From f9ab15a986626581000d4b93961184c501f36b93 Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Wed, 22 Dec 2004 16:58:43 +0000 Subject: [PATCH] r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side, based on samba4-idl. This saves us an enormous amount of totally unnecessary ldap-traffic when several hundreds of winbind-daemons query a Samba3 DC just to get the fake SAM-sequence-number (time(NULL)) by enumerating all users, all groups and all aliases when query-dom-info level 2 is used. Note that we apparently never get the sequence number right (we parse a uint32, although it's a uint64, at least in samba4 idl). For the time being, I would propose to stay with that behaviour. Guenther --- source/include/rpc_samr.h | 11 ++++++-- source/nsswitch/winbindd_rpc.c | 23 +++++++++++++--- source/rpc_parse/parse_samr.c | 47 +++++++++++++++++++++++++++++---- source/rpc_server/srv_samr_nt.c | 3 +++ source/rpcclient/cmd_samr.c | 14 ++++++++-- 5 files changed, 86 insertions(+), 12 deletions(-) diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h index c0c7e389e5..e3fbebaa77 100644 --- a/source/include/rpc_samr.h +++ b/source/include/rpc_samr.h @@ -537,6 +537,13 @@ typedef struct sam_unknown_info_7_info } SAM_UNK_INFO_7; +typedef struct sam_unknown_info_8_info +{ + UINT64_S seq_num; + NTTIME domain_create_time; + +} SAM_UNK_INFO_8; + typedef struct sam_unknown_info_12_inf { NTTIME duration; @@ -564,8 +571,7 @@ typedef struct sam_unknown_info_2_inf pointer is referring to */ - uint32 seq_num; /* some sort of incrementing sequence number? */ - uint32 unknown_3; /* 0x0000 0000 */ + UINT64_S seq_num; uint32 unknown_4; /* 0x0000 0001 */ uint32 unknown_5; /* 0x0000 0003 */ @@ -603,6 +609,7 @@ typedef struct sam_unknown_ctr_info SAM_UNK_INFO_5 inf5; SAM_UNK_INFO_6 inf6; SAM_UNK_INFO_7 inf7; + SAM_UNK_INFO_8 inf8; SAM_UNK_INFO_12 inf12; } info; diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c index de7f2ff76f..e6edb70f07 100644 --- a/source/nsswitch/winbindd_rpc.c +++ b/source/nsswitch/winbindd_rpc.c @@ -807,10 +807,10 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) TALLOC_CTX *mem_ctx; CLI_POLICY_HND *hnd; SAM_UNK_CTR ctr; - uint16 switch_value = 2; NTSTATUS result; POLICY_HND dom_pol; BOOL got_dom_pol = False; + BOOL got_seq_num = False; uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; int retry; @@ -856,10 +856,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) /* Query domain info */ result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol, - switch_value, &ctr); + 8, &ctr); if (NT_STATUS_IS_OK(result)) { - *seq = ctr.info.inf2.seq_num; + *seq = ctr.info.inf8.seq_num.low; + got_seq_num = True; + goto seq_num; + } + + /* retry with info-level 2 in case the dc does not support info-level 8 + * (like all older samba2 and samba3 dc's - Guenther */ + + result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol, + 2, &ctr); + + if (NT_STATUS_IS_OK(result)) { + *seq = ctr.info.inf2.seq_num.low; + got_seq_num = True; + } + + seq_num: + if (got_seq_num) { DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)*seq)); } else { DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n", diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index a674b89ab6..5b211f8349 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -588,6 +588,40 @@ static BOOL sam_io_unk_info7(const char *desc, SAM_UNK_INFO_7 * u_7, return True; } +/******************************************************************* +inits a structure. +********************************************************************/ + +void init_unk_info8(SAM_UNK_INFO_8 * u_8, uint32 seq_num) +{ + unix_to_nt_time(&u_8->domain_create_time, 0); + u_8->seq_num.low = seq_num; + u_8->seq_num.high = 0x0000; +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ + +static BOOL sam_io_unk_info8(const char *desc, SAM_UNK_INFO_8 * u_8, + prs_struct *ps, int depth) +{ + if (u_8 == NULL) + return False; + + prs_debug(ps, depth, desc, "sam_io_unk_info8"); + depth++; + + if (!prs_uint64("seq_num", ps, depth, &u_8->seq_num)) + return False; + + if(!smb_io_time("domain_create_time", &u_8->domain_create_time, ps, depth)) + return False; + + return True; +} + + /******************************************************************* inits a structure. ********************************************************************/ @@ -668,8 +702,9 @@ void init_unk_info2(SAM_UNK_INFO_2 * u_2, u_2->unknown_0 = 0x00000000; u_2->unknown_1 = 0x80000000; - u_2->seq_num = seq_num; - u_2->unknown_3 = 0x00000000; + u_2->seq_num.low = seq_num; + u_2->seq_num.high = 0x00000000; + u_2->unknown_4 = 0x00000001; u_2->unknown_5 = 0x00000003; @@ -716,9 +751,7 @@ static BOOL sam_io_unk_info2(const char *desc, SAM_UNK_INFO_2 * u_2, pointer is referring to */ - if(!prs_uint32("seq_num ", ps, depth, &u_2->seq_num)) /* 0x0000 0099 or 0x1000 0000 */ - return False; - if(!prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3)) /* 0x0000 0000 */ + if(!prs_uint64("seq_num ", ps, depth, &u_2->seq_num)) return False; if(!prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4)) /* 0x0000 0001 */ @@ -843,6 +876,10 @@ BOOL samr_io_r_query_dom_info(const char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u, if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth)) return False; break; + case 0x08: + if(!sam_io_unk_info8("unk_inf8",&r_u->ctr->info.inf8, ps,depth)) + return False; + break; case 0x07: if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth)) return False; diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 771e8c71e3..5d7cd84390 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -2133,6 +2133,9 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA case 0x07: init_unk_info7(&ctr->info.inf7); break; + case 0x08: + init_unk_info8(&ctr->info.inf8, (uint32) time(NULL)); + break; case 0x0c: account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp); u_lock_duration = account_policy_temp * 60; diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index f8be84a5c9..2a282680a8 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -160,16 +160,23 @@ static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2) printf("Total Groups:\t%d\n", info2->num_domain_grps); printf("Total Aliases:\t%d\n", info2->num_local_grps); - printf("Sequence No:\t%d\n", info2->seq_num); + printf("Sequence No:\t%d\n", info2->seq_num.low); printf("Unknown 0:\t0x%x\n", info2->unknown_0); printf("Unknown 1:\t0x%x\n", info2->unknown_1); - printf("Unknown 3:\t0x%x\n", info2->unknown_3); printf("Unknown 4:\t0x%x\n", info2->unknown_4); printf("Unknown 5:\t0x%x\n", info2->unknown_5); printf("Unknown 6:\t0x%x\n", info2->unknown_6); } +static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8) +{ + printf("Sequence No:\t%d\n", info8->seq_num.low); + printf("Domain Create Time:\t%s\n", + http_timestring(nt_time_to_unix(&info8->domain_create_time))); + +} + static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12) { printf("Bad password lockout duration: %s\n", display_time(info12->duration)); @@ -1130,6 +1137,9 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli, case 2: display_sam_unk_info_2(&ctr.info.inf2); break; + case 8: + display_sam_unk_info_8(&ctr.info.inf8); + break; case 12: display_sam_unk_info_12(&ctr.info.inf12); break; -- 2.34.1