diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/winbindd/winbindd_cache.c | 6 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 82 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 5 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_samr.c | 91 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 16 |
5 files changed, 87 insertions, 113 deletions
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 9c4b5bd4e8..264e75c8bd 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -120,13 +120,15 @@ static struct winbind_cache *get_cache(struct winbindd_domain *domain) if (domain->internal) { domain->backend = &builtin_passdb_methods; - domain->initialized = True; + } + + if (dom_sid_equal(&domain->sid, &global_sid_Builtin)) { + domain->initialized = true; } if (strequal(domain->name, get_global_sam_name()) && sid_check_is_our_sam(&domain->sid)) { domain->backend = &sam_passdb_methods; - domain->initialized = True; } if ( !domain->initialized ) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index be13a57e9e..a8ace52472 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -80,6 +80,8 @@ #include "../libcli/smb/smbXcli_base.h" #include "lib/param/loadparm.h" #include "libcli/auth/netlogon_creds_cli.h" +#include "auth.h" +#include "rpc_server/rpc_ncacn_np.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -1607,6 +1609,47 @@ done: return ret; } +NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx, + const struct ndr_interface_table *table, + struct rpc_pipe_client **ret_pipe) +{ + struct rpc_pipe_client *cli = NULL; + const struct auth_session_info *session_info; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + + + session_info = get_session_info_system(); + SMB_ASSERT(session_info != NULL); + + /* create a connection to the specified pipe */ + if (lp_parm_bool(-1, "winbindd", "use external pipes", false)) { + status = rpc_pipe_open_interface(mem_ctx, + table, + session_info, + NULL, + winbind_messaging_context(), + &cli); + } else { + status = rpc_pipe_open_internal(mem_ctx, + &table->syntax_id, + session_info, + NULL, + winbind_messaging_context(), + &cli); + } + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("open_internal_pipe: Could not connect to %s pipe: %s\n", + table->name, nt_errstr(status))); + return status; + } + + if (ret_pipe) { + *ret_pipe = cli; + } + + return NT_STATUS_OK; +} + static NTSTATUS cm_open_connection(struct winbindd_domain *domain, struct winbindd_cm_conn *new_conn) { @@ -1893,12 +1936,12 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain) NTSTATUS result; /* Internal connections never use the network. */ - if (domain->internal) { - domain->initialized = True; - return NT_STATUS_OK; + if (dom_sid_equal(&domain->sid, &global_sid_Builtin)) { + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - if (connection_ok(domain)) { + /* Still ask the internal LSA and SAMR server about the local domain */ + if (domain->internal || connection_ok(domain)) { if (!domain->initialized) { set_dc_type_and_flags(domain); } @@ -1918,7 +1961,7 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain) NTSTATUS init_dc_connection(struct winbindd_domain *domain) { - if (domain->internal) { + if (dom_sid_equal(&domain->sid, &global_sid_Builtin)) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -2081,7 +2124,7 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain ) union dssetup_DsRoleInfo info; union lsa_PolicyInformation *lsa_info = NULL; - if (!connection_ok(domain)) { + if (!domain->internal && !connection_ok(domain)) { return; } @@ -2094,9 +2137,15 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain ) DEBUG(5, ("set_dc_type_and_flags_connect: domain %s\n", domain->name )); - status = cli_rpc_pipe_open_noauth(domain->conn.cli, - &ndr_table_dssetup, - &cli); + if (domain->internal) { + status = wb_open_internal_pipe(mem_ctx, + &ndr_table_dssetup, + &cli); + } else { + status = cli_rpc_pipe_open_noauth(domain->conn.cli, + &ndr_table_dssetup, + &cli); + } if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to " @@ -2145,9 +2194,14 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain ) } no_dssetup: - status = cli_rpc_pipe_open_noauth(domain->conn.cli, - &ndr_table_lsarpc, &cli); - + if (domain->internal) { + status = wb_open_internal_pipe(mem_ctx, + &ndr_table_lsarpc, + &cli); + } else { + status = cli_rpc_pipe_open_noauth(domain->conn.cli, + &ndr_table_lsarpc, &cli); + } if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to " "PI_LSARPC on domain %s: (%s)\n", @@ -2267,9 +2321,9 @@ static void set_dc_type_and_flags( struct winbindd_domain *domain ) { /* we always have to contact our primary domain */ - if ( domain->primary ) { + if ( domain->primary || domain->internal) { DEBUG(10,("set_dc_type_and_flags: setting up flags for " - "primary domain\n")); + "primary or internal