rpc_client/cli_lsarpc.c:

author Andrew Bartlett <abartlet@samba.org>

Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)

committer Andrew Bartlett <abartlet@samba.org>

Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)
author Andrew Bartlett <abartlet@samba.org>
Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)
committer Andrew Bartlett <abartlet@samba.org>
Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)
diff --git a/source/include/rpc_ds.h b/source/include/rpc_ds.h

index e2622be532c2e2925ce7c8fad55012b1d76a574d..dc1aeef464e669818d444fc6fa2d1fead9001c97 100644 (file)
--- a/source/include/rpc_ds.h
+++ b/source/include/rpc_ds.h
@@ -118,6 +118,19 @@ typedef struct {
  
  } DS_DOMAIN_TRUSTS;
  
+struct ds_domain_trust {
+       /* static portion of structure */
+       uint32          flags;
+       uint32          parent_index;
+       uint32          trust_type;
+       uint32          trust_attributes;
+       GUID            guid;
+       
+       DOM_SID sid;
+       char *netbios_domain;
+       char *dns_domain;
+};
+
  typedef struct {
  
         uint32                  ptr;
diff --git a/source/libads/ads_ldap.c b/source/libads/ads_ldap.c

index 776bdd23595e1df7fcf4deee93e8c40a2d7668bb..944cb1599cc97b7b4eb6ed4e9350201cbf4a5a7c 100644 (file)
--- a/source/libads/ads_ldap.c
+++ b/source/libads/ads_ldap.c
@@ -152,12 +152,13 @@ done:
         return status;
  }
  
+
  /* convert a sid to a DN */
  
-NTSTATUS ads_sid_to_dn(ADS_STRUCT *ads,
-                      TALLOC_CTX *mem_ctx,
-                      const DOM_SID *sid,
-                      char **dn)
+ADS_STATUS ads_sid_to_dn(ADS_STRUCT *ads,
+                        TALLOC_CTX *mem_ctx,
+                        const DOM_SID *sid,
+                        char **dn)
  {
         ADS_STATUS rc;
         LDAPMessage *msg = NULL;
@@ -165,24 +166,28 @@ NTSTATUS ads_sid_to_dn(ADS_STRUCT *ads,
         char *ldap_exp;
         char *sidstr = NULL;
         int count;
-       char *dn2;
-       NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+       char *dn2 = NULL;
+
+       const char *attr[] = {
+               "dn",
+               NULL
+       };
  
         if (!(sidstr = sid_binstring(sid))) {
                 DEBUG(1,("ads_sid_to_dn: sid_binstring failed!\n"));
-               status = NT_STATUS_NO_MEMORY;
+               rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                 goto done;
         }
  
         if(!(ldap_exp = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr))) {
                 DEBUG(1,("ads_sid_to_dn: talloc_asprintf failed!\n"));
-               status = NT_STATUS_NO_MEMORY;
+               rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                 goto done;
         }
  
-       rc = ads_search_retry(ads, (void **)&msg, ldap_exp, NULL);
+       rc = ads_search_retry(ads, (void **)&msg, ldap_exp, attr);
+
         if (!ADS_ERR_OK(rc)) {
-               status = ads_ntstatus(rc);
                 DEBUG(1,("ads_sid_to_dn ads_search: %s\n", ads_errstr(rc)));
                 goto done;
         }
@@ -191,7 +196,7 @@ NTSTATUS ads_sid_to_dn(ADS_STRUCT *ads,
                 fstring sid_string;
                 DEBUG(1,("ads_sid_to_dn (sid=%s): Not found (count=%d)\n", 
                          sid_to_string(sid_string, sid), count));
-               status = NT_STATUS_UNSUCCESSFUL;
+               rc = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
                 goto done;
         }
  
@@ -200,30 +205,30 @@ NTSTATUS ads_sid_to_dn(ADS_STRUCT *ads,
         dn2 = ads_get_dn(ads, entry);
  
         if (!dn2) {
-               status = NT_STATUS_NO_MEMORY;
+               rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                 goto done;
         }
  
