2 * Unix SMB/CIFS implementation.
4 * Winbind rpc backend functions
6 * Copyright (c) 2000-2003 Tim Potter
7 * Copyright (c) 2001 Andrew Tridgell
8 * Copyright (c) 2005 Volker Lendecke
9 * Copyright (c) 2008 Guenther Deschner (pidl conversion)
10 * Copyright (c) 2010 Andreas Schneider <asn@samba.org>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>.
28 #include "winbindd_rpc.h"
30 #include "../librpc/gen_ndr/ndr_samr_c.h"
31 #include "rpc_client/cli_samr.h"
32 #include "../librpc/gen_ndr/srv_samr.h"
33 #include "../librpc/gen_ndr/ndr_lsa_c.h"
34 #include "rpc_client/cli_lsarpc.h"
35 #include "../librpc/gen_ndr/srv_lsa.h"
36 #include "rpc_server/rpc_ncacn_np.h"
37 #include "../libcli/security/security.h"
40 #define DBGC_CLASS DBGC_WINBIND
42 static NTSTATUS
open_internal_samr_pipe(TALLOC_CTX
*mem_ctx
,
43 struct rpc_pipe_client
**samr_pipe
)
45 struct rpc_pipe_client
*cli
= NULL
;
46 struct auth_serversupplied_info
*session_info
= NULL
;
53 if (session_info
== NULL
) {
54 status
= make_session_info_system(mem_ctx
, &session_info
);
55 if (!NT_STATUS_IS_OK(status
)) {
56 DEBUG(0, ("open_samr_pipe: Could not create auth_serversupplied_info: %s\n",
62 /* create a samr connection */
63 status
= rpc_pipe_open_interface(mem_ctx
,
64 &ndr_table_samr
.syntax_id
,
67 winbind_messaging_context(),
69 if (!NT_STATUS_IS_OK(status
)) {
70 DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n",
83 NTSTATUS
open_internal_samr_conn(TALLOC_CTX
*mem_ctx
,
84 struct winbindd_domain
*domain
,
85 struct rpc_pipe_client
**samr_pipe
,
86 struct policy_handle
*samr_domain_hnd
)
88 NTSTATUS status
, result
;
89 struct policy_handle samr_connect_hnd
;
90 struct dcerpc_binding_handle
*b
;
92 status
= open_internal_samr_pipe(mem_ctx
, samr_pipe
);
93 if (!NT_STATUS_IS_OK(status
)) {
97 b
= (*samr_pipe
)->binding_handle
;
99 status
= dcerpc_samr_Connect2(b
, mem_ctx
,
100 (*samr_pipe
)->desthost
,
101 SEC_FLAG_MAXIMUM_ALLOWED
,
104 if (!NT_STATUS_IS_OK(status
)) {
107 if (!NT_STATUS_IS_OK(result
)) {
111 status
= dcerpc_samr_OpenDomain(b
, mem_ctx
,
113 SEC_FLAG_MAXIMUM_ALLOWED
,
117 if (!NT_STATUS_IS_OK(status
)) {
124 static NTSTATUS
open_internal_lsa_pipe(TALLOC_CTX
*mem_ctx
,
125 struct rpc_pipe_client
**lsa_pipe
)
127 struct rpc_pipe_client
*cli
= NULL
;
128 struct auth_serversupplied_info
*session_info
= NULL
;
131 if (session_info
== NULL
) {
132 status
= make_session_info_system(mem_ctx
, &session_info
);
133 if (!NT_STATUS_IS_OK(status
)) {
134 DEBUG(0, ("open_lsa_pipe: Could not create auth_serversupplied_info: %s\n",
140 /* create a lsa connection */
141 status
= rpc_pipe_open_interface(mem_ctx
,
142 &ndr_table_lsarpc
.syntax_id
,
145 winbind_messaging_context(),
147 if (!NT_STATUS_IS_OK(status
)) {
148 DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n",
161 static NTSTATUS
open_internal_lsa_conn(TALLOC_CTX
*mem_ctx
,
162 struct rpc_pipe_client
**lsa_pipe
,
163 struct policy_handle
*lsa_hnd
)
167 status
= open_internal_lsa_pipe(mem_ctx
, lsa_pipe
);
