2 * Unix SMB/CIFS implementation.
4 * Winbind rpc backend functions
6 * Copyright (c) 2000-2003 Tim Potter
7 * Copyright (c) 2001 Andrew Tridgell
8 * Copyright (c) 2005 Volker Lendecke
9 * Copyright (c) 2008 Guenther Deschner (pidl conversion)
10 * Copyright (c) 2010 Andreas Schneider <asn@samba.org>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "winbindd_rpc.h"
30 #include "../librpc/gen_ndr/ndr_samr_c.h"
31 #include "rpc_client/cli_samr.h"
32 #include "../librpc/gen_ndr/srv_samr.h"
33 #include "../librpc/gen_ndr/ndr_lsa_c.h"
34 #include "rpc_client/cli_lsarpc.h"
35 #include "../librpc/gen_ndr/srv_lsa.h"
36 #include "rpc_server/rpc_ncacn_np.h"
37 #include "../libcli/security/security.h"
40 #define DBGC_CLASS DBGC_WINBIND
42 static NTSTATUS
open_internal_samr_pipe(TALLOC_CTX
*mem_ctx
,
43 struct rpc_pipe_client
**samr_pipe
)
45 struct rpc_pipe_client
*cli
= NULL
;
46 struct auth_serversupplied_info
*session_info
= NULL
;
53 if (session_info
== NULL
) {
54 status
= make_session_info_system(mem_ctx
, &session_info
);
55 if (!NT_STATUS_IS_OK(status
)) {
56 DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
62 /* create a samr connection */
63 status
= rpc_pipe_open_interface(mem_ctx
,
64 &ndr_table_samr
.syntax_id
,
67 winbind_messaging_context(),
69 if (!NT_STATUS_IS_OK(status
)) {
70 DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
83 NTSTATUS
open_internal_samr_conn(TALLOC_CTX
*mem_ctx
,
84 struct winbindd_domain
*domain
,
85 struct rpc_pipe_client
**samr_pipe
,
86 struct policy_handle
*samr_domain_hnd
)
88 NTSTATUS status
, result
;
89 struct policy_handle samr_connect_hnd
;
90 struct dcerpc_binding_handle
*b
;
92 status
= open_internal_samr_pipe(mem_ctx
, samr_pipe
);
93 if (!NT_STATUS_IS_OK(status
)) {
97 b
= (*samr_pipe
)->binding_handle
;
99 status
= dcerpc_samr_Connect2(b
, mem_ctx
,
100 (*samr_pipe
)->desthost
,
101 SEC_FLAG_MAXIMUM_ALLOWED
,
104 if (!NT_STATUS_IS_OK(status
)) {
107 if (!NT_STATUS_IS_OK(result
)) {
111 status
= dcerpc_samr_OpenDomain(b
, mem_ctx
,
113 SEC_FLAG_MAXIMUM_ALLOWED
,
117 if (!NT_STATUS_IS_OK(status
)) {
124 static NTSTATUS
open_internal_lsa_pipe(TALLOC_CTX
*mem_ctx
,
125 struct rpc_pipe_client
**lsa_pipe
)
127 struct rpc_pipe_client
*cli
= NULL
;
128 struct auth_serversupplied_info
*session_info
= NULL
;
135 if (session_info
== NULL
) {
136 status
= make_session_info_system(mem_ctx
, &session_info
);
137 if (!NT_STATUS_IS_OK(status
)) {
138 DEBUG(0, ("open_lsa_pipe: Could not create auth_serversupplied_info: %s\n",
144 /* create a lsa connection */
145 status
= rpc_pipe_open_interface(mem_ctx
,
146 &ndr_table_lsarpc
.syntax_id
,
149 winbind_messaging_context(),
151 if (!NT_STATUS_IS_OK(status
)) {
152 DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n",
165 static NTSTATUS
open_internal_lsa_conn(TALLOC_CTX
*mem_ctx
,
166 struct rpc_pipe_client
**lsa_pipe
,
167 struct policy_handle
*lsa_hnd
)
171 status
= open_internal_lsa_pipe(mem_ctx
, lsa_pipe
);
