sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-24 13:57:43 +03:00
Code

s3: Pass netr_DomainTrustList instead of names and sids through (*trusted_domains)

Browse Source
This commit is contained in:
Volker Lendecke 2009-12-28 15:51:36 +01:00
parent 0aa8946ce0
commit b8fcba9cb8
7 changed files with 101 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
source3/winbindd/winbindd.h
View File

@ -313,10 +313,7 @@ struct winbindd_methods {
/* enumerate trusted domains */
NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids);
struct netr_DomainTrustList *trusts);
};
/* Filled out by IDMAP backends */

83
source3/winbindd/winbindd_ads.c
View File

@ -1257,13 +1257,9 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids)
struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct netr_DomainTrustList trusts;
int i;
uint32 flags;
struct rpc_pipe_client *cli;
@ -1272,10 +1268,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(3,("ads: trusted_domains\n"));
*num_domains = 0;
*alt_names = NULL;
*names = NULL;
*dom_sids = NULL;
ZERO_STRUCTP(trusts);
/* If this is our primary domain or a root in our forest,
query for all trusts. If not, then just look for domain
@ -1303,36 +1296,20 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
cli->desthost,
flags,
&trusts,
trusts,
NULL);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
if (trusts.count == 0) {
if (trusts->count == 0) {
return NT_STATUS_OK;
}
/* Allocate memory for trusted domain names and sids */
if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
DEBUG(0, ("trusted_domains: out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
DEBUG(0, ("trusted_domains: out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, trusts.count)) ) {
DEBUG(0, ("trusted_domains: out of memory\n"));
return NT_STATUS_NO_MEMORY;
}
/* Copy across names and sids */
ret_count = 0;
for (i = 0; i < trusts.count; i++) {
for (i = 0; i < trusts->count; i++) {
struct netr_DomainTrust *trust = &trusts->array[i];
struct winbindd_domain d;
ZERO_STRUCT(d);
@ -1344,39 +1321,23 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
* by the DC.
*/
if ((trusts.array[i].trust_attributes
if ((trust->trust_attributes
== NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
!domain->primary )
{
DEBUG(10,("trusted_domains: Skipping external trusted "
"domain %s because it is outside of our "
"primary domain\n",
trusts.array[i].netbios_name));
trust->netbios_name));
continue;
}
/*
* We must check that the SID of each trusted domain
* was returned to work around a bug in Windows:
* http://support.microsoft.com/kb/922832
*/
(*names)[ret_count] = CONST_DISCARD(
char *, trusts.array[i].netbios_name);
(*alt_names)[ret_count] = CONST_DISCARD(
char *, trusts.array[i].dns_name);
if (trusts.array[i].sid) {
sid_copy(&(*dom_sids)[ret_count], trusts.array[i].sid);
} else {
sid_copy(&(*dom_sids)[ret_count], &global_sid_NULL);
}
/* add to the trusted domain cache */
fstrcpy( d.name, trusts.array[i].netbios_name);
fstrcpy( d.alt_name, trusts.array[i].dns_name);
if (trusts.array[i].sid) {
sid_copy( &d.sid, trusts.array[i].sid);
fstrcpy(d.name, trust->netbios_name);
fstrcpy(d.alt_name, trust->dns_name);
if (trust->sid) {
sid_copy(&d.sid, trust->sid);
} else {
sid_copy(&d.sid, &global_sid_NULL);
}
@ -1387,10 +1348,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
"trust flags for domain %s\n",
domain->name, d.alt_name));
d.domain_flags = trusts.array[i].trust_flags;
d.domain_type = trusts.array[i].trust_type;
d.domain_trust_attribs =
trusts.array[i].trust_attributes;
d.domain_flags = trust->trust_flags;
d.domain_type = trust->trust_type;
d.domain_trust_attribs = trust->trust_attributes;
wcache_tdc_add_domain( &d );
ret_count++;
@ -1403,16 +1363,16 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
struct winbindd_tdc_domain *exist = NULL;
exist = wcache_tdc_fetch_domain(
NULL, trusts.array[i].netbios_name);
talloc_tos(), trust->netbios_name);
if (!exist) {
DEBUG(10,("trusted_domains(ads): Searching "
"trusted domain list of %s and "
"storing trust flags for domain "
"%s\n", domain->name, d.alt_name));
d.domain_flags = trusts.array[i].trust_flags;
d.domain_type = trusts.array[i].trust_type;
d.domain_flags = trust->trust_flags;
d.domain_type = trust->trust_type;
d.domain_trust_attribs =
trusts.array[i].trust_attributes;
trust->trust_attributes;
wcache_tdc_add_domain( &d );
ret_count++;
@ -1433,7 +1393,8 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
"trust flags for domain %s\n",
domain->name, d.alt_name));
parent = wcache_tdc_fetch_domain(NULL, domain->name);
parent = wcache_tdc_fetch_domain(talloc_tos(),
domain->name);
if (parent) {
d.domain_flags = parent->trust_flags;
d.domain_type = parent->trust_type;
@ -1450,8 +1411,6 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
ret_count++;
}
}
*num_domains = ret_count;
return result;
}

