s3-winbindd: remove unused headers.
[kamenim/samba-autobuild/.git] / source3 / winbindd / winbindd_samr.c
index 35d4c001819d980ab89acf8bf8a5443793455d8f..3b9377f7299f82614817952ad01a37bb1ae95fc2 100644 (file)
 #include "includes.h"
 #include "winbindd.h"
 #include "winbindd_rpc.h"
-
-#include "../librpc/gen_ndr/cli_samr.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
 #include "rpc_client/cli_samr.h"
-#include "../librpc/gen_ndr/srv_samr.h"
-#include "../librpc/gen_ndr/cli_lsa.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
 #include "rpc_client/cli_lsarpc.h"
-#include "../librpc/gen_ndr/srv_lsa.h"
+#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/security.h"
+#include "passdb/machine_sid.h"
+#include "auth.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx,
                                        struct rpc_pipe_client **samr_pipe)
 {
-       static struct rpc_pipe_client *cli = NULL;
-       struct auth_serversupplied_info *server_info = NULL;
+       struct rpc_pipe_client *cli = NULL;
+       struct auth_serversupplied_info *session_info = NULL;
        NTSTATUS status;
 
-       if (cli != NULL) {
-               goto done;
-       }
-
-       if (server_info == NULL) {
-               status = make_server_info_system(mem_ctx, &server_info);
+       if (session_info == NULL) {
+               status = make_session_info_system(mem_ctx, &session_info);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
                                  nt_errstr(status)));
@@ -58,10 +56,11 @@ static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx,
        }
 
        /* create a samr connection */
-       status = rpc_pipe_open_internal(talloc_autofree_context(),
+       status = rpc_pipe_open_interface(mem_ctx,
                                        &ndr_table_samr.syntax_id,
-                                       rpc_samr_dispatch,
-                                       server_info,
+                                       session_info,
+                                       NULL,
+                                       winbind_messaging_context(),
                                        &cli);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
@@ -69,7 +68,6 @@ static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx,
                return status;
        }
 
-done:
        if (samr_pipe) {
                *samr_pipe = cli;
        }
@@ -77,71 +75,76 @@ done:
        return NT_STATUS_OK;
 }
 
-static NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx,
-                                       struct winbindd_domain *domain,
-                                       struct rpc_pipe_client **samr_pipe,
-                                       struct policy_handle *samr_domain_hnd)
+NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx,
+                                struct winbindd_domain *domain,
+                                struct rpc_pipe_client **samr_pipe,
+                                struct policy_handle *samr_domain_hnd)
 {
-       NTSTATUS status;
+       NTSTATUS status, result;
        struct policy_handle samr_connect_hnd;
+       struct dcerpc_binding_handle *b;
 
        status = open_internal_samr_pipe(mem_ctx, samr_pipe);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
 
-       status = rpccli_samr_Connect2((*samr_pipe),
-                                     mem_ctx,
+       b = (*samr_pipe)->binding_handle;
+
+       status = dcerpc_samr_Connect2(b, mem_ctx,
                                      (*samr_pipe)->desthost,
                                      SEC_FLAG_MAXIMUM_ALLOWED,
-                                     &samr_connect_hnd);
+                                     &samr_connect_hnd,
+                                     &result);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
+       if (!NT_STATUS_IS_OK(result)) {
+               return result;
+       }
 
-       status = rpccli_samr_OpenDomain((*samr_pipe),
-                                       mem_ctx,
+       status = dcerpc_samr_OpenDomain(b, mem_ctx,
                                        &samr_connect_hnd,
                                        SEC_FLAG_MAXIMUM_ALLOWED,
                                        &domain->sid,
-                                       samr_domain_hnd);
+                                       samr_domain_hnd,
+                                       &result);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
-       return status;
+       return result;
 }
 
 static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx,
                                       struct rpc_pipe_client **lsa_pipe)
 {
-       static struct rpc_pipe_client *cli = NULL;
-       struct auth_serversupplied_info *server_info = NULL;
+       struct rpc_pipe_client *cli = NULL;
+       struct auth_serversupplied_info *session_info = NULL;
        NTSTATUS status;
 
-       if (cli != NULL) {
-               goto done;
-       }
-
-       if (server_info == NULL) {
-               status = make_server_info_system(mem_ctx, &server_info);
+       if (session_info == NULL) {
+               status = make_session_info_system(mem_ctx, &session_info);
                if (!NT_STATUS_IS_OK(status)) {
-                       DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
+                       DEBUG(0, ("open_lsa_pipe: Could not create auth_serversupplied_info: %s\n",
                                  nt_errstr(status)));
                        return status;
                }
        }
 
-       /* create a samr connection */
-       status = rpc_pipe_open_internal(talloc_autofree_context(),
+       /* create a lsa connection */
+       status = rpc_pipe_open_interface(mem_ctx,
                                        &ndr_table_lsarpc.syntax_id,
-                                       rpc_lsarpc_dispatch,
-                                       server_info,
+                                       session_info,
+                                       NULL,
+                                       winbind_messaging_context(),
                                        &cli);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
+               DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n",
                          nt_errstr(status)));
                return status;
        }
 
-done:
        if (lsa_pipe) {
                *lsa_pipe = cli;
        }
@@ -177,17 +180,20 @@ static NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx,
 static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
                                    TALLOC_CTX *mem_ctx,
                                    uint32_t *pnum_info,
-                                   struct acct_info **pinfo)
+                                   struct wb_acct_info **pinfo)
 {
        struct rpc_pipe_client *samr_pipe;
        struct policy_handle dom_pol;
-       struct acct_info *info = NULL;
+       struct wb_acct_info *info = NULL;
        uint32_t num_info = 0;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_enum_dom_groups\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        if (pnum_info) {
                *pnum_info = 0;
        }
@@ -202,6 +208,8 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
                goto error;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_enum_dom_groups(tmp_ctx,
                                     samr_pipe,
                                     &dom_pol,
@@ -220,6 +228,9 @@ static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
        }
 
 error:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -235,10 +246,13 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
        struct wbint_userinfo *info = NULL;
        uint32_t num_info = 0;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("samr_query_user_list\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        if (pnum_info) {
                *pnum_info = 0;
        }
@@ -253,6 +267,8 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_query_user_list(tmp_ctx,
                                     samr_pipe,
                                     &dom_pol,
@@ -272,6 +288,10 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -285,10 +305,13 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
        struct rpc_pipe_client *samr_pipe;
        struct policy_handle dom_pol;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_query_user\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        /* Paranoia check */
        if (!sid_check_is_in_our_domain(user_sid)) {
                return NT_STATUS_NO_SUCH_USER;
@@ -310,6 +333,8 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_query_user(tmp_ctx,
                                samr_pipe,
                                &dom_pol,
@@ -318,6 +343,10 @@ static NTSTATUS sam_query_user(struct winbindd_domain *domain,
                                user_info);
 
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -332,10 +361,13 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
        struct netr_DomainTrust *trusts = NULL;
        uint32_t num_trusts = 0;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("samr: trusted domains\n"));
 
+       ZERO_STRUCT(lsa_policy);
+
        if (ptrust_list) {
                ZERO_STRUCTP(ptrust_list);
        }
@@ -350,6 +382,8 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = lsa_pipe->binding_handle;
+
        status = rpc_trusted_domains(tmp_ctx,
                                     lsa_pipe,
                                     &lsa_policy,
@@ -365,6 +399,10 @@ static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&lsa_policy)) {
+               dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -388,10 +426,13 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
        uint32_t *name_types = NULL;
 