172 if (!NT_STATUS_IS_OK(status
)) {
176 status
= rpccli_lsa_open_policy((*lsa_pipe
),
179 SEC_FLAG_MAXIMUM_ALLOWED
,
185 /*********************************************************************
186 SAM specific functions.
187 *********************************************************************/
189 /* List all domain groups */
190 static NTSTATUS
sam_enum_dom_groups(struct winbindd_domain
*domain
,
193 struct acct_info
**pinfo
)
195 struct rpc_pipe_client
*samr_pipe
;
196 struct policy_handle dom_pol
;
197 struct acct_info
*info
= NULL
;
198 uint32_t num_info
= 0;
200 NTSTATUS status
, result
;
201 struct dcerpc_binding_handle
*b
= NULL
;
203 DEBUG(3,("sam_enum_dom_groups\n"));
205 ZERO_STRUCT(dom_pol
);
211 tmp_ctx
= talloc_stackframe();
212 if (tmp_ctx
== NULL
) {
213 return NT_STATUS_NO_MEMORY
;
216 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
217 if (!NT_STATUS_IS_OK(status
)) {
221 b
= samr_pipe
->binding_handle
;
223 status
= rpc_enum_dom_groups(tmp_ctx
,
228 if (!NT_STATUS_IS_OK(status
)) {
233 *pnum_info
= num_info
;
237 *pinfo
= talloc_move(mem_ctx
, &info
);
241 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
242 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
244 TALLOC_FREE(tmp_ctx
);
248 /* Query display info for a domain */
249 static NTSTATUS
sam_query_user_list(struct winbindd_domain
*domain
,
252 struct wbint_userinfo
**pinfo
)
254 struct rpc_pipe_client
*samr_pipe
= NULL
;
255 struct policy_handle dom_pol
;
256 struct wbint_userinfo
*info
= NULL
;
257 uint32_t num_info
= 0;
259 NTSTATUS status
, result
;
260 struct dcerpc_binding_handle
*b
= NULL
;
262 DEBUG(3,("samr_query_user_list\n"));
264 ZERO_STRUCT(dom_pol
);
270 tmp_ctx
= talloc_stackframe();
271 if (tmp_ctx
== NULL
) {
272 return NT_STATUS_NO_MEMORY
;
275 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
276 if (!NT_STATUS_IS_OK(status
)) {
280 b
= samr_pipe
->binding_handle
;
282 status
= rpc_query_user_list(tmp_ctx
,
288 if (!NT_STATUS_IS_OK(status
)) {
293 *pnum_info
= num_info
;
297 *pinfo
= talloc_move(mem_ctx
, &info
);
301 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
302 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
305 TALLOC_FREE(tmp_ctx
);
309 /* Lookup user information from a rid or username. */
310 static NTSTATUS
sam_query_user(struct winbindd_domain
*domain
,
312 const struct dom_sid
*user_sid
,
313 struct wbint_userinfo
*user_info
)
315 struct rpc_pipe_client
*samr_pipe
;
316 struct policy_handle dom_pol
;
318 NTSTATUS status
, result
;
319 struct dcerpc_binding_handle
*b
= NULL
;
321 DEBUG(3,("sam_query_user\n"));
323 ZERO_STRUCT(dom_pol
);
326 if (!sid_check_is_in_our_domain(user_sid
)) {
327 return NT_STATUS_NO_SUCH_USER
;
331 user_info
->homedir
= NULL
;
332 user_info
->shell
= NULL
;
333 user_info
->primary_gid
= (gid_t
) -1;
336 tmp_ctx
= talloc_stackframe();
337 if (tmp_ctx
== NULL
) {
338 return NT_STATUS_NO_MEMORY
;
341 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
342 if (!NT_STATUS_IS_OK(status
)) {
346 b
= samr_pipe
->binding_handle
;
348 status
= rpc_query_user(tmp_ctx
,
356 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
357 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
360 TALLOC_FREE(tmp_ctx
);
364 /* get a list of trusted domains - builtin domain */
365 static NTSTATUS
sam_trusted_domains(struct winbindd_domain
*domain
,
367 struct netr_DomainTrustList
*ptrust_list
)
369 struct rpc_pipe_client
*lsa_pipe
;
370 struct policy_handle lsa_policy
;
371 struct netr_DomainTrust
*trusts
= NULL
;
372 uint32_t num_trusts
= 0;
374 NTSTATUS status
