_info); + if (session_info == NULL) { + status = make_session_info_system(mem_ctx, &session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n", nt_errstr(status))); @@ -58,10 +56,11 @@ static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx, } /* create a samr connection */ - status = rpc_pipe_open_internal(talloc_autofree_context(), + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id, - rpc_samr_dispatch, - server_info, + session_info, + NULL, + winbind_messaging_context(), &cli); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n", @@ -69,7 +68,6 @@ static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx, return status; } -done: if (samr_pipe) { *samr_pipe = cli; } @@ -77,71 +75,76 @@ done: return NT_STATUS_OK; } -static NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx, - struct winbindd_domain *domain, - struct rpc_pipe_client **samr_pipe, - struct policy_handle *samr_domain_hnd) +NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx, + struct winbindd_domain *domain, + struct rpc_pipe_client **samr_pipe, + struct policy_handle *samr_domain_hnd) { - NTSTATUS status; + NTSTATUS status, result; struct policy_handle samr_connect_hnd; + struct dcerpc_binding_handle *b; status = open_internal_samr_pipe(mem_ctx, samr_pipe); if (!NT_STATUS_IS_OK(status)) { return status; } - status = rpccli_samr_Connect2((*samr_pipe), - mem_ctx, + b = (*samr_pipe)->binding_handle; + + status = dcerpc_samr_Connect2(b, mem_ctx, (*samr_pipe)->desthost, SEC_FLAG_MAXIMUM_ALLOWED, - &samr_connect_hnd); + &samr_connect_hnd, + &result); if (!NT_STATUS_IS_OK(status)) { return status; } + if (!NT_STATUS_IS_OK(result)) { + return result; + } - status = rpccli_samr_OpenDomain((*samr_pipe), - mem_ctx, + status = dcerpc_samr_OpenDomain(b, mem_ctx, &samr_connect_hnd, SEC_FLAG_MAXIMUM_ALLOWED, &domain->sid, - samr_domain_hnd); + samr_domain_hnd, + &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - return status; + return result; } static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx, struct rpc_pipe_client **lsa_pipe) { - static struct rpc_pipe_client *cli = NULL; - struct auth_serversupplied_info *server_info = NULL; + struct rpc_pipe_client *cli = NULL; + struct auth_serversupplied_info *session_info = NULL; NTSTATUS status; - if (cli != NULL) { - goto done; - } - - if (server_info == NULL) { - status = make_server_info_system(mem_ctx, &server_info); + if (session_info == NULL) { + status = make_session_info_system(mem_ctx, &session_info); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n", + DEBUG(0, ("open_lsa_pipe: Could not create auth_serversupplied_info: %s\n", nt_errstr(status))); return status; } } - /* create a samr connection */ - status = rpc_pipe_open_internal(talloc_autofree_context(), + /* create a lsa connection */ + status = rpc_pipe_open_interface(mem_ctx, &ndr_table_lsarpc.syntax_id, - rpc_lsarpc_dispatch, - server_info, + session_info, + NULL, + winbind_messaging_context(), &cli); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n", + DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n", nt_errstr(status))); return status; } -done: if (lsa_pipe) { *lsa_pipe = cli; } @@ -177,17 +180,20 @@ static NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx, static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32_t *pnum_info, - struct acct_info **pinfo) + struct wb_acct_info **pinfo) { struct rpc_pipe_client *samr_pipe; struct policy_handle dom_pol; - struct acct_info *info = NULL; + struct wb_acct_info *info = NULL; uint32_t num_info = 0; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_enum_dom_groups\n")); + ZERO_STRUCT(dom_pol); + if (pnum_info) { *pnum_info = 0; } @@ -202,6 +208,8 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain, goto error; } + b = samr_pipe->binding_handle; + status = rpc_enum_dom_groups(tmp_ctx, samr_pipe, &dom_pol, @@ -220,6 +228,9 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain, } error: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } TALLOC_FREE(tmp_ctx); return status; } @@ -235,10 +246,13 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, struct wbint_userinfo *info = NULL; uint32_t num_info = 0; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("samr_query_user_list\n")); + ZERO_STRUCT(dom_pol); + if (pnum_info) { *pnum_info = 0; } @@ -253,6 +267,8 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_query_user_list(tmp_ctx, samr_pipe, &dom_pol, @@ -272,6 +288,10 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -285,10 +305,13 