168 if (!NT_STATUS_IS_OK(status
)) {
172 status
= rpccli_lsa_open_policy((*lsa_pipe
),
175 SEC_FLAG_MAXIMUM_ALLOWED
,
181 /*********************************************************************
182 SAM specific functions.
183 *********************************************************************/
185 /* List all domain groups */
186 static NTSTATUS
sam_enum_dom_groups(struct winbindd_domain
*domain
,
189 struct acct_info
**pinfo
)
191 struct rpc_pipe_client
*samr_pipe
;
192 struct policy_handle dom_pol
;
193 struct acct_info
*info
= NULL
;
194 uint32_t num_info
= 0;
196 NTSTATUS status
, result
;
197 struct dcerpc_binding_handle
*b
= NULL
;
199 DEBUG(3,("sam_enum_dom_groups\n"));
201 ZERO_STRUCT(dom_pol
);
207 tmp_ctx
= talloc_stackframe();
208 if (tmp_ctx
== NULL
) {
209 return NT_STATUS_NO_MEMORY
;
212 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
213 if (!NT_STATUS_IS_OK(status
)) {
217 b
= samr_pipe
->binding_handle
;
219 status
= rpc_enum_dom_groups(tmp_ctx
,
224 if (!NT_STATUS_IS_OK(status
)) {
229 *pnum_info
= num_info
;
233 *pinfo
= talloc_move(mem_ctx
, &info
);
237 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
238 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
240 TALLOC_FREE(tmp_ctx
);
244 /* Query display info for a domain */
245 static NTSTATUS
sam_query_user_list(struct winbindd_domain
*domain
,
248 struct wbint_userinfo
**pinfo
)
250 struct rpc_pipe_client
*samr_pipe
= NULL
;
251 struct policy_handle dom_pol
;
252 struct wbint_userinfo
*info
= NULL
;
253 uint32_t num_info
= 0;
255 NTSTATUS status
, result
;
256 struct dcerpc_binding_handle
*b
= NULL
;
258 DEBUG(3,("samr_query_user_list\n"));
260 ZERO_STRUCT(dom_pol
);
266 tmp_ctx
= talloc_stackframe();
267 if (tmp_ctx
== NULL
) {
268 return NT_STATUS_NO_MEMORY
;
271 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
272 if (!NT_STATUS_IS_OK(status
)) {
276 b
= samr_pipe
->binding_handle
;
278 status
= rpc_query_user_list(tmp_ctx
,
284 if (!NT_STATUS_IS_OK(status
)) {
289 *pnum_info
= num_info
;
293 *pinfo
= talloc_move(mem_ctx
, &info
);
297 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
298 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
301 TALLOC_FREE(tmp_ctx
);
305 /* Lookup user information from a rid or username. */
306 static NTSTATUS
sam_query_user(struct winbindd_domain
*domain
,
308 const struct dom_sid
*user_sid
,
309 struct wbint_userinfo
*user_info
)
311 struct rpc_pipe_client
*samr_pipe
;
312 struct policy_handle dom_pol
;
314 NTSTATUS status
, result
;
315 struct dcerpc_binding_handle
*b
= NULL
;
317 DEBUG(3,("sam_query_user\n"));
319 ZERO_STRUCT(dom_pol
);
322 if (!sid_check_is_in_our_domain(user_sid
)) {
323 return NT_STATUS_NO_SUCH_USER
;
327 user_info
->homedir
= NULL
;
328 user_info
->shell
= NULL
;
329 user_info
->primary_gid
= (gid_t
) -1;