, result
;
375 struct dcerpc_binding_handle
*b
= NULL
;
377 DEBUG(3,("samr: trusted domains\n"));
379 ZERO_STRUCT(lsa_policy
);
382 ZERO_STRUCTP(ptrust_list
);
385 tmp_ctx
= talloc_stackframe();
386 if (tmp_ctx
== NULL
) {
387 return NT_STATUS_NO_MEMORY
;
390 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
391 if (!NT_STATUS_IS_OK(status
)) {
395 b
= lsa_pipe
->binding_handle
;
397 status
= rpc_trusted_domains(tmp_ctx
,
402 if (!NT_STATUS_IS_OK(status
)) {
407 ptrust_list
->count
= num_trusts
;
408 ptrust_list
->array
= talloc_move(mem_ctx
, &trusts
);
412 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
413 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
416 TALLOC_FREE(tmp_ctx
);
420 /* Lookup group membership given a rid. */
421 static NTSTATUS
sam_lookup_groupmem(struct winbindd_domain
*domain
,
423 const struct dom_sid
*group_sid
,
424 enum lsa_SidType type
,
425 uint32_t *pnum_names
,
426 struct dom_sid
**psid_mem
,
428 uint32_t **pname_types
)
430 struct rpc_pipe_client
*samr_pipe
;
431 struct policy_handle dom_pol
;
433 uint32_t num_names
= 0;
434 struct dom_sid
*sid_mem
= NULL
;
436 uint32_t *name_types
= NULL
;
439 NTSTATUS status
, result
;
440 struct dcerpc_binding_handle
*b
= NULL
;
442 DEBUG(3,("sam_lookup_groupmem\n"));
444 ZERO_STRUCT(dom_pol
);
447 if (sid_check_is_in_builtin(group_sid
) && (type
!= SID_NAME_ALIAS
)) {
448 /* There's no groups, only aliases in BUILTIN */
449 return NT_STATUS_NO_SUCH_GROUP
;
456 tmp_ctx
= talloc_stackframe();
457 if (tmp_ctx
== NULL
) {
458 return NT_STATUS_NO_MEMORY
;
461 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
462 if (!NT_STATUS_IS_OK(status
)) {
466 b
= samr_pipe
->binding_handle
;
468 status
= rpc_lookup_groupmem(tmp_ctx
,
481 *pnum_names
= num_names
;
485 *pnames
= talloc_move(mem_ctx
, &names
);
489 *pname_types
= talloc_move(mem_ctx
, &name_types
);
493 *psid_mem
= talloc_move(mem_ctx
, &sid_mem
);
497 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
498 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
501 TALLOC_FREE(tmp_ctx
);
505 /*********************************************************************
506 BUILTIN specific functions.
507 *********************************************************************/
509 /* List all domain groups */
510 static NTSTATUS
builtin_enum_dom_groups(struct winbindd_domain
*domain
,
513 struct acct_info
**info
)
515 /* BUILTIN doesn't have domain groups */
521 /* Query display info for a domain */
522 static NTSTATUS
builtin_query_user_list(struct winbindd_domain
*domain
,
525 struct wbint_userinfo
**info
)
527 /* We don't have users */
533 /* Lookup user information from a rid or username. */
534 static NTSTATUS
builtin_query_user(struct winbindd_domain
*domain
,
536 const struct dom_sid
*user_sid
,
537 struct wbint_userinfo
*user_info
)
539 return NT_STATUS_NO_SUCH_USER
;
542 /* get a list of trusted domains - builtin domain */
543 static NTSTATUS
builtin_trusted_domains(struct winbindd_domain
*domain
,
545 struct netr_DomainTrustList
*trusts
)
547 ZERO_STRUCTP(trusts
);
551 /*********************************************************************
553 *********************************************************************/
555 /* List all local groups (aliases) */
556 static NTSTATUS
sam_enum_local_groups(struct winbindd_domain
*domain
,
559 struct acct_info
**pinfo
)
561 struct rpc_pipe_client
*samr_pipe
;
562 struct policy_handle dom_pol
;
563 struct acct_info
*info
= NULL
;
564 uint32_t num_info
= 0;
566 NTSTATUS status
, result
;
567 struct dcerpc_binding_handle
*b
= NULL
;
569 DEBUG(3,("samr: enum local groups\n"));
571 ZERO_STRUCT(dom_pol
);
577 tmp_ctx
= talloc_stackframe();
578 if (tmp_ctx
== NULL
) {
579 return NT_STATUS_NO_MEMORY
;
582 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
583 if (!NT_STATUS_IS_OK(status
)) {
587 b
= samr_pipe
->binding_handle
;
589 status
= rpc_enum_local_groups(mem_ctx
,
594 if (!NT_STATUS_IS_OK(status
)) {
599 *pnum_info
= num_info
;
603 *pinfo
= talloc_move(mem_ctx
, &info
);
607 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
608 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
611 TALLOC_FREE(tmp_ctx
);
615 /* convert a single name to a sid in a domain */
616 static NTSTATUS
sam_name_to_sid(struct winbindd_domain
*domain
,
618 const char *domain_name
,
621 struct dom_sid
*psid
,
622 enum lsa_SidType
*ptype
)
624 struct rpc_pipe_client
*lsa_pipe
;
625 struct policy_handle lsa_policy
;
627 enum lsa_SidType type
;
629 NTSTATUS status
, result
;
630 struct dcerpc_binding_handle
*b
= NULL
;
632 DEBUG(3,("sam_name_to_sid\n"));
634 ZERO_STRUCT(lsa_policy
);
636 tmp_ctx
= talloc_stackframe();
637 if (tmp_ctx
== NULL
) {
638 return NT_STATUS_NO_MEMORY
;
641 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
642 if (!NT_STATUS_IS_OK(status
)) {
646 b
= lsa_pipe
->binding_handle
;
648 status
= rpc_name_to_sid(tmp_ctx
,
656 if (!NT_STATUS_IS_OK(status
)) {
661 sid_copy(psid
, &sid
);
668 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
669 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
672 TALLOC_FREE(tmp_ctx
);
676 /* convert a domain SID to a user or group name */
677 static NTSTATUS
sam_sid_to_name(struct winbindd_domain
*domain
,
679 const struct dom_sid
*sid
,
682 enum lsa_SidType
*ptype
)
684 struct rpc_pipe_client
*lsa_pipe
;
685 struct policy_handle lsa_policy
;
686 char *domain_name
= NULL
;
688 enum lsa_SidType type
;
690 NTSTATUS status
, result
;
691 struct dcerpc_binding_handle
*b
= NULL
;
693 DEBUG(3,("sam_sid_to_name\n"));
695 ZERO_STRUCT(lsa_policy
);
698 if (!sid_check_is_in_builtin(sid
) &&
699 !sid_check_is_in_our_domain(sid
) &&
700 !sid_check_is_in_unix_users(sid
) &&
701 !sid_check_is_unix_users(sid
) &&
702 !sid_check_is_in_unix_groups(sid
) &&
703 !sid_check_is_unix_groups(sid
) &&
704 !sid_check_is_in_wellknown_domain(sid
)) {
705 DEBUG(0, ("sam_sid_to_name: possible deadlock - trying to "
706 "lookup SID %s\n", sid_string_dbg(sid
)));
707 return NT_STATUS_NONE_MAPPED
;
710 tmp_ctx
= talloc_stackframe();
711 if (tmp_ctx
== NULL
) {
712 return NT_STATUS_NO_MEMORY
;
715 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
716 if (!NT_STATUS_IS_OK(status
)) {
720 b
= lsa_pipe
->binding_handle
;
722 status
= rpc_sid_to_name(tmp_ctx
,
736 *pname
= talloc_move(mem_ctx
, &name
);
740 *pdomain_name
= talloc_move(mem_ctx
, &domain_name
);
744 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
745 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
748 TALLOC_FREE(tmp_ctx
);
752 static NTSTATUS
sam_rids_to_names(struct winbindd_domain
*domain
,
754 const struct dom_sid
*domain_sid
,
759 enum lsa_SidType
**ptypes
)
761 struct rpc_pipe_client
*lsa_pipe
;
762 struct policy_handle lsa_policy
;
763 enum lsa_SidType
*types
= NULL
;
764 char *domain_name
= NULL
;
767 NTSTATUS status
, result
;
768 struct dcerpc_binding_handle
*b
= NULL
;
770 DEBUG(3,("sam_rids_to_names for %s\n", domain
->name
));
772 ZERO_STRUCT(lsa_policy
);
775 if (!sid_check_is_builtin(domain_sid
) &&
776 !sid_check_is_domain(domain_sid
) &&
777 !sid_check_is_unix_users(domain_sid
) &&
778 !sid_check_is_unix_groups(domain_sid
) &&
