Changeset 342 for branches/samba-3.3.x/source/winbindd
- Timestamp:
- Oct 30, 2009, 9:39:05 AM (16 years ago)
- Location:
- branches/samba-3.3.x/source/winbindd
- Files:
-
- 6 edited
-
winbindd.c (modified) (2 diffs)
-
winbindd.h (modified) (2 diffs)
-
winbindd_ads.c (modified) (3 diffs)
-
winbindd_cm.c (modified) (10 diffs)
-
winbindd_proto.h (modified) (2 diffs)
-
winbindd_rpc.c (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/source/winbindd/winbindd.c
r274 r342 848 848 message_dispatch(winbind_messaging_context()); 849 849 850 run_events(winbind_event_context(), 0, NULL, NULL); 850 if (run_events(winbind_event_context(), 0, NULL, NULL)) { 851 return; 852 } 851 853 852 854 /* refresh the trusted domain cache */ … … 928 930 if (FD_ISSET(ev->fd, &w_fds)) 929 931 flags |= EVENT_FD_WRITE; 930 if (flags) 932 if (flags) { 931 933 ev->handler(ev, flags); 934 return; 935 } 932 936 ev = next; 933 937 } -
branches/samba-3.3.x/source/winbindd/winbindd.h
r206 r342 123 123 124 124 struct rpc_pipe_client *lsa_pipe; 125 struct rpc_pipe_client *lsa_pipe_tcp; 125 126 POLICY_HND lsa_policy; 126 127 … … 183 184 * we don't have to try _ex every time. */ 184 185 186 bool can_do_ncacn_ip_tcp; 187 185 188 /* Lookup methods for this domain (LDAP or RPC) */ 186 189 struct winbindd_methods *methods; -
branches/samba-3.3.x/source/winbindd/winbindd_ads.c
r206 r342 978 978 size_t num_members = 0; 979 979 ads_control args; 980 struct rpc_pipe_client *cli;981 POLICY_HND lsa_policy;982 980 DOM_SID *sid_mem_nocache = NULL; 983 981 char **names_nocache = NULL; … … 1124 1122 if (num_nocache > 0) { 1125 1123 1126 status = cm_connect_lsa(domain, tmp_ctx, &cli, &lsa_policy); 1127 1128 if (!NT_STATUS_IS_OK(status)) { 1129 goto done; 1130 } 1131 1132 status = rpccli_lsa_lookup_sids(cli, tmp_ctx, 1133 &lsa_policy, 1134 num_nocache, 1135 sid_mem_nocache, 1136 &domains_nocache, 1137 &names_nocache, 1138 &name_types_nocache); 1124 status = winbindd_lookup_sids(tmp_ctx, 1125 domain, 1126 num_nocache, 1127 sid_mem_nocache, 1128 &domains_nocache, 1129 &names_nocache, 1130 &name_types_nocache); 1139 1131 1140 1132 if (!(NT_STATUS_IS_OK(status) || … … 1145 1137 "- retrying...\n", nt_errstr(status))); 1146 1138 1147 status = cm_connect_lsa(domain, tmp_ctx, &cli, 1148 &lsa_policy); 1149 1150 if (!NT_STATUS_IS_OK(status)) { 1151 goto done; 1152 } 1153 1154 status = rpccli_lsa_lookup_sids(cli, tmp_ctx, 1155 &lsa_policy, 1156 num_nocache, 1157 sid_mem_nocache, 1158 &domains_nocache, 1159 &names_nocache, 1160 &name_types_nocache); 1139 status = winbindd_lookup_sids(tmp_ctx, 1140 domain, 1141 num_nocache, 1142 sid_mem_nocache, 1143 &domains_nocache, 1144 &names_nocache, 1145 &name_types_nocache); 1161 1146 } 1162 1147 -
branches/samba-3.3.x/source/winbindd/winbindd_cm.c
r223 r342 858 858 machine_password, 859 859 lp_workgroup(), 860 domain-> name);860 domain->alt_name); 861 861 862 862 if (!ADS_ERR_OK(ads_status)) { … … 1543 1543 } 1544 1544 1545 if (conn->lsa_pipe_tcp != NULL) { 1546 TALLOC_FREE(conn->lsa_pipe_tcp); 1547 /* Ok, it must be dead. Drop timeout to 0.5 sec. */ 1548 if (conn->cli) { 1549 cli_set_timeout(conn->cli, 500); 1550 } 1551 } 1552 1545 1553 if (conn->netlogon_pipe != NULL) { 1546 1554 TALLOC_FREE(conn->netlogon_pipe); … … 1917 1925 domain->name, domain->active_directory ? "" : "NOT ")); 1918 1926 1927 domain->can_do_ncacn_ip_tcp = domain->active_directory; 1928 1919 1929 TALLOC_FREE(cli); 1920 1930 … … 2039 2049 result = cli_rpc_pipe_open_spnego_ntlmssp(conn->cli, 2040 2050 &ndr_table_samr.syntax_id, 2051 NCACN_NP, 2041 2052 PIPE_AUTH_LEVEL_PRIVACY, 2042 2053 domain_name, … … 2082 2093 } 2083 2094 result = cli_rpc_pipe_open_schannel_with_key 2084 (conn->cli, &ndr_table_samr.