#include "includes.h"
#include "winbindd.h"
-#include "../librpc/gen_ndr/cli_samr.h"
+#include "winbindd_rpc.h"
+#include "lib/util_unixsids.h"
+#include "rpc_client/rpc_client.h"
+#include "rpc_client/cli_pipe.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/cli_samr.h"
-#include "../librpc/gen_ndr/srv_samr.h"
-#include "../librpc/gen_ndr/cli_lsa.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
#include "rpc_client/cli_lsarpc.h"
-#include "../librpc/gen_ndr/srv_lsa.h"
+#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/security.h"
+#include "passdb/machine_sid.h"
+#include "auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
-static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client **samr_pipe)
+/*
+ * The other end of this won't go away easily, so we can trust it
+ *
+ * It is either a long-lived process with the same lifetime as
+ * winbindd or a part of this process
+ */
+struct winbind_internal_pipes {
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle samr_domain_hnd;
+ struct rpc_pipe_client *lsa_pipe;
+ struct policy_handle lsa_hnd;
+};
+
+
+NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ struct rpc_pipe_client **samr_pipe,
+ struct policy_handle *samr_domain_hnd)
{
- static struct rpc_pipe_client *cli = NULL;
- struct auth_serversupplied_info *server_info = NULL;
- NTSTATUS status;
+ NTSTATUS status, result;
+ struct policy_handle samr_connect_hnd;
+ struct dcerpc_binding_handle *b;
- if (cli != NULL) {
- goto done;
+ status = wb_open_internal_pipe(mem_ctx, &ndr_table_samr, samr_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (server_info == NULL) {
- status = make_server_info_system(mem_ctx, &server_info);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
- nt_errstr(status)));
- return status;
- }
- }
+ b = (*samr_pipe)->binding_handle;
- /* create a samr connection */
- status = rpc_pipe_open_internal(talloc_autofree_context(),
- &ndr_table_samr.syntax_id,
- rpc_samr_dispatch,
- server_info,
- &cli);
+ status = dcerpc_samr_Connect2(b, mem_ctx,
+ (*samr_pipe)->desthost,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ &samr_connect_hnd,
+ &result);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
- nt_errstr(status)));
return status;
}
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
-done:
- if (samr_pipe) {
- *samr_pipe = cli;
+ status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ &samr_connect_hnd,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ &domain->sid,
+ samr_domain_hnd,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return NT_STATUS_OK;
+ return result;
}
-static NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
- struct rpc_pipe_client **samr_pipe,
- struct policy_handle *samr_domain_hnd)
+NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client **lsa_pipe,
+ struct policy_handle *lsa_hnd)
{
NTSTATUS status;
- struct policy_handle samr_connect_hnd;
- status = open_internal_samr_pipe(mem_ctx, samr_pipe);
+ status = wb_open_internal_pipe(mem_ctx, &ndr_table_lsarpc, lsa_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = rpccli_samr_Connect2((*samr_pipe),
- mem_ctx,
- (*samr_pipe)->desthost,
- SEC_FLAG_MAXIMUM_ALLOWED,
- &samr_connect_hnd);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- status = rpccli_samr_OpenDomain((*samr_pipe),
+ status = rpccli_lsa_open_policy((*lsa_pipe),
mem_ctx,
- &samr_connect_hnd,
+ true,
SEC_FLAG_MAXIMUM_ALLOWED,
- &domain->sid,
- samr_domain_hnd);
+ lsa_hnd);
return status;
}
-static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client **lsa_pipe)
+
+static NTSTATUS open_cached_internal_pipe_conn(
+ struct winbindd_domain *domain,
+ struct rpc_pipe_client **samr_pipe,
+ struct policy_handle *samr_domain_hnd,
+ struct rpc_pipe_client **lsa_pipe,
+ struct policy_handle *lsa_hnd)
{
- static struct rpc_pipe_client *cli = NULL;
- struct auth_serversupplied_info *server_info = NULL;
- NTSTATUS status;
+ struct winbind_internal_pipes *internal_pipes = NULL;
- if (cli != NULL) {
- goto done;
- }
+ if (domain->private_data == NULL) {
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
- if (server_info == NULL) {
