r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,

based on samba4-idl.

This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.

Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.

Guenther

diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h
index c0c7e389e5b17d4415eaf5ad0c9b2a2a5b807c7d..e3fbebaa77fac1a198e81d759c4d4c8f1a1860ff 100644 (file)
--- a/source/include/rpc_samr.h
+++ b/source/include/rpc_samr.h
@@ -537,6 +537,13 @@ typedef struct sam_unknown_info_7_info
 
 } SAM_UNK_INFO_7;
 
+typedef struct sam_unknown_info_8_info
+{
+       UINT64_S seq_num;
+       NTTIME domain_create_time;
+
+} SAM_UNK_INFO_8;
+
 typedef struct sam_unknown_info_12_inf
 {
        NTTIME duration;
@@ -564,8 +571,7 @@ typedef struct sam_unknown_info_2_inf
           pointer is referring to
         */
 
-       uint32 seq_num; /* some sort of incrementing sequence number? */
-       uint32 unknown_3; /* 0x0000 0000 */
+       UINT64_S seq_num;
        
        uint32 unknown_4; /* 0x0000 0001 */
        uint32 unknown_5; /* 0x0000 0003 */
@@ -603,6 +609,7 @@ typedef struct sam_unknown_ctr_info
                SAM_UNK_INFO_5 inf5;
                SAM_UNK_INFO_6 inf6;
                SAM_UNK_INFO_7 inf7;
+               SAM_UNK_INFO_8 inf8;
                SAM_UNK_INFO_12 inf12;
 
        } info;

diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c
index de7f2ff76fbec30178b2b055a630b2c347afc471..e6edb70f0796fbbcae79cbaed044d68c3e3eb288 100644 (file)
--- a/source/nsswitch/winbindd_rpc.c
+++ b/source/nsswitch/winbindd_rpc.c
@@ -807,10 +807,10 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
        TALLOC_CTX *mem_ctx;
        CLI_POLICY_HND *hnd;
        SAM_UNK_CTR ctr;
-       uint16 switch_value = 2;
        NTSTATUS result;
        POLICY_HND dom_pol;
        BOOL got_dom_pol = False;
+       BOOL got_seq_num = False;
        uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
        int retry;
 
@@ -856,10 +856,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
        /* Query domain info */
 
        result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
-                                        switch_value, &ctr);
+                                        8, &ctr);
 
        if (NT_STATUS_IS_OK(result)) {
-               *seq = ctr.info.inf2.seq_num;
+               *seq = ctr.info.inf8.seq_num.low;
+               got_seq_num = True;
+               goto seq_num;
+       }
+
+       /* retry with info-level 2 in case the dc does not support info-level 8
+        * (like all older samba2 and samba3 dc's - Guenther */
+
+       result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
+                                        2, &ctr);
+       
+       if (NT_STATUS_IS_OK(result)) {
+               *seq = ctr.info.inf2.seq_num.low;
+               got_seq_num = True;
+       }
+
+ seq_num:
+       if (got_seq_num) {
                DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)*seq));
        } else {
                DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n",

diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index a674b89ab6971c0cce496f8c3a34097748224bd5..5b211f8349ab7936e8c2df5f0308f0350ec958c0 100644 (file)
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -588,6 +588,40 @@ static BOOL sam_io_unk_info7(const char *desc, SAM_UNK_INFO_7 * u_7,
        return True;
 }
 