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, 2095 (conn->cli, &ndr_table_samr.syntax_id, NCACN_NP, 2096 PIPE_AUTH_LEVEL_PRIVACY, 2085 2097 domain->name, p_dcinfo, &conn->samr_pipe); 2086 2098 … … 2137 2149 done: 2138 2150 2139 if (!NT_STATUS_IS_OK(result)) { 2151 if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)) { 2152 /* 2153 * if we got access denied, we might just have no access rights 2154 * to talk to the remote samr server server (e.g. when we are a 2155 * PDC and we are connecting a w2k8 pdc via an interdomain 2156 * trust). In that case do not invalidate the whole connection 2157 * stack 2158 */ 2159 TALLOC_FREE(conn->samr_pipe); 2160 ZERO_STRUCT(conn->sam_domain_handle); 2161 return result; 2162 } else if (!NT_STATUS_IS_OK(result)) { 2140 2163 invalidate_cm_connection(conn); 2141 2164 return result; … … 2147 2170 SAFE_FREE(machine_account); 2148 2171 return result; 2172 } 2173 2174 /********************************************************************** 2175 open an schanneld ncacn_ip_tcp connection to LSA 2176 ***********************************************************************/ 2177 2178 NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, 2179 TALLOC_CTX *mem_ctx, 2180 struct rpc_pipe_client **cli) 2181 { 2182 struct winbindd_cm_conn *conn; 2183 NTSTATUS status; 2184 2185 DEBUG(10,("cm_connect_lsa_tcp\n")); 2186 2187 status = init_dc_connection(domain); 2188 if (!NT_STATUS_IS_OK(status)) { 2189 return status; 2190 } 2191 2192 conn = &domain->conn; 2193 2194 if (conn->lsa_pipe_tcp && 2195 conn->lsa_pipe_tcp->transport_type == NCACN_IP_TCP && 2196 conn->lsa_pipe_tcp->auth->auth_level == PIPE_AUTH_LEVEL_PRIVACY) { 2197 goto done; 2198 } 2199 2200 TALLOC_FREE(conn->lsa_pipe_tcp); 2201 2202 status = cli_rpc_pipe_open_schannel(conn->cli, 2203 &ndr_table_lsarpc.syntax_id, 2204 NCACN_IP_TCP, 2205 PIPE_AUTH_LEVEL_PRIVACY, 2206 domain->name, 2207 &conn->lsa_pipe_tcp); 2208 if (!NT_STATUS_IS_OK(status)) { 2209 DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n", 2210 nt_errstr(status))); 2211 goto done; 2212 } 2213 2214 done: 2215 if (!NT_STATUS_IS_OK(status)) { 2216 TALLOC_FREE(conn->lsa_pipe_tcp); 2217 return status; 2218 } 2219 2220 *cli = conn->lsa_pipe_tcp; 2221 2222 return status; 2149 2223 } 2150 2224 … … 2179 2253 * authenticated LSA pipe with sign & seal. */ 2180 2254 result = cli_rpc_pipe_open_spnego_ntlmssp 2181 (conn->cli, &ndr_table_lsarpc.syntax_id, 2255 (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, 2182 2256 PIPE_AUTH_LEVEL_PRIVACY, 2183 2257 conn->cli->domain, conn->cli->user_name, conn_pwd, … … 2220 2294 } 2221 2295 result = cli_rpc_pipe_open_schannel_with_key 2222 (conn->cli, &ndr_table_lsarpc.syntax_id, 2296 (conn->cli, &ndr_table_lsarpc.syntax_id, NCACN_NP, 2223 2297 PIPE_AUTH_LEVEL_PRIVACY, 2224 2298 domain->name, p_dcinfo, &conn->lsa_pipe); … … 2367 2441 2368 2442 result = cli_rpc_pipe_open_schannel_with_key( 2369 conn->cli, &ndr_table_netlogon.syntax_id, 2443 conn->cli, &ndr_table_netlogon.syntax_id, NCACN_NP, 2370 2444 PIPE_AUTH_LEVEL_PRIVACY, domain->name, netlogon_pipe->dc, 2371 2445 &conn->netlogon_pipe); -
branches/samba-3.3.x/source/winbindd/winbindd_proto.h
