based on samba4-idl.
This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.
Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.
Guenther
} SAM_UNK_INFO_7;
+typedef struct sam_unknown_info_8_info
+{
+ UINT64_S seq_num;
+ NTTIME domain_create_time;
+
+} SAM_UNK_INFO_8;
+
typedef struct sam_unknown_info_12_inf
{
NTTIME duration;
pointer is referring to
*/
- uint32 seq_num; /* some sort of incrementing sequence number? */
- uint32 unknown_3; /* 0x0000 0000 */
+ UINT64_S seq_num;
uint32 unknown_4; /* 0x0000 0001 */
uint32 unknown_5; /* 0x0000 0003 */
SAM_UNK_INFO_5 inf5;
SAM_UNK_INFO_6 inf6;
SAM_UNK_INFO_7 inf7;
+ SAM_UNK_INFO_8 inf8;
SAM_UNK_INFO_12 inf12;
} info;
TALLOC_CTX *mem_ctx;
CLI_POLICY_HND *hnd;
SAM_UNK_CTR ctr;
- uint16 switch_value = 2;
NTSTATUS result;
POLICY_HND dom_pol;
BOOL got_dom_pol = False;
+ BOOL got_seq_num = False;
uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
int retry;
/* Query domain info */
result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
- switch_value, &ctr);
+ 8, &ctr);
if (NT_STATUS_IS_OK(result)) {
- *seq = ctr.info.inf2.seq_num;
+ *seq = ctr.info.inf8.seq_num.low;
+ got_seq_num = True;
+ goto seq_num;
+ }
+
+ /* retry with info-level 2 in case the dc does not support info-level 8
+ * (like all older samba2 and samba3 dc's - Guenther */
+
+ result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
+ 2, &ctr);
+
+ if (NT_STATUS_IS_OK(result)) {
+ *seq = ctr.info.inf2.seq_num.low;
+ got_seq_num = True;
+ }
+
+ seq_num:
+ if (got_seq_num) {
DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)*seq));
} else {
DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n",
return True;
}
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info8(SAM_UNK_INFO_8 * u_8, uint32 seq_num)
+{
+ unix_to_nt_time(&u_8->domain_create_time, 0);
+ u_8->seq_num.low = seq_num;
+ u_8->seq_num.high = 0x0000;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info8(const char *desc, SAM_UNK_INFO_8 * u_8,
+ prs_struct *ps, int depth)
+{
+ if (u_8 == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, "sam_io_unk_info8");
+ depth++;
+
+ if (!prs_uint64("seq_num", ps, depth, &u_8->seq_num))
+ return False;
+
+ if(!smb_io_time("domain_create_time", &u_8->domain_create_time, ps, depth))
+ return False;
+
+ return True;
+}
+
+
/*******************************************************************
inits a structure.
********************************************************************/
u_2->unknown_0 = 0x00000000;
u_2->unknown_1 = 0x80000000;
- u_2->seq_num = seq_num;
- u_2->unknown_3 = 0x00000000;
+ u_2->seq_num.low = seq_num;
+ u_2->seq_num.high = 0x00000000;
+
u_2->unknown_4 = 0x00000001;
u_2->unknown_5 = 0x00000003;
pointer is referring to
*/
- if(!prs_uint32("seq_num ", ps, depth, &u_2->seq_num)) /* 0x0000 0099 or 0x1000 0000 */
- return False;
- if(!prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3)) /* 0x0000 0000 */
+ if(!prs_uint64("seq_num ", ps, depth, &u_2->seq_num))
return False;
if(!prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4)) /* 0x0000 0001 */
if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
return False;
break;
+ case 0x08:
+ if(!sam_io_unk_info8("unk_inf8",&r_u->ctr->info.inf8, ps,depth))
+ return False;
+ break;
case 0x07:
if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
return False;
case 0x07:
init_unk_info7(&ctr->info.inf7);
break;
+ case 0x08:
+ init_unk_info8(&ctr->info.inf8, (uint32) time(NULL));
+ break;
case 0x0c:
account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
u_lock_duration = account_policy_temp * 60;
printf("Total Groups:\t%d\n", info2->num_domain_grps);
printf("Total Aliases:\t%d\n", info2->num_local_grps);
- printf("Sequence No:\t%d\n", info2->seq_num);
+ printf("Sequence No:\t%d\n", info2->seq_num.low);
printf("Unknown 0:\t0x%x\n", info2->unknown_0);
printf("Unknown 1:\t0x%x\n", info2->unknown_1);
- printf("Unknown 3:\t0x%x\n", info2->unknown_3);
printf("Unknown 4:\t0x%x\n", info2->unknown_4);
printf("Unknown 5:\t0x%x\n", info2->unknown_5);
printf("Unknown 6:\t0x%x\n", info2->unknown_6);
}
+static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
+{
+ printf("Sequence No:\t%d\n", info8->seq_num.low);
+ printf("Domain Create Time:\t%s\n",
+ http_timestring(nt_time_to_unix(&info8->domain_create_time)));
+
+}
+
static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
{
printf("Bad password lockout duration: %s\n", display_time(info12->duration));
case 2:
display_sam_unk_info_2(&ctr.info.inf2);
break;
+ case 8:
+ display_sam_unk_info_8(&ctr.info.inf8);
+ break;
case 12:
display_sam_unk_info_12(&ctr.info.inf12);
break;