13
source3/winbindd/winbindd_cache.c
View File

@ -2446,18 +2446,10 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
* Guenther */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids)
struct netr_DomainTrustList *trusts)
{
NTSTATUS status;
(*num_domains) = 0;
(*dom_sids) = NULL;
(*names) = NULL;
(*alt_names) = NULL;
/* Return status value returned by seq number check */
if (!NT_STATUS_IS_OK(domain->last_status))
@ -2466,8 +2458,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(10,("trusted_domains: [Cached] - doing backend query for info for domain %s\n",
domain->name ));
status = domain->backend->trusted_domains(domain, mem_ctx, num_domains,
names, alt_names, dom_sids);
status = domain->backend->trusted_domains(domain, mem_ctx, trusts);
/* no trusts gives NT_STATUS_NO_MORE_ENTRIES resetting to NT_STATUS_OK
* so that the generic centry handling still applies correctly -

50
source3/winbindd/winbindd_misc.c
View File

@ -148,20 +148,18 @@ done:
enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
struct winbindd_cli_state *state)
{
uint32 i, num_domains;
char **names, **alt_names;
DOM_SID *sids;
int i;
int extra_data_len = 0;
char *extra_data;
NTSTATUS result;
bool have_own_domain = False;
struct netr_DomainTrustList trusts;
DEBUG(3, ("[%5lu]: list trusted domains\n",
(unsigned long)state->pid));
result = domain->methods->trusted_domains(domain, state->mem_ctx,
&num_domains, &names,
&alt_names, &sids);
&trusts);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("winbindd_dual_list_trusted_domains: trusted_domains returned %s\n",
@ -171,45 +169,37 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
extra_data = talloc_strdup(state->mem_ctx, "");
if (num_domains > 0)
extra_data = talloc_asprintf(
state->mem_ctx, "%s\\%s\\%s",
names[0], alt_names[0] ? alt_names[0] : names[0],
sid_string_talloc(state->mem_ctx, &sids[0]));
for (i=1; i<num_domains; i++)
extra_data = talloc_asprintf(
state->mem_ctx, "%s\n%s\\%s\\%s",
extra_data, names[i],
alt_names[i] ? alt_names[i] : names[i],
sid_string_talloc(state->mem_ctx, &sids[i]));
for (i=0; i<trusts.count; i++) {
extra_data = talloc_asprintf_append_buffer(
extra_data, "%s\\%s\\%s\n",
trusts.array[i].netbios_name,
trusts.array[i].dns_name,
sid_string_talloc(state->mem_ctx,
trusts.array[i].sid));
}
/* add our primary domain */
for (i=0; i<num_domains; i++) {
if (strequal(names[i], domain->name)) {
for (i=0; i<trusts.count; i++) {
if (strequal(trusts.array[i].netbios_name, domain->name)) {
have_own_domain = True;
break;
}
}
if (state->request->data.list_all_domains && !have_own_domain) {
extra_data = talloc_asprintf(
state->mem_ctx, "%s\n%s\\%s\\%s",
extra_data, domain->name,
extra_data = talloc_asprintf_append_buffer(
extra_data, "%s\\%s\\%s\n", domain->name,
domain->alt_name ? domain->alt_name : domain->name,
sid_string_talloc(state->mem_ctx, &domain->sid));
}
/* This is a bit excessive, but the extra data sooner or later will be
talloc'ed */
extra_data_len = 0;
if (extra_data != NULL) {
extra_data_len = strlen(extra_data);
}
extra_data_len = strlen(extra_data);
if (extra_data_len > 0) {
/* Strip the last \n */
extra_data[extra_data_len-1] = '\0';
state->response->extra_data.data = extra_data;
state->response->length += extra_data_len+1;
}