779 !sid_check_is_in_wellknown_domain(domain_sid
)) {
780 DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
781 "lookup SID %s\n", sid_string_dbg(domain_sid
)));
782 return NT_STATUS_NONE_MAPPED
;
785 tmp_ctx
= talloc_stackframe();
786 if (tmp_ctx
== NULL
) {
787 return NT_STATUS_NO_MEMORY
;
790 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
791 if (!NT_STATUS_IS_OK(status
)) {
795 b
= lsa_pipe
->binding_handle
;
797 status
= rpc_rids_to_names(tmp_ctx
,
807 if (!NT_STATUS_IS_OK(status
)) {
812 *pdomain_name
= talloc_move(mem_ctx
, &domain_name
);
816 *ptypes
= talloc_move(mem_ctx
, &types
);
820 *pnames
= talloc_move(mem_ctx
, &names
);
824 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
825 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
828 TALLOC_FREE(tmp_ctx
);
832 static NTSTATUS
sam_lockout_policy(struct winbindd_domain
*domain
,
834 struct samr_DomInfo12
*lockout_policy
)
836 struct rpc_pipe_client
*samr_pipe
;
837 struct policy_handle dom_pol
;
838 union samr_DomainInfo
*info
= NULL
;
840 NTSTATUS status
, result
;
841 struct dcerpc_binding_handle
*b
= NULL
;
843 DEBUG(3,("sam_lockout_policy\n"));
845 ZERO_STRUCT(dom_pol
);
847 tmp_ctx
= talloc_stackframe();
848 if (tmp_ctx
== NULL
) {
849 return NT_STATUS_NO_MEMORY
;
852 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
853 if (!NT_STATUS_IS_OK(status
)) {
857 b
= samr_pipe
->binding_handle
;
859 status
= dcerpc_samr_QueryDomainInfo(b
,
865 if (!NT_STATUS_IS_OK(status
)) {
868 if (!NT_STATUS_IS_OK(result
)) {
873 *lockout_policy
= info
->info12
;
876 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
877 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
880 TALLOC_FREE(tmp_ctx
);
884 static NTSTATUS
sam_password_policy(struct winbindd_domain
*domain
,
886 struct samr_DomInfo1
*passwd_policy
)
888 struct rpc_pipe_client
*samr_pipe
;
889 struct policy_handle dom_pol
;
890 union samr_DomainInfo
*info
= NULL
;
892 NTSTATUS status
, result
;
893 struct dcerpc_binding_handle
*b
= NULL
;
895 DEBUG(3,("sam_password_policy\n"));
897 ZERO_STRUCT(dom_pol
);
899 tmp_ctx
= talloc_stackframe();
900 if (tmp_ctx
== NULL
) {
901 return NT_STATUS_NO_MEMORY
;
904 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
905 if (!NT_STATUS_IS_OK(status
)) {
909 b
= samr_pipe
->binding_handle
;
911 status
= dcerpc_samr_QueryDomainInfo(b
,
917 if (!NT_STATUS_IS_OK(status
)) {
920 if (!NT_STATUS_IS_OK(result
)) {
925 *passwd_policy
= info
->info1
;
928 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
929 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
932 TALLOC_FREE(tmp_ctx
);
936 /* Lookup groups a user is a member of. */
937 static NTSTATUS
sam_lookup_usergroups(struct winbindd_domain
*domain
,
939 const struct dom_sid
*user_sid
,
940 uint32_t *pnum_groups
,
941 struct dom_sid
**puser_grpsids
)
943 struct rpc_pipe_client
*samr_pipe
;
944 struct policy_handle dom_pol
;
945 struct dom_sid
*user_grpsids
= NULL
;
946 uint32_t num_groups
= 0;
948 NTSTATUS status
, result
;
949 struct dcerpc_binding_handle
*b
= NULL
;
951 DEBUG(3,("sam_lookup_usergroups\n"));
953 ZERO_STRUCT(dom_pol
);
959 tmp_ctx
= talloc_stackframe();
960 if (tmp_ctx
== NULL
) {
961 return NT_STATUS_NO_MEMORY
;
964 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
965 if (!NT_STATUS_IS_OK(status
)) {
969 b
= samr_pipe
->binding_handle
;
971 status
= rpc_lookup_usergroups(tmp_ctx
,
978 if (!NT_STATUS_IS_OK(status
)) {
983 *pnum_groups
= num_groups
;
987 *puser_grpsids
= talloc_move(mem_ctx
, &user_grpsids
);
991 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
