1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s3-winbind: prefer dcerpc_netr_X functions.

Guenther

Signed-off-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Günther Deschner 2011-01-12 11:55:34 +01:00 committed by Andreas Schneider
parent 232378c6e5
commit c9b3404c68
4 changed files with 61 additions and 28 deletions

View File

@ -23,7 +23,7 @@
#include "includes.h"
#include "winbindd.h"
#include "../librpc/gen_ndr/cli_netlogon.h"
#include "../librpc/gen_ndr/ndr_netlogon_c.h"
#include "../libds/common/flags.h"
#include "ads.h"
#include "secrets.h"
@ -1292,10 +1292,12 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
struct netr_DomainTrustList *trusts)
{
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
WERROR werr;
int i;
uint32 flags;
struct rpc_pipe_client *cli;
int ret_count;
struct dcerpc_binding_handle *b;
DEBUG(3,("ads: trusted_domains\n"));
@ -1322,14 +1324,20 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
return NT_STATUS_UNSUCCESSFUL;
}
result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
b = cli->binding_handle;
result = dcerpc_netr_DsrEnumerateDomainTrusts(b, mem_ctx,
cli->desthost,
flags,
trusts,
NULL);
&werr);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
if (!W_ERROR_IS_OK(werr)) {
return werror_to_ntstatus(werr);
}
if (trusts->count == 0) {
return NT_STATUS_OK;
}

View File

@ -61,7 +61,7 @@
#include "includes.h"
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/cli_netlogon.h"
#include "../librpc/gen_ndr/ndr_netlogon_c.h"
#include "rpc_client/cli_netlogon.h"
#include "../librpc/gen_ndr/cli_samr.h"
#include "../librpc/gen_ndr/cli_lsa.h"
@ -603,6 +603,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
unsigned int orig_timeout;
const char *tmp = NULL;
const char *p;
struct dcerpc_binding_handle *b;
/* Hmmmm. We can only open one connection to the NETLOGON pipe at the
* moment.... */
@ -627,6 +628,8 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
return False;
}
b = netlogon_pipe->binding_handle;
/* This call can take a long time - allow the server to time out.
35 seconds should do it. */
@ -635,7 +638,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
if (our_domain->active_directory) {
struct netr_DsRGetDCNameInfo *domain_info = NULL;
result = rpccli_netr_DsRGetDCName(netlogon_pipe,
result = dcerpc_netr_DsRGetDCName(b,
mem_ctx,
our_domain->dcname,
domain->name,
@ -662,7 +665,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
}
}
} else {
result = rpccli_netr_GetAnyDCName(netlogon_pipe, mem_ctx,
result = dcerpc_netr_GetAnyDCName(b, mem_ctx,
our_domain->dcname,
domain->name,
&tmp,
@ -673,27 +676,27 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
rpccli_set_timeout(netlogon_pipe, orig_timeout);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n",
DEBUG(10,("dcerpc_netr_GetAnyDCName failed: %s\n",
nt_errstr(result)));
talloc_destroy(mem_ctx);
return false;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n",
DEBUG(10,("dcerpc_netr_GetAnyDCName failed: %s\n",
win_errstr(werr)));
talloc_destroy(mem_ctx);
return false;
}
/* rpccli_netr_GetAnyDCName gives us a name with \\ */
/* dcerpc_netr_GetAnyDCName gives us a name with \\ */
p = strip_hostname(tmp);
fstrcpy(dcname, p);
talloc_destroy(mem_ctx);
DEBUG(10,("rpccli_netr_GetAnyDCName returned %s\n", dcname));
DEBUG(10,("dcerpc_netr_GetAnyDCName returned %s\n", dcname));
if (!resolve_name(dcname, dc_ss, 0x20, true)) {
return False;
@ -1704,6 +1707,7 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
{
struct winbindd_domain *our_domain;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
WERROR werr;
struct netr_DomainTrustList trusts;
int i;
uint32 flags = (NETR_TRUST_FLAG_IN_FOREST |
@ -1711,6 +1715,7 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
NETR_TRUST_FLAG_INBOUND);
struct rpc_pipe_client *cli;
TALLOC_CTX *mem_ctx = NULL;
struct dcerpc_binding_handle *b;
DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s\n", domain->name ));
@ -1745,16 +1750,18 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
return False;
}
b = cli->binding_handle;
if ( (mem_ctx = talloc_init("set_dc_type_and_flags_trustinfo")) == NULL ) {
DEBUG(0,("set_dc_type_and_flags_trustinfo: talloc_init() failed!\n"));
return False;
}
result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
result = dcerpc_netr_DsrEnumerateDomainTrusts(b, mem_ctx,
cli->desthost,
flags,
&trusts,
NULL);
&werr);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("set_dc_type_and_flags_trustinfo: "
"failed to query trusted domain list: %s\n",
@ -1762,6 +1769,13 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
talloc_destroy(mem_ctx);
return false;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("set_dc_type_and_flags_trustinfo: "
"failed to query trusted domain list: %s\n",
win_errstr(werr)));
talloc_destroy(mem_ctx);
return false;
}
/* Now find the domain name and get the flags */