- status = make_server_info_system(mem_ctx, &server_info);
+ internal_pipes = talloc_zero(frame,
+ struct winbind_internal_pipes);
+
+ status = open_internal_samr_conn(
+ internal_pipes,
+ domain,
+ &internal_pipes->samr_pipe,
+ &internal_pipes->samr_domain_hnd);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
- nt_errstr(status)));
+ TALLOC_FREE(frame);
return status;
}
+
+ status = open_internal_lsa_conn(internal_pipes,
+ &internal_pipes->lsa_pipe,
+ &internal_pipes->lsa_hnd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ domain->private_data = talloc_move(domain, &internal_pipes);
+
+ TALLOC_FREE(frame);
+
}
- /* create a samr connection */
- status = rpc_pipe_open_internal(talloc_autofree_context(),
- &ndr_table_lsarpc.syntax_id,
- rpc_lsarpc_dispatch,
- server_info,
- &cli);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
- nt_errstr(status)));
- return status;
+ internal_pipes = talloc_get_type_abort(
+ domain->private_data, struct winbind_internal_pipes);
+
+ if (samr_domain_hnd) {
+ *samr_domain_hnd = internal_pipes->samr_domain_hnd;
+ }
+
+ if (samr_pipe) {
+ *samr_pipe = internal_pipes->samr_pipe;
+ }
+
+ if (lsa_hnd) {
+ *lsa_hnd = internal_pipes->lsa_hnd;
}
-done:
if (lsa_pipe) {
- *lsa_pipe = cli;
+ *lsa_pipe = internal_pipes->lsa_pipe;
}
return NT_STATUS_OK;
}
-static NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx,
- struct rpc_pipe_client **lsa_pipe,
- struct policy_handle *lsa_hnd)
+static bool reset_connection_on_error(struct winbindd_domain *domain,
+ struct rpc_pipe_client *p,
+ NTSTATUS status)
{
- NTSTATUS status;
+ struct winbind_internal_pipes *internal_pipes = NULL;
- status = open_internal_lsa_pipe(mem_ctx, lsa_pipe);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ internal_pipes = talloc_get_type_abort(
+ domain->private_data, struct winbind_internal_pipes);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR))
+ {
+ TALLOC_FREE(internal_pipes);
+ domain->private_data = NULL;
+ return true;
}
- status = rpccli_lsa_open_policy((*lsa_pipe),
- mem_ctx,
- true,
- SEC_FLAG_MAXIMUM_ALLOWED,
- lsa_hnd);
+ if (!rpccli_is_connected(p)) {
+ TALLOC_FREE(internal_pipes);
+ domain->private_data = NULL;
+ return true;
+ }
- return status;
+ return false;
}
/*********************************************************************
static NTSTATUS sam_enum_dom_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t *pnum_info,
- struct acct_info **pinfo)
+ struct wb_acct_info **pinfo)
{
struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol;
- struct acct_info *info = NULL;
- TALLOC_CTX *tmp_ctx;
- uint32_t start = 0;
+ struct policy_handle dom_pol = { 0 };
+ struct wb_acct_info *info = NULL;
uint32_t num_info = 0;
+ TALLOC_CTX *tmp_ctx;
NTSTATUS status;
+ bool retry = false;
- DEBUG(3,("samr: query_user_list\n"));
+ DEBUG(3,("sam_enum_dom_groups\n"));
if (pnum_info) {
*pnum_info = 0;
return NT_STATUS_NO_MEMORY;
}
- status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
if (!NT_STATUS_IS_OK(status)) {
- goto error;
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
- do {
- struct samr_SamArray *sam_array = NULL;
- uint32_t count = 0;
- uint32_t g;
-
- /* start is updated by this call. */
- status = rpccli_samr_EnumDomainGroups(samr_pipe,
- tmp_ctx,
- &dom_pol,
- &start,
- &sam_array,
- 0xFFFF, /* buffer size? */
- &count);
- if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- DEBUG(2,("query_user_list: failed to enum domain groups: %s\n",
- nt_errstr(status)));
- goto error;
- }
- }
-
- info = TALLOC_REALLOC_ARRAY(tmp_ctx,
- info,
- struct acct_info,
- num_info + count);
- if (info == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
+ status = rpc_enum_dom_groups(tmp_ctx,
+ samr_pipe,
+ &dom_pol,
+ &num_info,
+ &info);
- for (g = 0; g < count; g++) {
- fstrcpy(info[num_info + g].acct_name,
- sam_array->entries[g].name.string);
-
- info[num_info + g].rid = sam_array->entries[g].idx;
- }
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
- num_info += count;
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(tmp_ctx);
+ return status;
+ }
if (pnum_info) {
*pnum_info = num_info;
*pinfo = talloc_move(mem_ctx, &info);
}
-error:
TALLOC_FREE(tmp_ctx);
return status;
}
/* Query display info for a domain */
static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32_t *pnum_info,
- struct wbint_userinfo **pinfo)
+ uint32_t **prids)
{
struct rpc_pipe_client *samr_pipe = NULL;
- struct wbint_userinfo *info = NULL;
- struct policy_handle dom_pol;
- uint32_t num_info = 0;
- uint32_t loop_count = 0;
- uint32_t start_idx = 0;
- uint32_t i = 0;
+ struct policy_handle dom_pol = { 0 };
+ uint32_t *rids = NULL;
TALLOC_CTX *tmp_ctx;
NTSTATUS status;
+ bool retry = false;
- DEBUG(3,("samr: query_user_list\n"));
-
- if (pnum_info) {
- *pnum_info = 0;
- }
+ DEBUG(3,("samr_query_user_list\n"));
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
- status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
if (!NT_STATUS_IS_OK(status)) {
- goto error;
+ goto done;
}
- do {
- uint32_t j;
- uint32_t num_dom_users;
- uint32_t max_entries, max_size;
- uint32_t total_size, returned_size;
- union samr_DispInfo disp_info;
-
- get_query_dispinfo_params(loop_count,
- &max_entries,
- &max_size);
-
- status = rpccli_samr_QueryDisplayInfo(samr_pipe,
- tmp_ctx,
- &dom_pol,
- 1, /* level */
- start_idx,
- max_entries,
- max_size,
- &total_size,
- &returned_size,
- &disp_info);
- if (!NT_STATUS_IS_OK(status)) {
- if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
- goto error;
- }
- }
-
- /* increment required start query values */
- start_idx += disp_info.info1.count;
- loop_count++;
- num_dom_users = disp_info.info1.count;
-
- num_info += num_dom_users;
-
- info = TALLOC_REALLOC_ARRAY(tmp_ctx,
- info,
- struct wbint_userinfo,
- num_info);
- if (info == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
-
- for (j = 0; j < num_dom_users; i++, j++) {
- uint32_t rid = disp_info.info1.entries[j].rid;
- struct samr_DispEntryGeneral *src;
- struct wbint_userinfo *dst;
-
- src = &(disp_info.info1.entries[j]);
- dst = &(info[i]);
-
- dst->acct_name = talloc_strdup(info,
- src->account_name.string);
- if (dst->acct_name == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
-
- dst->full_name = talloc_strdup(info, src->full_name.string);
- if (dst->full_name == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
-
- dst->homedir = NULL;
- dst->shell = NULL;
-
- sid_compose(&dst->user_sid, &domain->sid, rid);
-
- /* For the moment we set the primary group for
- every user to be the Domain Users group.
- There are serious problems with determining
- the actual primary group for large domains.
- This should really be made into a 'winbind
- force group' smb.conf parameter or
- something like that. */
- sid_compose(&dst->group_sid, &domain->sid,
- DOMAIN_RID_USERS);
- }
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+ status = rpc_query_user_list(tmp_ctx,
+ samr_pipe,
+ &dom_pol,
+ &domain->sid,
+ &rids);
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
- if (pnum_info) {
- *pnum_info = num_info;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
- if (pinfo) {
- *pinfo = talloc_move(mem_ctx, &info);
+ if (prids != NULL) {
+ *prids = talloc_move(mem_ctx, &rids);
}
-error:
+done:
+ TALLOC_FREE(rids);
TALLOC_FREE(tmp_ctx);
return status;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS sam_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
+/* get a list of trusted domains - builtin domain */
+static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct netr_DomainTrustList *ptrust_list)
{
- struct rpc_pipe_client *samr_pipe;
- struct policy_handle dom_pol, user_pol;
- union samr_UserInfo *info = NULL;
+ struct rpc_pipe_client *lsa_pipe;
+ struct policy_handle lsa_policy = { 0 };
+ struct netr_DomainTrust *trusts = NULL;
+ uint32_t num_trusts = 0;
TALLOC_CTX *tmp_ctx;
- uint32_t user_rid;
NTSTATUS status;
+ bool retry = false;
- DEBUG(3,("samr: query_user\n"));
-
- if (!sid_peek_check_rid(&domain->sid, user_sid, &user_rid)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
+ DEBUG(3,("samr: trusted domains\n"));
- if (user_info) {
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t) -1;
+ if (ptrust_list) {
+ ZERO_STRUCTP(ptrust_list);
}
tmp_ctx = talloc_stackframe();
return NT_STATUS_NO_MEMORY;
}
- status = open_internal_samr_conn(tmp_ctx, domain, &samr_pipe, &dom_pol);
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ NULL,
+ NULL,
+ &lsa_pipe,
+ &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
- goto error;
- }
-
- /* Get user handle */
- status = rpccli_samr_OpenUser(samr_pipe,
- tmp_ctx,
- &dom_pol,
- SEC_FLAG_MAXIMUM_ALLOWED,
- user_rid,
- &user_pol);
- if (!NT_STATUS_IS_OK(status)) {
- goto error;
+ goto done;
}
- /* Get user info */
- status = rpccli_samr_QueryUserInfo(samr_pipe,
- tmp_ctx,
- &user_pol,
- 0x15,
- &info);
+ status = rpc_trusted_domains(tmp_ctx,
+ lsa_pipe,
+ &lsa_policy,
+ &num_trusts,
+ &trusts);
- rpccli_samr_Close(samr_pipe, tmp_ctx, &user_pol);
+ if (!retry && reset_connection_on_error(domain, lsa_pipe, status)) {
+ retry = true;
+ goto again;
+ }
if (!NT_STATUS_IS_OK(status)) {
- goto error;
+ goto done;
}
- sid_compose(&user_info->user_sid, &domain->sid, user_rid);
- sid_compose(&user_info->group_sid, &domain->sid,
- info->info21.primary_gid);
-
- if (user_info) {
- user_info->acct_name = talloc_strdup(mem_ctx,
- info->info21.account_name.string);
- if (user_info->acct_name == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
-
- user_info->full_name = talloc_strdup(mem_ctx,
- info->info21.full_name.string);
- if (user_info->acct_name == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto error;
- }
-
- user_info->homedir = NULL;
- user_info->shell = NULL;
- user_info->primary_gid = (gid_t)-1;
+ if (ptrust_list) {
+ ptrust_list->count = num_trusts;
+ ptrust_list->array = talloc_move(mem_ctx, &trusts);
}
- status = NT_STATUS_OK;
-error:
+done:
TALLOC_FREE(tmp_ctx);
return status;
}
-/* get a list of trusted domains - builtin domain */
-static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct netr_DomainTrustList *trusts)
-{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
/* Lookup group membership given a rid. */
static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *group_sid,
enum lsa_SidType type,
- uint32_t *num_names,
- struct dom_sid **sid_mem,
- char ***names,
- uint32_t **name_types)
+ uint32_t *pnum_names,
+ struct dom_sid **psid_mem,
+ char ***pnames,
+ uint32_t **pname_types)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol = { 0 };
+
+ uint32_t num_names = 0;
+ struct dom_sid *sid_mem = NULL;
+ char **names = NULL;
+ uint32_t *name_types = NULL;
+
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("sam_lookup_groupmem\n"));
+
+ /* Paranoia check */
+ if (sid_check_is_in_builtin(group_sid) && (type != SID_NAME_ALIAS)) {
+ /* There's no groups, only aliases in BUILTIN */
+ return NT_STATUS_NO_SUCH_GROUP;
+ }
+
+ if (pnum_names) {
+ *pnum_names = 0;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_lookup_groupmem(tmp_ctx,
+ samr_pipe,
+ &dom_pol,
+ domain->name,
+ &domain->sid,
+ group_sid,
+ type,
+ &num_names,
+ &sid_mem,
+ &names,
+ &name_types);
+
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (pnum_names) {
+ *pnum_names = num_names;
+ }
+
+ if (pnames) {
+ *pnames = talloc_move(mem_ctx, &names);
+ }
+
+ if (pname_types) {
+ *pname_types = talloc_move(mem_ctx, &name_types);
+ }
+
+ if (psid_mem) {
+ *psid_mem = talloc_move(mem_ctx, &sid_mem);
+ }
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
/*********************************************************************
/* List all domain groups */
static NTSTATUS builtin_enum_dom_groups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info)
+ uint32_t *num_entries,
+ struct wb_acct_info **info)
{
/* BUILTIN doesn't have domain groups */
*num_entries = 0;
/* Query display info for a domain */
static NTSTATUS builtin_query_user_list(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct wbint_userinfo **info)
+ uint32_t **rids)
{
/* We don't have users */
- *num_entries = 0;
- *info = NULL;
+ *rids = NULL;
return NT_STATUS_OK;
}
-/* Lookup user information from a rid or username. */
-static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- struct wbint_userinfo *user_info)
-{
- return NT_STATUS_NO_SUCH_USER;
-}
-
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
*********************************************************************/
/* List all local groups (aliases) */