992 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
995 TALLOC_FREE(tmp_ctx
);
999 static NTSTATUS
sam_lookup_useraliases(struct winbindd_domain
*domain
,
1000 TALLOC_CTX
*mem_ctx
,
1002 const struct dom_sid
*sids
,
1003 uint32_t *pnum_aliases
,
1004 uint32_t **palias_rids
)
1006 struct rpc_pipe_client
*samr_pipe
;
1007 struct policy_handle dom_pol
;
1008 uint32_t num_aliases
= 0;
1009 uint32_t *alias_rids
= NULL
;
1010 TALLOC_CTX
*tmp_ctx
;
1011 NTSTATUS status
, result
;
1012 struct dcerpc_binding_handle
*b
= NULL
;
1014 DEBUG(3,("sam_lookup_useraliases\n"));
1016 ZERO_STRUCT(dom_pol
);
1022 tmp_ctx
= talloc_stackframe();
1023 if (tmp_ctx
== NULL
) {
1024 return NT_STATUS_NO_MEMORY
;
1027 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
1028 if (!NT_STATUS_IS_OK(status
)) {
1032 b
= samr_pipe
->binding_handle
;
1034 status
= rpc_lookup_useraliases(tmp_ctx
,
1041 if (!NT_STATUS_IS_OK(status
)) {
1046 *pnum_aliases
= num_aliases
;
1050 *palias_rids
= talloc_move(mem_ctx
, &alias_rids
);
1054 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
1055 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
1058 TALLOC_FREE(tmp_ctx
);
1062 /* find the sequence number for a domain */
1063 static NTSTATUS
sam_sequence_number(struct winbindd_domain
*domain
,
1066 struct rpc_pipe_client
*samr_pipe
;
1067 struct policy_handle dom_pol
;
1069 TALLOC_CTX
*tmp_ctx
;
1070 NTSTATUS status
, result
;
1071 struct dcerpc_binding_handle
*b
= NULL
;
1073 DEBUG(3,("samr: sequence number\n"));
1075 ZERO_STRUCT(dom_pol
);
1078 *pseq
= DOM_SEQUENCE_NONE
;
1081 tmp_ctx
= talloc_stackframe();
1082 if (tmp_ctx
== NULL
) {
1083 return NT_STATUS_NO_MEMORY
;
1086 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
1087 if (!NT_STATUS_IS_OK(status
)) {
1091 b
= samr_pipe
->binding_handle
;
1093 status
= rpc_sequence_number(tmp_ctx
,
1098 if (!NT_STATUS_IS_OK(status
)) {
1106 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
1107 dcerpc_samr_Close(b
, tmp_ctx
, &dom_pol
, &result
);
1110 TALLOC_FREE(tmp_ctx
);
1114 /* the rpc backend methods are exposed via this structure */
1115 struct winbindd_methods builtin_passdb_methods
= {
1116 .consistent
= false,
1118 .query_user_list
= builtin_query_user_list
,
1119 .enum_dom_groups
= builtin_enum_dom_groups
,
1120 .enum_local_groups
= sam_enum_local_groups
,
1121 .name_to_sid
= sam_name_to_sid
,
1122 .sid_to_name
= sam_sid_to_name
,
1123 .rids_to_names
= sam_rids_to_names
,
1124 .query_user
= builtin_query_user
,
1125 .lookup_usergroups
= sam_lookup_usergroups
,
1126 .lookup_useraliases
= sam_lookup_useraliases
,
1127 .lookup_groupmem
= sam_lookup_groupmem
,
1128 .sequence_number
= sam_sequence_number
,
1129 .lockout_policy
= sam_lockout_policy
,
1130 .password_policy
= sam_password_policy
,
1131 .trusted_domains
= builtin_trusted_domains
1134 /* the rpc backend methods are exposed via this structure */
1135 struct winbindd_methods sam_passdb_methods
= {
1136 .consistent
= false,
1138 .query_user_list
= sam_query_user_list
,
1139 .enum_dom_groups
= sam_enum_dom_groups
,
1140 .enum_local_groups
= sam_enum_local_groups
,
1141 .name_to_sid
= sam_name_to_sid
,
1142 .sid_to_name
= sam_sid_to_name
,
1143 .rids_to_names
= sam_rids_to_names
,
1144 .query_user
= sam_query_user
,
1145 .lookup_usergroups
= sam_lookup_usergroups
,
1146 .lookup_useraliases
= sam_lookup_useraliases
,
1147 .lookup_groupmem
= sam_lookup_groupmem
,
1148 .sequence_number
= sam_sequence_number
,
1149 .lockout_policy
= sam_lockout_policy
,
1150 .password_policy
= sam_password_policy
,
1151 .trusted_domains
= sam_trusted_domains