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_lookup_groupmem\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        /* Paranoia check */
        if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
                /* There's no groups, only aliases in BUILTIN */
@@ -399,7 +440,7 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
        }
 
        if (pnum_names) {
-               pnum_names = 0;
+               *pnum_names = 0;
        }
 
        tmp_ctx = talloc_stackframe();
@@ -412,6 +453,8 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_lookup_groupmem(tmp_ctx,
                                     samr_pipe,
                                     &dom_pol,
@@ -441,6 +484,10 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -453,7 +500,7 @@ done:
 static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain,
                                TALLOC_CTX *mem_ctx,
                                uint32 *num_entries,
-                               struct acct_info **info)
+                               struct wb_acct_info **info)
 {
        /* BUILTIN doesn't have domain groups */
        *num_entries = 0;
@@ -499,17 +546,20 @@ static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
 static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
                                      TALLOC_CTX *mem_ctx,
                                      uint32_t *pnum_info,
-                                     struct acct_info **pinfo)
+                                     struct wb_acct_info **pinfo)
 {
        struct rpc_pipe_client *samr_pipe;
        struct policy_handle dom_pol;
-       struct acct_info *info = NULL;
+       struct wb_acct_info *info = NULL;
        uint32_t num_info = 0;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("samr: enum local groups\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        if (pnum_info) {
                *pnum_info = 0;
        }
@@ -524,6 +574,8 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_enum_local_groups(mem_ctx,
                                       samr_pipe,
                                       &dom_pol,
@@ -542,6 +594,10 @@ static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -560,10 +616,13 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
        struct dom_sid sid;
        enum lsa_SidType type;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_name_to_sid\n"));
 
+       ZERO_STRUCT(lsa_policy);
+
        tmp_ctx = talloc_stackframe();
        if (tmp_ctx == NULL) {
                return NT_STATUS_NO_MEMORY;
@@ -574,6 +633,8 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = lsa_pipe->binding_handle;
+
        status = rpc_name_to_sid(tmp_ctx,
                                 lsa_pipe,
                                 &lsa_policy,
@@ -594,6 +655,10 @@ static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&lsa_policy)) {
+               dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -612,10 +677,13 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
        char *name = NULL;
        enum lsa_SidType type;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_sid_to_name\n"));
 
+       ZERO_STRUCT(lsa_policy);
+
        /* Paranoia check */
        if (!sid_check_is_in_builtin(sid) &&
            !sid_check_is_in_our_domain(sid) &&
@@ -639,6 +707,8 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = lsa_pipe->binding_handle;
+
        status = rpc_sid_to_name(tmp_ctx,
                                 lsa_pipe,
                                 &lsa_policy,
@@ -661,13 +731,17 @@ static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&lsa_policy)) {
+               dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
 
 static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
                                  TALLOC_CTX *mem_ctx,
-                                 const struct dom_sid *sid,
+                                 const struct dom_sid *domain_sid,
                                  uint32 *rids,
                                  size_t num_rids,
                                  char **pdomain_name,
@@ -680,20 +754,21 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
        char *domain_name = NULL;
        char **names = NULL;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_rids_to_names for %s\n", domain->name));
 
+       ZERO_STRUCT(lsa_policy);
+
        /* Paranoia check */
-       if (!sid_check_is_in_builtin(sid) &&
-           !sid_check_is_in_our_domain(sid) &&
-           !sid_check_is_in_unix_users(sid) &&
-           !sid_check_is_unix_users(sid) &&
-           !sid_check_is_in_unix_groups(sid) &&
-           !sid_check_is_unix_groups(sid) &&
-           !sid_check_is_in_wellknown_domain(sid)) {
+       if (!sid_check_is_builtin(domain_sid) &&
+           !sid_check_is_domain(domain_sid) &&
+           !sid_check_is_unix_users(domain_sid) &&
+           !sid_check_is_unix_groups(domain_sid) &&
+           !sid_check_is_in_wellknown_domain(domain_sid)) {
                DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
-                         "lookup SID %s\n", sid_string_dbg(sid)));
+                         "lookup SID %s\n", sid_string_dbg(domain_sid)));
                return NT_STATUS_NONE_MAPPED;
        }
 