-static NTSTATUS common_enum_local_groups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32_t *num_entries,
- struct acct_info **info)
+static NTSTATUS sam_enum_local_groups(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *pnum_info,
+ struct wb_acct_info **pinfo)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol = { 0 };
+ struct wb_acct_info *info = NULL;
+ uint32_t num_info = 0;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("samr: enum local groups\n"));
+
+ if (pnum_info) {
+ *pnum_info = 0;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_enum_local_groups(mem_ctx,
+ samr_pipe,
+ &dom_pol,
+ &num_info,
+
+ &info);
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pnum_info) {
+ *pnum_info = num_info;
+ }
+
+ if (pinfo) {
+ *pinfo = talloc_move(mem_ctx, &info);
+ }
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
/* convert a single name to a sid in a domain */
-static NTSTATUS common_name_to_sid(struct winbindd_domain *domain,
+static NTSTATUS sam_name_to_sid(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const char *domain_name,
const char *name,
uint32_t flags,
- struct dom_sid *sid,
- enum lsa_SidType *type)
+ struct dom_sid *psid,
+ enum lsa_SidType *ptype)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *lsa_pipe;
+ struct policy_handle lsa_policy = { 0 };
+ struct dom_sid sid;
+ const char *dom_name;
+ enum lsa_SidType type;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("sam_name_to_sid\n"));
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ NULL,
+ NULL,
+ &lsa_pipe,
+ &lsa_policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_name_to_sid(tmp_ctx,
+ lsa_pipe,
+ &lsa_policy,
+ domain_name,
+ name,
+ flags,
+ &dom_name,
+ &sid,
+ &type);
+
+ if (!retry && reset_connection_on_error(domain, lsa_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (psid) {
+ sid_copy(psid, &sid);
+ }
+ if (ptype) {
+ *ptype = type;
+ }
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
/* convert a domain SID to a user or group name */
-static NTSTATUS common_sid_to_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- char **domain_name,
- char **name,
- enum lsa_SidType *type)
+static NTSTATUS sam_sid_to_name(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *sid,
+ char **pdomain_name,
+ char **pname,
+ enum lsa_SidType *ptype)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *lsa_pipe;
+ struct policy_handle lsa_policy = { 0 };
+ char *domain_name = NULL;
+ char *name = NULL;
+ enum lsa_SidType type;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("sam_sid_to_name\n"));
+
+ /* Paranoia check */
+ if (!sid_check_is_in_builtin(sid) &&
+ !sid_check_is_builtin(sid) &&
+ !sid_check_is_in_our_sam(sid) &&
+ !sid_check_is_our_sam(sid) &&
+ !sid_check_is_in_unix_users(sid) &&
+ !sid_check_is_unix_users(sid) &&
+ !sid_check_is_in_unix_groups(sid) &&
+ !sid_check_is_unix_groups(sid) &&
+ !sid_check_is_in_wellknown_domain(sid)) {
+ struct dom_sid_buf buf;
+ DEBUG(0, ("sam_sid_to_name: possible deadlock - trying to "
+ "lookup SID %s\n",
+ dom_sid_str_buf(sid, &buf)));
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ NULL,
+ NULL,
+ &lsa_pipe,
+ &lsa_policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_sid_to_name(tmp_ctx,
+ lsa_pipe,
+ &lsa_policy,
+ domain,
+ sid,
+ &domain_name,
+ &name,
+ &type);
+
+ if (!retry && reset_connection_on_error(domain, lsa_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (ptype) {
+ *ptype = type;
+ }
+
+ if (pname) {
+ *pname = talloc_move(mem_ctx, &name);
+ }
+
+ if (pdomain_name) {
+ *pdomain_name = talloc_move(mem_ctx, &domain_name);
+ }
+
+done:
+
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
-static NTSTATUS common_rids_to_names(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- uint32 *rids,
- size_t num_rids,
- char **domain_name,
- char ***names,
- enum lsa_SidType **types)
+static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *domain_sid,
+ uint32_t *rids,
+ size_t num_rids,
+ char **pdomain_name,
+ char ***pnames,
+ enum lsa_SidType **ptypes)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *lsa_pipe;
