Changeset 860 for vendor/current/source3/winbindd
- Timestamp:
- May 12, 2014, 8:58:38 PM (11 years ago)
- Location:
- vendor/current/source3/winbindd
- Files:
-
- 10 edited
-
idmap_ad.c (modified) (2 diffs)
-
wb_lookupsids.c (modified) (1 diff)
-
winbindd.c (modified) (1 diff)
-
winbindd_cache.c (modified) (4 diffs)
-
winbindd_cm.c (modified) (8 diffs)
-
winbindd_dual.c (modified) (1 diff)
-
winbindd_msrpc.c (modified) (14 diffs)
-
winbindd_pam.c (modified) (3 diffs)
-
winbindd_proto.h (modified) (3 diffs)
-
winbindd_rpc.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/winbindd/idmap_ad.c
r740 r860 458 458 &id)) 459 459 { 460 DEBUG(1, ("Could not get unix ID\n"));460 DEBUG(1, ("Could not get SID for unix ID %u\n", (unsigned) id)); 461 461 continue; 462 462 } … … 655 655 &id)) 656 656 { 657 DEBUG(1, ("Could not get unix ID\n")); 657 DEBUG(1, ("Could not get unix ID for SID %s\n", 658 sid_string_dbg(map->sid))); 658 659 continue; 659 660 } -
vendor/current/source3/winbindd/wb_lookupsids.c
r746 r860 403 403 404 404 src_domain_index = src_name->sid_index; 405 if (src_domain_index >= src_domains->count) { 406 return false; 407 } 405 408 src_domain = &src_domains->domains[src_domain_index]; 406 409 -
vendor/current/source3/winbindd/winbindd.c
r746 r860 1079 1079 MSG_WINBIND_ONLINESTATUS, winbind_msg_onlinestatus); 1080 1080 1081 /* Handle domain online/offline messages for domains */ 1082 messaging_register(winbind_messaging_context(), NULL, 1083 MSG_WINBIND_DOMAIN_OFFLINE, winbind_msg_domain_offline); 1084 messaging_register(winbind_messaging_context(), NULL, 1085 MSG_WINBIND_DOMAIN_ONLINE, winbind_msg_domain_online); 1086 1081 1087 messaging_register(winbind_messaging_context(), NULL, 1082 1088 MSG_DUMP_EVENT_LIST, winbind_msg_dump_event_list); -
vendor/current/source3/winbindd/winbindd_cache.c
r746 r860 946 946 if (!centry) 947 947 return; 948 949 if ((domain_name == NULL) || (domain_name[0] == '\0')) { 950 struct winbindd_domain *mydomain = 951 find_domain_from_sid_noinit(sid); 952 if (mydomain != NULL) { 953 domain_name = mydomain->name; 954 } 955 } 956 948 957 centry_put_uint32(centry, type); 949 958 centry_put_sid(centry, sid); … … 965 974 if (!centry) 966 975 return; 976 977 if ((domain_name == NULL) || (domain_name[0] == '\0')) { 978 struct winbindd_domain *mydomain = 979 find_domain_from_sid_noinit(sid); 980 if (mydomain != NULL) { 981 domain_name = mydomain->name; 982 } 983 } 967 984 968 985 if (NT_STATUS_IS_OK(status)) { … … 1782 1799 } 1783 1800 1801 if ((domain_name == NULL) || (domain_name[0] == '\0')) { 1802 domain_name = domain->name; 1803 } 1804 1784 1805 centry = wcache_fetch(cache, domain, "NS/%s/%s", domain_name, uname); 1785 1806 TALLOC_FREE(uname); … … 2131 2152 /* something's definitely wrong */ 2132 2153 result = centry->status; 2154 centry_free(centry); 2133 2155 goto error; 2134 2156 } -
vendor/current/source3/winbindd/winbindd_cm.c
r746 r860 338 338 } 339 339 340 void winbind_msg_domain_offline(struct messaging_context *msg_ctx, 341 void *private_data, 342 uint32_t msg_type, 343 struct server_id server_id, 344 DATA_BLOB *data) 345 { 346 const char *domain_name = (const char *)data->data; 347 struct winbindd_domain *domain; 348 349 domain = find_domain_from_name_noinit(domain_name); 350 if (domain == NULL) { 351 return; 352 } 353 354 domain->online = false; 355 356 DEBUG(10, ("Domain %s is marked as offline now.