View File

@ -24,7 +24,7 @@
#include "winbindd/winbindd.h"
#include "winbindd/winbindd_proto.h"
#include "librpc/gen_ndr/srv_wbint.h"
#include "../librpc/gen_ndr/cli_netlogon.h"
#include "../librpc/gen_ndr/ndr_netlogon_c.h"
#include "idmap.h"
#include "../libcli/security/security.h"
@ -291,6 +291,7 @@ NTSTATUS _wbint_DsGetDcName(struct pipes_struct *p, struct wbint_DsGetDcName *r)
NTSTATUS status;
WERROR werr;
unsigned int orig_timeout;
struct dcerpc_binding_handle *b;
if (domain == NULL) {
return dsgetdcname(p->mem_ctx, winbind_messaging_context(),
@ -307,14 +308,16 @@ NTSTATUS _wbint_DsGetDcName(struct pipes_struct *p, struct wbint_DsGetDcName *r)
return status;
}
b = netlogon_pipe->binding_handle;
/* This call can take a long time - allow the server to time out.
35 seconds should do it. */
orig_timeout = rpccli_set_timeout(netlogon_pipe, 35000);
if (domain->active_directory) {
status = rpccli_netr_DsRGetDCName(
netlogon_pipe, p->mem_ctx, domain->dcname,
status = dcerpc_netr_DsRGetDCName(b,
p->mem_ctx, domain->dcname,
r->in.domain_name, NULL, r->in.domain_guid,
r->in.flags, r->out.dc_info, &werr);
if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(werr)) {
@ -333,22 +336,22 @@ NTSTATUS _wbint_DsGetDcName(struct pipes_struct *p, struct wbint_DsGetDcName *r)
}
if (r->in.flags & DS_PDC_REQUIRED) {
status = rpccli_netr_GetDcName(
netlogon_pipe, p->mem_ctx, domain->dcname,
status = dcerpc_netr_GetDcName(b,
p->mem_ctx, domain->dcname,
r->in.domain_name, &dc_info->dc_unc, &werr);
} else {
status = rpccli_netr_GetAnyDCName(
netlogon_pipe, p->mem_ctx, domain->dcname,
status = dcerpc_netr_GetAnyDCName(b,
p->mem_ctx, domain->dcname,
r->in.domain_name, &dc_info->dc_unc, &werr);
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("rpccli_netr_Get[Any]DCName failed: %s\n",
DEBUG(10, ("dcerpc_netr_Get[Any]DCName failed: %s\n",
nt_errstr(status)));
goto done;
}
if (!W_ERROR_IS_OK(werr)) {
DEBUG(10, ("rpccli_netr_Get[Any]DCName failed: %s\n",
DEBUG(10, ("dcerpc_netr_Get[Any]DCName failed: %s\n",
win_errstr(werr)));
status = werror_to_ntstatus(werr);
goto done;
@ -526,6 +529,7 @@ NTSTATUS _wbint_PingDc(struct pipes_struct *p, struct wbint_PingDc *r)
union netr_CONTROL_QUERY_INFORMATION info;
WERROR werr;
fstring logon_server;
struct dcerpc_binding_handle *b;
domain = wb_child_domain();
if (domain == NULL) {
@ -538,6 +542,8 @@ NTSTATUS _wbint_PingDc(struct pipes_struct *p, struct wbint_PingDc *r)
return status;
}
b = netlogon_pipe->binding_handle;
fstr_sprintf(logon_server, "\\\\%s", domain->dcname);
/*
@ -546,23 +552,29 @@ NTSTATUS _wbint_PingDc(struct pipes_struct *p, struct wbint_PingDc *r)
* call to work, but the main point here is testing that the
* netlogon pipe works.
*/
status = rpccli_netr_LogonControl(netlogon_pipe, p->mem_ctx,
status = dcerpc_netr_LogonControl(b, p->mem_ctx,
logon_server, NETLOGON_CONTROL_QUERY,
2, &info, &werr);
if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
DEBUG(2, ("rpccli_netr_LogonControl timed out\n"));
DEBUG(2, ("dcerpc_netr_LogonControl timed out\n"));
invalidate_cm_connection(&domain->conn);
return status;
}
if (!NT_STATUS_EQUAL(status, NT_STATUS_CTL_FILE_NOT_SUPPORTED)) {
DEBUG(2, ("rpccli_netr_LogonControl returned %s, expected "
"NT_STATUS_CTL_FILE_NOT_SUPPORTED\n",
nt_errstr(status)));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("dcerpc_netr_LogonControl failed: %s\n",
nt_errstr(status)));
return status;
}
if (!W_ERROR_EQUAL(werr, WERR_NOT_SUPPORTED)) {
DEBUG(2, ("dcerpc_netr_LogonControl returned %s, expected "
"WERR_NOT_SUPPORTED\n",
win_errstr(werr)));
return werror_to_ntstatus(werr);
}
DEBUG(5, ("winbindd_dual_ping_dc succeeded\n"));
return NT_STATUS_OK;
}

View File

@ -22,7 +22,6 @@
#include "includes.h"
#include "winbindd.h"
#include "../librpc/gen_ndr/cli_netlogon.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND