#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
+static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ uint32_t num_names,
+ const char **names,
+ const char ***domains,
+ struct dom_sid **sids,
+ enum lsa_SidType **types);
/* Query display info for a domain. This returns enough information plus a
bit extra to give an overview of domain users for the User Manager
name_map_status = normalize_name_unmap(mem_ctx, full_name,
&mapped_name);
- /* Reset the full_name pointer if we mapped anytthing */
+ /* Reset the full_name pointer if we mapped anything */
if (NT_STATUS_IS_OK(name_map_status) ||
NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED))
DEBUG(3, ("msrpc_rids_to_names: domain %s\n", domain->name ));
if (num_rids) {
- sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, num_rids);
+ sids = talloc_array(mem_ctx, struct dom_sid, num_rids);
if (sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
#define MAX_LOOKUP_RIDS 900
- *names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names);
- *name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names);
- *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, *num_names);
+ *names = talloc_zero_array(mem_ctx, char *, *num_names);
+ *name_types = talloc_zero_array(mem_ctx, uint32, *num_names);
+ *sid_mem = talloc_zero_array(mem_ctx, struct dom_sid, *num_names);
for (j=0;j<(*num_names);j++)
sid_compose(&(*sid_mem)[j], &domain->sid, rid_mem[j]);
#ifdef HAVE_LDAP
-#include <ldap.h>
+#include "ads.h"
static int get_ldap_seq(const char *server, struct sockaddr_storage *ss, int port, uint32 *seq)
{
to.tv_usec = 0;
if (ldap_search_st(ldp, "", LDAP_SCOPE_BASE, "(objectclass=*)",
- CONST_DISCARD(char **, attrs), 0, &to, &res))
+ discard_const_p(char *, attrs), 0, &to, &res))
goto done;
if (ldap_count_entries(ldp, res) != 1)
return status;
}
-typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
- int num_sids,
- const struct dom_sid *sids,
- char ***pdomains,
- char ***pnames,
- enum lsa_SidType **ptypes,
- NTSTATUS *result);
-
NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
uint32_t num_sids,
struct dcerpc_binding_handle *b = NULL;
struct policy_handle lsa_policy;
unsigned int orig_timeout;
- lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids;
-
- if (domain->can_do_ncacn_ip_tcp) {
- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
- if (NT_STATUS_IS_OK(status)) {
- lookup_sids_fn = dcerpc_lsa_lookup_sids3;
- goto lookup;
- }
- domain->can_do_ncacn_ip_tcp = false;
- }
- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ bool use_lookupsids3 = false;
+ bool retried = false;
+ connect:
+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- lookup:
b = cli->binding_handle;
+ if (cli->transport->transport == NCACN_IP_TCP) {
+ use_lookupsids3 = true;
+ }
+
/*
* This call can take a long time
* allow the server to time out.
*/
orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000);
- status = lookup_sids_fn(b,
- mem_ctx,
- &lsa_policy,
- num_sids,
- sids,
- domains,
- names,
- types,
- &result);
+ status = dcerpc_lsa_lookup_sids_generic(b,
+ mem_ctx,
+ &lsa_policy,
+ num_sids,
+ sids,
+ domains,
+ names,
+ types,
+ use_lookupsids3,
+ &result);
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
* a netlogon connection first.
*/
invalidate_cm_connection(&domain->conn);
+ domain->can_do_ncacn_ip_tcp = domain->active_directory;
+ if (!retried) {
+ retried = true;
+ goto connect;
+ }
status = NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
}
-typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *pol,
+static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
uint32_t num_names,
const char **names,
- const char ***dom_names,
- enum lsa_LookupNamesLevel level,
+ const char ***domains,
struct dom_sid **sids,
- enum lsa_SidType **types,
- NTSTATUS *result);
-
-NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
- uint32_t num_names,
- const char **names,
- const char ***domains,
- struct dom_sid **sids,
- enum lsa_SidType **types)
+ enum lsa_SidType **types)
{
NTSTATUS status;
NTSTATUS result;
struct dcerpc_binding_handle *b = NULL;
struct policy_handle lsa_policy;
unsigned int orig_timeout = 0;
- lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names;
-
- if (domain->can_do_ncacn_ip_tcp) {
- status = cm_connect_lsa_tcp(domain, mem_ctx, &cli);
- if (NT_STATUS_IS_OK(status)) {
- lookup_names_fn = dcerpc_lsa_lookup_names4;
- goto lookup;
- }
- domain->can_do_ncacn_ip_tcp = false;
- }
- status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
+ bool use_lookupnames4 = false;
+ bool retried = false;
+ connect:
+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- lookup:
b = cli->binding_handle;
+ if (cli->transport->transport == NCACN_IP_TCP) {
+ use_lookupnames4 = true;
+ }
+
/*
* This call can take a long time
* allow the server to time out.
*/
orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000);
- status = lookup_names_fn(b,
- mem_ctx,
- &lsa_policy,
- num_names,
- (const char **) names,
- domains,
- 1,
- sids,
- types,
- &result);
+ status = dcerpc_lsa_lookup_names_generic(b,
+ mem_ctx,
+ &lsa_policy,
+ num_names,
+ (const char **) names,
+ domains,
+ 1,
+ sids,
+ types,
+ use_lookupnames4,
+ &result);
/* And restore our original timeout. */
dcerpc_binding_handle_set_timeout(b, orig_timeout);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+ NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) {
/*
* This can happen if the schannel key is not
* valid anymore, we need to invalidate the
* a netlogon connection first.
*/
invalidate_cm_connection(&domain->conn);
+ if (!retried) {
+ retried = true;
+ goto connect;
+ }
status = NT_STATUS_ACCESS_DENIED;
}