\n", 357 domain_name)); 358 } 359 360 void winbind_msg_domain_online(struct messaging_context *msg_ctx, 361 void *private_data, 362 uint32_t msg_type, 363 struct server_id server_id, 364 DATA_BLOB *data) 365 { 366 const char *domain_name = (const char *)data->data; 367 struct winbindd_domain *domain; 368 369 domain = find_domain_from_name_noinit(domain_name); 370 if (domain == NULL) { 371 return; 372 } 373 374 domain->online = true; 375 376 DEBUG(10, ("Domain %s is marked as online now.\n", 377 domain_name)); 378 } 379 340 380 /**************************************************************** 341 381 Set domain offline and also add handler to put us back online … … 345 385 void set_domain_offline(struct winbindd_domain *domain) 346 386 { 387 pid_t parent_pid = getppid(); 388 347 389 DEBUG(10,("set_domain_offline: called for domain %s\n", 348 390 domain->name )); … … 391 433 DEBUG(10,("set_domain_offline: added event handler for domain %s\n", 392 434 domain->name )); 435 436 /* Send a message to the parent that the domain is offline. */ 437 if (parent_pid > 1 && !domain->internal) { 438 messaging_send_buf(winbind_messaging_context(), 439 pid_to_procid(parent_pid), 440 MSG_WINBIND_DOMAIN_OFFLINE, 441 (uint8 *)domain->name, 442 strlen(domain->name) + 1); 443 } 393 444 394 445 /* Send an offline message to the idmap child when our … … 416 467 static void set_domain_online(struct winbindd_domain *domain) 417 468 { 469 pid_t parent_pid = getppid(); 470 418 471 DEBUG(10,("set_domain_online: called for domain %s\n", 419 472 domain->name )); … … 466 519 467 520 domain->online = True; 521 522 /* Send a message to the parent that the domain is online. */ 523 if (parent_pid > 1 && !domain->internal) { 524 messaging_send_buf(winbind_messaging_context(), 525 pid_to_procid(parent_pid), 526 MSG_WINBIND_DOMAIN_ONLINE, 527 (uint8 *)domain->name, 528 strlen(domain->name) + 1); 529 } 468 530 469 531 /* Send an online message to the idmap child when our … … 1024 1086 result = cli_set_domain((*cli), domain->name); 1025 1087 if (!NT_STATUS_IS_OK(result)) { 1088 SAFE_FREE(ipc_username); 1089 SAFE_FREE(ipc_domain); 1090 SAFE_FREE(ipc_password); 1026 1091 return result; 1027 1092 } … … 1603 1668 result = cm_prepare_connection(domain, fd, domain->dcname, 1604 1669 &new_conn->cli, &retry); 1670 if (!NT_STATUS_IS_OK(result)) { 1671 /* Don't leak the smb connection socket */ 1672 close(fd); 1673 } 1605 1674 1606 1675 if (!retry) … … 2565 2634 2566 2635 /**************************************************************************** 2636 Open a LSA connection to a DC, suiteable for LSA lookup calls. 2637 ****************************************************************************/ 2638 2639 NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, 2640 TALLOC_CTX *mem_ctx, 2641 struct rpc_pipe_client **cli, 2642 struct policy_handle *lsa_policy) 2643 { 2644 NTSTATUS status; 2645 2646 if (domain->can_do_ncacn_ip_tcp) { 2647 status = cm_connect_lsa_tcp(domain, mem_ctx, cli); 2648 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || 2649 NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || 2650 NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { 2651 invalidate_cm_connection(&domain->conn); 2652 status = cm_connect_lsa_tcp(domain, mem_ctx, cli); 2653 } 2654 if (NT_STATUS_IS_OK(status)) { 2655 return status; 2656 } 2657 2658 /* 2659 * we tried twice to connect via ncan_ip_tcp and schannel and 2660 * failed - maybe it is a trusted domain we can't connect to ? 2661 * do not try tcp next time - gd 2662 */ 2663 domain->can_do_ncacn_ip_tcp = false; 2664 } 2665 2666 status = cm_connect_lsa(domain, mem_ctx, cli, lsa_policy); 2667 2668 return status; 2669 } 2670 2671 /**************************************************************************** 2567 2672 Open the netlogon pipe to this DC. Use schannel if specified in client conf. 2568 2673 session key stored in conn->netlogon_pipe->dc->sess_key. -