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain, struct rpc_pipe_client *samr_pipe; struct policy_handle dom_pol; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_query_user\n")); + ZERO_STRUCT(dom_pol); + /* Paranoia check */ if (!sid_check_is_in_our_domain(user_sid)) { return NT_STATUS_NO_SUCH_USER; @@ -310,6 +333,8 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_query_user(tmp_ctx, samr_pipe, &dom_pol, @@ -318,6 +343,10 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain, user_info); done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -332,10 +361,13 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain, struct netr_DomainTrust *trusts = NULL; uint32_t num_trusts = 0; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("samr: trusted domains\n")); + ZERO_STRUCT(lsa_policy); + if (ptrust_list) { ZERO_STRUCTP(ptrust_list); } @@ -350,6 +382,8 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain, goto done; } + b = lsa_pipe->binding_handle; + status = rpc_trusted_domains(tmp_ctx, lsa_pipe, &lsa_policy, @@ -365,6 +399,10 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&lsa_policy)) { + dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -388,10 +426,13 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, uint32_t *name_types = NULL; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_lookup_groupmem\n")); + ZERO_STRUCT(dom_pol); + /* Paranoia check */ if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) { /* There's no groups, only aliases in BUILTIN */ @@ -399,7 +440,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, } if (pnum_names) { - pnum_names = 0; + *pnum_names = 0; } tmp_ctx = talloc_stackframe(); @@ -412,6 +453,8 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_lookup_groupmem(tmp_ctx, samr_pipe, &dom_pol, @@ -441,6 +484,10 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -453,7 +500,7 @@ done: static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 *num_entries, - struct acct_info **info) + struct wb_acct_info **info) { /* BUILTIN doesn't have domain groups */ *num_entries = 0; @@ -499,17 +546,20 @@ static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain, static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32_t *pnum_info, - struct acct_info **pinfo) + struct wb_acct_info **pinfo) { struct rpc_pipe_client *samr_pipe; struct policy_handle dom_pol; - struct acct_info *info = NULL; + struct wb_acct_info *info = NULL; uint32_t num_info = 0; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("samr: enum local groups\n")); + ZERO_STRUCT(dom_pol); + if (pnum_info) { *pnum_info = 0; } @@ -524,6 +574,8 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_enum_local_groups(mem_ctx, samr_pipe, &dom_pol, @@ -542,6 +594,10 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -560,10 +616,13 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, struct dom_sid sid; enum lsa_SidType type; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_name_to_sid\n")); + ZERO_STRUCT(lsa_policy); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { return NT_STATUS_NO_MEMORY; @@ -574,6 +633,8 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, goto done; } + b = lsa_pipe->binding_handle; + status = rpc_name_to_sid(tmp_ctx, lsa_pipe, &lsa_policy, @@ -594,6 +655,10 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&lsa_policy)) { + dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -612,10 +677,13 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain, char *name = NULL; enum lsa_SidType type; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_sid_to_name\n")); + ZERO_STRUCT(lsa_policy); + /* Paranoia check */ if (!sid_check_is_in_builtin(sid) && !sid_check_is_in_our_domain(sid) && @@ -639,6 +707,8 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain, goto done; } + b = lsa_pipe->binding_handle; + status = rpc_sid_to_name(tmp_ctx, lsa_pipe, &lsa_policy, @@ -661,13 +731,17 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&lsa_policy)) { + dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result); + } + TALLOC_FREE(tmp_ctx); return status; } static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, - const struct dom_sid *sid, + const struct dom_sid *domain_sid, uint32 *rids, size_t num_rids, char **pdomain_name, @@ -680,20 +754,21 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain, char *domain_name = NULL; char **names = NULL; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_rids_to_names for %s\n", domain->name)); + ZERO_STRUCT(lsa_policy); + /* Paranoia