         *dn = talloc_strdup(mem_ctx, dn2);
  
         if (!*dn) {
-               SAFE_FREE(dn2);
-               status = NT_STATUS_NO_MEMORY;
+               ads_memfree(ads, dn2);
+               rc = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
                 goto done;
         }
  
-       status = NT_STATUS_OK;
+       rc = ADS_ERROR_NT(NT_STATUS_OK);
  
         DEBUG(3,("ads sid_to_dn mapped %s\n", dn2));
  
         SAFE_FREE(dn2);
  done:
         if (msg) ads_msgfree(ads, msg);
+       if (dn2) ads_memfree(ads, dn2);
  
         SAFE_FREE(sidstr);
  
-       return status;
+       return rc;
  }
  
-
  #endif
diff --git a/source/nsswitch/winbindd.h b/source/nsswitch/winbindd.h

index 5f09cedfc24f2b697318cec04616ca2de5a7c30c..5dbe422bc148ca4563b7f07a245095216480c5b0 100644 (file)
--- a/source/nsswitch/winbindd.h
+++ b/source/nsswitch/winbindd.h
@@ -154,7 +154,7 @@ struct winbindd_methods {
         /* convert a sid to a user or group name */
         NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
                                 TALLOC_CTX *mem_ctx,
-                               DOM_SID *sid,
+                               const DOM_SID *sid,
                                 char **name,
                                 enum SID_NAME_USE *type);
  
diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c

index e66706c444941cc6e9616a1a230ad9d8b8ecbfe0..3a70c1a01e2b182aeeb62a044d32bf9b405a562d 100644 (file)
--- a/source/nsswitch/winbindd_ads.c
+++ b/source/nsswitch/winbindd_ads.c
@@ -325,7 +325,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
  /* convert a sid to a user or group name */
  static NTSTATUS sid_to_name(struct winbindd_domain *domain,
                             TALLOC_CTX *mem_ctx,
-                           DOM_SID *sid,
+                           const DOM_SID *sid,
                             char **name,
                             enum SID_NAME_USE *type)
  {
@@ -351,24 +351,14 @@ static BOOL dn_lookup(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
                       const char *dn,
                       char **name, uint32 *name_type, DOM_SID *sid)
  {
-       char *ldap_exp;
         void *res = NULL;
         const char *attrs[] = {"userPrincipalName", "sAMAccountName",
                                "objectSid", "sAMAccountType", NULL};
         ADS_STATUS rc;
         uint32 atype;
-       char *escaped_dn = escape_ldap_string_alloc(dn);
-
         DEBUG(3,("ads: dn_lookup\n"));
  
-       if (!escaped_dn) {
-               return False;
-       }
-
-       asprintf(&ldap_exp, "(distinguishedName=%s)", escaped_dn);
-       rc = ads_search_retry(ads, &res, ldap_exp, attrs);
-       SAFE_FREE(ldap_exp);
-       SAFE_FREE(escaped_dn);
+       rc = ads_search_retry_dn(ads, &res, dn, attrs);
  
         if (!ADS_ERR_OK(rc) || !res) {
                 goto failed;
@@ -488,6 +478,7 @@ static NTSTATUS lookup_usergroups_alt(struct winbindd_domain *domain,
         char *ldap_exp;
         ADS_STRUCT *ads;
         const char *group_attrs[] = {"objectSid", NULL};
+       char *escaped_dn;
  
         DEBUG(3,("ads: lookup_usergroups_alt\n"));
  
@@ -498,15 +489,24 @@ static NTSTATUS lookup_usergroups_alt(struct winbindd_domain *domain,
                 goto done;
         }
  