vendor/current/source3/winbindd/winbindd_dual.c
r746 r860 1223 1223 messaging_deregister(winbind_messaging_context(), 1224 1224 MSG_DEBUG, NULL); 1225 1226 messaging_deregister(winbind_messaging_context(), 1227 MSG_WINBIND_DOMAIN_OFFLINE, NULL); 1228 messaging_deregister(winbind_messaging_context(), 1229 MSG_WINBIND_DOMAIN_ONLINE, NULL); 1225 1230 1226 1231 /* We have destroyed all events in the winbindd_event_context -
vendor/current/source3/winbindd/winbindd_msrpc.c
r740 r860 36 36 #define DBGC_CLASS DBGC_WINBIND 37 37 38 static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, 39 struct winbindd_domain *domain, 40 uint32_t num_names, 41 const char **names, 42 const char ***domains, 43 struct dom_sid **sids, 44 enum lsa_SidType **types); 38 45 39 46 /* Query display info for a domain. This returns enough information plus a … … 738 745 care of freeing the temporary arrays later on. */ 739 746 740 if (tmp_names.count != tmp_types.count) { 741 return NT_STATUS_UNSUCCESSFUL; 747 if (tmp_names.count != num_lookup_rids) { 748 return NT_STATUS_INVALID_NETWORK_RESPONSE; 749 } 750 if (tmp_types.count != num_lookup_rids) { 751 return NT_STATUS_INVALID_NETWORK_RESPONSE; 742 752 } 743 753 … … 745 755 if (tmp_types.ids[r] == SID_NAME_UNKNOWN) { 746 756 continue; 757 } 758 if (total_names >= *num_names) { 759 break; 747 760 } 748 761 (*names)[total_names] = fill_domain_username_talloc( … … 938 951 939 952 status = cm_connect_lsa(domain, tmp_ctx, &lsa_pipe, &lsa_policy); 940 if (!NT_STATUS_IS_OK(status)) 941 return status; 953 if (!NT_STATUS_IS_OK(status)) { 954 goto done; 955 } 942 956 943 957 status = rpc_trusted_domains(tmp_ctx, … … 1057 1071 return status; 1058 1072 } 1059 1060 typedef NTSTATUS (*lookup_sids_fn_t)(struct dcerpc_binding_handle *h,1061 TALLOC_CTX *mem_ctx,1062 struct policy_handle *pol,1063 int num_sids,1064 const struct dom_sid *sids,1065 char ***pdomains,1066 char ***pnames,1067 enum lsa_SidType **ptypes,1068 NTSTATUS *result);1069 1073 1070 1074 NTSTATUS winbindd_lookup_sids(TALLOC_CTX *mem_ctx, … … 1082 1086 struct policy_handle lsa_policy; 1083 1087 unsigned int orig_timeout; 1084 lookup_sids_fn_t lookup_sids_fn = dcerpc_lsa_lookup_sids; 1085 1086 if (domain->can_do_ncacn_ip_tcp) { 1087 status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); 1088 if (NT_STATUS_IS_OK(status)) { 1089 lookup_sids_fn = dcerpc_lsa_lookup_sids3; 1090 goto lookup; 1091 } 1092 domain->can_do_ncacn_ip_tcp = false; 1093 } 1094 status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 1095 1088 bool use_lookupsids3 = false; 1089 bool retried = false; 1090 1091 connect: 1092 status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); 1096 1093 if (!NT_STATUS_IS_OK(status)) { 1097 1094 return status; 1098 1095 } 1099 1096 1100 lookup:1101 1097 b = cli->binding_handle; 1098 1099 if (cli->transport->transport == NCACN_IP_TCP) { 1100 use_lookupsids3 = true; 1101 } 1102 1102 1103 1103 /* … … 1108 1108 orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); 1109 1109 1110 status = lookup_sids_fn(b, 1111 mem_ctx, 1112 &lsa_policy, 1113 num_sids, 1114 sids, 1115 domains, 1116 names, 1117 types, 1118 &result); 1110 status = dcerpc_lsa_lookup_sids_generic(b, 1111 mem_ctx, 1112 &lsa_policy, 1113 num_sids, 1114 sids, 1115 domains, 1116 names, 1117 types, 1118 use_lookupsids3, 1119 &result); 1119 1120 1120 1121 /* And restore our original timeout. */ … … 1122 1123 1123 1124 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || 1124 NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { 1125 NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || 1126 NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { 1125 1127 /* 1126 1128 * This can happen if the schannel key is not … … 1130 1132 */ 1131 1133 invalidate_cm_connection(&domain->conn); 1134 domain->can_do_ncacn_ip_tcp = domain->active_directory; 1135 if (!retried) { 1136 retried = true; 1137 goto connect; 1138 } 1132 1139 status = NT_STATUS_ACCESS_DENIED; 1133 1140 } … … 1144 1151 } 1145 1152 1146 typedef NTSTATUS (*lookup_names_fn_t)(struct dcerpc_binding_handle *h, 1147 TALLOC_CTX *mem_ctx, 1148 struct policy_handle *pol, 1153 static NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, 1154 struct winbindd_domain *domain, 1149 1155 uint32_t num_names, 1150 1156 const char **names, 1151 const char ***dom_names, 1152 enum lsa_LookupNamesLevel level, 1157 const char ***domains, 1153 1158 struct dom_sid **sids, 1154 enum lsa_SidType **types, 1155 NTSTATUS *result); 1156 1157 NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx, 1158 struct winbindd_domain *domain, 1159 uint32_t num_names, 1160 const char **names, 1161 const char ***domains, 1162 struct dom_sid **sids, 1163 enum lsa_SidType **types) 1159 enum lsa_SidType **types) 1164 1160 { 1165 1161 NTSTATUS status; … … 1169 1165 struct policy_handle lsa_policy; 1170 1166 unsigned int orig_timeout = 0; 1171 lookup_names_fn_t lookup_names_fn = dcerpc_lsa_lookup_names; 1172 1173 if (domain->can_do_ncacn_ip_tcp) { 1174 status = cm_connect_lsa_tcp(domain, mem_ctx, &cli); 1175 if (NT_STATUS_IS_OK(status)) { 1176 lookup_names_fn = dcerpc_lsa_lookup_names4; 1177 goto lookup; 1178 } 1179 domain->can_do_ncacn_ip_tcp = false; 1180 } 1181 status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 1182 1167 bool use_lookupnames4 = false; 1168 bool retried = false; 1169 1170 connect: 1171 status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); 1183 1172 if (!NT_STATUS_IS_OK(status)) { 1184 1173 return status; 1185 1174 } 1186 1175 1187 lookup:1188 1176 b = cli->binding_handle; 1177 1178 if (cli->transport->transport == NCACN_IP_TCP) { 1179 use_lookupnames4 = true; 1180 } 1189 1181 1190 1182 /* … … 1195 1187 orig_timeout = dcerpc_binding_handle_set_timeout(b, 35000); 1196 1188 1197 status = lookup_names_fn(b, 1198 mem_ctx, 1199 &lsa_policy, 1200 num_names, 1201 (const char **) names, 1202 domains, 1203 1, 1204 sids, 1205 types, 1206 &result); 1189 status = dcerpc_lsa_lookup_names_generic(b, 1190 mem_ctx, 1191 &lsa_policy, 1192 num_names, 1193 (const char **) names, 1194 domains, 1195 1, 1196 sids, 1197 types, 1198 use_lookupnames4, 1199 &result); 1207 1200 1208 1201 /* And restore our original timeout. */ … … 1210 1203 1211 1204 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || 1212 NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { 1205 NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR) || 1206 NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_ACCESS_DENIED)) { 1213 1207 /* 1214 1208 * This can happen if the schannel key is not … … 1218 1212 */ 1219 1213 invalidate_cm_connection(&domain->conn); 1214 if (!retried) { 1215 retried = true; 1216 goto connect; 1217 } 1220 1218 status = NT_STATUS_ACCESS_DENIED; 1221 1219 } -
vendor/current/source3/winbindd/winbindd_pam.c