76
source3/winbindd/winbindd_passdb.c
View File

@ -398,16 +398,10 @@ static NTSTATUS builtin_query_user(struct winbindd_domain *domain,
/* get a list of trusted domains - builtin domain */
static NTSTATUS builtin_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids)
TALLOC_CTX *mem_ctx,
struct netr_DomainTrustList *trusts)
{
*num_domains = 0;
*names = NULL;
*alt_names = NULL;
*dom_sids = NULL;
ZERO_STRUCTP(trusts);
return NT_STATUS_OK;
}
@ -649,58 +643,44 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
/* get a list of trusted domains */
static NTSTATUS sam_trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids)
TALLOC_CTX *mem_ctx,
struct netr_DomainTrustList *trusts)
{
NTSTATUS nt_status;
struct trustdom_info **domains;
int i;
TALLOC_CTX *tmp_ctx;
*num_domains = 0;
*names = NULL;
*alt_names = NULL;
*dom_sids = NULL;
if (!(tmp_ctx = talloc_init("trusted_domains"))) {
return NT_STATUS_NO_MEMORY;
}
nt_status = pdb_enum_trusteddoms(tmp_ctx, num_domains, &domains);
nt_status = pdb_enum_trusteddoms(talloc_tos(), &trusts->count,
&domains);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
}
if (*num_domains) {
*names = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
*alt_names = TALLOC_ARRAY(mem_ctx, char *, *num_domains);
*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains);
if ((*alt_names == NULL) || (*names == NULL) || (*dom_sids == NULL)) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
} else {
*names = NULL;
*alt_names = NULL;
*dom_sids = NULL;
if (trusts->count == 0) {
trusts->array = NULL;
return NT_STATUS_OK;
}
for (i=0; i<*num_domains; i++) {
(*alt_names)[i] = NULL;
if (!((*names)[i] = talloc_strdup((*names),
domains[i]->name))) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
sid_copy(&(*dom_sids)[i], &domains[i]->sid);
trusts->array = talloc_zero_array(
mem_ctx, struct netr_DomainTrust, trusts->count);
if (trusts->array == NULL) {
return NT_STATUS_NO_MEMORY;
}
TALLOC_FREE(tmp_ctx);
for (i=0; i<trusts->count; i++) {
struct dom_sid *sid;
trusts->array[i].netbios_name = talloc_move(
trusts->array, &domains[i]->name);
trusts->array[i].dns_name = NULL;
sid = talloc(trusts->array, struct dom_sid);
if (sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
sid_copy(sid, &domains[i]->sid);
trusts->array[i].sid = sid;
}
return NT_STATUS_OK;
}

12
source3/winbindd/winbindd_reconnect.c
View File

@ -279,21 +279,15 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids)
struct netr_DomainTrustList *trusts)
{
NTSTATUS result;
result = msrpc_methods.trusted_domains(domain, mem_ctx,
num_domains, names,
alt_names, dom_sids);
result = msrpc_methods.trusted_domains(domain, mem_ctx, trusts);
if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))
result = msrpc_methods.trusted_domains(domain, mem_ctx,
num_domains, names,
alt_names, dom_sids);
trusts);
return result;
}

47
source3/winbindd/winbindd_rpc.c
View File

@ -1032,10 +1032,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
/* get a list of trusted domains */
static NTSTATUS trusted_domains(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_domains,
char ***names,
char ***alt_names,
DOM_SID **dom_sids)
struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 enum_ctx = 0;
@ -1044,10 +1041,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
DEBUG(3,("rpc: trusted_domains\n"));
*num_domains = 0;
*names = NULL;
*alt_names = NULL;
*dom_sids = NULL;
ZERO_STRUCTP(trusts);
result = cm_connect_lsa(domain, mem_ctx, &cli, &lsa_policy);
if (!NT_STATUS_IS_OK(result))
@ -1070,22 +1064,33 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
break;
start_idx = *num_domains;
*num_domains += dom_list.count;
*names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
char *, *num_domains);
*dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
DOM_SID, *num_domains);
*alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names,
char *, *num_domains);
if ((*names == NULL) || (*dom_sids == NULL) ||
(*alt_names == NULL))
start_idx = trusts->count;
trusts->count += dom_list.count;
trusts->array = talloc_realloc(
mem_ctx, trusts->array, struct netr_DomainTrust,
trusts->count);
if (trusts->array == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<dom_list.count; i++) {
(*names)[start_idx+i] = CONST_DISCARD(char *, dom_list.domains[i].name.string);
(*dom_sids)[start_idx+i] = *dom_list.domains[i].sid;
(*alt_names)[start_idx+i] = talloc_strdup(mem_ctx, "");
struct netr_DomainTrust *trust = &trusts->array[i];
struct dom_sid *sid;
ZERO_STRUCTP(trust);
trust->netbios_name = talloc_move(
trusts->array,
&dom_list.domains[i].name.string);
trust->dns_name = NULL;
sid = talloc(trusts->array, struct dom_sid);
if (sid == NULL) {
return NT_STATUS_NO_MEMORY;
}
sid_copy(sid, dom_list.domains[i].sid);
trust->sid = sid;
}
}
return result;