r222 r342 74 74 /* The following definitions come from winbindd/winbindd_ads.c */ 75 75 76 /* The following definitions come from winbindd/winbindd_rpc.c */ 77 78 NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, 79 struct winbindd_domain *domain, 80 uint32_t num_sids, 81 const struct dom_sid *sids, 82 char ***domains, 83 char ***names, 84 enum lsa_SidType **types); 85 NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, 86 struct winbindd_domain *domain, 87 uint32_t num_names, 88 const char **names, 89 const char ***domains, 90 struct dom_sid **sids, 91 enum lsa_SidType **types); 76 92 77 93 /* The following definitions come from winbindd/winbindd_async.c */ … … 218 234 NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, 219 235 struct rpc_pipe_client **cli, POLICY_HND *lsa_policy); 236 NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, 237 TALLOC_CTX *mem_ctx, 238 struct rpc_pipe_client **cli); 220 239 NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, 221 240 struct rpc_pipe_client **cli); -
branches/samba-3.3.x/source/winbindd/winbindd_rpc.c
r223 r342 278 278 enum lsa_SidType *types = NULL; 279 279 char *full_name = NULL; 280 struct rpc_pipe_client *cli;281 POLICY_HND lsa_policy;282 280 NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; 283 281 char *mapped_name = NULL; … … 311 309 full_name?full_name:"", domain_name )); 312 310 313 result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 314 if (!NT_STATUS_IS_OK(result)) 315 return result; 316 317 result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1, 318 (const char**) &full_name, NULL, 1, &sids, &types); 319 311 result = winbindd_lookup_names(mem_ctx, domain, 1, 312 (const char **)&full_name, NULL, 313 &sids, &types); 320 314 if (!NT_STATUS_IS_OK(result)) 321 315 return result; … … 343 337 enum lsa_SidType *types = NULL; 344 338 NTSTATUS result; 345 struct rpc_pipe_client *cli;346 POLICY_HND lsa_policy;347 339 NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL; 348 340 char *mapped_name = NULL; … … 351 343 domain->name )); 352 344 353 result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 345 result = winbindd_lookup_sids(mem_ctx, 346 domain, 347 1, 348 sid, 349 &domains, 350 &names, 351 &types); 354 352 if (!NT_STATUS_IS_OK(result)) { 355 DEBUG(2,("msrpc_sid_to_name: cm_connect_lsa() failed (%s)\n",356 nt_errstr(result)));353 DEBUG(2,("msrpc_sid_to_name: failed to lookup sids: %s\n", 354 nt_errstr(result))); 357 355 return result; 358 356 } 359 357 360 361 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,362 1, sid, &domains, &names, &types);363 if (!NT_STATUS_IS_OK(result)) {364 DEBUG(2,("msrpc_sid_to_name: rpccli_lsa_lookup_sids() failed (%s)\n",365 nt_errstr(result)));366 return result;367 }368 358 369 359 *type = (enum lsa_SidType)types[0]; … … 396 386 char **domains; 397 387 NTSTATUS result; 398 struct rpc_pipe_client *cli;399 POLICY_HND lsa_policy;400 388 DOM_SID *sids; 401 389 size_t i; … … 419 407 } 420 408 421 result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);422 if (!NT_STATUS_IS_OK(result)) {423 return result;424 }425 426 result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,427 num_rids, sids, &domains,428 names, types); 409 result = winbindd_lookup_sids(mem_ctx, 410 domain, 411 num_rids, 412 sids, 413 &domains, 414 names, 415 types); 416 429 417 if (!NT_STATUS_IS_OK(result) && 430 418 !