check */ - if (!sid_check_is_in_builtin(sid) && - !sid_check_is_in_our_domain(sid) && - !sid_check_is_in_unix_users(sid) && - !sid_check_is_unix_users(sid) && - !sid_check_is_in_unix_groups(sid) && - !sid_check_is_unix_groups(sid) && - !sid_check_is_in_wellknown_domain(sid)) { + if (!sid_check_is_builtin(domain_sid) && + !sid_check_is_domain(domain_sid) && + !sid_check_is_unix_users(domain_sid) && + !sid_check_is_unix_groups(domain_sid) && + !sid_check_is_in_wellknown_domain(domain_sid)) { DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to " - "lookup SID %s\n", sid_string_dbg(sid))); + "lookup SID %s\n", sid_string_dbg(domain_sid))); return NT_STATUS_NONE_MAPPED; } @@ -707,11 +782,13 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain, goto done; } + b = lsa_pipe->binding_handle; + status = rpc_rids_to_names(tmp_ctx, lsa_pipe, &lsa_policy, domain, - sid, + domain_sid, rids, num_rids, &domain_name, @@ -734,6 +811,10 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&lsa_policy)) { + dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -746,10 +827,13 @@ static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain, struct policy_handle dom_pol; union samr_DomainInfo *info = NULL; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_lockout_policy\n")); + ZERO_STRUCT(dom_pol); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { return NT_STATUS_NO_MEMORY; @@ -760,18 +844,29 @@ static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain, goto error; } - status = rpccli_samr_QueryDomainInfo(samr_pipe, + b = samr_pipe->binding_handle; + + status = dcerpc_samr_QueryDomainInfo(b, mem_ctx, &dom_pol, 12, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { goto error; } + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto error; + } *lockout_policy = info->info12; error: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -784,10 +879,13 @@ static NTSTATUS sam_password_policy(struct winbindd_domain *domain, struct policy_handle dom_pol; union samr_DomainInfo *info = NULL; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_password_policy\n")); + ZERO_STRUCT(dom_pol); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { return NT_STATUS_NO_MEMORY; @@ -798,18 +896,29 @@ static NTSTATUS sam_password_policy(struct winbindd_domain *domain, goto error; } - status = rpccli_samr_QueryDomainInfo(samr_pipe, + b = samr_pipe->binding_handle; + + status = dcerpc_samr_QueryDomainInfo(b, mem_ctx, &dom_pol, 1, - &info); + &info, + &result); if (!NT_STATUS_IS_OK(status)) { goto error; } + if (!NT_STATUS_IS_OK(result)) { + status = result; + goto error; + } *passwd_policy = info->info1; error: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -826,10 +935,13 @@ static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain, struct dom_sid *user_grpsids = NULL; uint32_t num_groups = 0; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_lookup_usergroups\n")); + ZERO_STRUCT(dom_pol); + if (pnum_groups) { *pnum_groups = 0; } @@ -844,6 +956,8 @@ static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_lookup_usergroups(tmp_ctx, samr_pipe, &dom_pol, @@ -864,6 +978,10 @@ static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -880,10 +998,13 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain, uint32_t num_aliases = 0; uint32_t *alias_rids = NULL; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("sam_lookup_useraliases\n")); + ZERO_STRUCT(dom_pol); + if (pnum_aliases) { *pnum_aliases = 0; } @@ -898,6 +1019,8 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_lookup_useraliases(tmp_ctx, samr_pipe, &dom_pol, @@ -918,6 +1041,10 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain, } done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; } @@ -930,10 +1057,13 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain, struct policy_handle dom_pol; uint32_t seq; TALLOC_CTX *tmp_ctx; - NTSTATUS status; + NTSTATUS status, result; + struct dcerpc_binding_handle *b = NULL; DEBUG(3,("samr: sequence number\n")); + ZERO_STRUCT(dom_pol); + if (pseq) { *pseq = DOM_SEQUENCE_NONE; } @@ -948,6 +1078,8 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain, goto done; } + b = samr_pipe->binding_handle; + status = rpc_sequence_number(tmp_ctx, samr_pipe, &dom_pol, @@ -961,6 +1093,10 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain, *pseq = seq; } done: + if (b && is_valid_policy_hnd(&dom_pol)) { + dcerpc_samr_Close(b, tmp_ctx, &dom_pol, &result); + } + TALLOC_FREE(tmp_ctx); return status; }