r746 r860 669 669 670 670 failed: 671 /* 672 * Do not delete an existing valid credential cache, if the user 673 * e.g. enters a wrong password 674 */ 675 if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE")) 676 && user_ccache_file != NULL) { 677 return result; 678 } 671 679 672 680 /* we could have created a new credential cache with a valid tgt in it … … 1153 1161 { 1154 1162 int attempts = 0; 1163 int netr_attempts = 0; 1155 1164 bool retry = false; 1156 1165 NTSTATUS result; … … 1167 1176 1168 1177 if (!NT_STATUS_IS_OK(result)) { 1169 DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n", 1170 nt_errstr(result))); 1171 if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { 1172 if (attempts > 0) { 1173 DEBUG(3, ("This is the second problem for this " 1174 "particular call, forcing the close of " 1175 "this connection\n")); 1176 invalidate_cm_connection(&domain->conn); 1177 } else { 1178 DEBUG(3, ("First call to cm_connect_netlogon " 1179 "has timed out, retrying\n")); 1180 continue; 1181 } 1178 DEBUG(3,("Could not open handle to NETLOGON pipe " 1179 "(error: %s, attempts: %d)\n", 1180 nt_errstr(result), netr_attempts)); 1181 1182 /* After the first retry always close the connection */ 1183 if (netr_attempts > 0) { 1184 DEBUG(3, ("This is again a problem for this " 1185 "particular call, forcing the close " 1186 "of this connection\n")); 1187 invalidate_cm_connection(&domain->conn); 1188 } 1189 1190 /* After the second retry failover to the next DC */ 1191 if (netr_attempts > 1) { 1192 /* 1193 * If the netlogon server is not reachable then 1194 * it is possible that the DC is rebuilding 1195 * sysvol and shutdown netlogon for that time. 1196 * We should failover to the next dc. 1197 */ 1198 DEBUG(3, ("This is the third problem for this " 1199 "particular call, adding DC to the " 1200 "negative cache list\n")); 1201 add_failed_connection_entry(domain->name, 1202 domain->dcname, 1203 result); 1204 saf_delete(domain->name); 1205 } 1206 1207 /* Only allow 3 retries */ 1208 if (netr_attempts < 3) { 1209 DEBUG(3, ("The connection to netlogon " 1210 "failed, retrying\n")); 1211 netr_attempts++; 1212 retry = true; 1213 continue; 1182 1214 } 1183 1215 return result; 1184 1216 } 1217 netr_attempts = 0; 1218 1185 1219 auth = netlogon_pipe->auth; 1186 1220 if (netlogon_pipe->dc) { -
vendor/current/source3/winbindd/winbindd_proto.h
r746 r860 48 48 char ***names, 49 49 enum lsa_SidType **types); 50 NTSTATUS winbindd_lookup_names(TALLOC_CTX *mem_ctx,51 struct winbindd_domain *domain,52 uint32_t num_names,53 const char **names,54 const char ***domains,55 struct dom_sid **sids,56 enum lsa_SidType **types);57 50 NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx, 58 51 struct winbindd_domain *domain, … … 158 151 159 152 /* The following definitions come from winbindd/winbindd_cm.c */ 153 void winbind_msg_domain_offline(struct messaging_context *msg_ctx, 154 void *private_data, 155 uint32_t msg_type, 156 struct server_id server_id, 157 DATA_BLOB *data); 158 void winbind_msg_domain_online(struct messaging_context *msg_ctx, 159 void *private_data, 160 uint32_t msg_type, 161 struct server_id server_id, 162 DATA_BLOB *data); 160 163 161 164 void set_domain_offline(struct winbindd_domain *domain); … … 171 174 TALLOC_CTX *mem_ctx, 172 175 struct rpc_pipe_client **cli); 176 NTSTATUS cm_connect_lsat(struct winbindd_domain *domain, 177 TALLOC_CTX *mem_ctx, 178 struct rpc_pipe_client **cli, 179 struct policy_handle *lsa_policy); 173 180 NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, 174 181 struct rpc_pipe_client **cli); -
vendor/current/source3/winbindd/winbindd_rpc.c
r740 r860 872 872 /* Copy result into array. The talloc system will take 873 873 care of freeing the temporary arrays later on. */ 874 if (tmp_names.count != tmp_types.count) { 875 return NT_STATUS_UNSUCCESSFUL; 874 if (tmp_names.count != num_names) { 875 return NT_STATUS_INVALID_NETWORK_RESPONSE; 876 } 877 if (tmp_types.count != num_names) { 878 return NT_STATUS_INVALID_NETWORK_RESPONSE; 876 879 } 877 880 … … 879 882 if (tmp_types.ids[r] == SID_NAME_UNKNOWN) { 880 883 continue; 884 } 885 if (total_names >= num_names) { 886 break; 881 887 } 882 888 names[total_names] = fill_domain_username_talloc(names, … … 1034 1040 static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx, 1035 1041 struct winbindd_domain *domain, 1042 struct rpc_pipe_client *cli, 1036 1043 struct lsa_SidArray *sids, 1037 1044 struct lsa_RefDomainList **pdomains, … … 1039 1046 { 1040 1047 struct lsa_TransNameArray2 lsa_names2; 1041 struct lsa_TransNameArray *names ;1048 struct lsa_TransNameArray *names = *pnames; 1042 1049 uint32_t i, count; 1043 struct rpc_pipe_client *cli;1044 1050 NTSTATUS status, result; 1045 1046 status = cm_connect_lsa_tcp(domain, talloc_tos(), &cli);1047 if (!NT_STATUS_IS_OK(status)) {1048 domain->can_do_ncacn_ip_tcp = false;1049 return status;1050 }1051 1051 1052 1052 ZERO_STRUCT(lsa_names2); … … 1067 1067 return result; 1068 1068 } 1069 names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray);1070 if (names == NULL) {1071 return NT_STATUS_NO_MEMORY;1072 } 1069 if (sids->num_sids != lsa_names2.count) { 1070 return NT_STATUS_INVALID_NETWORK_RESPONSE; 1071 } 1072 1073 1073 names->count = lsa_names2.count; 1074 1074 names->names = talloc_array(names, struct lsa_TranslatedName, … … 1082 1082 names->names, &lsa_names2.names[i].name.string); 1083 1083 names->names[i].sid_index = lsa_names2.names[i].sid_index; 1084 } 1085 *pnames = names; 1084 1085 if (names->names[i].sid_index == UINT32_MAX) { 1086 continue; 1087 } 1088 if ((*pdomains) == NULL) { 1089 return NT_STATUS_INVALID_NETWORK_RESPONSE; 1090 } 1091 if (names->names[i].sid_index >= (*pdomains)->count) { 1092 return NT_STATUS_INVALID_NETWORK_RESPONSE; 1093 } 1094 } 1086 1095 return result; 1087 1096 } … … 1093 1102 struct lsa_TransNameArray **pnames) 1094 1103 { 1095 struct lsa_TransNameArray *names ;1104 struct lsa_TransNameArray *names = *pnames; 1096 1105 struct rpc_pipe_client *cli = NULL; 1097 1106 struct policy_handle lsa_policy; 1098 1107 uint32_t count; 1108 uint32_t i; 1099 1109 NTSTATUS status, result; 1100 1110 1101 if (domain->can_do_ncacn_ip_tcp) { 1102 status = rpc_try_lookup_sids3(mem_ctx, domain, sids, 1103 pdomains, pnames); 1104 if (!NT_STATUS_IS_ERR(status)) { 1105 return status; 1106 } 1107 } 1108 1109 status = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy); 1111 status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy); 1110 1112 if (!NT_STATUS_IS_OK(status)) { 1111 1113 return status; 1112 1114 } 1113 1115 1114 names = TALLOC_ZERO_P(mem_ctx, struct lsa_TransNameArray); 1115 if (names == NULL) { 1116 return NT_STATUS_NO_MEMORY; 1117 } 1116 if (cli->transport->transport == NCACN_IP_TCP) { 1117 return rpc_try_lookup_sids3(mem_ctx, domain, cli, sids, 1118 pdomains, pnames); 1119 } 1120 1118 1121 status = dcerpc_lsa_LookupSids(cli->binding_handle, mem_ctx, 1119 1122 &lsa_policy, sids, pdomains, … … 1126 1129 return result; 1127 1130 } 1128 *pnames = names; 1131 1132 if (sids->num_sids != names->count) { 1133 return NT_STATUS_INVALID_NETWORK_RESPONSE; 1134 } 1135 1136 for (i=0; i < names->count; i++) { 1137 if (names->names[i].sid_index == UINT32_MAX) { 1138 continue; 1139 } 1140 if ((*pdomains) == NULL) { 1141 return NT_STATUS_INVALID_NETWORK_RESPONSE; 1142 } 1143 if (names->names[i].sid_index >= (*pdomains)->count) { 1144 return NT_STATUS_INVALID_NETWORK_RESPONSE; 1145 } 1146 } 1147 1129 1148 return result; 1130 1149 }
Note:
See TracChangeset
for help on using the changeset viewer.