domain\n")); set_dc_type_and_flags_connect( domain ); return; } diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 33a70821b1..65553f70ed 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -163,6 +163,11 @@ void winbind_msg_domain_online(struct messaging_context *msg_ctx, void set_domain_offline(struct winbindd_domain *domain); void set_domain_online_request(struct winbindd_domain *domain); + +struct ndr_interface_table; +NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx, + const struct ndr_interface_table *table, + struct rpc_pipe_client **ret_pipe); void invalidate_cm_connection(struct winbindd_cm_conn *conn); void close_conns_after_fork(void); NTSTATUS init_dc_connection(struct winbindd_domain *domain); diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c index 8a71700808..888ce648a4 100644 --- a/source3/winbindd/winbindd_samr.c +++ b/source3/winbindd/winbindd_samr.c @@ -39,50 +39,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -static NTSTATUS open_internal_samr_pipe(TALLOC_CTX *mem_ctx, - struct rpc_pipe_client **samr_pipe) -{ - struct rpc_pipe_client *cli = NULL; - struct auth_session_info *session_info = NULL; - NTSTATUS status; - - status = make_session_info_system(mem_ctx, &session_info); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("open_samr_pipe: Could not create auth_session_info: %s\n", - nt_errstr(status))); - return status; - } - - /* create a samr connection */ - if (lp_parm_bool(-1, "winbindd", "use external pipes", false)) { - status = rpc_pipe_open_interface(mem_ctx, - &ndr_table_samr, - session_info, - NULL, - winbind_messaging_context(), - &cli); - } else { - status = rpc_pipe_open_internal(mem_ctx, - &ndr_table_samr.syntax_id, - session_info, - NULL, - winbind_messaging_context(), - &cli); - } - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("open_samr_pipe: Could not connect to samr_pipe: %s\n", - nt_errstr(status))); - return status; - } - - if (samr_pipe) { - *samr_pipe = cli; - } - - return NT_STATUS_OK; -} - NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, struct rpc_pipe_client **samr_pipe, @@ -92,7 +48,7 @@ NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx, struct policy_handle samr_connect_hnd; struct dcerpc_binding_handle *b; - status = open_internal_samr_pipe(mem_ctx, samr_pipe); + status = wb_open_internal_pipe(mem_ctx, &ndr_table_samr, samr_pipe); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -124,56 +80,13 @@ NTSTATUS open_internal_samr_conn(TALLOC_CTX *mem_ctx, return result; } -static NTSTATUS open_internal_lsa_pipe(TALLOC_CTX *mem_ctx, - struct rpc_pipe_client **lsa_pipe) -{ - struct rpc_pipe_client *cli = NULL; - struct auth_session_info *session_info = NULL; - NTSTATUS status; - - status = make_session_info_system(mem_ctx, &session_info); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("open_lsa_pipe: Could not create auth_session_info: %s\n", - nt_errstr(status))); - return status; - } - - /* create a lsa connection */ - if (lp_parm_bool(-1, "winbindd", "use external pipes", false)) { - status = rpc_pipe_open_interface(mem_ctx, - &ndr_table_lsarpc, - session_info, - NULL, - winbind_messaging_context(), - &cli); - } else { - status = rpc_pipe_open_internal(mem_ctx, - &ndr_table_lsarpc.syntax_id, - session_info, - NULL, - winbind_messaging_context(), - &cli); - } - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("open_lsa_pipe: Could not connect to lsa_pipe: %s\n", - nt_errstr(status))); - return status; - } - - if (lsa_pipe) { - *lsa_pipe = cli; - } - - return NT_STATUS_OK; -} - static NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx, struct rpc_pipe_client **lsa_pipe, struct policy_handle *lsa_hnd) { NTSTATUS status; - status = open_internal_lsa_pipe(mem_ctx, lsa_pipe); + status = wb_open_internal_pipe(mem_ctx, &ndr_table_lsarpc, lsa_pipe); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index a00fe14e85..4e8ab92c00 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -576,11 +576,7 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai fstrcpy(domain->dcname, state->request->data.init_conn.dcname); } - if (domain->internal) { - domain->initialized = true; - } else { - init_dc_connection(domain); - } + init_dc_connection(domain); if (!domain->initialized) { /* If we return error here we can't do any cached authentication, @@ -621,9 +617,13 @@ bool init_domain_list(void) /* Local SAM */ - (void)add_trusted_domain(get_global_sam_name(), NULL, - &cache_methods, get_global_sam_sid()); - + if ( role == ROLE_ACTIVE_DIRECTORY_DC ) { + (void)add_trusted_domain(get_global_sam_name(), lp_dnsdomain(), + &cache_methods, get_global_sam_sid()); + } else { + (void)add_trusted_domain(get_global_sam_name(), NULL, + &cache_methods, get_global_sam_sid()); + } /* Add ourselves as the first entry. */ if ( role == ROLE_DOMAIN_MEMBER ) { |