r4331: Implement SAMR query_dom_info-call info-level 8 server- and client-side,

based on samba4-idl.

This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.

Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.

Guenther

source/include/rpc_samr.h

@@ -537,6 +537,13 @@ typedef struct sam_unknown_info_7_info
 
 } SAM_UNK_INFO_7;
 
+typedef struct sam_unknown_info_8_info
+{
+	UINT64_S seq_num;
+	NTTIME domain_create_time;
+
+} SAM_UNK_INFO_8;
+
 typedef struct sam_unknown_info_12_inf
 {
 	NTTIME duration;
@@ -564,8 +571,7 @@ typedef struct sam_unknown_info_2_inf
 	   pointer is referring to
 	 */
 
-	uint32 seq_num; /* some sort of incrementing sequence number? */
-	uint32 unknown_3; /* 0x0000 0000 */
+	UINT64_S seq_num;
 	
 	uint32 unknown_4; /* 0x0000 0001 */
 	uint32 unknown_5; /* 0x0000 0003 */
@@ -603,6 +609,7 @@ typedef struct sam_unknown_ctr_info
 		SAM_UNK_INFO_5 inf5;
 		SAM_UNK_INFO_6 inf6;
 		SAM_UNK_INFO_7 inf7;
+		SAM_UNK_INFO_8 inf8;
 		SAM_UNK_INFO_12 inf12;
 
 	} info;

source/nsswitch/winbindd_rpc.c

@@ -807,10 +807,10 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 	TALLOC_CTX *mem_ctx;
 	CLI_POLICY_HND *hnd;
 	SAM_UNK_CTR ctr;
-	uint16 switch_value = 2;
 	NTSTATUS result;
 	POLICY_HND dom_pol;
 	BOOL got_dom_pol = False;
+	BOOL got_seq_num = False;
 	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	int retry;
 
@@ -856,10 +856,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 	/* Query domain info */
 
 	result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
-					 switch_value, &ctr);
+					 8, &ctr);
 
 	if (NT_STATUS_IS_OK(result)) {
-		*seq = ctr.info.inf2.seq_num;
+		*seq = ctr.info.inf8.seq_num.low;
+		got_seq_num = True;
+		goto seq_num;
+	}
+
+	/* retry with info-level 2 in case the dc does not support info-level 8
+	 * (like all older samba2 and samba3 dc's - Guenther */
+
+	result = cli_samr_query_dom_info(hnd->cli, mem_ctx, &dom_pol,
+					 2, &ctr);
+	
+	if (NT_STATUS_IS_OK(result)) {
+		*seq = ctr.info.inf2.seq_num.low;
+		got_seq_num = True;
+	}
+
+ seq_num:
+	if (got_seq_num) {
 		DEBUG(10,("domain_sequence_number: for domain %s is %u\n", domain->name, (unsigned)*seq));
 	} else {
 		DEBUG(10,("domain_sequence_number: failed to get sequence number (%u) for domain %s\n",

source/rpc_parse/parse_samr.c

@@ -588,6 +588,40 @@ static BOOL sam_io_unk_info7(const char *desc, SAM_UNK_INFO_7 * u_7,
 	return True;
 }
 
+/*******************************************************************
+inits a structure.
+********************************************************************/
+
+void init_unk_info8(SAM_UNK_INFO_8 * u_8, uint32 seq_num)
+{
+	unix_to_nt_time(&u_8->domain_create_time, 0);
+	u_8->seq_num.low = seq_num;
+	u_8->seq_num.high = 0x0000;
+}
+
+/*******************************************************************
+reads or writes a structure.
+********************************************************************/
+
+static BOOL sam_io_unk_info8(const char *desc, SAM_UNK_INFO_8 * u_8,
+			     prs_struct *ps, int depth)
+{
+	if (u_8 == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_unk_info8");
+	depth++;
+
+	if (!prs_uint64("seq_num", ps, depth, &u_8->seq_num))
+		return False;
+
+	if(!smb_io_time("domain_create_time", &u_8->domain_create_time, ps, depth))
+		return False;
+
+	return True;
+}
+
+
 /*******************************************************************
 inits a structure.
 ********************************************************************/
@@ -668,8 +702,9 @@ void init_unk_info2(SAM_UNK_INFO_2 * u_2,
 	u_2->unknown_0 = 0x00000000;
 	u_2->unknown_1 = 0x80000000;
 
-	u_2->seq_num = seq_num;
-	u_2->unknown_3 = 0x00000000;
+	u_2->seq_num.low = seq_num;
+	u_2->seq_num.high = 0x00000000;
+
 
 	u_2->unknown_4 = 0x00000001;
 	u_2->unknown_5 = 0x00000003;
@@ -716,9 +751,7 @@ static BOOL sam_io_unk_info2(const char *desc, SAM_UNK_INFO_2 * u_2,
 	   pointer is referring to
 	 */
 
-	if(!prs_uint32("seq_num ", ps, depth, &u_2->seq_num))	/* 0x0000 0099 or 0x1000 0000 */
-		return False;
-	if(!prs_uint32("unknown_3 ", ps, depth, &u_2->unknown_3))	/* 0x0000 0000 */
+	if(!prs_uint64("seq_num ", ps, depth, &u_2->seq_num))
 		return False;
 
 	if(!prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4)) /* 0x0000 0001 */
@@ -843,6 +876,10 @@ BOOL samr_io_r_query_dom_info(const char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u,
 			if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
 				return False;
 			break;
+		case 0x08:
+			if(!sam_io_unk_info8("unk_inf8",&r_u->ctr->info.inf8, ps,depth))
+				return False;
+			break;
 		case 0x07:
 			if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
 				return False;

source/rpc_server/srv_samr_nt.c

@@ -2133,6 +2133,9 @@ NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SA
 		case 0x07:
 			init_unk_info7(&ctr->info.inf7);
 			break;
+		case 0x08:
+			init_unk_info8(&ctr->info.inf8, (uint32) time(NULL));
+			break;
 		case 0x0c:
 			account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
 			u_lock_duration = account_policy_temp * 60;

source/rpcclient/cmd_samr.c

@@ -160,16 +160,23 @@ static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
 	printf("Total Groups:\t%d\n", info2->num_domain_grps);
 	printf("Total Aliases:\t%d\n", info2->num_local_grps);
 	
-	printf("Sequence No:\t%d\n", info2->seq_num);
+	printf("Sequence No:\t%d\n", info2->seq_num.low);
 	
 	printf("Unknown 0:\t0x%x\n", info2->unknown_0);
 	printf("Unknown 1:\t0x%x\n", info2->unknown_1);
-	printf("Unknown 3:\t0x%x\n", info2->unknown_3);
 	printf("Unknown 4:\t0x%x\n", info2->unknown_4);
 	printf("Unknown 5:\t0x%x\n", info2->unknown_5);
 	printf("Unknown 6:\t0x%x\n", info2->unknown_6);
 }
 
+static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
+{
+	printf("Sequence No:\t%d\n", info8->seq_num.low);
+	printf("Domain Create Time:\t%s\n", 
+		http_timestring(nt_time_to_unix(&info8->domain_create_time)));
+
+}
+
 static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
 {
 	printf("Bad password lockout duration:               %s\n", display_time(info12->duration));
@@ -1130,6 +1137,9 @@ static NTSTATUS cmd_samr_query_dominfo(struct cli_state *cli,
 	case 2:
 		display_sam_unk_info_2(&ctr.info.inf2);
 		break;
+	case 8:
+		display_sam_unk_info_8(&ctr.info.inf8);
+		break;
 	case 12:
 		display_sam_unk_info_12(&ctr.info.inf12);
 		break;