+       if (!(escaped_dn = escape_ldap_string_alloc(user_dn))) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
         /* buggy server, no tokenGroups.  Instead lookup what groups this user
            is a member of by DN search on member*/
-       if (asprintf(&ldap_exp, "(&(member=%s)(objectClass=group))", user_dn) == -1) {
+
+       if (!(ldap_exp = talloc_asprintf(mem_ctx, "(&(member=%s)(objectClass=group))", escaped_dn))) {
                 DEBUG(1,("lookup_usergroups(dn=%s) asprintf failed!\n", user_dn));
-               return NT_STATUS_NO_MEMORY;
+               SAFE_FREE(escaped_dn);
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
         }
-       
+
+       SAFE_FREE(escaped_dn);
+
         rc = ads_search_retry(ads, &res, ldap_exp, group_attrs);
-       free(ldap_exp);
         
         if (!ADS_ERR_OK(rc) || !res) {
                 DEBUG(1,("lookup_usergroups ads_search member=%s: %s\n", user_dn, ads_errstr(rc)));
@@ -565,18 +565,15 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
                                   uint32 *num_groups, DOM_SID ***user_gids)
  {
         ADS_STRUCT *ads = NULL;
-       const char *attrs[] = {"distinguishedName", NULL};
-       const char *attrs2[] = {"tokenGroups", "primaryGroupID", NULL};
+       const char *attrs[] = {"tokenGroups", "primaryGroupID", NULL};
         ADS_STATUS rc;
         int count;
-       void *msg = NULL;
-       char *ldap_exp;
+       LDAPMessage *msg = NULL;
         char *user_dn;
         DOM_SID *sids;
         int i;
         DOM_SID *primary_group;
         uint32 primary_group_rid;
-       char *sidstr;
         fstring sid_string;
         NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
  
@@ -587,44 +584,26 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
         
         if (!ads) {
                 domain->last_status = NT_STATUS_SERVER_DISABLED;
+               status = NT_STATUS_SERVER_DISABLED;
                 goto done;
         }
  
-       if (!(sidstr = sid_binstring(sid))) {
-               DEBUG(1,("lookup_usergroups(sid=%s) sid_binstring returned NULL\n", sid_to_string(sid_string, sid)));
-               status = NT_STATUS_NO_MEMORY;
-               goto done;
-       }
-       if (asprintf(&ldap_exp, "(objectSid=%s)", sidstr) == -1) {
-               free(sidstr);
-               DEBUG(1,("lookup_usergroups(sid=%s) asprintf failed!\n", sid_to_string(sid_string, sid)));
-               status = NT_STATUS_NO_MEMORY;
-               goto done;
-       }
-
-       rc = ads_search_retry(ads, &msg, ldap_exp, attrs);
-       free(ldap_exp);
-       free(sidstr);
-
-       if (!ADS_ERR_OK(rc) || !msg) {
-               DEBUG(1,("lookup_usergroups(sid=%s) ads_search: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc)));
+       rc = ads_sid_to_dn(ads, mem_ctx, sid, &user_dn);
+       if (!ADS_ERR_OK(rc)) {
+               status = ads_ntstatus(rc);
                 goto done;
         }
  
-       user_dn = ads_pull_string(ads, mem_ctx, msg, "distinguishedName");
-       if (!user_dn) {
-               DEBUG(1,("lookup_usergroups(sid=%s) ads_search did not return a a distinguishedName!\n", sid_to_string(sid_string, sid)));
-               if (msg) 
-                       ads_msgfree(ads, msg);
+       rc = ads_search_retry_dn(ads, (void**)&msg, user_dn, attrs);
+       if (!ADS_ERR_OK(rc)) {
+               status = ads_ntstatus(rc);
+               DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc)));
                 goto done;
         }
-
-       if (msg) 
-               ads_msgfree(ads, msg);
-
-       rc = ads_search_retry_dn(ads, &msg, user_dn, attrs2);
-       if (!ADS_ERR_OK(rc) || !msg) {
-               DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: %s\n", sid_to_string(sid_string, sid), ads_errstr(rc)));
+       
+       if (!msg) {
+               DEBUG(1,("lookup_usergroups(sid=%s) ads_search tokenGroups: NULL msg\n", sid_to_string(sid_string, sid)));
+               status = NT_STATUS_UNSUCCESSFUL;
                 goto done;
         }
  
@@ -857,7 +836,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
                                 DOM_SID **dom_sids)
  {
         NTSTATUS                result = NT_STATUS_UNSUCCESSFUL;
-       DS_DOMAIN_TRUSTS        *domains = NULL;
+       struct ds_domain_trust  *domains = NULL;
         int                     count = 0;
         int                     i;
         struct cli_state        *cli = NULL;
@@ -875,7 +854,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
         contact_domain_name = *domain->alt_name ? domain->alt_name : domain->name;
         if ( !NT_STATUS_IS_OK(result = cm_fresh_connection(contact_domain_name, PI_NETLOGON, &cli)) ) {
                 DEBUG(5, ("trusted_domains: Could not open a connection to %s for PIPE_NETLOGON (%s)\n", 
-                         contact_domain_name, nt_errstr(result)));
+                         domain->name, nt_errstr(result)));
                 return NT_STATUS_UNSUCCESSFUL;
         }
         
@@ -907,27 +886,10 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
                 /* Copy across names and sids */
  
                 for (i = 0; i < count; i++) {
-                       fstring tmp;
-                       fstring tmp2;
-
-                       (*names)[i] = NULL;
-                       (*alt_names)[i] = NULL;
-                       ZERO_STRUCT( (*dom_sids)[i] );
+                       (*names)[i] = domains[i].netbios_domain;
+                       (*alt_names)[i] = domains[i].dns_domain;
  
-                       if ( domains[i].netbios_ptr ) {
-                               unistr2_to_ascii(tmp, &domains[i].netbios_domain, sizeof(tmp) - 1);
-                               (*names)[i] = talloc_strdup(mem_ctx, tmp);
-                       }
-                       
-                       if ( domains[i].dns_ptr ) {
-                               unistr2_to_ascii(tmp2, &domains[i].dns_domain, sizeof(tmp2) - 1);
-                               (*alt_names)[i] = talloc_strdup(mem_ctx, tmp2);
-                       }
-                       
-                       /* sometimes we will get back a NULL SID from this call */
-                       
-                       if ( domains[i].sid_ptr )
-                               sid_copy(&(*dom_sids)[i], &domains[i].sid.sid);
+                       sid_copy(&(*dom_sids)[i], &domains[i].sid);
                 }
  
                 *num_domains = count;   
@@ -935,8 +897,6 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
  
  done:
  
-       SAFE_FREE( domains );
-       
         /* remove connection;  This is a special case to the \NETLOGON pipe */
         
         if ( cli )
diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c

index 9adc299cc6affa90c6f30481ddb1a961e6b6ab2b..813621f3f7f17994b62cca23cfc3ade2c60f2e00 100644 (file)
--- a/source/nsswitch/winbindd_rpc.c
+++ b/source/nsswitch/winbindd_rpc.c
@@ -324,7 +324,7 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain,
  */
  static NTSTATUS sid_to_name(struct winbindd_domain *domain,
                             TALLOC_CTX *mem_ctx,
-                           DOM_SID *sid,
+                           const DOM_SID *sid,
                             char **name,
                             enum SID_NAME_USE *type)
  {
diff --git a/source/rpc_client/cli_ds.c b/source/rpc_client/cli_ds.c

index a7a093328c972ed6febbcd5e3c9fb15dd625cb3f..f8455edcd9a5e24326eb4df85731f39cb4079eda 100644 (file)
--- a/source/rpc_client/cli_ds.c
+++ b/source/rpc_client/cli_ds.c
@@ -82,7 +82,7 @@ done:
  
  NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
                                   const char *server, uint32 flags, 
-                                 DS_DOMAIN_TRUSTS **trusts, uint32 *num_domains)
+                                 struct ds_domain_trust **trusts, uint32 *num_domains)
  {
         prs_struct qbuf, rbuf;
         DS_Q_ENUM_DOM_TRUSTS q;
@@ -118,12 +118,32 @@ NTSTATUS cli_ds_enum_domain_trusts(struct cli_state *cli, TALLOC_CTX *mem_ctx,
                 int i;
         
                 *num_domains = r.num_domains;
-               *trusts = (DS_DOMAIN_TRUSTS*)smb_xmalloc(r.num_domains*sizeof(DS_DOMAIN_TRUSTS));
-               
-               memcpy( *trusts, r.domains.trusts, r.num_domains*sizeof(DS_DOMAIN_TRUSTS) );
-               for ( i=0; i<r.num_domains; i++ ) {
-                       copy_unistr2( &(*trusts)[i].netbios_domain, &r.domains.trusts[i].netbios_domain );
-                       copy_unistr2( &(*trusts)[i].dns_domain,     &r.domains.trusts[i].dns_domain );
+               *trusts = (struct ds_domain_trust*)talloc(mem_ctx, r.num_domains*sizeof(**trusts));
+
+               for ( i=0; i< *num_domains; i++ ) {
+                       (*trusts)[i].flags = r.domains.trusts[i].flags;
+                       (*trusts)[i].parent_index = r.domains.trusts[i].parent_index;
+                       (*trusts)[i].trust_type = r.domains.trusts[i].trust_type;
+                       (*trusts)[i].trust_attributes = r.domains.trusts[i].trust_attributes;
+                       (*trusts)[i].guid = r.domains.trusts[i].guid;
+
+                       if (&r.domains.trusts[i].sid_ptr) {
+                               sid_copy(&(*trusts)[i].sid, &r.domains.trusts[i].sid.sid);
+                       } else {
+                               ZERO_STRUCT((*trusts)[i].sid);
+                       }
+
+                       if (&r.domains.trusts[i].netbios_ptr) {
+                               (*trusts)[i].netbios_domain = unistr2_tdup( mem_ctx, &r.domains.trusts[i].netbios_domain );
+                       } else {
+                               (*trusts)[i].netbios_domain = NULL;
+                       }
+
+                       if (&r.domains.trusts[i].dns_ptr) {
+                               (*trusts)[i].dns_domain = unistr2_tdup( mem_ctx, &r.domains.trusts[i].dns_domain );
+                       } else {
+                               (*trusts)[i].dns_domain = NULL;
+                       }
                 }
         }
         
diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c

index ab4fbad6131357c30cdcd33b8acaf2081529fdbc..3b1f5478c6a56b8210d0ead73f565d843afe53a5 100644 (file)
--- a/source/rpc_client/cli_lsarpc.c
+++ b/source/rpc_client/cli_lsarpc.c
@@ -217,7 +217,7 @@ NTSTATUS cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
  /** Lookup a list of sids */
  
  NTSTATUS cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
-                             POLICY_HND *pol, int num_sids, DOM_SID *sids, 
+                             POLICY_HND *pol, int num_sids, const DOM_SID *sids, 
                               char ***domains, char ***names, uint32 **types)
  {
         prs_struct qbuf, rbuf;
diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c

index f960345fe74a2ea8fa95d9c7e7ebe928d909923c..d29b7bc5803edebfabb52a176d63d38896ce5427 100644 (file)
--- a/source/rpc_parse/parse_lsa.c
+++ b/source/rpc_parse/parse_lsa.c
@@ -804,7 +804,7 @@ BOOL lsa_io_r_query(const char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps,
  ********************************************************************/
  
  static void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, 
-                      int num_entries, DOM_SID *sids)
+                      int num_entries, const DOM_SID *sids)
  {
         int i;
  
@@ -913,7 +913,7 @@ static BOOL lsa_io_sid_enum(const char *desc, LSA_SID_ENUM *sen, prs_struct *ps,
  ********************************************************************/
  
  void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l, 
-                       POLICY_HND *hnd, int num_sids, DOM_SID *sids,
+                       POLICY_HND *hnd, int num_sids, const DOM_SID *sids,
                         uint16 level)
  {
         DEBUG(5, ("init_q_lookup_sids\n"));
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)
source/include/rpc_ds.h		patch \| blob \| history
source/libads/ads_ldap.c		patch \| blob \| history
source/nsswitch/winbindd.h		patch \| blob \| history
source/nsswitch/winbindd_ads.c		patch \| blob \| history
source/nsswitch/winbindd_rpc.c		patch \| blob \| history
source/rpc_client/cli_ds.c		patch \| blob \| history
source/rpc_client/cli_lsarpc.c		patch \| blob \| history
source/rpc_parse/parse_lsa.c		patch \| blob \| history