+ struct policy_handle lsa_policy = { 0 };
+ enum lsa_SidType *types = NULL;
+ char *domain_name = NULL;
+ char **names = NULL;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("sam_rids_to_names for %s\n", domain->name));
+
+ /* Paranoia check */
+ if (!sid_check_is_builtin(domain_sid) &&
+ !sid_check_is_our_sam(domain_sid) &&
+ !sid_check_is_unix_users(domain_sid) &&
+ !sid_check_is_unix_groups(domain_sid) &&
+ !sid_check_is_in_wellknown_domain(domain_sid)) {
+ struct dom_sid_buf buf;
+ DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
+ "lookup SID %s\n",
+ dom_sid_str_buf(domain_sid, &buf)));
+ return NT_STATUS_NONE_MAPPED;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ NULL,
+ NULL,
+ &lsa_pipe,
+ &lsa_policy);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_rids_to_names(tmp_ctx,
+ lsa_pipe,
+ &lsa_policy,
+ domain,
+ domain_sid,
+ rids,
+ num_rids,
+ &domain_name,
+ &names,
+ &types);
+
+ if (!retry && reset_connection_on_error(domain, lsa_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pdomain_name) {
+ *pdomain_name = talloc_move(mem_ctx, &domain_name);
+ }
+
+ if (ptypes) {
+ *ptypes = talloc_move(mem_ctx, &types);
+ }
+
+ if (pnames) {
+ *pnames = talloc_move(mem_ctx, &names);
+ }
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
-static NTSTATUS common_lockout_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct samr_DomInfo12 *policy)
+static NTSTATUS sam_lockout_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo12 *lockout_policy)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol = { 0 };
+ union samr_DomainInfo *info = NULL;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
+ bool retry = false;
+
+ DEBUG(3,("sam_lockout_policy\n"));
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto error;
+ }
+
+ b = samr_pipe->binding_handle;
+
+ status = dcerpc_samr_QueryDomainInfo(b,
+ mem_ctx,
+ &dom_pol,
+ DomainLockoutInformation,
+ &info,
+ &result);
+
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto error;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto error;
+ }
+
+ *lockout_policy = info->info12;
+
+error:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
-static NTSTATUS common_password_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct samr_DomInfo1 *policy)
+static NTSTATUS sam_password_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ struct samr_DomInfo1 *passwd_policy)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol = { 0 };
+ union samr_DomainInfo *info = NULL;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = NULL;
+ bool retry = false;
+
+ DEBUG(3,("sam_password_policy\n"));
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto error;
+ }
+
+ b = samr_pipe->binding_handle;
+
+ status = dcerpc_samr_QueryDomainInfo(b,
+ mem_ctx,
+ &dom_pol,
+ DomainPasswordInformation,
+ &info,
+ &result);
+
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto error;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto error;
+ }
+
+ *passwd_policy = info->info1;
+
+error:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
-/* Lookup groups a user is a member of. I wish Unix had a call like this! */
-static NTSTATUS common_lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *user_sid,
- uint32_t *num_groups,
- struct dom_sid **user_gids)
+/* Lookup groups a user is a member of. */
+static NTSTATUS sam_lookup_usergroups(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *user_sid,
+ uint32_t *pnum_groups,
+ struct dom_sid **puser_grpsids)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol;
+ struct dom_sid *user_grpsids = NULL;
+ uint32_t num_groups = 0;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("sam_lookup_usergroups\n"));
+
+ ZERO_STRUCT(dom_pol);
+
+ if (pnum_groups) {
+ *pnum_groups = 0;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_lookup_usergroups(tmp_ctx,
+ samr_pipe,
+ &dom_pol,
+ &domain->sid,
+ user_sid,
+ &num_groups,
+ &user_grpsids);
+
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pnum_groups) {
+ *pnum_groups = num_groups;
+ }
+
+ if (puser_grpsids) {
+ *puser_grpsids = talloc_move(mem_ctx, &user_grpsids);
+ }
+
+done:
+