@@ -707,11 +782,13 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = lsa_pipe->binding_handle;
+
        status = rpc_rids_to_names(tmp_ctx,
                                   lsa_pipe,
                                   &lsa_policy,
                                   domain,
-                                  sid,
+                                  domain_sid,
                                   rids,
                                   num_rids,
                                   &domain_name,
@@ -734,6 +811,10 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&lsa_policy)) {
+               dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -746,10 +827,13 @@ static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain,
        struct policy_handle dom_pol;
        union samr_DomainInfo *info = NULL;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_lockout_policy\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        tmp_ctx = talloc_stackframe();
        if (tmp_ctx == NULL) {
                return NT_STATUS_NO_MEMORY;
@@ -760,18 +844,29 @@ static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain,
                goto error;
        }
 
-       status = rpccli_samr_QueryDomainInfo(samr_pipe,
+       b = samr_pipe->binding_handle;
+
+       status = dcerpc_samr_QueryDomainInfo(b,
                                             mem_ctx,
                                             &dom_pol,
                                             12,
-                                            &info);
+                                            &info,
+                                            &result);
        if (!NT_STATUS_IS_OK(status)) {
                goto error;
        }
+       if (!NT_STATUS_IS_OK(result)) {
+               status = result;
+               goto error;
+       }
 
        *lockout_policy = info->info12;
 
 error:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -784,10 +879,13 @@ static NTSTATUS sam_password_policy(struct winbindd_domain *domain,
        struct policy_handle dom_pol;
        union samr_DomainInfo *info = NULL;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_password_policy\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        tmp_ctx = talloc_stackframe();
        if (tmp_ctx == NULL) {
                return NT_STATUS_NO_MEMORY;
@@ -798,18 +896,29 @@ static NTSTATUS sam_password_policy(struct winbindd_domain *domain,
                goto error;
        }
 
-       status = rpccli_samr_QueryDomainInfo(samr_pipe,
+       b = samr_pipe->binding_handle;
+
+       status = dcerpc_samr_QueryDomainInfo(b,
                                             mem_ctx,
                                             &dom_pol,
                                             1,
-                                            &info);
+                                            &info,
+                                            &result);
        if (!NT_STATUS_IS_OK(status)) {
                goto error;
        }
+       if (!NT_STATUS_IS_OK(result)) {
+               status = result;
+               goto error;
+       }
 
        *passwd_policy = info->info1;
 
 error:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -826,10 +935,13 @@ static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain,
        struct dom_sid *user_grpsids = NULL;
        uint32_t num_groups = 0;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_lookup_usergroups\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        if (pnum_groups) {
                *pnum_groups = 0;
        }
@@ -844,6 +956,8 @@ static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_lookup_usergroups(tmp_ctx,
                                       samr_pipe,
                                       &dom_pol,
@@ -864,6 +978,10 @@ static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -880,10 +998,13 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
        uint32_t num_aliases = 0;
        uint32_t *alias_rids = NULL;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("sam_lookup_useraliases\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        if (pnum_aliases) {
                *pnum_aliases = 0;
        }
@@ -898,6 +1019,8 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_lookup_useraliases(tmp_ctx,
                                        samr_pipe,
                                        &dom_pol,
@@ -918,6 +1041,10 @@ static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
        }
 
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, mem_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }
@@ -930,10 +1057,13 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain,
        struct policy_handle dom_pol;
        uint32_t seq;
        TALLOC_CTX *tmp_ctx;
-       NTSTATUS status;
+       NTSTATUS status, result;
+       struct dcerpc_binding_handle *b = NULL;
 
        DEBUG(3,("samr: sequence number\n"));
 
+       ZERO_STRUCT(dom_pol);
+
        if (pseq) {
                *pseq = DOM_SEQUENCE_NONE;
        }
@@ -948,6 +1078,8 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain,
                goto done;
        }
 
+       b = samr_pipe->binding_handle;
+
        status = rpc_sequence_number(tmp_ctx,
                                     samr_pipe,
                                     &dom_pol,
@@ -961,6 +1093,10 @@ static NTSTATUS sam_sequence_number(struct winbindd_domain *domain,
                *pseq = seq;
        }
 done:
+       if (b && is_valid_policy_hnd(&dom_pol)) {
+               dcerpc_samr_Close(b, tmp_ctx, &dom_pol, &result);
+       }
+
        TALLOC_FREE(tmp_ctx);
        return status;
 }