return msrpc_methods.password_policy(domain, mem_ctx, policy);
}
-/* get a list of trusted domains */
-static NTSTATUS trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct netr_DomainTrustList *trusts)
-{
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- WERROR werr;
- uint32_t i;
- uint32_t flags;
- struct rpc_pipe_client *cli;
- int ret_count;
- struct dcerpc_binding_handle *b;
-
- DEBUG(3,("ads: trusted_domains\n"));
-
- ZERO_STRUCTP(trusts);
-
- /* If this is our primary domain or a root in our forest,
- query for all trusts. If not, then just look for domain
- trusts in the target forest */
-
- if (domain->primary || domain_is_forest_root(domain)) {
- flags = NETR_TRUST_FLAG_OUTBOUND |
- NETR_TRUST_FLAG_INBOUND |
- NETR_TRUST_FLAG_IN_FOREST;
- } else {
- flags = NETR_TRUST_FLAG_IN_FOREST;
- }
-
- result = cm_connect_netlogon(domain, &cli);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(5, ("trusted_domains: Could not open a connection to %s "
- "for PIPE_NETLOGON (%s)\n",
- domain->name, nt_errstr(result)));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- b = cli->binding_handle;
-
- result = dcerpc_netr_DsrEnumerateDomainTrusts(b, mem_ctx,
- cli->desthost,
- flags,
- trusts,
- &werr);
- if (!NT_STATUS_IS_OK(result)) {
- return result;
- }
-
- if (!W_ERROR_IS_OK(werr)) {
- return werror_to_ntstatus(werr);
- }
- if (trusts->count == 0) {
- return NT_STATUS_OK;
- }
-
- /* Copy across names and sids */
-
- ret_count = 0;
- for (i = 0; i < trusts->count; i++) {
- struct netr_DomainTrust *trust = &trusts->array[i];
- struct winbindd_domain d;
-
- ZERO_STRUCT(d);
-
- /*
- * drop external trusts if this is not our primary
- * domain. This means that the returned number of
- * domains may be less that the ones actually trusted
- * by the DC.
- */
-
- if ((trust->trust_attributes
- & LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
- !domain->primary )
- {
- DEBUG(10,("trusted_domains: Skipping external trusted "
- "domain %s because it is outside of our "
- "primary domain\n",
- trust->netbios_name));
- continue;
- }
-
- /* add to the trusted domain cache */
-
- d.name = discard_const_p(char, trust->netbios_name);
- d.alt_name = discard_const_p(char, trust->dns_name);
-
- if (trust->sid) {
- sid_copy(&d.sid, trust->sid);
- } else {
- sid_copy(&d.sid, &global_sid_NULL);
- }
-
- if ( domain->primary ) {
- DEBUG(10,("trusted_domains(ads): Searching "
- "trusted domain list of %s and storing "
- "trust flags for domain %s\n",
- domain->name, d.alt_name));
-
- d.domain_flags = trust->trust_flags;
- d.domain_type = trust->trust_type;
- d.domain_trust_attribs = trust->trust_attributes;
-
- wcache_tdc_add_domain( &d );
- ret_count++;
- } else if (domain_is_forest_root(domain)) {
- /* Check if we already have this record. If
- * we are following our forest root that is not
- * our primary domain, we want to keep trust
- * flags from the perspective of our primary
- * domain not our forest root. */
- struct winbindd_tdc_domain *exist = NULL;
-
- exist = wcache_tdc_fetch_domain(
- talloc_tos(), trust->netbios_name);
- if (!exist) {
- DEBUG(10,("trusted_domains(ads): Searching "
- "trusted domain list of %s and "
- "storing trust flags for domain "
- "%s\n", domain->name, d.alt_name));
- d.domain_flags = trust->trust_flags;
- d.domain_type = trust->trust_type;
- d.domain_trust_attribs =
- trust->trust_attributes;
-
- wcache_tdc_add_domain( &d );
- ret_count++;
- }
- TALLOC_FREE(exist);
- } else {
- /* This gets a little tricky. If we are
- following a transitive forest trust, then
- innerit the flags, type, and attribs from
- the domain we queried to make sure we don't
- record the view of the trust from the wrong
- side. Always view it from the side of our
- primary domain. --jerry */
- struct winbindd_tdc_domain *parent = NULL;
-
- DEBUG(10,("trusted_domains(ads): Searching "
- "trusted domain list of %s and inheriting "
- "trust flags for domain %s\n",
- domain->name, d.alt_name));
-
- parent = wcache_tdc_fetch_domain(talloc_tos(),
- domain->name);
- if (parent) {
- d.domain_flags = parent->trust_flags;
- d.domain_type = parent->trust_type;
- d.domain_trust_attribs = parent->trust_attribs;
- } else {
- d.domain_flags = domain->domain_flags;
- d.domain_type = domain->domain_type;
- d.domain_trust_attribs =
- domain->domain_trust_attribs;
- }
- TALLOC_FREE(parent);
-
- /*
- * We need to pass the modified properties
- * to the caller.