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info8(SAM_UNK_INFO_8 * u_8, uint32 seq_num)
+{
+       unix_to_nt_time(&u_8->domain_create_time, 0);
+       u_8->seq_num.low = seq_num;
+       u_8->seq_num.high = 0x0000;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info8(const char *desc, SAM_UNK_INFO_8 * u_8,
+                            prs_struct *ps, int depth)
+{
+       if (u_8 == NULL)
+               return False;
+
+       prs_debug(ps, depth, desc, "sam_io_unk_info8");
+       depth++;
+
+       if (!prs_uint64("seq_num", ps, depth, &u_8->seq_num))
+               return False;
+
+       if(!smb_io_time("domain_create_time", &u_8->domain_create_time, ps, depth))
+               return False;
+
+       return True;
+}
+
+
 /*******************************************************************
 inits a structure.
 ********************************************************************/
@@ -668,8 +702,9 @@ void init_unk_info2(SAM_UNK_INFO_2 * u_2,
        u_2->unknown_0 = 0x00000000;
        u_2->unknown_1 = 0x80000000;
 
-       u_2->seq_num = seq_num;
-       u_2->unknown_3 = 0x00000000;
+       u_2->seq_num.low = seq_num;
+       u_2->seq_num.high = 0x00000000;
+
 
        u_2->unknown_4 = 0x00000001;
        u_2->unknown_5 = 0x00000003;
@@ -716,9 +751,7 @@ static BOOL sam_io_unk_info2(const char *desc, SAM_UNK_INFO_2 * u_2,
           pointer is referring to
         */
 
-       if(!prs_uint32("seq_num ", ps, depth, &u_2->seq_num))   /* 0x0000 0099 or 0x1000 0000 */
-               return False;
-       if(!prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3))       /* 0x0000 0000 */
+       if(!prs_uint64("seq_num ", ps, depth, &u_2->seq_num))
                return False;
 
        if(!prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4)) /* 0x0000 0001 */
@@ -843,6 +876,10 @@ BOOL samr_io_r_query_dom_info(const char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u,
                        if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
                                return False;
                        break;
+               case 0x08:
+                       if(!sam_io_unk_info8("unk_inf8",&r_u->ctr->info.inf8, ps,depth))
+                               return False;
+                       break;
                case 0x07:
                        if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
                                return False;

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 771e8c71e3ed20533ae84603774aa7207a436ab7..5d7cd843907a094453b2b100b815301a87a40c02 100644 (file)
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -2133,6 +2133,9 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
                case 0x07:
                        init_unk_info7(&ctr->info.inf7);
                        break;
+               case 0x08:
+                       init_unk_info8(&ctr->info.inf8, (uint32) time(NULL));
+                       break;
                case 0x0c:
                        account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
                        u_lock_duration = account_policy_temp * 60;

diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index f8be84a5c999a8907879d3ff813d898c730ed774..2a282680a81bd717d21f2baa82af9762236b474a 100644 (file)
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -160,16 +160,23 @@ static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
        printf("Total Groups:\t%d\n", info2->num_domain_grps);
        printf("Total Aliases:\t%d\n", info2->num_local_grps);
        
-       printf("Sequence No:\t%d\n", info2->seq_num);
+       printf("Sequence No:\t%d\n", info2->seq_num.low);
        
        printf("Unknown 0:\t0x%x\n", info2->unknown_0);
        printf("Unknown 1:\t0x%x\n", info2->unknown_1);
-       printf("Unknown 3:\t0x%x\n", info2->unknown_3);
        printf("Unknown 4:\t0x%x\n", info2->unknown_4);
        printf("Unknown 5:\t0x%x\n", info2->unknown_5);
        printf("Unknown 6:\t0x%x\n", info2->unknown_6);
 }
 
+static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
+{
+       printf("Sequence No:\t%d\n", info8->seq_num.low);
+       printf("Domain Create Time:\t%s\n", 
+               http_timestring(nt_time_to_unix(&info8->domain_create_time)));
+
+}
+
 static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
 {
        printf("Bad password lockout duration:               %s\n", display_time(info12->duration));
@@ -1130,6 +1137,9 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
        case 2:
                display_sam_unk_info_2(&ctr.info.inf2);
                break;
+       case 8:
+               display_sam_unk_info_8(&ctr.info.inf8);
+               break;
        case 12:
                display_sam_unk_info_12(&ctr.info.inf12);
                break;