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
-static NTSTATUS common_lookup_useraliases(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32_t num_sids,
- const struct dom_sid *sids,
- uint32_t *p_num_aliases,
- uint32_t **rids)
+static NTSTATUS sam_lookup_useraliases(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32_t num_sids,
+ const struct dom_sid *sids,
+ uint32_t *pnum_aliases,
+ uint32_t **palias_rids)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol = { 0 };
+ uint32_t num_aliases = 0;
+ uint32_t *alias_rids = NULL;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("sam_lookup_useraliases\n"));
+
+ if (pnum_aliases) {
+ *pnum_aliases = 0;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_lookup_useraliases(tmp_ctx,
+ samr_pipe,
+ &dom_pol,
+ num_sids,
+ sids,
+ &num_aliases,
+ &alias_rids);
+
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pnum_aliases) {
+ *pnum_aliases = num_aliases;
+ }
+
+ if (palias_rids) {
+ *palias_rids = talloc_move(mem_ctx, &alias_rids);
+ }
+
+done:
+
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
/* find the sequence number for a domain */
-static NTSTATUS common_sequence_number(struct winbindd_domain *domain,
- uint32_t *seq)
+static NTSTATUS sam_sequence_number(struct winbindd_domain *domain,
+ uint32_t *pseq)
{
- /* TODO FIXME */
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle dom_pol = { 0 };
+ uint32_t seq = DOM_SEQUENCE_NONE;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+ bool retry = false;
+
+ DEBUG(3,("samr: sequence number\n"));
+
+ if (pseq) {
+ *pseq = DOM_SEQUENCE_NONE;
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ status = open_cached_internal_pipe_conn(domain,
+ &samr_pipe,
+ &dom_pol,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_sequence_number(tmp_ctx,
+ samr_pipe,
+ &dom_pol,
+ domain->name,
+ &seq);
+
+ if (!retry && reset_connection_on_error(domain, samr_pipe, status)) {
+ retry = true;
+ goto again;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pseq) {
+ *pseq = seq;
+ }
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
-#if 0
/* the rpc backend methods are exposed via this structure */
struct winbindd_methods builtin_passdb_methods = {
.consistent = false,
.query_user_list = builtin_query_user_list,
.enum_dom_groups = builtin_enum_dom_groups,
- .enum_local_groups = common_enum_local_groups,
- .name_to_sid = common_name_to_sid,
- .sid_to_name = common_sid_to_name,
- .rids_to_names = common_rids_to_names,
- .query_user = builtin_query_user,
- .lookup_usergroups = common_lookup_usergroups,
- .lookup_useraliases = common_lookup_useraliases,
+ .enum_local_groups = sam_enum_local_groups,
+ .name_to_sid = sam_name_to_sid,
+ .sid_to_name = sam_sid_to_name,
+ .rids_to_names = sam_rids_to_names,
+ .lookup_usergroups = sam_lookup_usergroups,
+ .lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
- .sequence_number = common_sequence_number,
- .lockout_policy = common_lockout_policy,
- .password_policy = common_password_policy,
+ .sequence_number = sam_sequence_number,
+ .lockout_policy = sam_lockout_policy,
+ .password_policy = sam_password_policy,
.trusted_domains = builtin_trusted_domains
};
.query_user_list = sam_query_user_list,
.enum_dom_groups = sam_enum_dom_groups,
- .enum_local_groups = common_enum_local_groups,
- .name_to_sid = common_name_to_sid,
- .sid_to_name = common_sid_to_name,
- .rids_to_names = common_rids_to_names,
- .query_user = sam_query_user,
- .lookup_usergroups = common_lookup_usergroups,
- .lookup_useraliases = common_lookup_useraliases,
+ .enum_local_groups = sam_enum_local_groups,
+ .name_to_sid = sam_name_to_sid,
+ .sid_to_name = sam_sid_to_name,
+ .rids_to_names = sam_rids_to_names,
+ .lookup_usergroups = sam_lookup_usergroups,
+ .lookup_useraliases = sam_lookup_useraliases,
.lookup_groupmem = sam_lookup_groupmem,
- .sequence_number = common_sequence_number,
- .lockout_policy = common_lockout_policy,
- .password_policy = common_password_policy,
+ .sequence_number = sam_sequence_number,
+ .lockout_policy = sam_lockout_policy,
+ .password_policy = sam_password_policy,
.trusted_domains = sam_trusted_domains
};
-#endif