- */
- trust->trust_flags = d.domain_flags;
- trust->trust_type = d.domain_type;
- trust->trust_attributes = d.domain_trust_attribs;
-
- wcache_tdc_add_domain( &d );
- ret_count++;
- }
- }
- return result;
-}
-
/* the ADS backend methods are exposed via this structure */
struct winbindd_methods ads_methods = {
True,
sequence_number,
lockout_policy,
password_policy,
- trusted_domains,
};
#endif
return status;
}
-/* get a list of trusted domains */
-static NTSTATUS msrpc_trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct netr_DomainTrustList *ptrust_list)
-{
- struct rpc_pipe_client *lsa_pipe;
- struct policy_handle lsa_policy;
- struct netr_DomainTrust *trusts = NULL;
- uint32_t num_trusts = 0;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
-
- DEBUG(3,("msrpc_trusted_domains\n"));
-
- if (ptrust_list) {
- ZERO_STRUCTP(ptrust_list);
- }
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = cm_connect_lsa(domain, tmp_ctx, &lsa_pipe, &lsa_policy);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = rpc_trusted_domains(tmp_ctx,
- lsa_pipe,
- &lsa_policy,
- &num_trusts,
- &trusts);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- if (ptrust_list) {
- ptrust_list->count = num_trusts;
- ptrust_list->array = talloc_move(mem_ctx, &trusts);
- }
-
-done:
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* find the lockout policy for a domain */
static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
msrpc_sequence_number,
msrpc_lockout_policy,
msrpc_password_policy,
- msrpc_trusted_domains,
};
return status;
}
-/* get a list of trusted domains - builtin domain */
-static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct netr_DomainTrustList *ptrust_list)
-{
- struct rpc_pipe_client *lsa_pipe;
- struct policy_handle lsa_policy = { 0 };
- struct netr_DomainTrust *trusts = NULL;
- uint32_t num_trusts = 0;
- TALLOC_CTX *tmp_ctx;
- NTSTATUS status;
- bool retry = false;
-
- DEBUG(3,("samr: trusted domains\n"));
-
- if (ptrust_list) {
- ZERO_STRUCTP(ptrust_list);
- }
-
- tmp_ctx = talloc_stackframe();
- if (tmp_ctx == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
-again:
- status = open_cached_internal_pipe_conn(domain,
- NULL,
- NULL,
- &lsa_pipe,
- &lsa_policy);
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- status = rpc_trusted_domains(tmp_ctx,
- lsa_pipe,
- &lsa_policy,
- &num_trusts,
- &trusts);
-
- if (!retry && reset_connection_on_error(domain, lsa_pipe, status)) {
- retry = true;
- goto again;
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- goto done;
- }
-
- if (ptrust_list) {
- ptrust_list->count = num_trusts;
- ptrust_list->array = talloc_move(mem_ctx, &trusts);
- }
-
-done:
- TALLOC_FREE(tmp_ctx);
- return status;
-}
-
/* Lookup group membership given a rid. */
static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-/* get a list of trusted domains - builtin domain */
-static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- struct netr_DomainTrustList *trusts)
-{
- ZERO_STRUCTP(trusts);
- return NT_STATUS_OK;
-}
-
/*********************************************************************
COMMON functions.
*********************************************************************/
.sequence_number = sam_sequence_number,
.lockout_policy = sam_lockout_policy,
.password_policy = sam_password_policy,
- .trusted_domains = builtin_trusted_domains
};
/* the rpc backend methods are exposed via this structure */
.sequence_number = sam_sequence_number,
.lockout_policy = sam_lockout_policy,
.password_policy = sam_password_policy,
- .trusted_domains = sam_trusted_domains
};