332 tmp_ctx
= talloc_stackframe();
333 if (tmp_ctx
== NULL
) {
334 return NT_STATUS_NO_MEMORY
;
337 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
338 if (!NT_STATUS_IS_OK(status
)) {
342 b
= samr_pipe
->binding_handle
;
344 status
= rpc_query_user(tmp_ctx
,
352 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
353 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
356 TALLOC_FREE(tmp_ctx
);
360 /* get a list of trusted domains - builtin domain */
361 static NTSTATUS
sam_trusted_domains(struct winbindd_domain
*domain
,
363 struct netr_DomainTrustList
*ptrust_list
)
365 struct rpc_pipe_client
*lsa_pipe
;
366 struct policy_handle lsa_policy
;
367 struct netr_DomainTrust
*trusts
= NULL
;
368 uint32_t num_trusts
= 0;
370 NTSTATUS status
, result
;
371 struct dcerpc_binding_handle
*b
= NULL
;
373 DEBUG(3,("samr: trusted domains\n"));
375 ZERO_STRUCT(lsa_policy
);
378 ZERO_STRUCTP(ptrust_list
);
381 tmp_ctx
= talloc_stackframe();
382 if (tmp_ctx
== NULL
) {
383 return NT_STATUS_NO_MEMORY
;
386 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
387 if (!NT_STATUS_IS_OK(status
)) {
391 b
= lsa_pipe
->binding_handle
;
393 status
= rpc_trusted_domains(tmp_ctx
,
398 if (!NT_STATUS_IS_OK(status
)) {
403 ptrust_list
->count
= num_trusts
;
404 ptrust_list
->array
= talloc_move(mem_ctx
, &trusts
);
408 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
409 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
412 TALLOC_FREE(tmp_ctx
);
416 /* Lookup group membership given a rid. */
417 static NTSTATUS
sam_lookup_groupmem(struct winbindd_domain
*domain
,
419 const struct dom_sid
*group_sid
,
420 enum lsa_SidType type
,
421 uint32_t *pnum_names
,
422 struct dom_sid
**psid_mem
,
424 uint32_t **pname_types
)
426 struct rpc_pipe_client
*samr_pipe
;
427 struct policy_handle dom_pol
;
429 uint32_t num_names
= 0;
430 struct dom_sid
*sid_mem
= NULL
;
432 uint32_t *name_types
= NULL
;
435 NTSTATUS status
, result
;
436 struct dcerpc_binding_handle
*b
= NULL
;
438 DEBUG(3,("sam_lookup_groupmem\n"));
440 ZERO_STRUCT(dom_pol
);
443 if (sid_check_is_in_builtin(group_sid
) && (type
!= SID_NAME_ALIAS
)) {
444 /* There's no groups, only aliases in BUILTIN */
445 return NT_STATUS_NO_SUCH_GROUP
;
452 tmp_ctx
= talloc_stackframe();
453 if (tmp_ctx
== NULL
) {
454 return NT_STATUS_NO_MEMORY
;
457 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
458 if (!NT_STATUS_IS_OK(status
)) {
462 b
= samr_pipe
->binding_handle
;
464 status
= rpc_lookup_groupmem(tmp_ctx
,
477 *pnum_names
= num_names
;
481 *pnames
= talloc_move(mem_ctx
, &names
);
485 *pname_types
= talloc_move(mem_ctx
, &name_types
);
489 *psid_mem
= talloc_move(mem_ctx
, &sid_mem
);
493 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
494 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
497 TALLOC_FREE(tmp_ctx
);
501 /*********************************************************************
502 BUILTIN specific functions.
503 *********************************************************************/
505 /* List all domain groups */
506 static NTSTATUS
builtin_enum_dom_groups(struct winbindd_domain
*domain
,
509 struct acct_info
**info
)
511 /* BUILTIN doesn't have domain groups */
517 /* Query display info for a domain */
518 static NTSTATUS
builtin_query_user_list(struct winbindd_domain
*domain
,
521 struct wbint_userinfo
**info
)
523 /* We don't have users */
529 /* Lookup user information from a rid or username. */
530 static NTSTATUS
builtin_query_user(struct winbindd_domain
*domain
,
532 const struct dom_sid
*user_sid
,
533 struct wbint_userinfo
*user_info
)
535 return NT_STATUS_NO_SUCH_USER
;
538 /* get a list of trusted domains - builtin domain */
539 static NTSTATUS
builtin_trusted_domains(struct winbindd_domain
*domain
,
541 struct netr_DomainTrustList
*trusts
)
543 ZERO_STRUCTP(trusts
);
547 /*********************************************************************
549 *********************************************************************/
551 /* List all local groups (aliases) */
552 static NTSTATUS
sam_enum_local_groups(struct winbindd_domain
*domain
,
555 struct acct_info
**pinfo
)
557 struct rpc_pipe_client
*samr_pipe
;
558 struct policy_handle dom_pol
;
559 struct acct_info
*info
= NULL
;
560 uint32_t num_info
= 0;
562 NTSTATUS status
, result
;
563 struct dcerpc_binding_handle
*b
= NULL
;
565 DEBUG(3,("samr: enum local groups\n"));
567 ZERO_STRUCT(dom_pol
);
573 tmp_ctx
= talloc_stackframe();
574 if (tmp_ctx
== NULL
) {
575 return NT_STATUS_NO_MEMORY
;
578 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
579 if (!NT_STATUS_IS_OK(status
)) {
583 b
= samr_pipe
->binding_handle
;
585 status
= rpc_enum_local_groups(mem_ctx
,
590 if (!NT_STATUS_IS_OK(status
)) {
595 *pnum_info
= num_info
;
599 *pinfo
= talloc_move(mem_ctx
, &info
);
603 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
604 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
607 TALLOC_FREE(tmp_ctx
);
611 /* convert a single name to a sid in a domain */
612 static NTSTATUS
sam_name_to_sid(struct winbindd_domain
*domain
,
614 const char *domain_name
,
617 struct dom_sid
*psid
,
618 enum lsa_SidType
*ptype
)
620 struct rpc_pipe_client
*lsa_pipe
;
621 struct policy_handle lsa_policy
;
623 enum lsa_SidType type
;
625 NTSTATUS status
, result
;
626 struct dcerpc_binding_handle
*b
= NULL
;
628 DEBUG(3,("sam_name_to_sid\n"));
630 ZERO_STRUCT(lsa_policy
);
632 tmp_ctx
= talloc_stackframe();
633 if (tmp_ctx
== NULL
) {
634 return NT_STATUS_NO_MEMORY
;
637 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
638 if (!NT_STATUS_IS_OK(status
)) {
642 b
= lsa_pipe
->binding_handle
;
644 status
= rpc_name_to_sid(tmp_ctx
,
652 if (!NT_STATUS_IS_OK(status
)) {
657 sid_copy(psid
, &sid
);
664 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
665 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
668 TALLOC_FREE(tmp_ctx
);
672 /* convert a domain SID to a user or group name */
673 static NTSTATUS
sam_sid_to_name(struct winbindd_domain
*domain
,
675 const struct dom_sid
*sid
,
678 enum lsa_SidType
*ptype
)
680 struct rpc_pipe_client
*lsa_pipe
;
681 struct policy_handle lsa_policy
;
682 char *domain_name
= NULL
;
684 enum lsa_SidType type
;
686 NTSTATUS status
, result
;
687 struct dcerpc_binding_handle
*b
= NULL
;
689 DEBUG(3,("sam_sid_to_name\n"));
691 ZERO_STRUCT(lsa_policy
);
694 if (!sid_check_is_in_builtin(sid
) &&
695 !sid_check_is_in_our_domain(sid
) &&
696 !sid_check_is_in_unix_users(sid
) &&
697 !sid_check_is_unix_users(sid
) &&
698 !sid_check_is_in_unix_groups(sid
) &&
699 !sid_check_is_unix_groups(sid
) &&
700 !sid_check_is_in_wellknown_domain(sid
)) {
701 DEBUG(0, ("sam_sid_to_name: possible deadlock - trying to "
702 "lookup SID %s\n", sid_string_dbg(sid
)));
703 return NT_STATUS_NONE_MAPPED
;
706 tmp_ctx
= talloc_stackframe();
707 if (tmp_ctx
== NULL
) {
708 return NT_STATUS_NO_MEMORY
;
711 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
712 if (!NT_STATUS_IS_OK(status
)) {
716 b
= lsa_pipe
->binding_handle
;
718 status
= rpc_sid_to_name(tmp_ctx
,
732 *pname
= talloc_move(mem_ctx
, &name
);
736 *pdomain_name
= talloc_move(mem_ctx
, &domain_name
);
740 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
741 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
744 TALLOC_FREE(tmp_ctx
);
748 static NTSTATUS
sam_rids_to_names(struct winbindd_domain
*domain
,
750 const struct dom_sid
*domain_sid
,
755 enum lsa_SidType
**ptypes
)
757 struct rpc_pipe_client
*lsa_pipe
;
758 struct policy_handle lsa_policy
;
759 enum lsa_SidType
*types
= NULL
;
760 char *domain_name
= NULL
;
763 NTSTATUS status
, result
;
764 struct dcerpc_binding_handle
*b
= NULL
;
766 DEBUG(3,("sam_rids_to_names for %s\n", domain
->name
));
768 ZERO_STRUCT(lsa_policy
);
771 if (!sid_check_is_builtin(domain_sid
) &&
772 !sid_check_is_domain(domain_sid
) &&
773 !sid_check_is_unix_users(domain_sid
) &&
774 !sid_check_is_unix_groups(domain_sid
) &&
775 !sid_check_is_in_wellknown_domain(domain_sid
)) {
776 DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
777 "lookup SID %s\n", sid_string_dbg(domain_sid
)));
778 return NT_STATUS_NONE_MAPPED
;
781 tmp_ctx
= talloc_stackframe();
782 if (tmp_ctx
== NULL
) {
783 return NT_STATUS_NO_MEMORY
;
786 status
= open_internal_lsa_conn(tmp_ctx
, &lsa_pipe
, &lsa_policy
);
787 if (!NT_STATUS_IS_OK(status
)) {
791 b
= lsa_pipe
->binding_handle
;
793 status
= rpc_rids_to_names(tmp_ctx
,
803 if (!NT_STATUS_IS_OK(status
)) {
808 *pdomain_name
= talloc_move(mem_ctx
, &domain_name
);
812 *ptypes
= talloc_move(mem_ctx
, &types
);
816 *pnames
= talloc_move(mem_ctx
, &names
);
820 if (b
&& is_valid_policy_hnd(&lsa_policy
)) {
821 dcerpc_lsa_Close(b
, mem_ctx
, &lsa_policy
, &result
);
824 TALLOC_FREE(tmp_ctx
);
828 static NTSTATUS
sam_lockout_policy(struct winbindd_domain
*domain
,
830 struct samr_DomInfo12
*lockout_policy
)
832 struct rpc_pipe_client
*samr_pipe
;
833 struct policy_handle dom_pol
;
834 union samr_DomainInfo
*info
= NULL
;
836 NTSTATUS status
, result
;
837 struct dcerpc_binding_handle
*b
= NULL
;
839 DEBUG(3,("sam_lockout_policy\n"));
841 ZERO_STRUCT(dom_pol
);
843 tmp_ctx
= talloc_stackframe();
844 if (tmp_ctx
== NULL
) {
845 return NT_STATUS_NO_MEMORY
;
848 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
849 if (!NT_STATUS_IS_OK(status
)) {
853 b
= samr_pipe
->binding_handle
;
855 status
= dcerpc_samr_QueryDomainInfo(b
,
861 if (!NT_STATUS_IS_OK(status
)) {
864 if (!NT_STATUS_IS_OK(result
)) {
869 *lockout_policy
= info
->info12
;
872 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
873 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
876 TALLOC_FREE(tmp_ctx
);
880 static NTSTATUS
sam_password_policy(struct winbindd_domain
*domain
,
882 struct samr_DomInfo1
*passwd_policy
)
884 struct rpc_pipe_client
*samr_pipe
;
885 struct policy_handle dom_pol
;
886 union samr_DomainInfo
*info
= NULL
;
888 NTSTATUS status
, result
;
889 struct dcerpc_binding_handle
*b
= NULL
;
891 DEBUG(3,("sam_password_policy\n"));
893 ZERO_STRUCT(dom_pol
);
895 tmp_ctx
= talloc_stackframe();
896 if (tmp_ctx
== NULL
) {
897 return NT_STATUS_NO_MEMORY
;
900 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
901 if (!NT_STATUS_IS_OK(status
)) {
905 b
= samr_pipe
->binding_handle
;
907 status
= dcerpc_samr_QueryDomainInfo(b
,
913 if (!NT_STATUS_IS_OK(status
)) {
916 if (!NT_STATUS_IS_OK(result
)) {
921 *passwd_policy
= info
->info1
;
924 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
925 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
928 TALLOC_FREE(tmp_ctx
);
932 /* Lookup groups a user is a member of. */
933 static NTSTATUS
sam_lookup_usergroups(struct winbindd_domain
*domain
,
935 const struct dom_sid
*user_sid
,
936 uint32_t *pnum_groups
,
937 struct dom_sid
**puser_grpsids
)
939 struct rpc_pipe_client
*samr_pipe
;
940 struct policy_handle dom_pol
;
941 struct dom_sid
*user_grpsids
= NULL
;
942 uint32_t num_groups
= 0;
944 NTSTATUS status
, result
;
945 struct dcerpc_binding_handle
*b
= NULL
;
947 DEBUG(3,("sam_lookup_usergroups\n"));
949 ZERO_STRUCT(dom_pol
);
955 tmp_ctx
= talloc_stackframe();
956 if (tmp_ctx
== NULL
) {
957 return NT_STATUS_NO_MEMORY
;
960 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
961 if (!NT_STATUS_IS_OK(status
)) {
965 b
= samr_pipe
->binding_handle
;
967 status
= rpc_lookup_usergroups(tmp_ctx
,
974 if (!NT_STATUS_IS_OK(status
)) {
979 *pnum_groups
= num_groups
;
983 *puser_grpsids
= talloc_move(mem_ctx
, &user_grpsids
);
987 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
988 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
991 TALLOC_FREE(tmp_ctx
);
995 static NTSTATUS
sam_lookup_useraliases(struct winbindd_domain
*domain
,
998 const struct dom_sid
*sids
,
999 uint32_t *pnum_aliases
,
1000 uint32_t **palias_rids
)
1002 struct rpc_pipe_client
*samr_pipe
;
1003 struct policy_handle dom_pol
;
1004 uint32_t num_aliases
= 0;
1005 uint32_t *alias_rids
= NULL
;
1006 TALLOC_CTX
*tmp_ctx
;
1007 NTSTATUS status
, result
;
1008 struct dcerpc_binding_handle
*b
= NULL
;
1010 DEBUG(3,("sam_lookup_useraliases\n"));
1012 ZERO_STRUCT(dom_pol
);
1018 tmp_ctx
= talloc_stackframe();
1019 if (tmp_ctx
== NULL
) {
1020 return NT_STATUS_NO_MEMORY
;
1023 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
1024 if (!NT_STATUS_IS_OK(status
)) {
1028 b
= samr_pipe
->binding_handle
;
1030 status
= rpc_lookup_useraliases(tmp_ctx
,
1037 if (!NT_STATUS_IS_OK(status
)) {
1042 *pnum_aliases
= num_aliases
;
1046 *palias_rids
= talloc_move(mem_ctx
, &alias_rids
);
1050 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
1051 dcerpc_samr_Close(b
, mem_ctx
, &dom_pol
, &result
);
1054 TALLOC_FREE(tmp_ctx
);
1058 /* find the sequence number for a domain */
1059 static NTSTATUS
sam_sequence_number(struct winbindd_domain
*domain
,
1062 struct rpc_pipe_client
*samr_pipe
;
1063 struct policy_handle dom_pol
;
1065 TALLOC_CTX
*tmp_ctx
;
1066 NTSTATUS status
, result
;
1067 struct dcerpc_binding_handle
*b
= NULL
;
1069 DEBUG(3,("samr: sequence number\n"));
1071 ZERO_STRUCT(dom_pol
);
1074 *pseq
= DOM_SEQUENCE_NONE
;
1077 tmp_ctx
= talloc_stackframe();
1078 if (tmp_ctx
== NULL
) {
1079 return NT_STATUS_NO_MEMORY
;
1082 status
= open_internal_samr_conn(tmp_ctx
, domain
, &samr_pipe
, &dom_pol
);
1083 if (!NT_STATUS_IS_OK(status
)) {
1087 b
= samr_pipe
->binding_handle
;
1089 status
= rpc_sequence_number(tmp_ctx
,
1094 if (!NT_STATUS_IS_OK(status
)) {
1102 if (b
&& is_valid_policy_hnd(&dom_pol
)) {
1103 dcerpc_samr_Close(b
, tmp_ctx
, &dom_pol
, &result
);
1106 TALLOC_FREE(tmp_ctx
);
1110 /* the rpc backend methods are exposed via this structure */
1111 struct winbindd_methods builtin_passdb_methods
= {
1112 .consistent
= false,
1114 .query_user_list
= builtin_query_user_list
,
1115 .enum_dom_groups
= builtin_enum_dom_groups
,
1116 .enum_local_groups
= sam_enum_local_groups
,
1117 .name_to_sid
= sam_name_to_sid
,
1118 .sid_to_name
= sam_sid_to_name
,
1119 .rids_to_names
= sam_rids_to_names
,
1120 .query_user
= builtin_query_user
,
1121 .lookup_usergroups
= sam_lookup_usergroups
,
1122 .lookup_useraliases
= sam_lookup_useraliases
,
1123 .lookup_groupmem
= sam_lookup_groupmem
,
1124 .sequence_number
= sam_sequence_number
,
1125 .lockout_policy
= sam_lockout_policy
,
1126 .password_policy
= sam_password_policy
,
1127 .trusted_domains
= builtin_trusted_domains
1130 /* the rpc backend methods are exposed via this structure */
1131 struct winbindd_methods sam_passdb_methods
= {
1132 .consistent
= false,
1134 .query_user_list
= sam_query_user_list
,
1135 .enum_dom_groups
= sam_enum_dom_groups
,
1136 .enum_local_groups
= sam_enum_local_groups
,
1137 .name_to_sid
= sam_name_to_sid
,
1138 .sid_to_name
= sam_sid_to_name
,
1139 .rids_to_names
= sam_rids_to_names
,
1140 .query_user
= sam_query_user
,
1141 .lookup_usergroups
= sam_lookup_usergroups
,
1142 .lookup_useraliases
= sam_lookup_useraliases
,
1143 .lookup_groupmem
= sam_lookup_groupmem
,
1144 .sequence_number
= sam_sequence_number
,
1145 .lockout_policy
= sam_lockout_policy
,
1146 .password_policy
= sam_password_policy
,
1147 .trusted_domains
= sam_trusted_domains