return result;
}
+/* get a list of trusted domains */
+static NTSTATUS trusted_domains(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32 *num_domains,
+ char ***names,
+ DOM_SID **dom_sids)
+{
+ CLI_POLICY_HND *hnd;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 enum_ctx = 0;
+
+ if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
+ goto done;
+
+ result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx,
+ &hnd->pol, &enum_ctx, num_domains,
+ names, dom_sids);
+done:
+ return result;
+}
+
+/* find the domain sid for a domain */
+static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ TALLOC_CTX *mem_ctx;
+ CLI_POLICY_HND *hnd;
+ fstring level5_dom;
+
+ if (!(mem_ctx = talloc_init()))
+ return NT_STATUS_NO_MEMORY;
+
+ /* Get sam handle */
+ if (!(hnd = cm_get_lsa_handle(domain->name)))
+ goto done;
+
+ status = cli_lsa_query_info_policy(hnd->cli, mem_ctx,
+ &hnd->pol, 0x05, level5_dom, sid);
+
+done:
+ talloc_destroy(mem_ctx);
+ return status;
+}
/* the rpc backend methods are exposed via this structure */
struct winbindd_methods msrpc_methods = {
query_user,
lookup_usergroups,
lookup_groupmem,
- sequence_number
+ sequence_number,
+ trusted_domains,
+ domain_sid
};
-
/* Add a trusted domain to our list of domains */
static struct winbindd_domain *add_trusted_domain(char *domain_name,
- DOM_SID *domain_sid,
struct winbindd_methods *methods)
{
struct winbindd_domain *domain, *tmp;
ZERO_STRUCTP(domain);
fstrcpy(domain->name, domain_name);
- sid_copy(&domain->sid, domain_sid);
domain->methods = methods;
domain->sequence_number = DOM_SEQUENCE_NONE;
domain->last_seq_check = 0;
BOOL get_domain_info(void)
{
- uint32 enum_ctx = 0, num_doms = 0;
- char **domains = NULL;
- DOM_SID *sids = NULL, domain_sid;
NTSTATUS result;
- CLI_POLICY_HND *hnd;
- int i;
- fstring level5_dom;
- BOOL rv = False;
TALLOC_CTX *mem_ctx;
extern struct winbindd_methods cache_methods;
-
- DEBUG(1, ("getting trusted domain list\n"));
+ struct winbindd_domain *domain;
+ DOM_SID *dom_sids;
+ char **names;
+ int num_domains = 0;
if (!(mem_ctx = talloc_init()))
return False;
- /* Add our workgroup - keep handle to look up trusted domains */
-
- if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
- goto done;
-
- result = cli_lsa_query_info_policy(hnd->cli, mem_ctx,
- &hnd->pol, 0x05, level5_dom, &domain_sid);
+ domain = add_trusted_domain(lp_workgroup(), &cache_methods);
- if (!NT_STATUS_IS_OK(result))
- goto done;
+ /* now we *must* get the domain sid for our primary domain. Go into a holding
+ pattern until that is available */
+ result = cache_methods.domain_sid(domain, &domain->sid);
+ while (!NT_STATUS_IS_OK(result)) {
+ sleep(10);
+ DEBUG(1,("Retrying startup domain sid fetch for %s\n",
+ domain->name));
+ result = cache_methods.domain_sid(domain, &domain->sid);
+ }
- add_trusted_domain(lp_workgroup(), &domain_sid, &cache_methods);
-
- /* Enumerate list of trusted domains */
+ DEBUG(1, ("getting trusted domain list\n"));
- if (!(hnd = cm_get_lsa_handle(lp_workgroup())))
- goto done;
+ result = cache_methods.trusted_domains(domain, mem_ctx, &num_domains,
+ &names, &dom_sids);
- result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx,
- &hnd->pol, &enum_ctx, &num_doms, &domains, &sids);
-
- if (!NT_STATUS_IS_OK(result))
- goto done;
-
/* Add each domain to the trusted domain list */
-
- for(i = 0; i < num_doms; i++)
- add_trusted_domain(domains[i], &sids[i], &cache_methods);
-
- rv = True;
-
- done:
-
- talloc_destroy(mem_ctx);
-
- return rv;
-}
-
-
-/* Connect to a domain controller using get_any_dc_name() to discover
- the domain name and sid */
-
-BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain)
-{
- fstring level5_dom;
- uint32 enum_ctx = 0, num_doms = 0;
- char **domains = NULL;
- DOM_SID *sids = NULL;
- CLI_POLICY_HND *hnd;
- NTSTATUS result;
- BOOL rv = False;
- TALLOC_CTX *mem_ctx;
-
- DEBUG(1, ("looking up sid for domain %s\n", domain_name));
-
- if (!(mem_ctx = talloc_init()))
- return False;
-
- if (!(hnd = cm_get_lsa_handle(domain_name)))
- goto done;
-
- /* Do a level 5 query info policy if we are looking up the SID for
- our own domain. */
-
- if (strequal(domain_name, lp_workgroup())) {
-
- result = cli_lsa_query_info_policy(hnd->cli, mem_ctx,
- &hnd->pol, 0x05, level5_dom,
- &domain->sid);
-
- rv = NT_STATUS_IS_OK(result);
- goto done;
- }
-
- /* Use lsaenumdomains to get sid for this domain */
-
- result = cli_lsa_enum_trust_dom(hnd->cli, mem_ctx, &hnd->pol,
- &enum_ctx, &num_doms, &domains, &sids);
-
- /* Look for domain name */
-
- if (NT_STATUS_IS_OK(result) && domains && sids) {
- BOOL found = False;
+ if (NT_STATUS_IS_OK(result)) {
int i;
-
- for(i = 0; i < num_doms; i++) {
- if (strequal(domain_name, domains[i])) {
- sid_copy(&domain->sid, &sids[i]);
- found = True;
- break;
+ for(i = 0; i < num_domains; i++) {
+ domain = add_trusted_domain(names[i], &cache_methods);
+ if (domain) {
+ sid_copy(&domain->sid, &dom_sids[i]);
}
}
-
- rv = found;
- goto done;
}
-
- rv = False; /* An error occured with a trusted domain */
-
- done:
talloc_destroy(mem_ctx);
-
- return rv;
+ return True;
}
-/* Lookup a sid in a domain from a name */
+/* Lookup a sid in a domain from a name */
BOOL winbindd_lookup_sid_by_name(struct winbindd_domain *domain,
const char *name, DOM_SID *sid, enum SID_NAME_USE *type)
{
git.samba.org / sfrench / samba-autobuild / .git / commitdiff