bool sid_check_is_in_our_domain(const struct dom_sid *sid)
{
struct dom_sid dom_sid;
sid_copy(&dom_sid, sid);
sid_split_rid(&dom_sid, NULL);
return sid_check_is_domain(&dom_sid);
}
bool sid_check_is_in_our_domain(const DOM_SID *sid)
{
DOM_SID dom_sid;
uint32 rid;
sid_copy(&dom_sid, sid);
sid_split_rid(&dom_sid, &rid);
return sid_check_is_domain(&dom_sid);
}
static void wb_next_pwent_fetch_done(struct tevent_req *subreq)
{
struct tevent_req *req = tevent_req_callback_data(
subreq, struct tevent_req);
struct wb_next_pwent_state *state = tevent_req_data(
req, struct wb_next_pwent_state);
NTSTATUS status;
status = wb_query_user_list_recv(subreq, state->gstate,
&state->gstate->num_users,
&state->gstate->users);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
/* Ignore errors here, just log it */
DEBUG(10, ("query_user_list for domain %s returned %s\n",
state->gstate->domain->name,
nt_errstr(status)));
state->gstate->num_users = 0;
}
if (state->gstate->num_users == 0) {
state->gstate->domain = state->gstate->domain->next;
if ((state->gstate->domain != NULL)
&& sid_check_is_domain(&state->gstate->domain->sid)) {
state->gstate->domain = state->gstate->domain->next;
}
if (state->gstate->domain == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_MORE_ENTRIES);
return;
}
subreq = wb_query_user_list_send(state, state->ev,
state->gstate->domain);
if (tevent_req_nomem(subreq, req)) {
return;
}
tevent_req_set_callback(subreq, wb_next_pwent_fetch_done, req);
return;
}
state->gstate->next_user = 0;
subreq = wb_fill_pwent_send(
state, state->ev,
&state->gstate->users[state->gstate->next_user],
state->pw);
if (tevent_req_nomem(subreq, req)) {
return;
}
tevent_req_set_callback(subreq, wb_next_pwent_fill_done, req);
}
static struct winbindd_domain *wb_next_find_domain(struct winbindd_domain *domain)
{
if (domain == NULL) {
domain = domain_list();
} else {
domain = domain->next;
}
if ((domain != NULL)
&& sid_check_is_domain(&domain->sid)) {
domain = domain->next;
}
return domain;
}
static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *domain_sid,
uint32 *rids,
size_t num_rids,
char **pdomain_name,
char ***pnames,
enum lsa_SidType **ptypes)
{
struct rpc_pipe_client *lsa_pipe;
struct policy_handle lsa_policy;
enum lsa_SidType *types = NULL;
char *domain_name = NULL;
char **names = NULL;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("sam_rids_to_names for %s\n", domain->name));
ZERO_STRUCT(lsa_policy);
/* Paranoia check */
if (!sid_check_is_builtin(domain_sid) &&
!sid_check_is_domain(domain_sid) &&
!sid_check_is_unix_users(domain_sid) &&
!sid_check_is_unix_groups(domain_sid) &&
!sid_check_is_in_wellknown_domain(domain_sid)) {
DEBUG(0, ("sam_rids_to_names: possible deadlock - trying to "
"lookup SID %s\n", sid_string_dbg(domain_sid)));
return NT_STATUS_NONE_MAPPED;
}
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = open_internal_lsa_conn(tmp_ctx, &lsa_pipe, &lsa_policy);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
b = lsa_pipe->binding_handle;
status = rpc_rids_to_names(tmp_ctx,
lsa_pipe,
&lsa_policy,
domain,
domain_sid,
rids,
num_rids,
&domain_name,
&names,
&types);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
if (pdomain_name) {
*pdomain_name = talloc_move(mem_ctx, &domain_name);
}
if (ptypes) {
*ptypes = talloc_move(mem_ctx, &types);
}
if (pnames) {
*pnames = talloc_move(mem_ctx, &names);
}
done:
if (b && is_valid_policy_hnd(&lsa_policy)) {
dcerpc_lsa_Close(b, mem_ctx, &lsa_policy, &result);
}
TALLOC_FREE(tmp_ctx);
return status;
}