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { … … 1186 1174 } 1187 1175 1176 typedef NTSTATUS (*lookup_sids_fn_t)(struct rpc_pipe_client *cli, 1177 TALLOC_CTX *mem_ctx, 1178 struct policy_handle *pol, 1179 int num_sids, 1180 const DOM_SID *sids, 1181 char ***pdomains, 1182 char ***pnames, 1183 enum lsa_SidType **ptypes); 1184 1185 NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, 1186 struct winbindd_domain *domain, 1187 uint32_t num_sids, 1188 const struct dom_sid *sids, 1189 char ***domains, 1190 char ***names, 1191 enum lsa_SidType **types) 1192 { 1193 NTSTATUS status; 1194 struct rpc_pipe_client *cli = NULL; 1195 struct policy_handle lsa_policy; 1196 unsigned int orig_timeout; 1197 lookup_sids_fn_t lookup_sids_fn = rpccli_lsa_lookup_sids; 1198 1199 if (domain->can_do_ncacn_ip_tcp) { 1200 status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); 1201 if (NT_STATUS_IS_OK(status)) { 1202 lookup_sids_fn = rpccli_lsa_lookup_sids3; 1203 goto lookup; 1204 } 1205 domain->can_do_ncacn_ip_tcp = false; 1206 } 1207 status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 1208 1209 if (!NT_STATUS_IS_OK(status)) { 1210 return status; 1211 } 1212 1213 lookup: 1214 /* 1215 * This call can take a long time 1216 * allow the server to time out. 1217 * 35 seconds should do it. 1218 */ 1219 orig_timeout = rpccli_set_timeout(cli, 35000); 1220 1221 status = lookup_sids_fn(cli, 1222 mem_ctx, 1223 &lsa_policy, 1224 num_sids, 1225 sids, 1226 domains, 1227 names, 1228 types); 1229 1230 /* And restore our original timeout. */ 1231 rpccli_set_timeout(cli, orig_timeout); 1232 1233 if (!NT_STATUS_IS_OK(status)) { 1234 return status; 1235 } 1236 1237 return status; 1238 } 1239 1240 typedef NTSTATUS (*lookup_names_fn_t)(struct rpc_pipe_client *cli, 1241 TALLOC_CTX *mem_ctx, 1242 struct policy_handle *pol, 1243 int num_names, 1244 const char **names, 1245 const char ***dom_names, 1246 int level, 1247 struct dom_sid **sids, 1248 enum lsa_SidType **types); 1249 1250 NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, 1251 struct winbindd_domain *domain, 1252 uint32_t num_names, 1253 const char **names, 1254 const char ***domains, 1255 struct dom_sid **sids, 1256 enum lsa_SidType **types) 1257 { 1258 NTSTATUS status; 1259 struct rpc_pipe_client *cli = NULL; 1260 struct policy_handle lsa_policy; 1261 unsigned int orig_timeout; 1262 lookup_names_fn_t lookup_names_fn = rpccli_lsa_lookup_names; 1263 1264 if (domain->can_do_ncacn_ip_tcp) { 1265 status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); 1266 if (NT_STATUS_IS_OK(status)) { 1267 lookup_names_fn = rpccli_lsa_lookup_names4; 1268 goto lookup; 1269 } 1270 domain->can_do_ncacn_ip_tcp = false; 1271 } 1272 status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 1273 1274 if (!NT_STATUS_IS_OK(status)) { 1275 return status; 1276 } 1277 1278 lookup: 1279 1280 /* 1281 * This call can take a long time 1282 * allow the server to time out. 1283 * 35 seconds should do it. 1284 */ 1285 orig_timeout = rpccli_set_timeout(cli, 35000); 1286 1287 status = lookup_names_fn(cli, 1288 mem_ctx, 1289 &lsa_policy, 1290 num_names, 1291 (const char **) names, 1292 domains, 1293 1, 1294 sids, 1295 types); 1296 1297 /* And restore our original timeout. */ 1298 rpccli_set_timeout(cli, orig_timeout); 1299 1300 if (!NT_STATUS_IS_OK(status)) { 1301 return status; 1302 } 1303 1304 return status; 1305 } 1188 1306 1189 1307 /* the rpc backend methods are exposed via this structure */
Note:
See TracChangeset
for help on using the changeset viewer.
